diff --git a/docs/configuration/admin_oidc.rst b/docs/configuration/admin_oidc.rst new file mode 100644 index 0000000000..0da484becb --- /dev/null +++ b/docs/configuration/admin_oidc.rst @@ -0,0 +1,188 @@ +.. _admin_oidc: + +======================== +Admin OIDC Configuration +======================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + ADMIN_OIDC_CONFIG_ENABLE + +Required: +""""""""" + +:: + + ADMIN_OIDC_OIDC_RP_CLIENT_ID + ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + +All settings: +""""""""""""" + +:: + + ADMIN_OIDC_CLAIM_MAPPING + ADMIN_OIDC_GROUPS_CLAIM + ADMIN_OIDC_MAKE_USERS_STAFF + ADMIN_OIDC_OIDC_EXEMPT_URLS + ADMIN_OIDC_OIDC_NONCE_SIZE + ADMIN_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + ADMIN_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + ADMIN_OIDC_OIDC_OP_JWKS_ENDPOINT + ADMIN_OIDC_OIDC_OP_TOKEN_ENDPOINT + ADMIN_OIDC_OIDC_OP_USER_ENDPOINT + ADMIN_OIDC_OIDC_RP_CLIENT_ID + ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + ADMIN_OIDC_OIDC_RP_IDP_SIGN_KEY + ADMIN_OIDC_OIDC_RP_SCOPES_LIST + ADMIN_OIDC_OIDC_RP_SIGN_ALGO + ADMIN_OIDC_OIDC_STATE_SIZE + ADMIN_OIDC_OIDC_USE_NONCE + ADMIN_OIDC_SUPERUSER_GROUP_NAMES + ADMIN_OIDC_SYNC_GROUPS + ADMIN_OIDC_SYNC_GROUPS_GLOB_PATTERN + ADMIN_OIDC_USERINFO_CLAIMS_SOURCE + ADMIN_OIDC_USERNAME_CLAIM + +Detailed Information +==================== + +:: + + Variable ADMIN_OIDC_CLAIM_MAPPING + Setting claim mapping + Description Mapping from user-model fields to OIDC claims + Possible values Mapping: {'some_key': 'Some value'} + Default value {'email': 'email', 'first_name': 'given_name', 'last_name': 'family_name'} + + Variable ADMIN_OIDC_GROUPS_CLAIM + Setting groups claim + Description The name of the OIDC claim that holds the values to map to local user groups. + Possible values string + Default value roles + + Variable ADMIN_OIDC_MAKE_USERS_STAFF + Setting make users staff + Description Users will be flagged as being a staff user automatically. This allows users to login to the admin interface. By default they have no permissions, even if they are staff. + Possible values True, False + Default value False + + Variable ADMIN_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable ADMIN_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive integer + Default value 32 + + Variable ADMIN_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, email, profile + + Variable ADMIN_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 + + Variable ADMIN_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string representing a positive integer + Default value 32 + + Variable ADMIN_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True + + Variable ADMIN_OIDC_SUPERUSER_GROUP_NAMES + Setting Superuser group names + Description If any of these group names are present in the claims upon login, the user will be marked as a superuser. If none of these groups are present the user will lose superuser permissions. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable ADMIN_OIDC_SYNC_GROUPS + Setting Create local user groups if they do not exist yet + Description If checked, local user groups will be created for group names present in the groups claim, if they do not exist yet locally. + Possible values True, False + Default value True + + Variable ADMIN_OIDC_SYNC_GROUPS_GLOB_PATTERN + Setting groups glob pattern + Description The glob pattern that groups must match to be synchronized to the local database. + Possible values string + Default value * + + Variable ADMIN_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint + + Variable ADMIN_OIDC_USERNAME_CLAIM + Setting username claim + Description The name of the OIDC claim that is used as the username + Possible values string + Default value sub diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst new file mode 100644 index 0000000000..2e1f24cee2 --- /dev/null +++ b/docs/configuration/digid_oidc.rst @@ -0,0 +1,174 @@ +.. _digid_oidc: + +======================== +DigiD OIDC Configuration +======================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + DIGID_OIDC_CONFIG_ENABLE + +Required: +""""""""" + +:: + + DIGID_OIDC_OIDC_RP_CLIENT_ID + DIGID_OIDC_OIDC_RP_CLIENT_SECRET + +All settings: +""""""""""""" + +:: + + DIGID_OIDC_ENABLED + DIGID_OIDC_ERROR_MESSAGE_MAPPING + DIGID_OIDC_IDENTIFIER_CLAIM_NAME + DIGID_OIDC_OIDC_EXEMPT_URLS + DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + DIGID_OIDC_OIDC_NONCE_SIZE + DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT + DIGID_OIDC_OIDC_OP_USER_ENDPOINT + DIGID_OIDC_OIDC_RP_CLIENT_ID + DIGID_OIDC_OIDC_RP_CLIENT_SECRET + DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY + DIGID_OIDC_OIDC_RP_SCOPES_LIST + DIGID_OIDC_OIDC_RP_SIGN_ALGO + DIGID_OIDC_OIDC_STATE_SIZE + DIGID_OIDC_OIDC_USE_NONCE + DIGID_OIDC_USERINFO_CLAIMS_SOURCE + +Detailed Information +==================== + +:: + + Variable DIGID_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. + Possible values True, False + Default value False + + Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values Mapping: {'some_key': 'Some value'} + Default value {} + + Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME + Setting BSN claim name + Description The name of the claim in which the BSN of the user is stored + Possible values string + Default value bsn + + Variable DIGID_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive integer + Default value 32 + + Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, bsn + + Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 + + Variable DIGID_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string representing a positive integer + Default value 32 + + Variable DIGID_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True + + Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst new file mode 100644 index 0000000000..3743f3c6fc --- /dev/null +++ b/docs/configuration/digid_saml.rst @@ -0,0 +1,208 @@ +.. _digid_saml: + +======================== +DigiD SAML Configuration +======================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + DIGID_CONFIG_ENABLE + +Required: +""""""""" + +:: + + DIGID_BASE_URL + DIGID_CERTIFICATE_LABEL + DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + DIGID_CERTIFICATE_TYPE + DIGID_ENTITY_ID + DIGID_METADATA_FILE_SOURCE + DIGID_SERVICE_DESCRIPTION + DIGID_SERVICE_NAME + +All settings: +""""""""""""" + +:: + + DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE + DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX + DIGID_BASE_URL + DIGID_CERTIFICATE_LABEL + DIGID_CERTIFICATE_PRIVATE_KEY + DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + DIGID_CERTIFICATE_TYPE + DIGID_DIGEST_ALGORITHM + DIGID_ENTITY_ID + DIGID_IDP_METADATA_FILE + DIGID_IDP_SERVICE_ENTITY_ID + DIGID_KEY_PASSPHRASE + DIGID_METADATA_FILE_SOURCE + DIGID_ORGANIZATION_NAME + DIGID_ORGANIZATION_URL + DIGID_REQUESTED_ATTRIBUTES + DIGID_SERVICE_DESCRIPTION + DIGID_SERVICE_NAME + DIGID_SIGNATURE_ALGORITHM + DIGID_SLO + DIGID_TECHNICAL_CONTACT_PERSON_EMAIL + DIGID_TECHNICAL_CONTACT_PERSON_TELEPHONE + DIGID_WANT_ASSERTIONS_ENCRYPTED + DIGID_WANT_ASSERTIONS_SIGNED + +Detailed Information +==================== + +:: + + Variable DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE + Setting Content-Type 'resolve artifact binding' + Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. + Possible values application/soap+xml, text/xml + Default value application/soap+xml + + Variable DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting Attribute consuming service index + Description Attribute consuming service index + Possible values string + Default value 1 + + Variable DIGID_BASE_URL + Setting Basis-URL + Description De basis-URL van de applicatie, zonder slash op het eind. + Possible values string + Default value No default + + Variable DIGID_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string + Default value No default + + Variable DIGID_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml + Default value No default + + Variable DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml + Default value No default + + Variable DIGID_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable DIGID_DIGEST_ALGORITHM + Setting digest algorithm + Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. + Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 + Default value http://www.w3.org/2000/09/xmldsig#sha1 + + Variable DIGID_ENTITY_ID + Setting entity ID + Description Service provider entity ID. + Possible values string + Default value No default + + Variable DIGID_IDP_METADATA_FILE + Setting metadata identity provider + Description Het bestand met metadata van de identity provider. Deze wordt automatisch opgehaald via de ingestelde metadata-URL. + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml + Default value No default + + Variable DIGID_IDP_SERVICE_ENTITY_ID + Setting identity provider service entity ID + Description Bijvoorbeeld: 'https://was-preprod1.digid.nl/saml/idp/metadata'. Merk op dat dit moet overeenkomen met het 'entityID'-attribuut op het 'md-EntityDescriptor'-element in de metadata van de identity provider. Dit wordt automatisch opgehaald via de ingestelde metadata-URL. + Possible values string + Default value No default + + Variable DIGID_KEY_PASSPHRASE + Setting wachtwoordzin private-key + Description Wachtwoord voor de private-key voor de authenticatie-flow. + Possible values string + Default value No default + + Variable DIGID_METADATA_FILE_SOURCE + Setting (XML) metadata-URL + Description De URL waar het XML metadata-bestand kan gedownload worden. + Possible values string + Default value + + Variable DIGID_ORGANIZATION_NAME + Setting organisatienaam + Description Naam van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de URL opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_ORGANIZATION_URL + Setting organisatie-URL + Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van strings (of objecten) met de gewenste attributen, bijvoorbeeld '["bsn"]' + Possible values Mapping: {'some_key': 'Some value'} + Default value {'name': 'bsn', 'required': True} + + Variable DIGID_SERVICE_DESCRIPTION + Setting Service-omschrijving + Description Een beschrijving van de service die je aanbiedt. + Possible values string + Default value No default + + Variable DIGID_SERVICE_NAME + Setting servicenaam + Description Naam van de service die je aanbiedt. + Possible values string + Default value No default + + Variable DIGID_SIGNATURE_ALGORITHM + Setting signature algorithm + Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). + Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + + Variable DIGID_SLO + Setting Single logout + Description Single Logout is beschikbaar indien ingeschakeld + Possible values True, False + Default value True + + Variable DIGID_TECHNICAL_CONTACT_PERSON_EMAIL + Setting technisch contactpersoon: e-mailadres + Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_TECHNICAL_CONTACT_PERSON_TELEPHONE + Setting technisch contactpersoon: telefoonnummer + Description Telefoonnummer van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het e-mailadres opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_WANT_ASSERTIONS_ENCRYPTED + Setting versleutel assertions + Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. + Possible values True, False + Default value False + + Variable DIGID_WANT_ASSERTIONS_SIGNED + Setting onderteken assertions + Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. + Possible values True, False + Default value True diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst new file mode 100644 index 0000000000..b629ca866d --- /dev/null +++ b/docs/configuration/eherkenning_oidc.rst @@ -0,0 +1,174 @@ +.. _eherkenning_oidc: + +============================== +eHerkenning OIDC Configuration +============================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + EHERKENNING_OIDC_CONFIG_ENABLE + +Required: +""""""""" + +:: + + EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + +All settings: +""""""""""""" + +:: + + EHERKENNING_OIDC_ENABLED + EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING + EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + EHERKENNING_OIDC_OIDC_EXEMPT_URLS + EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + EHERKENNING_OIDC_OIDC_NONCE_SIZE + EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY + EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + EHERKENNING_OIDC_OIDC_STATE_SIZE + EHERKENNING_OIDC_OIDC_USE_NONCE + EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + +Detailed Information +==================== + +:: + + Variable EHERKENNING_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. + Possible values True, False + Default value False + + Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values Mapping: {'some_key': 'Some value'} + Default value {} + + Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + Setting KVK claim name + Description The name of the claim in which the KVK of the user is stored + Possible values string + Default value kvk + + Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive integer + Default value 32 + + Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, kvk + + Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 + + Variable EHERKENNING_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string representing a positive integer + Default value 32 + + Variable EHERKENNING_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True + + Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint diff --git a/docs/configuration/eherkenning_saml.rst b/docs/configuration/eherkenning_saml.rst new file mode 100644 index 0000000000..667147db3f --- /dev/null +++ b/docs/configuration/eherkenning_saml.rst @@ -0,0 +1,281 @@ +.. _eherkenning_saml: + +============================== +eHerkenning SAML Configuration +============================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + EHERKENNING_CONFIG_ENABLE + +Required: +""""""""" + +:: + + EHERKENNING_BASE_URL + EHERKENNING_CERTIFICATE_LABEL + EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + EHERKENNING_CERTIFICATE_TYPE + EHERKENNING_ENTITY_ID + EHERKENNING_MAKELAAR_ID + EHERKENNING_METADATA_FILE_SOURCE + EHERKENNING_OIN + EHERKENNING_PRIVACY_POLICY + EHERKENNING_SERVICE_DESCRIPTION + EHERKENNING_SERVICE_NAME + +All settings: +""""""""""""" + +:: + + EHERKENNING_ARTIFACT_RESOLVE_CONTENT_TYPE + EHERKENNING_BASE_URL + EHERKENNING_CERTIFICATE_LABEL + EHERKENNING_CERTIFICATE_PRIVATE_KEY + EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + EHERKENNING_CERTIFICATE_TYPE + EHERKENNING_DIGEST_ALGORITHM + EHERKENNING_EH_ATTRIBUTE_CONSUMING_SERVICE_INDEX + EHERKENNING_EH_LOA + EHERKENNING_EH_REQUESTED_ATTRIBUTES + EHERKENNING_EH_SERVICE_INSTANCE_UUID + EHERKENNING_EH_SERVICE_UUID + EHERKENNING_EIDAS_ATTRIBUTE_CONSUMING_SERVICE_INDEX + EHERKENNING_EIDAS_LOA + EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES + EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID + EHERKENNING_EIDAS_SERVICE_UUID + EHERKENNING_ENTITY_ID + EHERKENNING_KEY_PASSPHRASE + EHERKENNING_MAKELAAR_ID + EHERKENNING_METADATA_FILE_SOURCE + EHERKENNING_NO_EIDAS + EHERKENNING_OIN + EHERKENNING_ORGANIZATION_NAME + EHERKENNING_ORGANIZATION_URL + EHERKENNING_PRIVACY_POLICY + EHERKENNING_SERVICE_DESCRIPTION + EHERKENNING_SERVICE_LANGUAGE + EHERKENNING_SERVICE_NAME + EHERKENNING_SIGNATURE_ALGORITHM + EHERKENNING_TECHNICAL_CONTACT_PERSON_EMAIL + EHERKENNING_TECHNICAL_CONTACT_PERSON_TELEPHONE + EHERKENNING_WANT_ASSERTIONS_ENCRYPTED + EHERKENNING_WANT_ASSERTIONS_SIGNED + +Detailed Information +==================== + +:: + + Variable EHERKENNING_ARTIFACT_RESOLVE_CONTENT_TYPE + Setting Content-Type 'resolve artifact binding' + Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. + Possible values application/soap+xml, text/xml + Default value application/soap+xml + + Variable EHERKENNING_BASE_URL + Setting Basis-URL + Description De basis-URL van de applicatie, zonder slash op het eind. + Possible values string + Default value No default + + Variable EHERKENNING_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string + Default value No default + + Variable EHERKENNING_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml + Default value No default + + Variable EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml + Default value No default + + Variable EHERKENNING_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable EHERKENNING_DIGEST_ALGORITHM + Setting digest algorithm + Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. + Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 + Default value http://www.w3.org/2000/09/xmldsig#sha1 + + Variable EHERKENNING_EH_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting eHerkenning attribute consuming service index + Description Attribute consuming service index voor de eHerkenningservice + Possible values string + Default value 9052 + + Variable EHERKENNING_EH_LOA + Setting eHerkenning LoA + Description Level of Assurance (LoA) to use for the eHerkenning service. + Possible values urn:etoegang:core:assurance-class:loa1, urn:etoegang:core:assurance-class:loa2, urn:etoegang:core:assurance-class:loa2plus, urn:etoegang:core:assurance-class:loa3, urn:etoegang:core:assurance-class:loa4 + Default value urn:etoegang:core:assurance-class:loa3 + + Variable EHERKENNING_EH_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. + Possible values Mapping: {'some_key': 'Some value'} + Default value {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} + + Variable EHERKENNING_EH_SERVICE_INSTANCE_UUID + Setting UUID eHerkenningservice instance + Description UUID van de eHerkenningservice-instantie. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EH_SERVICE_UUID + Setting UUID eHerkenningservice + Description UUID van de eHerkenningservice. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EIDAS_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting eIDAS attribute consuming service index + Description Attribute consuming service index voor de eIDAS-service + Possible values string + Default value 9053 + + Variable EHERKENNING_EIDAS_LOA + Setting eIDAS LoA + Description Level of Assurance (LoA) to use for the eIDAS service. + Possible values urn:etoegang:core:assurance-class:loa1, urn:etoegang:core:assurance-class:loa2, urn:etoegang:core:assurance-class:loa2plus, urn:etoegang:core:assurance-class:loa3, urn:etoegang:core:assurance-class:loa4 + Default value urn:etoegang:core:assurance-class:loa3 + + Variable EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. + Possible values Mapping: {'some_key': 'Some value'} + Default value {'name': 'urn:etoegang:1.9:attribute:FirstName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:FamilyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:DateOfBirth', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} + + Variable EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID + Setting UUID eIDAS-service instance + Description UUID van de eIDAS-service-instantie. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EIDAS_SERVICE_UUID + Setting UUID eIDAS-service + Description UUID van de eIDAS-service. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_ENTITY_ID + Setting entity ID + Description Service provider entity ID. + Possible values string + Default value No default + + Variable EHERKENNING_KEY_PASSPHRASE + Setting wachtwoordzin private-key + Description Wachtwoord voor de private-key voor de authenticatie-flow. + Possible values string + Default value No default + + Variable EHERKENNING_MAKELAAR_ID + Setting makelaar-ID + Description OIN van de makelaar waarmee eHerkenning/eIDAS ingericht is. + Possible values string + Default value No default + + Variable EHERKENNING_METADATA_FILE_SOURCE + Setting (XML) metadata-URL + Description De URL waar het XML metadata-bestand kan gedownload worden. + Possible values string + Default value + + Variable EHERKENNING_NO_EIDAS + Setting zonder eIDAS + Description Indien aangevinkt, dan zal de dienstcatalogus enkel de eHerkenningservice bevatten. + Possible values True, False + Default value False + + Variable EHERKENNING_OIN + Setting OIN + Description De OIN van het bedrijf dat de service aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_ORGANIZATION_NAME + Setting organisatienaam + Description Naam van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de URL opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_ORGANIZATION_URL + Setting organisatie-URL + Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_PRIVACY_POLICY + Setting privacybeleid + Description De URL waar het privacybeleid van de service-aanbieder (organisatie) beschreven staat. + Possible values string + Default value No default + + Variable EHERKENNING_SERVICE_DESCRIPTION + Setting Service-omschrijving + Description Een beschrijving van de service die je aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_SERVICE_LANGUAGE + Setting servicetaal + Description eHerkenning/eIDAS-metadata zal deze taal bevatten + Possible values string + Default value nl + + Variable EHERKENNING_SERVICE_NAME + Setting servicenaam + Description Naam van de service die je aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_SIGNATURE_ALGORITHM + Setting signature algorithm + Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). + Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + + Variable EHERKENNING_TECHNICAL_CONTACT_PERSON_EMAIL + Setting technisch contactpersoon: e-mailadres + Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_TECHNICAL_CONTACT_PERSON_TELEPHONE + Setting technisch contactpersoon: telefoonnummer + Description Telefoonnummer van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het e-mailadres opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_WANT_ASSERTIONS_ENCRYPTED + Setting versleutel assertions + Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. + Possible values True, False + Default value False + + Variable EHERKENNING_WANT_ASSERTIONS_SIGNED + Setting onderteken assertions + Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. + Possible values True, False + Default value True diff --git a/docs/configuration/general.rst b/docs/configuration/general.rst new file mode 100644 index 0000000000..dec4e46896 --- /dev/null +++ b/docs/configuration/general.rst @@ -0,0 +1,75 @@ +==================== +Setup configurations +==================== + +OIP supports automating the configuration of (parts of) the platform via the management command ``setup_configuration``. The command uses environment variables to configure OIP and (by default) automatically tests the configuration to detect problems. + + +Defining variables +================== + +Variables can be defined by creating a ``.env`` file in the root directory of the project (on the same level as the ``src`` directory, not inside it) and setting the relevant variables as documented in the sections below, replacing the example values with values of your choice. Alternatively, you can use a process manager like supervisor or systemd. For example, both of the following: + +:: + + # .env + SITE_WARNING_BANNER_ENABLED=True + SITE_NAME="My site" + + # systemd config file + [Service] + Environment="SITE_WARNING_BANNER_ENABLED=True" + Environment="SITE_NAME=My site" + +will enable the warning banner and define the name of the site as "My site". Note that the variables are namespaced: ``SITE_FOO=BAR`` for variables concerning the general configuration, ``ZGW_BAR=BAZ`` for variables concerning the configuration of ZGW, and so on. For an overview of the features that support automatic configuration and the relevant environment variables, see ``Supported configurations`` below. + + +Usage +===== + +If the project is being configured for the first time, run the command from the project root: + +:: + + src/manage.py setup_configuration + +By default, ``setup_configuration`` checks per configuration step if it is already configured and skips this step if that is the case. In order to overwrite an existing configuration, use: + +:: + + src/manage.py setup_configuration --overwrite + + +Also by default, ``setup_configuration`` tests the configuration to detect problems. You can disable this with the following: + +:: + + src/manage.py setup_configuration --no-selftest + + +For a full overview of the command and its options: + +:: + + src/manage.py setup_configuration --help + + + +Supported configurations +======================== + +`General configuration <./siteconfig.rst>`_ + +`Klanten configuration <./kic.rst>`_ + +`ZGW configuration <./zgw.rst>`_ + +`Admin OIDC configuration <./admin_oidc.rst>`_ + +`DigiD OIDC configuration <./digid_oidc.rst>`_ + +`DigiD SAML configuration <./digid_saml.rst>`_ + +`eHerkenning OIDC configuration <./eherkenning_oidc.rst>`_ + +`eHerkenning SAML configuration <./eherkenning_saml.rst>`_ diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst new file mode 100644 index 0000000000..b530b1dfb2 --- /dev/null +++ b/docs/configuration/kic.rst @@ -0,0 +1,131 @@ +.. _kic: + +===================== +Klanten Configuration +===================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + KIC_CONFIG_ENABLE + +Required: +""""""""" + +:: + + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONTACTMOMENTEN_SERVICE_SECRET + KIC_KLANTEN_SERVICE_API_ROOT + KIC_KLANTEN_SERVICE_CLIENT_ID + KIC_KLANTEN_SERVICE_SECRET + KIC_REGISTER_CONTACT_MOMENT + KIC_REGISTER_TYPE + +All settings: +""""""""""""" + +:: + + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONTACTMOMENTEN_SERVICE_SECRET + KIC_KLANTEN_SERVICE_API_ROOT + KIC_KLANTEN_SERVICE_CLIENT_ID + KIC_KLANTEN_SERVICE_SECRET + KIC_REGISTER_BRONORGANISATIE_RSIN + KIC_REGISTER_CHANNEL + KIC_REGISTER_CONTACT_MOMENT + KIC_REGISTER_EMAIL + KIC_REGISTER_EMPLOYEE_ID + KIC_REGISTER_TYPE + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + +Detailed Information +==================== + +:: + + Variable KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable KIC_CONTACTMOMENTEN_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable KIC_KLANTEN_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable KIC_KLANTEN_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable KIC_KLANTEN_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable KIC_REGISTER_BRONORGANISATIE_RSIN + Setting Organisatie RSIN + Description No description + Possible values string + Default value + + Variable KIC_REGISTER_CHANNEL + Setting Contactmoment kanaal + Description De kanaal waarop nieuwe contactmomenten worden aangemaakt + Possible values string + Default value contactformulier + + Variable KIC_REGISTER_CONTACT_MOMENT + Setting Registreer in Contactmomenten API + Description No description + Possible values True, False + Default value False + + Variable KIC_REGISTER_EMAIL + Setting Registreer op email adres + Description No description + Possible values string + Default value No default + + Variable KIC_REGISTER_EMPLOYEE_ID + Setting Medewerker identificatie + Description Gebruikersnaam van actieve medewerker uit e-Suite + Possible values string + Default value + + Variable KIC_REGISTER_TYPE + Setting Contactmoment type + Description Naam van 'contacttype' uit e-Suite + Possible values string + Default value Melding + + Variable KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN + Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. + Possible values True, False + Default value False diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst new file mode 100644 index 0000000000..b37c9e67a3 --- /dev/null +++ b/docs/configuration/siteconfig.rst @@ -0,0 +1,512 @@ +.. _siteconfig: + +===================== +General Configuration +===================== + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + SITE_CONFIG_ENABLE + +Required: +""""""""" + +:: + + SITE_ACCENT_COLOR + SITE_NAME + SITE_PRIMARY_COLOR + SITE_SECONDARY_COLOR + +All settings: +""""""""""""" + +:: + + SITE_ACCENT_COLOR + SITE_ACCENT_FONT_COLOR + SITE_ACCOUNT_HELP_TEXT + SITE_ALLOW_MESSAGES_FILE_SHARING + SITE_CONTACT_PAGE + SITE_CONTACT_PHONENUMBER + SITE_COOKIE_INFO_TEXT + SITE_COOKIE_LINK_TEXT + SITE_COOKIE_LINK_URL + SITE_DISPLAY_SOCIAL + SITE_EHERKENNING_ENABLED + SITE_EMAIL_NEW_MESSAGE + SITE_EMAIL_VERIFICATION_REQUIRED + SITE_FOOTER_LOGO_TITLE + SITE_FOOTER_LOGO_URL + SITE_GA_CODE + SITE_GTM_CODE + SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + SITE_HOME_HELP_TEXT + SITE_HOME_MAP_INTRO + SITE_HOME_MAP_TITLE + SITE_HOME_PRODUCT_FINDER_INTRO + SITE_HOME_PRODUCT_FINDER_TITLE + SITE_HOME_QUESTIONNAIRE_INTRO + SITE_HOME_QUESTIONNAIRE_TITLE + SITE_HOME_THEME_INTRO + SITE_HOME_THEME_TITLE + SITE_HOME_WELCOME_INTRO + SITE_HOME_WELCOME_TITLE + SITE_KCM_SURVEY_LINK_TEXT + SITE_KCM_SURVEY_LINK_URL + SITE_LOGIN_2FA_SMS + SITE_LOGIN_ALLOW_REGISTRATION + SITE_LOGIN_SHOW + SITE_LOGIN_TEXT + SITE_MATOMO_SITE_ID + SITE_MATOMO_URL + SITE_NAME + SITE_OPENID_CONNECT_LOGIN_TEXT + SITE_OPENID_DISPLAY + SITE_PLANS_EDIT_MESSAGE + SITE_PLANS_INTRO + SITE_PLANS_NO_PLANS_MESSAGE + SITE_PLAN_HELP_TEXT + SITE_PRIMARY_COLOR + SITE_PRIMARY_FONT_COLOR + SITE_PRODUCT_HELP_TEXT + SITE_QUESTIONNAIRE_HELP_TEXT + SITE_RECIPIENTS_EMAIL_DIGEST + SITE_REDIRECT_TO + SITE_REGISTRATION_TEXT + SITE_SEARCH_FILTER_CATEGORIES + SITE_SEARCH_FILTER_ORGANIZATIONS + SITE_SEARCH_FILTER_TAGS + SITE_SEARCH_HELP_TEXT + SITE_SECONDARY_COLOR + SITE_SECONDARY_FONT_COLOR + SITE_SELECT_QUESTIONNAIRE_INTRO + SITE_SELECT_QUESTIONNAIRE_TITLE + SITE_SITEIMPROVE_ID + SITE_THEME_HELP_TEXT + SITE_THEME_INTRO + SITE_THEME_TITLE + SITE_WARNING_BANNER_BACKGROUND_COLOR + SITE_WARNING_BANNER_ENABLED + SITE_WARNING_BANNER_FONT_COLOR + SITE_WARNING_BANNER_TEXT + +Detailed Information +==================== + +:: + + Variable SITE_ACCENT_COLOR + Setting Accentkleur + Description Accentkleur van de gemeentesite/huisstijl + Possible values string + Default value #FFFFFF + + Variable SITE_ACCENT_FONT_COLOR + Setting Accent tekstkleur + Description De tekstkleur voor wanneer de achtergrond de accentkleur is + Possible values #FFFFFF, #4B4B4B + Default value #4B4B4B + + Variable SITE_ACCOUNT_HELP_TEXT + Setting Helptekst mijn profiel + Description De helptekst in de popup van de profielpagina's + Possible values text (string) + Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. + + Variable SITE_ALLOW_MESSAGES_FILE_SHARING + Setting Sta het delen van bestanden via Mijn Berichten toe + Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden + Possible values True, False + Default value True + + Variable SITE_CONTACT_PAGE + Setting URL + Description URL van de contactpagina van de organisatie + Possible values string + Default value No default + + Variable SITE_CONTACT_PHONENUMBER + Setting Telefoonnummer + Description Telefoonnummer van de organisatie + Possible values string + Default value No default + + Variable SITE_COOKIE_INFO_TEXT + Setting Tekst cookiebanner informatie + Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. + Possible values string + Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. + + Variable SITE_COOKIE_LINK_TEXT + Setting Tekst cookiebanner link + Description De tekst die wordt gebruikt als link naar de privacypagina. + Possible values string + Default value Lees meer over ons cookiebeleid. + + Variable SITE_COOKIE_LINK_URL + Setting URL van de privacypagina + Description De link naar de pagina met het privacybeleid. + Possible values string + Default value /pages/privacyverklaring/ + + Variable SITE_DISPLAY_SOCIAL + Setting Toon sociale media knoppen bij elk product + Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) + Possible values True, False + Default value True + + Variable SITE_EHERKENNING_ENABLED + Setting eHerkenning authentication ingeschakeld + Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. + Possible values True, False + Default value False + + Variable SITE_EMAIL_NEW_MESSAGE + Setting Stuur een mail bij nieuwe berichten + Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. + Possible values True, False + Default value True + + Variable SITE_EMAIL_VERIFICATION_REQUIRED + Setting E-mailverificatie vereist + Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren + Possible values True, False + Default value False + + Variable SITE_FOOTER_LOGO_TITLE + Setting Footer logo title + Description The title - help text of the footer logo. + Possible values string + Default value + + Variable SITE_FOOTER_LOGO_URL + Setting Footer logo link + Description The external link for the footer logo. + Possible values string + Default value + + Variable SITE_GA_CODE + Setting Google Analytics code + Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. + Possible values string + Default value No default + + Variable SITE_GTM_CODE + Setting Google Tag Manager code + Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. + Possible values string + Default value No default + + Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers + Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. + Possible values True, False + Default value False + + Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + Setting Verberg zoekbalk voor anonieme gebruiker + Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. + Possible values True, False + Default value False + + Variable SITE_HOME_HELP_TEXT + Setting Helptekst homepage + Description Helptekst in de popup op de voorpagina + Possible values text (string) + Default value Welkom! Op dit scherm vindt u een overzicht van de verschillende onderwerpen en producten & diensten. + + Variable SITE_HOME_MAP_INTRO + Setting Introductietekst kaart + Description Introductietekst van de kaart op de homepage + Possible values text (string) + Default value No default + + Variable SITE_HOME_MAP_TITLE + Setting Koptekst van de kaart op de homepage + Description Koptekst van de kaart op de homepage + Possible values string + Default value In de buurt + + Variable SITE_HOME_PRODUCT_FINDER_INTRO + Setting Introductietekst productzoeker homepage + Description Introductietekst van de productzoeker op de homepage. + Possible values text (string) + Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie + + Variable SITE_HOME_PRODUCT_FINDER_TITLE + Setting Productzoeker titel + Description Titel van de productzoeker op de homepage. + Possible values string + Default value Productzoeker + + Variable SITE_HOME_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst homepage + Description Vragenlijst introductietekst op de homepage. + Possible values text (string) + Default value Test met een paar simpele vragen of u recht heeft op een product + + Variable SITE_HOME_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst homepage + Description Vragenlijst titel op de homepage. + Possible values string + Default value Waar bent u naar op zoek? + + Variable SITE_HOME_THEME_INTRO + Setting Onderwerpen introductietekst op de homepage + Description Introductietekst 'Onderwerpen' op de homepage + Possible values text (string) + Default value No default + + Variable SITE_HOME_THEME_TITLE + Setting Titel 'Onderwerpen' op de homepage + Description Koptekst van de Onderwerpen op de homepage + Possible values string + Default value Onderwerpen + + Variable SITE_HOME_WELCOME_INTRO + Setting Introductietekst homepage + Description Introductietekst op de homepage + Possible values text (string) + Default value No default + + Variable SITE_HOME_WELCOME_TITLE + Setting Koptekst homepage + Description Koptekst op de homepage + Possible values string + Default value Welkom + + Variable SITE_KCM_SURVEY_LINK_TEXT + Setting Feedbackknop label + Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen + Possible values string + Default value No default + + Variable SITE_KCM_SURVEY_LINK_URL + Setting Feedbackknop URL + Description De externe link achter de feedbackknop feedback. + Possible values string + Default value No default + + Variable SITE_LOGIN_2FA_SMS + Setting Log in met 2FA-met-SMS + Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen + Possible values True, False + Default value False + + Variable SITE_LOGIN_ALLOW_REGISTRATION + Setting Sta lokale registratie toe + Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. + Possible values True, False + Default value False + + Variable SITE_LOGIN_SHOW + Setting Toon inlogknop rechts bovenin + Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen + Possible values True, False + Default value True + + Variable SITE_LOGIN_TEXT + Setting Login tekst + Description Deze tekst wordt getoond op de login pagina. + Possible values text (string) + Default value No default + + Variable SITE_MATOMO_SITE_ID + Setting Matamo site ID + Description De 'idsite' van de website in Matamo die getrackt dient te worden. + Possible values string representing a positive integer + Default value No default + + Variable SITE_MATOMO_URL + Setting Matamo server URL + Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. + Possible values string + Default value No default + + Variable SITE_NAME + Setting Naam + Description Naam van de gemeente + Possible values string + Default value No default + + Variable SITE_OPENID_CONNECT_LOGIN_TEXT + Setting OpenID Connect login tekst + Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld + Possible values string + Default value Login with Azure AD + + Variable SITE_OPENID_DISPLAY + Setting Toon optie om in te loggen via OpenID Connect + Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. + Possible values admin, regular + Default value admin + + Variable SITE_PLANS_EDIT_MESSAGE + Setting Standaardtekst 'doel wijzigen' + Description Het bericht wanneer een gebruiker een doel wijzigt. + Possible values string + Default value Hier kunt u uw doel aanpassen + + Variable SITE_PLANS_INTRO + Setting Introductietekst Samenwerken + Description Subtitel voor de planpagina. + Possible values text (string) + Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. + + Variable SITE_PLANS_NO_PLANS_MESSAGE + Setting Standaardtekst geen samenwerkingen + Description Het bericht als een gebruiker nog geen plannen heeft. + Possible values string + Default value U heeft nog geen plan gemaakt. + + Variable SITE_PLAN_HELP_TEXT + Setting Helptekst samenwerken + Description De helptekst in de popup van de samenwerken-pagina's + Possible values text (string) + Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. + + Variable SITE_PRIMARY_COLOR + Setting Primaire kleur + Description Hoofdkleur van de gemeentesite/huisstijl + Possible values string + Default value #FFFFFF + + Variable SITE_PRIMARY_FONT_COLOR + Setting Primaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is + Possible values #FFFFFF, #4B4B4B + Default value #FFFFFF + + Variable SITE_PRODUCT_HELP_TEXT + Setting Helptekst producten + Description Helptekst in de popup van de productenpagina's + Possible values text (string) + Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. + + Variable SITE_QUESTIONNAIRE_HELP_TEXT + Setting Helptekst vragenlijst/zelftest + Description De helptekst in de popup op de vragenlijst/zelftestpagina's + Possible values text (string) + Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. + + Variable SITE_RECIPIENTS_EMAIL_DIGEST + Setting ontvangers e-mailsamenvatting + Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable SITE_REDIRECT_TO + Setting Stuur niet-ingelogde gebruiker door naar + Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' + Possible values string + Default value No default + + Variable SITE_REGISTRATION_TEXT + Setting Registratie tekst + Description Deze tekst wordt getoond op de registratie pagina. + Possible values text (string) + Default value No default + + Variable SITE_SEARCH_FILTER_CATEGORIES + Setting Onderwerpenfilter toevoegen aan zoekresultaten + Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True + + Variable SITE_SEARCH_FILTER_ORGANIZATIONS + Setting Organisaties-filter toevoegen aan zoekresultaten + Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True + + Variable SITE_SEARCH_FILTER_TAGS + Setting Tagfilter toevoegen aan zoekresultaten + Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True + + Variable SITE_SEARCH_HELP_TEXT + Setting Helptekst zoeken + Description De helptekst in de popup op de zoekpagina's + Possible values text (string) + Default value Op dit scherm kunt u zoeken naar de producten en diensten. + + Variable SITE_SECONDARY_COLOR + Setting Secundaire kleur + Description Secundaire kleur van de gemeentesite/huisstijl + Possible values string + Default value #FFFFFF + + Variable SITE_SECONDARY_FONT_COLOR + Setting Secundaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is + Possible values #FFFFFF, #4B4B4B + Default value #FFFFFF + + Variable SITE_SELECT_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst widget + Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Possible values text (string) + Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. + + Variable SITE_SELECT_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst widget + Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. + Possible values string + Default value Keuze zelftest? + + Variable SITE_SITEIMPROVE_ID + Setting SiteImprove ID + Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. + Possible values string + Default value + + Variable SITE_THEME_HELP_TEXT + Setting Onderwerpen help + Description Helptekst in de popup op de onderwerpenpagina + Possible values text (string) + Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. + + Variable SITE_THEME_INTRO + Setting Onderwerpen introductie + Description Introductietekst op de onderwerpenpagina + Possible values text (string) + Default value No default + + Variable SITE_THEME_TITLE + Setting Onderwerpen titel + Description Titel op de Onderwerpenpagina + Possible values string + Default value Onderwerpen + + Variable SITE_WARNING_BANNER_BACKGROUND_COLOR + Setting Waarschuwingsbanner achtergrond + Description Waarschuwingsbanner achtergrondkleur + Possible values string + Default value #FFDBAD + + Variable SITE_WARNING_BANNER_ENABLED + Setting Toon waarschuwingsbanner + Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Possible values True, False + Default value False + + Variable SITE_WARNING_BANNER_FONT_COLOR + Setting Waarschuwingsbanner tekst + Description De tekstkleur voor de waarschuwingsbanner + Possible values string + Default value #000000 + + Variable SITE_WARNING_BANNER_TEXT + Setting Tekstinhoud waarschuwingsbanner + Description De tekst die zichtbaar is in de waarschuwingsbanner + Possible values text (string) + Default value No default diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst new file mode 100644 index 0000000000..621b88660b --- /dev/null +++ b/docs/configuration/zgw.rst @@ -0,0 +1,198 @@ +.. _zgw: + +================= +ZGW Configuration +================= + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + ZGW_CONFIG_ENABLE + +Required: +""""""""" + +:: + + ZGW_CATALOGI_SERVICE_API_ROOT + ZGW_CATALOGI_SERVICE_CLIENT_ID + ZGW_CATALOGI_SERVICE_SECRET + ZGW_DOCUMENT_SERVICE_API_ROOT + ZGW_DOCUMENT_SERVICE_CLIENT_ID + ZGW_DOCUMENT_SERVICE_SECRET + ZGW_FORM_SERVICE_API_ROOT + ZGW_FORM_SERVICE_CLIENT_ID + ZGW_FORM_SERVICE_SECRET + ZGW_ZAAK_SERVICE_API_ROOT + ZGW_ZAAK_SERVICE_CLIENT_ID + ZGW_ZAAK_SERVICE_SECRET + +All settings: +""""""""""""" + +:: + + ZGW_ACTION_REQUIRED_DEADLINE_DAYS + ZGW_ALLOWED_FILE_EXTENSIONS + ZGW_CATALOGI_SERVICE_API_ROOT + ZGW_CATALOGI_SERVICE_CLIENT_ID + ZGW_CATALOGI_SERVICE_SECRET + ZGW_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_DOCUMENT_SERVICE_API_ROOT + ZGW_DOCUMENT_SERVICE_CLIENT_ID + ZGW_DOCUMENT_SERVICE_SECRET + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + ZGW_FORM_SERVICE_API_ROOT + ZGW_FORM_SERVICE_CLIENT_ID + ZGW_FORM_SERVICE_SECRET + ZGW_MAX_UPLOAD_SIZE + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + ZGW_TITLE_TEXT + ZGW_ZAAK_MAX_CONFIDENTIALITY + ZGW_ZAAK_SERVICE_API_ROOT + ZGW_ZAAK_SERVICE_CLIENT_ID + ZGW_ZAAK_SERVICE_SECRET + +Detailed Information +==================== + +:: + + Variable ZGW_ACTION_REQUIRED_DEADLINE_DAYS + Setting Standaard actie deadline termijn in dagen + Description Aantal dagen voor gebruiker om actie te ondernemen. + Possible values string representing an integer + Default value 15 + + Variable ZGW_ALLOWED_FILE_EXTENSIONS + Setting allowed file extensions + Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. + Possible values string, comma-delimited ('foo,bar,baz') + Default value bmp, doc, docx, gif, jpeg, jpg, msg, pdf, png, ppt, pptx, rtf, tiff, txt, vsd, xls, xlsx + + Variable ZGW_CATALOGI_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_CATALOGI_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_CATALOGI_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable ZGW_DOCUMENT_MAX_CONFIDENTIALITY + Setting Documenten vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim + Default value openbaar + + Variable ZGW_DOCUMENT_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_DOCUMENT_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_DOCUMENT_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken + Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker + Possible values True, False + Default value False + + Variable ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken + Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. + Possible values True, False + Default value False + + Variable ZGW_FORM_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_FORM_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_FORM_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable ZGW_MAX_UPLOAD_SIZE + Setting Maximale upload grootte (in MB) + Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. + Possible values string representing a positive integer + Default value 50 + + Variable ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + Setting Converteer eSuite zaaknummers + Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). + Possible values True, False + Default value False + + Variable ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + Setting Maak gebruik van StatusType.informeren workaround (eSuite) + Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. + Possible values True, False + Default value False + + Variable ZGW_TITLE_TEXT + Setting Titel tekst + Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. + Possible values text (string) + Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. + + Variable ZGW_ZAAK_MAX_CONFIDENTIALITY + Setting Zaak vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim + Default value openbaar + + Variable ZGW_ZAAK_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_ZAAK_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_ZAAK_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default diff --git a/src/open_inwoner/conf/app/setup_configuration.py b/src/open_inwoner/conf/app/setup_configuration.py index 3785a90227..f78719c246 100644 --- a/src/open_inwoner/conf/app/setup_configuration.py +++ b/src/open_inwoner/conf/app/setup_configuration.py @@ -19,93 +19,87 @@ OIP_ORGANIZATION = config("OIP_ORGANIZATION", "") # ZGW configuration variables -ZGW_CONFIG_ENABLE = config("ZGW_CONFIG_ENABLE", default=True) -ZGW_CONFIG_ZAKEN_API_ROOT = config("ZGW_CONFIG_ZAKEN_API_ROOT", "") -if ZGW_CONFIG_ZAKEN_API_ROOT and not ZGW_CONFIG_ZAKEN_API_ROOT.endswith("/"): - ZGW_CONFIG_ZAKEN_API_ROOT = f"{ZGW_CONFIG_ZAKEN_API_ROOT.strip()}/" -ZGW_CONFIG_ZAKEN_OAS_URL = ZGW_CONFIG_ZAKEN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_ZAKEN_API_CLIENT_ID = config("ZGW_CONFIG_ZAKEN_API_CLIENT_ID", "") -ZGW_CONFIG_ZAKEN_API_SECRET = config("ZGW_CONFIG_ZAKEN_API_SECRET", "") -ZGW_CONFIG_CATALOGI_API_ROOT = config("ZGW_CONFIG_CATALOGI_API_ROOT", "") -if ZGW_CONFIG_CATALOGI_API_ROOT and not ZGW_CONFIG_CATALOGI_API_ROOT.endswith("/"): - ZGW_CONFIG_CATALOGI_API_ROOT = f"{ZGW_CONFIG_CATALOGI_API_ROOT.strip()}/" -ZGW_CONFIG_CATALOGI_OAS_URL = ZGW_CONFIG_CATALOGI_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_CATALOGI_API_CLIENT_ID = config("ZGW_CONFIG_CATALOGI_API_CLIENT_ID", "") -ZGW_CONFIG_CATALOGI_API_SECRET = config("ZGW_CONFIG_CATALOGI_API_SECRET", "") -ZGW_CONFIG_DOCUMENTEN_API_ROOT = config("ZGW_CONFIG_DOCUMENTEN_API_ROOT", "") -if ZGW_CONFIG_DOCUMENTEN_API_ROOT and not ZGW_CONFIG_DOCUMENTEN_API_ROOT.endswith("/"): - ZGW_CONFIG_DOCUMENTEN_API_ROOT = f"{ZGW_CONFIG_DOCUMENTEN_API_ROOT.strip()}/" -ZGW_CONFIG_DOCUMENTEN_OAS_URL = ZGW_CONFIG_DOCUMENTEN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID = config("ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID", "") -ZGW_CONFIG_DOCUMENTEN_API_SECRET = config("ZGW_CONFIG_DOCUMENTEN_API_SECRET", "") -ZGW_CONFIG_FORMULIEREN_API_ROOT = config("ZGW_CONFIG_FORMULIEREN_API_ROOT", "") -if ZGW_CONFIG_FORMULIEREN_API_ROOT and not ZGW_CONFIG_FORMULIEREN_API_ROOT.endswith( +ZGW_ENABLE = config("ZGW_ENABLE", default=True) +ZGW_ZAAK_SERVICE_API_ROOT = config("ZGW_ZAAK_SERVICE_API_ROOT", "") +if ZGW_ZAAK_SERVICE_API_ROOT and not ZGW_ZAAK_SERVICE_API_ROOT.endswith("/"): + ZGW_ZAAK_SERVICE_API_ROOT = f"{ZGW_ZAAK_SERVICE_API_ROOT.strip()}/" +ZGW_ZAKEN_OAS_URL = ZGW_ZAAK_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_ZAAK_SERVICE_API_CLIENT_ID = config("ZGW_ZAAK_SERVICE_API_CLIENT_ID", "") +ZGW_ZAAK_SERVICE_API_SECRET = config("ZGW_ZAAK_SERVICE_API_SECRET", "") +ZGW_CATALOGI_SERVICE_API_ROOT = config("ZGW_CATALOGI_SERVICE_API_ROOT", "") +if ZGW_CATALOGI_SERVICE_API_ROOT and not ZGW_CATALOGI_SERVICE_API_ROOT.endswith("/"): + ZGW_CATALOGI_SERVICE_API_ROOT = f"{ZGW_CATALOGI_SERVICE_API_ROOT.strip()}/" +ZGW_CATALOGI_OAS_URL = ZGW_CATALOGI_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_CATALOGI_SERVICE_API_CLIENT_ID = config("ZGW_CATALOGI_SERVICE_API_CLIENT_ID", "") +ZGW_CATALOGI_SERVICE_API_SECRET = config("ZGW_CATALOGI_SERVICE_API_SECRET", "") +ZGW_DOCUMENTEN_SERVICE_API_ROOT = config("ZGW_DOCUMENTEN_SERVICE_API_ROOT", "") +if ZGW_DOCUMENTEN_SERVICE_API_ROOT and not ZGW_DOCUMENTEN_SERVICE_API_ROOT.endswith( "/" ): - ZGW_CONFIG_FORMULIEREN_API_ROOT = f"{ZGW_CONFIG_FORMULIEREN_API_ROOT.strip()}/" -ZGW_CONFIG_FORMULIEREN_OAS_URL = ZGW_CONFIG_FORMULIEREN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID = config( - "ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID", "" -) -ZGW_CONFIG_FORMULIEREN_API_SECRET = config("ZGW_CONFIG_FORMULIEREN_API_SECRET", "") + ZGW_DOCUMENTEN_SERVICE_API_ROOT = f"{ZGW_DOCUMENTEN_SERVICE_API_ROOT.strip()}/" +ZGW_DOCUMENTEN_OAS_URL = ZGW_DOCUMENTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID = config( + "ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID", "" +) +ZGW_DOCUMENTEN_SERVICE_API_SECRET = config("ZGW_DOCUMENTEN_SERVICE_API_SECRET", "") +ZGW_FORM_SERVICE_API_ROOT = config("ZGW_FORM_SERVICE_API_ROOT", "") +if ZGW_FORM_SERVICE_API_ROOT and not ZGW_FORM_SERVICE_API_ROOT.endswith("/"): + ZGW_FORM_SERVICE_API_ROOT = f"{ZGW_FORM_SERVICE_API_ROOT.strip()}/" +ZGW_FORMULIEREN_OAS_URL = ZGW_FORM_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_FORM_SERVICE_API_CLIENT_ID = config("ZGW_FORM_SERVICE_API_CLIENT_ID", "") +ZGW_FORM_SERVICE_API_SECRET = config("ZGW_FORM_SERVICE_API_SECRET", "") # ZGW config options -ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY = config( - "ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY", None -) -ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY = config( - "ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY", None -) -ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS = config("ACTION_REQUIRED_DEADLINE_DAYS", None) -ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS = config("ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS", None) -ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT = config( - "ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT", None +ZGW_ZAAK_MAX_CONFIDENTIALITY = config("ZGW_ZAAK_MAX_CONFIDENTIALITY", None) +ZGW_DOCUMENT_MAX_CONFIDENTIALITY = config("ZGW_DOCUMENT_MAX_CONFIDENTIALITY", None) +ZGW_ACTION_REQUIRED_DEADLINE_DAYS = config("ACTION_REQUIRED_DEADLINE_DAYS", None) +ZGW_ALLOWED_FILE_EXTENSIONS = config("ZGW_ALLOWED_FILE_EXTENSIONS", None) +ZGW_MIJN_AANVRAGEN_TITLE_TEXT = config("ZGW_MIJN_AANVRAGEN_TITLE_TEXT", None) +ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN = config( + "ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN", None ) -ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN = config( - "ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN", None +ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN = config( + "ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN", None ) -ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN = config( - "ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN", None +ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE = config( + "ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE", None ) -ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE = config( - "ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE", None -) -ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN = config( - "ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN", None +ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN = config( + "ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN", None ) # KIC configuration variables -KIC_CONFIG_ENABLE = config("KIC_CONFIG_ENABLE", default=True) -KIC_CONFIG_KLANTEN_API_ROOT = config("KIC_CONFIG_KLANTEN_API_ROOT", "") -if KIC_CONFIG_KLANTEN_API_ROOT and not KIC_CONFIG_KLANTEN_API_ROOT.endswith("/"): - KIC_CONFIG_KLANTEN_API_ROOT = f"{KIC_CONFIG_KLANTEN_API_ROOT.strip()}/" -KIC_CONFIG_KLANTEN_OAS_URL = KIC_CONFIG_KLANTEN_API_ROOT # this is still required by the form, but not actually used -KIC_CONFIG_KLANTEN_API_CLIENT_ID = config("KIC_CONFIG_KLANTEN_API_CLIENT_ID", "") -KIC_CONFIG_KLANTEN_API_SECRET = config("KIC_CONFIG_KLANTEN_API_SECRET", "") -KIC_CONFIG_CONTACTMOMENTEN_API_ROOT = config("KIC_CONFIG_CONTACTMOMENTEN_API_ROOT", "") +KIC_ENABLE = config("KIC_ENABLE", default=True) +KIC_KLANTEN_SERVICE_API_ROOT = config("KIC_KLANTEN_SERVICE_API_ROOT", "") +if KIC_KLANTEN_SERVICE_API_ROOT and not KIC_KLANTEN_SERVICE_API_ROOT.endswith("/"): + KIC_KLANTEN_SERVICE_API_ROOT = f"{KIC_KLANTEN_SERVICE_API_ROOT.strip()}/" +KIC_KLANTEN_OAS_URL = KIC_KLANTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +KIC_KLANTEN_SERVICE_API_CLIENT_ID = config("KIC_KLANTEN_SERVICE_API_CLIENT_ID", "") +KIC_KLANTEN_SERVICE_API_SECRET = config("KIC_KLANTEN_SERVICE_API_SECRET", "") +KIC_CONTACTMOMENTEN_SERVICE_API_ROOT = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_ROOT", "" +) if ( - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT - and not KIC_CONFIG_CONTACTMOMENTEN_API_ROOT.endswith("/") + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + and not KIC_CONTACTMOMENTEN_SERVICE_API_ROOT.endswith("/") ): - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT = ( - f"{KIC_CONFIG_CONTACTMOMENTEN_API_ROOT.strip()}/" + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT = ( + f"{KIC_CONTACTMOMENTEN_SERVICE_API_ROOT.strip()}/" ) -KIC_CONFIG_CONTACTMOMENTEN_OAS_URL = KIC_CONFIG_CONTACTMOMENTEN_API_ROOT # this is still required by the form, but not actually used -KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID = config( - "KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID", "" -) -KIC_CONFIG_CONTACTMOMENTEN_API_SECRET = config( - "KIC_CONFIG_CONTACTMOMENTEN_API_SECRET", "" -) -KIC_CONFIG_REGISTER_EMAIL = config("KIC_CONFIG_REGISTER_EMAIL", None) -KIC_CONFIG_REGISTER_CONTACT_MOMENT = config("KIC_CONFIG_REGISTER_CONTACT_MOMENT", None) -KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN = config( - "KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN", None -) -KIC_CONFIG_REGISTER_CHANNEL = config("KIC_CONFIG_REGISTER_CHANNEL", None) -KIC_CONFIG_REGISTER_TYPE = config("KIC_CONFIG_REGISTER_TYPE", None) -KIC_CONFIG_REGISTER_EMPLOYEE_ID = config("KIC_CONFIG_REGISTER_EMPLOYEE_ID", None) -KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER = config( - "KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER", None +KIC_CONTACTMOMENTEN_OAS_URL = KIC_CONTACTMOMENTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID", "" +) +KIC_CONTACTMOMENTEN_SERVICE_API_SECRET = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_SECRET", "" +) +KIC_REGISTER_EMAIL = config("KIC_REGISTER_EMAIL", None) +KIC_REGISTER_CONTACT_MOMENT = config("KIC_REGISTER_CONTACT_MOMENT", None) +KIC_REGISTER_BRONORGANISATIE_RSIN = config("KIC_REGISTER_BRONORGANISATIE_RSIN", None) +KIC_REGISTER_CHANNEL = config("KIC_REGISTER_CHANNEL", None) +KIC_REGISTER_TYPE = config("KIC_REGISTER_TYPE", None) +KIC_REGISTER_EMPLOYEE_ID = config("KIC_REGISTER_EMPLOYEE_ID", None) +KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER = config( + "KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER", None ) diff --git a/src/open_inwoner/configurations/bootstrap/auth.py b/src/open_inwoner/configurations/bootstrap/auth.py index 375ff9bbf3..5dd5e2e648 100644 --- a/src/open_inwoner/configurations/bootstrap/auth.py +++ b/src/open_inwoner/configurations/bootstrap/auth.py @@ -25,6 +25,18 @@ ) from open_inwoner.configurations.models import SiteConfiguration +from .base import ConfigSettingsBase + + +# +# DigiD OIDC +# +class DigiDOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectDigiDConfig + display_name = "DigiD OIDC Configuration" + namespace = "DIGID_OIDC" + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + class DigiDOIDCConfigurationStep(BaseConfigurationStep): """ @@ -98,6 +110,16 @@ def test_configuration(self): """ +# +# eHerkenning OIDC +# +class eHerkenningOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectEHerkenningConfig + display_name = "eHerkenning OIDC Configuration" + namespace = "EHERKENNING_OIDC" + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + + class eHerkenningOIDCConfigurationStep(BaseConfigurationStep): """ Configure eHerkenning authentication via OpenID Connect @@ -170,6 +192,42 @@ def test_configuration(self): """ +# +# Admin OIDC +# +class AdminOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectConfig + display_name = "Admin OIDC Configuration" + namespace = "ADMIN_OIDC" + required_fields = ( + "oidc_rp_client_id", + "oidc_rp_client_secret", + ) + all_fields = required_fields + ( + "claim_mapping", + "default_groups", + "groups_claim", + "make_users_staff", + "oidc_exempt_urls", + "oidc_nonce_size", + "oidc_op_authorization_endpoint", + "oidc_op_discovery_endpoint", + "oidc_op_jwks_endpoint", + "oidc_op_token_endpoint", + "oidc_op_user_endpoint", + "oidc_rp_idp_sign_key", + "oidc_rp_scopes_list", + "oidc_rp_sign_algo", + "oidc_state_size", + "oidc_use_nonce", + "superuser_group_names", + "sync_groups", + "sync_groups_glob_pattern", + "userinfo_claims_source", + "username_claim", + ) + + class AdminOIDCConfigurationStep(BaseConfigurationStep): """ Configure admin login via OpenID Connect @@ -251,6 +309,25 @@ def test_configuration(self): """ +# +# DigiD SAML +# +class DigiDSAMLConfigurationSettings(ConfigSettingsBase): + model = DigidConfiguration + display_name = "DigiD SAML Configuration" + namespace = "DIGID" + required_fields = ( + "certificate_label", + "certificate_type", + "certificate_public_certificate", + "metadata_file_source", + "entity_id", + "base_url", + "service_name", + "service_description", + ) + + class DigiDConfigurationStep(BaseConfigurationStep): """ Configure DigiD via SAML @@ -356,6 +433,57 @@ def test_configuration(self): """ +# +# eHerkenning SAML +# +class eHerkenningSAMLConfigurationSettings(ConfigSettingsBase): + model = EherkenningConfiguration + display_name = "eHerkenning SAML Configuration" + namespace = "EHERKENNING" + required_fields = ( + "base_url", + "certificate_label", + "certificate_public_certificate", + "certificate_type", + "entity_id", + "makelaar_id", + "metadata_file_source", + "oin", + "privacy_policy", + "service_description", + "service_name", + ) + all_fields = required_fields + ( + "artifact_resolve_content_type", + "base_url", + "certificate_private_key", + "digest_algorithm", + "eh_attribute_consuming_service_index", + "eh_loa", + "eh_requested_attributes", + "eh_service_instance_uuid", + "eh_service_uuid", + "eidas_attribute_consuming_service_index", + "eidas_loa", + "eidas_requested_attributes", + "eidas_service_instance_uuid", + "eidas_service_uuid", + "entity_id", + "key_passphrase", + "no_eidas", + "organization_name", + "organization_url", + "service_description", + "service_language", + "service_name", + "signature_algorithm", + "technical_contact_person_email", + "technical_contact_person_telephone", + "want_assertions_encrypted", + "want_assertions_signed", + ) + + class eHerkenningConfigurationStep(BaseConfigurationStep): """ Configure eHerkenning via SAML diff --git a/src/open_inwoner/configurations/bootstrap/base.py b/src/open_inwoner/configurations/bootstrap/base.py new file mode 100644 index 0000000000..71b6196fce --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/base.py @@ -0,0 +1,166 @@ +from dataclasses import dataclass, field +from typing import Iterator, Mapping, Sequence + +from django.contrib.postgres.fields import ArrayField +from django.db import models +from django.db.models.fields import NOT_PROVIDED +from django.db.models.fields.json import JSONField +from django.db.models.fields.related import ForeignKey, OneToOneField + +from .choices import BasicFieldDescription + + +@dataclass(frozen=True, slots=True) +class ConfigField: + name: str + verbose_name: str + description: str + default_value: str + values: str + + +@dataclass +class Fields: + all: set[ConfigField] = field(default_factory=set) + required: set[ConfigField] = field(default_factory=set) + + +class ConfigSettingsBase: + model: models.Model + display_name: str + namespace: str + required_fields = tuple() + all_fields = tuple() + excluded_fields = ("id",) + + def __init__(self): + self.config_fields = Fields() + + self.create_config_fields( + require=self.required_fields, + exclude=self.excluded_fields, + include=self.all_fields, + model=self.model, + ) + + @classmethod + def get_setting_name(cls, field: ConfigField) -> str: + return f"{cls.namespace}_" + field.name.upper() + + @staticmethod + def get_default_value(field: models.Field) -> str: + default = field.default + + if default is NOT_PROVIDED: + return "No default" + + # needed to make `generate_config_docs` idempotent + # because UUID's are randomly generated + if isinstance(field, models.UUIDField): + return "random UUID string" + + # if default is a function, call the function to retrieve the value; + # we don't immediately return because we need to check the type first + # and cast to another type if necessary (e.g. list is unhashable) + if callable(default): + default = default() + + if isinstance(default, Mapping): + return str(default) + + # check for field type as well to avoid splitting values from CharField + if isinstance(field, (JSONField, ArrayField)) and isinstance(default, Sequence): + try: + return ", ".join(str(item) for item in default) + except TypeError: + return str(default) + + return default + + @staticmethod + def get_example_values(field: models.Field) -> str: + # fields with choices + if choices := field.choices: + values = [choice[0] for choice in choices] + return ", ".join(values) + + # other fields + field_type = field.get_internal_type() + match field_type: + case item if item in BasicFieldDescription.names: + return getattr(BasicFieldDescription, field_type) + case _: + return "No information available" + + def get_concrete_model_fields(self, model) -> Iterator[models.Field]: + """ + Get all concrete fields for a given `model`, skipping over backreferences like + `OneToOneRel` and fields that are blacklisted + """ + return ( + field + for field in model._meta.concrete_fields + if field.name not in self.excluded_fields + ) + + def create_config_fields( + self, + require: tuple[str, ...], + exclude: tuple[str, ...], + include: tuple[str, ...], + model: models.Model, + relating_field: models.Field | None = None, + ) -> None: + """ + Create a `ConfigField` instance for each field of the given `model` and + add it to `self.fields.all` and `self.fields.required` + + Basic fields (`CharField`, `IntegerField` etc) constitute the base case, + relations (`ForeignKey`, `OneToOneField`) are handled recursively + """ + + model_fields = self.get_concrete_model_fields(model) + + for model_field in model_fields: + if isinstance(model_field, (ForeignKey, OneToOneField)): + self.create_config_fields( + require=require, + exclude=exclude, + include=include, + model=model_field.related_model, + relating_field=model_field, + ) + else: + if model_field.name in self.excluded_fields: + continue + + # model field name could be "api_root", + # but we need "xyz_service_api_root" (or similar) for consistency + if relating_field: + name = f"{relating_field.name}_{model_field.name}" + else: + name = model_field.name + + config_field = ConfigField( + name=name, + verbose_name=model_field.verbose_name, + description=model_field.help_text, + default_value=self.get_default_value(model_field), + values=self.get_example_values(model_field), + ) + + if config_field.name in self.required_fields: + self.config_fields.required.add(config_field) + + # if all_fields is empty, that means we're filtering by blacklist, + # hence the config_field is included by default + if not self.all_fields or config_field.name in self.all_fields: + self.config_fields.all.add(config_field) + + def get_required_settings(self) -> tuple[str, ...]: + return tuple( + self.get_setting_name(field) for field in self.config_fields.required + ) + + def get_config_mapping(self) -> dict[str, ConfigField]: + return {self.get_setting_name(field): field for field in self.config_fields.all} diff --git a/src/open_inwoner/configurations/bootstrap/choices.py b/src/open_inwoner/configurations/bootstrap/choices.py new file mode 100644 index 0000000000..02d7cd4cd1 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/choices.py @@ -0,0 +1,28 @@ +from django.db import models +from django.utils.translation import gettext_lazy as _ + + +class BasicFieldDescription(models.TextChoices): + ArrayField = _("string, comma-delimited ('foo,bar,baz')") + BooleanField = "True, False" + CharField = _("string") + FileField = _( + "string represeting the (absolute) path to a file, including file extension: {example}".format( + example="/absolute/path/to/file.xml" + ) + ) + ImageField = _( + "string represeting the (absolute) path to an image file, including file extension: {example}".format( + example="/absolute/path/to/image.png" + ) + ) + IntegerField = _("string representing an integer") + JSONField = _("Mapping: {example}".format(example="{'some_key': 'Some value'}")) + PositiveIntegerField = _("string representing a positive integer") + TextField = _("text (string)") + URLField = _("string (URL)") + UUIDField = _( + "UUID string {example}".format( + example="(e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34)" + ) + ) diff --git a/src/open_inwoner/configurations/bootstrap/kic.py b/src/open_inwoner/configurations/bootstrap/kic.py index d48d47401e..919ff91c8f 100644 --- a/src/open_inwoner/configurations/bootstrap/kic.py +++ b/src/open_inwoner/configurations/bootstrap/kic.py @@ -10,6 +10,36 @@ from open_inwoner.openklant.models import OpenKlantConfig from open_inwoner.utils.api import ClientError +from .base import ConfigSettingsBase + + +class KICConfigurationSettings(ConfigSettingsBase): + model = OpenKlantConfig + display_name = "Klanten Configuration" + namespace = "KIC" + required_fields = ( + "contactmomenten_service_client_id", + "contactmomenten_service_secret", + "contactmomenten_service_api_root", + "klanten_service_client_id", + "klanten_service_secret", + "klanten_service_api_root", + "register_type", + "register_contact_moment", + ) + all_fields = required_fields + ( + "register_bronorganisatie_rsin", + "register_channel", + "register_contact_moment", + "register_email", + "register_employee_id", + "use_rsin_for_innNnpId_query_parameter", + ) + excluded_fields = ( + "contactmomenten_service_uuid", + "klanten_service_uuid", + ) + class KlantenAPIConfigurationStep(BaseConfigurationStep): """ @@ -18,15 +48,15 @@ class KlantenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Klanten API configuration" required_settings = [ - "KIC_CONFIG_KLANTEN_API_ROOT", - "KIC_CONFIG_KLANTEN_API_CLIENT_ID", - "KIC_CONFIG_KLANTEN_API_SECRET", + "KIC_KLANTEN_SERVICE_API_ROOT", + "KIC_KLANTEN_SERVICE_API_CLIENT_ID", + "KIC_KLANTEN_SERVICE_API_SECRET", ] - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -34,15 +64,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT, + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT, defaults={ "label": "Klanten API", "api_type": APITypes.kc, - "oas": settings.KIC_CONFIG_KLANTEN_API_ROOT, + "oas": settings.KIC_KLANTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.KIC_CONFIG_KLANTEN_API_CLIENT_ID, - "secret": settings.KIC_CONFIG_KLANTEN_API_SECRET, - "user_id": settings.KIC_CONFIG_KLANTEN_API_CLIENT_ID, + "client_id": settings.KIC_KLANTEN_SERVICE_API_CLIENT_ID, + "secret": settings.KIC_KLANTEN_SERVICE_API_SECRET, + "user_id": settings.KIC_KLANTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -60,15 +90,15 @@ class ContactmomentenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Contactmomenten API configuration" required_settings = [ - "KIC_CONFIG_CONTACTMOMENTEN_API_ROOT", - "KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID", - "KIC_CONFIG_CONTACTMOMENTEN_API_SECRET", + "KIC_CONTACTMOMENTEN_SERVICE_API_ROOT", + "KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID", + "KIC_CONTACTMOMENTEN_SERVICE_API_SECRET", ] - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -76,15 +106,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT, + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT, defaults={ "label": "Contactmomenten API", "api_type": APITypes.cmc, - "oas": settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT, + "oas": settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID, - "secret": settings.KIC_CONFIG_CONTACTMOMENTEN_API_SECRET, - "user_id": settings.KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID, + "client_id": settings.KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID, + "secret": settings.KIC_CONTACTMOMENTEN_SERVICE_API_SECRET, + "user_id": settings.KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -101,7 +131,7 @@ class KICAPIsConfigurationStep(BaseConfigurationStep): """ verbose_name = "Klantinteractie APIs configuration" - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: kic_config = OpenKlantConfig.get_solo() @@ -112,29 +142,29 @@ def is_configured(self) -> bool: def configure(self): config = OpenKlantConfig.get_solo() config.klanten_service = Service.objects.get( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT ) config.contactmomenten_service = Service.objects.get( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT ) - if settings.KIC_CONFIG_REGISTER_EMAIL: - config.register_email = settings.KIC_CONFIG_REGISTER_EMAIL - if settings.KIC_CONFIG_REGISTER_CONTACT_MOMENT is not None: - config.register_contact_moment = settings.KIC_CONFIG_REGISTER_CONTACT_MOMENT - if settings.KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN: + if settings.KIC_REGISTER_EMAIL: + config.register_email = settings.KIC_REGISTER_EMAIL + if settings.KIC_REGISTER_CONTACT_MOMENT is not None: + config.register_contact_moment = settings.KIC_REGISTER_CONTACT_MOMENT + if settings.KIC_REGISTER_BRONORGANISATIE_RSIN: config.register_bronorganisatie_rsin = ( - settings.KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN + settings.KIC_REGISTER_BRONORGANISATIE_RSIN ) - if settings.KIC_CONFIG_REGISTER_CHANNEL: - config.register_channel = settings.KIC_CONFIG_REGISTER_CHANNEL - if settings.KIC_CONFIG_REGISTER_TYPE: - config.register_type = settings.KIC_CONFIG_REGISTER_TYPE - if settings.KIC_CONFIG_REGISTER_EMPLOYEE_ID: - config.register_employee_id = settings.KIC_CONFIG_REGISTER_EMPLOYEE_ID - if settings.KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER is not None: + if settings.KIC_REGISTER_CHANNEL: + config.register_channel = settings.KIC_REGISTER_CHANNEL + if settings.KIC_REGISTER_TYPE: + config.register_type = settings.KIC_REGISTER_TYPE + if settings.KIC_REGISTER_EMPLOYEE_ID: + config.register_employee_id = settings.KIC_REGISTER_EMPLOYEE_ID + if settings.KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER is not None: config.use_rsin_for_innNnpId_query_parameter = ( - settings.KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + settings.KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER ) config.save() diff --git a/src/open_inwoner/configurations/bootstrap/registry.py b/src/open_inwoner/configurations/bootstrap/registry.py new file mode 100644 index 0000000000..ed065f0c62 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/registry.py @@ -0,0 +1,44 @@ +import dataclasses +from typing import TypeAlias + +from .auth import ( + AdminOIDCConfigurationSettings, + DigiDOIDCConfigurationSettings, + DigiDSAMLConfigurationSettings, + eHerkenningOIDCConfigurationSettings, + eHerkenningSAMLConfigurationSettings, +) +from .kic import KICConfigurationSettings +from .siteconfig import SiteConfigurationSettings +from .zgw import ZGWConfigurationSettings + +ConfigSetting: TypeAlias = ( + SiteConfigurationSettings + | KICConfigurationSettings + | ZGWConfigurationSettings + | AdminOIDCConfigurationSettings + | DigiDOIDCConfigurationSettings + | DigiDSAMLConfigurationSettings + | eHerkenningOIDCConfigurationSettings + | eHerkenningSAMLConfigurationSettings +) + + +@dataclasses.dataclass +class ConfigurationRegistry: + siteconfig: ConfigSetting = SiteConfigurationSettings + kic: ConfigSetting = KICConfigurationSettings + zgw: ConfigSetting = ZGWConfigurationSettings + admin_oidc: ConfigSetting = AdminOIDCConfigurationSettings + digid_oidc: ConfigSetting = DigiDOIDCConfigurationSettings + digid_saml: ConfigSetting = DigiDSAMLConfigurationSettings + eherkenning_oidc: ConfigSetting = eHerkenningOIDCConfigurationSettings + eherkenning_saml: ConfigSetting = eHerkenningSAMLConfigurationSettings + + @classmethod + def get_fields(cls): + return tuple(getattr(cls, field.name) for field in dataclasses.fields(cls)) + + @classmethod + def get_field_names(cls): + return tuple(field.name for field in dataclasses.fields(cls)) diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index da57acf5ea..0b66092802 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -4,6 +4,31 @@ from open_inwoner.configurations.models import SiteConfiguration +from .base import ConfigSettingsBase + + +class SiteConfigurationSettings(ConfigSettingsBase): + model = SiteConfiguration + display_name = "General Configuration" + namespace = "SITE" + required_fields = ( + "name", + "primary_color", + "secondary_color", + "accent_color", + ) + excluded_fields = ( + "id", + "email_logo", + "footer_logo", + "favicon", + "openid_connect_logo", + "extra_css", + "logo", + "hero_image_login", + "theme_stylesheet", + ) + class SiteConfigurationStep(BaseConfigurationStep): """ @@ -11,98 +36,27 @@ class SiteConfigurationStep(BaseConfigurationStep): """ verbose_name = "Site configuration" - required_settings = [ - "SITE_NAME", - "SITE_PRIMARY_COLOR", - "SITE_SECONDARY_COLOR", - "SITE_ACCENT_COLOR", - ] - setting_to_config = { - "SITE_NAME": "name", - "SITE_PRIMARY_COLOR": "primary_color", - "SITE_SECONDARY_COLOR": "secondary_color", - "SITE_ACCENT_COLOR": "accent_color", - "SITE_PRIMARY_FONT_COLOR": "primary_font_color", - "SITE_SECONDARY_FONT_COLOR": "secondary_font_color", - "SITE_ACCENT_FONT_COLOR": "accent_font_color", - "SITE_WARNING_BANNER_ENABLED": "warning_banner_enabled", - "SITE_WARNING_BANNER_TEXT": "warning_banner_text", - "SITE_WARNING_BANNER_BACKGROUND_COLOR": "warning_banner_background_color", - "SITE_WARNING_BANNER_FONT_COLOR": "warning_banner_font_color", - "SITE_LOGIN_SHOW": "login_show", - "SITE_LOGIN_ALLOW_REGISTRATION": "login_allow_registration", - "SITE_LOGIN_2FA_SMS": "login_2fa_sms", - "SITE_LOGIN_TEXT": "login_text", - "SITE_REGISTRATION_TEXT": "registration_text", - "SITE_HOME_WELCOME_TITLE": "home_welcome_title", - "SITE_HOME_WELCOME_INTRO": "home_welcome_intro", - "SITE_HOME_THEME_TITLE": "home_theme_title", - "SITE_HOME_THEME_INTRO": "home_theme_intro", - "SITE_THEME_TITLE": "theme_title", - "SITE_THEME_INTRO": "theme_intro", - "SITE_HOME_MAP_TITLE": "home_map_title", - "SITE_HOME_MAP_INTRO": "home_map_intro", - "SITE_HOME_QUESTIONNAIRE_TITLE": "home_questionnaire_title", - "SITE_HOME_QUESTIONNAIRE_INTRO": "home_questionnaire_intro", - "SITE_HOME_PRODUCT_FINDER_TITLE": "home_product_finder_title", - "SITE_HOME_PRODUCT_FINDER_INTRO": "home_product_finder_intro", - "SITE_SELECT_QUESTIONNAIRE_TITLE": "select_questionnaire_title", - "SITE_SELECT_QUESTIONNAIRE_INTRO": "select_questionnaire_intro", - "SITE_PLANS_INTRO": "plans_intro", - "SITE_PLANS_NO_PLANS_MESSAGE": "plans_no_plans_message", - "SITE_PLANS_EDIT_MESSAGE": "plans_edit_message", - "SITE_FOOTER_LOGO_TITLE": "footer_logo_title", - "SITE_FOOTER_LOGO_URL": "footer_logo_url", - "SITE_HOME_HELP_TEXT": "home_help_text", - "SITE_THEME_HELP_TEXT": "theme_help_text", - "SITE_PRODUCT_HELP_TEXT": "product_help_text", - "SITE_SEARCH_HELP_TEXT": "search_help_text", - "SITE_ACCOUNT_HELP_TEXT": "account_help_text", - "SITE_QUESTIONNAIRE_HELP_TEXT": "questionnaire_help_text", - "SITE_PLAN_HELP_TEXT": "plan_help_text", - "SITE_SEARCH_FILTER_CATEGORIES": "search_filter_categories", - "SITE_SEARCH_FILTER_TAGS": "search_filter_tags", - "SITE_SEARCH_FILTER_ORGANIZATIONS": "search_filter_organizations", - "SITE_EMAIL_NEW_MESSAGE": "email_new_message", - "SITE_RECIPIENTS_EMAIL_DIGEST": "recipients_email_digest", - "SITE_CONTACT_PHONENUMBER": "contact_phonenumber", - "SITE_CONTACT_PAGE": "contact_page", - "SITE_GTM_CODE": "gtm_code", - "SITE_GA_CODE": "ga_code", - "SITE_MATOMO_URL": "matomo_url", - "SITE_MATOMO_SITE_ID": "matomo_site_id", - "SITE_SITEIMPROVE_ID": "siteimprove_id", - "SITE_COOKIE_INFO_TEXT": "cookie_info_text", - "SITE_COOKIE_LINK_TEXT": "cookie_link_text", - "SITE_COOKIE_LINK_URL": "cookie_link_url", - "SITE_KCM_SURVEY_LINK_TEXT": "kcm_survey_link_text", - "SITE_KCM_SURVEY_LINK_URL": "kcm_survey_link_url", - "SITE_OPENID_CONNECT_LOGIN_TEXT": "openid_connect_login_text", - "SITE_OPENID_DISPLAY": "openid_display", - "SITE_REDIRECT_TO": "redirect_to", - "SITE_ALLOW_MESSAGES_FILE_SHARING": "allow_messages_file_sharing", - "SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS": "hide_categories_from_anonymous_users", - "SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS": "hide_search_from_anonymous_users", - "SITE_DISPLAY_SOCIAL": "display_social", - "SITE_EHERKENNING_ENABLED": "eherkenning_enabled", - } + config_settings = SiteConfigurationSettings() def is_configured(self): config = SiteConfiguration.get_solo() + required_settings = self.config_settings.get_required_settings() + setting_to_config = self.config_settings.get_config_mapping() - for required_setting in self.required_settings: - config_field = self.setting_to_config[required_setting] - if not getattr(config, config_field, None): + for required_setting in required_settings: + config_field = setting_to_config[required_setting] + if not getattr(config, config_field.name, None): return False return True def configure(self): config = SiteConfiguration.get_solo() + setting_to_config = self.config_settings.get_config_mapping() - for key, value in self.setting_to_config.items(): - setting = getattr(settings, key) + for setting_name, config_field in setting_to_config.items(): + setting = getattr(settings, setting_name) if setting is not None: - setattr(config, value, setting) + setattr(config, config_field.name, setting) config.save() def test_configuration(self): diff --git a/src/open_inwoner/configurations/bootstrap/zgw.py b/src/open_inwoner/configurations/bootstrap/zgw.py index 8e65cfde89..43b53531cb 100644 --- a/src/open_inwoner/configurations/bootstrap/zgw.py +++ b/src/open_inwoner/configurations/bootstrap/zgw.py @@ -10,6 +10,40 @@ from open_inwoner.openzaak.models import OpenZaakConfig from open_inwoner.utils.api import ClientError +from .base import ConfigSettingsBase + + +class ZGWConfigurationSettings(ConfigSettingsBase): + model = OpenZaakConfig + display_name = "ZGW Configuration" + namespace = "ZGW" + required_fields = ( + "catalogi_service_client_id", + "catalogi_service_secret", + "catalogi_service_api_root", + "document_service_client_id", + "document_service_secret", + "document_service_api_root", + "form_service_client_id", + "form_service_secret", + "form_service_api_root", + "zaak_service_client_id", + "zaak_service_secret", + "zaak_service_api_root", + ) + all_fields = required_fields + ( + "action_required_deadline_days", + "allowed_file_extensions", + "document_max_confidentiality", + "enable_categories_filtering_with_zaken", + "fetch_eherkenning_zaken_with_rsin", + "max_upload_size", + "reformat_esuite_zaak_identificatie", + "skip_notification_statustype_informeren", + "title_text", + "zaak_max_confidentiality", + ) + class ZakenAPIConfigurationStep(BaseConfigurationStep): """ @@ -18,15 +52,15 @@ class ZakenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Zaken API configuration" required_settings = [ - "ZGW_CONFIG_ZAKEN_API_ROOT", - "ZGW_CONFIG_ZAKEN_API_CLIENT_ID", - "ZGW_CONFIG_ZAKEN_API_SECRET", + "ZGW_ZAAK_SERVICE_API_ROOT", + "ZGW_ZAAK_SERVICE_API_CLIENT_ID", + "ZGW_ZAAK_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT ).exists() def configure(self): @@ -34,15 +68,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT, + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT, defaults={ "label": "Zaken API", "api_type": APITypes.zrc, - "oas": settings.ZGW_CONFIG_ZAKEN_API_ROOT, + "oas": settings.ZGW_ZAAK_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_ZAKEN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_ZAKEN_API_SECRET, - "user_id": settings.ZGW_CONFIG_ZAKEN_API_CLIENT_ID, + "client_id": settings.ZGW_ZAAK_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_ZAAK_SERVICE_API_SECRET, + "user_id": settings.ZGW_ZAAK_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -60,15 +94,15 @@ class CatalogiAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Catalogi API configuration" required_settings = [ - "ZGW_CONFIG_CATALOGI_API_ROOT", - "ZGW_CONFIG_CATALOGI_API_CLIENT_ID", - "ZGW_CONFIG_CATALOGI_API_SECRET", + "ZGW_CATALOGI_SERVICE_API_ROOT", + "ZGW_CATALOGI_SERVICE_API_CLIENT_ID", + "ZGW_CATALOGI_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT ).exists() def configure(self): @@ -76,15 +110,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT, + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT, defaults={ "label": "Catalogi API", "api_type": APITypes.ztc, - "oas": settings.ZGW_CONFIG_CATALOGI_API_ROOT, + "oas": settings.ZGW_CATALOGI_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_CATALOGI_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_CATALOGI_API_SECRET, - "user_id": settings.ZGW_CONFIG_CATALOGI_API_CLIENT_ID, + "client_id": settings.ZGW_CATALOGI_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_CATALOGI_SERVICE_API_SECRET, + "user_id": settings.ZGW_CATALOGI_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -102,15 +136,15 @@ class DocumentenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Documenten API configuration" required_settings = [ - "ZGW_CONFIG_DOCUMENTEN_API_ROOT", - "ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID", - "ZGW_CONFIG_DOCUMENTEN_API_SECRET", + "ZGW_DOCUMENTEN_SERVICE_API_ROOT", + "ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID", + "ZGW_DOCUMENTEN_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -118,15 +152,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT, + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT, defaults={ "label": "Documenten API", "api_type": APITypes.drc, - "oas": settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT, + "oas": settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_DOCUMENTEN_API_SECRET, - "user_id": settings.ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID, + "client_id": settings.ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_DOCUMENTEN_SERVICE_API_SECRET, + "user_id": settings.ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -144,15 +178,15 @@ class FormulierenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Formulieren APIs configuration" required_settings = [ - "ZGW_CONFIG_FORMULIEREN_API_ROOT", - "ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID", - "ZGW_CONFIG_FORMULIEREN_API_SECRET", + "ZGW_FORM_SERVICE_API_ROOT", + "ZGW_FORM_SERVICE_API_CLIENT_ID", + "ZGW_FORM_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT + api_root=settings.ZGW_FORM_SERVICE_API_ROOT ).exists() def configure(self): @@ -160,15 +194,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT, + api_root=settings.ZGW_FORM_SERVICE_API_ROOT, defaults={ "label": "Formulieren API", "api_type": APITypes.orc, - "oas": settings.ZGW_CONFIG_FORMULIEREN_API_ROOT, + "oas": settings.ZGW_FORM_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_FORMULIEREN_API_SECRET, - "user_id": settings.ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID, + "client_id": settings.ZGW_FORM_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_FORM_SERVICE_API_SECRET, + "user_id": settings.ZGW_FORM_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -185,7 +219,7 @@ class ZGWAPIsConfigurationStep(BaseConfigurationStep): """ verbose_name = "ZGW APIs configuration" - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: zgw_config = OpenZaakConfig.get_solo() @@ -199,54 +233,52 @@ def is_configured(self) -> bool: def configure(self): config = OpenZaakConfig.get_solo() config.zaak_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT ) config.catalogi_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT ) config.document_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT ) config.form_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT + api_root=settings.ZGW_FORM_SERVICE_API_ROOT ) # General config options - if settings.ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY: - config.zaak_max_confidentiality = ( - settings.ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - ) - if settings.ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY: + if settings.ZGW_ZAAK_MAX_CONFIDENTIALITY: + config.zaak_max_confidentiality = settings.ZGW_ZAAK_MAX_CONFIDENTIALITY + if settings.ZGW_DOCUMENT_MAX_CONFIDENTIALITY: config.document_max_confidentiality = ( - settings.ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + settings.ZGW_DOCUMENT_MAX_CONFIDENTIALITY ) - if settings.ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS: + if settings.ZGW_ACTION_REQUIRED_DEADLINE_DAYS: config.action_required_deadline_days = ( - settings.ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + settings.ZGW_ACTION_REQUIRED_DEADLINE_DAYS ) - if settings.ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS: - config.allowed_file_extensions = settings.ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS - if settings.ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT: - config.title_text = settings.ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT + if settings.ZGW_ALLOWED_FILE_EXTENSIONS: + config.allowed_file_extensions = settings.ZGW_ALLOWED_FILE_EXTENSIONS + if settings.ZGW_MIJN_AANVRAGEN_TITLE_TEXT: + config.title_text = settings.ZGW_MIJN_AANVRAGEN_TITLE_TEXT # Feature flags - if settings.ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN is not None: + if settings.ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN is not None: config.enable_categories_filtering_with_zaken = ( - settings.ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + settings.ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ) # eSuite specific options - if settings.ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN is not None: + if settings.ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN is not None: config.skip_notification_statustype_informeren = ( - settings.ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + settings.ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ) - if settings.ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE is not None: + if settings.ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE is not None: config.reformat_esuite_zaak_identificatie = ( - settings.ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + settings.ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE ) - if settings.ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN is not None: + if settings.ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN is not None: config.fetch_eherkenning_zaken_with_rsin = ( - settings.ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + settings.ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN ) config.save() diff --git a/src/open_inwoner/configurations/management/commands/generate_config_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py new file mode 100644 index 0000000000..a73ece97f8 --- /dev/null +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -0,0 +1,100 @@ +import os +from pathlib import Path + +from django.conf import settings +from django.core.management.base import BaseCommand +from django.template import loader + +from open_inwoner.configurations.bootstrap.registry import ( + ConfigSetting, + ConfigurationRegistry, +) + +SUPPORTED_OPTIONS = ConfigurationRegistry.get_field_names() +TEMPLATE_PATH = Path("configurations/config_doc.rst") +TARGET_DIR = Path(settings.BASE_DIR) / "docs" / "configuration" + + +class Command(BaseCommand): + help = "Create docs for configuration setup steps" + + def add_arguments(self, parser): + parser.add_argument("config_option", nargs="?") + + def get_config(self, config_option: str) -> ConfigSetting: + config_model = getattr(ConfigurationRegistry, config_option, None) + config_instance = config_model() + return config_instance + + def get_detailed_info(self, config: ConfigSetting) -> list[list[str]]: + ret = [] + for field in config.config_fields.all: + part = [] + part.append(f"{'Variable':<20}{config.get_setting_name(field)}") + part.append(f"{'Setting':<20}{field.verbose_name}") + part.append(f"{'Description':<20}{field.description or 'No description'}") + part.append(f"{'Possible values':<20}{field.values}") + part.append(f"{'Default value':<20}{field.default_value}") + ret.append(part) + return ret + + def format_display_name(self, display_name): + """Surround title with '=' to display as heading in rst file""" + + heading_bar = "=" * len(display_name) + display_name_formatted = f"{heading_bar}\n{display_name}\n{heading_bar}" + return display_name_formatted + + def write_file_from_template( + self, + template_path: os.PathLike, + template_variables: dict[str, list], + output_path: os.PathLike, + ): + template = loader.get_template(template_path) + rendered = template.render(template_variables) + + with open(output_path, "w") as output: + output.write(rendered) + + def generate_single_doc(self, config_option: str) -> None: + config = self.get_config(config_option) + + required_settings = [ + config.get_setting_name(field) for field in config.config_fields.required + ] + required_settings.sort() + + all_settings = [ + config.get_setting_name(field) for field in config.config_fields.all + ] + all_settings.sort() + + detailed_info = self.get_detailed_info(config) + detailed_info.sort() + + template_variables = { + "enable_settings": f"{config.namespace}_CONFIG_ENABLE", + "required_settings": required_settings, + "all_settings": all_settings, + "detailed_info": detailed_info, + "link": f".. _{config_option}:", + "title": self.format_display_name(config.display_name), + } + template_path = TEMPLATE_PATH + output_path = TARGET_DIR / f"{config_option}.rst" + + self.write_file_from_template(template_path, template_variables, output_path) + + def handle(self, *args, **kwargs) -> None: + config_option = kwargs["config_option"] + + if config_option and config_option not in SUPPORTED_OPTIONS: + self.stdout.write(f"Unsupported config option ({config_option})\n") + self.stdout.write(f"Supported: {', '.join(SUPPORTED_OPTIONS)}") + return + elif config_option: + self.generate_single_doc(config_option) + else: + for option in SUPPORTED_OPTIONS: + self.generate_single_doc(option) diff --git a/src/open_inwoner/configurations/templates/configurations/config_doc.rst b/src/open_inwoner/configurations/templates/configurations/config_doc.rst new file mode 100644 index 0000000000..b9de9c5833 --- /dev/null +++ b/src/open_inwoner/configurations/templates/configurations/config_doc.rst @@ -0,0 +1,46 @@ +{% block link %}{{ link }}{% endblock %} + +{% block title %}{{ title }}{% endblock %} + +Settings Overview +================= + +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + {% spaceless %} + {{ enable_settings }} + {% endspaceless %} + +Required: +""""""""" + +:: + + {% spaceless %} + {% for setting in required_settings %}{{ setting }} + {% endfor %} + {% endspaceless %} + +All settings: +""""""""""""" + +:: + + {% spaceless %} + {% for setting in all_settings %}{{ setting }} + {% endfor %} + {% endspaceless %} + +Detailed Information +==================== + +:: + + {% spaceless %} + {% for detail in detailed_info %} + {% for part in detail %}{{ part|safe }} + {% endfor %}{% endfor %} + {% endspaceless %} diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py index 45af19e919..4cc2c0c94e 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py @@ -12,25 +12,25 @@ KlantenAPIConfigurationStep, ) -KLANTEN_API_ROOT = "https://openklant.local/klanten/api/v1/" -CONTACTMOMENTEN_API_ROOT = "https://openklant.local/contactmomenten/api/v1/" +KLANTEN_SERVICE_API_ROOT = "https://openklant.local/klanten/api/v1/" +CONTACTMOMENTEN_SERVICE_API_ROOT = "https://openklant.local/contactmomenten/api/v1/" @override_settings( OIP_ORGANIZATION="Maykin", - KIC_CONFIG_KLANTEN_API_ROOT=KLANTEN_API_ROOT, - KIC_CONFIG_KLANTEN_API_CLIENT_ID="open-inwoner-test", - KIC_CONFIG_KLANTEN_API_SECRET="klanten-secret", - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT=CONTACTMOMENTEN_API_ROOT, - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID="open-inwoner-test", - KIC_CONFIG_CONTACTMOMENTEN_API_SECRET="contactmomenten-secret", - KIC_CONFIG_REGISTER_EMAIL="admin@oip.org", - KIC_CONFIG_REGISTER_CONTACT_MOMENT=True, - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN="837194569", - KIC_CONFIG_REGISTER_CHANNEL="email", - KIC_CONFIG_REGISTER_TYPE="bericht", - KIC_CONFIG_REGISTER_EMPLOYEE_ID="1234", - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=True, + KIC_KLANTEN_SERVICE_API_ROOT=KLANTEN_SERVICE_API_ROOT, + KIC_KLANTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + KIC_KLANTEN_SERVICE_API_SECRET="klanten-secret", + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT=CONTACTMOMENTEN_SERVICE_API_ROOT, + KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + KIC_CONTACTMOMENTEN_SERVICE_API_SECRET="contactmomenten-secret", + KIC_REGISTER_EMAIL="admin@oip.org", + KIC_REGISTER_CONTACT_MOMENT=True, + KIC_REGISTER_BRONORGANISATIE_RSIN="837194569", + KIC_REGISTER_CHANNEL="email", + KIC_REGISTER_TYPE="bericht", + KIC_REGISTER_EMPLOYEE_ID="1234", + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=True, ) class KICConfigurationTests(TestCase): def test_configure(self): @@ -44,10 +44,12 @@ def test_configure(self): klanten_service = config.klanten_service contactmomenten_service = config.contactmomenten_service - self.assertEqual(klanten_service.api_root, KLANTEN_API_ROOT) + self.assertEqual(klanten_service.api_root, KLANTEN_SERVICE_API_ROOT) self.assertEqual(klanten_service.client_id, "open-inwoner-test") self.assertEqual(klanten_service.secret, "klanten-secret") - self.assertEqual(contactmomenten_service.api_root, CONTACTMOMENTEN_API_ROOT) + self.assertEqual( + contactmomenten_service.api_root, CONTACTMOMENTEN_SERVICE_API_ROOT + ) self.assertEqual(contactmomenten_service.client_id, "open-inwoner-test") self.assertEqual(contactmomenten_service.secret, "contactmomenten-secret") @@ -61,13 +63,13 @@ def test_configure(self): @override_settings( OIP_ORGANIZATION=None, - KIC_CONFIG_REGISTER_EMAIL=None, - KIC_CONFIG_REGISTER_CONTACT_MOMENT=None, - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN=None, - KIC_CONFIG_REGISTER_CHANNEL=None, - KIC_CONFIG_REGISTER_TYPE=None, - KIC_CONFIG_REGISTER_EMPLOYEE_ID=None, - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=None, + KIC_REGISTER_EMAIL=None, + KIC_REGISTER_CONTACT_MOMENT=None, + KIC_REGISTER_BRONORGANISATIE_RSIN=None, + KIC_REGISTER_CHANNEL=None, + KIC_REGISTER_TYPE=None, + KIC_REGISTER_EMPLOYEE_ID=None, + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=None, ) def test_configure_use_defaults(self): KlantenAPIConfigurationStep().configure() @@ -80,10 +82,12 @@ def test_configure_use_defaults(self): klanten_service = config.klanten_service contactmomenten_service = config.contactmomenten_service - self.assertEqual(klanten_service.api_root, KLANTEN_API_ROOT) + self.assertEqual(klanten_service.api_root, KLANTEN_SERVICE_API_ROOT) self.assertEqual(klanten_service.client_id, "open-inwoner-test") self.assertEqual(klanten_service.secret, "klanten-secret") - self.assertEqual(contactmomenten_service.api_root, CONTACTMOMENTEN_API_ROOT) + self.assertEqual( + contactmomenten_service.api_root, CONTACTMOMENTEN_SERVICE_API_ROOT + ) self.assertEqual(contactmomenten_service.client_id, "open-inwoner-test") self.assertEqual(contactmomenten_service.secret, "contactmomenten-secret") @@ -103,8 +107,8 @@ def test_configuration_check_ok(self, m): configuration.configure() - m.get(f"{KLANTEN_API_ROOT}klanten", json=[]) - m.get(f"{CONTACTMOMENTEN_API_ROOT}contactmomenten", json=[]) + m.get(f"{KLANTEN_SERVICE_API_ROOT}klanten", json=[]) + m.get(f"{CONTACTMOMENTEN_SERVICE_API_ROOT}contactmomenten", json=[]) configuration.test_configuration() @@ -112,11 +116,11 @@ def test_configuration_check_ok(self, m): self.assertEqual( status_request.url, - f"{KLANTEN_API_ROOT}klanten?subjectNatuurlijkPersoon__inpBsn=000000000", + f"{KLANTEN_SERVICE_API_ROOT}klanten?subjectNatuurlijkPersoon__inpBsn=000000000", ) self.assertEqual( zaaktype_request.url, - f"{CONTACTMOMENTEN_API_ROOT}contactmomenten?identificatie=00000", + f"{CONTACTMOMENTEN_SERVICE_API_ROOT}contactmomenten?identificatie=00000", ) @requests_mock.Mocker() @@ -135,7 +139,7 @@ def test_configuration_check_failures(self, m): ) for mock_config in mock_kwargs: with self.subTest(mock=mock_config): - m.get(f"{KLANTEN_API_ROOT}klanten", **mock_config) + m.get(f"{KLANTEN_SERVICE_API_ROOT}klanten", **mock_config) with self.assertRaises(SelfTestFailed): configuration.test_configuration() diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py index 0597fa5722..a0d3548fd1 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py @@ -54,6 +54,7 @@ SITE_SEARCH_FILTER_TAGS=False, SITE_SEARCH_FILTER_ORGANIZATIONS=False, SITE_EMAIL_NEW_MESSAGE=False, + SITE_EMAIL_VERIFICATION_REQUIRED=False, SITE_RECIPIENTS_EMAIL_DIGEST=["test1@test.nl", "test2@test.nl"], SITE_CONTACT_PHONENUMBER="12345", SITE_CONTACT_PAGE="https://test.test", diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py index 87e202b987..4d7acc62a9 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py @@ -19,35 +19,35 @@ ZGWAPIsConfigurationStep, ) -ZAKEN_API_ROOT = "https://openzaak.local/zaken/api/v1/" -CATALOGI_API_ROOT = "https://openzaak.local/catalogi/api/v1/" -DOCUMENTEN_API_ROOT = "https://openzaak.local/documenten/api/v1/" -FORMULIEREN_API_ROOT = "https://esuite.local.net/formulieren-provider/api/v1/" +ZAAK_SERVICE_API_ROOT = "https://openzaak.local/zaken/api/v1/" +CATALOGI_SERVICE_API_ROOT = "https://openzaak.local/catalogi/api/v1/" +DOCUMENTEN_SERVICE_API_ROOT = "https://openzaak.local/documenten/api/v1/" +FORM_SERVICE_API_ROOT = "https://esuite.local.net/formulieren-provider/api/v1/" @override_settings( OIP_ORGANIZATION="Maykin", - ZGW_CONFIG_ZAKEN_API_ROOT=ZAKEN_API_ROOT, - ZGW_CONFIG_ZAKEN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_ZAKEN_API_SECRET="zaken-secret", - ZGW_CONFIG_CATALOGI_API_ROOT=CATALOGI_API_ROOT, - ZGW_CONFIG_CATALOGI_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_CATALOGI_API_SECRET="catalogi-secret", - ZGW_CONFIG_DOCUMENTEN_API_ROOT=DOCUMENTEN_API_ROOT, - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_DOCUMENTEN_API_SECRET="documenten-secret", - ZGW_CONFIG_FORMULIEREN_API_ROOT=FORMULIEREN_API_ROOT, - ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_FORMULIEREN_API_SECRET="forms-secret", - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.vertrouwelijk, - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.zaakvertrouwelijk, - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=12, - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS=[".pdf", ".txt"], - ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT="title text", - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=True, - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=True, - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=True, - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=True, + ZGW_ZAAK_SERVICE_API_ROOT=ZAAK_SERVICE_API_ROOT, + ZGW_ZAAK_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_ZAAK_SERVICE_API_SECRET="zaken-secret", + ZGW_CATALOGI_SERVICE_API_ROOT=CATALOGI_SERVICE_API_ROOT, + ZGW_CATALOGI_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_CATALOGI_SERVICE_API_SECRET="catalogi-secret", + ZGW_DOCUMENTEN_SERVICE_API_ROOT=DOCUMENTEN_SERVICE_API_ROOT, + ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_DOCUMENTEN_SERVICE_API_SECRET="documenten-secret", + ZGW_FORM_SERVICE_API_ROOT=FORM_SERVICE_API_ROOT, + ZGW_FORM_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_FORM_SERVICE_API_SECRET="forms-secret", + ZGW_ZAAK_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.vertrouwelijk, + ZGW_DOCUMENT_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.zaakvertrouwelijk, + ZGW_ACTION_REQUIRED_DEADLINE_DAYS=12, + ZGW_ALLOWED_FILE_EXTENSIONS=[".pdf", ".txt"], + ZGW_MIJN_AANVRAGEN_TITLE_TEXT="title text", + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=True, + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=True, + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=True, + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=True, ) class ZGWConfigurationTests(TestCase): def test_configure(self): @@ -65,16 +65,16 @@ def test_configure(self): document_service = config.document_service form_service = config.form_service - self.assertEqual(zaak_service.api_root, ZAKEN_API_ROOT) + self.assertEqual(zaak_service.api_root, ZAAK_SERVICE_API_ROOT) self.assertEqual(zaak_service.client_id, "open-inwoner-test") self.assertEqual(zaak_service.secret, "zaken-secret") - self.assertEqual(catalogi_service.api_root, CATALOGI_API_ROOT) + self.assertEqual(catalogi_service.api_root, CATALOGI_SERVICE_API_ROOT) self.assertEqual(catalogi_service.client_id, "open-inwoner-test") self.assertEqual(catalogi_service.secret, "catalogi-secret") - self.assertEqual(document_service.api_root, DOCUMENTEN_API_ROOT) + self.assertEqual(document_service.api_root, DOCUMENTEN_SERVICE_API_ROOT) self.assertEqual(document_service.client_id, "open-inwoner-test") self.assertEqual(document_service.secret, "documenten-secret") - self.assertEqual(form_service.api_root, FORMULIEREN_API_ROOT) + self.assertEqual(form_service.api_root, FORM_SERVICE_API_ROOT) self.assertEqual(form_service.client_id, "open-inwoner-test") self.assertEqual(form_service.secret, "forms-secret") @@ -96,15 +96,15 @@ def test_configure(self): @override_settings( OIP_ORGANIZATION=None, - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=None, - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=None, - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=None, - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS=None, - ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT=None, - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=None, - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=None, - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=None, - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=None, + ZGW_ZAAK_MAX_CONFIDENTIALITY=None, + ZGW_DOCUMENT_MAX_CONFIDENTIALITY=None, + ZGW_ACTION_REQUIRED_DEADLINE_DAYS=None, + ZGW_ALLOWED_FILE_EXTENSIONS=None, + ZGW_MIJN_AANVRAGEN_TITLE_TEXT=None, + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=None, + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=None, + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=None, + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=None, ) def test_configure_use_defaults(self): ZakenAPIConfigurationStep().configure() @@ -121,16 +121,16 @@ def test_configure_use_defaults(self): document_service = config.document_service form_service = config.form_service - self.assertEqual(zaak_service.api_root, ZAKEN_API_ROOT) + self.assertEqual(zaak_service.api_root, ZAAK_SERVICE_API_ROOT) self.assertEqual(zaak_service.client_id, "open-inwoner-test") self.assertEqual(zaak_service.secret, "zaken-secret") - self.assertEqual(catalogi_service.api_root, CATALOGI_API_ROOT) + self.assertEqual(catalogi_service.api_root, CATALOGI_SERVICE_API_ROOT) self.assertEqual(catalogi_service.client_id, "open-inwoner-test") self.assertEqual(catalogi_service.secret, "catalogi-secret") - self.assertEqual(document_service.api_root, DOCUMENTEN_API_ROOT) + self.assertEqual(document_service.api_root, DOCUMENTEN_SERVICE_API_ROOT) self.assertEqual(document_service.client_id, "open-inwoner-test") self.assertEqual(document_service.secret, "documenten-secret") - self.assertEqual(form_service.api_root, FORMULIEREN_API_ROOT) + self.assertEqual(form_service.api_root, FORM_SERVICE_API_ROOT) self.assertEqual(form_service.client_id, "open-inwoner-test") self.assertEqual(form_service.secret, "forms-secret") @@ -164,11 +164,11 @@ def test_configuration_check_ok(self, m): configuration.configure() - m.get(f"{ZAKEN_API_ROOT}statussen", json=[]) - m.get(f"{CATALOGI_API_ROOT}zaaktypen", json=[]) - m.get(f"{DOCUMENTEN_API_ROOT}objectinformatieobjecten", json=[]) + m.get(f"{ZAAK_SERVICE_API_ROOT}statussen", json=[]) + m.get(f"{CATALOGI_SERVICE_API_ROOT}zaaktypen", json=[]) + m.get(f"{DOCUMENTEN_SERVICE_API_ROOT}objectinformatieobjecten", json=[]) m.get( - f"{FORMULIEREN_API_ROOT}openstaande-inzendingen", + f"{FORM_SERVICE_API_ROOT}openstaande-inzendingen", json=[], ) @@ -181,14 +181,14 @@ def test_configuration_check_ok(self, m): inzendingen_request, ) = m.request_history - self.assertEqual(status_request.url, f"{ZAKEN_API_ROOT}statussen") - self.assertEqual(zaaktype_request.url, f"{CATALOGI_API_ROOT}zaaktypen") + self.assertEqual(status_request.url, f"{ZAAK_SERVICE_API_ROOT}statussen") + self.assertEqual(zaaktype_request.url, f"{CATALOGI_SERVICE_API_ROOT}zaaktypen") self.assertEqual( - oio_request.url, f"{DOCUMENTEN_API_ROOT}objectinformatieobjecten" + oio_request.url, f"{DOCUMENTEN_SERVICE_API_ROOT}objectinformatieobjecten" ) self.assertEqual( inzendingen_request.url, - f"{FORMULIEREN_API_ROOT}openstaande-inzendingen?bsn=000000000", + f"{FORM_SERVICE_API_ROOT}openstaande-inzendingen?bsn=000000000", ) @requests_mock.Mocker() @@ -210,7 +210,7 @@ def test_configuration_check_failures(self, m): ) for mock_config in mock_kwargs: with self.subTest(mock=mock_config): - m.get(f"{ZAKEN_API_ROOT}statussen", **mock_config) + m.get(f"{ZAAK_SERVICE_API_ROOT}statussen", **mock_config) with self.assertRaises(SelfTestFailed): configuration.test_configuration()