Merge pull request #13686 from mkllnk/litefarm-market-organic

Allow Litefarm and Market.Organic to access DFC API
2026-02-17 00:07:24 +00:00 · 2025-11-19 15:11:51 +11:00
parent 98176bd5de aaad1bc0b3
commit 0aa4993a4d
5 changed files with 42 additions and 4 deletions
--- a/engines/dfc_provider/app/services/api_user.rb
+++ b/engines/dfc_provider/app/services/api_user.rb
@@ -15,6 +15,15 @@ class ApiUser
      id: "https://carte.cqcm.coop/profile",
      tokens: "https://authentification.cqcm.coop/realms/cqcm/protocol/openid-connect/token",
    },
+    'lf-dev' => {
+      id: "https://www.litefarm.org/profile",
+      tokens: "https://login.fooddatacollaboration.org.uk/realms/dev/protocol/openid-connect/token",
+    },
+    'mo-dev' => {
+      id: "https://market.organic/profile",
+      tokens: "https://login.fooddatacollaboration.org.uk/realms/dev/protocol/openid-connect/token",
+    },
+
  }.freeze
  CLIENT_MAP = PLATFORMS.keys.index_by { |key| PLATFORMS.dig(key, :id) }.freeze

@@ -27,8 +36,11 @@ class ApiUser
  end

  def self.from_client_id(client_id)
-    id = CLIENT_MAP[client_id]
+    # Some tokens contain a short client id:
+    return new(client_id) if PLATFORMS.key?(client_id)

+    # Some tokens have a full URI to identify the client:
+    id = CLIENT_MAP[client_id]
    new(id) if id
  end

--- a/engines/dfc_provider/app/services/authorization_control.rb
+++ b/engines/dfc_provider/app/services/authorization_control.rb
@@ -5,26 +5,29 @@
 # It controls an OICD Access token and an enterprise.
 class AuthorizationControl
  PUBLIC_KEYS = {
-    # Copied from: https://login.lescommuns.org/auth/realms/data-food-consortium/
    "https://login.lescommuns.org/auth/realms/data-food-consortium" => <<~KEY,
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl68JGqAILFzoi/1+6siXXp2vylu+7mPjYKjKelTtHFYXWVkbmVptCsamHlY3jRhqSQYe6M1SKfw8D+uXrrWsWficYvpdlV44Vm7uETZOr1/XBOjpWOi1vLmBVtX6jFeqN1BxfE1PxLROAiGn+MeMg90AJKShD2c5RoNv26e20dgPhshRVFPUGru+0T1RoKyIa64z/qcTcTVD2V7KX+ANMweRODdoPAzQFGGjTnL1uUqIdUwSfHSpXYnKxXOsnPC3Mowkv8UIGWWDxS/yzhWc7sOk1NmC7pb+Cg7G8NKj+Pp9qQZnXF39Dg95ZsxJrl6fyPFvTo3zf9CPG/fUM1CkkwIDAQAB
      -----END PUBLIC KEY-----
    KEY

-    # Copied from: https://kc.cqcm.startinblox.com/realms/startinblox
    "https://kc.cqcm.startinblox.com/realms/startinblox" => <<~KEY,
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtvdb3BdHoLnNeMLaWd7nugPwdRAJJpdSySTtttEQY2/v1Q3byJ/kReSNGrUNkPVkOeDN3milgN5Apz+sNCwbtzOCulyFMmvuIOZFBqz5tcgwjZinSwpGBXpn6ehXyCET2LlcfLYAPA9axtaNg9wBLIHoxIPWpa2LcZstogyZY/yKUZXQTDqM5B5TyUkPN89xHFdq8SQuXPasbpYl7mGhZHkTDHiKZ9VK7K5tqsEZTD9dCuTGMKsthbOrlDnc9bAJ3PyKLRdib21Y1GGlTozo4Y/1q448E/DFp5rVC6jG6JFnsEnP0WVn+6qz7yxI7IfUU2YSAGgtGYaQkWtEfED0QIDAQAB
      -----END PUBLIC KEY-----
    KEY

-    # Copied from: https:///authentification.cqcm.coop/realms/cqcm
    "https:///authentification.cqcm.coop/realms/cqcm" => <<~KEY,
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz7dK3xQAWL+u++E/64T1OHEvnFrZRLzgCmw0leib3JL/XbaE4Jbd3fs2+zc3+dCwvCuLEKKO9Hc9wg79ifjtMKFfZDE1Ba+qhw7J9tYnu7TBtaxKuWUCdtwuultEdW+NFndaUvhD/TdyjDkRiO98mgvUbm2A3q/zyDmoUpR2IEfevkMSz8MnxUo1bDTJIyoYoKwnbToI1E9RVx2uYsYKk24Pfd+r6oTbi7TxA6Ia4EiREFki2gNIAdp66IqF0Gxyd+nGlkIbQGrW+9xynU4ar3ZNq/P8EZFdO57AdEvC3ZAzpTvOVcQ0cQ4XbRSYWQHyZ8jnjggpeddTGSqVlgx1wIDAQAB
      -----END PUBLIC KEY-----
    KEY
+
+    "https://login.fooddatacollaboration.org.uk/realms/dev" => <<~KEY,
+      -----BEGIN PUBLIC KEY-----
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihRLCBeT16xTp8K5AD59CcknSWOTRzRMrNaFElOEGE8RJBy3SGAGQZtd6RCI6et44CR2pBnCmFg7In4ufTszSsix+bIagp6ljBybAY1+Z8kQLpDukAVsrTIeLoqH7m7cJ/5B2ije5TS8ZGH0gZMQO46CTga9LV9IwyjeWcZx6iQor0zDFQJ6caq/IMV8l6+kTjPK2F7Em6f4SzhfOOJauuO8C9mQkCftDudeyfnEdF05MAUhch4CP+E26CZcSdrM1uOmOH9l0sbMdDijTjZCTeI1BO27T1ap1Ix7w5/U4JUWVmGTzPkOTgvEMiXMAitB5RetCicGiMop34nhDOJRwwIDAQAB
+      -----END PUBLIC KEY-----
+    KEY
  }.freeze

  def self.public_key(token)
--- a/engines/dfc_provider/spec/services/api_user_spec.rb
+++ b/engines/dfc_provider/spec/services/api_user_spec.rb
@@ -5,6 +5,20 @@ require_relative "../spec_helper"
 RSpec.describe ApiUser do
  subject(:user) { described_class.new("cqcm-dev") }

+  describe ".from_client_id" do
+    it "finds by URI" do
+      uri = "https://api.proxy-dev.cqcm.startinblox.com/profile"
+      user = ApiUser.from_client_id(uri)
+      expect(user.id).to eq "cqcm-dev"
+    end
+
+    it "finds by short id" do
+      uri = "lf-dev"
+      user = ApiUser.from_client_id(uri)
+      expect(user.id).to eq "lf-dev"
+    end
+  end
+
  describe "#customers" do
    it "returns nothing" do
      expect(user.customers).to be_empty
--- a/engines/dfc_provider/spec/services/authorization_control_spec.rb
+++ b/engines/dfc_provider/spec/services/authorization_control_spec.rb
@@ -25,6 +25,14 @@ RSpec.describe AuthorizationControl do
      end
    end

+    it "accepts a token from FDC" do
+      sib_token = file_fixture("fdc_access_token.jwt").read
+
+      travel_to(Date.parse("2025-06-13")) do
+        expect(auth(oidc_token: sib_token).user.id).to eq "lf-dev"
+      end
+    end
+
    it "finds the right user" do
      create(:oidc_user) # another user
      token = allow_token_for(email: user.email)
--- a/spec/fixtures/files/fdc_access_token.jwt
+++ b/spec/fixtures/files/fdc_access_token.jwt
@@ -0,0 +1 @@
+eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6MUNyNk1ZT3dtVl8zNUJLMGs1ZFlSUEphUTZ6RWcyZW9oRGgtYVR5N0NVIn0.eyJleHAiOjE3NjI5NzYxNjcsImlhdCI6MTc2Mjk3NTg2NywianRpIjoidHJydGNjOjQzZTI4YzY0LTI2ZjItMmQ5OS0yN2U4LTI1ZDg3N2I5MmMxMCIsImlzcyI6Imh0dHBzOi8vbG9naW4uZm9vZGRhdGFjb2xsYWJvcmF0aW9uLm9yZy51ay9yZWFsbXMvZGV2IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjFkNjdlODRlLWVkYTgtNDI5Yy05Mjc0LTQ4NTMyNDExODQ4NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImxmLWRldiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9hcGkuYmV0YS5saXRlZmFybS5vcmcvIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtZGV2Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImxmLWRldiI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjEwLjAuMC4yIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbGYtZGV2IiwiY2xpZW50QWRkcmVzcyI6IjEwLjAuMC4yIiwiY2xpZW50X2lkIjoibGYtZGV2In0.YRro7Djz5YsjpRpgJNo5z4K4fyNTgCMuf4I9AU8iG0pAr7yYe-KUJEhoj6iVvJWTDJ_s-FL8UCZHWu0iaSt6dYl3thwK8vxT5MAjdJMPI9-TMT8AlS4IeJngQYYj72Enys6W1anKGIMO7dgIe7fP4WaCIxHTQqHNmJy7GIW9RnVwz6TmpFFuDxBrryq7Jjvy8BhtqiN4niwAV-oFrZJnSmnjJzKpCnKzeyd2AMDgxf2BXSW671nr3dk-QYcgTlBSa_6OfNzETgNtbpWrcPDhC6oHsLV8rmGO4mnD7Fg0o_f7lLomvocbaEkmXzY2suCpF4J2d-XuitQBhriKFqJMGw
				`@@ -0,0 +1 @@`
				eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6MUNyNk1ZT3dtVl8zNUJLMGs1ZFlSUEphUTZ6RWcyZW9oRGgtYVR5N0NVIn0.eyJleHAiOjE3NjI5NzYxNjcsImlhdCI6MTc2Mjk3NTg2NywianRpIjoidHJydGNjOjQzZTI4YzY0LTI2ZjItMmQ5OS0yN2U4LTI1ZDg3N2I5MmMxMCIsImlzcyI6Imh0dHBzOi8vbG9naW4uZm9vZGRhdGFjb2xsYWJvcmF0aW9uLm9yZy51ay9yZWFsbXMvZGV2IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjFkNjdlODRlLWVkYTgtNDI5Yy05Mjc0LTQ4NTMyNDExODQ4NyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImxmLWRldiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9hcGkuYmV0YS5saXRlZmFybS5vcmcvIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtZGV2Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImxmLWRldiI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjEwLjAuMC4yIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbGYtZGV2IiwiY2xpZW50QWRkcmVzcyI6IjEwLjAuMC4yIiwiY2xpZW50X2lkIjoibGYtZGV2In0.YRro7Djz5YsjpRpgJNo5z4K4fyNTgCMuf4I9AU8iG0pAr7yYe-KUJEhoj6iVvJWTDJ_s-FL8UCZHWu0iaSt6dYl3thwK8vxT5MAjdJMPI9-TMT8AlS4IeJngQYYj72Enys6W1anKGIMO7dgIe7fP4WaCIxHTQqHNmJy7GIW9RnVwz6TmpFFuDxBrryq7Jjvy8BhtqiN4niwAV-oFrZJnSmnjJzKpCnKzeyd2AMDgxf2BXSW671nr3dk-QYcgTlBSa_6OfNzETgNtbpWrcPDhC6oHsLV8rmGO4mnD7Fg0o_f7lLomvocbaEkmXzY2suCpF4J2d-XuitQBhriKFqJMGw