- Django's request.get_host() use X_FORWARDED_HOST when appropriate and falls
back to HTTP_HOST. In case of FreedomBox due to 'ProxyPreserveHost On' in Apache
configuration, both the values are the same. So, it makes no difference.
- Also document the need for 'ProxyPreserveHost On' in another validation.
Tests:
- Log the value of request_host, request.META['HTTP_HOST'], and
request.META['X_FORWARDED_HOST'] in DiscoverIDPView:get(). All the values are
same when accessing with IP address value not starting with 127.0.0.1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Add a component to easily manage registration of client applications.
Tests:
- Package build is successful has dependency on python3-django-auto-toolkit
- python3-django-oauth-toolkit can be installed on stable, testing and unstable
containers
- /.well-known/openid-configuration and /.well-known/jwks.json are servered
properly.
- /o/ URLs don't require login to access
- When logging in list of claims includes 'sub', email, freedombox_groups.
- Logging in using IP address works. Also works with a port.
- Logging in using 127.0.0.1 address works. Also works with a port.
- Logging in using localhost works. Also works with a port.
- Logging in with IPv6 address works. Also works with a port.
- Logging in with IPv6 [::1] address works. Also works with a port.
- Logging in with IPv6 link-local address with zone ID is not possible (as
browsers don't support them).
- When authorization page is enabled, scopes show description as expected.
- When domain name is added/removed, all OIDC components are updated with
expected domains
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
