resolve conflict
This commit is contained in:
commit
68331c0496
|
@ -65,9 +65,14 @@ jobs:
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
if: steps.didkit.outcome == 'success'
|
if: steps.didkit.outcome == 'success'
|
||||||
|
|
||||||
|
- name: Check correct env vars
|
||||||
|
run: |
|
||||||
|
echo $DOMAIN
|
||||||
|
|
||||||
- name: Run tests
|
- name: Run tests
|
||||||
run: |
|
run: |
|
||||||
source venv/bin/activate
|
source venv/bin/activate
|
||||||
|
echo $DOMAIN
|
||||||
coverage run manage.py test
|
coverage run manage.py test
|
||||||
coverage report
|
coverage report
|
||||||
# python manage.py test
|
# python manage.py test
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/"
|
"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/";"idhub1.demo.pangea.org"
|
||||||
"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/"
|
"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/";"idhub2.demo.pangea.org"
|
||||||
"exo.cat";"https://verify.exo.cat"
|
"exo.cat";"https://verify.exo.cat";"verify.exo.cat"
|
||||||
"local 9000";"http://localhost:9000/oidc4vp/"
|
"local 8000";"http://localhost/oidc4vp/";"localhost"
|
||||||
"local 8000";"http://localhost:8000/oidc4vp/"
|
"local 9000";"http://localhost1/oidc4vp/";"localhost1"
|
||||||
|
|
|
|
@ -17,6 +17,8 @@ User = get_user_model()
|
||||||
|
|
||||||
class Command(BaseCommand):
|
class Command(BaseCommand):
|
||||||
help = "Insert minimum datas for the project"
|
help = "Insert minimum datas for the project"
|
||||||
|
DOMAIN = settings.DOMAIN
|
||||||
|
OIDC_ORGS = settings.OIDC_ORGS
|
||||||
|
|
||||||
def handle(self, *args, **kwargs):
|
def handle(self, *args, **kwargs):
|
||||||
ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org')
|
ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org')
|
||||||
|
@ -28,16 +30,15 @@ class Command(BaseCommand):
|
||||||
user = 'user{}@example.org'.format(u)
|
user = 'user{}@example.org'.format(u)
|
||||||
self.create_users(user, '1234')
|
self.create_users(user, '1234')
|
||||||
|
|
||||||
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent
|
self.org = Organization.objects.create(
|
||||||
ORGANIZATION = os.path.join(BASE_DIR, settings.ORG_FILE)
|
name=self.DOMAIN,
|
||||||
with open(ORGANIZATION, newline='\n') as csvfile:
|
domain=self.DOMAIN,
|
||||||
f = csv.reader(csvfile, delimiter=';', quotechar='"')
|
main=True
|
||||||
for r in f:
|
)
|
||||||
self.create_organizations(r[0].strip(), r[1].strip())
|
|
||||||
|
if self.OIDC_ORGS:
|
||||||
|
self.create_organizations()
|
||||||
|
|
||||||
if settings.SYNC_ORG_DEV == 'y':
|
|
||||||
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
|
|
||||||
self.sync_credentials_organizations("local 8000", "local 9000")
|
|
||||||
self.create_schemas()
|
self.create_schemas()
|
||||||
|
|
||||||
def create_admin_users(self, email, password):
|
def create_admin_users(self, email, password):
|
||||||
|
@ -50,12 +51,32 @@ class Command(BaseCommand):
|
||||||
u.set_password(password)
|
u.set_password(password)
|
||||||
u.save()
|
u.save()
|
||||||
|
|
||||||
|
def create_organizations(self):
|
||||||
|
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent
|
||||||
|
ORGANIZATION = os.path.join(BASE_DIR, self.OIDC_ORGS)
|
||||||
|
DOMAIN = self.DOMAIN
|
||||||
|
|
||||||
def create_organizations(self, name, url):
|
with open(ORGANIZATION, newline='\n') as csvfile:
|
||||||
if url == settings.RESPONSE_URI:
|
f = csv.reader(csvfile, delimiter=';', quotechar='"')
|
||||||
Organization.objects.create(name=name, response_uri=url, main=True)
|
exist_main_domain = False
|
||||||
|
for r in f:
|
||||||
|
if DOMAIN == r[2].strip():
|
||||||
|
exist_main_domain = True
|
||||||
|
self.create_one_organization(r[0].strip(), r[1].strip(), r[2].strip())
|
||||||
|
|
||||||
|
assert exist_main_domain, f"{DOMAIN} is not in {ORGANIZATION}"
|
||||||
|
|
||||||
|
if settings.SYNC_ORG_DEV == 'y':
|
||||||
|
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
|
||||||
|
self.sync_credentials_organizations("local 8000", "local 9000")
|
||||||
|
|
||||||
|
def create_one_organization(self, name, url, domain):
|
||||||
|
if self.DOMAIN == domain:
|
||||||
|
self.org.name = name
|
||||||
|
self.org.response_uri = url
|
||||||
|
self.org.save()
|
||||||
else:
|
else:
|
||||||
Organization.objects.create(name=name, response_uri=url)
|
Organization.objects.create(name=name, response_uri=url, domain=domain)
|
||||||
|
|
||||||
def sync_credentials_organizations(self, test1, test2):
|
def sync_credentials_organizations(self, test1, test2):
|
||||||
org1 = Organization.objects.get(name=test1)
|
org1 = Organization.objects.get(name=test1)
|
||||||
|
|
|
@ -27,10 +27,9 @@ class Command(BaseCommand):
|
||||||
"""
|
"""
|
||||||
Send a email when a user is activated.
|
Send a email when a user is activated.
|
||||||
"""
|
"""
|
||||||
parsed_url = urlparse(settings.RESPONSE_URI)
|
url_domain = "https://{}/".format(settings.DOMAIN)
|
||||||
domain = f"{parsed_url.scheme}://{parsed_url.netloc}/"
|
|
||||||
context = {
|
context = {
|
||||||
"domain": domain,
|
"domain": url_domain,
|
||||||
}
|
}
|
||||||
subject = loader.render_to_string(self.subject_template_name, context)
|
subject = loader.render_to_string(self.subject_template_name, context)
|
||||||
# Email subject *must not* contain newlines
|
# Email subject *must not* contain newlines
|
||||||
|
|
|
@ -670,7 +670,7 @@ class VerificableCredential(models.Model):
|
||||||
credential_subject = ujson.loads(data).get("credentialSubject", {})
|
credential_subject = ujson.loads(data).get("credentialSubject", {})
|
||||||
return credential_subject.items()
|
return credential_subject.items()
|
||||||
|
|
||||||
def issue(self, did, domain=settings.DOMAIN.strip("/")):
|
def issue(self, did, domain):
|
||||||
if self.status == self.Status.ISSUED:
|
if self.status == self.Status.ISSUED:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
@ -704,7 +704,7 @@ class VerificableCredential(models.Model):
|
||||||
cred_path = 'public/credentials'
|
cred_path = 'public/credentials'
|
||||||
sid = self.hash
|
sid = self.hash
|
||||||
|
|
||||||
url_id = "{}/{}/{}".format(
|
url_id = "https://{}/{}/{}".format(
|
||||||
domain,
|
domain,
|
||||||
cred_path,
|
cred_path,
|
||||||
sid
|
sid
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
from django.test import TestCase, RequestFactory
|
from django.test import TestCase, RequestFactory
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
from idhub_auth.models import User
|
from idhub_auth.models import User
|
||||||
from idhub.models import Event
|
from idhub.models import Event
|
||||||
|
from oidc4vp.models import Organization
|
||||||
from idhub.admin.views import PeopleListView
|
from idhub.admin.views import PeopleListView
|
||||||
|
|
||||||
|
|
||||||
|
@ -23,6 +25,10 @@ class AdminDashboardViewTest(TestCase):
|
||||||
password='adminpass12')
|
password='adminpass12')
|
||||||
self.admin_user.accept_gdpr=True
|
self.admin_user.accept_gdpr=True
|
||||||
self.admin_user.save()
|
self.admin_user.save()
|
||||||
|
self.org = Organization.objects.create(name="testserver", main=True)
|
||||||
|
|
||||||
|
settings.DOMAIN = self.org.name
|
||||||
|
settings.ENABLE_EMAIL = False
|
||||||
|
|
||||||
def test_view_url_exists_at_desired_location(self):
|
def test_view_url_exists_at_desired_location(self):
|
||||||
response = self.client.get('/admin/dashboard/', follow=True)
|
response = self.client.get('/admin/dashboard/', follow=True)
|
||||||
|
|
|
@ -132,8 +132,9 @@ class DemandAuthorizationForm(forms.Form):
|
||||||
self.user = kwargs.pop('user', None)
|
self.user = kwargs.pop('user', None)
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.fields['organization'].choices = [
|
self.fields['organization'].choices = [
|
||||||
(x.id, x.name) for x in Organization.objects.filter()
|
(x.id, x.name) for x in Organization.objects.exclude(
|
||||||
if x.response_uri != settings.RESPONSE_URI
|
domain=settings.DOMAIN
|
||||||
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
def save(self, commit=True):
|
def save(self, commit=True):
|
||||||
|
|
17
oidc4vp/migrations/0004_organization_domain.py
Normal file
17
oidc4vp/migrations/0004_organization_domain.py
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Generated by Django 4.2.5 on 2024-03-01 14:47
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
('oidc4vp', '0003_organization_main'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='organization',
|
||||||
|
name='domain',
|
||||||
|
field=models.CharField(default=None, max_length=250, null=True),
|
||||||
|
),
|
||||||
|
]
|
|
@ -51,6 +51,7 @@ class Organization(models.Model):
|
||||||
main is a field which indicates the organization of this idhub
|
main is a field which indicates the organization of this idhub
|
||||||
"""
|
"""
|
||||||
name = models.CharField(max_length=250)
|
name = models.CharField(max_length=250)
|
||||||
|
domain = models.CharField(max_length=250, null=True, default=None)
|
||||||
main = models.BooleanField(default=False)
|
main = models.BooleanField(default=False)
|
||||||
client_id = models.CharField(
|
client_id = models.CharField(
|
||||||
max_length=24,
|
max_length=24,
|
||||||
|
@ -94,7 +95,7 @@ class Organization(models.Model):
|
||||||
"""
|
"""
|
||||||
url = "{url}/verify?demand_uri={redirect_uri}".format(
|
url = "{url}/verify?demand_uri={redirect_uri}".format(
|
||||||
url=self.response_uri.strip("/"),
|
url=self.response_uri.strip("/"),
|
||||||
redirect_uri=settings.RESPONSE_URI
|
redirect_uri=self.response_uri
|
||||||
)
|
)
|
||||||
auth = (self.my_client_id, self.my_client_secret)
|
auth = (self.my_client_id, self.my_client_secret)
|
||||||
return requests.get(url, auth=auth)
|
return requests.get(url, auth=auth)
|
||||||
|
@ -284,7 +285,7 @@ class OAuth2VPToken(models.Model):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def get_redirect_url(self):
|
def get_redirect_url(self):
|
||||||
if not settings.ALLOW_CODE_URI:
|
if not settings.OIDC_REDIRECT:
|
||||||
return
|
return
|
||||||
|
|
||||||
data = {
|
data = {
|
||||||
|
|
|
@ -23,8 +23,9 @@ class WalletForm(forms.Form):
|
||||||
self.presentation_definition = kwargs.pop('presentation_definition', [])
|
self.presentation_definition = kwargs.pop('presentation_definition', [])
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
self.fields['organization'].choices = [
|
self.fields['organization'].choices = [
|
||||||
(x.id, x.name) for x in Organization.objects.filter()
|
(x.id, x.name) for x in Organization.objects.exclude(
|
||||||
if x.response_uri != settings.RESPONSE_URI
|
domain=settings.DOMAIN
|
||||||
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
def save(self, commit=True):
|
def save(self, commit=True):
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"$id": "https://idhub.pangea.org/vc_schemas/course-credential",
|
"$id": "https://idhub.pangea.org/vc_schemas/course-credential.json",
|
||||||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||||||
"title": "NGO Course Credential Schema",
|
"title": "NGO Course Credential Schema",
|
||||||
"description": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat",
|
"description": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat",
|
||||||
|
|
|
@ -32,12 +32,14 @@ SECRET_KEY = config('SECRET_KEY')
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
DEBUG = config('DEBUG', default=False, cast=bool)
|
DEBUG = config('DEBUG', default=False, cast=bool)
|
||||||
|
|
||||||
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
|
|
||||||
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
|
|
||||||
|
|
||||||
DOMAIN = config("DOMAIN")
|
DOMAIN = config("DOMAIN")
|
||||||
assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
|
assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
|
||||||
|
|
||||||
|
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default=DOMAIN, cast=Csv())
|
||||||
|
assert DOMAIN in ALLOWED_HOSTS, "DOMAIN is not ALLOWED_HOST"
|
||||||
|
|
||||||
|
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default=f'https://{DOMAIN}', cast=Csv())
|
||||||
|
|
||||||
DEFAULT_FROM_EMAIL = config(
|
DEFAULT_FROM_EMAIL = config(
|
||||||
'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
|
'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
|
||||||
|
|
||||||
|
@ -201,8 +203,13 @@ USE_I18N = True
|
||||||
USE_L10N = True
|
USE_L10N = True
|
||||||
|
|
||||||
AUTH_USER_MODEL = 'idhub_auth.User'
|
AUTH_USER_MODEL = 'idhub_auth.User'
|
||||||
RESPONSE_URI = config('RESPONSE_URI', default="")
|
|
||||||
ALLOW_CODE_URI= config('ALLOW_CODE_URI', default="")
|
OIDC_REDIRECT = config('OIDC_REDIRECT', default=False, cast=bool)
|
||||||
|
ALLOW_CODE_URI = config(
|
||||||
|
'ALLOW_CODE_URI',
|
||||||
|
default=f"https://{DOMAIN}/allow_code"
|
||||||
|
)
|
||||||
|
|
||||||
SUPPORTED_CREDENTIALS = config(
|
SUPPORTED_CREDENTIALS = config(
|
||||||
'SUPPORTED_CREDENTIALS',
|
'SUPPORTED_CREDENTIALS',
|
||||||
default='[]',
|
default='[]',
|
||||||
|
@ -222,7 +229,7 @@ LOGGING = {
|
||||||
}
|
}
|
||||||
|
|
||||||
SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y')
|
SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y')
|
||||||
ORG_FILE = config('ORG_FILE', 'examples/organizations.csv')
|
OIDC_ORGS = config('OIDC_ORGS', '')
|
||||||
ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool)
|
ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool)
|
||||||
CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool)
|
CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool)
|
||||||
ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool)
|
ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool)
|
||||||
|
|
Loading…
Reference in a new issue