resolve conflict

This commit is contained in:
Cayo Puigdefabregas 2024-03-06 12:38:15 +01:00
commit 68331c0496
12 changed files with 94 additions and 36 deletions

View file

@ -65,9 +65,14 @@ jobs:
pip install -r requirements.txt pip install -r requirements.txt
if: steps.didkit.outcome == 'success' if: steps.didkit.outcome == 'success'
- name: Check correct env vars
run: |
echo $DOMAIN
- name: Run tests - name: Run tests
run: | run: |
source venv/bin/activate source venv/bin/activate
echo $DOMAIN
coverage run manage.py test coverage run manage.py test
coverage report coverage report
# python manage.py test # python manage.py test

View file

@ -1,5 +1,5 @@
"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/" "pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/";"idhub1.demo.pangea.org"
"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/" "somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/";"idhub2.demo.pangea.org"
"exo.cat";"https://verify.exo.cat" "exo.cat";"https://verify.exo.cat";"verify.exo.cat"
"local 9000";"http://localhost:9000/oidc4vp/" "local 8000";"http://localhost/oidc4vp/";"localhost"
"local 8000";"http://localhost:8000/oidc4vp/" "local 9000";"http://localhost1/oidc4vp/";"localhost1"

1 pangea.org https://idhub1.demo.pangea.org/oidc4vp/ idhub1.demo.pangea.org
2 somconnexio.coop https://idhub2.demo.pangea.org/oidc4vp/ idhub2.demo.pangea.org
3 exo.cat https://verify.exo.cat verify.exo.cat
4 local 9000 local 8000 http://localhost:9000/oidc4vp/ http://localhost/oidc4vp/ localhost
5 local 8000 local 9000 http://localhost:8000/oidc4vp/ http://localhost1/oidc4vp/ localhost1

View file

@ -17,6 +17,8 @@ User = get_user_model()
class Command(BaseCommand): class Command(BaseCommand):
help = "Insert minimum datas for the project" help = "Insert minimum datas for the project"
DOMAIN = settings.DOMAIN
OIDC_ORGS = settings.OIDC_ORGS
def handle(self, *args, **kwargs): def handle(self, *args, **kwargs):
ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org') ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org')
@ -28,16 +30,15 @@ class Command(BaseCommand):
user = 'user{}@example.org'.format(u) user = 'user{}@example.org'.format(u)
self.create_users(user, '1234') self.create_users(user, '1234')
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent self.org = Organization.objects.create(
ORGANIZATION = os.path.join(BASE_DIR, settings.ORG_FILE) name=self.DOMAIN,
with open(ORGANIZATION, newline='\n') as csvfile: domain=self.DOMAIN,
f = csv.reader(csvfile, delimiter=';', quotechar='"') main=True
for r in f: )
self.create_organizations(r[0].strip(), r[1].strip())
if self.OIDC_ORGS:
self.create_organizations()
if settings.SYNC_ORG_DEV == 'y':
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
self.sync_credentials_organizations("local 8000", "local 9000")
self.create_schemas() self.create_schemas()
def create_admin_users(self, email, password): def create_admin_users(self, email, password):
@ -50,12 +51,32 @@ class Command(BaseCommand):
u.set_password(password) u.set_password(password)
u.save() u.save()
def create_organizations(self):
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent
ORGANIZATION = os.path.join(BASE_DIR, self.OIDC_ORGS)
DOMAIN = self.DOMAIN
def create_organizations(self, name, url): with open(ORGANIZATION, newline='\n') as csvfile:
if url == settings.RESPONSE_URI: f = csv.reader(csvfile, delimiter=';', quotechar='"')
Organization.objects.create(name=name, response_uri=url, main=True) exist_main_domain = False
for r in f:
if DOMAIN == r[2].strip():
exist_main_domain = True
self.create_one_organization(r[0].strip(), r[1].strip(), r[2].strip())
assert exist_main_domain, f"{DOMAIN} is not in {ORGANIZATION}"
if settings.SYNC_ORG_DEV == 'y':
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
self.sync_credentials_organizations("local 8000", "local 9000")
def create_one_organization(self, name, url, domain):
if self.DOMAIN == domain:
self.org.name = name
self.org.response_uri = url
self.org.save()
else: else:
Organization.objects.create(name=name, response_uri=url) Organization.objects.create(name=name, response_uri=url, domain=domain)
def sync_credentials_organizations(self, test1, test2): def sync_credentials_organizations(self, test1, test2):
org1 = Organization.objects.get(name=test1) org1 = Organization.objects.get(name=test1)

View file

@ -27,10 +27,9 @@ class Command(BaseCommand):
""" """
Send a email when a user is activated. Send a email when a user is activated.
""" """
parsed_url = urlparse(settings.RESPONSE_URI) url_domain = "https://{}/".format(settings.DOMAIN)
domain = f"{parsed_url.scheme}://{parsed_url.netloc}/"
context = { context = {
"domain": domain, "domain": url_domain,
} }
subject = loader.render_to_string(self.subject_template_name, context) subject = loader.render_to_string(self.subject_template_name, context)
# Email subject *must not* contain newlines # Email subject *must not* contain newlines

View file

@ -670,7 +670,7 @@ class VerificableCredential(models.Model):
credential_subject = ujson.loads(data).get("credentialSubject", {}) credential_subject = ujson.loads(data).get("credentialSubject", {})
return credential_subject.items() return credential_subject.items()
def issue(self, did, domain=settings.DOMAIN.strip("/")): def issue(self, did, domain):
if self.status == self.Status.ISSUED: if self.status == self.Status.ISSUED:
return return
@ -704,7 +704,7 @@ class VerificableCredential(models.Model):
cred_path = 'public/credentials' cred_path = 'public/credentials'
sid = self.hash sid = self.hash
url_id = "{}/{}/{}".format( url_id = "https://{}/{}/{}".format(
domain, domain,
cred_path, cred_path,
sid sid

View file

@ -1,9 +1,11 @@
from django.test import TestCase, RequestFactory from django.test import TestCase, RequestFactory
from django.core.cache import cache from django.core.cache import cache
from django.urls import reverse from django.urls import reverse
from django.conf import settings
from idhub_auth.models import User from idhub_auth.models import User
from idhub.models import Event from idhub.models import Event
from oidc4vp.models import Organization
from idhub.admin.views import PeopleListView from idhub.admin.views import PeopleListView
@ -23,6 +25,10 @@ class AdminDashboardViewTest(TestCase):
password='adminpass12') password='adminpass12')
self.admin_user.accept_gdpr=True self.admin_user.accept_gdpr=True
self.admin_user.save() self.admin_user.save()
self.org = Organization.objects.create(name="testserver", main=True)
settings.DOMAIN = self.org.name
settings.ENABLE_EMAIL = False
def test_view_url_exists_at_desired_location(self): def test_view_url_exists_at_desired_location(self):
response = self.client.get('/admin/dashboard/', follow=True) response = self.client.get('/admin/dashboard/', follow=True)

View file

@ -132,8 +132,9 @@ class DemandAuthorizationForm(forms.Form):
self.user = kwargs.pop('user', None) self.user = kwargs.pop('user', None)
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.fields['organization'].choices = [ self.fields['organization'].choices = [
(x.id, x.name) for x in Organization.objects.filter() (x.id, x.name) for x in Organization.objects.exclude(
if x.response_uri != settings.RESPONSE_URI domain=settings.DOMAIN
)
] ]
def save(self, commit=True): def save(self, commit=True):

View file

@ -0,0 +1,17 @@
# Generated by Django 4.2.5 on 2024-03-01 14:47
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('oidc4vp', '0003_organization_main'),
]
operations = [
migrations.AddField(
model_name='organization',
name='domain',
field=models.CharField(default=None, max_length=250, null=True),
),
]

View file

@ -51,6 +51,7 @@ class Organization(models.Model):
main is a field which indicates the organization of this idhub main is a field which indicates the organization of this idhub
""" """
name = models.CharField(max_length=250) name = models.CharField(max_length=250)
domain = models.CharField(max_length=250, null=True, default=None)
main = models.BooleanField(default=False) main = models.BooleanField(default=False)
client_id = models.CharField( client_id = models.CharField(
max_length=24, max_length=24,
@ -94,7 +95,7 @@ class Organization(models.Model):
""" """
url = "{url}/verify?demand_uri={redirect_uri}".format( url = "{url}/verify?demand_uri={redirect_uri}".format(
url=self.response_uri.strip("/"), url=self.response_uri.strip("/"),
redirect_uri=settings.RESPONSE_URI redirect_uri=self.response_uri
) )
auth = (self.my_client_id, self.my_client_secret) auth = (self.my_client_id, self.my_client_secret)
return requests.get(url, auth=auth) return requests.get(url, auth=auth)
@ -284,7 +285,7 @@ class OAuth2VPToken(models.Model):
return response return response
def get_redirect_url(self): def get_redirect_url(self):
if not settings.ALLOW_CODE_URI: if not settings.OIDC_REDIRECT:
return return
data = { data = {

View file

@ -23,8 +23,9 @@ class WalletForm(forms.Form):
self.presentation_definition = kwargs.pop('presentation_definition', []) self.presentation_definition = kwargs.pop('presentation_definition', [])
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.fields['organization'].choices = [ self.fields['organization'].choices = [
(x.id, x.name) for x in Organization.objects.filter() (x.id, x.name) for x in Organization.objects.exclude(
if x.response_uri != settings.RESPONSE_URI domain=settings.DOMAIN
)
] ]
def save(self, commit=True): def save(self, commit=True):

View file

@ -1,5 +1,5 @@
{ {
"$id": "https://idhub.pangea.org/vc_schemas/course-credential", "$id": "https://idhub.pangea.org/vc_schemas/course-credential.json",
"$schema": "https://json-schema.org/draft/2020-12/schema", "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "NGO Course Credential Schema", "title": "NGO Course Credential Schema",
"description": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat", "description": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat",

View file

@ -32,12 +32,14 @@ SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', default=False, cast=bool) DEBUG = config('DEBUG', default=False, cast=bool)
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
DOMAIN = config("DOMAIN") DOMAIN = config("DOMAIN")
assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY" assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default=DOMAIN, cast=Csv())
assert DOMAIN in ALLOWED_HOSTS, "DOMAIN is not ALLOWED_HOST"
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default=f'https://{DOMAIN}', cast=Csv())
DEFAULT_FROM_EMAIL = config( DEFAULT_FROM_EMAIL = config(
'DEFAULT_FROM_EMAIL', default='webmaster@localhost') 'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
@ -201,8 +203,13 @@ USE_I18N = True
USE_L10N = True USE_L10N = True
AUTH_USER_MODEL = 'idhub_auth.User' AUTH_USER_MODEL = 'idhub_auth.User'
RESPONSE_URI = config('RESPONSE_URI', default="")
ALLOW_CODE_URI= config('ALLOW_CODE_URI', default="") OIDC_REDIRECT = config('OIDC_REDIRECT', default=False, cast=bool)
ALLOW_CODE_URI = config(
'ALLOW_CODE_URI',
default=f"https://{DOMAIN}/allow_code"
)
SUPPORTED_CREDENTIALS = config( SUPPORTED_CREDENTIALS = config(
'SUPPORTED_CREDENTIALS', 'SUPPORTED_CREDENTIALS',
default='[]', default='[]',
@ -222,7 +229,7 @@ LOGGING = {
} }
SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y') SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y')
ORG_FILE = config('ORG_FILE', 'examples/organizations.csv') OIDC_ORGS = config('OIDC_ORGS', '')
ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool) ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool)
CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool) CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool)
ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool) ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool)