mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-02-17 00:07:24 +00:00
Merge pull request #13686 from mkllnk/litefarm-market-organic
Allow Litefarm and Market.Organic to access DFC API
This commit is contained in:
@@ -15,6 +15,15 @@ class ApiUser
|
||||
id: "https://carte.cqcm.coop/profile",
|
||||
tokens: "https://authentification.cqcm.coop/realms/cqcm/protocol/openid-connect/token",
|
||||
},
|
||||
'lf-dev' => {
|
||||
id: "https://www.litefarm.org/profile",
|
||||
tokens: "https://login.fooddatacollaboration.org.uk/realms/dev/protocol/openid-connect/token",
|
||||
},
|
||||
'mo-dev' => {
|
||||
id: "https://market.organic/profile",
|
||||
tokens: "https://login.fooddatacollaboration.org.uk/realms/dev/protocol/openid-connect/token",
|
||||
},
|
||||
|
||||
}.freeze
|
||||
CLIENT_MAP = PLATFORMS.keys.index_by { |key| PLATFORMS.dig(key, :id) }.freeze
|
||||
|
||||
@@ -27,8 +36,11 @@ class ApiUser
|
||||
end
|
||||
|
||||
def self.from_client_id(client_id)
|
||||
id = CLIENT_MAP[client_id]
|
||||
# Some tokens contain a short client id:
|
||||
return new(client_id) if PLATFORMS.key?(client_id)
|
||||
|
||||
# Some tokens have a full URI to identify the client:
|
||||
id = CLIENT_MAP[client_id]
|
||||
new(id) if id
|
||||
end
|
||||
|
||||
|
||||
@@ -5,26 +5,29 @@
|
||||
# It controls an OICD Access token and an enterprise.
|
||||
class AuthorizationControl
|
||||
PUBLIC_KEYS = {
|
||||
# Copied from: https://login.lescommuns.org/auth/realms/data-food-consortium/
|
||||
"https://login.lescommuns.org/auth/realms/data-food-consortium" => <<~KEY,
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl68JGqAILFzoi/1+6siXXp2vylu+7mPjYKjKelTtHFYXWVkbmVptCsamHlY3jRhqSQYe6M1SKfw8D+uXrrWsWficYvpdlV44Vm7uETZOr1/XBOjpWOi1vLmBVtX6jFeqN1BxfE1PxLROAiGn+MeMg90AJKShD2c5RoNv26e20dgPhshRVFPUGru+0T1RoKyIa64z/qcTcTVD2V7KX+ANMweRODdoPAzQFGGjTnL1uUqIdUwSfHSpXYnKxXOsnPC3Mowkv8UIGWWDxS/yzhWc7sOk1NmC7pb+Cg7G8NKj+Pp9qQZnXF39Dg95ZsxJrl6fyPFvTo3zf9CPG/fUM1CkkwIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY
|
||||
|
||||
# Copied from: https://kc.cqcm.startinblox.com/realms/startinblox
|
||||
"https://kc.cqcm.startinblox.com/realms/startinblox" => <<~KEY,
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtvdb3BdHoLnNeMLaWd7nugPwdRAJJpdSySTtttEQY2/v1Q3byJ/kReSNGrUNkPVkOeDN3milgN5Apz+sNCwbtzOCulyFMmvuIOZFBqz5tcgwjZinSwpGBXpn6ehXyCET2LlcfLYAPA9axtaNg9wBLIHoxIPWpa2LcZstogyZY/yKUZXQTDqM5B5TyUkPN89xHFdq8SQuXPasbpYl7mGhZHkTDHiKZ9VK7K5tqsEZTD9dCuTGMKsthbOrlDnc9bAJ3PyKLRdib21Y1GGlTozo4Y/1q448E/DFp5rVC6jG6JFnsEnP0WVn+6qz7yxI7IfUU2YSAGgtGYaQkWtEfED0QIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY
|
||||
|
||||
# Copied from: https:///authentification.cqcm.coop/realms/cqcm
|
||||
"https:///authentification.cqcm.coop/realms/cqcm" => <<~KEY,
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz7dK3xQAWL+u++E/64T1OHEvnFrZRLzgCmw0leib3JL/XbaE4Jbd3fs2+zc3+dCwvCuLEKKO9Hc9wg79ifjtMKFfZDE1Ba+qhw7J9tYnu7TBtaxKuWUCdtwuultEdW+NFndaUvhD/TdyjDkRiO98mgvUbm2A3q/zyDmoUpR2IEfevkMSz8MnxUo1bDTJIyoYoKwnbToI1E9RVx2uYsYKk24Pfd+r6oTbi7TxA6Ia4EiREFki2gNIAdp66IqF0Gxyd+nGlkIbQGrW+9xynU4ar3ZNq/P8EZFdO57AdEvC3ZAzpTvOVcQ0cQ4XbRSYWQHyZ8jnjggpeddTGSqVlgx1wIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY
|
||||
|
||||
"https://login.fooddatacollaboration.org.uk/realms/dev" => <<~KEY,
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihRLCBeT16xTp8K5AD59CcknSWOTRzRMrNaFElOEGE8RJBy3SGAGQZtd6RCI6et44CR2pBnCmFg7In4ufTszSsix+bIagp6ljBybAY1+Z8kQLpDukAVsrTIeLoqH7m7cJ/5B2ije5TS8ZGH0gZMQO46CTga9LV9IwyjeWcZx6iQor0zDFQJ6caq/IMV8l6+kTjPK2F7Em6f4SzhfOOJauuO8C9mQkCftDudeyfnEdF05MAUhch4CP+E26CZcSdrM1uOmOH9l0sbMdDijTjZCTeI1BO27T1ap1Ix7w5/U4JUWVmGTzPkOTgvEMiXMAitB5RetCicGiMop34nhDOJRwwIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY
|
||||
}.freeze
|
||||
|
||||
def self.public_key(token)
|
||||
|
||||
@@ -5,6 +5,20 @@ require_relative "../spec_helper"
|
||||
RSpec.describe ApiUser do
|
||||
subject(:user) { described_class.new("cqcm-dev") }
|
||||
|
||||
describe ".from_client_id" do
|
||||
it "finds by URI" do
|
||||
uri = "https://api.proxy-dev.cqcm.startinblox.com/profile"
|
||||
user = ApiUser.from_client_id(uri)
|
||||
expect(user.id).to eq "cqcm-dev"
|
||||
end
|
||||
|
||||
it "finds by short id" do
|
||||
uri = "lf-dev"
|
||||
user = ApiUser.from_client_id(uri)
|
||||
expect(user.id).to eq "lf-dev"
|
||||
end
|
||||
end
|
||||
|
||||
describe "#customers" do
|
||||
it "returns nothing" do
|
||||
expect(user.customers).to be_empty
|
||||
|
||||
@@ -25,6 +25,14 @@ RSpec.describe AuthorizationControl do
|
||||
end
|
||||
end
|
||||
|
||||
it "accepts a token from FDC" do
|
||||
sib_token = file_fixture("fdc_access_token.jwt").read
|
||||
|
||||
travel_to(Date.parse("2025-06-13")) do
|
||||
expect(auth(oidc_token: sib_token).user.id).to eq "lf-dev"
|
||||
end
|
||||
end
|
||||
|
||||
it "finds the right user" do
|
||||
create(:oidc_user) # another user
|
||||
token = allow_token_for(email: user.email)
|
||||
|
||||
1
spec/fixtures/files/fdc_access_token.jwt
vendored
Normal file
1
spec/fixtures/files/fdc_access_token.jwt
vendored
Normal file
@@ -0,0 +1 @@
|
||||
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6MUNyNk1ZT3dtVl8zNUJLMGs1ZFlSUEphUTZ6RWcyZW9oRGgtYVR5N0NVIn0.eyJleHAiOjE3NjI5NzYxNjcsImlhdCI6MTc2Mjk3NTg2NywianRpIjoidHJydGNjOjQzZTI4YzY0LTI2ZjItMmQ5OS0yN2U4LTI1ZDg3N2I5MmMxMCIsImlzcyI6Imh0dHBzOi8vbG9naW4uZm9vZGRhdGFjb2xsYWJvcmF0aW9uLm9yZy51ay9yZWFsbXMvZGV2IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjFkNjdlODRlLWVkYTgtNDI5Yy05Mjc0LTQ4NTMyNDExODQ4NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImxmLWRldiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9hcGkuYmV0YS5saXRlZmFybS5vcmcvIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtZGV2Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImxmLWRldiI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjEwLjAuMC4yIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbGYtZGV2IiwiY2xpZW50QWRkcmVzcyI6IjEwLjAuMC4yIiwiY2xpZW50X2lkIjoibGYtZGV2In0.YRro7Djz5YsjpRpgJNo5z4K4fyNTgCMuf4I9AU8iG0pAr7yYe-KUJEhoj6iVvJWTDJ_s-FL8UCZHWu0iaSt6dYl3thwK8vxT5MAjdJMPI9-TMT8AlS4IeJngQYYj72Enys6W1anKGIMO7dgIe7fP4WaCIxHTQqHNmJy7GIW9RnVwz6TmpFFuDxBrryq7Jjvy8BhtqiN4niwAV-oFrZJnSmnjJzKpCnKzeyd2AMDgxf2BXSW671nr3dk-QYcgTlBSa_6OfNzETgNtbpWrcPDhC6oHsLV8rmGO4mnD7Fg0o_f7lLomvocbaEkmXzY2suCpF4J2d-XuitQBhriKFqJMGw
|
||||
Reference in New Issue
Block a user