creylopez
/
django-ex
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Browse Source

DIV-1159 - Removing BCeID code and updating settings

pull/172/head
Michael Olund 5 years ago
parent
ca928efd60
commit
67e34c4a2b
16 changed files with 86 additions and 443 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -8
      .env.example
  2. +16
    -1
      conf/keycloak/realm-export.json
  3. +0
    -4
      eDivorce.pyproj
  4. +0
    -22
      edivorce/apps/core/decorators.py
  5. +0
    -156
      edivorce/apps/core/middleware/bceid_middleware.py
  6. +4
    -4
      edivorce/apps/core/templates/base.html
  7. +0
    -155
      edivorce/apps/core/templates/localdev/bceid.html
  8. +0
    -17
      edivorce/apps/core/templates/localdev/register.html
  9. +1
    -2
      edivorce/apps/core/urls.py
  10. +0
    -32
      edivorce/apps/core/views/localdev.py
  11. +6
    -6
      edivorce/apps/core/views/main.py
  12. +1
    -2
      edivorce/apps/core/views/pdf.py
  13. +0
    -1
      edivorce/apps/poc/urls.py
  14. +4
    -10
      edivorce/settings/base.py
  15. +11
    -4
      edivorce/settings/local.py
  16. +41
    -19
      edivorce/settings/openshift.py

+ 2
- 8
.env.example View File

@ -29,11 +29,5 @@ EFILING_HUB_API_BASE_URL=''
EFILING_BCEID=
# Keycloak settings
OIDC_OP_JWKS_ENDPOINT=
OIDC_RP_CLIENT_ID=
OIDC_RP_CLIENT_SECRET=
OIDC_OP_AUTHORIZATION_ENDPOINT=
OIDC_OP_TOKEN_ENDPOINT=
OIDC_OP_USER_ENDPOINT=
LOGIN_REDIRECT_URL=
LOGOUT_REDIRECT_URL=
KEYCLOAK_CLIENT_ID=
KEYCLOAK_CLIENT_SECRET=

+ 16
- 1
conf/keycloak/realm-export.json View File

@ -894,7 +894,22 @@
"claim.name": "email",
"jsonType.label": "String"
}
}
},
{
"id": "0cad3a2d-36bd-4cf2-bbd7-39ce784916ad",
"name": "universal-id",
"protocol": "openid-connect",
"protocolMapper": "oidc-script-based-protocol-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "universal-id",
"jsonType.label": "String",
"script": "user.id.toUpperCase().replace(/-/g, '')"
}
}
]
},
{


+ 0
- 4
eDivorce.pyproj View File

@ -71,9 +71,7 @@
<Content Include="edivorce\apps\core\templates\incomplete.html" />
<Content Include="edivorce\apps\core\templates\intro.html" />
<Content Include="edivorce\apps\core\templates\legal.html" />
<Content Include="edivorce\apps\core\templates\localdev\bceid.html" />
<Content Include="edivorce\apps\core\templates\localdev\debug.html" />
<Content Include="edivorce\apps\core\templates\localdev\register.html" />
<Content Include="edivorce\apps\core\templates\login.html" />
<Content Include="edivorce\apps\core\templates\logout.html" />
<Content Include="edivorce\apps\core\templates\overview.html" />
@ -139,7 +137,6 @@
<Compile Include="edivorce\apps\core\context_processors.py" />
<Compile Include="edivorce\apps\core\decorators.py" />
<Compile Include="edivorce\apps\core\middleware\basicauth_middleware.py" />
<Compile Include="edivorce\apps\core\middleware\bceid_middleware.py" />
<Compile Include="edivorce\apps\core\middleware\__init__.py" />
<Compile Include="edivorce\apps\core\migrations\0001_initial.py" />
<Compile Include="edivorce\apps\core\migrations\0002_legalform_order.py" />
@ -179,7 +176,6 @@
<Compile Include="edivorce\apps\core\utils\user_response.py" />
<Compile Include="edivorce\apps\core\utils\__init__.py" />
<Compile Include="edivorce\apps\core\views\api.py" />
<Compile Include="edivorce\apps\core\views\localdev.py" />
<Compile Include="edivorce\apps\core\views\main.py" />
<Compile Include="edivorce\apps\core\views\pdf.py" />
<Compile Include="edivorce\apps\core\views\styleguide.py" />


+ 0
- 22
edivorce/apps/core/decorators.py View File

@ -9,28 +9,6 @@ from edivorce.apps.core.utils.user_response import get_data_for_user, get_step_r
base_url = settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1]
def bceid_required(function=None):
"""
View decorator to check if the user is logged in to BCEID
This decorator has a dependency on bceid_middleware.py
"""
def _dec(view_func):
def _view(request, *args, **kwargs):
if not request.user.is_authenticated:
return redirect(base_url + '/login')
return view_func(request, *args, **kwargs)
_view.__name__ = view_func.__name__
_view.__dict__ = view_func.__dict__
_view.__doc__ = view_func.__doc__
return _view
return _dec if function is None else _dec(function)
def intercept(function=None):
"""
Decorator to redirect to intercept page


+ 0
- 156
edivorce/apps/core/middleware/bceid_middleware.py View File

@ -1,156 +0,0 @@
import datetime
from ipaddress import ip_address, ip_network
from django.conf import settings
from django.shortcuts import redirect
from django.utils import timezone
from django.utils.deprecation import MiddlewareMixin
from ..models import BceidUser
login_delta = datetime.timedelta(hours=2)
class AnonymousUser:
"""
Anonymous user, present mainly to provide authentication checks in templates
"""
guid = None
display_name = ''
has_accepted_terms = False
@property
def is_authenticated(self):
return False
@property
def is_anonymous(self):
return True
anonymous_user = AnonymousUser()
class BceidMiddleware(MiddlewareMixin): # pylint: disable=too-few-public-methods
"""
Simple authentication middleware for operating in the BC Government
OpenShift environment, with SiteMinder integration.
For our purposes, SiteMinder is configured to add the following headers:
BCeID:
- SMGOV_USERGUID
- SMGOV_USERDISPLAYNAME
- SM_USER
BC Services Card:
- SMGOV_USERGUID
- SMGOV_GIVENNAMES
- SMGOV_SURNAME
- SM_USER
The first two are provided on pages configured to be protected by
SiteMinder, which is currently just /login. When a user goes to the login
page, if the user is logged in, SiteMinder adds those headers with their
BCeID values; if they're not logged in, it routes them through its
login/signup page and then back to the login page, with those headers in
place. For unprotected pages, those headers are stripped if present,
preventing spoofing.
The third header is populated on every request that's proxied through
SiteMinder. For logged in users, it contains their ???; for anonymous
users, it's empty.
When we detect authentication by the presence of the first two headers, we
store those values in the user's session. On all requests, we use them to
access a local proxy object for the user (available as request.user). For
users that are not logged in, an Anonymous User substitute is present.
In a local development environment, we generate a guid based on the login
name and treat that guid/login name as guid/display name.
"""
def process_request(self, request): # pylint: disable=too-many-branches
"""
Return None after populating request.user, or necessary redirects.
If the request is not coming from inside the BC Government data centre,
redirect the request through the proxy server.
If the SiteMinder headers are present, indicating the user has just
authenticated, save those headers to the session.
Get the user's GUID and display name. If they're present, and the user
has authenticated (or we're in a local development environment), add
the local proxy user to the request; if not, store the anonymous user
instance.
"""
# HTTP_SM_USER is available on both secure and unsecure pages. If it
# has a value then we know that the user is still logged into BCeID.
# This is an additional check to make sure we aren't letting users
# access the site via their session variables after logging out of bceid
#
# Note: It's still possible that a user has logged out of one BCeID and
# logged into another BCeID via www.bceid.ca without clicking the logout
# link on our app or closing the browser. This is an extreme edge case,
# and it's not pragmatic to code against it at this time.
siteminder_user = request.META.get('HTTP_SM_USER', '')
is_localdev = settings.DEPLOYMENT_TYPE in ['localdev', 'minishift']
update_user = False
using_bc_services_card = False
guid = request.META.get('HTTP_SMGOV_USERGUID', '')
given_names = request.META.get('HTTP_SMGOV_GIVENNAMES', '')
surname = request.META.get('HTTP_SMGOV_SURNAME', '')
displayname = request.META.get('HTTP_SMGOV_USERDISPLAYNAME', '')
# HTTP_SMGOV_USERDISPLAYNAME is not included when BC Services Card authentication is used.
if not displayname and (surname or given_names):
displayname = "{0} {1}".format(given_names, surname)
using_bc_services_card = True
# HTTP_SM_USER is typically '.' when BC Services Card authentication is used.
if (not siteminder_user or siteminder_user == '.') and given_names and surname:
siteminder_user = "{0}{1}".format(given_names.split(None, 1)[0], surname)
if guid:
request.session['smgov_userguid'] = guid
else:
guid = request.session.get('smgov_userguid')
if displayname:
request.session['smgov_userdisplayname'] = displayname
else:
displayname = request.session.get('smgov_userdisplayname')
if is_localdev:
guid = request.session.get('fake_bceid_guid')
displayname = request.session.get('login_name')
if guid and (siteminder_user or is_localdev):
request.user, created = BceidUser.objects.get_or_create(user_guid=guid)
if created:
request.session['first_login'] = True
if siteminder_user:
if created or not request.user.sm_user:
request.user.sm_user = siteminder_user
update_user = True
if request.user.is_bcsc != using_bc_services_card:
request.user.is_bcsc = using_bc_services_card
update_user = True
if request.user.display_name != displayname:
request.user.display_name = displayname
update_user = True
if (request.user.last_login is None or
timezone.now() - request.user.last_login > login_delta):
request.user.last_login = timezone.now()
update_user = True
if update_user:
request.user.save()
else:
request.user = anonymous_user
return None

+ 4
- 4
edivorce/apps/core/templates/base.html View File

@ -13,10 +13,10 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
{% compress css %}
<link rel="stylesheet" type="text/css" href="{% static "css/bootstrap.min.css" %}">
<link rel="stylesheet" type="text/css" href="{% static "css/bootstrap-datepicker3.min.css" %}">
<link rel="stylesheet" type="text/css" href="{% static "css/font-awesome.min.css" %}">
<link rel="stylesheet" type="text/css" href="{% sass_src "css/main.scss" %}" />
<link rel="stylesheet" type="text/css" href="{% static 'css/bootstrap.min.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/bootstrap-datepicker3.min.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'css/font-awesome.min.css' %}">
<link rel="stylesheet" type="text/css" href="{% sass_src 'css/main.scss' %}" />
{% endcompress %}
{% block extra_css %}
{% endblock %}


+ 0
- 155
edivorce/apps/core/templates/localdev/bceid.html View File

@ -1,155 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>Government of British Columbia</title>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
<meta name="keywords" content=""/>
<meta name="description" content=""/>
<meta name="Author" content=""/>
<link rel="icon" href="https://logon7.gov.bc.ca/clp/images/favicon.ico">
<title>CLP</title>
<!-- mobile settings -->
<meta name="viewport"
content="width=device-width, maximum-scale=1, initial-scale=1, user-scalable=0"/>
<!-- JAVASCRIPT FILES -->
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/plugins/jquery-2.1.4.min.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/plugins/bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/plugins/datepicker/js/bootstrap-datepicker.min.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/js/common.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/js/brandexample.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/js/form-validation.js"></script>
<script type="text/javascript" src="https://logon7.gov.bc.ca/clp/js/footer.js"></script>
<!-- CORE CSS -->
<link href="https://logon7.gov.bc.ca/clp/plugins/bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
<link href="https://logon7.gov.bc.ca/clp/css/font-awesome.css" rel="stylesheet" type="text/css"/>
<link href="https://logon7.gov.bc.ca/clp/css/main.css" rel="stylesheet" type="text/css"/>
<link href="https://logon7.gov.bc.ca/clp/plugins/datepicker/css/bootstrap-datepicker3.min.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="wrapper" class="main">
<header id="bcGov" class="no-gov-brand">
<div class="container">
<div class="seperator"></div>
<div id="login-to" class="site-title">FAKE BCeID LOGIN &ndash; FOR SOFTWARE DEVELOPMENT PURPOSES ONLY</div>
</div>
</header>
<header id="client">
<div class="container">
<div>
<img src="https://logon7.gov.bc.ca/clp/branding/bceid_default_logo.jpg" class="logo" alt=""/>
</div>
</div>
</header>
<form method="POST" name="login" id="login-form" class="login-bceid-form" novalidate>
<section class="container">
<div class="row">
<div class="col-sm-7 col-md-8">
<div class="panel">
<div class="panel-heading">
Log in with
<span id="bceidLogo" class="environment-logo bceid-environment-devv2"></span>
</div>
<div class="panel-body">
<div class="form-element form-group">
<label class="control-label label-with-instruction"
for="username">User ID</label>
<div class="instruction">Use a Basic BCeID</div>
<input name="user" id="username" type="text" size="20" autofocus
class="form-control input-200" autocomplete="off"/>
</div>
<div class="form-element form-group">
<label class="control-label" for="password">Password</label>
<input name="password" type="password" class="form-control input-200"
id="password" size="20" autocomplete="off"/>
</div>
<div class="bg-error hidden">
<div class="help-block field-help-block">
<i class="fa fa-fw fa-exclamation-circle"></i><span
class="field-help-text"></span>
</div>
</div>
<div class="login-form-action">
<input type="submit" name="btnSubmit" class="btn btn-primary"
value="Continue"/>
</div>
<div class="forgot">
<a href="{% url 'register' %}" class="link-forgot">Forgot your user ID or password?</a>
</div>
</div>
</div>
<div class="panel">
<div class="panel-body" style="padding-bottom: 15px;">
<div>
<strong>No account?</strong>
</div>
<a href="{% url 'register' %}"
style="text-decoration: underline; font-size: 16px; font-weight: 600;">Register for a
BCeID</a>
</div>
</div>
<div>
&#x25C0; <a href="./" class="link-cancel">Cancel
and return to localdev</a>
</div>
<hr class="visible-xs">
</div>
<div class="col-sm-5 col-md-4">
</div>
</div>
</section>
</form>
</div>
<footer class="footer-stick-to-bottom">
<div class="container" id="AccessMessage">
<div class="row">
<div class="col-sm-12">
<p>Access to or unauthorized use of data on this computer system by any person other than the authorized
employee(s) or owner(s) of an account is strictly prohibited and may result in legal action against
such person.</p>
</div>
</div>
</div>
<div id="footerWrapper">
<div class="container">
<div class="row">
<div class="col-sm-12">
<ul class="inline">
<li data-order="1"><a href="http://www.gov.bc.ca/com/disclaimer.html">Disclaimer</a></li>
<li data-order="2"><a href="http://www.gov.bc.ca/com/privacy.html">Privacy</a></li>
<li data-order="3"><a href="http://www.gov.bc.ca/com/accessibility.html">Accessibility</a></li>
<li data-order="4"><a href="http://www.gov.bc.ca/com/copyright.html">Copyright</a></li>
</ul>
</div>
</div>
</div>
</div>
</footer>
</body>
</html>

+ 0
- 17
edivorce/apps/core/templates/localdev/register.html View File

@ -1,17 +0,0 @@
<html>
<head>
<title>Register</title>
</head>
<body>
<h1>localdev registration is not implemented</h1>
<p>Enter <strong>any user id</strong> with the password <em><strong>divorce</strong></em> to
simulate a login in your localdev envirommnent.</p>
<a href="{% url 'oidc_authentication_init' %}">Goto Login</a>
</body>
</html>

+ 1
- 2
edivorce/apps/core/urls.py View File

@ -1,7 +1,7 @@
from django.conf.urls import url
from django.urls import path
from .views import main, system, pdf, api, localdev
from .views import main, system, pdf, api
urlpatterns = [
# url(r'^guide$', styleguide.guide),
@ -16,7 +16,6 @@ urlpatterns = [
# url(r'^login/headers$', system.headers),
url(r'^login$', main.login, name="login"),
url(r'^bceid$', localdev.bceid, name="bceid"),
url(r'^register$', main.register, name="register"),
url(r'^register_sc$', main.register_sc, name="register_sc"),
url(r'^logout$', main.logout, name="logout"),


+ 0
- 32
edivorce/apps/core/views/localdev.py View File

@ -1,32 +0,0 @@
import uuid
import binascii
from encodings.utf_8 import decode
from django.conf import settings
from django.shortcuts import render, redirect
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def bceid(request):
""" fake bceid login for developer workstation environment """
if request.method == "POST":
login_name = request.POST.get('user', '')
password = request.POST.get('password', '')
# just in case anyone from the general public discovers the dev server
# make sure they don't accidentally login and think this is production
if password.lower() != 'divorce':
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
# convert the login name to a guid
hex_name = decode(binascii.hexlify(str.encode(login_name)))[0]
fake_guid = hex_name.rjust(32, '0')
# save the guid in a session variable
request.session['login_name'] = login_name
request.session['fake_bceid_guid'] = fake_guid
return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME[:-1] + '/login')
else:
return render(request, 'localdev/bceid.html')

+ 6
- 6
edivorce/apps/core/views/main.py View File

@ -7,7 +7,7 @@ from django.utils import timezone
from django.contrib.auth.decorators import login_required
from edivorce.apps.core.utils.derived import get_derived_data
from ..decorators import bceid_required, intercept, prequal_completed
from ..decorators import intercept, prequal_completed
from ..utils.cso_filing import file_documents
from ..utils.question_step_mapping import list_of_registries
from ..utils.step_completeness import get_error_dict, get_missed_question_keys, get_step_completeness, is_complete, get_formatted_incomplete_list
@ -72,7 +72,7 @@ def success(request):
if request.user.is_authenticated:
return redirect(reverse('overview'))
else:
return render(request, 'success.html', context={'register_url': settings.REGISTER_URL,'register_sc_url': settings.REGISTER_SC_URL})
return render(request, 'success.html', context={'register_url': settings.REGISTER_BCEID_URL,'register_sc_url': settings.REGISTER_BCSC_URL})
return redirect(reverse('incomplete'))
@ -103,7 +103,7 @@ def register(request):
return render(request, 'localdev/register.html')
request.session['went_to_register'] = True
return redirect(settings.REGISTER_URL)
return redirect(settings.REGISTER_BCEID_URL)
def register_sc(request):
"""
@ -113,7 +113,7 @@ def register_sc(request):
return render(request, 'localdev/register.html')
request.session['went_to_register'] = True
return redirect(settings.REGISTER_SC_URL)
return redirect(settings.REGISTER_BCSC_URL)
def login(request):
"""
@ -219,7 +219,7 @@ def submit_initial_files(request):
return _submit_files(request, initial=True)
@bceid_required
@login_required
@prequal_completed
def submit_final_files(request):
return _submit_files(request, initial=False)
@ -238,7 +238,7 @@ def _submit_files(request, initial=False):
return redirect(reverse('dashboard_nav', kwargs={'nav_step': nav_step}), context=responses_dict)
@bceid_required
@login_required
@prequal_completed
def question(request, step, sub_step=None):
"""


+ 1
- 2
edivorce/apps/core/views/pdf.py View File

@ -9,7 +9,6 @@ from django.contrib.auth.decorators import login_required
import requests
from ..decorators import bceid_required
from ..models import Document
from ..utils.derived import get_derived_data
from ..utils.user_response import get_data_for_user
@ -112,7 +111,7 @@ def __add_claimant_info(responses, claimant):
return responses
@bceid_required
@login_required
def images_to_pdf(request, doc_type, party_code):
documents = Document.objects.filter(
bceid_user=request.user, doc_type=doc_type, party_code=party_code)


+ 0
- 1
edivorce/apps/poc/urls.py View File

@ -2,7 +2,6 @@ from django.conf.urls import url
from django.contrib.auth.decorators import login_required
from edivorce.apps.poc import views
from ..core.decorators import bceid_required
urlpatterns = [
url(r'scan', login_required(views.UploadScan.as_view()), name="poc-scan"),


+ 4
- 10
edivorce/settings/base.py View File

@ -203,13 +203,7 @@ EFILING_BCEID = env.dict('EFILING_BCEID', '', subcast=str)
LOGIN_URL = reverse_lazy('oidc_authentication_init')
OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_RP_SCOPES = 'openid email profile'
OIDC_AUTH_REQUEST_EXTRA_PARAMS = {'kc_idp_hint': 'bceid'} # this is needed to bypass the Keycloak login screen
# OIDC_CREATE_USER = False
OIDC_OP_JWKS_ENDPOINT = env('OIDC_OP_JWKS_ENDPOINT', '')
OIDC_RP_CLIENT_ID = env('OIDC_RP_CLIENT_ID', '')
OIDC_RP_CLIENT_SECRET = env('OIDC_RP_CLIENT_SECRET', '')
OIDC_OP_AUTHORIZATION_ENDPOINT = env('OIDC_OP_AUTHORIZATION_ENDPOINT', '')
OIDC_OP_TOKEN_ENDPOINT = env('OIDC_OP_TOKEN_ENDPOINT', '')
OIDC_OP_USER_ENDPOINT = env('OIDC_OP_USER_ENDPOINT', '')
LOGIN_REDIRECT_URL = env('LOGIN_REDIRECT_URL', '/overview')
LOGOUT_REDIRECT_URL = env('LOGOUT_REDIRECT_URL', '/')
# this is needed to bypass the Keycloak login screen
OIDC_AUTH_REQUEST_EXTRA_PARAMS = {'kc_idp_hint': 'bceid'}
OIDC_RP_CLIENT_ID = env('KEYCLOAK_CLIENT_ID', '')
OIDC_RP_CLIENT_SECRET = env('KEYCLOAK_CLIENT_SECRET', '')

+ 11
- 4
edivorce/settings/local.py View File

@ -21,16 +21,14 @@ WEASYPRINT_IMAGE_LOOPBACK = 'http://host.docker.internal:8000'
WEASYPRINT_CSS_LOOPBACK = WEASYPRINT_IMAGE_LOOPBACK
DEPLOYMENT_TYPE = 'localdev'
REGISTER_URL = '#'
REGISTER_SC_URL ='#'
REGISTER_BCEID_URL = '#'
REGISTER_BCSC_URL = '#'
PROXY_BASE_URL = ''
SASS_PROCESSOR_ENABLED = True
SASS_PROCESSOR_ROOT = PROJECT_ROOT + '/edivorce/apps/core/static'
SASS_OUTPUT_STYLE = 'compressed'
CORS_ORIGIN_ALLOW_ALL = True
LOGOUT_URL = '/accounts/logout/'
# CLAMAV settings
CLAMAV_ENABLED = env.bool('CLAMAV_ENABLED', True)
CLAMAV_TCP_PORT = env.int('CLAMAV_TCP_PORT', 3310)
@ -41,3 +39,12 @@ REDIS_HOST = env('REDIS_HOST', 'localhost')
REDIS_PORT = env.int('REDIS_PORT', 6379)
REDIS_DB = env('REDIS_DB', '')
REDIS_PASSWORD = env('REDIS_PASSWORD', '')
# Keycloak OpenID Connect settings
# Provided by mozilla-django-oidc
OIDC_OP_JWKS_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/userinfo'
LOGIN_REDIRECT_URL = '/overview'
LOGOUT_REDIRECT_URL = '/'

+ 41
- 19
edivorce/settings/openshift.py View File

@ -1,5 +1,6 @@
from .base import *
def openshift_db_config():
'''
Database config based on the django-ex openshift sample application
@ -45,42 +46,59 @@ COMPRESS_OFFLINE = True
#
# See nginx-proxy/conf.d/server.conf for related settings
#
DEPLOYMENT_TYPE = os.getenv('ENVIRONMENT_TYPE')
DEPLOYMENT_TYPE = env('ENVIRONMENT_TYPE', 'unittest')
PROXY_URL_PREFIX = ''
PROXY_BASE_URL = os.getenv('PROXY_BASE_URL', 'https://justice.gov.bc.ca')
if DEPLOYMENT_TYPE in ['dev', 'unittest']:
DEBUG = True
# Keycloak OpenID Connect settings
OIDC_OP_JWKS_ENDPOINT = 'https://sso-dev.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://sso-dev.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'https://sso-dev.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'https://sso-dev.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/userinfo'
OIDC_RP_CLIENT_ID = 'demo-app'
if DEPLOYMENT_TYPE == 'dev':
PROXY_URL_PREFIX = os.getenv('PROXY_URL_PREFIX', '/divorce')
DEBUG = True
CSRF_COOKIE_AGE = None
SESSION_COOKIE_AGE = 3600
REGISTER_URL = 'https://www.test.bceid.ca/directories/bluepages/details.aspx?serviceID=5522'
REGISTER_SC_URL = 'https://logontest7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed38&partnerList=fed38&flags=0001:0,7&TARGET=http://dev.justice.gov.bc.ca/divorce/login'
LOGOUT_URL_TEMPLATE = 'https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?returl=%s%s&retnow=1'
LOGOUT_URL = LOGOUT_URL_TEMPLATE % (PROXY_BASE_URL, PROXY_URL_PREFIX)
REGISTER_BCEID_URL = 'https://www.test.bceid.ca/directories/bluepages/details.aspx?serviceID=5522'
REGISTER_BCSC_URL = 'https://logontest7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed38&partnerList=fed38&flags=0001:0,7&TARGET=http://dev.justice.gov.bc.ca/divorce/oidc/authenticate'
if DEPLOYMENT_TYPE == 'test':
PROXY_URL_PREFIX = os.getenv('PROXY_URL_PREFIX', '/divorce')
REGISTER_URL = 'https://www.test.bceid.ca/directories/bluepages/details.aspx?serviceID=5521'
REGISTER_SC_URL = 'https://logontest7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed38&partnerList=fed38&flags=0001:0,7&TARGET=http://test.justice.gov.bc.ca/divorce/login'
LOGOUT_URL_TEMPLATE = 'https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?returl=%s%s&retnow=1'
LOGOUT_URL = LOGOUT_URL_TEMPLATE % (PROXY_BASE_URL, PROXY_URL_PREFIX)
REGISTER_BCEID_URL = 'https://www.test.bceid.ca/directories/bluepages/details.aspx?serviceID=5521'
REGISTER_BCSC_URL = 'https://logontest7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed38&partnerList=fed38&flags=0001:0,7&TARGET=http://test.justice.gov.bc.ca/divorce/oidc/authenticate'
# Keycloak OpenID Connect settings
OIDC_OP_JWKS_ENDPOINT = 'https://sso-test.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://sso-test.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'https://sso-test.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'https://sso-test.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/userinfo'
if DEPLOYMENT_TYPE == 'prod':
PROXY_URL_PREFIX = os.getenv('PROXY_URL_PREFIX', '/divorce')
REGISTER_URL = 'https://www.bceid.ca/directories/bluepages/details.aspx?serviceID=5203'
REGISTER_SC_URL = 'https://logon7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed49&partnerList=fed49&flags=0001:0,8&TARGET=http://justice.gov.bc.ca/divorce/login'
LOGOUT_URL_TEMPLATE = 'https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?returl=%s%s&retnow=1'
LOGOUT_URL = LOGOUT_URL_TEMPLATE % (PROXY_BASE_URL, PROXY_URL_PREFIX)
REGISTER_BCEID_URL = 'https://www.bceid.ca/directories/bluepages/details.aspx?serviceID=5203'
REGISTER_BCSC_URL = 'https://logon7.gov.bc.ca/clp-cgi/fed/fedLaunch.cgi?partner=fed49&partnerList=fed49&flags=0001:0,8&TARGET=http://justice.gov.bc.ca/divorce/oidc/authenticate'
# Keycloak OpenID Connect settings
OIDC_OP_JWKS_ENDPOINT = 'https://sso.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://sso.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'https://sso.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'https://sso.pathfinder.gov.bc.ca/auth/realms/tz0e228w/protocol/openid-connect/userinfo'
# Google Tag Manager (Production)
GTM_ID = 'GTM-W4Z2SPS'
if DEPLOYMENT_TYPE == 'minishift':
DEBUG = True
REGISTER_URL = '#'
REGISTER_SC_URL ='#'
REGISTER_BCEID_URL = '#'
REGISTER_BCSC_URL = '#'
PROXY_BASE_URL = ''
# Keycloak OpenID Connect settings
OIDC_OP_JWKS_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/certs'
OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'http://localhost:8081/auth/realms/justice/protocol/openid-connect/userinfo'
# Internal Relative Urls
FORCE_SCRIPT_NAME = PROXY_URL_PREFIX + '/'
@ -101,8 +119,8 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
if DEPLOYMENT_TYPE != 'minishift':
SESSION_COOKIE_PATH = PROXY_URL_PREFIX
SESSION_COOKIE_SECURE=True
CSRF_COOKIE_SECURE=True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# CLAMAV settings
CLAMAV_ENABLED = True
@ -113,4 +131,8 @@ CLAMAV_TCP_ADDR = os.getenv('CLAMAV_TCP_ADDR', 'clamav')
REDIS_HOST = os.getenv('REDIS_HOST', 'redis')
REDIS_PORT = 6379
REDIS_DB = ''
REDIS_PASSWORD = os.getenv('REDIS_PASSWORD', '')
REDIS_PASSWORD = os.getenv('REDIS_PASSWORD', '')
# Keycloak OpenID Connect settings
LOGIN_REDIRECT_URL = PROXY_URL_PREFIX + '/overview'
LOGOUT_REDIRECT_URL = PROXY_URL_PREFIX

Write Preview
Loading…
Cancel
Save