From 03c4dbae65c80b6d7b409c5d807e65f4b1d23b24 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 4 Mar 2024 09:44:53 +0100 Subject: [PATCH] remove RESPONSE_URI --- examples/organizations.csv | 10 ++-- idhub/management/commands/initial_datas.py | 47 ++++++++++++++----- idhub/management/commands/send_mail_admins.py | 5 +- idhub/models.py | 4 +- idhub/user/forms.py | 5 +- oidc4vp/models.py | 3 +- promotion/forms.py | 5 +- trustchain_idhub/settings.py | 18 ++++--- 8 files changed, 63 insertions(+), 34 deletions(-) diff --git a/examples/organizations.csv b/examples/organizations.csv index 2f447ef..8396d42 100644 --- a/examples/organizations.csv +++ b/examples/organizations.csv @@ -1,5 +1,5 @@ -"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/" -"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/" -"exo.cat";"https://verify.exo.cat" -"local 9000";"http://localhost:9000/oidc4vp/" -"local 8000";"http://localhost:8000/oidc4vp/" +"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/";"idhub1.demo.pangea.org" +"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/";"idhub2.demo.pangea.org" +"exo.cat";"https://verify.exo.cat";"verify.exo.cat" +"local 8000";"http://localhost/oidc4vp/";"localhost" +"local 9000";"http://localhost1/oidc4vp/";"localhost1" diff --git a/idhub/management/commands/initial_datas.py b/idhub/management/commands/initial_datas.py index da3539e..dfc0be8 100644 --- a/idhub/management/commands/initial_datas.py +++ b/idhub/management/commands/initial_datas.py @@ -17,6 +17,8 @@ User = get_user_model() class Command(BaseCommand): help = "Insert minimum datas for the project" + DOMAIN = settings.DOMAIN + OIDC_ORGS = settings.OIDC_ORGS def handle(self, *args, **kwargs): ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org') @@ -28,16 +30,15 @@ class Command(BaseCommand): user = 'user{}@example.org'.format(u) self.create_users(user, '1234') - BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent - ORGANIZATION = os.path.join(BASE_DIR, settings.ORG_FILE) - with open(ORGANIZATION, newline='\n') as csvfile: - f = csv.reader(csvfile, delimiter=';', quotechar='"') - for r in f: - self.create_organizations(r[0].strip(), r[1].strip()) + self.org = Organization.objects.create( + name=self.DOMAIN, + domain=self.DOMAIN, + main=True + ) + + if self.OIDC_ORGS: + self.create_organizations() - if settings.SYNC_ORG_DEV == 'y': - self.sync_credentials_organizations("pangea.org", "somconnexio.coop") - self.sync_credentials_organizations("local 8000", "local 9000") self.create_schemas() def create_admin_users(self, email, password): @@ -50,12 +51,32 @@ class Command(BaseCommand): u.set_password(password) u.save() + def create_organizations(self): + BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent + ORGANIZATION = os.path.join(BASE_DIR, self.OIDC_ORGS) + DOMAIN = self.DOMAIN - def create_organizations(self, name, url): - if url == settings.RESPONSE_URI: - Organization.objects.create(name=name, response_uri=url, main=True) + with open(ORGANIZATION, newline='\n') as csvfile: + f = csv.reader(csvfile, delimiter=';', quotechar='"') + exist_main_domain = False + for r in f: + if DOMAIN == r[2].strip(): + exist_main_domain = True + self.create_one_organization(r[0].strip(), r[1].strip(), r[2].strip()) + + assert exist_main_domain, f"{DOMAIN} is not in {ORGANIZATION}" + + if settings.SYNC_ORG_DEV == 'y': + self.sync_credentials_organizations("pangea.org", "somconnexio.coop") + self.sync_credentials_organizations("local 8000", "local 9000") + + def create_one_organization(self, name, url, domain): + if self.DOMAIN == domain: + self.org.name = name + self.org.response_uri = url + self.org.save() else: - Organization.objects.create(name=name, response_uri=url) + Organization.objects.create(name=name, response_uri=url, domain=domain) def sync_credentials_organizations(self, test1, test2): org1 = Organization.objects.get(name=test1) diff --git a/idhub/management/commands/send_mail_admins.py b/idhub/management/commands/send_mail_admins.py index 0ef24f8..eae3e41 100644 --- a/idhub/management/commands/send_mail_admins.py +++ b/idhub/management/commands/send_mail_admins.py @@ -27,10 +27,9 @@ class Command(BaseCommand): """ Send a email when a user is activated. """ - parsed_url = urlparse(settings.RESPONSE_URI) - domain = f"{parsed_url.scheme}://{parsed_url.netloc}/" + url_domain = f"https://{}/".format(settings.DOMAIN) context = { - "domain": domain, + "domain": url_domain, } subject = loader.render_to_string(self.subject_template_name, context) # Email subject *must not* contain newlines diff --git a/idhub/models.py b/idhub/models.py index 1072e26..2eae07f 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -670,7 +670,7 @@ class VerificableCredential(models.Model): credential_subject = ujson.loads(data).get("credentialSubject", {}) return credential_subject.items() - def issue(self, did, domain=settings.DOMAIN.strip("/")): + def issue(self, did, domain): if self.status == self.Status.ISSUED: return @@ -704,7 +704,7 @@ class VerificableCredential(models.Model): cred_path = 'public/credentials' sid = self.hash - url_id = "{}/{}/{}".format( + url_id = "https://{}/{}/{}".format( domain, cred_path, sid diff --git a/idhub/user/forms.py b/idhub/user/forms.py index 81c36a7..654a936 100644 --- a/idhub/user/forms.py +++ b/idhub/user/forms.py @@ -132,8 +132,9 @@ class DemandAuthorizationForm(forms.Form): self.user = kwargs.pop('user', None) super().__init__(*args, **kwargs) self.fields['organization'].choices = [ - (x.id, x.name) for x in Organization.objects.filter() - if x.response_uri != settings.RESPONSE_URI + (x.id, x.name) for x in Organization.objects.exclude( + domain=settings.DOMAIN + ) ] def save(self, commit=True): diff --git a/oidc4vp/models.py b/oidc4vp/models.py index 8cfdfaf..d3a454f 100644 --- a/oidc4vp/models.py +++ b/oidc4vp/models.py @@ -51,6 +51,7 @@ class Organization(models.Model): main is a field which indicates the organization of this idhub """ name = models.CharField(max_length=250) + domain = models.CharField(max_length=250, null=True, default=None) main = models.BooleanField(default=False) client_id = models.CharField( max_length=24, @@ -94,7 +95,7 @@ class Organization(models.Model): """ url = "{url}/verify?demand_uri={redirect_uri}".format( url=self.response_uri.strip("/"), - redirect_uri=settings.RESPONSE_URI + redirect_uri=self.response_uri ) auth = (self.my_client_id, self.my_client_secret) return requests.get(url, auth=auth) diff --git a/promotion/forms.py b/promotion/forms.py index 30dce87..b9f9e1a 100644 --- a/promotion/forms.py +++ b/promotion/forms.py @@ -23,8 +23,9 @@ class WalletForm(forms.Form): self.presentation_definition = kwargs.pop('presentation_definition', []) super().__init__(*args, **kwargs) self.fields['organization'].choices = [ - (x.id, x.name) for x in Organization.objects.filter() - if x.response_uri != settings.RESPONSE_URI + (x.id, x.name) for x in Organization.objects.exclude( + domain=settings.DOMAIN + ) ] def save(self, commit=True): diff --git a/trustchain_idhub/settings.py b/trustchain_idhub/settings.py index 090be76..a37b737 100644 --- a/trustchain_idhub/settings.py +++ b/trustchain_idhub/settings.py @@ -32,12 +32,14 @@ SECRET_KEY = config('SECRET_KEY') # SECURITY WARNING: don't run with debug turned on in production! DEBUG = config('DEBUG', default=False, cast=bool) -ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv()) -CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv()) - DOMAIN = config("DOMAIN") assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY" +ALLOWED_HOSTS = config('ALLOWED_HOSTS', default=DOMAIN, cast=Csv()) +assert DOMAIN in ALLOWED_HOSTS, "DOMAIN is not ALLOWED_HOST" + +CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default=f'https://{DOMAIN}', cast=Csv()) + DEFAULT_FROM_EMAIL = config( 'DEFAULT_FROM_EMAIL', default='webmaster@localhost') @@ -201,8 +203,12 @@ USE_I18N = True USE_L10N = True AUTH_USER_MODEL = 'idhub_auth.User' -RESPONSE_URI = config('RESPONSE_URI', default="") -ALLOW_CODE_URI= config('ALLOW_CODE_URI', default="") + +ALLOW_CODE_URI= config( + 'ALLOW_CODE_URI', + default=f"https://{DOMAIN}/allow_code" +) + SUPPORTED_CREDENTIALS = config( 'SUPPORTED_CREDENTIALS', default='[]', @@ -222,7 +228,7 @@ LOGGING = { } SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y') -ORG_FILE = config('ORG_FILE', 'examples/organizations.csv') +OIDC_ORGS = config('OIDC_ORGS', 'examples/organizations.csv') ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool) CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool) ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool)