2024-12-05 18:19:11 +01:00
|
|
|
"""Organization related plugins."""
|
|
|
|
|
|
|
|
|
|
import logging
|
|
|
|
|
|
2025-01-22 15:24:13 +01:00
|
|
|
from django.conf import settings
|
|
|
|
|
|
2024-12-05 18:19:11 +01:00
|
|
|
import requests
|
2024-12-05 15:44:30 +01:00
|
|
|
from requests.adapters import HTTPAdapter, Retry
|
2024-12-05 18:19:11 +01:00
|
|
|
|
|
|
|
|
from core.plugins.base import BaseOrganizationPlugin
|
|
|
|
|
|
2025-01-22 15:32:15 +01:00
|
|
|
from mailbox_manager.enums import MailDomainRoleChoices
|
|
|
|
|
from mailbox_manager.models import MailDomain, MailDomainAccess
|
|
|
|
|
|
2024-12-05 18:19:11 +01:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class NameFromSiretOrganizationPlugin(BaseOrganizationPlugin):
|
|
|
|
|
"""
|
|
|
|
|
This plugin is used to convert the organization registration ID
|
|
|
|
|
to the proper name. For French organization the registration ID
|
|
|
|
|
is the SIRET.
|
|
|
|
|
|
|
|
|
|
This is a very specific plugin for French organizations and this
|
|
|
|
|
first implementation is very basic. It surely needs to be improved
|
|
|
|
|
later.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
_api_url = "https://recherche-entreprises.api.gouv.fr/search?q={siret}"
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
2025-01-30 14:21:53 +01:00
|
|
|
def get_organization_name_from_results(data, siret):
|
2024-12-05 15:44:30 +01:00
|
|
|
"""Return the organization name from the results of a SIRET search."""
|
2024-12-05 18:19:11 +01:00
|
|
|
for result in data["results"]:
|
|
|
|
|
for organization in result["matching_etablissements"]:
|
|
|
|
|
if organization.get("siret") == siret:
|
2025-01-30 14:21:53 +01:00
|
|
|
store_signs = organization.get("liste_enseignes") or []
|
|
|
|
|
if store_signs:
|
|
|
|
|
return store_signs[0].title()
|
|
|
|
|
if name := result.get("nom_raison_sociale"):
|
|
|
|
|
return name.title()
|
2024-12-05 18:19:11 +01:00
|
|
|
|
|
|
|
|
logger.warning("No organization name found for SIRET %s", siret)
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
def run_after_create(self, organization):
|
|
|
|
|
"""After creating an organization, update the organization name."""
|
|
|
|
|
if not organization.registration_id_list:
|
|
|
|
|
# No registration ID to convert...
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
if organization.name not in organization.registration_id_list:
|
|
|
|
|
# The name has probably already been customized
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
# In the nominal case, there is only one registration ID because
|
2025-01-21 11:32:08 +01:00
|
|
|
# the organization as been created from it.
|
|
|
|
|
try:
|
|
|
|
|
# Retry logic as the API may be rate limited
|
|
|
|
|
s = requests.Session()
|
|
|
|
|
retries = Retry(total=5, backoff_factor=0.1, status_forcelist=[429])
|
|
|
|
|
s.mount("https://", HTTPAdapter(max_retries=retries))
|
|
|
|
|
|
|
|
|
|
siret = organization.registration_id_list[0]
|
|
|
|
|
response = s.get(self._api_url.format(siret=siret), timeout=10)
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
data = response.json()
|
|
|
|
|
name = self.get_organization_name_from_results(data, siret)
|
|
|
|
|
if not name:
|
|
|
|
|
return
|
|
|
|
|
except requests.RequestException as exc:
|
|
|
|
|
logger.exception("%s: Unable to fetch organization name from SIRET", exc)
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
organization.name = name
|
|
|
|
|
organization.save(update_fields=["name", "updated_at"])
|
|
|
|
|
logger.info("Organization %s name updated to %s", organization, name)
|
|
|
|
|
|
2025-01-22 15:32:15 +01:00
|
|
|
def run_after_grant_access(self, organization_access):
|
|
|
|
|
"""After granting an organization access, we don't need to do anything."""
|
|
|
|
|
|
2025-01-22 15:24:13 +01:00
|
|
|
|
2025-01-21 11:32:08 +01:00
|
|
|
class ApiCall:
|
|
|
|
|
"""Encapsulates a call to an external API"""
|
|
|
|
|
|
2025-01-22 15:24:13 +01:00
|
|
|
inputs: dict = {}
|
2025-01-21 11:32:08 +01:00
|
|
|
method: str = "GET"
|
|
|
|
|
base: str = ""
|
|
|
|
|
url: str = ""
|
|
|
|
|
params: dict = {}
|
|
|
|
|
headers: dict = {}
|
2025-01-22 15:32:15 +01:00
|
|
|
response_data = None
|
2025-01-21 11:32:08 +01:00
|
|
|
|
|
|
|
|
def execute(self):
|
|
|
|
|
"""Call the specified API endpoint with supplied parameters and record response"""
|
2025-01-22 15:32:15 +01:00
|
|
|
if self.method in ("POST", "PATCH"):
|
|
|
|
|
response = requests.request(
|
2025-01-21 11:32:08 +01:00
|
|
|
method=self.method,
|
|
|
|
|
url=f"{self.base}/{self.url}",
|
|
|
|
|
json=self.params,
|
|
|
|
|
headers=self.headers,
|
|
|
|
|
timeout=5,
|
|
|
|
|
)
|
2025-01-22 15:32:15 +01:00
|
|
|
else:
|
|
|
|
|
response = requests.request(
|
|
|
|
|
method=self.method,
|
|
|
|
|
url=f"{self.base}/{self.url}",
|
|
|
|
|
params=self.params,
|
|
|
|
|
headers=self.headers,
|
|
|
|
|
timeout=5,
|
|
|
|
|
)
|
|
|
|
|
self.response_data = response.json()
|
|
|
|
|
logger.info(
|
|
|
|
|
"API call: %s %s %s %s",
|
|
|
|
|
self.method,
|
|
|
|
|
self.url,
|
|
|
|
|
self.params,
|
|
|
|
|
self.response_data,
|
|
|
|
|
)
|
2025-01-21 11:32:08 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class CommuneCreation(BaseOrganizationPlugin):
|
|
|
|
|
"""
|
|
|
|
|
This plugin handles setup tasks for French communes.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
_api_url = "https://recherche-entreprises.api.gouv.fr/search?q={siret}"
|
|
|
|
|
|
|
|
|
|
def get_organization_name_from_results(self, data, siret):
|
|
|
|
|
"""Return the organization name from the results of a SIRET search."""
|
|
|
|
|
for result in data["results"]:
|
|
|
|
|
nature = "nature_juridique"
|
|
|
|
|
commune = nature in result and result[nature] == "7210"
|
2025-01-22 15:32:15 +01:00
|
|
|
if commune:
|
|
|
|
|
return result["siege"]["libelle_commune"].title()
|
2025-01-21 11:32:08 +01:00
|
|
|
|
2025-01-22 15:32:15 +01:00
|
|
|
logger.warning("Not a commune: SIRET %s", siret)
|
2025-01-21 11:32:08 +01:00
|
|
|
return None
|
|
|
|
|
|
2025-01-22 15:24:13 +01:00
|
|
|
def dns_call(self, spec):
|
|
|
|
|
"""Call to add a DNS record"""
|
|
|
|
|
records = [
|
2025-01-22 15:32:15 +01:00
|
|
|
{
|
|
|
|
|
"name": item["target"],
|
|
|
|
|
"type": item["type"].upper(),
|
|
|
|
|
"data": item["value"],
|
|
|
|
|
"ttl": 3600,
|
|
|
|
|
}
|
|
|
|
|
for item in spec.response_data
|
2025-01-22 15:24:13 +01:00
|
|
|
]
|
|
|
|
|
result = ApiCall()
|
|
|
|
|
result.method = "PATCH"
|
|
|
|
|
result.base = "https://api.scaleway.com"
|
2025-01-22 15:32:15 +01:00
|
|
|
result.url = (
|
|
|
|
|
f"/domain/v2beta1/dns-zones/{spec.inputs['name']}.collectivite.fr/records"
|
|
|
|
|
)
|
2025-01-22 15:24:13 +01:00
|
|
|
result.params = {"changes": [{"add": {"records": records}}]}
|
2025-01-22 15:32:15 +01:00
|
|
|
result.headers = {"X-Auth-Token": settings.DNS_PROVISIONING_API_CREDENTIALS}
|
2025-01-22 15:24:13 +01:00
|
|
|
return result
|
|
|
|
|
|
2025-01-21 11:32:08 +01:00
|
|
|
def complete_commune_creation(self, name: str) -> ApiCall:
|
|
|
|
|
"""Specify the tasks to be completed after a commune is created."""
|
|
|
|
|
inputs = {"name": name.lower()}
|
|
|
|
|
|
|
|
|
|
create_zone = ApiCall()
|
|
|
|
|
create_zone.method = "POST"
|
|
|
|
|
create_zone.base = "https://api.scaleway.com"
|
|
|
|
|
create_zone.url = "/domain/v2beta1/dns-zones"
|
|
|
|
|
create_zone.params = {
|
|
|
|
|
"project_id": settings.DNS_PROVISIONING_RESOURCE_ID,
|
|
|
|
|
"domain": "collectivite.fr",
|
|
|
|
|
"subdomain": inputs["name"],
|
|
|
|
|
}
|
|
|
|
|
create_zone.headers = {
|
|
|
|
|
"X-Auth-Token": settings.DNS_PROVISIONING_API_CREDENTIALS
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
create_domain = ApiCall()
|
|
|
|
|
create_domain.method = "POST"
|
|
|
|
|
create_domain.base = settings.MAIL_PROVISIONING_API_URL
|
|
|
|
|
create_domain.url = "/domains"
|
|
|
|
|
create_domain.params = {
|
2025-01-22 15:24:13 +01:00
|
|
|
"name": f"{inputs['name']}.collectivite.fr",
|
2025-01-21 11:32:08 +01:00
|
|
|
"delivery": "virtual",
|
2025-01-22 15:24:13 +01:00
|
|
|
"features": ["webmail", "mailbox"],
|
|
|
|
|
"context_name": f"{inputs['name']}.collectivite.fr",
|
2025-01-21 11:32:08 +01:00
|
|
|
}
|
|
|
|
|
create_domain.headers = {
|
2025-01-22 15:32:15 +01:00
|
|
|
"Authorization": f"Basic {settings.MAIL_PROVISIONING_API_CREDENTIALS}"
|
2025-01-21 11:32:08 +01:00
|
|
|
}
|
|
|
|
|
|
2025-01-21 15:45:21 +01:00
|
|
|
spec_domain = ApiCall()
|
2025-01-22 15:24:13 +01:00
|
|
|
spec_domain.inputs = inputs
|
2025-01-21 15:45:21 +01:00
|
|
|
spec_domain.base = settings.MAIL_PROVISIONING_API_URL
|
2025-01-22 15:24:13 +01:00
|
|
|
spec_domain.url = f"/domains/{inputs['name']}.collectivite.fr/spec"
|
2025-01-21 15:45:21 +01:00
|
|
|
spec_domain.headers = {
|
2025-01-22 15:32:15 +01:00
|
|
|
"Authorization": f"Basic {settings.MAIL_PROVISIONING_API_CREDENTIALS}"
|
2025-01-21 15:45:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return [create_zone, create_domain, spec_domain]
|
2025-01-21 11:32:08 +01:00
|
|
|
|
2025-01-22 15:24:13 +01:00
|
|
|
def complete_zone_creation(self, spec_call):
|
|
|
|
|
"""Specify the tasks to be performed to set up the zone."""
|
|
|
|
|
return self.dns_call(spec_call)
|
|
|
|
|
|
2025-01-21 11:32:08 +01:00
|
|
|
def run_after_create(self, organization):
|
|
|
|
|
"""After creating an organization, update the organization name."""
|
2025-01-22 15:32:15 +01:00
|
|
|
logger.info("In CommuneCreation")
|
2025-01-21 11:32:08 +01:00
|
|
|
if not organization.registration_id_list:
|
|
|
|
|
# No registration ID to convert...
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
# In the nominal case, there is only one registration ID because
|
2025-01-22 15:32:15 +01:00
|
|
|
# the organization has been created from it.
|
2024-12-05 15:44:30 +01:00
|
|
|
try:
|
|
|
|
|
# Retry logic as the API may be rate limited
|
|
|
|
|
s = requests.Session()
|
|
|
|
|
retries = Retry(total=5, backoff_factor=0.1, status_forcelist=[429])
|
|
|
|
|
s.mount("https://", HTTPAdapter(max_retries=retries))
|
|
|
|
|
|
|
|
|
|
siret = organization.registration_id_list[0]
|
|
|
|
|
response = s.get(self._api_url.format(siret=siret), timeout=10)
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
data = response.json()
|
|
|
|
|
name = self.get_organization_name_from_results(data, siret)
|
2025-01-22 15:32:15 +01:00
|
|
|
# Not a commune ?
|
2024-12-05 15:44:30 +01:00
|
|
|
if not name:
|
|
|
|
|
return
|
|
|
|
|
except requests.RequestException as exc:
|
|
|
|
|
logger.exception("%s: Unable to fetch organization name from SIRET", exc)
|
2024-12-05 18:19:11 +01:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
organization.name = name
|
|
|
|
|
organization.save(update_fields=["name", "updated_at"])
|
|
|
|
|
logger.info("Organization %s name updated to %s", organization, name)
|
2025-01-22 15:24:13 +01:00
|
|
|
|
2025-01-22 15:32:15 +01:00
|
|
|
MailDomain.objects.get_or_create(name=f"{name.lower()}.collectivite.fr")
|
|
|
|
|
|
|
|
|
|
# Compute and execute the rest of the process
|
|
|
|
|
tasks = self.complete_commune_creation(name)
|
|
|
|
|
for task in tasks:
|
|
|
|
|
task.execute()
|
|
|
|
|
last_task = self.complete_zone_creation(tasks[-1])
|
|
|
|
|
last_task.execute()
|
|
|
|
|
|
|
|
|
|
def run_after_grant_access(self, organization_access):
|
|
|
|
|
"""After granting an organization access, check for needed domain access grant."""
|
|
|
|
|
orga = organization_access.organization
|
|
|
|
|
user = organization_access.user
|
|
|
|
|
zone_name = orga.name.lower() + ".collectivite.fr"
|
|
|
|
|
|
|
|
|
|
try:
|
2025-01-27 15:23:35 +01:00
|
|
|
domain = MailDomain.objects.get(name=zone_name)
|
2025-01-22 15:32:15 +01:00
|
|
|
except MailDomain.DoesNotExist:
|
|
|
|
|
domain = None
|
|
|
|
|
|
|
|
|
|
if domain:
|
|
|
|
|
MailDomainAccess.objects.create(
|
|
|
|
|
domain=domain, user=user, role=MailDomainRoleChoices.OWNER
|
|
|
|
|
)
|
|
|
|
|
grant_access = ApiCall()
|
|
|
|
|
grant_access.method = "POST"
|
|
|
|
|
grant_access.base = settings.MAIL_PROVISIONING_API_URL
|
|
|
|
|
grant_access.url = "/allows"
|
|
|
|
|
grant_access.params = {
|
|
|
|
|
"user": user.sub,
|
|
|
|
|
"domain": zone_name,
|
|
|
|
|
}
|
|
|
|
|
grant_access.headers = {
|
|
|
|
|
"Authorization": f"Basic {settings.MAIL_PROVISIONING_API_CREDENTIALS}"
|
|
|
|
|
}
|
|
|
|
|
grant_access.execute()
|
