diff --git a/docs/fr/migration-data-gouv.md b/docs/fr/migration-data-gouv.md new file mode 100644 index 00000000..5fe10c31 --- /dev/null +++ b/docs/fr/migration-data-gouv.md @@ -0,0 +1,14 @@ +1) fix conflicts on requirements +2) modifs on code - see commit +3) get dump from multi +``` +pg_dump -h -p -U -W -F t /catalogage-donnees/dump-prod-2023-07-21.tar +``` +4) restore dump to local db +``` +docker cp dump-prod-2023-07-21.tar catalogage-db:/var/lib/postgresql/data/dump-prod-2023-07-21.tar +docker exec -it catalogage-db pg_restore -c -U -d -v "/var/lib/postgresql/data/dump-prod-2023-07-21.tar" -W +``` +5) deploy on dataeng on docker / custom docker-compose-light file /srv/catalogue/catalogage-donnees +6) change target on dns in ovh +7) add certificate with certbot and create nginx conf diff --git a/requirements.txt b/requirements.txt index e69a6908..643cbe39 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ # App +pydantic==1.10.8 argon2-cffi==21.3.0 asyncpg==0.26.0 authlib==1.1.0 @@ -7,7 +8,7 @@ fastapi==0.85.0 gunicorn==20.1.0 itsdangerous==2.1.2 punq==0.6.2 -pydantic[email]==1.10.2 +pydantic[email]==1.10.8 python-json-logger==2.0.4 uvicorn[standard]==0.18.3 sqlalchemy[asyncio,mypy]==1.4.41 diff --git a/server/api/auth/datapass/routes.py b/server/api/auth/datapass/routes.py index b337422e..ff7b5d9e 100644 --- a/server/api/auth/datapass/routes.py +++ b/server/api/auth/datapass/routes.py @@ -155,40 +155,47 @@ async def callback(request: Request) -> Response: try: account = await bus.execute(LoginDataPassUser(email=email)) except LoginFailed: - their_datapass_organizations = userinfo["organizations"] sirets_here = await organization_repository.get_siret_set() - their_organizations_here = [ - organization - for organization in their_datapass_organizations - if organization["siret"] in sirets_here - ] + if userinfo["siret"] in sirets_here: + organization_siret = Siret(userinfo["siret"]) - if len(their_organizations_here) == 0: - # None of the user's organizations have been registered in our system yet. + else: url = get_client_root_url() url = url.replace(path="/auth/datapass/create-organization") return RedirectResponse(url, status_code=307) - - if len(their_organizations_here) > 1: - # More than one of the user's organizations is registered in our system, - # we need the user to pick one. - organization_choices = [ - {"siret": org["siret"], "name": org["label"]} - for org in their_organizations_here - ] - info = { - "email": email, - "organizations": organization_choices, - } - signed_token = HasSignedToken.make_signed_token() - url = get_client_root_url() - url = url.replace(path="/auth/datapass/pick-organization") - url = url.include_query_params(info=json.dumps(info), token=signed_token) - return RedirectResponse(url, status_code=307) - - organization_siret = Siret(their_organizations_here[0]["siret"]) + + # their_organizations_here = [ + # organization + # for organization in their_datapass_organizations + # if organization["siret"] in sirets_here + # ] + + # if len(their_organizations_here) == 0: + # # None of the user's organizations have been registered in our system yet. + # url = get_client_root_url() + # url = url.replace(path="/auth/datapass/create-organization") + # return RedirectResponse(url, status_code=307) + + # if len(their_organizations_here) > 1: + # # More than one of the user's organizations is registered in our system, + # # we need the user to pick one. + # organization_choices = [ + # {"siret": org["siret"], "name": org["label"]} + # for org in their_organizations_here + # ] + # info = { + # "email": email, + # "organizations": organization_choices, + # } + # signed_token = HasSignedToken.make_signed_token() + # url = get_client_root_url() + # url = url.replace(path="/auth/datapass/pick-organization") + # url = url.include_query_params(info=json.dumps(info), token=signed_token) + # return RedirectResponse(url, status_code=307) + + # organization_siret = Siret(their_organizations_here[0]["siret"]) await bus.execute( CreateDataPassUser( diff --git a/server/infrastructure/auth/datapass.py b/server/infrastructure/auth/datapass.py index f83add63..7071c864 100644 --- a/server/infrastructure/auth/datapass.py +++ b/server/infrastructure/auth/datapass.py @@ -56,12 +56,14 @@ def __init__(self, settings: Settings) -> None: server_metadata_url=( f"{settings.datapass_url}/.well-known/openid-configuration" ), - client_kwargs={"scope": "openid email organizations"}, + client_kwargs={"scope": "openid email organization"}, ) self._app: StarletteOAuth2App = oauth.datapass async def authorize_redirect(self, request: Request, callback_uri: str) -> Response: + # TRICK TO WORK WITH DOCKER CONTAINERS : + callback_uri = callback_uri.replace("http://localhost:3579", "https://catalogue.data.gouv.fr") return await self._app.authorize_redirect( request, callback_uri,