Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add trusted-ids module #32

Merged
merged 39 commits into from
Oct 22, 2024
Merged

add trusted-ids module #32

merged 39 commits into from
Oct 22, 2024

Conversation

microstudi
Copy link
Collaborator

@microstudi microstudi commented Apr 10, 2024
edited
Loading

Substitutes the current decidim-via_oberta_authorization and the idcat_mobil gems for the integrated https://github.com/ConsorciAOC-PRJ/decidim-module-trusted-ids gem that performs both tasks along with additional verification workflows (see the plugin for details).

In order to deploy this, the minimum ENV variables that need to be added are:

  • VALID_CLIENT_ID (formerly IDCAT_MOBIL_CLIENT_ID (this is optional and can be override for any tenant)
  • VALID_CLIENT_SECRET (formerly IDCAT_MOBIL_CLIENT_SECRET (also optional)
  • VALID_SITE(formerly IDCAT_MOBIL_SITE_URL (without the path part)
  • CENSUS_AUTHORIZATION_ENV=preproduction (or production for production, this configures the via_oberta url automatically)
  • OMNIAUTH_ENABLED_BY_DEFAULT=false to not enable the valid authentication by default so it is configurable per tenant (even if a VALID_CLIENT_ID is defined)

In the case of not wanting to allow tenants to configure the VALID_CLIENT_ID or VALID_CLIENT_SECRET, also add the following ENV VAR:

  • OMNIAUTH_GLOBAL_ATTRIBUTES=client_id client_secret site icon_path scope

Once deployed, needs to be configured in /system:

  • The authorization methods provided with TrustedIds: vàlid and via oberta
  • The via oberta settings
  • Specific terms and conditions for viaoberta
  • Omniauth settings for valid, if customized (optional if VALID_CLIENT_ID and VALID_CLIENT_SECRET` are defined

Upgrade tasks,

It is possible to update the tenant configuration from the IDcatMobil config to the new VALID values, to do that, please run this command in a console:

 Decidim::Organization.find_each {|o| 
  o.update_column(:omniauth_settings, 
    o.omniauth_settings.merge({
       "omniauth_settings_valid_client_id" => o.omniauth_settings["omniauth_settings_idcat_mobil_client_id"],
       "omniauth_settings_valid_client_secret" => o.omniauth_settings["omniauth_settings_idcat_mobil_client_secret"]
     })
  )
}

@microstudi microstudi marked this pull request as draft April 10, 2024 18:10
@microstudi microstudi marked this pull request as ready for review April 11, 2024 11:46
@microstudi microstudi mentioned this pull request May 8, 2024
Closed
tramuntanal
tramuntanal reviewed Jun 26, 2024
View reviewed changes
Copy link
Collaborator

@tramuntanal tramuntanal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work @microstudi !

Can you please check my comments, mainly small things 😄

.rubocop_ruby.yml Outdated Show resolved Hide resolved
Gemfile Show resolved Hide resolved
Gemfile Outdated Show resolved Hide resolved
app/decorators/decidim/system/update_organization_decorator.rb Outdated Show resolved Hide resolved
config/environments/production.rb Outdated Show resolved Hide resolved
db/schema.rb Outdated Show resolved Hide resolved
db/schema.rb Outdated Show resolved Hide resolved
db/schema.rb Show resolved Hide resolved
tramuntanal
tramuntanal reviewed Jun 28, 2024
View reviewed changes
Gemfile Outdated Show resolved Hide resolved
app/decorators/decidim/system/update_organization_decorator.rb Outdated Show resolved Hide resolved
tramuntanal
tramuntanal reviewed Jun 28, 2024
View reviewed changes
Copy link
Collaborator

@tramuntanal tramuntanal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for checking, just a couple of comments and we're done

@tramuntanal
Copy link
Collaborator

Thanks @microstudi !

@laurajaime laurajaime merged commit 548f0d3 into main Oct 22, 2024
4 checks passed
@laurajaime laurajaime deleted the add-trusted-ids branch October 22, 2024 13:34
laurajaime added a commit that referenced this pull request Oct 22, 2024
@laurajaime
Revert "add trusted-ids module (#32)"
ed1a57b 
This reverts commit 548f0d3.
@laurajaime laurajaime mentioned this pull request Oct 22, 2024
Merged
laurajaime added a commit that referenced this pull request Oct 22, 2024
@laurajaime
Revert "add trusted-ids module (#32)" (#37)
0265957 
This reverts commit 548f0d3.
laurajaime added a commit that referenced this pull request Oct 28, 2024
@laurajaime
Revert "Revert "add trusted-ids module (#32)" (#37)"
837cdd7 
This reverts commit 0265957.
laurajaime added a commit that referenced this pull request Oct 30, 2024
@laurajaime
Revert "Revert "add trusted-ids module (#32)" (#37)" (#38)
77ba432 
This reverts commit 0265957.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tramuntanal tramuntanal tramuntanal left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@microstudi @tramuntanal @laurajaime