profiel and context

forza-mor-rotterdam · Aug 30, 2023 · 8b3d5b9 · 8b3d5b9
1 parent e9a6daa
commit 8b3d5b9
Show file tree

Hide file tree

Showing 16 changed files with 287 additions and 70 deletions.
diff --git a/app/apps/authenticatie/admin.py b/app/apps/authenticatie/admin.py
@@ -1,4 +1,4 @@
-from apps.authenticatie.models import Gebruiker
+from apps.authenticatie.models import Gebruiker, Profiel
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin
 
@@ -32,4 +32,9 @@ class GebruikerAdmin(UserAdmin):
     ordering = ("email",)
 
 
+class ProfielAdmin(admin.ModelAdmin):
+    ...
+
+
 admin.site.register(Gebruiker, GebruikerAdmin)
+admin.site.register(Profiel, ProfielAdmin)
diff --git a/app/apps/authenticatie/apps.py b/app/apps/authenticatie/apps.py
@@ -4,3 +4,6 @@
 class AuthenticatieConfig(AppConfig):
     name = "apps.authenticatie"
     verbose_name = "Authenticatie"
+
+    def ready(self):
+        import apps.authenticatie.signal_receivers  # noqa
diff --git a/app/apps/authenticatie/migrations/0002_profiel.py b/app/apps/authenticatie/migrations/0002_profiel.py
@@ -0,0 +1,62 @@
+# Generated by Django 3.2.16 on 2023-08-29 13:07
+
+import uuid
+
+import django.db.models.deletion
+import utils.fields
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("context", "0001_initial"),
+        ("authenticatie", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Profiel",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "uuid",
+                    models.UUIDField(default=uuid.uuid4, editable=False, unique=True),
+                ),
+                ("aangemaakt_op", models.DateTimeField(auto_now_add=True)),
+                ("aangepast_op", models.DateTimeField(auto_now=True)),
+                ("filters", utils.fields.DictJSONField(default=dict)),
+                ("ui_instellingen", utils.fields.DictJSONField(default=dict)),
+                (
+                    "context",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="profielen_voor_context",
+                        to="context.context",
+                    ),
+                ),
+                (
+                    "gebruiker",
+                    models.OneToOneField(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="profiel",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]
diff --git a/app/apps/authenticatie/models.py b/app/apps/authenticatie/models.py
@@ -1,6 +1,9 @@
 from apps.authenticatie.managers import GebruikerManager
+from django.contrib.auth import get_user_model
 from django.contrib.auth.models import AbstractUser
 from django.contrib.gis.db import models
+from utils.fields import DictJSONField
+from utils.models import BasisModel
 
 
 class Gebruiker(AbstractUser):
@@ -14,3 +17,33 @@ class Gebruiker(AbstractUser):
 
     def __str__(self):
         return self.email
+
+
+User = get_user_model()
+
+
+class Profiel(BasisModel):
+    """
+    Profiel model voor Gebruikers
+    """
+
+    gebruiker = models.OneToOneField(
+        to=User,
+        related_name="profiel",
+        on_delete=models.CASCADE,
+    )
+
+    filters = DictJSONField(default=dict)
+    ui_instellingen = DictJSONField(default=dict)
+    context = models.ForeignKey(
+        to="context.Context",
+        related_name="profielen_voor_context",
+        on_delete=models.SET_NULL,
+        blank=True,
+        null=True,
+    )
+
+    def __str__(self):
+        if self.gebruiker:
+            return f"Profiel voor: {self.gebruiker}"
+        return f"Profiel id: {self.pk}"
diff --git a/app/apps/authenticatie/signal_receivers.py b/app/apps/authenticatie/signal_receivers.py
@@ -0,0 +1,12 @@
+from apps.authenticatie.models import Profiel
+from django.contrib.auth import get_user_model
+from django.db.models.signals import post_save
+from django.dispatch import receiver
+
+User = get_user_model()
+
+
+@receiver(post_save, sender=User)
+def create_user_profile(sender, instance, created, **kwargs):
+    if not hasattr(instance, "profiel"):
+        Profiel.objects.create(gebruiker=instance)
diff --git a/app/apps/context/__init__.py b/app/apps/context/__init__.py
diff --git a/app/apps/context/admin.py b/app/apps/context/admin.py
@@ -0,0 +1,9 @@
+from apps.context.models import Context
+from django.contrib import admin
+
+
+class ContextAdmin(admin.ModelAdmin):
+    ...
+
+
+admin.site.register(Context, ContextAdmin)
diff --git a/app/apps/context/apps.py b/app/apps/context/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ContextConfig(AppConfig):
+    name = "apps.context"
+    verbose_name = "Context"
diff --git a/app/apps/context/migrations/0001_initial.py b/app/apps/context/migrations/0001_initial.py
@@ -0,0 +1,41 @@
+# Generated by Django 3.2.16 on 2023-08-29 13:07
+
+import uuid
+
+import utils.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = []
+
+    operations = [
+        migrations.CreateModel(
+            name="Context",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "uuid",
+                    models.UUIDField(default=uuid.uuid4, editable=False, unique=True),
+                ),
+                ("aangemaakt_op", models.DateTimeField(auto_now_add=True)),
+                ("aangepast_op", models.DateTimeField(auto_now=True)),
+                ("naam", models.CharField(max_length=100)),
+                ("filters", utils.fields.DictJSONField(default=dict)),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]
diff --git a/app/apps/context/migrations/__init__.py b/app/apps/context/migrations/__init__.py
diff --git a/app/apps/context/models.py b/app/apps/context/models.py
@@ -0,0 +1,15 @@
+from django.contrib.gis.db import models
+from utils.fields import DictJSONField
+from utils.models import BasisModel
+
+
+class Context(BasisModel):
+    """
+    Profiel model voor Gebruikers
+    """
+
+    naam = models.CharField(max_length=100)
+    filters = DictJSONField(default=dict)
+
+    def __str__(self):
+        return self.naam
diff --git a/app/config/context_processors.py b/app/config/context_processors.py
@@ -19,7 +19,6 @@ def general_settings(context):
         "MELDINGEN_URL": settings.MELDINGEN_URL,
         "DEBUG": settings.DEBUG,
         "DEV_SOCKET_PORT": settings.DEV_SOCKET_PORT,
-        "CHECK_SESSION_IFRAME": settings.CHECK_SESSION_IFRAME,
         "GET": context.GET,
         "ABSOLUTE_ROOT": absolute(context).get("ABSOLUTE_ROOT"),
         "SESSION_EXPIRY_MAX_TIMESTAMP": session_expiry_max_timestamp,

diff --git a/app/config/settings.py b/app/config/settings.py
@@ -57,6 +57,7 @@
     "apps.rotterdam_formulier_html",
     "apps.regie",
     "apps.authenticatie",
+    "apps.context",
 )
 
 MIDDLEWARE = (
@@ -70,7 +71,6 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "mozilla_django_oidc.middleware.SessionRefresh",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 )
@@ -197,8 +197,8 @@
 CSRF_COOKIE_SECURE = not DEBUG
 SESSION_COOKIE_NAME = "__Secure-sessionid" if not DEBUG else "sessionid"
 CSRF_COOKIE_NAME = "__Secure-csrftoken" if not DEBUG else "csrftoken"
-SESSION_COOKIE_SAMESITE = "Lax" # Strict does not work well together with OIDC
-CSRF_COOKIE_SAMESITE = "Lax" # Strict does not work well together with OIDC
+SESSION_COOKIE_SAMESITE = "Lax"  # Strict does not work well together with OIDC
+CSRF_COOKIE_SAMESITE = "Lax"  # Strict does not work well together with OIDC
 
 # Settings for Content-Security-Policy header
 CSP_DEFAULT_SRC = ("'self'",)
@@ -336,64 +336,70 @@
     },
 }
 
+
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
+]
+
 OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID")
 OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET")
-OIDC_VERIFY_SSL = os.getenv("OIDC_VERIFY_SSL", True) in TRUE_VALUES
-OIDC_USE_NONCE = os.getenv("OIDC_USE_NONCE", True) in TRUE_VALUES
 
 OIDC_REALM = os.getenv("OIDC_REALM")
 AUTH_BASE_URL = os.getenv("AUTH_BASE_URL")
 OPENID_CONFIG_URI = os.getenv(
     "OPENID_CONFIG_URI",
-    f"{AUTH_BASE_URL}/realms{OIDC_REALM}/.well-known/openid-configuration",
+    f"{AUTH_BASE_URL}/realms/{OIDC_REALM}/.well-known/openid-configuration",
 )
 OPENID_CONFIG = {}
 try:
     OPENID_CONFIG = requests.get(OPENID_CONFIG_URI).json()
 except Exception as e:
-    logger.warning(f"OPENID_CONFIG FOUT, url: {OPENID_CONFIG_URI}, error: {e}")
-
-OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv(
-    "OIDC_OP_AUTHORIZATION_ENDPOINT", OPENID_CONFIG.get("authorization_endpoint")
-)
-OIDC_OP_TOKEN_ENDPOINT = os.getenv(
-    "OIDC_OP_TOKEN_ENDPOINT", OPENID_CONFIG.get("token_endpoint")
-)
-OIDC_OP_USER_ENDPOINT = os.getenv(
-    "OIDC_OP_USER_ENDPOINT", OPENID_CONFIG.get("userinfo_endpoint")
-)
-OIDC_OP_JWKS_ENDPOINT = os.getenv(
-    "OIDC_OP_JWKS_ENDPOINT", OPENID_CONFIG.get("jwks_uri")
-)
-CHECK_SESSION_IFRAME = os.getenv(
-    "CHECK_SESSION_IFRAME", OPENID_CONFIG.get("check_session_iframe")
-)
-OIDC_RP_SCOPES = os.getenv(
-    "OIDC_RP_SCOPES",
-    " ".join(OPENID_CONFIG.get("scopes_supported", ["openid", "email", "profile"])),
-)
-OIDC_OP_LOGOUT_ENDPOINT = os.getenv(
-    "OIDC_OP_LOGOUT_ENDPOINT",
-    OPENID_CONFIG.get("end_session_endpoint"),
-)
-
-if OIDC_OP_JWKS_ENDPOINT:
-    OIDC_RP_SIGN_ALGO = "RS256"
-
-AUTHENTICATION_BACKENDS = [
-    "django.contrib.auth.backends.ModelBackend",
-]
-if OPENID_CONFIG_URI and OIDC_RP_CLIENT_ID:
-    AUTHENTICATION_BACKENDS.append("apps.authenticatie.auth.OIDCAuthenticationBackend")
-
-OIDC_OP_LOGOUT_URL_METHOD = "apps.authenticatie.views.provider_logout"
-ALLOW_LOGOUT_GET_METHOD = True
-OIDC_STORE_ID_TOKEN = True
-OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = int(
-    os.getenv("OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS", "300")
-)
+    logger.error(f"OPENID_CONFIG FOUT, url: {OPENID_CONFIG_URI}, error: {e}")
+
+if OPENID_CONFIG and OIDC_RP_CLIENT_ID:
+    OIDC_VERIFY_SSL = os.getenv("OIDC_VERIFY_SSL", True) in TRUE_VALUES
+    OIDC_USE_NONCE = os.getenv("OIDC_USE_NONCE", True) in TRUE_VALUES
+
+    OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv(
+        "OIDC_OP_AUTHORIZATION_ENDPOINT", OPENID_CONFIG.get("authorization_endpoint")
+    )
+    OIDC_OP_TOKEN_ENDPOINT = os.getenv(
+        "OIDC_OP_TOKEN_ENDPOINT", OPENID_CONFIG.get("token_endpoint")
+    )
+    OIDC_OP_USER_ENDPOINT = os.getenv(
+        "OIDC_OP_USER_ENDPOINT", OPENID_CONFIG.get("userinfo_endpoint")
+    )
+    OIDC_OP_JWKS_ENDPOINT = os.getenv(
+        "OIDC_OP_JWKS_ENDPOINT", OPENID_CONFIG.get("jwks_uri")
+    )
+    CHECK_SESSION_IFRAME = os.getenv(
+        "CHECK_SESSION_IFRAME", OPENID_CONFIG.get("check_session_iframe")
+    )
+    OIDC_RP_SCOPES = os.getenv(
+        "OIDC_RP_SCOPES",
+        " ".join(OPENID_CONFIG.get("scopes_supported", ["openid", "email", "profile"])),
+    )
+    OIDC_OP_LOGOUT_ENDPOINT = os.getenv(
+        "OIDC_OP_LOGOUT_ENDPOINT",
+        OPENID_CONFIG.get("end_session_endpoint"),
+    )
+
+    if OIDC_OP_JWKS_ENDPOINT:
+        OIDC_RP_SIGN_ALGO = "RS256"
+
+    AUTHENTICATION_BACKENDS = [
+        "django.contrib.auth.backends.ModelBackend",
+        "apps.authenticatie.auth.OIDCAuthenticationBackend",
+    ]
 
-LOGIN_REDIRECT_URL = "/"
-LOGIN_REDIRECT_URL_FAILURE = "/"
-LOGOUT_REDIRECT_URL = OIDC_OP_LOGOUT_ENDPOINT
-LOGIN_URL = "/oidc/authenticate/"
+    OIDC_OP_LOGOUT_URL_METHOD = "apps.authentication.views.provider_logout"
+    ALLOW_LOGOUT_GET_METHOD = True
+    OIDC_STORE_ID_TOKEN = True
+    OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = int(
+        os.getenv("OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS", "300")
+    )
+
+    LOGIN_REDIRECT_URL = "/"
+    LOGIN_REDIRECT_URL_FAILURE = "/"
+    LOGOUT_REDIRECT_URL = OIDC_OP_LOGOUT_ENDPOINT
+    LOGIN_URL = "/oidc/authenticate/"