feat(user): basculer l'authentification vers Mon Compte Pro

.env.template

@@ -18,9 +18,9 @@ SIB_API_KEY=__key_to_be_set__
 #SENTRY_DSN=__url_to_be_set__
 
 # for Inclusion Connect
-INCLUSION_CONNECT_BASE_URL=http://127.0.0.1:8080
-INCLUSION_CONNECT_CLIENT_ID=local_inclusion_connect
-INCLUSION_CONNECT_CLIENT_SECRET=password
+OPENID_CONNECT_BASE_URL=http://127.0.0.1:8080
+OPENID_CONNECT_CLIENT_ID=local_openid_connect
+OPENID_CONNECT_CLIENT_SECRET=password
 
 # Path to the itou-backup project repository.
 PATH_TO_BACKUPS=~/path/to/backups

README.md

@@ -140,10 +140,10 @@ Créer les variables d'environnement suivantes dans le configuration provider
 - DJANGO_DEBUG
 - DJANGO_SECRET_KEY
 - DJANGO_SETTINGS_MODULE
-- INCLUSION_CONNECT_BASE_URL
-- INCLUSION_CONNECT_CLIENT_ID
-- INCLUSION_CONNECT_CLIENT_SECRET
-- INCLUSION_CONNECT_REALM
+- OPENID_CONNECT_BASE_URL
+- OPENID_CONNECT_CLIENT_ID
+- OPENID_CONNECT_CLIENT_SECRET
+- OPENID_CONNECT_REALM
 - PORT
 - PYTHONPATH
 - SENTRY_DSN

config/settings/base.py

@@ -76,7 +76,7 @@
     "lacommunaute.forum_moderation",
     "lacommunaute.notification",
     "lacommunaute.event",
-    "lacommunaute.inclusion_connect",
+    "lacommunaute.openid_connect",
     "lacommunaute.pages",
     "lacommunaute.forum_file",
     "lacommunaute.search",
@@ -110,7 +110,7 @@
 MIDDLEWARE = DJANGO_MIDDLEWARE + THIRD_PARTIES_MIDDLEWARE + LOCAL_MIDDLEWARE
 
 ROOT_URLCONF = "config.urls"
-LOGIN_URL = "/inclusion_connect/authorize"
+LOGIN_URL = "/pro_connect/authorize"
 LOGIN_REDIRECT_URL = "/"
 LOGOUT_REDIRECT_URL = "/"
 
@@ -294,9 +294,9 @@
 
 # Inclusion Connect
 # ------------------------------------------------------------------------------
-INCLUSION_CONNECT_BASE_URL = os.getenv("INCLUSION_CONNECT_BASE_URL")
-INCLUSION_CONNECT_CLIENT_ID = os.getenv("INCLUSION_CONNECT_CLIENT_ID")
-INCLUSION_CONNECT_CLIENT_SECRET = os.getenv("INCLUSION_CONNECT_CLIENT_SECRET")
+OPENID_CONNECT_BASE_URL = os.getenv("OPENID_CONNECT_BASE_URL")
+OPENID_CONNECT_CLIENT_ID = os.getenv("OPENID_CONNECT_CLIENT_ID")
+OPENID_CONNECT_CLIENT_SECRET = os.getenv("OPENID_CONNECT_CLIENT_SECRET")
 
 # LOGGING
 # ------------------------------------------------------------------------------

config/urls.py

@@ -12,7 +12,7 @@
 from lacommunaute.forum_member import urls as forum_member_urls
 from lacommunaute.forum_moderation import urls as forum_moderation_urls
 from lacommunaute.forum_upvote import urls as forum_upvote_urls
-from lacommunaute.inclusion_connect import urls as inclusion_connect_urls
+from lacommunaute.openid_connect import urls as openid_connect_urls
 from lacommunaute.pages import urls as pages_urls
 from lacommunaute.search import urls as search_urls
 from lacommunaute.stats import urls as stats_urls
@@ -26,7 +26,7 @@
 urlpatterns = [
     path("admin/", admin.site.urls),
     # Inclusion Connect URLs.
-    path("inclusion_connect/", include(inclusion_connect_urls)),
+    path("", include(openid_connect_urls)),
     # www.
     path("", include(pages_urls)),
     path("members/", include(forum_member_urls)),

lacommunaute/event/tests/tests_views.py

@@ -75,7 +75,7 @@ def setUpTestData(cls):
     def test_login_is_required(self):
         response = self.client.get(self.url)
         self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, reverse("inclusion_connect:authorize") + "?next=" + self.url)
+        self.assertEqual(response.url, reverse("openid_connect:authorize") + "?next=" + self.url)
 
     def test_event_is_created(self):
         self.client.force_login(self.user)
@@ -191,7 +191,7 @@ def setUpTestData(cls):
     def test_login_is_required(self):
         response = self.client.get(self.url)
         self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, reverse("inclusion_connect:authorize") + "?next=" + self.url)
+        self.assertEqual(response.url, reverse("openid_connect:authorize") + "?next=" + self.url)
 
         self.client.force_login(self.user)
         response = self.client.get(self.url)

lacommunaute/forum/tests/__snapshots__/tests_views.ambr

@@ -302,7 +302,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-10000%2F%2310000" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-10000%2F%2310000" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
 
@@ -448,7 +448,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
 
@@ -461,7 +461,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>0</span>
               </a>
 
@@ -490,7 +490,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>1</span>
               </a>
 
@@ -503,7 +503,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>1</span>
               </a>
 
@@ -532,7 +532,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>2</span>
               </a>
 
@@ -545,7 +545,7 @@
   <div class="d-inline-block" id="upvotesarea10000">
 
 
-              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/inclusion_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
+              <a class="btn btn-sm btn-ico btn-link btn-secondary px-2" data-bs-placement="top" data-bs-toggle="tooltip" href="/pro_connect/authorize?next=%2Fforum%2Ftest-forum-forum-[PK of Forum]%2F%23[PK of Forum]" rel="nofollow" title="Connectez-vous pour sauvegarder">
                   <i aria-hidden="true" class="ri-bookmark-line me-1"></i><span>2</span>
               </a>
 

lacommunaute/openid_connect/constants.py

@@ -0,0 +1,26 @@
+import datetime
+
+from django.conf import settings
+
+
+OPENID_CONNECT_SCOPES = "openid email given_name usual_name"
+
+OPENID_CONNECT_CLIENT_ID = settings.OPENID_CONNECT_CLIENT_ID
+OPENID_CONNECT_CLIENT_SECRET = settings.OPENID_CONNECT_CLIENT_SECRET
+
+OPENID_CONNECT_ENDPOINT = "{base_url}".format(
+    base_url=settings.OPENID_CONNECT_BASE_URL,
+)
+OPENID_CONNECT_ENDPOINT_AUTHORIZE = f"{OPENID_CONNECT_ENDPOINT}/authorize"
+OPENID_CONNECT_ENDPOINT_REGISTRATIONS = f"{OPENID_CONNECT_ENDPOINT}/register"
+OPENID_CONNECT_ENDPOINT_TOKEN = f"{OPENID_CONNECT_ENDPOINT}/token"
+OPENID_CONNECT_ENDPOINT_USERINFO = f"{OPENID_CONNECT_ENDPOINT}/userinfo"
+OPENID_CONNECT_ENDPOINT_LOGOUT = f"{OPENID_CONNECT_ENDPOINT}/session/end"
+
+# These expiration times have been chosen arbitrarily.
+OPENID_CONNECT_TIMEOUT = 60
+
+OPENID_CONNECT_SESSION_KEY = "pro_connect"
+
+# This expiration time has been chosen arbitrarily.
+OIDC_STATE_EXPIRATION = datetime.timedelta(hours=1)

lacommunaute/openid_connect/migrations/0001_initial.py

@@ -0,0 +1,20 @@
+# Generated by Django 5.0.7 on 2024-07-31 13:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = []
+
+    operations = [
+        migrations.CreateModel(
+            name="OpenID_State",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("csrf", models.CharField(max_length=12, unique=True)),
+            ],
+        ),
+    ]

lacommunaute/inclusion_connect/models.py → lacommunaute/openid_connect/models.py

@@ -6,7 +6,7 @@
 from django.utils import crypto, timezone
 
 from lacommunaute.forum_member.models import ForumProfile
-from lacommunaute.inclusion_connect.constants import OIDC_STATE_EXPIRATION
+from lacommunaute.openid_connect.constants import OIDC_STATE_EXPIRATION
 from lacommunaute.users.models import User
 
 
@@ -16,7 +16,7 @@ def cleanup(self, at=None):
         return self.filter(created_at__lte=at).delete()
 
 
-class InclusionConnectState(models.Model):
+class OpenID_State(models.Model):
     created_at = models.DateTimeField(auto_now_add=True)
     # Length used in call to get_random_string()
     csrf = models.CharField(max_length=12, unique=True)
@@ -113,7 +113,7 @@ def user_info_mapping_dict(user_info: dict):
         return {
             "username": user_info["sub"],
             "first_name": user_info["given_name"],
-            "last_name": user_info["family_name"],
+            "last_name": user_info["usual_name"],
             "email": user_info["email"],
         }