187 lines
6.2 KiB
Python
187 lines
6.2 KiB
Python
# authentic2-auth-fc - authentic2 authentication for FranceConnect
|
|
# Copyright (C) 2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
import json
|
|
|
|
from django.conf import settings
|
|
from django.contrib.postgres.fields import ArrayField
|
|
from django.db import models
|
|
from django.utils.functional import cached_property
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from authentic2.apps.authenticators.models import BaseAuthenticator
|
|
|
|
from . import views
|
|
from .utils import parse_id_token
|
|
|
|
PLATFORM_CHOICES = [
|
|
('prod', _('Production')),
|
|
('test', _('Integration')),
|
|
]
|
|
SCOPE_CHOICES = [
|
|
('given_name', _('given name (given_name)')),
|
|
('gender', _('gender (gender)')),
|
|
('birthdate', _('birthdate (birthdate)')),
|
|
('birthcountry', _('birthcountry (birthcountry)')),
|
|
('birthplace', _('birthplace (birthplace)')),
|
|
('family_name', _('family name (family_name)')),
|
|
('email', _('email (email)')),
|
|
('preferred_username', _('usual family name (preferred_username)')),
|
|
('identite_pivot', _('core id (identite_pivot)')),
|
|
('profile', _('profile (profile)')),
|
|
('birth', _('birth profile (birth)')),
|
|
]
|
|
|
|
|
|
def get_default_scopes():
|
|
return ['profile', 'email']
|
|
|
|
|
|
class FcAuthenticator(BaseAuthenticator):
|
|
platform = models.CharField(_('Platform'), default='test', max_length=4, choices=PLATFORM_CHOICES)
|
|
client_id = models.CharField(
|
|
('Client ID'),
|
|
max_length=256,
|
|
help_text=_(
|
|
'See <a href="https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service">'
|
|
'FranceConnect partners site</a> for getting client ID and secret.'
|
|
),
|
|
)
|
|
client_secret = models.CharField(_('Client Secret'), max_length=256)
|
|
scopes = ArrayField(
|
|
models.CharField(max_length=32, choices=SCOPE_CHOICES),
|
|
verbose_name=_('Scopes'),
|
|
default=get_default_scopes,
|
|
)
|
|
link_by_email = models.BooleanField(_('Link by email address'), default=True)
|
|
|
|
type = 'fc'
|
|
how = ['france-connect']
|
|
unique = True
|
|
description_fields = [
|
|
'show_condition',
|
|
'platform',
|
|
'client_id',
|
|
'client_secret',
|
|
'scopes',
|
|
'link_by_email',
|
|
]
|
|
|
|
class Meta:
|
|
verbose_name = _('FranceConnect')
|
|
|
|
@property
|
|
def manager_form_class(self):
|
|
from .forms import FcAuthenticatorForm
|
|
|
|
return FcAuthenticatorForm
|
|
|
|
def save(self, *args, **kwargs):
|
|
if not self.pk:
|
|
self.order = -1
|
|
return super().save(*args, **kwargs)
|
|
|
|
def get_scopes_display(self):
|
|
scope_dict = {k: v for k, v in SCOPE_CHOICES}
|
|
return ', '.join(str(scope_dict[scope]) for scope in self.scopes if scope in scope_dict)
|
|
|
|
@property
|
|
def authorize_url(self):
|
|
if self.platform == 'test':
|
|
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'
|
|
else:
|
|
return 'https://app.franceconnect.gouv.fr/api/v1/authorize'
|
|
|
|
@property
|
|
def token_url(self):
|
|
if self.platform == 'test':
|
|
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'
|
|
else:
|
|
return 'https://app.franceconnect.gouv.fr/api/v1/token'
|
|
|
|
@property
|
|
def userinfo_url(self):
|
|
if self.platform == 'test':
|
|
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'
|
|
else:
|
|
return 'https://app.franceconnect.gouv.fr/api/v1/userinfo'
|
|
|
|
@property
|
|
def logout_url(self):
|
|
if self.platform == 'test':
|
|
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'
|
|
else:
|
|
return 'https://app.franceconnect.gouv.fr/api/v1/logout'
|
|
|
|
def autorun(self, request, block_id, next_url):
|
|
return views.LoginOrLinkView.as_view(display_message_on_redirect=True)(request, next_url=next_url)
|
|
|
|
def login(self, request, *args, **kwargs):
|
|
return views.login(request, *args, **kwargs)
|
|
|
|
def profile(self, request, *args, **kwargs):
|
|
return views.profile(request, *args, **kwargs)
|
|
|
|
def registration(self, request, *args, **kwargs):
|
|
return views.registration(request, *args, **kwargs)
|
|
|
|
|
|
class FcAccount(models.Model):
|
|
created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True)
|
|
modified = models.DateTimeField(verbose_name=_('modified'), auto_now=True)
|
|
user = models.ForeignKey(
|
|
to=settings.AUTH_USER_MODEL,
|
|
verbose_name=_('user'),
|
|
related_name='fc_accounts',
|
|
on_delete=models.CASCADE,
|
|
)
|
|
sub = models.TextField(verbose_name=_('sub'), db_index=True)
|
|
order = models.PositiveIntegerField(verbose_name=_('order'), default=0)
|
|
token = models.TextField(verbose_name=_('access token'), default='{}')
|
|
user_info = models.TextField(verbose_name=_('access token'), null=True, default='{}')
|
|
|
|
@cached_property
|
|
def id_token(self):
|
|
authenticator = FcAuthenticator.objects.get()
|
|
return parse_id_token(self.get_token()['id_token'], authenticator.authorize_url)
|
|
|
|
def get_token(self):
|
|
if self.token:
|
|
return json.loads(self.token)
|
|
else:
|
|
return {}
|
|
|
|
def get_user_info(self):
|
|
if self.user_info:
|
|
return json.loads(self.user_info)
|
|
else:
|
|
return {}
|
|
|
|
def __str__(self):
|
|
user_info = self.get_user_info()
|
|
display_name = []
|
|
if 'given_name' in user_info:
|
|
display_name.append(user_info['given_name'])
|
|
if 'family_name' in user_info:
|
|
display_name.append(user_info['family_name'])
|
|
return ' '.join(display_name)
|
|
|
|
class Meta:
|
|
unique_together = [
|
|
('sub', 'order'),
|
|
('user', 'order'),
|
|
]
|