🛂(backend) request given and usual name scopes from ProConnect

Request the necessary scopes from ProConnect service. Update configurations in every environments. Note: ask given_name and usual_name scopes to get users' info. (these scopes should be granted by default by ProConnect when requesting a client id client secret)
2024-11-15 23:30:30 +01:00
parent 82bb5f0f8b
commit dcba3330f7
5 changed files with 12 additions and 12 deletions
--- a/src/backend/core/tests/authentication/test_backends.py
+++ b/src/backend/core/tests/authentication/test_backends.py
@@ -95,7 +95,7 @@ def test_authentication_getter_new_user_with_names(monkeypatch, email):
    klass = OIDCAuthenticationBackend()

    def get_userinfo_mocked(*args):
-        return {"sub": "123", "first_name": "John", "last_name": "Doe", "email": email}
+        return {"sub": "123", "given_name": "John", "usual_name": "Doe", "email": email}

    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)

@@ -315,7 +315,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se


@pytest.mark.parametrize(
-    "first_name, last_name, email",
+    "given_name, usual_name, email",
    [
        ("Jack", "Doe", "john.doe@example.com"),
        ("John", "Duy", "john.doe@example.com"),
@@ -324,7 +324,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se
    ],
 )
 def test_authentication_getter_existing_user_change_fields(
-    first_name, last_name, email, django_assert_num_queries, monkeypatch
+    given_name, usual_name, email, django_assert_num_queries, monkeypatch
 ):
    """It should update the email or name fields on the user when they change."""

@@ -337,8 +337,8 @@ def test_authentication_getter_existing_user_change_fields(
        return {
            "sub": user.sub,
            "email": email,
-            "first_name": first_name,
-            "last_name": last_name,
+            "given_name": given_name,
+            "usual_name": usual_name,
        }

    monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
@@ -352,8 +352,8 @@ def test_authentication_getter_existing_user_change_fields(
    assert user == authenticated_user
    user.refresh_from_db()
    assert user.email == email
-    assert user.full_name == f"{first_name:s} {last_name:s}"
-    assert user.short_name == first_name
+    assert user.full_name == f"{given_name:s} {usual_name:s}"
+    assert user.short_name == given_name


@pytest.mark.parametrize(
--- a/src/backend/meet/settings.py
+++ b/src/backend/meet/settings.py
@@ -391,12 +391,12 @@ class Base(Configuration):
        "returnTo", environ_name="OIDC_REDIRECT_FIELD_NAME", environ_prefix=None
    )
    OIDC_USERINFO_FULLNAME_FIELDS = values.ListValue(
-        default=["first_name", "last_name"],
+        default=["given_name", "usual_name"],
        environ_name="OIDC_USERINFO_FULLNAME_FIELDS",
        environ_prefix=None,
    )
    OIDC_USERINFO_SHORTNAME_FIELD = values.Value(
-        default="first_name",
+        default="given_name",
        environ_name="OIDC_USERINFO_SHORTNAME_FIELD",
        environ_prefix=None,
    )
--- a/src/helm/env.d/dev/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -24,7 +24,7 @@ backend:
    OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
    OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
    OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email"
+    OIDC_RP_SCOPES: "openid email given_name usual_name"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io
--- a/src/helm/env.d/production/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/production/values.meet.yaml.gotmpl
@@ -42,7 +42,7 @@ backend:
        name: backend
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email"
+    OIDC_RP_SCOPES: "openid email given_name usual_name"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr
--- a/src/helm/env.d/staging/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.meet.yaml.gotmpl
@@ -41,7 +41,7 @@ backend:
        name: backend
        key: OIDC_RP_CLIENT_SECRET
    OIDC_RP_SIGN_ALGO: RS256
-    OIDC_RP_SCOPES: "openid email"
+    OIDC_RP_SCOPES: "openid email given_name usual_name"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://visio-staging.beta.numerique.gouv.fr
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    LOGIN_REDIRECT_URL: https://visio-staging.beta.numerique.gouv.fr