Merge branch 'qrcode' into 'main'

Draft: Qrcode

See merge request bde/nk20!196

README.md

@@ -58,7 +58,13 @@ Bien que cela permette de créer une instance sur toutes les distributions,
     (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial
     ```
 
-6.  Enjoy :
+6. (Optionnel) **Création d'une clé privée OpenID Connect**
+
+Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
+emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
+
+7.  Enjoy :
 
     ```bash
     (env)$ ./manage.py runserver 0.0.0.0:8000
@@ -228,7 +234,13 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
         (env)$ ./manage.py check # pas de bêtise qui traine
         (env)$ ./manage.py migrate
 
-7.  *Enjoy \o/*
+7. **Création d'une clé privée OpenID Connect**
+
+Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
+exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
+emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
+
+8.  *Enjoy \o/*
 
 ### Installation avec Docker
 

apps/activity/admin.py

@@ -35,7 +35,7 @@ class GuestAdmin(admin.ModelAdmin):
     """
     Admin customisation for Guest
     """
-    list_display = ('last_name', 'first_name', 'activity', 'inviter')
+    list_display = ('last_name', 'first_name', 'school', 'activity', 'inviter')
     form = GuestForm
 
 

apps/activity/api/views.py

@@ -51,9 +51,9 @@ class GuestViewSet(ReadProtectedModelViewSet):
     queryset = Guest.objects.order_by('id')
     serializer_class = GuestSerializer
     filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
-    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'inviter', 'inviter__alias__name',
+    filterset_fields = ['activity', 'activity__name', 'last_name', 'first_name', 'school', 'inviter', 'inviter__alias__name',
                         'inviter__alias__normalized_name', ]
-    search_fields = ['$activity__name', '$last_name', '$first_name', '$inviter__user__email', '$inviter__alias__name',
+    search_fields = ['$activity__name', '$last_name', '$first_name', '$school', '$inviter__user__email', '$inviter__alias__name',
                      '$inviter__alias__normalized_name', ]
 
 

apps/activity/forms.py

@@ -107,7 +107,7 @@ class GuestForm(forms.ModelForm):
 
     class Meta:
         model = Guest
-        fields = ('last_name', 'first_name', 'inviter', )
+        fields = ('last_name', 'first_name', 'school', 'inviter', )
         widgets = {
             "inviter": Autocomplete(
                 NoteUser,

apps/activity/migrations/0006_guest_school.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.20 on 2025-03-25 09:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("activity", "0005_alter_opener_options_alter_opener_opener"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="guest",
+            name="school",
+            field=models.CharField(default="", max_length=255, verbose_name="school"),
+            preserve_default=False,
+        ),
+    ]

apps/activity/models.py

@@ -201,7 +201,8 @@ class Entry(models.Model):
     def save(self, *args, **kwargs):
         qs = Entry.objects.filter(~Q(pk=self.pk), activity=self.activity, note=self.note, guest=self.guest)
         if qs.exists():
-            raise ValidationError(_("Already entered on ") + _("{:%Y-%m-%d %H:%M:%S}").format(qs.get().time, ))
+            raise ValidationError(_("Already entered on ")
+                                  + _("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(qs.get().time), ))
 
         if self.guest:
             self.note = self.guest.inviter
@@ -247,6 +248,11 @@ class Guest(models.Model):
         verbose_name=_("first name"),
     )
 
+    school = models.CharField(
+        max_length=255,
+        verbose_name=_("school"),
+    )
+
     inviter = models.ForeignKey(
         NoteUser,
         on_delete=models.PROTECT,

apps/activity/tables.py

@@ -51,11 +51,11 @@ class GuestTable(tables.Table):
         }
         model = Guest
         template_name = 'django_tables2/bootstrap4.html'
-        fields = ("last_name", "first_name", "inviter", )
+        fields = ("last_name", "first_name", "inviter", "school")
 
     def render_entry(self, record):
         if record.has_entry:
-            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, )))
+            return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(timezone.localtime(record.entry.time))))
         return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
                          '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
 

apps/activity/templates/activity/activity_entry.html

@@ -38,6 +38,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 </a>
 
 <input id="alias" type="text" class="form-control" placeholder="Nom/note ...">
+<button id="trigger" class="btn btn-secondary">Click me !</button>
 
 <hr>
 
@@ -63,15 +64,46 @@ SPDX-License-Identifier: GPL-3.0-or-later
         refreshBalance();
     }
 
+    function process_qrcode() {
+        let name = alias_obj.val();
+        $.get("/api/note/note?search=" + name + "&format=json").done(
+            function (res) {
+                let note = res.results[0];
+                $.post("/api/activity/entry/?format=json", {
+                    csrfmiddlewaretoken: CSRF_TOKEN,
+                    activity: {{ activity.id }},
+                    note: note.id,
+                    guest: null
+                }).done(function () {
+                    addMsg(interpolate(gettext(
+                        "Entry made for %s whose balance is %s €"),
+                        [note.name, note.balance / 100]), "success", 4000);
+                    reloadTable(true);
+                }).fail(function (xhr) {
+                    errMsg(xhr.responseJSON, 4000);
+                });
+            }).fail(function (xhr) {
+                errMsg(xhr.responseJSON, 4000);
+            });
+    }
+
     alias_obj.keyup(function(event) {
         let code = event.originalEvent.keyCode
         if (65 <= code <= 122 || code === 13) {
             debounce(reloadTable)()
         }
+        if (code === 0)
+            process_qrcode();
     });
 
     $(document).ready(init);
 
+    alias_obj2 = document.getElementById("alias");
+    $("#trigger").click(function (e) {
+        addMsg("Clicked", "success", 1000);
+        alias_obj.val(alias_obj.val() + "\0");
+        alias_obj2.dispatchEvent(new KeyboardEvent('keyup'));
+    })
     function init() {
         $(".table-row").click(function (e) {
             let target = e.target.parentElement;

apps/activity/tests/test_activities.py

@@ -50,6 +50,7 @@ class TestActivities(TestCase):
             inviter=self.user.note,
             last_name="GUEST",
             first_name="Guest",
+            school="School",
         )
 
     def test_activity_list(self):
@@ -156,6 +157,7 @@ class TestActivities(TestCase):
             inviter=self.user.note.id,
             last_name="GUEST2",
             first_name="Guest",
+            school="School",
         ))
         self.assertEqual(response.status_code, 200)
 
@@ -167,6 +169,7 @@ class TestActivities(TestCase):
             inviter=self.user.note.id,
             last_name="GUEST2",
             first_name="Guest",
+            school="School",
         ))
         self.assertRedirects(response, reverse("activity:activity_detail", args=(self.activity.pk,)), 302, 200)
 
@@ -200,6 +203,7 @@ class TestActivityAPI(TestAPI):
             inviter=self.user.note,
             last_name="GUEST",
             first_name="Guest",
+            school="School",
         )
 
         self.entry = Entry.objects.create(

apps/activity/views.py

@@ -168,6 +168,7 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
             activity=activity,
             first_name="",
             last_name="",
+            school="",
             inviter=self.request.user.note,
         )
 

apps/member/forms.py

@@ -23,7 +23,7 @@ from .models import Profile, Club, Membership
 class CustomAuthenticationForm(AuthenticationForm):
     permission_mask = forms.ModelChoiceField(
         label=_("Permission mask"),
-        queryset=PermissionMask.objects.order_by("rank"),
+        queryset=PermissionMask.objects.order_by("-rank"),
         empty_label=None,
     )
 

apps/member/templates/member/includes/profile_info.html

@@ -60,7 +60,10 @@
 {% if user_object.pk == user.pk %}
     <div class="text-center">
         <a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
-            <i class="fa fa-cogs"></i>{% trans 'API token' %}
+            <i class="fa fa-cogs"></i>&nbsp;{% trans 'API token' %}
+        </a>
+        <a class="small badge badge-secondary" href="{% url 'member:qr_code' user_object.pk %}">
+            <i class="fa fa-qrcode"></i>&nbsp;{% trans 'QR Code' %}
         </a>
     </div>
 {% endif %}

apps/member/templates/member/picture_update.html

@@ -20,11 +20,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
       </form>
     </div>
     <!-- MODAL TO CROP THE IMAGE -->
-    <div class="modal fade" id="modalCrop">
+    <div class="modal fade" id="modalCrop" data-backdrop="static">
       <div class="modal-dialog">
         <div class="modal-content">
-          <div class="modal-body">
+            <div class="modal-body-wrapper" style="width: 500px; height: 500px; padding: 16px;">
-            <img src="" id="modal-image" style="max-width: 100%;">
+              <div class="modal-body" style="width: 100%; height: 100%; padding: 0">
+                <img src="" id="modal-image" style="display: block; max-width: 100%;">
+              </div>
             </div>
           <div class="modal-footer">
             <div class="btn-group pull-left" role="group">

apps/member/templates/member/qr_code.html

@@ -0,0 +1,36 @@
+{% extends "base.html" %}
+{% comment %}
+SPDX-License-Identifier: GPL-3.0-or-later
+{% endcomment %}
+{% load i18n %}
+
+{% block content %}
+<div class="card bg-light">
+  	<h3 class="card-header text-center">
+		{% trans "QR Code for" %} {{ user_object.username }} ({{ user_object.first_name }} {{user_object.last_name }})
+  	</h3>
+  	<div class="text-center" id="qrcode">
+  	</div>
+</div>
+
+
+{% endblock %}
+
+{% block extrajavascript %}
+<script src="https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js" integrity="sha512-CNgIRecGo7nphbeZ04Sc13ka07paqdeTu0WR1IM4kNcpmBAUSHSQX0FslNhTDadL4O5SAGapGt4FodqL8My0mA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+<script>
+	var qrc = new QRCode(document.getElementById("qrcode"), {
+		text: "{{ user_object.pk }}\0",
+		width: 1024,
+		height: 1024
+	});
+</script>
+{% endblock %}
+
+{% block extracss %}
+<style>
+img {
+    width: 100%
+}
+</style>
+{% endblock %}

apps/member/urls.py

@@ -25,4 +25,5 @@ urlpatterns = [
     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"),
     path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"),
     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
+    path('user/<int:pk>/qr_code/', views.QRCodeView.as_view(), name='qr_code'),
 ]

apps/member/views.py

@@ -402,6 +402,14 @@ class ManageAuthTokens(LoginRequiredMixin, TemplateView):
         context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
         return context
 
+class QRCodeView(LoginRequiredMixin, DetailView):
+    """
+    Affiche le QR Code
+    """
+    model = User
+    context_object_name = "user_object"
+    template_name = "member/qr_code.html"
+    extra_context = {"title": _("QR Code")}
 
 # ******************************* #
 #              CLUB               #

apps/note/templates/note/transaction_form.html

@@ -89,7 +89,7 @@ SPDX-License-Identifier: GPL-2.0-or-later
                 </ul>
                 <div class="card-body">
                     <select id="debit_type" class="form-control custom-select d-none">
-                        {% for special_type in special_types %}
+                        {% for special_type in special_types|slice:"::-1" %}
                             <option value="{{ special_type.id }}">{{ special_type.special_type }}</option>
                         {% endfor %}
                     </select>

apps/treasury/migrations/0010_alter_invoice_bde.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.20 on 2025-04-14 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('treasury', '0009_alter_sogecredit_transactions'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='invoice',
+            name='bde',
+            field=models.CharField(choices=[('Diolistos', 'Diol[list]os'), ('RavePartlist', 'RavePart[list]'), ('SecretStorlist', 'SecretStor[list]'), ('TotalistSpies', 'Tota[list]Spies'), ('Saperlistpopette', 'Saper[list]popette'), ('Finalist', 'Fina[list]'), ('Listorique', '[List]orique'), ('Satellist', 'Satel[list]'), ('Monopolist', 'Monopo[list]'), ('Kataclist', 'Katac[list]')], default='Diolistos', max_length=32, verbose_name='BDE'),
+        ),
+    ]

apps/treasury/models.py

@@ -27,8 +27,9 @@ class Invoice(models.Model):
 
     bde = models.CharField(
         max_length=32,
-        default='RavePartlist',
+        default='Diolistos',
         choices=(
+            ('Diolistos', 'Diol[list]os'),
             ('RavePartlist', 'RavePart[list]'),
             ('SecretStorlist', 'SecretStor[list]'),
             ('TotalistSpies', 'Tota[list]Spies'),

docs/apps/activity.rst

@@ -55,6 +55,7 @@ Les adhérent⋅es ont la possibilité d'inviter des ami⋅es. Pour cela, les di
 * Activité concernée (clé étrangère)
 * Nom de famille
 * Prénom
+* École
 * Note de la personne ayant invité
 
 Certaines contraintes s'appliquent :

docs/external_services/oauth2.rst

@@ -43,6 +43,11 @@ On a ensuite besoin de définir nos propres scopes afin d'avoir des permissions
        'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
        'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
        'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
+       'PKCE_REQUIRED': False,
+       'OIDC_ENABLED': True,
+       'OIDC_RSA_PRIVATE_KEY':
+           os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'),
+       'SCOPES': { 'openid': "OpenID Connect scope" },
    }
 
 Cela a pour effet d'avoir des scopes sous la forme ``PERMISSION_CLUB``,
@@ -57,6 +62,14 @@ On ajoute enfin les routes dans ``urls.py`` :
         path('o/', include('oauth2_provider.urls', namespace='oauth2_provider'))
     )
 
+Enfin pour utiliser OIDC, il faut générer une clé privé que l'on va, par défaut,
+mettre dans `/var/secrets/oidc.key` :
+
+.. code:: bash
+
+   cd /var/secrets/
+   openssl genrsa -out oidc.key 4096
+
 L'OAuth2 est désormais prêt à être utilisé.
 
 

docs/install.rst

@@ -227,6 +227,22 @@ En production, ce fichier contient :
    )
 
 
+Génération d'une clé privé pour OIDC
+------------------------------------
+
+Pour pouvoir proposer le service de connexion Openid Connect (OIDC) par OAuth2, il y a
+besoin d'une clé privé. Par défaut, elle est cherché dans le fichier `/var/secrets/oidc.key`
+(sinon, il faut modifier l'emplacement dans les fichiers de configurations).
+
+Pour générer la clé, il faut aller dans le dossier `/var/secrets` (à créer, si nécessaire) puis
+utiliser la commande de génération :
+
+.. code:: bash
+
+   cd /var/secrets
+   openssl genrsa -out oidc.key 4096
+
+
 Configuration des tâches récurrentes
 ------------------------------------
 

locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-03-13 21:08+0100\n"
+"POT-Creation-Date: 2025-03-25 11:16+0100\n"
 "PO-Revision-Date: 2022-04-11 22:05+0200\n"
 "Last-Translator: bleizi <bleizi@crans.org>\n"
 "Language-Team: French <http://translate.ynerant.fr/projects/nk20/nk20/fr/>\n"
@@ -25,7 +25,7 @@ msgid "This opener already exists"
 msgstr "Cette amitié existe déjà"
 
 #: apps/activity/apps.py:10 apps/activity/models.py:129
-#: apps/activity/models.py:169 apps/activity/models.py:323
+#: apps/activity/models.py:169 apps/activity/models.py:328
 msgid "activity"
 msgstr "activité"
 
@@ -37,24 +37,24 @@ msgstr "La note du club est inactive."
 msgid "The end date must be after the start date."
 msgstr "La date de fin doit être après celle de début."
 
-#: apps/activity/forms.py:83 apps/activity/models.py:271
+#: apps/activity/forms.py:83 apps/activity/models.py:276
 msgid "You can't invite someone once the activity is started."
 msgstr ""
 "Vous ne pouvez pas inviter quelqu'un une fois que l'activité a démarré."
 
-#: apps/activity/forms.py:86 apps/activity/models.py:274
+#: apps/activity/forms.py:86 apps/activity/models.py:279
 msgid "This activity is not validated yet."
 msgstr "Cette activité n'est pas encore validée."
 
-#: apps/activity/forms.py:96 apps/activity/models.py:282
+#: apps/activity/forms.py:96 apps/activity/models.py:287
 msgid "This person has been already invited 5 times this year."
 msgstr "Cette personne a déjà été invitée 5 fois cette année."
 
-#: apps/activity/forms.py:100 apps/activity/models.py:286
+#: apps/activity/forms.py:100 apps/activity/models.py:291
 msgid "This person is already invited."
 msgstr "Cette personne est déjà invitée."
 
-#: apps/activity/forms.py:104 apps/activity/models.py:290
+#: apps/activity/forms.py:104 apps/activity/models.py:295
 msgid "You can't invite more than 3 people to this activity."
 msgstr "Vous ne pouvez pas inviter plus de 3 personnes à cette activité."
 
@@ -228,32 +228,36 @@ msgstr "nom de famille"
 msgid "first name"
 msgstr "prénom"
 
-#: apps/activity/models.py:254
+#: apps/activity/models.py:252
+msgid "school"
+msgstr "école"
+
+#: apps/activity/models.py:259
 msgid "inviter"
 msgstr "hôte"
 
-#: apps/activity/models.py:258
+#: apps/activity/models.py:263
 msgid "guest"
 msgstr "invité·e"
 
-#: apps/activity/models.py:259
+#: apps/activity/models.py:264
 msgid "guests"
 msgstr "invité·e·s"
 
-#: apps/activity/models.py:312
+#: apps/activity/models.py:317
 msgid "Invitation"
 msgstr "Invitation"
 
-#: apps/activity/models.py:330 apps/activity/models.py:334
+#: apps/activity/models.py:335 apps/activity/models.py:339
 msgid "Opener"
 msgstr "Ouvreur⋅se"
 
-#: apps/activity/models.py:335
+#: apps/activity/models.py:340
 #: apps/activity/templates/activity/activity_detail.html:16
 msgid "Openers"
 msgstr "Ouvreur⋅ses"
 
-#: apps/activity/models.py:339
+#: apps/activity/models.py:344
 #, fuzzy, python-brace-format
 #| msgid "Entry for {note} to the activity {activity}"
 msgid "{opener} is opener of activity {acivity}"
@@ -463,25 +467,25 @@ msgstr "Détails de l'activité"
 msgid "Update activity"
 msgstr "Modifier l'activité"
 
-#: apps/activity/views.py:177
+#: apps/activity/views.py:178
 msgid "Invite guest to the activity \"{}\""
 msgstr "Invitation pour l'activité « {} »"
 
-#: apps/activity/views.py:217
+#: apps/activity/views.py:218
 msgid "You are not allowed to display the entry interface for this activity."
 msgstr ""
 "Vous n'êtes pas autorisé·e à afficher l'interface des entrées pour cette "
 "activité."
 
-#: apps/activity/views.py:220
+#: apps/activity/views.py:221
 msgid "This activity does not support activity entries."
 msgstr "Cette activité ne requiert pas d'entrées."
 
-#: apps/activity/views.py:223
+#: apps/activity/views.py:224
 msgid "This activity is closed."
 msgstr "Cette activité est fermée."
 
-#: apps/activity/views.py:328
+#: apps/activity/views.py:329
 msgid "Entry for activity \"{}\""
 msgstr "Entrées pour l'activité « {} »"
 
@@ -1989,10 +1993,6 @@ msgstr "Historique des transactions récentes"
 #: apps/note/templates/note/mails/weekly_report.txt:32
 #: apps/registration/templates/registration/mails/email_validation_email.html:40
 #: apps/registration/templates/registration/mails/email_validation_email.txt:16
-#: apps/scripts/templates/scripts/horaires.html:35
-#: apps/scripts/templates/scripts/horaires.txt:17
-#: apps/scripts/templates/scripts/intro_mail.html:49
-#: apps/scripts/templates/scripts/intro_mail.txt:25
 msgid "Mail generated by the Note Kfet on the"
 msgstr "Mail généré par la Note Kfet le"
 

note.cron

@@ -27,5 +27,5 @@ MAILTO=notekfet2020@lists.crans.org
 # Vider les tokens Oauth2
  00  6     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py cleartokens -v 0
 # Envoyer la liste des abonnés à la NL BDA
- 00  10     *   *   0     root   cd /var/www/note_kfet && env/bin/python manage.py extract_ml_registrations -t art
+ 00  10     *   *   0     root   cd /var/www/note_kfet && env/bin/python manage.py extract_ml_registrations -t art -e "bda.ensparissaclay@gmail.com"
  

note_kfet/settings/base.py

@@ -268,6 +268,10 @@ OAUTH2_PROVIDER = {
     'OAUTH2_VALIDATOR_CLASS': "permission.scopes.PermissionOAuth2Validator",
     'REFRESH_TOKEN_EXPIRE_SECONDS': timedelta(days=14),
     'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
+    'OIDC_ENABLED': True,
+    'OIDC_RSA_PRIVATE_KEY':
+        os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'),
+    'SCOPES': { 'openid': "OpenID Connect scope" },
 }
 
 # Take control on how widget templates are sourced