remove RESPONSE_URI

This commit is contained in:
Cayo Puigdefabregas 2024-03-04 09:44:53 +01:00
parent 0460ce6bce
commit 03c4dbae65
8 changed files with 63 additions and 34 deletions

View File

@ -1,5 +1,5 @@
"pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/" "pangea.org";"https://idhub1.demo.pangea.org/oidc4vp/";"idhub1.demo.pangea.org"
"somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/" "somconnexio.coop";"https://idhub2.demo.pangea.org/oidc4vp/";"idhub2.demo.pangea.org"
"exo.cat";"https://verify.exo.cat" "exo.cat";"https://verify.exo.cat";"verify.exo.cat"
"local 9000";"http://localhost:9000/oidc4vp/" "local 8000";"http://localhost/oidc4vp/";"localhost"
"local 8000";"http://localhost:8000/oidc4vp/" "local 9000";"http://localhost1/oidc4vp/";"localhost1"

1 pangea.org https://idhub1.demo.pangea.org/oidc4vp/ idhub1.demo.pangea.org
2 somconnexio.coop https://idhub2.demo.pangea.org/oidc4vp/ idhub2.demo.pangea.org
3 exo.cat https://verify.exo.cat verify.exo.cat
4 local 9000 local 8000 http://localhost:9000/oidc4vp/ http://localhost/oidc4vp/ localhost
5 local 8000 local 9000 http://localhost:8000/oidc4vp/ http://localhost1/oidc4vp/ localhost1

View File

@ -17,6 +17,8 @@ User = get_user_model()
class Command(BaseCommand): class Command(BaseCommand):
help = "Insert minimum datas for the project" help = "Insert minimum datas for the project"
DOMAIN = settings.DOMAIN
OIDC_ORGS = settings.OIDC_ORGS
def handle(self, *args, **kwargs): def handle(self, *args, **kwargs):
ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org') ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org')
@ -28,16 +30,15 @@ class Command(BaseCommand):
user = 'user{}@example.org'.format(u) user = 'user{}@example.org'.format(u)
self.create_users(user, '1234') self.create_users(user, '1234')
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent self.org = Organization.objects.create(
ORGANIZATION = os.path.join(BASE_DIR, settings.ORG_FILE) name=self.DOMAIN,
with open(ORGANIZATION, newline='\n') as csvfile: domain=self.DOMAIN,
f = csv.reader(csvfile, delimiter=';', quotechar='"') main=True
for r in f: )
self.create_organizations(r[0].strip(), r[1].strip())
if self.OIDC_ORGS:
self.create_organizations()
if settings.SYNC_ORG_DEV == 'y':
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
self.sync_credentials_organizations("local 8000", "local 9000")
self.create_schemas() self.create_schemas()
def create_admin_users(self, email, password): def create_admin_users(self, email, password):
@ -50,12 +51,32 @@ class Command(BaseCommand):
u.set_password(password) u.set_password(password)
u.save() u.save()
def create_organizations(self):
BASE_DIR = Path(__file__).resolve().parent.parent.parent.parent
ORGANIZATION = os.path.join(BASE_DIR, self.OIDC_ORGS)
DOMAIN = self.DOMAIN
def create_organizations(self, name, url): with open(ORGANIZATION, newline='\n') as csvfile:
if url == settings.RESPONSE_URI: f = csv.reader(csvfile, delimiter=';', quotechar='"')
Organization.objects.create(name=name, response_uri=url, main=True) exist_main_domain = False
for r in f:
if DOMAIN == r[2].strip():
exist_main_domain = True
self.create_one_organization(r[0].strip(), r[1].strip(), r[2].strip())
assert exist_main_domain, f"{DOMAIN} is not in {ORGANIZATION}"
if settings.SYNC_ORG_DEV == 'y':
self.sync_credentials_organizations("pangea.org", "somconnexio.coop")
self.sync_credentials_organizations("local 8000", "local 9000")
def create_one_organization(self, name, url, domain):
if self.DOMAIN == domain:
self.org.name = name
self.org.response_uri = url
self.org.save()
else: else:
Organization.objects.create(name=name, response_uri=url) Organization.objects.create(name=name, response_uri=url, domain=domain)
def sync_credentials_organizations(self, test1, test2): def sync_credentials_organizations(self, test1, test2):
org1 = Organization.objects.get(name=test1) org1 = Organization.objects.get(name=test1)

View File

@ -27,10 +27,9 @@ class Command(BaseCommand):
""" """
Send a email when a user is activated. Send a email when a user is activated.
""" """
parsed_url = urlparse(settings.RESPONSE_URI) url_domain = f"https://{}/".format(settings.DOMAIN)
domain = f"{parsed_url.scheme}://{parsed_url.netloc}/"
context = { context = {
"domain": domain, "domain": url_domain,
} }
subject = loader.render_to_string(self.subject_template_name, context) subject = loader.render_to_string(self.subject_template_name, context)
# Email subject *must not* contain newlines # Email subject *must not* contain newlines

View File

@ -670,7 +670,7 @@ class VerificableCredential(models.Model):
credential_subject = ujson.loads(data).get("credentialSubject", {}) credential_subject = ujson.loads(data).get("credentialSubject", {})
return credential_subject.items() return credential_subject.items()
def issue(self, did, domain=settings.DOMAIN.strip("/")): def issue(self, did, domain):
if self.status == self.Status.ISSUED: if self.status == self.Status.ISSUED:
return return
@ -704,7 +704,7 @@ class VerificableCredential(models.Model):
cred_path = 'public/credentials' cred_path = 'public/credentials'
sid = self.hash sid = self.hash
url_id = "{}/{}/{}".format( url_id = "https://{}/{}/{}".format(
domain, domain,
cred_path, cred_path,
sid sid

View File

@ -132,8 +132,9 @@ class DemandAuthorizationForm(forms.Form):
self.user = kwargs.pop('user', None) self.user = kwargs.pop('user', None)
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.fields['organization'].choices = [ self.fields['organization'].choices = [
(x.id, x.name) for x in Organization.objects.filter() (x.id, x.name) for x in Organization.objects.exclude(
if x.response_uri != settings.RESPONSE_URI domain=settings.DOMAIN
)
] ]
def save(self, commit=True): def save(self, commit=True):

View File

@ -51,6 +51,7 @@ class Organization(models.Model):
main is a field which indicates the organization of this idhub main is a field which indicates the organization of this idhub
""" """
name = models.CharField(max_length=250) name = models.CharField(max_length=250)
domain = models.CharField(max_length=250, null=True, default=None)
main = models.BooleanField(default=False) main = models.BooleanField(default=False)
client_id = models.CharField( client_id = models.CharField(
max_length=24, max_length=24,
@ -94,7 +95,7 @@ class Organization(models.Model):
""" """
url = "{url}/verify?demand_uri={redirect_uri}".format( url = "{url}/verify?demand_uri={redirect_uri}".format(
url=self.response_uri.strip("/"), url=self.response_uri.strip("/"),
redirect_uri=settings.RESPONSE_URI redirect_uri=self.response_uri
) )
auth = (self.my_client_id, self.my_client_secret) auth = (self.my_client_id, self.my_client_secret)
return requests.get(url, auth=auth) return requests.get(url, auth=auth)

View File

@ -23,8 +23,9 @@ class WalletForm(forms.Form):
self.presentation_definition = kwargs.pop('presentation_definition', []) self.presentation_definition = kwargs.pop('presentation_definition', [])
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.fields['organization'].choices = [ self.fields['organization'].choices = [
(x.id, x.name) for x in Organization.objects.filter() (x.id, x.name) for x in Organization.objects.exclude(
if x.response_uri != settings.RESPONSE_URI domain=settings.DOMAIN
)
] ]
def save(self, commit=True): def save(self, commit=True):

View File

@ -32,12 +32,14 @@ SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', default=False, cast=bool) DEBUG = config('DEBUG', default=False, cast=bool)
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
DOMAIN = config("DOMAIN") DOMAIN = config("DOMAIN")
assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY" assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default=DOMAIN, cast=Csv())
assert DOMAIN in ALLOWED_HOSTS, "DOMAIN is not ALLOWED_HOST"
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default=f'https://{DOMAIN}', cast=Csv())
DEFAULT_FROM_EMAIL = config( DEFAULT_FROM_EMAIL = config(
'DEFAULT_FROM_EMAIL', default='webmaster@localhost') 'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
@ -201,8 +203,12 @@ USE_I18N = True
USE_L10N = True USE_L10N = True
AUTH_USER_MODEL = 'idhub_auth.User' AUTH_USER_MODEL = 'idhub_auth.User'
RESPONSE_URI = config('RESPONSE_URI', default="")
ALLOW_CODE_URI= config('ALLOW_CODE_URI', default="") ALLOW_CODE_URI= config(
'ALLOW_CODE_URI',
default=f"https://{DOMAIN}/allow_code"
)
SUPPORTED_CREDENTIALS = config( SUPPORTED_CREDENTIALS = config(
'SUPPORTED_CREDENTIALS', 'SUPPORTED_CREDENTIALS',
default='[]', default='[]',
@ -222,7 +228,7 @@ LOGGING = {
} }
SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y') SYNC_ORG_DEV = config('SYNC_ORG_DEV', 'y')
ORG_FILE = config('ORG_FILE', 'examples/organizations.csv') OIDC_ORGS = config('OIDC_ORGS', 'examples/organizations.csv')
ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool) ENABLE_EMAIL = config('ENABLE_EMAIL', default=True, cast=bool)
CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool) CREATE_TEST_USERS = config('CREATE_TEST_USERS', default=False, cast=bool)
ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool) ENABLE_2FACTOR_AUTH = config('ENABLE_2FACTOR_AUTH', default=True, cast=bool)