studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛(oauth2) add ProConnect scopes

Browse Source 
Add missing scopes required by ProConnect evenif we don't fill them.
This commit is contained in:
Quentin BEY
2025-03-13 11:22:35 +01:00
committed by BEY Quentin
parent 5cc8108e7b
commit 34783d0557
3 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -22,6 +22,7 @@ and this project adheres to
### Fixed ### Fixed
- 🐛(oauth2) add ProConnect scopes #802
- 🐛(domains) use a dedicated mail to invite user to manage domain - 🐛(domains) use a dedicated mail to invite user to manage domain
- 🐛(mailbox) fix mailbox creation email language - 🐛(mailbox) fix mailbox creation email language

26
src/backend/mailbox_oauth2/validators.py
View File

@@ -115,7 +115,13 @@ class ProConnectValidator(BaseValidator):
oidc_claim_scope = OAuth2Validator.oidc_claim_scope | { oidc_claim_scope = OAuth2Validator.oidc_claim_scope | {
"given_name": "given_name", "given_name": "given_name",
"usual_name": "usual_name", "usual_name": "usual_name",
"siret": "profile", "siret": "siret",
"uid": "uid",
"siren": "siren",
"organizational_unit": "organizational_unit",
"belonging_population": "belonging_population",
"phone": "phone",
"chorusdt": "chorusdt",
} }
def get_additional_claims(self, request): def get_additional_claims(self, request):
@@ -137,12 +143,30 @@ class ProConnectValidator(BaseValidator):
if "usual_name" in request.scopes: if "usual_name" in request.scopes:
additional_claims["usual_name"] = request.user.last_name additional_claims["usual_name"] = request.user.last_name
if "uid" in request.scopes:
additional_claims["uid"] = str(request.user.pk)
if "siret" in request.scopes: if "siret" in request.scopes:
# The following line will fail on purpose if we don't have the proper information # The following line will fail on purpose if we don't have the proper information
additional_claims["siret"] = ( additional_claims["siret"] = (
request.user.domain.organization.registration_id_list[0] request.user.domain.organization.registration_id_list[0]
) )
if "siren" in request.scopes:
# The following line will fail on purpose if we don't have the proper information
additional_claims["siren"] = (
request.user.domain.organization.registration_id_list[0][:9]
)
for empty_claim in [
"organizational_unit",
"belonging_population",
"phone",
"chorusdt",
]:
if empty_claim in request.scopes:
additional_claims[empty_claim] = ""
# Include 'acr' claim if it is present in the request claims and equals 'eidas1' # Include 'acr' claim if it is present in the request claims and equals 'eidas1'
# see _create_authorization_code method for more details # see _create_authorization_code method for more details
if request.claims and request.claims.get("acr") == "eidas1": if request.claims and request.claims.get("acr") == "eidas1":

7
src/backend/people/settings.py
View File

@@ -667,6 +667,13 @@ class Base(Configuration):
SCOPES["given_name"] = "First name" SCOPES["given_name"] = "First name"
SCOPES["usual_name"] = "Last name" SCOPES["usual_name"] = "Last name"
SCOPES["siret"] = "SIRET number" SCOPES["siret"] = "SIRET number"
SCOPES["siren"] = "SIREN number"
SCOPES["uid"] = "UID"
# available but not filled
SCOPES["organizational_unit"] = "Organizational unit"
SCOPES["belonging_population"] = "Belonging population"
SCOPES["phone"] = "Phone number"
SCOPES["chorusdt"] = "Chorus DT"
return { return {
"OIDC_ENABLED": OIDC_ENABLED, "OIDC_ENABLED": OIDC_ENABLED,