openfun
diff --git a/‎env.d/development/common.dist‎
Lines changed: 6 additions & 0 deletions b/‎env.d/development/common.dist‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/backend/joanie/core/authentication.py‎
Lines changed: 19 additions & 0 deletions b/‎src/backend/joanie/core/authentication.py‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎src/backend/joanie/core/utils/jwt_tokens.py‎
Lines changed: 45 additions & 12 deletions b/‎src/backend/joanie/core/utils/jwt_tokens.py‎
Lines changed: 45 additions & 12 deletions
diff --git a/‎src/backend/joanie/settings.py‎
Lines changed: 11 additions & 2 deletions b/‎src/backend/joanie/settings.py‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎src/backend/joanie/tests/base.py‎
Lines changed: 41 additions & 10 deletions b/‎src/backend/joanie/tests/base.py‎
Lines changed: 41 additions & 10 deletions
diff --git a/‎src/backend/joanie/tests/core/api/order/test_create.perf.yml‎
Lines changed: 1 addition & 0 deletions b/‎src/backend/joanie/tests/core/api/order/test_create.perf.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/backend/joanie/tests/core/api/organizations/test_api_organization_accesses.perf.yml‎
Lines changed: 1 addition & 0 deletions b/‎src/backend/joanie/tests/core/api/organizations/test_api_organization_accesses.perf.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/backend/joanie/tests/core/api/organizations/test_api_organizations_agreements.perf.yml‎
Lines changed: 3 additions & 0 deletions b/‎src/backend/joanie/tests/core/api/organizations/test_api_organizations_agreements.perf.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/backend/joanie/tests/core/api/organizations/test_api_organizations_contract.perf.yml‎
Lines changed: 5 additions & 0 deletions b/‎src/backend/joanie/tests/core/api/organizations/test_api_organizations_contract.perf.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/backend/joanie/tests/core/api/organizations/test_list.perf.yml‎
Lines changed: 1 addition & 0 deletions b/‎src/backend/joanie/tests/core/api/organizations/test_list.perf.yml‎
Lines changed: 1 addition & 0 deletions
@@ -19,6 +19,12 @@ JOANIE_LMS_BACKENDS = '[{
 
 #JWT
 DJANGO_JWT_PRIVATE_SIGNING_KEY=ThisIsAnExampleKeyForDevPurposeOnly
+DJANGO_JWT_ALGORITHM=RS256
+DJANGO_JWT_TYPE_CLAIM=typ
+DJANGO_KEYCLOAK_USERNAME_CLAIM=preferred_username
+DJANGO_KEYCLOAK_ISSUER=http://keycloak/realms/master
+DJANGO_KEYCLOAK_JWK_URL=http://keycloak/realms/master/protocol/openid-connect/certs
+JOANIE_JWT_USER_FIELDS_SYNC={"username": "preferred_username", "first_name": "given_name", "last_name": "family_name", "email": "email", "language": "locale"}
 
 # Joanie settings
 
 
@@ -9,8 +9,10 @@
 from drf_spectacular.plumbing import build_bearer_security_scheme_object
 from rest_framework import authentication
 from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework_simplejwt.backends import TokenBackend
 from rest_framework_simplejwt.exceptions import InvalidToken
 from rest_framework_simplejwt.settings import api_settings
+from rest_framework_simplejwt.tokens import AccessToken
 
 
 def get_user_dict(token):
@@ -28,6 +30,9 @@ def get_user_dict(token):
     except LookupError:
         values["language"] = settings.LANGUAGE_CODE
 
+    if "has_subscribed_to_commercial_newsletter" not in values:
+        values["has_subscribed_to_commercial_newsletter"] = True
+
     return values
 
 
@@ -94,3 +99,17 @@ class OpenApiSessionAuthenticationExtension(SessionScheme):
     target_class = (
         "joanie.core.authentication.SessionAuthenticationWithAuthenticateHeader"
     )
+
+
+class KeycloakAccessToken(AccessToken):
+    """Custom AccessToken class to add a `typ` header."""
+
+    #  ruff: noqa : S105
+    token_type = "ID"
+
+    def get_token_backend(self) -> "TokenBackend":
+        """Return the token backend, adding the `User-Agent` header."""
+        backend = super().get_token_backend()
+        if backend.jwks_client is not None:
+            backend.jwks_client.headers = {"User-Agent": "Keycloak-python-urllib"}
+        return backend
@@ -4,14 +4,17 @@
 
 from datetime import datetime, timedelta
 
+from django.conf import settings
+
 from rest_framework_simplejwt.tokens import AccessToken
 
 from joanie.core import models
+from joanie.core.authentication import KeycloakAccessToken
 
 
 def generate_jwt_token_from_user(
     user: models.User, expires_at: datetime = None
-) -> AccessToken:
+) -> AccessToken | KeycloakAccessToken:
     """
     Generate a jwt token used to authenticate a user from a user registered in
     the database
@@ -24,15 +27,45 @@ def generate_jwt_token_from_user(
         token, the jwt token generated as it should
     """
     issued_at = datetime.utcnow()
-    token = AccessToken()
-    token.payload.update(
-        {
-            "email": user.email,
-            "exp": expires_at or issued_at + timedelta(days=2),
-            "iat": issued_at,
-            "language": user.language,
-            "username": user.username,
-            "full_name": user.get_full_name(),
-        }
-    )
+    if issuer := settings.SIMPLE_JWT.get("ISSUER"):
+        token = KeycloakAccessToken()
+        token.payload.update(
+            {
+                "exp": expires_at or issued_at + timedelta(days=2),
+                "iat": issued_at,
+                "auth_time": 1768924092,
+                "jti": "c7ee46da-8127-51d1-35b1-3f07fa1a49a5",
+                "iss": issuer,
+                "aud": "keycloak-client",
+                "sub": "095009db-b774-4e26-ab58-5e55c1474d98",
+                "typ": "ID",
+                "azp": "keycloak-client",
+                "nonce": "1a21d63a-930b-457f-9445-0858645f77ba",
+                "sid": "9f00242d-9199-80d8-178a-5f9c73968385",
+                "at_hash": "SPRUypol4zCSgENoM3764g",
+                "acr": "0",
+                "s_hash": "YFa348xSzi5FBMi4x9w6jg",
+                "email_verified": False,
+                "name": user.get_full_name(),
+                "preferred_username": user.username,
+                "given_name": user.first_name,
+                "family_name": user.last_name,
+                "email": user.email,
+                "locale": user.language,
+            }
+        )
+        backend = token.get_token_backend()
+        backend.algorithm = "HS256"
+    else:
+        token = AccessToken()
+        token.payload.update(
+            {
+                "email": user.email,
+                "exp": expires_at or issued_at + timedelta(days=2),
+                "iat": issued_at,
+                "language": user.language,
+                "username": user.username,
+                "full_name": user.get_full_name(),
+            }
+        )
     return token
@@ -341,8 +341,17 @@ class Base(Configuration):
         "AUTH_HEADER_TYPES": ("Bearer",),
         "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
         "USER_ID_FIELD": "username",
-        "USER_ID_CLAIM": "username",
-        "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
+        "USER_ID_CLAIM": values.Value(
+            "username", environ_name="KEYCLOAK_USERNAME_CLAIM"
+        ),
+        "ISSUER": values.Value(None, environ_name="KEYCLOAK_ISSUER"),
+        "JWK_URL": values.Value(None, environ_name="KEYCLOAK_JWK_URL"),
+        # "TOKEN_TYPE_CLAIM": "typ",
+        "TOKEN_TYPE_CLAIM": values.Value("token_type", environ_name="JWT_TYPE_CLAIM"),
+        "AUTH_TOKEN_CLASSES": (
+            "rest_framework_simplejwt.tokens.AccessToken",
+            "joanie.core.authentication.KeycloakAccessToken",
+        ),
     }
     JWT_USER_FIELDS_SYNC = values.DictValue(
         {
 
@@ -13,6 +13,7 @@
 from rest_framework_simplejwt.tokens import AccessToken
 
 from joanie.core import enums
+from joanie.core.authentication import KeycloakAccessToken
 from joanie.core.models import ActivityLog
 from joanie.core.utils.jwt_tokens import generate_jwt_token_from_user
 from joanie.core.utils.sentry import serialize_data
@@ -43,16 +44,46 @@ def get_user_token(username, expires_at=None):
             token, the jwt token generated as it should
         """
         issued_at = datetime.utcnow()
-        token = AccessToken()
-        token.payload.update(
-            {
-                "email": f"{username}@funmooc.fr",
-                "exp": expires_at or issued_at + timedelta(days=2),
-                "iat": issued_at,
-                "language": settings.LANGUAGE_CODE,
-                "username": username,
-            }
-        )
+        if issuer := settings.SIMPLE_JWT.get("ISSUER"):
+            token = KeycloakAccessToken()
+            token.payload.update(
+                {
+                    "exp": expires_at or issued_at + timedelta(days=2),
+                    "iat": issued_at,
+                    "auth_time": 1768924092,
+                    "jti": "c7ee46da-8127-51d1-35b1-3f07fa1a49a5",
+                    "iss": issuer,
+                    "aud": "keycloak-client",
+                    "sub": "095009db-b774-4e26-ab58-5e55c1474d98",
+                    "typ": "ID",
+                    "azp": "keycloak-client",
+                    "nonce": "1a21d63a-930b-457f-9445-0858645f77ba",
+                    "sid": "9f00242d-9199-80d8-178a-5f9c73968385",
+                    "at_hash": "SPRUypol4zCSgENoM3764g",
+                    "acr": "0",
+                    "s_hash": "YFa348xSzi5FBMi4x9w6jg",
+                    "email_verified": False,
+                    "name": "",
+                    "preferred_username": username,
+                    "given_name": "",
+                    "family_name": "",
+                    "email": f"{username}@funmooc.fr",
+                    "locale": settings.LANGUAGE_CODE,
+                }
+            )
+            backend = token.get_token_backend()
+            backend.algorithm = "HS256"
+        else:
+            token = AccessToken()
+            token.payload.update(
+                {
+                    "email": f"{username}@funmooc.fr",
+                    "exp": expires_at or issued_at + timedelta(days=2),
+                    "iat": issued_at,
+                    "language": settings.LANGUAGE_CODE,
+                    "username": username,
+                }
+            )
         return token
 
     @staticmethod
 
@@ -41,6 +41,7 @@ OrderCreateApiTest.test_api_order_create_authenticated_payment_binding:
 - db: 'SELECT ... FROM "joanie_course_product_relation" INNER JOIN "joanie_course_product_relation_organizations" ON ("joanie_course_product_relation"."id" = "joanie_course_product_relation_organizations"."courseproductrelation_id") WHERE ("joanie_course_product_relation"."course_id" = #::uuid AND "joanie_course_product_relation_organizations"."organization_id" = #::uuid AND "joanie_course_product_relation"."product_id" = #::uuid) LIMIT #'
 - db: 'SELECT ... FROM "joanie_offeringrule" WHERE ("joanie_offeringrule"."course_product_relation_id" = #::uuid AND "joanie_offeringrule"."is_active") ORDER BY "joanie_offeringrule"."position" ASC'
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT # AS "a" FROM "joanie_organization" WHERE "joanie_organization"."id" = #::uuid LIMIT #'
 - db: 'SELECT # AS "a" FROM "joanie_product" WHERE "joanie_product"."id" = #::uuid LIMIT #'
 - db: 'SELECT # AS "a" FROM "joanie_course" WHERE "joanie_course"."id" = #::uuid LIMIT #'
 
@@ -1,4 +1,5 @@
 OrganizationAccessesAPITestCase.test_api_organization_accesses_list_authenticated_member:
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT COUNT(*) FROM (SELECT DISTINCT ... FROM "joanie_organization_access" INNER JOIN "joanie_organization" ON ("joanie_organization_access"."organization_id" = "joanie_organization"."id") INNER JOIN "joanie_organization_access" T3 ON ("joanie_organization"."id" = T3."organization_id") WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."organization_id" = #::uuid AND T3."user_id" = #::uuid)) subquery'
 - db: 'SELECT DISTINCT ... FROM "joanie_organization_access" INNER JOIN "joanie_organization" ON ("joanie_organization_access"."organization_id" = "joanie_organization"."id") INNER JOIN "joanie_organization_access" T3 ON ("joanie_organization"."id" = T3."organization_id") INNER JOIN "joanie_user" T5 ON ("joanie_organization_access"."user_id" = T5."id") WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."organization_id" = #::uuid AND T3."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
@@ -34,6 +34,7 @@ OrganizationAgreementApiTest.test_api_organizations_agreement_list_by_signature_
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_quote" WHERE "joanie_quote"."batch_order_id" = #::uuid LIMIT #'
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 OrganizationAgreementApiTest.test_api_organizations_agreement_list_by_signature_state.2:
 - db: SELECT DISTINCT "joanie_contract"."id" FROM "joanie_contract" ORDER BY "joanie_contract"."id" ASC
@@ -161,6 +162,7 @@ OrganizationAgreementApiTest.test_api_organizations_agreements_list_by_offering:
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_quote" WHERE "joanie_quote"."batch_order_id" = #::uuid LIMIT #'
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 OrganizationAgreementApiTest.test_api_organizations_agreements_list_by_offering.2:
 - db: SELECT DISTINCT "joanie_contract"."id" FROM "joanie_contract" ORDER BY "joanie_contract"."id" ASC
@@ -373,6 +375,7 @@ OrganizationAgreementApiTest.test_api_organizations_agreements_list_with_accesse
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_quote" WHERE "joanie_quote"."batch_order_id" = #::uuid LIMIT #'
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 - db: 'SELECT ... FROM "joanie_quote" WHERE "joanie_quote"."batch_order_id" = #::uuid LIMIT #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 
@@ -56,6 +56,7 @@ OrganizationContractApiTest.test_api_organizations_contracts_list_filter_by_offe
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 - cache|get: parler.core.CourseTranslation.#.en-us
 - cache|get: parler.core.OrganizationTranslation.#.en-us
@@ -222,6 +223,7 @@ OrganizationContractApiTest.test_api_organizations_contracts_list_filter_signatu
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 - cache|get: parler.core.CourseTranslation.#.en-us
 - cache|get: parler.core.OrganizationTranslation.#.en-us
@@ -332,6 +334,7 @@ OrganizationContractApiTest.test_api_organizations_contracts_list_with_accesses:
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 - cache|get: parler.core.CourseTranslation.#.en-us
 - cache|get: parler.core.OrganizationTranslation.#.en-us
@@ -367,6 +370,7 @@ OrganizationContractApiTest.test_api_organizations_contracts_retrieve_with_acces
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 OrganizationContractApiTest.test_api_organizations_contracts_retrieve_with_accesses_and_canceled_order:
 - db: SELECT DISTINCT "joanie_contract"."id" FROM "joanie_contract" ORDER BY "joanie_contract"."id" ASC
@@ -423,6 +427,7 @@ OrganizationContractApiTest.test_api_organizations_contracts_retrieve_with_acces
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - cache|get: parler.core.ProductTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT "joanie_organization_access"."role" FROM "joanie_organization_access" WHERE ("joanie_organization_access"."organization_id" = #::uuid AND "joanie_organization_access"."user_id" = #::uuid) ORDER BY "joanie_organization_access"."created_on" DESC LIMIT #'
 OrganizationContractApiTest.test_api_organizations_contracts_retrieve_without_access:
 - db: SELECT DISTINCT "joanie_contract"."id" FROM "joanie_contract" ORDER BY "joanie_contract"."id" ASC
 
@@ -26,6 +26,7 @@ OrganizationApiListTest.test_api_organization_list_authenticated_queries:
 - cache|get: parler.core.OrganizationTranslation.#.en-us
 - db: 'SELECT ... FROM "joanie_address" WHERE ("joanie_address"."organization_id" = #::uuid AND "joanie_address"."is_main" AND "joanie_address"."is_reusable") ORDER BY "joanie_address"."created_on" DESC LIMIT #'
 - db: 'SELECT ... FROM "joanie_user" WHERE "joanie_user"."username" = # LIMIT #'
+- db: 'UPDATE "joanie_user" SET ... WHERE "joanie_user"."username" = #'
 - db: 'SELECT ... FROM "easy_thumbnails_source" WHERE ("easy_thumbnails_source"."name" = # AND "easy_thumbnails_source"."storage_hash" = #) LIMIT #'
 - db: 'UPDATE "easy_thumbnails_source" SET ... WHERE "easy_thumbnails_source"."id" = #'
 - db: 'SELECT ... FROM "easy_thumbnails_thumbnail" WHERE ("easy_thumbnails_thumbnail"."name" = # AND "easy_thumbnails_thumbnail"."source_id" = # AND "easy_thumbnails_thumbnail"."storage_hash" = #) LIMIT #'