fixup! 🚧(dashboard) add Pro Connect (OIDC) integration with mozilla-d…

…jango-oidc library
MTES-MCT · Feb 6, 2025 · c72504a · c72504a
1 parent c79509a
commit c72504a
Show file tree

Hide file tree

Showing 7 changed files with 136 additions and 183 deletions.
diff --git a/env.d/dashboard b/env.d/dashboard
@@ -20,14 +20,14 @@ DJANGO_SUPERUSER_USERNAME=admin
 [email protected]
 
 # Pro Connect
-PROCONNECT_CLIENT_ID=
-PROCONNECT_CLIENT_SECRET=
-PROCONNECT_DOMAIN="fca.integ01.dev-agentconnect.fr"
-PROCONNECT_AUTHORIZATION_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/authorize"
-PROCONNECT_TOKEN_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/token"
-PROCONNECT_USER_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo"
-PROCONNECT_JWKS_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/jwks"
-PROCONNECT_SESSION_END="https://fca.integ01.dev-agentconnect.fr/session/end"
+DASHBOARD_PROCONNECT_CLIENT_ID=
+DASHBOARD_PROCONNECT_CLIENT_SECRET=
+DASHBOARD_PROCONNECT_DOMAIN="fca.integ01.dev-agentconnect.fr"
+DASHBOARD_PROCONNECT_AUTHORIZATION_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/authorize"
+DASHBOARD_PROCONNECT_TOKEN_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/token"
+DASHBOARD_PROCONNECT_USER_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo"
+DASHBOARD_PROCONNECT_JWKS_ENDPOINT="https://fca.integ01.dev-agentconnect.fr/api/v2/jwks"
+DASHBOARD_PROCONNECT_SESSION_END="https://fca.integ01.dev-agentconnect.fr/session/end"
 
 # Control authority contact
 DASHBOARD_CONTROL_AUTHORITY_NAME=QualiCharge

diff --git a/src/dashboard/Pipfile b/src/dashboard/Pipfile
@@ -13,7 +13,9 @@ gunicorn = "==23.0.0"
 jsonschema = "==4.23.0"
 mozilla-django-oidc = "==4.0.1"
 psycopg = {extras = ["pool", "binary"], version = "==3.2.4"}
+requests = "==2.32.3"
 sentry-sdk = {extras = ["django"], version = "==2.20.0"}
+types-requests = "==2.32.0.20241016"
 whitenoise = "==6.8.2"
 
 [dev-packages]

diff --git a/src/dashboard/Pipfile.lock b/src/dashboard/Pipfile.lock
diff --git a/src/dashboard/apps/auth/middleware.py b/src/dashboard/apps/auth/middleware.py
@@ -1,12 +1,10 @@
 """Dashboard auth middleware."""
 
-from django.contrib.auth.middleware import (
-    LoginRequiredMiddleware as OriginalLoginRequiredMiddleware,
-)
+from django.contrib.auth.middleware import LoginRequiredMiddleware
 from django.urls import reverse
 
 
-class LoginRequiredMiddleware(OriginalLoginRequiredMiddleware):
+class DashboardLoginRequiredMiddleware(LoginRequiredMiddleware):
     """Middleware that redirects all unauthenticated requests to a login page.
 
     Override the original LoginRequiredMiddleware to allow OIDC views to be accessed.

diff --git a/src/dashboard/dashboard/settings.py b/src/dashboard/dashboard/settings.py
@@ -73,7 +73,7 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "apps.auth.middleware.LoginRequiredMiddleware",
+    "apps.auth.middleware.DashboardLoginRequiredMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
@@ -172,29 +172,15 @@
 
 
 # Connection to “Pro Connect” (OIDC)
-PROCONNECT_CLIENT_ID = ""
-PROCONNECT_CLIENT_SECRET = ""
-
-PROCONNECT_DOMAIN = "fca.integ01.dev-agentconnect.fr"
-PROCONNECT_AUTHORIZATION_ENDPOINT = (
-    "https://fca.integ01.dev-agentconnect.fr/api/v2/authorize"
-)
-PROCONNECT_TOKEN_ENDPOINT = (
-    "https://fca.integ01.dev-agentconnect.fr/api/v2/token"  # noqa: S105
-)
-PROCONNECT_USER_ENDPOINT = "https://fca.integ01.dev-agentconnect.fr/api/v2/userinfo"
-PROCONNECT_JWKS_ENDPOINT = "https://fca.integ01.dev-agentconnect.fr/api/v2/jwks"
-PROCONNECT_SESSION_END = "https://fca.integ01.dev-agentconnect.fr/api/v2/session/end"
-
 OIDC_RP_SIGN_ALGO = "RS256"
-OIDC_RP_CLIENT_ID = PROCONNECT_CLIENT_ID
-OIDC_RP_CLIENT_SECRET = PROCONNECT_CLIENT_SECRET
-
-OIDC_OP_AUTHORIZATION_ENDPOINT = PROCONNECT_AUTHORIZATION_ENDPOINT
-OIDC_OP_TOKEN_ENDPOINT = PROCONNECT_TOKEN_ENDPOINT
-OIDC_OP_USER_ENDPOINT = PROCONNECT_USER_ENDPOINT
-OIDC_OP_JWKS_ENDPOINT = PROCONNECT_JWKS_ENDPOINT
-OIDC_OP_LOGOUT_ENDPOINT = PROCONNECT_SESSION_END
+OIDC_RP_CLIENT_ID = env.str("PROCONNECT_CLIENT_ID")
+OIDC_RP_CLIENT_SECRET = env.str("PROCONNECT_CLIENT_SECRET")
+
+OIDC_OP_AUTHORIZATION_ENDPOINT = env.str("PROCONNECT_AUTHORIZATION_ENDPOINT")
+OIDC_OP_TOKEN_ENDPOINT = env.str("PROCONNECT_TOKEN_ENDPOINT")
+OIDC_OP_USER_ENDPOINT = env.str("PROCONNECT_USER_ENDPOINT")
+OIDC_OP_JWKS_ENDPOINT = env.str("PROCONNECT_JWKS_ENDPOINT")
+OIDC_OP_LOGOUT_ENDPOINT = env.str("PROCONNECT_SESSION_END")
 
 OIDC_RP_SCOPES = "openid email given_name usual_name uid siret idp_id"
 OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 60 * 60