Rework templates for OAuth2

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO 2021-06-17 20:56:59 +02:00
parent 7ea36a5415
commit 9b26207515
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
7 changed files with 185 additions and 41 deletions

View File

@ -5,17 +5,26 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% load i18n %} {% load i18n %}
{% block content %} {% block content %}
<div class="alert alert-info"> <div class="row mt-4">
<div class="col-xl-6">
<div class="card">
<div class="card-header text-center">
<h3>{% trans "Token authentication" %}</h3>
</div>
<div class="card-body">
<div class="alert alert-info">
<h4>À quoi sert un jeton d'authentification ?</h4> <h4>À quoi sert un jeton d'authentification ?</h4>
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br /> Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a> via votre propre compte
depuis un client externe.<br />
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code> Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code>
pour pouvoir vous identifier.<br /><br /> pour pouvoir vous identifier.<br /><br />
Une documentation de l'API arrivera ultérieurement. La documentation de l'API est disponible ici :
</div> <a href="/doc/api/">{{ request.scheme }}://{{ request.get_host }}/doc/api/</a>.
</div>
<div class="alert alert-info"> <div class="alert alert-info">
<strong>{%trans 'Token' %} :</strong> <strong>{%trans 'Token' %} :</strong>
{% if 'show' in request.GET %} {% if 'show' in request.GET %}
{{ token.key }} (<a href="?">cacher</a>) {{ token.key }} (<a href="?">cacher</a>)
@ -24,13 +33,70 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% endif %} {% endif %}
<br /> <br />
<strong>{%trans 'Created' %} :</strong> {{ token.created }} <strong>{%trans 'Created' %} :</strong> {{ token.created }}
</div> </div>
<div class="alert alert-warning"> <div class="alert alert-warning">
<strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton ! <strong>{% trans "Warning" %} :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
</div> </div>
</div>
<a href="?regenerate"> <div class="card-footer text-center">
<a href="?regenerate">
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button> <button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
</a> </a>
</div>
</div>
</div>
<div class="col-xl-6">
<div class="card">
<div class="card-header text-center">
<h3>{% trans "OAuth2 authentication" %}</h3>
</div>
<div class="card-header">
<div class="alert alert-info">
<p>
La Note Kfet implémente également le protocole <a href="https://oauth.net/2/">OAuth2</a>, afin de
permettre à des applications tierces d'interagir avec la Note en récoltant des informations
(de connexion par exemple) voir en permettant des modifications à distance, par exemple lorsqu'il
s'agit d'avoir un site marchand sur lequel faire des transactions via la Note Kfet.
</p>
<p>
L'usage de ce protocole est recommandé pour tout usage non personnel, car permet de mieux cibler
les droits dont on a besoin, en restreignant leur usage par jeton généré.
</p>
<p>
La documentation vis-à-vis de l'usage de ce protocole est disponible ici :
<a href="/doc/external_services/oauth2/">{{ request.scheme }}://{{ request.get_host }}/doc/external_services/oauth2/</a>.
</p>
</div>
Liste des URL à communiquer à votre application :
<ul>
<li>
{% trans "Authorization:" %}
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}</a>
</li>
<li>
{% trans "Token:" %}
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:token' %}</a>
</li>
<li>
{% trans "Revoke Token:" %}
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:revoke-token' %}</a>
</li>
<li>
{% trans "Introspect Token:" %}
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:introspect' %}</a>
</li>
</ul>
</div>
<div class="card-footer text-center">
<a class="btn btn-primary" href="{% url 'oauth2_provider:list' %}">{% trans "Show my applications" %}</a>
</div>
</div>
</div>
</div>
{% endblock %} {% endblock %}

View File

@ -57,16 +57,16 @@
let scope = "" let scope = ""
for (let element of elements) { for (let element of elements) {
if (element.checked) { if (element.checked) {
scope += element.value + "%20" scope += element.value + " "
} }
} }
scope = scope.substr(0, scope.length - 3) scope = scope.substr(0, scope.length - 1)
document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope
+ '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope + '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope.replaceAll(' ', '%20')
+ '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope=' + '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='
+ scope + '</a>' + scope.replaceAll(' ', '%20') + '</a>'
} }
} }
{% endfor %} {% endfor %}

View File

@ -157,7 +157,7 @@ class ScopesView(LoginRequiredMixin, TemplateView):
scopes = PermissionScopes() scopes = PermissionScopes()
context["scopes"] = {} context["scopes"] = {}
all_scopes = scopes.get_all_scopes() all_scopes = scopes.get_all_scopes()
for app in Application.objects.filter(Q(user=self.request.user) | Q(client_type='public')).all(): for app in Application.objects.filter(user=self.request.user).all():
available_scopes = scopes.get_available_scopes(app) available_scopes = scopes.get_available_scopes(app)
context["scopes"][app] = OrderedDict() context["scopes"][app] = OrderedDict()
items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes] items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes]

View File

@ -1053,18 +1053,50 @@ msgstr "Changer le mot de passe"
msgid "API token" msgid "API token"
msgstr "Accès API" msgstr "Accès API"
#: apps/member/templates/member/manage_auth_tokens.html:19 #: apps/member/templates/member/manage_auth_tokens.html:12
msgid "Token authentication"
msgstr "Authentification par jeton"
#: apps/member/templates/member/manage_auth_tokens.html:28
msgid "Token" msgid "Token"
msgstr "Jeton" msgstr "Jeton"
#: apps/member/templates/member/manage_auth_tokens.html:26 #: apps/member/templates/member/manage_auth_tokens.html:35
msgid "Created" msgid "Created"
msgstr "Créé le" msgstr "Créé le"
#: apps/member/templates/member/manage_auth_tokens.html:34 #: apps/member/templates/member/manage_auth_tokens.html:39
msgid "Warning"
msgstr "Attention"
#: apps/member/templates/member/manage_auth_tokens.html:44
msgid "Regenerate token" msgid "Regenerate token"
msgstr "Regénérer le jeton" msgstr "Regénérer le jeton"
#: apps/member/templates/member/manage_auth_tokens.html:53
msgid "OAuth2 authentication"
msgstr "Authentification OAuth2"
#: apps/member/templates/member/manage_auth_tokens.html:79
msgid "Authorization:"
msgstr "Autorisation :"
#: apps/member/templates/member/manage_auth_tokens.html:83
msgid "Token:"
msgstr "Jeton :"
#: apps/member/templates/member/manage_auth_tokens.html:87
msgid "Revoke Token:"
msgstr "Révoquer le jeton :"
#: apps/member/templates/member/manage_auth_tokens.html:91
msgid "Introspect Token:"
msgstr "Introspection :"
#: apps/member/templates/member/manage_auth_tokens.html:97
msgid "Show my applications"
msgstr "Voir mes applications"
#: apps/member/templates/member/picture_update.html:35 #: apps/member/templates/member/picture_update.html:35
msgid "Nevermind" msgid "Nevermind"
msgstr "Annuler" msgstr "Annuler"
@ -1482,7 +1514,7 @@ msgstr "Pas de motif spécifié"
#: apps/wei/tables.py:74 apps/wei/tables.py:114 #: apps/wei/tables.py:74 apps/wei/tables.py:114
#: apps/wei/templates/wei/weiregistration_confirm_delete.html:31 #: apps/wei/templates/wei/weiregistration_confirm_delete.html:31
#: note_kfet/templates/oauth2_provider/application_confirm_delete.html:18 #: note_kfet/templates/oauth2_provider/application_confirm_delete.html:18
#: note_kfet/templates/oauth2_provider/application_detail.html:31 #: note_kfet/templates/oauth2_provider/application_detail.html:39
#: note_kfet/templates/oauth2_provider/authorized-token-delete.html:12 #: note_kfet/templates/oauth2_provider/authorized-token-delete.html:12
msgid "Delete" msgid "Delete"
msgstr "Supprimer" msgstr "Supprimer"
@ -1493,7 +1525,7 @@ msgstr "Supprimer"
#: apps/wei/templates/wei/bus_detail.html:20 #: apps/wei/templates/wei/bus_detail.html:20
#: apps/wei/templates/wei/busteam_detail.html:20 #: apps/wei/templates/wei/busteam_detail.html:20
#: apps/wei/templates/wei/busteam_detail.html:40 #: apps/wei/templates/wei/busteam_detail.html:40
#: note_kfet/templates/oauth2_provider/application_detail.html:30 #: note_kfet/templates/oauth2_provider/application_detail.html:38
msgid "Edit" msgid "Edit"
msgstr "Éditer" msgstr "Éditer"
@ -1808,17 +1840,17 @@ msgid "Available scopes"
msgstr "Scopes disponibles" msgstr "Scopes disponibles"
#: apps/permission/templates/permission/scopes.html:42 #: apps/permission/templates/permission/scopes.html:42
#: note_kfet/templates/oauth2_provider/application_list.html:18 #: note_kfet/templates/oauth2_provider/application_list.html:24
msgid "No applications defined" msgid "No applications defined"
msgstr "Pas d'application définie" msgstr "Pas d'application définie"
#: apps/permission/templates/permission/scopes.html:43 #: apps/permission/templates/permission/scopes.html:43
#: note_kfet/templates/oauth2_provider/application_list.html:19 #: note_kfet/templates/oauth2_provider/application_list.html:25
msgid "Click here" msgid "Click here"
msgstr "Cliquez ici" msgstr "Cliquez ici"
#: apps/permission/templates/permission/scopes.html:43 #: apps/permission/templates/permission/scopes.html:43
#: note_kfet/templates/oauth2_provider/application_list.html:19 #: note_kfet/templates/oauth2_provider/application_list.html:25
msgid "if you want to register a new one" msgid "if you want to register a new one"
msgstr "si vous voulez en enregistrer une nouvelle" msgstr "si vous voulez en enregistrer une nouvelle"
@ -3180,6 +3212,17 @@ msgid "Redirect Uris"
msgstr "URIs de redirection" msgstr "URIs de redirection"
#: note_kfet/templates/oauth2_provider/application_detail.html:29 #: note_kfet/templates/oauth2_provider/application_detail.html:29
#, python-format
msgid ""
"You can go <a href=\"%(scopes_url)s\">here</a> to generate authorization "
"link templates and convert permissions to scope numbers with the permissions "
"that you want to grant for your application."
msgstr ""
"Vous pouvez aller <a href=\"%(scopes_url)s\"ici</a> pour générer des modèles "
"de liens d'autorisation et convertir des permissions en identifiants de "
"scopes avec les permissions que vous souhaitez attribuer à votre application."
#: note_kfet/templates/oauth2_provider/application_detail.html:37
#: note_kfet/templates/oauth2_provider/application_form.html:23 #: note_kfet/templates/oauth2_provider/application_form.html:23
msgid "Go Back" msgid "Go Back"
msgstr "Retour en arrière" msgstr "Retour en arrière"
@ -3192,10 +3235,22 @@ msgstr "Modifier l'application"
msgid "Your applications" msgid "Your applications"
msgstr "Vos applications" msgstr "Vos applications"
#: note_kfet/templates/oauth2_provider/application_list.html:24 #: note_kfet/templates/oauth2_provider/application_list.html:11
msgid ""
"You can find on this page the list of the applications that you already "
"registered."
msgstr ""
"Vous pouvez trouver sur cette page la liste des applications que vous avez "
"déjà enregistrées."
#: note_kfet/templates/oauth2_provider/application_list.html:30
msgid "New Application" msgid "New Application"
msgstr "Nouvelle application" msgstr "Nouvelle application"
#: note_kfet/templates/oauth2_provider/application_list.html:31
msgid "Authorized Tokens"
msgstr "Jetons autorisés"
#: note_kfet/templates/oauth2_provider/application_registration_form.html:5 #: note_kfet/templates/oauth2_provider/application_registration_form.html:5
msgid "Register a new application" msgid "Register a new application"
msgstr "Enregistrer une nouvelle application" msgstr "Enregistrer une nouvelle application"

View File

@ -12,7 +12,7 @@
<dd class="col-xl-6"><input class="form-control" type="text" value="{{ application.client_id }}" readonly></dd> <dd class="col-xl-6"><input class="form-control" type="text" value="{{ application.client_id }}" readonly></dd>
<dt class="col-xl-6">{% trans "Client secret" %}</dt> <dt class="col-xl-6">{% trans "Client secret" %}</dt>
<dd class="col-xl-6"><input class="form-control" type="text" value="{{ application.client_secret }}" readonly></dd> <dd class="col-xl-6"><input class="form-control" type="text" value="****************************************************************" readonly></dd>
<dt class="col-xl-6">{% trans "Client type" %}</dt> <dt class="col-xl-6">{% trans "Client type" %}</dt>
<dd class="col-xl-6">{{ application.client_type }}</dd> <dd class="col-xl-6">{{ application.client_type }}</dd>
@ -24,6 +24,14 @@
<dd class="col-xl-6"><textarea class="form-control" readonly>{{ application.redirect_uris }}</textarea></dd> <dd class="col-xl-6"><textarea class="form-control" readonly>{{ application.redirect_uris }}</textarea></dd>
</dl> </dl>
<div class="alert alert-info">
{% url 'permission:scopes' as scopes_url %}
{% blocktrans trimmed %}
You can go <a href="{{ scopes_url }}">here</a> to generate authorization link templates and convert
permissions to scope numbers with the permissions that you want to grant for your application.
{% endblocktrans %}
</div>
</div> </div>
<div class="card-footer text-center"> <div class="card-footer text-center">
<a class="btn btn-secondary" href="{% url "oauth2_provider:list" %}">{% trans "Go Back" %}</a> <a class="btn btn-secondary" href="{% url "oauth2_provider:list" %}">{% trans "Go Back" %}</a>

View File

@ -7,6 +7,12 @@
<h3>{% trans "Your applications" %}</h3> <h3>{% trans "Your applications" %}</h3>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="alert alert-info">
{% blocktrans trimmed %}
You can find on this page the list of the applications that you already registered.
{% endblocktrans %}
</div>
{% if applications %} {% if applications %}
<ul> <ul>
{% for application in applications %} {% for application in applications %}
@ -22,6 +28,7 @@
</div> </div>
<div class="card-footer text-center"> <div class="card-footer text-center">
<a class="btn btn-success" href="{% url "oauth2_provider:register" %}">{% trans "New Application" %}</a> <a class="btn btn-success" href="{% url "oauth2_provider:register" %}">{% trans "New Application" %}</a>
<a class="btn btn-secondary" href="{% url "oauth2_provider:authorized-token-list" %}">{% trans "Authorized Tokens" %}</a>
</div> </div>
</div> </div>
{% endblock content %} {% endblock content %}

View File

@ -39,3 +39,11 @@
{% endif %} {% endif %}
</div> </div>
{% endblock %} {% endblock %}
{% block extrajavascript %}
<script>
{# Small hack to have the remove the allow checkbox and replace it with the button #}
{# Django oauth toolkit does simply not render the wdiget since it is not hidden, and create directly the button #}
document.getElementById('div_id_allow').parentElement.remove()
</script>
{% endblock %}