feat: attendee authentication can be disabled

If OIDC_ATTENDEE_ENABLED configuration option is set to False, attendee authentication step will be skipped.
numerique-gouv · Jul 28, 2023 · caa0ada · caa0ada
1 parent 7753040
commit caa0ada
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 1 deletion.
diff --git a/web.env.example b/web.env.example
@@ -42,6 +42,7 @@ OIDC_USERINFO_HTTP_METHOD=POST
 OIDC_REDIRECT_URI=http://localhost:5000/oidc_callback
 
 # Attendee OIDC Configuration (back to default if empty)
+OIDC_ATTENDEE_ENABLED=
 OIDC_ATTENDEE_ISSUER=
 OIDC_ATTENDEE_CLIENT_ID=
 OIDC_ATTENDEE_CLIENT_SECRET=

diff --git a/web/flaskr/models.py b/web/flaskr/models.py
@@ -773,7 +773,11 @@ def get_role(self, hashed_role):
         elif self.get_hash("moderator") == hashed_role:
             role = "moderator"
         elif self.get_hash("authenticated") == hashed_role:
-            role = "authenticated"
+            role = (
+                "authenticated"
+                if current_app.config["OIDC_ATTENDEE_ENABLED"]
+                else "attendee"
+            )
         else:
             role = None
         return role

diff --git a/web/instance/config.py b/web/instance/config.py
@@ -47,6 +47,15 @@
 OIDC_SERVICE_NAME = os.environ.get("OIDC_SERVICE_NAME")
 
 # Attendee OIDC Configuration (back to default if empty)
+OIDC_ATTENDEE_ENABLED = os.environ.get("OIDC_ATTENDEE_ENABLED") not in [
+    0,
+    False,
+    "0",
+    "false",
+    "False",
+    "off",
+    "OFF",
+]
 OIDC_ATTENDEE_ISSUER = os.environ.get("OIDC_ATTENDEE_ISSUER") or OIDC_ISSUER
 OIDC_ATTENDEE_CLIENT_ID = os.environ.get("OIDC_ATTENDEE_CLIENT_ID") or OIDC_CLIENT_ID
 OIDC_ATTENDEE_CLIENT_SECRET = (

diff --git a/web/tests/meeting/test_join.py b/web/tests/meeting/test_join.py
@@ -54,6 +54,30 @@ def test_signin_meeting_with_authenticated_attendee(client_app, app, meeting):
     assert response.location.endswith("/meeting/join/1/authenticated")
 
 
+def test_auth_attendee_disabled(client_app, app, meeting):
+    """
+    If attendee authentication service is temporarily disabled, we should skip
+    the attendee authentication step.
+    https://github.com/numerique-gouv/b3desk/issues/9
+    """
+    # TODO: refactor this test with modern test conventions when #6 is merged
+
+    app.config["OIDC_ATTENDEE_ENABLED"] = False
+
+    with app.app_context():
+        user_id = 1
+        meeting = Meeting.query.get(1)
+        meeting_id = meeting.id
+        meeting_hash = meeting.get_hash("authenticated")
+
+    url = f"/meeting/signin/{meeting_id}/creator/{user_id}/hash/{meeting_hash}"
+    response = client_app.get(url)
+
+    assert response.status_code == 200
+    form_action_url = "/meeting/join"
+    assert form_action_url in response.data.decode()
+
+
 def test_join_meeting_as_authenticated_attendee(
     client_app, app, meeting, authenticated_attendee
 ):