Don't hardcode OAuth2 parameters

Fix membership filters
2025-02-24 21:41:21 +00:00 · 2021-11-14 15:22:11 +01:00 · 2021-11-14 15:09:04 +01:00
4 changed files with 39 additions and 45 deletions
--- a/med/settings.py
+++ b/med/settings.py
@ -167,22 +167,26 @@ PAGINATION_NUMBER = 25

 AUTH_USER_MODEL = 'users.User'

-# AUTHLIB CLIENTS
-AUTHLIB_OAUTH_CLIENTS = {
-    'notekfet': {
-        'client_id': 'qtElmOUj67YNvSZjA5l70ITUMxd3NJ9kksBsK5e9',
-        'client_secret': 'SwF909sLIeU5GhruXsFzKfdBhFNgs8nvkVpFKgP4pIQ80BmLLlf3ZkMoNL7Cpox6Ke3MXNWGswTtbKkM8AiB9v6pys8PNfYH0MDFWAi3tnffjwaMQBzRFhjx20qb6S4W',
-        'access_token_url': 'https://note-dev.crans.org/o/token/',
-        'refresh_token_url': 'https://note-dev.crans.org/o/token/',
-        'authorize_url': 'https://note-dev.crans.org/o/authorize/',
-        'userinfo_endpoint': 'https://note-dev.crans.org/api/me/',
-        'client_kwargs': {
-            'scope': '1_1 2_1 48_1',
-        }
-    }
-}
+NOTE_KFET_URL = 'https://note.crans.org'
+NOTE_KFET_CLIENT_ID = 'CHANGE_ME'
+NOTE_KFET_CLIENT_SECRET = 'CHANGE_ME'
+NOTE_KFET_SCOPES = '1_1 2_1 48_1'

 try:
    from .settings_local import *
 except ImportError:
    pass
+
+AUTHLIB_OAUTH_CLIENTS = {
+    'notekfet': {
+        'client_id': f'{NOTE_KFET_CLIENT_ID}',
+        'client_secret': f'{NOTE_KFET_CLIENT_SECRET}',
+        'access_token_url': f'{NOTE_KFET_URL}/o/token/',
+        'refresh_token_url': f'{NOTE_KFET_URL}/o/token/',
+        'authorize_url': f'{NOTE_KFET_URL}/o/authorize/',
+        'userinfo_endpoint': f'{NOTE_KFET_URL}/api/me/',
+        'client_kwargs': {
+            'scope': NOTE_KFET_SCOPES,
+        }
+    }
+}
--- a/med/settings_local.example.py
+++ b/med/settings_local.example.py
@ -40,3 +40,8 @@ DATABASES = {
        'PORT': '',
    }
 }
+
+NOTE_KFET_URL = 'https://note.crans.org'
+NOTE_KFET_CLIENT_ID = 'CHANGE_ME'
+NOTE_KFET_CLIENT_SECRET = 'CHANGE_ME'
+NOTE_KFET_SCOPES = '1_1 2_1 48_1'
--- a/users/admin.py
+++ b/users/admin.py
@ -3,11 +3,9 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.contrib import admin
-from django.contrib import messages
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-from django.contrib.auth.forms import PasswordResetForm
-from django.urls import reverse
-from django.utils.html import format_html
+from django.utils import timezone
+from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 from reversion.admin import VersionAdmin
 from med.admin import admin_site
@ -25,7 +23,12 @@ class IsMemberFilter(admin.SimpleListFilter):
        )

    def queryset(self, request, queryset):
-        # FIXME Replace with imported Note Kfet memberships
+        if self.parameter_name in request.GET:
+            queryset = queryset.filter(
+                membership__date_start__lte=timezone.now(),
+                membership__date_end__gte=timezone.now(),
+            ).distinct()
+
        return queryset


@ -45,39 +48,21 @@ class UserAdmin(VersionAdmin, BaseUserAdmin):
    list_filter = (IsMemberFilter, 'is_staff', 'is_superuser', 'is_active',
                   'groups')

-    def save_model(self, request, obj, form, change):
-        """
-        On creation, send a password init mail
-        """
-        super().save_model(request, obj, form, change)
-
-        if not change:
-            # Virtually fill the password reset form
-            password_reset = PasswordResetForm(data={'email': obj.email})
-            if password_reset.is_valid():
-                password_reset.save(request=request,
-                                    use_https=request.is_secure())
-                messages.success(request, _("An email to set the password"
-                                            " was sent."))
-            else:
-                messages.error(request, _("The email is invalid."))
+    def has_add_permission(self, request):
+        # Only add users through Note Kfet login
+        return False

    def is_member(self, obj):
        """
        Get current membership year and check if user is there
        """
-        # FIXME Use NK20
-        is_member = True
-        if is_member:
-            return format_html(
+        if obj.is_member:
+            return mark_safe(
                '<img src="/static/admin/img/icon-yes.svg" alt="True">'
            )
        else:
-            return format_html(
-                '<img src="/static/admin/img/icon-no.svg" alt="False"> '
-                '<a class="button" href="{}">{}</a>',
-                reverse('users:adherer', args=[obj.pk]),
-                _('Adhere')
+            return mark_safe(
+                '<img src="/static/admin/img/icon-no.svg" alt="False">'
            )

    is_member.short_description = _('is member')
--- a/users/models.py
+++ b/users/models.py
@ -178,7 +178,7 @@ class AccessToken(models.Model):
        Extract information about the Note Kfet API by using the current
        access token.
        """
-        data = requests.get('https://note-dev.crans.org/api/me/',
+        data = requests.get(f'{settings.NOTE_KFET_URL}/api/me/',
                            headers=self.auth_header()).json()
        username = data['username']
        email = data['email']
Author	SHA1	Message	Date
Yohann D'ANELLO	fe55a2a5ea	Don't hardcode OAuth2 parameters	2021-11-14 15:22:11 +01:00
Yohann D'ANELLO	cdcb743b55	Fix membership filters	2021-11-14 15:09:04 +01:00