Merge pull request #162 from maykinmedia/hotfix/use-plugin-in-init-flow

Hotfix: use plugin in init flow redirect

Author: sergei-maertens

mozilla_django_oidc_db/middleware.py

@@ -7,10 +7,10 @@
 from .config import (
     BadRequest,
     dynamic_setting,
-    get_setting_from_config,
     lookup_config,
 )
 from .models import OIDCClient
+from .registry import register as registry
 
 
 class SessionRefresh(BaseSessionRefresh):
@@ -50,7 +50,8 @@ def get_settings(self, attr: str, *args: Any) -> Any:  # type: ignore
         if (config := getattr(self, "_config", None)) is None:
             raise BadRequest("No config object was set from the request")
 
-        return get_setting_from_config(config, attr, *args)
+        plugin = registry[config.identifier]
+        return plugin.get_setting(attr, *args)
 
     def _set_config_from_request(self, request):
         self._config = lookup_config(request)

mozilla_django_oidc_db/views.py

@@ -20,7 +20,6 @@
 from .config import get_setting_from_config, lookup_config, store_config
 from .constants import OIDC_ADMIN_CONFIG_IDENTIFIER
 from .exceptions import OIDCProviderOutage
-from .models import OIDCClient
 from .registry import register as registry
 from .typing import GetParams
 
@@ -258,15 +257,16 @@ def get(
 
     def get_settings(self, attr: str, *args: Any) -> Any:  # type: ignore
         """
-        Look up the request setting from the database config.
+        Look up the requested setting from the plugin, which defers to the DB config.
 
-        For the duration of the request, the configuration instance is cached on the
+        For the duration of the request, the plugin instance is cached on the
         view.
         """
-        if (config := getattr(self, "_config", None)) is None:
-            config = OIDCClient.objects.get(identifier=self.identifier)
-            self._config = config
-        return get_setting_from_config(config, attr, *args)
+        if (plugin := getattr(self, "_plugin", None)) is None:
+            plugin = registry[self.identifier]
+            plugin.validate_settings()
+            self.plugin = plugin
+        return plugin.get_setting(attr, *args)
 
     @staticmethod
     def _validate_return_url(request: HttpRequest, return_url: str) -> None:

tests/test_init_flow.py

@@ -2,6 +2,7 @@
 Test the OIDC Authenticaton Request flow with our custom views.
 """
 
+from typing import Any
 from urllib.parse import parse_qs, urlsplit
 
 from django.http import HttpRequest, HttpResponseRedirect
@@ -105,3 +106,28 @@ def get_extra_params(
     query = parse_qs(parsed_url.query)
 
     assert query["scope"] == ["not-email and-extra"]
+
+
+@oidcconfig()
+@auth_request
+def test_override_callback_url_plugin_settings_used(dummy_config, auth_request):
+    @register("test-settings-override")
+    class SettingsOverridePlugin(OIDCAdminPlugin):
+        def get_setting(self, attr: str, *args) -> Any:
+            if attr.lower() == "oidc_authentication_callback_url":
+                return "admin:index"
+            return super().get_setting(attr, *args)
+
+    OIDCClientFactory.create(identifier="test-settings-override")
+    oidc_init = OIDCAuthenticationRequestInitView.as_view(
+        identifier="test-settings-override"
+    )
+
+    redirect_response = oidc_init(auth_request)
+
+    assert redirect_response.status_code == 302
+    assert isinstance(redirect_response, HttpResponseRedirect)
+
+    parsed_url = urlsplit(redirect_response.url)
+    query = parse_qs(parsed_url.query)
+    assert query["redirect_uri"] == ["http://testserver/admin/"]