-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
41 changed files
with
4,056 additions
and
131 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
from django.apps import AppConfig | ||
|
||
|
||
class ProConnectConfig(AppConfig): | ||
name = "itou.openid_connect.pro_connect" | ||
verbose_name = "ProConnect" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
from django.conf import settings | ||
|
||
|
||
# https://github.com/numerique-gouv/agentconnect-documentation/blob/main/doc_fs/donnees_fournies.md | ||
# We should not need to add the email, given_name and usual_name but it doesn"t work without them... | ||
PRO_CONNECT_SCOPES = "openid email given_name usual_name custom" | ||
|
||
PRO_CONNECT_CLIENT_ID = settings.PRO_CONNECT_CLIENT_ID | ||
PRO_CONNECT_CLIENT_SECRET = settings.PRO_CONNECT_CLIENT_SECRET | ||
|
||
PRO_CONNECT_ENDPOINT_AUTHORIZE = f"{settings.PRO_CONNECT_BASE_URL}/authorize" | ||
PRO_CONNECT_ENDPOINT_TOKEN = f"{settings.PRO_CONNECT_BASE_URL}/token" | ||
PRO_CONNECT_ENDPOINT_USERINFO = f"{settings.PRO_CONNECT_BASE_URL}/userinfo" | ||
PRO_CONNECT_ENDPOINT_LOGOUT = f"{settings.PRO_CONNECT_BASE_URL}/session/end" | ||
|
||
# This timeout (in seconds) has been chosen arbitrarily. | ||
PRO_CONNECT_TIMEOUT = 60 | ||
|
||
PRO_CONNECT_SESSION_KEY = "pro_connect" | ||
|
||
PRO_CONNECT_FT_IDP_HINT = settings.PRO_CONNECT_FT_IDP_HINT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
import enum | ||
|
||
|
||
class ProConnectChannel(str, enum.Enum): | ||
"""This enum is stored in the session, and allow us to change the error message | ||
in the callback view depending on where the user came from. | ||
""" | ||
|
||
INVITATION = "invitation" | ||
MAP_CONSEILLER = "map_conseiller" |
31 changes: 31 additions & 0 deletions
31
itou/openid_connect/pro_connect/migrations/0001_initial.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Generated by Django 5.0.3 on 2024-03-22 09:37 | ||
|
||
import django.utils.timezone | ||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
initial = True | ||
|
||
dependencies = [] | ||
|
||
operations = [ | ||
migrations.CreateModel( | ||
name="ProConnectState", | ||
fields=[ | ||
("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")), | ||
( | ||
"created_at", | ||
models.DateTimeField( | ||
db_index=True, default=django.utils.timezone.now, verbose_name="date de création" | ||
), | ||
), | ||
("used_at", models.DateTimeField(null=True, verbose_name="date d'utilisation")), | ||
("data", models.JSONField(blank=True, default=dict, verbose_name="données de session")), | ||
("state", models.CharField(max_length=12, unique=True)), | ||
], | ||
options={ | ||
"abstract": False, | ||
}, | ||
), | ||
] |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import dataclasses | ||
import logging | ||
from typing import ClassVar | ||
|
||
from django.db import models | ||
|
||
from itou.prescribers.models import PrescriberOrganization | ||
from itou.users.enums import IdentityProvider, UserKind | ||
from itou.users.models import User | ||
|
||
from ..models import OIDConnectState, OIDConnectUserData | ||
|
||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class ProConnectState(OIDConnectState): | ||
data = models.JSONField(verbose_name="données de session", default=dict, blank=True) | ||
|
||
|
||
@dataclasses.dataclass | ||
class ProConnectUserData(OIDConnectUserData): | ||
@staticmethod | ||
def user_info_mapping_dict(user_info: dict): | ||
return { | ||
"username": user_info["sub"], | ||
"first_name": user_info["given_name"], | ||
"last_name": user_info["usual_name"], | ||
"email": user_info["email"], | ||
} | ||
|
||
def join_org(self, user: User, safir: str): | ||
if not user.is_prescriber: | ||
raise ValueError("Invalid user kind: %s", user.kind) | ||
try: | ||
organization = PrescriberOrganization.objects.get(code_safir_pole_emploi=safir) | ||
except PrescriberOrganization.DoesNotExist: | ||
logger.error(f"Organization with SAFIR {safir} does not exist. Unable to add user {user.email}.") | ||
raise | ||
if not organization.has_member(user): | ||
organization.add_or_activate_member(user) | ||
|
||
|
||
@dataclasses.dataclass | ||
class ProConnectPrescriberData(ProConnectUserData): | ||
kind: UserKind = UserKind.PRESCRIBER | ||
identity_provider: IdentityProvider = IdentityProvider.PRO_CONNECT | ||
login_allowed_user_kinds: ClassVar[tuple[UserKind]] = (UserKind.PRESCRIBER, UserKind.EMPLOYER) | ||
allowed_identity_provider_migration: ClassVar[tuple[IdentityProvider]] = ( | ||
IdentityProvider.DJANGO, | ||
IdentityProvider.INCLUSION_CONNECT, | ||
) | ||
|
||
|
||
@dataclasses.dataclass | ||
class ProConnectEmployerData(ProConnectUserData): | ||
kind: UserKind = UserKind.EMPLOYER | ||
identity_provider: IdentityProvider = IdentityProvider.PRO_CONNECT | ||
login_allowed_user_kinds: ClassVar[tuple[UserKind]] = (UserKind.PRESCRIBER, UserKind.EMPLOYER) | ||
allowed_identity_provider_migration: ClassVar[tuple[IdentityProvider]] = ( | ||
IdentityProvider.DJANGO, | ||
IdentityProvider.INCLUSION_CONNECT, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
from django.urls import path | ||
|
||
from . import views | ||
|
||
|
||
app_name = "pro_connect" | ||
|
||
urlpatterns = [ | ||
path("authorize", views.pro_connect_authorize, name="authorize"), | ||
path("callback", views.pro_connect_callback, name="callback"), | ||
path("logout", views.pro_connect_logout, name="logout"), | ||
path("logout_callback", views.pro_connect_logout_callback, name="logout_callback"), | ||
] |
Oops, something went wrong.