From 3ff452553cf1f913d087e189db642c858b623c08 Mon Sep 17 00:00:00 2001
From: vincent porte <vincent@neuralia.co>
Date: Wed, 28 Aug 2024 11:40:22 +0200
Subject: [PATCH] fix url and scope

---
 config/urls.py                                   |  2 +-
 .../forum/tests/__snapshots__/tests_views.ambr   | 14 +++++++-------
 lacommunaute/openid_connect/constants.py         | 16 ++++++++--------
 lacommunaute/openid_connect/urls.py              |  6 +++---
 lacommunaute/openid_connect/views.py             |  7 +++----
 .../pages/tests/__snapshots__/test_homepage.ambr |  4 ++--
 6 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/config/urls.py b/config/urls.py
index f9e3c9a6..2bccdb1c 100644
--- a/config/urls.py
+++ b/config/urls.py
@@ -26,7 +26,7 @@
 urlpatterns = [
     path("admin/", admin.site.urls),
     # Inclusion Connect URLs.
-    path("openid_connect/", include(openid_connect_urls)),
+    path("", include(openid_connect_urls)),
     # www.
     path("", include(pages_urls)),
     path("members/", include(forum_member_urls)),
diff --git a/lacommunaute/forum/tests/__snapshots__/tests_views.ambr b/lacommunaute/forum/tests/__snapshots__/tests_views.ambr
index 53066e32..62b79280 100644
--- a/lacommunaute/forum/tests/__snapshots__/tests_views.ambr
+++ b/lacommunaute/forum/tests/__snapshots__/tests_views.ambr
@@ -302,7 +302,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-10000%2F%2310000" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-10000%2F%2310000" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
           
@@ -448,7 +448,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
           
@@ -461,7 +461,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
           
@@ -490,7 +490,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>1</span>
               </a>
           
@@ -503,7 +503,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>1</span>
               </a>
           
@@ -532,7 +532,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>2</span>
               </a>
           
@@ -545,7 +545,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
       
           
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/openid_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize/?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>2</span>
               </a>
           
diff --git a/lacommunaute/openid_connect/constants.py b/lacommunaute/openid_connect/constants.py
index 5e7d496a..6aaa9617 100644
--- a/lacommunaute/openid_connect/constants.py
+++ b/lacommunaute/openid_connect/constants.py
@@ -3,24 +3,24 @@
 from django.conf import settings
 
 
-OPENID_CONNECT_SCOPES = "openid profile email"
+OPENID_CONNECT_SCOPES = "openid email given_name usual_name"
 
 OPENID_CONNECT_CLIENT_ID = settings.OPENID_CONNECT_CLIENT_ID
 OPENID_CONNECT_CLIENT_SECRET = settings.OPENID_CONNECT_CLIENT_SECRET
 
-OPENID_CONNECT_ENDPOINT = "{base_url}/auth".format(
+OPENID_CONNECT_ENDPOINT = "{base_url}".format(
     base_url=settings.OPENID_CONNECT_BASE_URL,
 )
-OPENID_CONNECT_ENDPOINT_AUTHORIZE = f"{OPENID_CONNECT_ENDPOINT}/authorize/"
-OPENID_CONNECT_ENDPOINT_REGISTRATIONS = f"{OPENID_CONNECT_ENDPOINT}/register/"
-OPENID_CONNECT_ENDPOINT_TOKEN = f"{OPENID_CONNECT_ENDPOINT}/token/"
-OPENID_CONNECT_ENDPOINT_USERINFO = f"{OPENID_CONNECT_ENDPOINT}/userinfo/"
-OPENID_CONNECT_ENDPOINT_LOGOUT = f"{OPENID_CONNECT_ENDPOINT}/logout/"
+OPENID_CONNECT_ENDPOINT_AUTHORIZE = f"{OPENID_CONNECT_ENDPOINT}/authorize"
+OPENID_CONNECT_ENDPOINT_REGISTRATIONS = f"{OPENID_CONNECT_ENDPOINT}/register"
+OPENID_CONNECT_ENDPOINT_TOKEN = f"{OPENID_CONNECT_ENDPOINT}/token"
+OPENID_CONNECT_ENDPOINT_USERINFO = f"{OPENID_CONNECT_ENDPOINT}/userinfo"
+OPENID_CONNECT_ENDPOINT_LOGOUT = f"{OPENID_CONNECT_ENDPOINT}/session/end"
 
 # These expiration times have been chosen arbitrarily.
 OPENID_CONNECT_TIMEOUT = 60
 
-OPENID_CONNECT_SESSION_KEY = "openid_connect"
+OPENID_CONNECT_SESSION_KEY = "pro_connect"
 
 # This expiration time has been chosen arbitrarily.
 OIDC_STATE_EXPIRATION = datetime.timedelta(hours=1)
diff --git a/lacommunaute/openid_connect/urls.py b/lacommunaute/openid_connect/urls.py
index 590e502f..2c366343 100644
--- a/lacommunaute/openid_connect/urls.py
+++ b/lacommunaute/openid_connect/urls.py
@@ -6,7 +6,7 @@
 app_name = "openid_connect"
 
 urlpatterns = [
-    path("authorize", views.openid_connect_authorize, name="authorize"),
-    path("callback", views.openid_connect_callback, name="callback"),
-    path("logout", views.openid_connect_logout, name="logout"),
+    path("pro_connect/authorize/", views.pro_connect_authorize, name="authorize"),
+    path("pro_connect/callback/", views.pro_connect_callback, name="callback"),
+    path("pro_connect/logout/", views.pro_connect_logout, name="logout"),
 ]
diff --git a/lacommunaute/openid_connect/views.py b/lacommunaute/openid_connect/views.py
index 28ec4e82..fae71fb2 100644
--- a/lacommunaute/openid_connect/views.py
+++ b/lacommunaute/openid_connect/views.py
@@ -46,7 +46,7 @@ def _redirect_to_login_page_on_error(error_msg, request=None):
     return HttpResponseRedirect(reverse("pages:home"))
 
 
-def openid_connect_authorize(request):
+def pro_connect_authorize(request):
     # Start a new session.
     previous_url = request.GET.get("previous_url", reverse("pages:home"))
     next_url = request.GET.get("next")
@@ -65,7 +65,6 @@ def openid_connect_authorize(request):
         "scope": constants.OPENID_CONNECT_SCOPES,
         "state": signed_csrf,
         "nonce": crypto.get_random_string(length=12),
-        "from": "communaute",  # Display a "La communauté" logo on the connection page.
         "acr_values": "eidas1",  # Force the eIDAS authentication.
     }
     redirect_url = (
@@ -74,7 +73,7 @@ def openid_connect_authorize(request):
     return HttpResponseRedirect(f"{redirect_url}?{urlencode(data)}")
 
 
-def openid_connect_callback(request):  # pylint: disable=too-many-return-statements
+def pro_connect_callback(request):  # pylint: disable=too-many-return-statements
     code = request.GET.get("code")
     state = request.GET.get("state")
     if code is None or not OpenID_State.is_valid(state):
@@ -150,7 +149,7 @@ def openid_connect_callback(request):  # pylint: disable=too-many-return-stateme
     return HttpResponseRedirect(next_url)
 
 
-def openid_connect_logout(request):
+def pro_connect_logout(request):
     token = request.GET.get("token")
     post_logout_redirect_uri = request.GET.get("redirect_url", reverse("pages:home"))
 
diff --git a/lacommunaute/pages/tests/__snapshots__/test_homepage.ambr b/lacommunaute/pages/tests/__snapshots__/test_homepage.ambr
index d0f3a5f3..5128c05b 100644
--- a/lacommunaute/pages/tests/__snapshots__/test_homepage.ambr
+++ b/lacommunaute/pages/tests/__snapshots__/test_homepage.ambr
@@ -171,7 +171,7 @@
                               </li>
                               
                                   <li>
-                                      <a class="btn" href="/openid_connect/authorize" rel="nofollow">Se connecter | S'inscrire</a>
+                                      <a class="btn" href="/pro_connect/authorize/" rel="nofollow">Se connecter | S'inscrire</a>
                                   </li>
                               
                           </ul>
@@ -262,7 +262,7 @@
               <nav aria-label="Menu de navigation principale pour mobile" role="navigation">
                   
                       <div>
-                          <a class="btn" href="/openid_connect/authorize" rel="nofollow">Se connecter | S'inscrire</a>
+                          <a class="btn" href="/pro_connect/authorize/" rel="nofollow">Se connecter | S'inscrire</a>
                       </div>
                   
               </nav>