From d13d2c6dda62ae7b12f41515960cb5762a654433 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 31 Aug 2021 14:36:14 +0530 Subject: [PATCH] Introduced OAUTH2_SCOPE variable for the Oauth2 scope configuration. Fixes #6627 --- docs/en_US/oauth2.rst | 1 + docs/en_US/release_notes_5_7.rst | 1 + web/config.py | 3 +++ web/pgadmin/authenticate/oauth2.py | 4 +++- web/pgadmin/browser/tests/test_oauth2_with_mocking.py | 1 + 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/en_US/oauth2.rst b/docs/en_US/oauth2.rst index 8947b509e..4cc2628f5 100644 --- a/docs/en_US/oauth2.rst +++ b/docs/en_US/oauth2.rst @@ -30,6 +30,7 @@ and modify the values for the following parameters: "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization" "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*" "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github) and *useinfo* (for google)" + "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile." "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button, ex: fa-github" "OAUTH2_BUTTON_COLOR", "Oauth2 button color" "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically diff --git a/docs/en_US/release_notes_5_7.rst b/docs/en_US/release_notes_5_7.rst index 447c91a13..96091d091 100644 --- a/docs/en_US/release_notes_5_7.rst +++ b/docs/en_US/release_notes_5_7.rst @@ -31,6 +31,7 @@ Bug fixes | `Issue #6564 `_ - Fixed an issue where columns with sequences get altered unnecessarily with a schema diff tool. | `Issue #6570 `_ - Ensure that the lock panel should not be blocked for larger records. | `Issue #6572 `_ - Partially fixes the data output panel display issue. +| `Issue #6627 `_ - Introduced OAUTH2_SCOPE variable for the Oauth2 scope configuration. | `Issue #6641 `_ - Enables pgAdmin to retrieve user permissions in case of nested roles which helps to terminate the session for AWS RDS. | `Issue #6663 `_ - Fixed no attribute '_asdict' error when connecting the database server. | `Issue #6668 `_ - Fixed errors related to HTML tags shown in the error message for JSON editor. diff --git a/web/config.py b/web/config.py index d797e26f7..3f9945173 100644 --- a/web/config.py +++ b/web/config.py @@ -710,6 +710,9 @@ OAUTH2_CONFIG = [ 'OAUTH2_API_BASE_URL': None, # Name of the Endpoint, ex: user 'OAUTH2_USERINFO_ENDPOINT': None, + # Oauth scope, ex: 'openid email profile' + # Note that an 'email' claim is required in the resulting profile + 'OAUTH2_SCOPE': None, # Font-awesome icon, ex: fa-github 'OAUTH2_ICON': None, # UI button colour, ex: #0000ff diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 91903165a..b7b236bbf 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -104,7 +104,9 @@ class OAuth2Authentication(BaseAuthentication): access_token_url=oauth2_config['OAUTH2_TOKEN_URL'], authorize_url=oauth2_config['OAUTH2_AUTHORIZATION_URL'], api_base_url=oauth2_config['OAUTH2_API_BASE_URL'], - client_kwargs={'scope': 'email profile'} + client_kwargs={'scope': oauth2_config.get( + 'OAUTH2_SCOPE', 'email profile')}, + ) def get_source_name(self): diff --git a/web/pgadmin/browser/tests/test_oauth2_with_mocking.py b/web/pgadmin/browser/tests/test_oauth2_with_mocking.py index b170720a8..71706ebe6 100644 --- a/web/pgadmin/browser/tests/test_oauth2_with_mocking.py +++ b/web/pgadmin/browser/tests/test_oauth2_with_mocking.py @@ -58,6 +58,7 @@ class Oauth2LoginMockTestCase(BaseTestGenerator): 'https://github.com/login/oauth/authorize', 'OAUTH2_API_BASE_URL': 'https://api.github.com/', 'OAUTH2_USERINFO_ENDPOINT': 'user', + 'OAUTH2_SCOPE': 'email profile', 'OAUTH2_ICON': 'fa-github', 'OAUTH2_BUTTON_COLOR': '#3253a8', }