From 580d25b79f238a3b8b3bed8aff68071d8776240c Mon Sep 17 00:00:00 2001 From: Fabre Florian Date: Wed, 1 Oct 2025 07:18:26 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(backend)=20tool=20for=20valid=20fe?= =?UTF-8?q?rnet=20key=20used=20in=20OIDC=20token=20storage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add bin/fernetkey that generates a key for the OIDC_STORE_REFRESH_TOKEN_KEY setting. Signed-off-by: Fabre Florian --- bin/fernetkey | 6 +++++ env.d/development/common | 9 ++++--- .../core/tests/test_models_documents.py | 26 ++++++++++++++----- 3 files changed, 32 insertions(+), 9 deletions(-) create mode 100755 bin/fernetkey diff --git a/bin/fernetkey b/bin/fernetkey new file mode 100755 index 00000000..8bbac109 --- /dev/null +++ b/bin/fernetkey @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +# shellcheck source=bin/_config.sh +source "$(dirname "${BASH_SOURCE[0]}")/_config.sh" + +_dc_run app-dev python -c 'from cryptography.fernet import Fernet;import sys; sys.stdout.write("\n" + Fernet.generate_key().decode() + "\n");' diff --git a/env.d/development/common b/env.d/development/common index eb5b0c54..839bc246 100644 --- a/env.d/development/common +++ b/env.d/development/common @@ -50,9 +50,12 @@ OIDC_REDIRECT_ALLOWED_HOSTS=["http://localhost:8083", "http://localhost:3000"] OIDC_AUTH_REQUEST_EXTRA_PARAMS={"acr_values": "eidas1"} # Store OIDC tokens in the session -OIDC_STORE_ACCESS_TOKEN = True # Store the access token in the session -OIDC_STORE_REFRESH_TOKEN = True # Store the encrypted refresh token in the session -OIDC_STORE_REFRESH_TOKEN_KEY = ThisIsAnExampleKeyForDevPurposeOnly +OIDC_STORE_ACCESS_TOKEN = True +OIDC_STORE_REFRESH_TOKEN = True # Store the encrypted refresh token in the session. + +# Must be a valid Fernet key (32 url-safe base64-encoded bytes) +# To create one, use the bin/fernetkey command. +# OIDC_STORE_REFRESH_TOKEN_KEY="your-32-byte-encryption-key==" # AI AI_FEATURE_ENABLED=true diff --git a/src/backend/core/tests/test_models_documents.py b/src/backend/core/tests/test_models_documents.py index 48bda0cd..91f41707 100644 --- a/src/backend/core/tests/test_models_documents.py +++ b/src/backend/core/tests/test_models_documents.py @@ -1713,9 +1713,16 @@ def test_models_documents_post_save_indexer_deleted(mock_push, indexer_settings) user = factories.UserFactory() with transaction.atomic(): - doc = factories.DocumentFactory() - doc_deleted = factories.DocumentFactory() - doc_ancestor_deleted = factories.DocumentFactory(parent=doc_deleted) + doc = factories.DocumentFactory( + link_reach=models.LinkReachChoices.AUTHENTICATED + ) + doc_deleted = factories.DocumentFactory( + link_reach=models.LinkReachChoices.AUTHENTICATED + ) + doc_ancestor_deleted = factories.DocumentFactory( + parent=doc_deleted, + link_reach=models.LinkReachChoices.AUTHENTICATED, + ) doc_deleted.soft_delete() doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at @@ -1768,9 +1775,16 @@ def test_models_documents_post_save_indexer_restored(mock_push, indexer_settings user = factories.UserFactory() with transaction.atomic(): - doc = factories.DocumentFactory() - doc_deleted = factories.DocumentFactory() - doc_ancestor_deleted = factories.DocumentFactory(parent=doc_deleted) + doc = factories.DocumentFactory( + link_reach=models.LinkReachChoices.AUTHENTICATED + ) + doc_deleted = factories.DocumentFactory( + link_reach=models.LinkReachChoices.AUTHENTICATED + ) + doc_ancestor_deleted = factories.DocumentFactory( + parent=doc_deleted, + link_reach=models.LinkReachChoices.AUTHENTICATED, + ) doc_deleted.soft_delete() doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at