studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🛂(backend) request given and usual name scopes from ProConnect

Browse Source 
Request the necessary scopes from ProConnect service.
Update configurations in every environments.

Note: ask given_name and usual_name scopes to get users' info.

(these scopes should be granted by default by ProConnect when
requesting a client id client secret)
This commit is contained in:
lebaudantoine
2024-11-15 23:30:30 +01:00
committed by aleb_the_flash
parent 82bb5f0f8b
commit dcba3330f7
5 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/backend/core/tests/authentication/test_backends.py
View File

@@ -95,7 +95,7 @@ def test_authentication_getter_new_user_with_names(monkeypatch, email):
klass = OIDCAuthenticationBackend() klass = OIDCAuthenticationBackend()
def get_userinfo_mocked(*args): def get_userinfo_mocked(*args):
return {"sub": "123", "first_name": "John", "last_name": "Doe", "email": email} return {"sub": "123", "given_name": "John", "usual_name": "Doe", "email": email}
monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked) monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
@@ -315,7 +315,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se
@pytest.mark.parametrize( @pytest.mark.parametrize(
"first_name, last_name, email", "given_name, usual_name, email",
[ [
("Jack", "Doe", "john.doe@example.com"), ("Jack", "Doe", "john.doe@example.com"),
("John", "Duy", "john.doe@example.com"), ("John", "Duy", "john.doe@example.com"),
@@ -324,7 +324,7 @@ def test_authentication_getter_existing_user_email_tricky(email, monkeypatch, se
], ],
) )
def test_authentication_getter_existing_user_change_fields( def test_authentication_getter_existing_user_change_fields(
first_name, last_name, email, django_assert_num_queries, monkeypatch given_name, usual_name, email, django_assert_num_queries, monkeypatch
): ):
"""It should update the email or name fields on the user when they change.""" """It should update the email or name fields on the user when they change."""
@@ -337,8 +337,8 @@ def test_authentication_getter_existing_user_change_fields(
return { return {
"sub": user.sub, "sub": user.sub,
"email": email, "email": email,
"first_name": first_name, "given_name": given_name,
"last_name": last_name, "usual_name": usual_name,
} }
monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked) monkeypatch.setattr(OIDCAuthenticationBackend, "get_userinfo", get_userinfo_mocked)
@@ -352,8 +352,8 @@ def test_authentication_getter_existing_user_change_fields(
assert user == authenticated_user assert user == authenticated_user
user.refresh_from_db() user.refresh_from_db()
assert user.email == email assert user.email == email
assert user.full_name == f"{first_name:s} {last_name:s}" assert user.full_name == f"{given_name:s} {usual_name:s}"
assert user.short_name == first_name assert user.short_name == given_name
@pytest.mark.parametrize( @pytest.mark.parametrize(

4
src/backend/meet/settings.py
View File

@@ -391,12 +391,12 @@ class Base(Configuration):
"returnTo", environ_name="OIDC_REDIRECT_FIELD_NAME", environ_prefix=None "returnTo", environ_name="OIDC_REDIRECT_FIELD_NAME", environ_prefix=None
) )
OIDC_USERINFO_FULLNAME_FIELDS = values.ListValue( OIDC_USERINFO_FULLNAME_FIELDS = values.ListValue(
default=["first_name", "last_name"], default=["given_name", "usual_name"],
environ_name="OIDC_USERINFO_FULLNAME_FIELDS", environ_name="OIDC_USERINFO_FULLNAME_FIELDS",
environ_prefix=None, environ_prefix=None,
) )
OIDC_USERINFO_SHORTNAME_FIELD = values.Value( OIDC_USERINFO_SHORTNAME_FIELD = values.Value(
default="first_name", default="given_name",
environ_name="OIDC_USERINFO_SHORTNAME_FIELD", environ_name="OIDC_USERINFO_SHORTNAME_FIELD",
environ_prefix=None, environ_prefix=None,
) )

2
src/helm/env.d/dev/values.meet.yaml.gotmpl
View File

@@ -24,7 +24,7 @@ backend:
OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }} OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}
OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }} OIDC_RP_CLIENT_SECRET: {{ .Values.oidc.clientSecret }}
OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email" OIDC_RP_SCOPES: "openid email given_name usual_name"
OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io OIDC_REDIRECT_ALLOWED_HOSTS: https://meet.127.0.0.1.nip.io
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io LOGIN_REDIRECT_URL: https://meet.127.0.0.1.nip.io

2
src/helm/env.d/production/values.meet.yaml.gotmpl
View File

@@ -42,7 +42,7 @@ backend:
name: backend name: backend
key: OIDC_RP_CLIENT_SECRET key: OIDC_RP_CLIENT_SECRET
OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email" OIDC_RP_SCOPES: "openid email given_name usual_name"
OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr OIDC_REDIRECT_ALLOWED_HOSTS: https://visio.numerique.gouv.fr
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr LOGIN_REDIRECT_URL: https://visio.numerique.gouv.fr

2
src/helm/env.d/staging/values.meet.yaml.gotmpl
View File

@@ -41,7 +41,7 @@ backend:
name: backend name: backend
key: OIDC_RP_CLIENT_SECRET key: OIDC_RP_CLIENT_SECRET
OIDC_RP_SIGN_ALGO: RS256 OIDC_RP_SIGN_ALGO: RS256
OIDC_RP_SCOPES: "openid email" OIDC_RP_SCOPES: "openid email given_name usual_name"
OIDC_REDIRECT_ALLOWED_HOSTS: https://visio-staging.beta.numerique.gouv.fr OIDC_REDIRECT_ALLOWED_HOSTS: https://visio-staging.beta.numerique.gouv.fr
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
LOGIN_REDIRECT_URL: https://visio-staging.beta.numerique.gouv.fr LOGIN_REDIRECT_URL: https://visio-staging.beta.numerique.gouv.fr