From dcba3330f71f29b7fcbbfab5fbe752cc2f14396d Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Fri, 15 Nov 2024 23:30:30 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=82(backend)=20request=20given=20and?= =?UTF-8?q?=20usual=20name=20scopes=20from=20ProConnect?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Request the necessary scopes from ProConnect service. Update configurations in every environments. Note: ask given_name and usual_name scopes to get users' info. (these scopes should be granted by default by ProConnect when requesting a client id client secret) --- .../core/tests/authentication/test_backends.py | 14 +++++++------- src/backend/meet/settings.py | 4 ++-- src/helm/env.d/dev/values.meet.yaml.gotmpl | 2 +- src/helm/env.d/production/values.meet.yaml.gotmpl | 2 +- src/helm/env.d/staging/values.meet.yaml.gotmpl | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/backend/core/tests/authentication/test_backends.py b/src/backend/core/tests/authentication/test_backends.py index 1a27ead5..280caa37 100644 --- a/src/backend/core/tests/authentication/test_backends.py +++ b/src/backend/core/tests/authentication/test_backends.py @@ -95,7 +95,7 @@ def test_authentication_getter_new_user_with_names(monkeypatch, email): klass = OIDCAuthenticationBackend() def get_userinfo_mocked(*args): - return {"sub": "123", "first_name": "John", "last_name": "Doe", "email": email} + return {"sub": "123", "given_name": "John", "usual_name": "Doe", "email": email} monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked) @@ -315,7 +315,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se @pytest.mark.parametrize( - "first_name, last_name, email", + "given_name, usual_name, email", [ ("Jack", "Doe", "john.doe@example.com"), ("John", "Duy", "john.doe@example.com"), @@ -324,7 +324,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se ], ) def test_authentication_getter_existing_user_change_fields( - first_name, last_name, email, django_assert_num_queries, monkeypatch + given_name, usual_name, email, django_assert_num_queries, monkeypatch ): """It should update the email or name fields on the user when they change.""" @@ -337,8 +337,8 @@ def test_authentication_getter_existing_user_change_fields( return { "sub": user.sub, "email": email, - "first_name": first_name, - "last_name": last_name, + "given_name": given_name, + "usual_name": usual_name, } monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked) @@ -352,8 +352,8 @@ def test_authentication_getter_existing_user_change_fields( assert user == authenticated_user user.refresh_from_db() assert user.email == email - assert user.full_name == f"{first_name:s} {last_name:s}" - assert user.short_name == first_name + assert user.full_name == f"{given_name:s} {usual_name:s}" + assert user.short_name == given_name @pytest.mark.parametrize( diff --git a/src/backend/meet/settings.py b/src/backend/meet/settings.py index e81448bf..8ebe3624 100755 --- a/src/backend/meet/settings.py +++ b/src/backend/meet/settings.py @@ -391,12 +391,12 @@ class Base(Configuration): "returnTo", environ_name="OIDC_REDIRECT_FIELD_NAME", environ_prefix=None ) OIDC_USERINFO_FULLNAME_FIELDS = values.ListValue( - default=["first_name", "last_name"], + default=["given_name", "usual_name"], environ_name="OIDC_USERINFO_FULLNAME_FIELDS", environ_prefix=None, ) OIDC_USERINFO_SHORTNAME_FIELD = values.Value( - default="first_name", + default="given_name", environ_name="OIDC_USERINFO_SHORTNAME_FIELD", environ_prefix=None, ) diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl index 6ba17f7d..2becf71d 100644 --- a/src/helm/env.d/dev/values.meet.yaml.gotmpl +++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl @@ -24,7 +24,7 @@ backend: OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email given_name usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io diff --git a/src/helm/env.d/production/values.meet.yaml.gotmpl b/src/helm/env.d/production/values.meet.yaml.gotmpl index 0747ead8..ef697663 100644 --- a/src/helm/env.d/production/values.meet.yaml.gotmpl +++ b/src/helm/env.d/production/values.meet.yaml.gotmpl @@ -42,7 +42,7 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email given_name usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr diff --git a/src/helm/env.d/staging/values.meet.yaml.gotmpl b/src/helm/env.d/staging/values.meet.yaml.gotmpl index 34af9a60..9f835174 100644 --- a/src/helm/env.d/staging/values.meet.yaml.gotmpl +++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl @@ -41,7 +41,7 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email" + OIDC_RP_SCOPES: "openid email given_name usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://visio-staging.beta.numerique.gouv.fr OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" LOGIN_REDIRECT_URL: https://visio-staging.beta.numerique.gouv.fr