pro_connect: base work

itou/openid_connect/pro_connect/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ProConnectConfig(AppConfig):
+    name = "itou.openid_connect.pro_connect"
+    verbose_name = "Pro Connect"

itou/openid_connect/pro_connect/constants.py

@@ -0,0 +1,22 @@
+from django.conf import settings
+
+
+PRO_CONNECT_SCOPES = "openid profile email"
+
+PRO_CONNECT_CLIENT_ID = settings.PRO_CONNECT_CLIENT_ID
+PRO_CONNECT_CLIENT_SECRET = settings.PRO_CONNECT_CLIENT_SECRET
+
+PRO_CONNECT_ENDPOINT_BASE = f"{settings.PRO_CONNECT_BASE_URL}/auth"
+PRO_CONNECT_ENDPOINT_AUTHORIZE = f"{PRO_CONNECT_ENDPOINT_BASE}/authorize/"
+PRO_CONNECT_ENDPOINT_REGISTER = f"{PRO_CONNECT_ENDPOINT_BASE}/register/"
+PRO_CONNECT_ENDPOINT_ACTIVATE = f"{PRO_CONNECT_ENDPOINT_BASE}/activate/"
+PRO_CONNECT_ENDPOINT_TOKEN = f"{PRO_CONNECT_ENDPOINT_BASE}/token/"
+PRO_CONNECT_ENDPOINT_USERINFO = f"{PRO_CONNECT_ENDPOINT_BASE}/userinfo/"
+PRO_CONNECT_ENDPOINT_LOGOUT = f"{PRO_CONNECT_ENDPOINT_BASE}/logout/"
+
+# These expiration times have been chosen arbitrarily.
+PRO_CONNECT_TIMEOUT = 60
+
+PRO_CONNECT_SESSION_KEY = "inclusion_connect"
+
+PRO_CONNECT_ACCOUNT_URL = f"{settings.PRO_CONNECT_BASE_URL}/accounts/my-account/"

itou/openid_connect/pro_connect/enums.py

@@ -0,0 +1,11 @@
+import enum
+
+
+class ProConnectChannel(str, enum.Enum):
+    """This enum is stored in the session, and allow us to change the error message
+    in the callback view depending on where the user came from.
+    """
+
+    INVITATION = "invitation"
+    POLE_EMPLOI = "pole_emploi"
+    MAP_CONSEILLER = "map_conseiller"

itou/openid_connect/pro_connect/migrations/0001_initial.py

@@ -0,0 +1,32 @@
+# Generated by Django 5.0.3 on 2024-03-22 09:37
+
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = []
+
+    operations = [
+        migrations.CreateModel(
+            name="ProConnectState",
+            fields=[
+                ("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        db_index=True, default=django.utils.timezone.now, verbose_name="date de création"
+                    ),
+                ),
+                ("used_at", models.DateTimeField(null=True, verbose_name="date d'utilisation")),
+                ("data", models.JSONField(blank=True, default=dict, verbose_name="données de session")),
+                ("state", models.CharField(max_length=12, unique=True)),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]

itou/openid_connect/pro_connect/models.py

@@ -0,0 +1,43 @@
+import dataclasses
+import logging
+
+from django.db import models
+
+from itou.prescribers.models import PrescriberOrganization
+from itou.users.enums import IdentityProvider, UserKind
+from itou.users.models import User
+
+from ..models import OIDConnectState, OIDConnectUserData
+
+
+logger = logging.getLogger(__name__)
+
+
+class ProConnectState(OIDConnectState):
+    data = models.JSONField(verbose_name="données de session", default=dict, blank=True)
+
+    class Meta:
+        abstract = False
+
+
+@dataclasses.dataclass
+class ProConnectPrescriberData(OIDConnectUserData):
+    kind: str = UserKind.PRESCRIBER
+    identity_provider: IdentityProvider = IdentityProvider.INCLUSION_CONNECT
+    login_allowed_user_kinds = [UserKind.PRESCRIBER, UserKind.EMPLOYER]
+
+    def join_org(self, user: User, safir: str):
+        try:
+            organization = PrescriberOrganization.objects.get(code_safir_pole_emploi=safir)
+        except PrescriberOrganization.DoesNotExist:
+            logger.error(f"Organization with SAFIR {safir} does not exist. Unable to add user {user.email}.")
+            raise
+        if not organization.has_member(user):
+            organization.add_member(user)
+
+
+@dataclasses.dataclass
+class ProConnectEmployerData(OIDConnectUserData):
+    kind: str = UserKind.EMPLOYER
+    identity_provider: IdentityProvider = IdentityProvider.INCLUSION_CONNECT
+    login_allowed_user_kinds = [UserKind.PRESCRIBER, UserKind.EMPLOYER]

itou/openid_connect/pro_connect/urls.py

@@ -0,0 +1,12 @@
+from django.urls import path
+
+from . import views
+
+
+app_name = "pro_connect"
+
+urlpatterns = [
+    path("authorize", views.pro_connect_authorize, name="authorize"),
+    path("callback", views.pro_connect_callback, name="callback"),
+    path("logout", views.pro_connect_logout, name="logout"),
+]