Merge pull request #871 from maykinmedia/develop

Release v1.12

.python-version

@@ -0,0 +1 @@
+3.9

Dockerfile

@@ -47,7 +47,7 @@ COPY ./build /app/build/
 COPY ./*.json ./*.js ./.babelrc /app/
 
 # install WITH dev tooling
-RUN npm ci
+RUN npm ci --legacy-peer-deps
 
 # copy source code
 COPY ./src /app/src
@@ -110,6 +110,7 @@ ARG COMMIT_HASH
 ENV GIT_SHA=${COMMIT_HASH}
 ENV DJANGO_SETTINGS_MODULE=open_inwoner.conf.docker
 ENV DIGID_MOCK=True
+ENV EHERKENNING_MOCK=True
 
 ARG SECRET_KEY=dummy
 

INSTALL.rst

@@ -196,6 +196,7 @@ file or as part of the ``(post)activate`` of your virtualenv.
 
 * ``SECRET_KEY``: the secret key to use. A default is set in ``dev.py``
 * ``DIGID_MOCK``: determines if a mock-DigiD interface is to be shown on the frontend, if configured in the admin this has to be set to ``True`` to avoid switching to the mock-authentication by accident.
+* ``EHERKENNING_MOCK``: determines if a mock-eHerkenning interface is to be shown on the frontend, if configured in the admin this has to be set to ``True`` to avoid switching to the mock-authentication by accident.
 
 * ``DB_NAME``: name of the database for the project. Defaults to ``open_inwoner``.
 * ``DB_USER``: username to connect to the database with. Defaults to ``open_inwoner``.

README.rst

@@ -3,7 +3,7 @@ Open Inwoner
 ==================
 
 
-:Version: 1.11
+:Version: 1.12
 :Source: https://github.com/maykinmedia/open-inwoner
 :Keywords: inwoner
 :PythonVersion: 3.9

requirements/base.in

@@ -16,7 +16,6 @@ tinycss2
 Django>=3.2.11<4.0
 django-admin-index
 django-axes
-django-choices
 django-filer
 django-hijack
 django-ordered-model

requirements/base.txt

@@ -134,10 +134,8 @@ django-better-admin-arrayfield==1.4.2
     # via
     #   -r requirements/base.in
     #   mozilla-django-oidc-db
-django-choices==1.7.2
-    # via
-    #   -r requirements/base.in
-    #   mail-editor
+django-choices==2.0.0
+    # via mail-editor
 django-ckeditor==6.2.0
     # via mail-editor
 django-classy-tags==4.0.0
@@ -161,7 +159,7 @@ django-csp==3.7
     # via -r requirements/base.in
 django-csp-reports==1.8.1
     # via -r requirements/base.in
-django-digid-eherkenning==0.7.0
+django-digid-eherkenning==0.9.0
     # via -r requirements/base.in
 django-elasticsearch-dsl==7.2.1
     # via -r requirements/base.in
@@ -195,7 +193,7 @@ django-js-asset==1.2.2
     #   django-mptt
 django-localflavor==3.1
     # via -r requirements/base.in
-django-log-outgoing-requests==0.5.0
+django-log-outgoing-requests==0.5.2
     # via -r requirements/base.in
 django-mptt==0.13.4
     # via django-filer
@@ -300,7 +298,7 @@ face==20.1.1
     # via glom
 faker==9.9.0
     # via zgw-consumers
-fontawesomefree==6.1.1
+fontawesomefree==6.4.2
     # via -r requirements/base.in
 fonttools[woff]==4.29.1
     # via weasyprint
@@ -474,7 +472,6 @@ six==1.16.0
     # via
     #   click-repl
     #   django-appdata
-    #   django-choices
     #   django-elasticsearch-dsl
     #   elasticsearch-dsl
     #   furl

requirements/ci.txt

@@ -207,7 +207,7 @@ django-better-admin-arrayfield==1.4.2
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-django-choices==1.7.2
+django-choices==2.0.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -249,7 +249,7 @@ django-csp-reports==1.8.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-django-digid-eherkenning==0.7.0
+django-digid-eherkenning==0.9.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -309,7 +309,7 @@ django-localflavor==3.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-django-log-outgoing-requests==0.5.0
+django-log-outgoing-requests==0.5.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -501,7 +501,7 @@ faker==9.9.0
     #   -r requirements/base.txt
     #   factory-boy
     #   zgw-consumers
-fontawesomefree==6.1.1
+fontawesomefree==6.4.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -843,7 +843,6 @@ six==1.16.0
     #   -r requirements/base.txt
     #   click-repl
     #   django-appdata
-    #   django-choices
     #   django-elasticsearch-dsl
     #   elasticsearch-dsl
     #   furl

requirements/dev.txt

@@ -232,7 +232,7 @@ django-better-admin-arrayfield==1.4.2
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   mozilla-django-oidc-db
-django-choices==1.7.2
+django-choices==2.0.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -276,7 +276,7 @@ django-csp-reports==1.8.1
     #   -r requirements/ci.txt
 django-debug-toolbar==3.2.2
     # via -r requirements/dev.in
-django-digid-eherkenning==0.7.0
+django-digid-eherkenning==0.9.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -338,7 +338,7 @@ django-localflavor==3.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-django-log-outgoing-requests==0.5.0
+django-log-outgoing-requests==0.5.2
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -540,7 +540,7 @@ faker==9.9.0
     #   zgw-consumers
 flake8==3.9.2
     # via -r requirements/dev.in
-fontawesomefree==6.1.1
+fontawesomefree==6.4.2
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -936,7 +936,6 @@ six==1.16.0
     #   -r requirements/ci.txt
     #   click-repl
     #   django-appdata
-    #   django-choices
     #   django-elasticsearch-dsl
     #   elasticsearch-dsl
     #   furl

src/eherkenning/backends.py

@@ -0,0 +1,38 @@
+from django.contrib.auth import get_user_model
+
+from digid_eherkenning.backends import eHerkenningBackend as _eHerkenningBackend
+from digid_eherkenning.exceptions import eHerkenningError
+from digid_eherkenning.utils import get_client_ip
+
+UserModel = get_user_model()
+
+
+class eHerkenningBackend(_eHerkenningBackend):
+    """
+    Custom backend to identify users based on the KvK number instead of RSIN
+    """
+
+    def get_or_create_user(self, request, saml_response, saml_attributes):
+        kvk = self.get_kvk_number(saml_attributes)
+        if kvk == "":
+            raise eHerkenningError(
+                "Login failed due to no KvK being returned by eHerkenning."
+            )
+
+        created = False
+        try:
+            user = UserModel.eherkenning_objects.get_by_kvk(kvk)
+        except UserModel.DoesNotExist:
+            user = UserModel.eherkenning_objects.eherkenning_create(kvk)
+            created = True
+
+        success_message = self.error_messages["login_success"] % {
+            "user": str(user),
+            "user_info": " (new account)" if created else "",
+            "ip": get_client_ip(request),
+            "service": self.service_name,
+        }
+
+        self.log_success(request, success_message)
+
+        return user, created

src/eherkenning/managers.py

@@ -0,0 +1,6 @@
+from digid_eherkenning.managers import BaseeHerkenningManager as _BaseeHerkenningManager
+
+
+class BaseeHerkenningManager(_BaseeHerkenningManager):
+    def get_by_kvk(self, kvk):
+        raise NotImplementedError

src/eherkenning/mock/backends.py

@@ -0,0 +1,62 @@
+import logging
+import re
+
+from django.contrib.auth import get_user_model
+
+from digid_eherkenning.backends import BaseBackend
+from digid_eherkenning.utils import get_client_ip
+
+logger = logging.getLogger(__name__)
+
+UserModel = get_user_model()
+
+
+class eHerkenningBackend(BaseBackend):
+    service_name = "eHerkenning"
+    error_messages = dict(
+        BaseBackend.error_messages,
+        **{
+            "eherkenning_no_kvk": "Login failed due to no KvK being returned by eHerkenning.",
+            "eherkenning_len_kvk": "Login failed due to no KvK having more then 8 digits.",
+            "eherkenning_num_kvk": "Login failed due to no KvK not being numerical.",
+        }
+    )
+
+    def get_or_create_user(self, request, kvk):
+        created = False
+        try:
+            user = UserModel.eherkenning_objects.get_by_kvk(kvk)
+        except UserModel.DoesNotExist:
+            user = UserModel.eherkenning_objects.eherkenning_create(kvk)
+            created = True
+
+        success_message = self.error_messages["login_success"] % {
+            "user": str(user),
+            "user_info": " (new account)" if created else "",
+            "ip": get_client_ip(request),
+            "service": self.service_name,
+        }
+
+        self.log_success(request, success_message)
+
+        return user, created
+
+    def authenticate(self, request, kvk=None):
+        if kvk is None:
+            return
+
+        if kvk == "":
+            self.log_error(request, self.error_messages["eherkenning_no_kvk"])
+            return
+
+        if not re.match(r"^[0-9]+$", kvk):
+            self.log_error(request, self.error_messages["eherkenning_len_kvk"])
+            return
+
+        if len(kvk) > 8:
+            self.log_error(request, self.error_messages["eherkenning_num_kvk"])
+            return
+
+        user, created = self.get_or_create_user(request, kvk)
+
+        return user

src/eherkenning/mock/eherkenning_conf.py

@@ -0,0 +1,47 @@
+from django.conf import settings
+from django.shortcuts import resolve_url
+from django.urls import reverse
+from django.utils.encoding import force_str
+
+
+def get_app_title():
+    """
+    Title of application to display in IDP view
+    """
+    return force_str(
+        getattr(settings, "EHERKENNING_MOCK_APP_TITLE", "") or "eHerkenning Mock Login"
+    )
+
+
+def get_success_url():
+    """
+    Default URL to redirect to after login
+    """
+    url = (
+        getattr(settings, "EHERKENNING_MOCK_RETURN_URL", "")
+        or getattr(settings, "LOGIN_REDIRECT_URL", "")
+        or "/"
+    )
+    return resolve_url(url)
+
+
+def get_cancel_url():
+    """
+    Default URL if user presses 'vorige/back' in IDP view
+    """
+    url = (
+        getattr(settings, "EHERKENNING_MOCK_CANCEL_URL", "")
+        or getattr(settings, "LOGIN_URL", "")
+        or "/"
+    )
+    return resolve_url(url)
+
+
+def get_idp_login_url():
+    """
+    URL of the IDP login page (possibly on other domain)
+    """
+    url = getattr(settings, "EHERKENNING_MOCK_IDP_LOGIN_URL", "") or reverse(
+        "eherkenning-mock:login"
+    )
+    return resolve_url(url)

src/eherkenning/mock/eherkenning_urls.py

@@ -0,0 +1,19 @@
+from django.urls import path
+
+from eherkenning.mock.views.eherkenning import (
+    eHerkenningAssertionConsumerServiceMockView,
+    eHerkenningLoginMockView,
+    eHerkenningLogoutMockView,
+)
+
+"""
+this is a mock replacement for the regular eherkenning_urls.py
+"""
+
+app_name = "eherkenning"
+
+urlpatterns = (
+    path("login/", eHerkenningLoginMockView.as_view(), name="login"),
+    path("acs/", eHerkenningAssertionConsumerServiceMockView.as_view(), name="acs"),
+    path("logout/", eHerkenningLogoutMockView.as_view(), name="logout"),
+)

src/eherkenning/mock/idp/eherkenning_urls.py

@@ -0,0 +1,15 @@
+from django.urls import path
+
+from eherkenning.mock.idp.views.eherkenning import (
+    eHerkenningMockIDPLoginView,
+    eHerkenningMockIDPPasswordLoginView,
+)
+
+app_name = "eherkenning-mock"
+
+urlpatterns = [
+    path("inloggen/", eHerkenningMockIDPLoginView.as_view(), name="login"),
+    path(
+        "inloggen_ww/", eHerkenningMockIDPPasswordLoginView.as_view(), name="password"
+    ),
+]

src/eherkenning/mock/idp/forms.py

@@ -0,0 +1,19 @@
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from eherkenning.validators import KVKValidator
+
+
+class eHerkenningPasswordLoginForm(forms.Form):
+    auth_name = forms.CharField(
+        max_length=255,
+        required=True,
+        label=_("eHerkenning gebruikersnaam"),
+        validators=[KVKValidator()],
+    )
+    auth_pass = forms.CharField(
+        max_length=255, required=True, label=_("Wachtwoord"), widget=forms.PasswordInput
+    )
+    remember_login = forms.CharField(
+        label=_("Onthoud mijn eHerkenning gebruikersnaam"), required=False
+    )