mirror of
				https://gitlab.crans.org/bde/nk20
				synced 2025-10-23 05:18:25 +02:00 
			
		
		
		
	Compare commits
	
		
			11 Commits
		
	
	
		
			export_mem
			...
			57e5dc951c
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 57e5dc951c | ||
|  | b7a660ee40 | ||
|  | 7ba5c76a89 | ||
|  | 702ddb5679 | ||
|  | 93aed87265 | ||
|  | 60355196ce | ||
|  | 9bffb32a5e | ||
|  | 6c63c6417c | ||
|  | 4563b2b640 | ||
|  | dde1baa25c | ||
|  | 7a7ee47e0b | 
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -48,7 +48,6 @@ backups/ | ||||
| env/ | ||||
| venv/ | ||||
| db.sqlite3 | ||||
| shell.nix | ||||
|  | ||||
| # ansibles customs host | ||||
| ansible/host_vars/*.yaml | ||||
|   | ||||
							
								
								
									
										16
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								README.md
									
									
									
									
									
								
							| @@ -58,7 +58,13 @@ Bien que cela permette de créer une instance sur toutes les distributions, | ||||
|     (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial | ||||
|     ``` | ||||
|  | ||||
| 6.  Enjoy : | ||||
| 6. (Optionnel) **Création d'une clé privée OpenID Connect** | ||||
|  | ||||
| Pour activer le support d'OpenID Connect, il faut générer une clé privée, par | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son | ||||
| emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`). | ||||
|  | ||||
| 7.  Enjoy : | ||||
|  | ||||
|     ```bash | ||||
|     (env)$ ./manage.py runserver 0.0.0.0:8000 | ||||
| @@ -228,7 +234,13 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous. | ||||
|         (env)$ ./manage.py check # pas de bêtise qui traine | ||||
|         (env)$ ./manage.py migrate | ||||
|  | ||||
| 7.  *Enjoy \o/* | ||||
| 7. **Création d'une clé privée OpenID Connect** | ||||
|  | ||||
| Pour activer le support d'OpenID Connect, il faut générer une clé privée, par | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son | ||||
| emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`). | ||||
|  | ||||
| 8.  *Enjoy \o/* | ||||
|  | ||||
| ### Installation avec Docker | ||||
|  | ||||
|   | ||||
| @@ -35,7 +35,7 @@ class GuestAdmin(admin.ModelAdmin): | ||||
|     """ | ||||
|     Admin customisation for Guest | ||||
|     """ | ||||
|     list_display = ('last_name', 'first_name', 'activity', 'inviter') | ||||
|     list_display = ('last_name', 'first_name', 'school', 'activity', 'inviter') | ||||
|     form = GuestForm | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -51,9 +51,9 @@ class GuestViewSet(ReadProtectedModelViewSet): | ||||
|     queryset = Guest.objects.order_by('id') | ||||
|     serializer_class = GuestSerializer | ||||
|     filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter] | ||||
|     filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name', | ||||
|     filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'school', 'inviter', 'inviter__alias__name', | ||||
|                         'inviter__alias__normalized_name', ] | ||||
|     search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name', | ||||
|     search_fields = ['$activity__name', '$last_name', '$first_name', '$school', '$inviter__user__email', '$inviter__alias__name', | ||||
|                      '$inviter__alias__normalized_name', ] | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -107,7 +107,7 @@ class GuestForm(forms.ModelForm): | ||||
|  | ||||
|     class Meta: | ||||
|         model = Guest | ||||
|         fields = ('last_name', 'first_name', 'inviter', ) | ||||
|         fields = ('last_name', 'first_name', 'school', 'inviter', ) | ||||
|         widgets = { | ||||
|             "inviter": Autocomplete( | ||||
|                 NoteUser, | ||||
|   | ||||
							
								
								
									
										18
									
								
								apps/activity/migrations/0006_guest_school.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								apps/activity/migrations/0006_guest_school.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| # Generated by Django 4.2.20 on 2025-03-25 09:58 | ||||
|  | ||||
| from django.db import migrations, models | ||||
|  | ||||
|  | ||||
| class Migration(migrations.Migration): | ||||
|     dependencies = [ | ||||
|         ("activity", "0005_alter_opener_options_alter_opener_opener"), | ||||
|     ] | ||||
|  | ||||
|     operations = [ | ||||
|         migrations.AddField( | ||||
|             model_name="guest", | ||||
|             name="school", | ||||
|             field=models.CharField(default="", max_length=255, verbose_name="school"), | ||||
|             preserve_default=False, | ||||
|         ), | ||||
|     ] | ||||
| @@ -247,6 +247,11 @@ class Guest(models.Model): | ||||
|         verbose_name=_("first name"), | ||||
|     ) | ||||
|  | ||||
|     school = models.CharField( | ||||
|         max_length=255, | ||||
|         verbose_name=_("school"), | ||||
|     ) | ||||
|  | ||||
|     inviter = models.ForeignKey( | ||||
|         NoteUser, | ||||
|         on_delete=models.PROTECT, | ||||
|   | ||||
| @@ -51,7 +51,7 @@ class GuestTable(tables.Table): | ||||
|         } | ||||
|         model = Guest | ||||
|         template_name = 'django_tables2/bootstrap4.html' | ||||
|         fields = ("last_name", "first_name", "inviter", ) | ||||
|         fields = ("last_name", "first_name", "inviter", "school") | ||||
|  | ||||
|     def render_entry(self, record): | ||||
|         if record.has_entry: | ||||
|   | ||||
| @@ -50,6 +50,7 @@ class TestActivities(TestCase): | ||||
|             inviter=self.user.note, | ||||
|             last_name="GUEST", | ||||
|             first_name="Guest", | ||||
|             school="School", | ||||
|         ) | ||||
|  | ||||
|     def test_activity_list(self): | ||||
| @@ -156,6 +157,7 @@ class TestActivities(TestCase): | ||||
|             inviter=self.user.note.id, | ||||
|             last_name="GUEST2", | ||||
|             first_name="Guest", | ||||
|             school="School", | ||||
|         )) | ||||
|         self.assertEqual(response.status_code, 200) | ||||
|  | ||||
| @@ -167,6 +169,7 @@ class TestActivities(TestCase): | ||||
|             inviter=self.user.note.id, | ||||
|             last_name="GUEST2", | ||||
|             first_name="Guest", | ||||
|             school="School", | ||||
|         )) | ||||
|         self.assertRedirects(response, reverse("activity:activity_detail", args=(self.activity.pk,)), 302, 200) | ||||
|  | ||||
| @@ -200,6 +203,7 @@ class TestActivityAPI(TestAPI): | ||||
|             inviter=self.user.note, | ||||
|             last_name="GUEST", | ||||
|             first_name="Guest", | ||||
|             school="School", | ||||
|         ) | ||||
|  | ||||
|         self.entry = Entry.objects.create( | ||||
|   | ||||
| @@ -168,6 +168,7 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|             activity=activity, | ||||
|             first_name="", | ||||
|             last_name="", | ||||
|             school="", | ||||
|             inviter=self.request.user.note, | ||||
|         ) | ||||
|  | ||||
|   | ||||
| @@ -20,12 +20,14 @@ SPDX-License-Identifier: GPL-3.0-or-later | ||||
|       </form> | ||||
|     </div> | ||||
|     <!-- MODAL TO CROP THE IMAGE --> | ||||
|     <div class="modal fade" id="modalCrop"> | ||||
|     <div class="modal fade" id="modalCrop" data-backdrop="static"> | ||||
|       <div class="modal-dialog"> | ||||
|         <div class="modal-content"> | ||||
|           <div class="modal-body"> | ||||
|             <img src="" id="modal-image" style="max-width: 100%;"> | ||||
|           </div> | ||||
|             <div class="modal-body-wrapper" style="width: 500px; height: 500px; padding: 16px;"> | ||||
|               <div class="modal-body" style="width: 100%; height: 100%; padding: 0"> | ||||
|                 <img src="" id="modal-image" style="display: block; max-width: 100%;"> | ||||
|               </div> | ||||
|             </div> | ||||
|           <div class="modal-footer"> | ||||
|             <div class="btn-group pull-left" role="group"> | ||||
|               <button type="button" class="btn btn-default" id="js-zoom-in"> | ||||
|   | ||||
| @@ -55,6 +55,7 @@ Les adhérent⋅es ont la possibilité d'inviter des ami⋅es. Pour cela, les di | ||||
| * Activité concernée (clé étrangère) | ||||
| * Nom de famille | ||||
| * Prénom | ||||
| * École | ||||
| * Note de la personne ayant invité | ||||
|  | ||||
| Certaines contraintes s'appliquent : | ||||
|   | ||||
| @@ -43,6 +43,11 @@ On a ensuite besoin de définir nos propres scopes afin d'avoir des permissions | ||||
|        'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes', | ||||
|        'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator", | ||||
|        'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14), | ||||
|        'PKCE_REQUIRED': False, | ||||
|        'OIDC_ENABLED': True, | ||||
|        'OIDC_RSA_PRIVATE_KEY': | ||||
|            os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'), | ||||
|        'SCOPES': { 'openid': "OpenID Connect scope" }, | ||||
|    } | ||||
|  | ||||
| Cela a pour effet d'avoir des scopes sous la forme ``PERMISSION_CLUB``, | ||||
| @@ -57,6 +62,14 @@ On ajoute enfin les routes dans ``urls.py`` : | ||||
|         path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')) | ||||
|     ) | ||||
|  | ||||
| Enfin pour utiliser OIDC, il faut générer une clé privé que l'on va, par défaut, | ||||
| mettre dans `/var/secrets/oidc.key` : | ||||
|  | ||||
| .. code:: bash | ||||
|  | ||||
|    cd /var/secrets/ | ||||
|    openssl genrsa -out oidc.key 4096 | ||||
|  | ||||
| L'OAuth2 est désormais prêt à être utilisé. | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -227,6 +227,22 @@ En production, ce fichier contient : | ||||
|    ) | ||||
|  | ||||
|  | ||||
| Génération d'une clé privé pour OIDC | ||||
| ------------------------------------ | ||||
|  | ||||
| Pour pouvoir proposer le service de connexion Openid Connect (OIDC) par OAuth2, il y a | ||||
| besoin d'une clé privé. Par défaut, elle est cherché dans le fichier `/var/secrets/oidc.key` | ||||
| (sinon, il faut modifier l'emplacement dans les fichiers de configurations). | ||||
|  | ||||
| Pour générer la clé, il faut aller dans le dossier `/var/secrets` (à créer, si nécessaire) puis | ||||
| utiliser la commande de génération : | ||||
|  | ||||
| .. code:: bash | ||||
|  | ||||
|    cd /var/secrets | ||||
|    openssl genrsa -out oidc.key 4096 | ||||
|  | ||||
|  | ||||
| Configuration des tâches récurrentes | ||||
| ------------------------------------ | ||||
|  | ||||
|   | ||||
| @@ -7,7 +7,7 @@ msgid "" | ||||
| msgstr "" | ||||
| "Project-Id-Version: \n" | ||||
| "Report-Msgid-Bugs-To: \n" | ||||
| "POT-Creation-Date: 2025-03-13 21:08+0100\n" | ||||
| "POT-Creation-Date: 2025-03-25 11:16+0100\n" | ||||
| "PO-Revision-Date: 2022-04-11 22:05+0200\n" | ||||
| "Last-Translator: bleizi <bleizi@crans.org>\n" | ||||
| "Language-Team: French <http://translate.ynerant.fr/projects/nk20/nk20/fr/>\n" | ||||
| @@ -25,7 +25,7 @@ msgid "This opener already exists" | ||||
| msgstr "Cette amitié existe déjà" | ||||
|  | ||||
| #: apps/activity/apps.py:10 apps/activity/models.py:129 | ||||
| #: apps/activity/models.py:169 apps/activity/models.py:323 | ||||
| #: apps/activity/models.py:169 apps/activity/models.py:328 | ||||
| msgid "activity" | ||||
| msgstr "activité" | ||||
|  | ||||
| @@ -37,24 +37,24 @@ msgstr "La note du club est inactive." | ||||
| msgid "The end date must be after the start date." | ||||
| msgstr "La date de fin doit être après celle de début." | ||||
|  | ||||
| #: apps/activity/forms.py:83 apps/activity/models.py:271 | ||||
| #: apps/activity/forms.py:83 apps/activity/models.py:276 | ||||
| msgid "You can't invite someone once the activity is started." | ||||
| msgstr "" | ||||
| "Vous ne pouvez pas inviter quelqu'un une fois que l'activité a démarré." | ||||
|  | ||||
| #: apps/activity/forms.py:86 apps/activity/models.py:274 | ||||
| #: apps/activity/forms.py:86 apps/activity/models.py:279 | ||||
| msgid "This activity is not validated yet." | ||||
| msgstr "Cette activité n'est pas encore validée." | ||||
|  | ||||
| #: apps/activity/forms.py:96 apps/activity/models.py:282 | ||||
| #: apps/activity/forms.py:96 apps/activity/models.py:287 | ||||
| msgid "This person has been already invited 5 times this year." | ||||
| msgstr "Cette personne a déjà été invitée 5 fois cette année." | ||||
|  | ||||
| #: apps/activity/forms.py:100 apps/activity/models.py:286 | ||||
| #: apps/activity/forms.py:100 apps/activity/models.py:291 | ||||
| msgid "This person is already invited." | ||||
| msgstr "Cette personne est déjà invitée." | ||||
|  | ||||
| #: apps/activity/forms.py:104 apps/activity/models.py:290 | ||||
| #: apps/activity/forms.py:104 apps/activity/models.py:295 | ||||
| msgid "You can't invite more than 3 people to this activity." | ||||
| msgstr "Vous ne pouvez pas inviter plus de 3 personnes à cette activité." | ||||
|  | ||||
| @@ -228,32 +228,36 @@ msgstr "nom de famille" | ||||
| msgid "first name" | ||||
| msgstr "prénom" | ||||
|  | ||||
| #: apps/activity/models.py:254 | ||||
| #: apps/activity/models.py:252 | ||||
| msgid "school" | ||||
| msgstr "école" | ||||
|  | ||||
| #: apps/activity/models.py:259 | ||||
| msgid "inviter" | ||||
| msgstr "hôte" | ||||
|  | ||||
| #: apps/activity/models.py:258 | ||||
| #: apps/activity/models.py:263 | ||||
| msgid "guest" | ||||
| msgstr "invité·e" | ||||
|  | ||||
| #: apps/activity/models.py:259 | ||||
| #: apps/activity/models.py:264 | ||||
| msgid "guests" | ||||
| msgstr "invité·e·s" | ||||
|  | ||||
| #: apps/activity/models.py:312 | ||||
| #: apps/activity/models.py:317 | ||||
| msgid "Invitation" | ||||
| msgstr "Invitation" | ||||
|  | ||||
| #: apps/activity/models.py:330 apps/activity/models.py:334 | ||||
| #: apps/activity/models.py:335 apps/activity/models.py:339 | ||||
| msgid "Opener" | ||||
| msgstr "Ouvreur⋅se" | ||||
|  | ||||
| #: apps/activity/models.py:335 | ||||
| #: apps/activity/models.py:340 | ||||
| #: apps/activity/templates/activity/activity_detail.html:16 | ||||
| msgid "Openers" | ||||
| msgstr "Ouvreur⋅ses" | ||||
|  | ||||
| #: apps/activity/models.py:339 | ||||
| #: apps/activity/models.py:344 | ||||
| #, fuzzy, python-brace-format | ||||
| #| msgid "Entry for {note} to the activity {activity}" | ||||
| msgid "{opener} is opener of activity {acivity}" | ||||
| @@ -463,25 +467,25 @@ msgstr "Détails de l'activité" | ||||
| msgid "Update activity" | ||||
| msgstr "Modifier l'activité" | ||||
|  | ||||
| #: apps/activity/views.py:177 | ||||
| #: apps/activity/views.py:178 | ||||
| msgid "Invite guest to the activity \"{}\"" | ||||
| msgstr "Invitation pour l'activité « {} »" | ||||
|  | ||||
| #: apps/activity/views.py:217 | ||||
| #: apps/activity/views.py:218 | ||||
| msgid "You are not allowed to display the entry interface for this activity." | ||||
| msgstr "" | ||||
| "Vous n'êtes pas autorisé·e à afficher l'interface des entrées pour cette " | ||||
| "activité." | ||||
|  | ||||
| #: apps/activity/views.py:220 | ||||
| #: apps/activity/views.py:221 | ||||
| msgid "This activity does not support activity entries." | ||||
| msgstr "Cette activité ne requiert pas d'entrées." | ||||
|  | ||||
| #: apps/activity/views.py:223 | ||||
| #: apps/activity/views.py:224 | ||||
| msgid "This activity is closed." | ||||
| msgstr "Cette activité est fermée." | ||||
|  | ||||
| #: apps/activity/views.py:328 | ||||
| #: apps/activity/views.py:329 | ||||
| msgid "Entry for activity \"{}\"" | ||||
| msgstr "Entrées pour l'activité « {} »" | ||||
|  | ||||
| @@ -1989,10 +1993,6 @@ msgstr "Historique des transactions récentes" | ||||
| #: apps/note/templates/note/mails/weekly_report.txt:32 | ||||
| #: apps/registration/templates/registration/mails/email_validation_email.html:40 | ||||
| #: apps/registration/templates/registration/mails/email_validation_email.txt:16 | ||||
| #: apps/scripts/templates/scripts/horaires.html:35 | ||||
| #: apps/scripts/templates/scripts/horaires.txt:17 | ||||
| #: apps/scripts/templates/scripts/intro_mail.html:49 | ||||
| #: apps/scripts/templates/scripts/intro_mail.txt:25 | ||||
| msgid "Mail generated by the Note Kfet on the" | ||||
| msgstr "Mail généré par la Note Kfet le" | ||||
|  | ||||
|   | ||||
| @@ -268,6 +268,10 @@ OAUTH2_PROVIDER = { | ||||
|     'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator", | ||||
|     'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14), | ||||
|     'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0) | ||||
|     'OIDC_ENABLED': True, | ||||
|     'OIDC_RSA_PRIVATE_KEY': | ||||
|         os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'), | ||||
|     'SCOPES': { 'openid': "OpenID Connect scope" }, | ||||
| } | ||||
|  | ||||
| # Take control on how widget templates are sourced | ||||
|   | ||||
							
								
								
									
										34
									
								
								shell-static.nix
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										34
									
								
								shell-static.nix
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| # This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file. | ||||
| #  | ||||
| # The nk20 javascript static location are hardcoded for imperative system. | ||||
| # This make ./manage.py collectstatic hard to use with nixos. | ||||
| #  | ||||
| # A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>. | ||||
| # This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics. | ||||
| # The regular shell.nix should be enough for other configurations. | ||||
| # | ||||
| # Warning, you are still supposed to use pip package with a venv ! | ||||
| { pkgs ? import <nixpkgs> {} }: | ||||
| (pkgs.buildFHSUserEnv { | ||||
|   name = "pipzone"; | ||||
|   targetPkgs = pkgs: (with pkgs; | ||||
|   let | ||||
|     fhs-static = stdenv.mkDerivation { | ||||
|       name = "fhs-static"; | ||||
|       buildCommand = '' | ||||
|       mkdir -p $out/share/javascript/bootstrap4 | ||||
|       mkdir -p $out/share/javascript/jquery | ||||
|       ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4 | ||||
|       ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery | ||||
|     ''; | ||||
|     }; | ||||
|   in [ | ||||
|     fhs-static | ||||
|     python39 | ||||
|     gettext | ||||
|     python39Packages.pip | ||||
|     python39Packages.virtualenv | ||||
|     python39Packages.setuptools | ||||
|   ]); | ||||
|   runScript = "bash"; | ||||
| }).env | ||||
							
								
								
									
										23
									
								
								shell.nix
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										23
									
								
								shell.nix
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file. | ||||
| # | ||||
| # This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt. | ||||
| # | ||||
| # Please check shell-static.nix for running ./manage.py collectstatics. | ||||
| { pkgs ? import <nixpkgs> {} }: | ||||
| pkgs.mkShell { | ||||
|   buildInputs = with pkgs; [ | ||||
|     python39 | ||||
|     python39Packages.pip | ||||
|     python39Packages.setuptools | ||||
|     gettext | ||||
|  | ||||
|   ]; | ||||
|   shellHook = '' | ||||
|     # Tells pip to put packages into $PIP_PREFIX instead of the usual locations. | ||||
|     # See https://pip.pypa.io/en/stable/user_guide/#environment-variables. | ||||
|     export PIP_PREFIX=$(pwd)/_build/pip_packages | ||||
|     export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH" | ||||
|     export PATH="$PIP_PREFIX/bin:$PATH" | ||||
|     unset SOURCE_DATE_EPOCH | ||||
|   ''; | ||||
| } | ||||
		Reference in New Issue
	
	Block a user