entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity
authentic/src/authentic2_auth_fc/models.py

187 lines
6.2 KiB
Python
Raw Blame History

# authentic2-auth-fc - authentic2 authentication for FranceConnect
# Copyright (C) 2019 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
from django.conf import settings
from django.contrib.postgres.fields import ArrayField
from django.db import models
from django.utils.functional import cached_property
from django.utils.translation import gettext_lazy as _
from authentic2.apps.authenticators.models import BaseAuthenticator
from . import views
from .utils import parse_id_token
PLATFORM_CHOICES = [
('prod', _('Production')),
('test', _('Integration')),
]
SCOPE_CHOICES = [
('given_name', _('given name (given_name)')),
('gender', _('gender (gender)')),
('birthdate', _('birthdate (birthdate)')),
('birthcountry', _('birthcountry (birthcountry)')),
('birthplace', _('birthplace (birthplace)')),
('family_name', _('family name (family_name)')),
('email', _('email (email)')),
('preferred_username', _('usual family name (preferred_username)')),
('identite_pivot', _('core id (identite_pivot)')),
('profile', _('profile (profile)')),
('birth', _('birth profile (birth)')),
]
def get_default_scopes():
return ['profile', 'email']
class FcAuthenticator(BaseAuthenticator):
platform = models.CharField(_('Platform'), default='test', max_length=4, choices=PLATFORM_CHOICES)
client_id = models.CharField(
('Client ID'),
max_length=256,
help_text=_(
'See <a href="https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service">'
'FranceConnect partners site</a> for getting client ID and secret.'
),
)
client_secret = models.CharField(_('Client Secret'), max_length=256)
scopes = ArrayField(
models.CharField(max_length=32, choices=SCOPE_CHOICES),
verbose_name=_('Scopes'),
default=get_default_scopes,
)
link_by_email = models.BooleanField(_('Link by email address'), default=True)
type = 'fc'
how = ['france-connect']
unique = True
description_fields = [
'show_condition',
'platform',
'client_id',
'client_secret',
'scopes',
'link_by_email',
]
class Meta:
verbose_name = _('FranceConnect')
@property
def manager_form_class(self):
from .forms import FcAuthenticatorForm
return FcAuthenticatorForm
def save(self, *args, **kwargs):
if not self.pk:
self.order = -1
return super().save(*args, **kwargs)
def get_scopes_display(self):
scope_dict = {k: v for k, v in SCOPE_CHOICES}
return ', '.join(str(scope_dict[scope]) for scope in self.scopes if scope in scope_dict)
@property
def authorize_url(self):
if self.platform == 'test':
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/authorize'
else:
return 'https://app.franceconnect.gouv.fr/api/v1/authorize'
@property
def token_url(self):
if self.platform == 'test':
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/token'
else:
return 'https://app.franceconnect.gouv.fr/api/v1/token'
@property
def userinfo_url(self):
if self.platform == 'test':
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/userinfo'
else:
return 'https://app.franceconnect.gouv.fr/api/v1/userinfo'
@property
def logout_url(self):
if self.platform == 'test':
return 'https://fcp.integ01.dev-franceconnect.fr/api/v1/logout'
else:
return 'https://app.franceconnect.gouv.fr/api/v1/logout'
def autorun(self, request, block_id, next_url):
return views.LoginOrLinkView.as_view(display_message_on_redirect=True)(request, next_url=next_url)
def login(self, request, *args, **kwargs):
return views.login(request, *args, **kwargs)
def profile(self, request, *args, **kwargs):
return views.profile(request, *args, **kwargs)
def registration(self, request, *args, **kwargs):
return views.registration(request, *args, **kwargs)
class FcAccount(models.Model):
created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True)
modified = models.DateTimeField(verbose_name=_('modified'), auto_now=True)
user = models.ForeignKey(
to=settings.AUTH_USER_MODEL,
verbose_name=_('user'),
related_name='fc_accounts',
on_delete=models.CASCADE,
)
sub = models.TextField(verbose_name=_('sub'), db_index=True)
order = models.PositiveIntegerField(verbose_name=_('order'), default=0)
token = models.TextField(verbose_name=_('access token'), default='{}')
user_info = models.TextField(verbose_name=_('access token'), null=True, default='{}')
@cached_property
def id_token(self):
authenticator = FcAuthenticator.objects.get()
return parse_id_token(self.get_token()['id_token'], authenticator.authorize_url)
def get_token(self):
if self.token:
return json.loads(self.token)
else:
return {}
def get_user_info(self):
if self.user_info:
return json.loads(self.user_info)
else:
return {}
def __str__(self):
user_info = self.get_user_info()
display_name = []
if 'given_name' in user_info:
display_name.append(user_info['given_name'])
if 'family_name' in user_info:
display_name.append(user_info['family_name'])
return ' '.join(display_name)
class Meta:
unique_together = [
('sub', 'order'),
('user', 'order'),
]
View Git Blame Copy Permalink