From caa0adad480cb86a644f292c6d3bc861f106c0f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Fri, 28 Jul 2023 11:46:23 +0200 Subject: [PATCH] feat: attendee authentication can be disabled If OIDC_ATTENDEE_ENABLED configuration option is set to False, attendee authentication step will be skipped. --- web.env.example | 1 + web/flaskr/models.py | 6 +++++- web/instance/config.py | 9 +++++++++ web/tests/meeting/test_join.py | 24 ++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/web.env.example b/web.env.example index 0b33569b..46584c25 100644 --- a/web.env.example +++ b/web.env.example @@ -42,6 +42,7 @@ OIDC_USERINFO_HTTP_METHOD=POST OIDC_REDIRECT_URI=http://localhost:5000/oidc_callback # Attendee OIDC Configuration (back to default if empty) +OIDC_ATTENDEE_ENABLED= OIDC_ATTENDEE_ISSUER= OIDC_ATTENDEE_CLIENT_ID= OIDC_ATTENDEE_CLIENT_SECRET= diff --git a/web/flaskr/models.py b/web/flaskr/models.py index 6f78fc73..df46c40a 100755 --- a/web/flaskr/models.py +++ b/web/flaskr/models.py @@ -773,7 +773,11 @@ def get_role(self, hashed_role): elif self.get_hash("moderator") == hashed_role: role = "moderator" elif self.get_hash("authenticated") == hashed_role: - role = "authenticated" + role = ( + "authenticated" + if current_app.config["OIDC_ATTENDEE_ENABLED"] + else "attendee" + ) else: role = None return role diff --git a/web/instance/config.py b/web/instance/config.py index 886f9b46..d069a41b 100755 --- a/web/instance/config.py +++ b/web/instance/config.py @@ -47,6 +47,15 @@ OIDC_SERVICE_NAME = os.environ.get("OIDC_SERVICE_NAME") # Attendee OIDC Configuration (back to default if empty) +OIDC_ATTENDEE_ENABLED = os.environ.get("OIDC_ATTENDEE_ENABLED") not in [ + 0, + False, + "0", + "false", + "False", + "off", + "OFF", +] OIDC_ATTENDEE_ISSUER = os.environ.get("OIDC_ATTENDEE_ISSUER") or OIDC_ISSUER OIDC_ATTENDEE_CLIENT_ID = os.environ.get("OIDC_ATTENDEE_CLIENT_ID") or OIDC_CLIENT_ID OIDC_ATTENDEE_CLIENT_SECRET = ( diff --git a/web/tests/meeting/test_join.py b/web/tests/meeting/test_join.py index fd0f7f63..3ea0d125 100644 --- a/web/tests/meeting/test_join.py +++ b/web/tests/meeting/test_join.py @@ -54,6 +54,30 @@ def test_signin_meeting_with_authenticated_attendee(client_app, app, meeting): assert response.location.endswith("/meeting/join/1/authenticated") +def test_auth_attendee_disabled(client_app, app, meeting): + """ + If attendee authentication service is temporarily disabled, we should skip + the attendee authentication step. + https://github.com/numerique-gouv/b3desk/issues/9 + """ + # TODO: refactor this test with modern test conventions when #6 is merged + + app.config["OIDC_ATTENDEE_ENABLED"] = False + + with app.app_context(): + user_id = 1 + meeting = Meeting.query.get(1) + meeting_id = meeting.id + meeting_hash = meeting.get_hash("authenticated") + + url = f"/meeting/signin/{meeting_id}/creator/{user_id}/hash/{meeting_hash}" + response = client_app.get(url) + + assert response.status_code == 200 + form_action_url = "/meeting/join" + assert form_action_url in response.data.decode() + + def test_join_meeting_as_authenticated_attendee( client_app, app, meeting, authenticated_attendee ):