Merge branch 'main' into production

documentation/maintainers/settings.rst

@@ -19,3 +19,56 @@ Pour utiliser ces pages statiques, on peut utiliser le paramètre `error_page <h
 Avec cette configuration, dès que le service est indisponible, Nginx servira cette page d'erreur:
 
 .. image:: ../_static/b3desk-500.png
+
+
+Jumelage avec Apps
+==================
+
+Configuration de B3Desk
+-----------------------
+
+Afin que les utilisateurs de b3desk puissent accéder à leurs fichiers Nextcloud d’Apps, il faut que l’application puisse récupérer l’identifiant attendu par Nextcloud. Pour ce faire une requête est faite sur l’`API Users de Keycloak <https://www.keycloak.org/docs-api/22.0.1/rest-api/index.html#_users>`_.
+
+Il est donc nécessaire de configurer les paramètres de configuration suivants :
+
+- :attr:`~b3desk.settings.MainSettings.SECONDARY_IDENTITY_PROVIDER_ENABLED`
+- :attr:`~b3desk.settings.MainSettings.SECONDARY_IDENTITY_PROVIDER_URI`
+- :attr:`~b3desk.settings.MainSettings.SECONDARY_IDENTITY_PROVIDER_REALM`
+- :attr:`~b3desk.settings.MainSettings.SECONDARY_IDENTITY_PROVIDER_CLIENT_ID`
+- :attr:`~b3desk.settings.MainSettings.SECONDARY_IDENTITY_PROVIDER_CLIENT_SECRET`
+
+On peut ensuite tester que la configuration est correcte grâce à la commande suivante:
+
+.. code-block:: bash
+
+   docker exec -it <CONTAINER_ID> flask get-apps-id <[email protected]>
+
+En remplaçant ``<CONTAINER_ID>`` par l’identifiant du conteneur `b3desk_web`, et ``<[email protected]>`` par l’email d’un utilisateur, cette commande tente une connexion à l’API keycloak d’apps, afin de récupérer l’identifiant dont l’email a été passé en paramètre.
+
+Si la connexion à l’API de keycloak échoue, cette commande indiquera à quelle étape, et quelles sont les pistes de résolution.
+
+Configuration de Keycloak
+-------------------------
+
+Pour que la connexion de B3Desk à Apps fonctionne correctement, il est nécessaire que keycloak autorise les connexion par `identifiants client <https://datatracker.ietf.org/doc/html/rfc6749#section-4.4>`_.
+
+Vérifier que la configuration de Keycloak est correcte
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Se rendre la console d’administration Keycloak, dans le `realm` ``apps``.
+  Par exemple https://auth.eole3.dev/auth/admin/master/console/#/apps
+- Se rendre dans la section « Clients » et sélectionner « b3desk »
+- Sélectionner l’onglet « Service account roles »
+- À cet endroit on doit voir deux lignes avec les droits ``real-management view-users`` et ``realm-management query-users``.
+
+.. image:: ../_static/keycloak-service-account-roles.png
+
+Configuration de Keycloak est correcte
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Si les droits ``real-management view-users`` et ``realm-management query-users`` ne sont pas présents, il faut les ajouter :
+
+- Cliquer sur le bouton « Assign roles », une fenêtre modale doit s’ouvrir
+- Cliquer sur le menu déroulant des filtres en haut à gauche, et sélectionner « Filter by clients » plutôt que « Filter by realm roles »
+- Dans le champ de recherche, entrer « users » et valider
+- Cocher « view-users » et « query-users » puis sur le bouton « Assign »

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "b3desk"
-version = "1.2.3"
+version = "1.2.4"
 description = "Outil de visioconférence pour les agents de l'Education Nationale et de l'Etat en général."
 authors = ["Your Name <[email protected]>"]
 readme = "README.md"
@@ -45,7 +45,7 @@ pre-commit = "^3.1.1"
 pytest = "^8.0.0"
 pytest-cov = "^5.0.0"
 pytest-dotenv = "^0.5.2"
-pytest-iam = "^0.0.9"
+pytest-iam = "^0.0.12"
 pytest-mock = "^3.11.1"
 wsgidav = "^4.3.1"
 pytest-smtpd = "^0.1.0"

web/b3desk/__init__.py

@@ -29,7 +29,7 @@
 from .utils import enum_converter
 from .utils import model_converter
 
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 LANGUAGES = ["en", "fr"]
 

web/b3desk/models/bbb.py

@@ -320,7 +320,7 @@ def meeting_file_addition_xml(self, meeting_files):
                     f"{current_app.config['SECRET_KEY']}-0-{meeting_file.id}-{current_app.config['SECRET_KEY']}".encode()
                 ).hexdigest()
                 current_app.logger.info(
-                    "Add document on BigBLueButton room creation for file",
+                    "Add document on BigBLueButton room creation for file %s",
                     meeting_file.title,
                 )
                 url = url_for(

web/b3desk/settings.py

@@ -433,6 +433,28 @@ def get_allowed_mime_types_server_side(
     Plus d’infos sur https://flask-pyoidc.readthedocs.io/en/latest/api.html#module-flask_pyoidc.provider_configuration
     """
 
+    SECONDARY_IDENTITY_PROVIDER_ENABLED: Optional[bool] = False
+    """Indique si un second serveur d'identité pour la connection a un
+    Nextcloud est activée.
+
+    S'il y a bien besoin de ce second serveur d'identité pour connecter
+    un utilisateur sur un Nextcloud, l'identifiant Nextcloud de
+    l'utilisateur sera recherché à partir de son mail.
+    """
+
+    SECONDARY_IDENTITY_PROVIDER_URI: Optional[str] = None
+    """Url du serveur d'identité permettant de retrouver un id utilisateur à
+    partir de son email."""
+
+    SECONDARY_IDENTITY_PROVIDER_REALM: Optional[str] = None
+    """Groupe sous lequel est enregistré l'utilisateur."""
+
+    SECONDARY_IDENTITY_PROVIDER_CLIENT_ID: Optional[str] = None
+    """ID du client B3desk dans ce serveur d'identité."""
+
+    SECONDARY_IDENTITY_PROVIDER_CLIENT_SECRET: Optional[str] = None
+    """Secret du client B3desk dans ce serveur d'identité."""
+
     @field_validator("OIDC_ATTENDEE_ISSUER")
     def get_attendee_issuer(cls, attendee_issuer: str, info: ValidationInfo) -> str:
         return attendee_issuer or info.data.get("OIDC_ISSUER")

web/misc/run_webserver.sh

@@ -3,4 +3,4 @@
 # DB Migration
 flask db upgrade &>> /var/log/flask-migrate.log
 
-gunicorn --chdir /opt/bbb-visio --bind 0.0.0.0:5000 --log-level warning --access-logfile /var/log/gunicorn-access.log --error-logfile /var/log/gunicorn-error.log wsgi:app
+gunicorn --chdir /opt/bbb-visio --bind 0.0.0.0:5000 --log-level info --access-logfile /var/log/gunicorn-access.log --error-logfile /var/log/gunicorn-error.log wsgi:app

web/requirements.app.txt

@@ -6,7 +6,7 @@ babel==2.14.0 ; python_version >= "3.9" and python_version < "4.0"
 billiard==4.2.0 ; python_version >= "3.9" and python_version < "4.0"
 blinker==1.7.0 ; python_version >= "3.9" and python_version < "4.0"
 cachelib==0.9.0 ; python_version >= "3.9" and python_version < "4.0"
-celery==5.3.6 ; python_version >= "3.9" and python_version < "4.0"
+celery==5.4.0 ; python_version >= "3.9" and python_version < "4.0"
 certifi==2024.2.2 ; python_version >= "3.9" and python_version < "4.0"
 cffi==1.16.0 ; python_version >= "3.9" and python_version < "4.0" and platform_python_implementation != "PyPy"
 charset-normalizer==3.3.2 ; python_version >= "3.9" and python_version < "4.0"
@@ -25,18 +25,18 @@ flask-pyoidc==3.14.3 ; python_version >= "3.9" and python_version < "4.0"
 flask-sqlalchemy==3.0.5 ; python_version >= "3.9" and python_version < "4.0"
 flask-uploads==0.2.1 ; python_version >= "3.9" and python_version < "4.0"
 flask-wtf==1.2.1 ; python_version >= "3.9" and python_version < "4.0"
-flask==3.0.2 ; python_version >= "3.9" and python_version < "4.0"
+flask==3.0.3 ; python_version >= "3.9" and python_version < "4.0"
 future==1.0.0 ; python_version >= "3.9" and python_version < "4.0"
 greenlet==3.0.3 ; python_version >= "3.9" and (platform_machine == "aarch64" or platform_machine == "ppc64le" or platform_machine == "x86_64" or platform_machine == "amd64" or platform_machine == "AMD64" or platform_machine == "win32" or platform_machine == "WIN32") and python_version < "4.0"
 gunicorn==21.2.0 ; python_version >= "3.9" and python_version < "4.0"
-idna==3.6 ; python_version >= "3.9" and python_version < "4.0"
+idna==3.7 ; python_version >= "3.9" and python_version < "4.0"
 importlib-metadata==7.1.0 ; python_version >= "3.9" and python_version < "3.10"
 importlib-resources==6.4.0 ; python_version >= "3.9" and python_version < "4.0"
-itsdangerous==2.1.2 ; python_version >= "3.9" and python_version < "4.0"
+itsdangerous==2.2.0 ; python_version >= "3.9" and python_version < "4.0"
 jinja2==3.1.3 ; python_version >= "3.9" and python_version < "4.0"
-kombu==5.3.6 ; python_version >= "3.9" and python_version < "4.0"
+kombu==5.3.7 ; python_version >= "3.9" and python_version < "4.0"
 lxml==5.2.1 ; python_version >= "3.9" and python_version < "4.0"
-mako==1.3.2 ; python_version >= "3.9" and python_version < "4.0"
+mako==1.3.3 ; python_version >= "3.9" and python_version < "4.0"
 markupsafe==2.1.5 ; python_version >= "3.9" and python_version < "4.0"
 netaddr==1.2.1 ; python_version >= "3.9" and python_version < "4.0"
 oic==1.6.1 ; python_version >= "3.9" and python_version < "4.0"
@@ -45,9 +45,9 @@ prompt-toolkit==3.0.43 ; python_version >= "3.9" and python_version < "4.0"
 psycopg2==2.9.9 ; python_version >= "3.9" and python_version < "4.0"
 pycparser==2.22 ; python_version >= "3.9" and python_version < "4.0" and platform_python_implementation != "PyPy"
 pycryptodomex==3.20.0 ; python_version >= "3.9" and python_version < "4.0"
-pydantic-core==2.16.3 ; python_version >= "3.9" and python_version < "4.0"
+pydantic-core==2.18.1 ; python_version >= "3.9" and python_version < "4.0"
 pydantic-settings==2.2.1 ; python_version >= "3.9" and python_version < "4.0"
-pydantic==2.6.4 ; python_version >= "3.9" and python_version < "4.0"
+pydantic==2.7.0 ; python_version >= "3.9" and python_version < "4.0"
 pyjwkest==1.4.2 ; python_version >= "3.9" and python_version < "4.0"
 python-dateutil==2.9.0.post0 ; python_version >= "3.9" and python_version < "4.0"
 python-dotenv==1.0.1 ; python_version >= "3.9" and python_version < "4.0"
@@ -60,7 +60,7 @@ sqlalchemy-json==0.7.0 ; python_version >= "3.9" and python_version < "4.0"
 sqlalchemy-utils==0.41.2 ; python_version >= "3.9" and python_version < "4.0"
 sqlalchemy==1.4.52 ; python_version >= "3.9" and python_version < "4.0"
 text-unidecode==1.3 ; python_version >= "3.9" and python_version < "4.0"
-typing-extensions==4.10.0 ; python_version >= "3.9" and python_version < "4.0"
+typing-extensions==4.11.0 ; python_version >= "3.9" and python_version < "4.0"
 tzdata==2024.1 ; python_version >= "3.9" and python_version < "4.0"
 urllib3==2.2.1 ; python_version >= "3.9" and python_version < "4.0"
 vine==5.1.0 ; python_version >= "3.9" and python_version < "4.0"

web/requirements.dev.txt

@@ -5,7 +5,7 @@ attrs==23.2.0 ; python_version >= "3.9" and python_version < "4"
 authlib==1.3.0 ; python_version >= "3.9" and python_version < "4.0"
 beautifulsoup4==4.12.3 ; python_version >= "3.9" and python_version < "4"
 blinker==1.7.0 ; python_version >= "3.9" and python_version < "4.0"
-canaille[oidc]==0.0.45 ; python_version >= "3.9" and python_version < "4.0"
+canaille[oidc]==0.0.53 ; python_version >= "3.9" and python_version < "4.0"
 cffi==1.16.0 ; python_version >= "3.9" and python_version < "4" and platform_python_implementation != "PyPy"
 cfgv==3.4.0 ; python_version >= "3.9" and python_version < "4.0"
 click==8.1.7 ; python_version >= "3.9" and python_version < "4.0"
@@ -16,55 +16,53 @@ cryptography==42.0.5 ; python_version >= "3.9" and python_version < "4"
 cssselect==1.2.0 ; python_version >= "3.9" and python_version < "4.0"
 defusedxml==0.7.1 ; python_version >= "3.9" and python_version < "4.0"
 distlib==0.3.8 ; python_version >= "3.9" and python_version < "4.0"
-enum-extend==0.1.1 ; python_version >= "3.9" and python_version < "4.0"
-exceptiongroup==1.2.0 ; python_version >= "3.9" and python_version < "3.11"
-faker==24.4.0 ; python_version >= "3.9" and python_version < "4.0"
-filelock==3.13.3 ; python_version >= "3.9" and python_version < "4.0"
+exceptiongroup==1.2.1 ; python_version >= "3.9" and python_version < "3.11"
+faker==24.11.0 ; python_version >= "3.9" and python_version < "4.0"
+filelock==3.13.4 ; python_version >= "3.9" and python_version < "4.0"
 flake8==7.0.0 ; python_version >= "3.9" and python_version < "4.0"
 flask-webtest==0.1.4 ; python_version >= "3.9" and python_version < "4.0"
 flask-wtf==1.2.1 ; python_version >= "3.9" and python_version < "4.0"
-flask==3.0.2 ; python_version >= "3.9" and python_version < "4.0"
+flask==3.0.3 ; python_version >= "3.9" and python_version < "4.0"
 freezegun==1.4.0 ; python_version >= "3.9" and python_version < "4.0"
-identify==2.5.35 ; python_version >= "3.9" and python_version < "4.0"
+identify==2.5.36 ; python_version >= "3.9" and python_version < "4.0"
 importlib-metadata==7.1.0 ; python_version >= "3.9" and python_version < "3.10"
 iniconfig==2.0.0 ; python_version >= "3.9" and python_version < "4.0"
-itsdangerous==2.1.2 ; python_version >= "3.9" and python_version < "4.0"
+itsdangerous==2.2.0 ; python_version >= "3.9" and python_version < "4.0"
 jinja2==3.1.3 ; python_version >= "3.9" and python_version < "4.0"
-json5==0.9.24 ; python_version >= "3.9" and python_version < "4.0"
+json5==0.9.25 ; python_version >= "3.9" and python_version < "4.0"
 lxml==5.2.1 ; python_version >= "3.9" and python_version < "4.0"
 markupsafe==2.1.5 ; python_version >= "3.9" and python_version < "4.0"
 mccabe==0.7.0 ; python_version >= "3.9" and python_version < "4.0"
 nodeenv==1.8.0 ; python_version >= "3.9" and python_version < "4.0"
 packaging==24.0 ; python_version >= "3.9" and python_version < "4.0"
 platformdirs==4.2.0 ; python_version >= "3.9" and python_version < "4.0"
-pluggy==1.4.0 ; python_version >= "3.9" and python_version < "4.0"
+pluggy==1.5.0 ; python_version >= "3.9" and python_version < "4.0"
 portpicker==1.6.0 ; python_version >= "3.9" and python_version < "4.0"
-pre-commit==3.5.0 ; python_version >= "3.9" and python_version < "4.0"
+pre-commit==3.7.0 ; python_version >= "3.9" and python_version < "4.0"
 psutil==5.9.8 ; python_version >= "3.9" and python_version < "4.0"
 pycodestyle==2.11.1 ; python_version >= "3.9" and python_version < "4.0"
 pycparser==2.22 ; python_version >= "3.9" and python_version < "4" and platform_python_implementation != "PyPy"
-pydantic-core==2.16.3 ; python_version >= "3.9" and python_version < "4.0"
+pydantic-core==2.18.1 ; python_version >= "3.9" and python_version < "4.0"
 pydantic-settings==2.2.1 ; python_version >= "3.9" and python_version < "4.0"
-pydantic==2.6.4 ; python_version >= "3.9" and python_version < "4.0"
+pydantic==2.7.0 ; python_version >= "3.9" and python_version < "4.0"
 pyflakes==3.2.0 ; python_version >= "3.9" and python_version < "4.0"
 pyquery==2.0.0 ; python_version >= "3.9" and python_version < "4.0"
 pytest-cov==5.0.0 ; python_version >= "3.9" and python_version < "4.0"
 pytest-dotenv==0.5.2 ; python_version >= "3.9" and python_version < "4.0"
-pytest-iam==0.0.9 ; python_version >= "3.9" and python_version < "4.0"
+pytest-iam==0.0.12 ; python_version >= "3.9" and python_version < "4.0"
 pytest-mock==3.14.0 ; python_version >= "3.9" and python_version < "4.0"
 pytest-smtpd==0.1.0 ; python_version >= "3.9" and python_version < "4"
 pytest==8.1.1 ; python_version >= "3.9" and python_version < "4.0"
 python-dateutil==2.9.0.post0 ; python_version >= "3.9" and python_version < "4.0"
 python-dotenv==1.0.1 ; python_version >= "3.9" and python_version < "4.0"
 pyyaml==6.0.1 ; python_version >= "3.9" and python_version < "4.0"
-setuptools==69.2.0 ; python_version >= "3.9" and python_version < "4.0"
+setuptools==69.5.1 ; python_version >= "3.9" and python_version < "4.0"
 six==1.16.0 ; python_version >= "3.9" and python_version < "4.0"
-smtpdfix==0.5.1 ; python_version >= "3.9" and python_version < "4"
+smtpdfix==0.5.2 ; python_version >= "3.9" and python_version < "4"
 soupsieve==2.5 ; python_version >= "3.9" and python_version < "4"
-sphinx-enum-extend==0.1.3 ; python_version >= "3.9" and python_version < "4.0"
 tomli==2.0.1 ; python_version >= "3.9" and python_full_version <= "3.11.0a6"
-typing-extensions==4.10.0 ; python_version >= "3.9" and python_version < "4.0"
-virtualenv==20.25.1 ; python_version >= "3.9" and python_version < "4.0"
+typing-extensions==4.11.0 ; python_version >= "3.9" and python_version < "4.0"
+virtualenv==20.25.3 ; python_version >= "3.9" and python_version < "4.0"
 waitress==3.0.0 ; python_version >= "3.9" and python_version < "4"
 webob==1.8.7 ; python_version >= "3.9" and python_version < "4"
 webtest==3.0.0 ; python_version >= "3.9" and python_version < "4"