From 84c68d5426dcdca9d8e7f7b10bbce46bc8315f0f Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Tue, 9 Apr 2024 15:09:42 +0200 Subject: [PATCH 1/9] [#2297] Add documentation for automating configurations --- docs/install/configurations.rst | 254 ++++++++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 docs/install/configurations.rst diff --git a/docs/install/configurations.rst b/docs/install/configurations.rst new file mode 100644 index 0000000000..8339bfb19d --- /dev/null +++ b/docs/install/configurations.rst @@ -0,0 +1,254 @@ +==================== +Setup configurations +==================== + +OIP supports automating the configuration of (parts of) the platform via the management command ``setup_configuration``. The command uses environment variables to configure OIP and (by default) automatically tests the configuration to detect problems. + + +Environment variables +===================== + +Variables can be defined by creating a ``.env`` file in the root directory of the project (on the same level as the ``src`` directory, not inside it) and setting the relevant variables as documented in the sections below, replacing the example values with values of your choice. Alternatively, you can use a process manager like supervisor or systemd. For example, both of the following: + +:: + + # .env + SITE_WARNING_BANNER_ENABLED=True + SITE_NAME="My site" + + # systemd config file + [Service] + Environment="SITE_WARNING_BANNER_ENABLED=True" + Environment="SITE_NAME=My site" + +will enable the warning banner and define the name of the site as "My site". Note that the variables are namespaced: ``SITE_FOO=BAR`` for variables concerning the general configuration, ``ZGW_BAR=BAZ`` for variables concerning the configuration of ZGW, and so on. For an overview of the features that support automatic configuration and the relevant environment variables, see ``Supported configurations`` below. + + +Usage +===== + +If the project is being configured for the first time, run the command from the project root: + +:: + + src/manage.py setup_configuration + + +By default, ``setup_configuration`` checks if a configuration already exists and will stop executing if it finds one. In order to overwrite an existing configuration, use: + +:: + + src/manage.py setup_configuration --overwrite + + +Also by default, ``setup_configuration`` tests the configuration to detect problems. You can disable this with the following: + +:: + + src/manage.py setup_configuration --no-selftest + + +For a full overview of the command and its options: + +:: + + src/manage.py setup_configuration --help + + + +Supported configurations +======================== + +In the following, ``FOO=`` means that only ``FOO=value1``, ``FOO=value2``, and ``FOO=value3`` are admissible. + + +General configuration +^^^^^^^^^^^^^^^^^^^^^ + +Required: +""""""""" + +:: + + SITE_PRIMARY_COLOR + SITE_SECONDARY_COLOR + SITE_ACCENT_COLOR + SITE_PRIMARY_FONT_COLOR + + +All variables: +"""""""""""""" + +:: + + SITE_CONFIG_ENABLE=True + SITE_NAME="My site" + SITE_SECONDARY_COLOR="#000000" + SITE_ACCENT_COLOR="#000000" + SITE_PRIMARY_FONT_COLOR="#111111" + SITE_SECONDARY_FONT_COLOR="#222222" + SITE_ACCENT_FONT_COLOR="#333333" + SITE_WARNING_BANNER_ENABLED= + SITE_WARNING_BANNER_TEXT="warning banner text" + SITE_WARNING_BANNER_BACKGROUND_COLOR="#444444" + SITE_WARNING_BANNER_FONT_COLOR="#555555" + SITE_LOGIN_SHOW=False + SITE_LOGIN_ALLOW_REGISTRATION= + SITE_LOGIN_2FA_SMS= + SITE_LOGIN_TEXT="login text" + SITE_REGISTRATION_TEXT="registration text" + SITE_HOME_WELCOME_TITLE="welcome title" + SITE_HOME_WELCOME_INTRO="welcome intro" + SITE_HOME_THEME_TITLE="home theme title" + SITE_HOME_THEME_INTRO="home theme intro" + SITE_THEME_TITLE="theme title" + SITE_THEME_INTRO="theme intro" + SITE_HOME_MAP_TITLE="home map title" + SITE_HOME_MAP_INTRO="home map intro" + SITE_HOME_QUESTIONNAIRE_TITLE="home questionnaire title" + SITE_HOME_QUESTIONNAIRE_INTRO="home questionnaire intro" + SITE_HOME_PRODUCT_FINDER_TITLE="home product finder title" + SITE_HOME_PRODUCT_FINDER_INTRO="home product finder intro" + SITE_SELECT_QUESTIONNAIRE_TITLE="select questionnaire title" + SITE_SELECT_QUESTIONNAIRE_INTRO="select questionnaire intro" + SITE_PLANS_INTRO="plans intro" + SITE_PLANS_NO_PLANS_MESSAGE="plans no plans_message" + SITE_PLANS_EDIT_MESSAGE="plans edit message" + SITE_FOOTER_LOGO_TITLE="footer logo title" + SITE_FOOTER_LOGO_URL="footer logo url" + SITE_HOME_HELP_TEXT="home help text" + SITE_THEME_HELP_TEXT="theme help text" + SITE_PRODUCT_HELP_TEXT="product help text" + SITE_SEARCH_HELP_TEXT="search help text" + SITE_ACCOUNT_HELP_TEXT="account help text" + SITE_QUESTIONNAIRE_HELP_TEXT="questionnaire help text" + SITE_PLAN_HELP_TEXT="plan help text" + SITE_SEARCH_FILTER_CATEGORIES=False + SITE_SEARCH_FILTER_TAGS=False + SITE_SEARCH_FILTER_ORGANIZATIONS=False + SITE_EMAIL_NEW_MESSAGE=False + SITE_RECIPIENTS_EMAIL_DIGEST="foo@test.nl,bar@test.nl,baz@test.nl" + SITE_CONTACT_PHONENUMBER="12345" + SITE_CONTACT_PAGE="https://test.test" + SITE_GTM_CODE="gtm code" + SITE_GA_CODE="ga code" + SITE_MATOMO_URL="matomo url" + SITE_MATOMO_SITE_ID=88 + SITE_SITEIMPROVE_ID="88" + SITE_COOKIE_INFO_TEXT="cookie info text" + SITE_COOKIE_LINK_TEXT="cookie link text" + SITE_COOKIE_LINK_URL="cookie link url" + SITE_KCM_SURVEY_LINK_TEXT="kcm survey link text" + SITE_KCM_SURVEY_LINK_URL="kcm survey link url" + SITE_OPENID_CONNECT_LOGIN_TEXT="openid connect login_text" + SITE_OPENID_DISPLAY="" + SITE_REDIRECT_TO="redirect to" + SITE_ALLOW_MESSAGES_FILE_SHARING=False + SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS=True + SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS=True + SITE_DISPLAY_SOCIAL= + SITE_EHERKENNING_ENABLED= + +Not supported: +"""""""""""""" + +:: + + Logo + Hero image login + Footer logo + Email logo + Favicon image + Openid Connect Logo + Theme stylesheet + Custom fonts + Flatpages + + +Klanten +^^^^^^^ + +Required: +""""""""" + +:: + + KIC_CONFIG_KLANTEN_API_ROOT + KIC_CONFIG_KLANTEN_API_CLIENT_ID + KIC_CONFIG_KLANTEN_API_SECRET + +All variables: +"""""""""""""" + +:: + + OIP_ORGANIZATION="Maykin" + KIC_CONFIG_KLANTEN_API_ROOT="https://openklant.local/klanten/api/v1/" + KIC_CONFIG_KLANTEN_API_CLIENT_ID="open-inwoner-test" + KIC_CONFIG_KLANTEN_API_SECRET="klanten-secret" + KIC_CONFIG_CONTACTMOMENTEN_API_ROOT="https://openklant.local/contactmomenten/api/v1/" + KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID="open-inwoner-test" + KIC_CONFIG_CONTACTMOMENTEN_API_SECRET="contactmomenten-secret" + KIC_CONFIG_REGISTER_EMAIL="admin@oip.org" + KIC_CONFIG_REGISTER_CONTACT_MOMENT= + KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN="837194569" + KIC_CONFIG_REGISTER_CHANNEL="email" + KIC_CONFIG_REGISTER_TYPE="bericht" + KIC_CONFIG_REGISTER_EMPLOYEE_ID="1234" + KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER= + + +Not supported: +"""""""""""""" + +:: + + Certificates + + +Zaken +^^^^^ + +Required: +""""""""" + +:: + + ZGW_CONFIG_ZAKEN_API_ROOT + ZGW_CONFIG_ZAKEN_API_CLIENT_ID + ZGW_CONFIG_ZAKEN_API_SECRET + +All variables: +"""""""""""""" + +:: + + OIP_ORGANIZATION="Maykin" + ZGW_CONFIG_ZAKEN_API_ROOT="https://openzaak.local/zaken/api/v1/" + ZGW_CONFIG_ZAKEN_API_CLIENT_ID="open-inwoner-test" + ZGW_CONFIG_ZAKEN_API_SECRET="zaken-secret" + ZGW_CONFIG_CATALOGI_API_ROOT="https://openzaak.local/catalogi/api/v1/" + ZGW_CONFIG_CATALOGI_API_CLIENT_ID="open-inwoner-test" + ZGW_CONFIG_CATALOGI_API_SECRET="catalogi-secret" + ZGW_CONFIG_DOCUMENTEN_API_ROOT="https://openzaak.local/documenten/api/v1/" + ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID="open-inwoner-test" + ZGW_CONFIG_DOCUMENTEN_API_SECRET="documenten-secret" + ZGW_CONFIG_FORMULIEREN_API_ROOT="https://esuite.local.net/formulieren-provider/api/v1/" + ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID="open-inwoner-test" + ZGW_CONFIG_FORMULIEREN_API_SECRET="forms-secret" + ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=<"openbaar" | "beperkt_openbaar | "intern" | "zaakvertrouwelijk" | "vertrouwelijk" | "confidentieel" | "geheim" | "zeer_geheim"> + ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=<"openbaar" | "beperkt_openbaar | "intern" | "zaakvertrouwelijk" | "vertrouwelijk" | "confidentieel" | "geheim" | "zeer_geheim"> + ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=12 + ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS="pdf,doc,docx,xls,xlsx,ppt,pptx,vsd,png,gif,jpg,tiff,msg,txt,rtf,jpeg,bmp" + ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT="title text" + ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN= + ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN= + ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE= + ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN= + +Not supported: +"""""""""""""" + +:: + + Certificates From 783537e0d9d74a563717846812a4f5abd6784914 Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Mon, 15 Apr 2024 12:09:00 +0200 Subject: [PATCH 2/9] [#2297] Automatate creation of documentation for config setup --- docs/configuration/digid_oidc.rst | 174 ++++++ docs/configuration/eherkenning_oidc.rst | 174 ++++++ docs/configuration/general.rst | 66 +++ docs/configuration/kic.rst | 89 +++ docs/configuration/siteconfig.rst | 505 ++++++++++++++++++ docs/configuration/zgw.rst | 107 ++++ docs/install/configurations.rst | 254 --------- .../configurations/bootstrap/constants.py | 229 ++++++++ .../configurations/bootstrap/models.py | 95 ++++ .../configurations/bootstrap/siteconfig.py | 86 +-- .../bootstrap/templates/base.rst.template | 36 ++ .../templates/digid_oidc.rst.template | 11 + .../templates/eherkenning_oidc.rst.template | 11 + .../bootstrap/templates/kic.rst.template | 11 + .../templates/siteconfig.rst.template | 11 + .../bootstrap/templates/zgw.rst.template | 11 + .../configurations/bootstrap/utils.py | 17 + .../management/commands/create_docs.py | 90 ++++ .../tests/bootstrap/test_setup_site_config.py | 1 + 19 files changed, 1646 insertions(+), 332 deletions(-) create mode 100644 docs/configuration/digid_oidc.rst create mode 100644 docs/configuration/eherkenning_oidc.rst create mode 100644 docs/configuration/general.rst create mode 100644 docs/configuration/kic.rst create mode 100644 docs/configuration/siteconfig.rst create mode 100644 docs/configuration/zgw.rst delete mode 100644 docs/install/configurations.rst create mode 100644 src/open_inwoner/configurations/bootstrap/constants.py create mode 100644 src/open_inwoner/configurations/bootstrap/models.py create mode 100644 src/open_inwoner/configurations/bootstrap/templates/base.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/templates/kic.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/utils.py create mode 100644 src/open_inwoner/configurations/management/commands/create_docs.py diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst new file mode 100644 index 0000000000..c310838b88 --- /dev/null +++ b/docs/configuration/digid_oidc.rst @@ -0,0 +1,174 @@ +.. _digid_oidc: + + +======================== +DigiD OIDC configuration +======================== + + +Settings Overview +================= + +Required: +""""""""" + +:: + + DIGID_OIDC_OIDP_RP_CLIENT_ID + DIGID_OIDC_OIDP_RP_CLIENT_SECRET + + + +All settings: +""""""""""""" + +:: + + DIGID_OIDC_ENABLED + DIGID_OIDC_IDENTIFIER_CLAIM_NAME + DIGID_OIDC_OIDC_RP_SCOPES_LIST + DIGID_OIDC_OIDC_RP_CLIENT_ID + DIGID_OIDC_OIDC_RP_CLIENT_SECRET + DIGID_OIDC_OIDC_RP_SIGN_ALGO + DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT + DIGID_OIDC_OIDC_OP_USER_ENDPOINT + DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY + DIGID_OIDC_OIDC_USE_NONCE + DIGID_OIDC_OIDC_NONCE_SIZE + DIGID_OIDC_OIDC_STATE_SIZE + DIGID_OIDC_OIDC_EXEMPT_URLS + DIGID_OIDC_USERINFO_CLAIMS_SOURCE + DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + DIGID_OIDC_ERROR_MESSAGE_MAPPING + DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + + +Detailed Information +==================== + +:: + + + Variable DIGID_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. + Possible values True, False + + + Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME + Setting BSN claim name + Description The name of the claim in which the BSN of the user is stored + Possible values string + + + Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited (i.e. 'foo,bar,baz') + + + Variable DIGID_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + + + Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + + + Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + + + Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string (URL) + + + Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string (URL) + + + Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string (URL) + + + Variable DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string (URL) + + + Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string (URL) + + + Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + + + Variable DIGID_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + + + Variable DIGID_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string (positive integer) + + + Variable DIGID_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string (positive integer) + + + Variable DIGID_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + + + Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint,id_token + + + Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint + Possible values string (URL) + + + Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values JSON ({'key':'value'}) + + + Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Possible values string + + \ No newline at end of file diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst new file mode 100644 index 0000000000..887016a443 --- /dev/null +++ b/docs/configuration/eherkenning_oidc.rst @@ -0,0 +1,174 @@ +.. _eherkenning_oidc: + + +======================== +eHerkenning OIDC configuration +======================== + + +Settings Overview +================= + +Required: +""""""""" + +:: + + EHERKENNING_OIDC_EHERKENNING_RP_CLIENT_ID + EHERKENNING_OIDC_EHERKENNING_RP_CLIENT_SECRET + + + +All settings: +""""""""""""" + +:: + + EHERKENNING_OIDC_ENABLED + EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY + EHERKENNING_OIDC_OIDC_USE_NONCE + EHERKENNING_OIDC_OIDC_NONCE_SIZE + EHERKENNING_OIDC_OIDC_STATE_SIZE + EHERKENNING_OIDC_OIDC_EXEMPT_URLS + EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING + EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + + +Detailed Information +==================== + +:: + + + Variable EHERKENNING_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. + Possible values True, False + + + Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + Setting KVK claim name + Description The name of the claim in which the KVK of the user is stored + Possible values string + + + Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited (i.e. 'foo,bar,baz') + + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + + + Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + + + Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string (URL) + + + Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string (URL) + + + Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string (URL) + + + Variable EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string (URL) + + + Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string (URL) + + + Variable EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + + + Variable EHERKENNING_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + + + Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string (positive integer) + + + Variable EHERKENNING_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string (positive integer) + + + Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + + + Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint,id_token + + + Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint + Possible values string (URL) + + + Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values JSON ({'key':'value'}) + + + Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Possible values string + + \ No newline at end of file diff --git a/docs/configuration/general.rst b/docs/configuration/general.rst new file mode 100644 index 0000000000..b1fa946a65 --- /dev/null +++ b/docs/configuration/general.rst @@ -0,0 +1,66 @@ +==================== +Setup configurations +==================== + +OIP supports automating the configuration of (parts of) the platform via the management command ``setup_configuration``. The command uses environment variables to configure OIP and (by default) automatically tests the configuration to detect problems. + + +Defining variables +================== + +Variables can be defined by creating a ``.env`` file in the root directory of the project (on the same level as the ``src`` directory, not inside it) and setting the relevant variables as documented in the sections below, replacing the example values with values of your choice. Alternatively, you can use a process manager like supervisor or systemd. For example, both of the following: + +:: + + # .env + SITE_WARNING_BANNER_ENABLED=True + SITE_NAME="My site" + + # systemd config file + [Service] + Environment="SITE_WARNING_BANNER_ENABLED=True" + Environment="SITE_NAME=My site" + +will enable the warning banner and define the name of the site as "My site". Note that the variables are namespaced: ``SITE_FOO=BAR`` for variables concerning the general configuration, ``ZGW_BAR=BAZ`` for variables concerning the configuration of ZGW, and so on. For an overview of the features that support automatic configuration and the relevant environment variables, see ``Supported configurations`` below. + + +Usage +===== + +If the project is being configured for the first time, run the command from the project root: + +:: + + src/manage.py setup_configuration + + +By default, ``setup_configuration`` checks if a configuration already exists and will stop executing if it finds one. In order to overwrite an existing configuration, use: + +:: + + src/manage.py setup_configuration --overwrite + + +Also by default, ``setup_configuration`` tests the configuration to detect problems. You can disable this with the following: + +:: + + src/manage.py setup_configuration --no-selftest + + +For a full overview of the command and its options: + +:: + + src/manage.py setup_configuration --help + + + +Supported configurations +======================== + +:doc:`General configuration <./siteconfig.rst>` +:doc:`Klanten interactie configuration <./kic.rst>` +:doc:`ZGW configuration <./zgw.rst>` +:doc:`DigiD OIDC configuration <./digid_oidc.rst>` +:doc:`eHerkenning OIDC <./eherkenning_oidc.rst>` diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst new file mode 100644 index 0000000000..4c33e30bbe --- /dev/null +++ b/docs/configuration/kic.rst @@ -0,0 +1,89 @@ +.. _kic: + + +===================== +Klanten configuration +===================== + + +Settings Overview +================= + +Required: +""""""""" + +:: + + KIC_CONFIG_KLANTEN_API_ROOT + KIC_CONFIG_KLANTEN_API_CLIENT_ID + KIC_CONFIG_KLANTEN_API_CLIENT_SECRET + KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID + KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET + KIC_CONFIG_REGISTER_TYPE + KIC_CONFIG_REGISTER_CONTACT_MOMENT + + + +All settings: +""""""""""""" + +:: + + KIC_CONFIG_REGISTER_EMAIL + KIC_CONFIG_REGISTER_CONTACT_MOMENT + KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN + KIC_CONFIG_REGISTER_CHANNEL + KIC_CONFIG_REGISTER_TYPE + KIC_CONFIG_REGISTER_EMPLOYEE_ID + KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + + +Detailed Information +==================== + +:: + + + Variable KIC_CONFIG_REGISTER_EMAIL + Setting Registreer op email adres + Description + Possible values string (Email) + + + Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT + Setting Registreer in Contactmomenten API + Description + Possible values True, False + + + Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN + Setting Organisatie RSIN + Description + Possible values string + + + Variable KIC_CONFIG_REGISTER_CHANNEL + Setting Contactmoment kanaal + Description The channel through which contactmomenten are created + Possible values string + + + Variable KIC_CONFIG_REGISTER_TYPE + Setting Contactmoment type + Description Naam van 'contacttype' uit e-Suite + Possible values string + + + Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID + Setting Medewerker identificatie + Description Gebruikersnaam van actieve medewerker uit e-Suite + Possible values string + + + Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN + Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. + Possible values True, False + + \ No newline at end of file diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst new file mode 100644 index 0000000000..477bbd242a --- /dev/null +++ b/docs/configuration/siteconfig.rst @@ -0,0 +1,505 @@ +.. _siteconfig: + + +===================== +General configuration +===================== + + +Settings Overview +================= + +Required: +""""""""" + +:: + + SITE_NAME + SITE_PRIMARY_COLOR + SITE_SECONDARY_COLOR + SITE_ACCENT_COLOR + + + +All settings: +""""""""""""" + +:: + + SITE_NAME + SITE_PRIMARY_COLOR + SITE_SECONDARY_COLOR + SITE_ACCENT_COLOR + SITE_PRIMARY_FONT_COLOR + SITE_SECONDARY_FONT_COLOR + SITE_ACCENT_FONT_COLOR + SITE_WARNING_BANNER_ENABLED + SITE_WARNING_BANNER_TEXT + SITE_WARNING_BANNER_BACKGROUND_COLOR + SITE_WARNING_BANNER_FONT_COLOR + SITE_LOGIN_SHOW + SITE_LOGIN_ALLOW_REGISTRATION + SITE_LOGIN_2FA_SMS + SITE_LOGIN_TEXT + SITE_REGISTRATION_TEXT + SITE_HOME_WELCOME_TITLE + SITE_HOME_WELCOME_INTRO + SITE_HOME_THEME_TITLE + SITE_HOME_THEME_INTRO + SITE_THEME_TITLE + SITE_THEME_INTRO + SITE_HOME_MAP_TITLE + SITE_HOME_MAP_INTRO + SITE_HOME_QUESTIONNAIRE_TITLE + SITE_HOME_QUESTIONNAIRE_INTRO + SITE_HOME_PRODUCT_FINDER_TITLE + SITE_HOME_PRODUCT_FINDER_INTRO + SITE_SELECT_QUESTIONNAIRE_TITLE + SITE_SELECT_QUESTIONNAIRE_INTRO + SITE_PLANS_INTRO + SITE_PLANS_NO_PLANS_MESSAGE + SITE_PLANS_EDIT_MESSAGE + SITE_FOOTER_LOGO_TITLE + SITE_FOOTER_LOGO_URL + SITE_HOME_HELP_TEXT + SITE_THEME_HELP_TEXT + SITE_PRODUCT_HELP_TEXT + SITE_SEARCH_HELP_TEXT + SITE_ACCOUNT_HELP_TEXT + SITE_QUESTIONNAIRE_HELP_TEXT + SITE_PLAN_HELP_TEXT + SITE_SEARCH_FILTER_CATEGORIES + SITE_SEARCH_FILTER_TAGS + SITE_SEARCH_FILTER_ORGANIZATIONS + SITE_EMAIL_NEW_MESSAGE + SITE_RECIPIENTS_EMAIL_DIGEST + SITE_CONTACT_PHONENUMBER + SITE_CONTACT_PAGE + SITE_GTM_CODE + SITE_GA_CODE + SITE_MATOMO_URL + SITE_MATOMO_SITE_ID + SITE_SITEIMPROVE_ID + SITE_COOKIE_INFO_TEXT + SITE_COOKIE_LINK_TEXT + SITE_COOKIE_LINK_URL + SITE_KCM_SURVEY_LINK_TEXT + SITE_KCM_SURVEY_LINK_URL + SITE_OPENID_CONNECT_LOGIN_TEXT + SITE_OPENID_DISPLAY + SITE_REDIRECT_TO + SITE_ALLOW_MESSAGES_FILE_SHARING + SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + SITE_DISPLAY_SOCIAL + SITE_EHERKENNING_ENABLED + + +Detailed Information +==================== + +:: + + + Variable SITE_NAME + Setting Naam + Description Naam van de gemeente + Possible values string + + + Variable SITE_PRIMARY_COLOR + Setting Primaire kleur + Description Hoofdkleur van de gemeentesite/huisstijl + Possible values string + + + Variable SITE_SECONDARY_COLOR + Setting Secundaire kleur + Description Secundaire kleur van de gemeentesite/huisstijl + Possible values string + + + Variable SITE_ACCENT_COLOR + Setting Accentkleur + Description Accentkleur van de gemeentesite/huisstijl + Possible values string + + + Variable SITE_PRIMARY_FONT_COLOR + Setting Primaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is + Possible values string + + + Variable SITE_SECONDARY_FONT_COLOR + Setting Secundaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is + Possible values string + + + Variable SITE_ACCENT_FONT_COLOR + Setting Accent tekstkleur + Description De tekstkleur voor wanneer de achtergrond de accentkleur is + Possible values string + + + Variable SITE_WARNING_BANNER_ENABLED + Setting Toon waarschuwingsbanner + Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Possible values True, False + + + Variable SITE_WARNING_BANNER_TEXT + Setting Tekstinhoud waarschuwingsbanner + Description De tekst die zichtbaar is in de waarschuwingsbanner + Possible values string + + + Variable SITE_WARNING_BANNER_BACKGROUND_COLOR + Setting Waarschuwingsbanner achtergrond + Description Waarschuwingsbanner achtergrondkleur + Possible values string + + + Variable SITE_WARNING_BANNER_FONT_COLOR + Setting Waarschuwingsbanner tekst + Description De tekstkleur voor de waarschuwingsbanner + Possible values string + + + Variable SITE_LOGIN_SHOW + Setting Toon inlogknop rechts bovenin + Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen + Possible values True, False + + + Variable SITE_LOGIN_ALLOW_REGISTRATION + Setting Sta lokale registratie toe + Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. + Possible values True, False + + + Variable SITE_LOGIN_2FA_SMS + Setting Log in met 2FA-met-SMS + Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen + Possible values True, False + + + Variable SITE_LOGIN_TEXT + Setting Login tekst + Description Deze tekst wordt getoond op de login pagina. + Possible values string + + + Variable SITE_REGISTRATION_TEXT + Setting Registratie tekst + Description Deze tekst wordt getoond op de registratie pagina. + Possible values string + + + Variable SITE_HOME_WELCOME_TITLE + Setting Koptekst homepage + Description Koptekst op de homepage + Possible values string + + + Variable SITE_HOME_WELCOME_INTRO + Setting Introductietekst homepage + Description Introductietekst op de homepage + Possible values string + + + Variable SITE_HOME_THEME_TITLE + Setting Titel 'Onderwerpen' op de homepage + Description Koptekst van de Onderwerpen op de homepage + Possible values string + + + Variable SITE_HOME_THEME_INTRO + Setting Onderwerpen introductietekst op de homepage + Description Introductietekst 'Onderwerpen' op de homepage + Possible values string + + + Variable SITE_THEME_TITLE + Setting Onderwerpen titel + Description Titel op de Onderwerpenpagina + Possible values string + + + Variable SITE_THEME_INTRO + Setting Onderwerpen introductie + Description Introductietekst op de onderwerpenpagina + Possible values string + + + Variable SITE_HOME_MAP_TITLE + Setting Koptekst van de kaart op de homepage + Description Koptekst van de kaart op de homepage + Possible values string + + + Variable SITE_HOME_MAP_INTRO + Setting Introductietekst kaart + Description Introductietekst van de kaart op de homepage + Possible values string + + + Variable SITE_HOME_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst homepage + Description Vragenlijst titel op de homepage. + Possible values string + + + Variable SITE_HOME_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst homepage + Description Vragenlijst introductietekst op de homepage. + Possible values string + + + Variable SITE_HOME_PRODUCT_FINDER_TITLE + Setting Productzoeker titel + Description Titel van de productzoeker op de homepage. + Possible values string + + + Variable SITE_HOME_PRODUCT_FINDER_INTRO + Setting Introductietekst productzoeker homepage + Description Introductietekst van de productzoeker op de homepage. + Possible values string + + + Variable SITE_SELECT_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst widget + Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. + Possible values string + + + Variable SITE_SELECT_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst widget + Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Possible values string + + + Variable SITE_PLANS_INTRO + Setting Introductietekst Samenwerken + Description Subtitel voor de planpagina. + Possible values string + + + Variable SITE_PLANS_NO_PLANS_MESSAGE + Setting Standaardtekst geen samenwerkingen + Description Het bericht als een gebruiker nog geen plannen heeft. + Possible values string + + + Variable SITE_PLANS_EDIT_MESSAGE + Setting Standaardtekst 'doel wijzigen' + Description Het bericht wanneer een gebruiker een doel wijzigt. + Possible values string + + + Variable SITE_FOOTER_LOGO_TITLE + Setting Footer logo title + Description The title - help text of the footer logo. + Possible values string + + + Variable SITE_FOOTER_LOGO_URL + Setting Footer logo link + Description The external link for the footer logo. + Possible values string (URL) + + + Variable SITE_HOME_HELP_TEXT + Setting Helptekst homepage + Description Helptekst in de popup op de voorpagina + Possible values string + + + Variable SITE_THEME_HELP_TEXT + Setting Onderwerpen help + Description Helptekst in de popup op de onderwerpenpagina + Possible values string + + + Variable SITE_PRODUCT_HELP_TEXT + Setting Helptekst producten + Description Helptekst in de popup van de productenpagina's + Possible values string + + + Variable SITE_SEARCH_HELP_TEXT + Setting Helptekst zoeken + Description De helptekst in de popup op de zoekpagina's + Possible values string + + + Variable SITE_ACCOUNT_HELP_TEXT + Setting Helptekst mijn profiel + Description De helptekst in de popup van de profielpagina's + Possible values string + + + Variable SITE_QUESTIONNAIRE_HELP_TEXT + Setting Helptekst vragenlijst/zelftest + Description De helptekst in de popup op de vragenlijst/zelftestpagina's + Possible values string + + + Variable SITE_PLAN_HELP_TEXT + Setting Helptekst samenwerken + Description De helptekst in de popup van de samenwerken-pagina's + Possible values string + + + Variable SITE_SEARCH_FILTER_CATEGORIES + Setting Onderwerpenfilter toevoegen aan zoekresultaten + Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + + + Variable SITE_SEARCH_FILTER_TAGS + Setting Tagfilter toevoegen aan zoekresultaten + Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + + + Variable SITE_SEARCH_FILTER_ORGANIZATIONS + Setting Organisaties-filter toevoegen aan zoekresultaten + Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + + + Variable SITE_EMAIL_NEW_MESSAGE + Setting Stuur een mail bij nieuwe berichten + Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. + Possible values True, False + + + Variable SITE_RECIPIENTS_EMAIL_DIGEST + Setting ontvangers e-mailsamenvatting + Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. + Possible values string, comma-delimited (e.g. 'user1@test.nl, user2@test.nl' + + + Variable SITE_CONTACT_PHONENUMBER + Setting Telefoonnummer + Description Telefoonnummer van de organisatie + Possible values string + + + Variable SITE_CONTACT_PAGE + Setting URL + Description URL van de contactpagina van de organisatie + Possible values string (URL) + + + Variable SITE_GTM_CODE + Setting Google Tag Manager code + Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. + Possible values string + + + Variable SITE_GA_CODE + Setting Google Analytics code + Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. + Possible values string + + + Variable SITE_MATOMO_URL + Setting Matamo server URL + Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. + Possible values string (URL) + + + Variable SITE_MATOMO_SITE_ID + Setting Matamo site ID + Description De 'idsite' van de website in Matamo die getrackt dient te worden. + Possible values string + + + Variable SITE_SITEIMPROVE_ID + Setting SiteImprove ID + Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. + Possible values string + + + Variable SITE_COOKIE_INFO_TEXT + Setting Tekst cookiebanner informatie + Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. + Possible values string + + + Variable SITE_COOKIE_LINK_TEXT + Setting Tekst cookiebanner link + Description De tekst die wordt gebruikt als link naar de privacypagina. + Possible values string + + + Variable SITE_COOKIE_LINK_URL + Setting URL van de privacypagina + Description De link naar de pagina met het privacybeleid. + Possible values string + + + Variable SITE_KCM_SURVEY_LINK_TEXT + Setting KCM survey link text + Description The text that is displayed on the customer satisfaction survey link + Possible values string + + + Variable SITE_KCM_SURVEY_LINK_URL + Setting KCM survey URL + Description The external link for the customer satisfaction survey. + Possible values string (URL) + + + Variable SITE_OPENID_CONNECT_LOGIN_TEXT + Setting OpenID Connect login tekst + Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld + Possible values string + + + Variable SITE_OPENID_DISPLAY + Setting Toon optie om in te loggen via OpenID Connect + Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. + Possible values string + + + Variable SITE_REDIRECT_TO + Setting Stuur niet-ingelogde gebruiker door naar + Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' + Possible values string (URL) + + + Variable SITE_ALLOW_MESSAGES_FILE_SHARING + Setting Sta het delen van bestanden via Mijn Berichten toe + Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden + Possible values True, False + + + Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers + Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. + Possible values True, False + + + Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + Setting Verberg zoekbalk voor anonieme gebruiker + Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. + Possible values True, False + + + Variable SITE_DISPLAY_SOCIAL + Setting Toon sociale media knoppen bij elk product + Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) + Possible values True, False + + + Variable SITE_EHERKENNING_ENABLED + Setting eHerkenning authentication ingeschakeld + Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. + Possible values True, False + + \ No newline at end of file diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst new file mode 100644 index 0000000000..2a263431c8 --- /dev/null +++ b/docs/configuration/zgw.rst @@ -0,0 +1,107 @@ +.. _zgw: + + +================= +ZGW configuration +================= + + +Settings Overview +================= + +Required: +""""""""" + +:: + + ZGW_CONFIG_ZAAK_API_ROOT + ZGW_CONFIG_ZAAK_API_CLIENT_ID + ZGW_CONFIG_ZAAK_API_CLIENT_SECRET + ZGW_CONFIG_CATALOGI_API_ROOT + ZGW_CONFIG_CATALOGI_API_CLIENT_ID + ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET + ZGW_CONFIG_DOCUMENTEN_API_ROOT + ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID + ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET + ZGW_CONFIG_FORMULIEREN_API_ROOT + ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID + ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET + + + +All settings: +""""""""""""" + +:: + + ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS + ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + ZGW_CONFIG_TITLE_TEXT + ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + + +Detailed Information +==================== + +:: + + + Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + Setting Zaak vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken + Possible values openbaar,beperkt_openbaar,intern,zaakvertrouwelijk,vertrouwelijk,confidentieel,geheim,zeer_geheim + + + Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + Setting Documenten vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken + Possible values openbaar,beperkt_openbaar,intern,zaakvertrouwelijk,vertrouwelijk,confidentieel,geheim,zeer_geheim + + + Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS + Setting allowed file extensions + Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. + Possible values bmp,doc,docx,gif,jpeg,jpg,msg,pdf,png,ppt,pptx,rtf,tiff,txt,vsd,xls,xlsx + + + Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + Setting Maak gebruik van StatusType.informeren workaround (eSuite) + Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. + Possible values True, False + + + Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + Setting Converteer eSuite zaaknummers + Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). + Possible values True, False + + + Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken + Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. + Possible values True, False + + + Variable ZGW_CONFIG_TITLE_TEXT + Setting Titel tekst + Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. + Possible values True, False + + + Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken + Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker + Possible values True, False + + + Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + Setting Standaard actie deadline termijn in dagen + Description Aantal dagen voor gebruiker om actie te ondernemen. + Possible values string (number) + + \ No newline at end of file diff --git a/docs/install/configurations.rst b/docs/install/configurations.rst deleted file mode 100644 index 8339bfb19d..0000000000 --- a/docs/install/configurations.rst +++ /dev/null @@ -1,254 +0,0 @@ -==================== -Setup configurations -==================== - -OIP supports automating the configuration of (parts of) the platform via the management command ``setup_configuration``. The command uses environment variables to configure OIP and (by default) automatically tests the configuration to detect problems. - - -Environment variables -===================== - -Variables can be defined by creating a ``.env`` file in the root directory of the project (on the same level as the ``src`` directory, not inside it) and setting the relevant variables as documented in the sections below, replacing the example values with values of your choice. Alternatively, you can use a process manager like supervisor or systemd. For example, both of the following: - -:: - - # .env - SITE_WARNING_BANNER_ENABLED=True - SITE_NAME="My site" - - # systemd config file - [Service] - Environment="SITE_WARNING_BANNER_ENABLED=True" - Environment="SITE_NAME=My site" - -will enable the warning banner and define the name of the site as "My site". Note that the variables are namespaced: ``SITE_FOO=BAR`` for variables concerning the general configuration, ``ZGW_BAR=BAZ`` for variables concerning the configuration of ZGW, and so on. For an overview of the features that support automatic configuration and the relevant environment variables, see ``Supported configurations`` below. - - -Usage -===== - -If the project is being configured for the first time, run the command from the project root: - -:: - - src/manage.py setup_configuration - - -By default, ``setup_configuration`` checks if a configuration already exists and will stop executing if it finds one. In order to overwrite an existing configuration, use: - -:: - - src/manage.py setup_configuration --overwrite - - -Also by default, ``setup_configuration`` tests the configuration to detect problems. You can disable this with the following: - -:: - - src/manage.py setup_configuration --no-selftest - - -For a full overview of the command and its options: - -:: - - src/manage.py setup_configuration --help - - - -Supported configurations -======================== - -In the following, ``FOO=`` means that only ``FOO=value1``, ``FOO=value2``, and ``FOO=value3`` are admissible. - - -General configuration -^^^^^^^^^^^^^^^^^^^^^ - -Required: -""""""""" - -:: - - SITE_PRIMARY_COLOR - SITE_SECONDARY_COLOR - SITE_ACCENT_COLOR - SITE_PRIMARY_FONT_COLOR - - -All variables: -"""""""""""""" - -:: - - SITE_CONFIG_ENABLE=True - SITE_NAME="My site" - SITE_SECONDARY_COLOR="#000000" - SITE_ACCENT_COLOR="#000000" - SITE_PRIMARY_FONT_COLOR="#111111" - SITE_SECONDARY_FONT_COLOR="#222222" - SITE_ACCENT_FONT_COLOR="#333333" - SITE_WARNING_BANNER_ENABLED= - SITE_WARNING_BANNER_TEXT="warning banner text" - SITE_WARNING_BANNER_BACKGROUND_COLOR="#444444" - SITE_WARNING_BANNER_FONT_COLOR="#555555" - SITE_LOGIN_SHOW=False - SITE_LOGIN_ALLOW_REGISTRATION= - SITE_LOGIN_2FA_SMS= - SITE_LOGIN_TEXT="login text" - SITE_REGISTRATION_TEXT="registration text" - SITE_HOME_WELCOME_TITLE="welcome title" - SITE_HOME_WELCOME_INTRO="welcome intro" - SITE_HOME_THEME_TITLE="home theme title" - SITE_HOME_THEME_INTRO="home theme intro" - SITE_THEME_TITLE="theme title" - SITE_THEME_INTRO="theme intro" - SITE_HOME_MAP_TITLE="home map title" - SITE_HOME_MAP_INTRO="home map intro" - SITE_HOME_QUESTIONNAIRE_TITLE="home questionnaire title" - SITE_HOME_QUESTIONNAIRE_INTRO="home questionnaire intro" - SITE_HOME_PRODUCT_FINDER_TITLE="home product finder title" - SITE_HOME_PRODUCT_FINDER_INTRO="home product finder intro" - SITE_SELECT_QUESTIONNAIRE_TITLE="select questionnaire title" - SITE_SELECT_QUESTIONNAIRE_INTRO="select questionnaire intro" - SITE_PLANS_INTRO="plans intro" - SITE_PLANS_NO_PLANS_MESSAGE="plans no plans_message" - SITE_PLANS_EDIT_MESSAGE="plans edit message" - SITE_FOOTER_LOGO_TITLE="footer logo title" - SITE_FOOTER_LOGO_URL="footer logo url" - SITE_HOME_HELP_TEXT="home help text" - SITE_THEME_HELP_TEXT="theme help text" - SITE_PRODUCT_HELP_TEXT="product help text" - SITE_SEARCH_HELP_TEXT="search help text" - SITE_ACCOUNT_HELP_TEXT="account help text" - SITE_QUESTIONNAIRE_HELP_TEXT="questionnaire help text" - SITE_PLAN_HELP_TEXT="plan help text" - SITE_SEARCH_FILTER_CATEGORIES=False - SITE_SEARCH_FILTER_TAGS=False - SITE_SEARCH_FILTER_ORGANIZATIONS=False - SITE_EMAIL_NEW_MESSAGE=False - SITE_RECIPIENTS_EMAIL_DIGEST="foo@test.nl,bar@test.nl,baz@test.nl" - SITE_CONTACT_PHONENUMBER="12345" - SITE_CONTACT_PAGE="https://test.test" - SITE_GTM_CODE="gtm code" - SITE_GA_CODE="ga code" - SITE_MATOMO_URL="matomo url" - SITE_MATOMO_SITE_ID=88 - SITE_SITEIMPROVE_ID="88" - SITE_COOKIE_INFO_TEXT="cookie info text" - SITE_COOKIE_LINK_TEXT="cookie link text" - SITE_COOKIE_LINK_URL="cookie link url" - SITE_KCM_SURVEY_LINK_TEXT="kcm survey link text" - SITE_KCM_SURVEY_LINK_URL="kcm survey link url" - SITE_OPENID_CONNECT_LOGIN_TEXT="openid connect login_text" - SITE_OPENID_DISPLAY="" - SITE_REDIRECT_TO="redirect to" - SITE_ALLOW_MESSAGES_FILE_SHARING=False - SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS=True - SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS=True - SITE_DISPLAY_SOCIAL= - SITE_EHERKENNING_ENABLED= - -Not supported: -"""""""""""""" - -:: - - Logo - Hero image login - Footer logo - Email logo - Favicon image - Openid Connect Logo - Theme stylesheet - Custom fonts - Flatpages - - -Klanten -^^^^^^^ - -Required: -""""""""" - -:: - - KIC_CONFIG_KLANTEN_API_ROOT - KIC_CONFIG_KLANTEN_API_CLIENT_ID - KIC_CONFIG_KLANTEN_API_SECRET - -All variables: -"""""""""""""" - -:: - - OIP_ORGANIZATION="Maykin" - KIC_CONFIG_KLANTEN_API_ROOT="https://openklant.local/klanten/api/v1/" - KIC_CONFIG_KLANTEN_API_CLIENT_ID="open-inwoner-test" - KIC_CONFIG_KLANTEN_API_SECRET="klanten-secret" - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT="https://openklant.local/contactmomenten/api/v1/" - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID="open-inwoner-test" - KIC_CONFIG_CONTACTMOMENTEN_API_SECRET="contactmomenten-secret" - KIC_CONFIG_REGISTER_EMAIL="admin@oip.org" - KIC_CONFIG_REGISTER_CONTACT_MOMENT= - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN="837194569" - KIC_CONFIG_REGISTER_CHANNEL="email" - KIC_CONFIG_REGISTER_TYPE="bericht" - KIC_CONFIG_REGISTER_EMPLOYEE_ID="1234" - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER= - - -Not supported: -"""""""""""""" - -:: - - Certificates - - -Zaken -^^^^^ - -Required: -""""""""" - -:: - - ZGW_CONFIG_ZAKEN_API_ROOT - ZGW_CONFIG_ZAKEN_API_CLIENT_ID - ZGW_CONFIG_ZAKEN_API_SECRET - -All variables: -"""""""""""""" - -:: - - OIP_ORGANIZATION="Maykin" - ZGW_CONFIG_ZAKEN_API_ROOT="https://openzaak.local/zaken/api/v1/" - ZGW_CONFIG_ZAKEN_API_CLIENT_ID="open-inwoner-test" - ZGW_CONFIG_ZAKEN_API_SECRET="zaken-secret" - ZGW_CONFIG_CATALOGI_API_ROOT="https://openzaak.local/catalogi/api/v1/" - ZGW_CONFIG_CATALOGI_API_CLIENT_ID="open-inwoner-test" - ZGW_CONFIG_CATALOGI_API_SECRET="catalogi-secret" - ZGW_CONFIG_DOCUMENTEN_API_ROOT="https://openzaak.local/documenten/api/v1/" - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID="open-inwoner-test" - ZGW_CONFIG_DOCUMENTEN_API_SECRET="documenten-secret" - ZGW_CONFIG_FORMULIEREN_API_ROOT="https://esuite.local.net/formulieren-provider/api/v1/" - ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID="open-inwoner-test" - ZGW_CONFIG_FORMULIEREN_API_SECRET="forms-secret" - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=<"openbaar" | "beperkt_openbaar | "intern" | "zaakvertrouwelijk" | "vertrouwelijk" | "confidentieel" | "geheim" | "zeer_geheim"> - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=<"openbaar" | "beperkt_openbaar | "intern" | "zaakvertrouwelijk" | "vertrouwelijk" | "confidentieel" | "geheim" | "zeer_geheim"> - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=12 - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS="pdf,doc,docx,xls,xlsx,ppt,pptx,vsd,png,gif,jpg,tiff,msg,txt,rtf,jpeg,bmp" - ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT="title text" - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN= - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN= - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE= - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN= - -Not supported: -"""""""""""""" - -:: - - Certificates diff --git a/src/open_inwoner/configurations/bootstrap/constants.py b/src/open_inwoner/configurations/bootstrap/constants.py new file mode 100644 index 0000000000..d246fc5604 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/constants.py @@ -0,0 +1,229 @@ +from mozilla_django_oidc_db.models import UserInformationClaimsSources +from zgw_consumers.api_models.constants import VertrouwelijkheidsAanduidingen + +from open_inwoner.openzaak.models import generate_default_file_extensions + +from .utils import generate_api_fields_from_template + +CONFIDENTIALITY_CHOICES = [ + choice[0] for choice in VertrouwelijkheidsAanduidingen.choices +] +FILE_EXTENSION_CHOICES = [ext for ext in generate_default_file_extensions()] +USER_INFO_CLAIM_SOURCES_CHOICES = [ + choice[0] for choice in UserInformationClaimsSources.choices +] + + +siteconfig_fields = { + "name": {"values": "string"}, + "primary_color": {"values": "string"}, + "secondary_color": {"values": "string"}, + "accent_color": {"values": "string"}, + "primary_font_color": {"values": "string"}, + "secondary_font_color": {"values": "string"}, + "accent_font_color": {"values": "string"}, + "warning_banner_enabled": {"values": "True, False"}, + "warning_banner_text": {"values": "string"}, + "warning_banner_background_color": {"values": "string"}, + "warning_banner_font_color": {"values": "string"}, + "login_show": {"values": "True, False"}, + "login_allow_registration": {"values": "True, False"}, + "login_2fa_sms": {"values": "True, False"}, + "login_text": {"values": "string"}, + "registration_text": {"values": "string"}, + "home_welcome_title": {"values": "string"}, + "home_welcome_intro": {"values": "string"}, + "home_theme_title": {"values": "string"}, + "home_theme_intro": {"values": "string"}, + "theme_title": {"values": "string"}, + "theme_intro": {"values": "string"}, + "home_map_title": {"values": "string"}, + "home_map_intro": {"values": "string"}, + "home_questionnaire_title": {"values": "string"}, + "home_questionnaire_intro": {"values": "string"}, + "home_product_finder_title": {"values": "string"}, + "home_product_finder_intro": {"values": "string"}, + "select_questionnaire_title": {"values": "string"}, + "select_questionnaire_intro": {"values": "string"}, + "plans_intro": {"values": "string"}, + "plans_no_plans_message": {"values": "string"}, + "plans_edit_message": {"values": "string"}, + "footer_logo_title": {"values": "string"}, + "footer_logo_url": {"values": "string (URL)"}, + "home_help_text": {"values": "string"}, + "theme_help_text": {"values": "string"}, + "product_help_text": {"values": "string"}, + "search_help_text": {"values": "string"}, + "account_help_text": {"values": "string"}, + "questionnaire_help_text": {"values": "string"}, + "plan_help_text": {"values": "string"}, + "search_filter_categories": {"values": "True, False"}, + "search_filter_tags": {"values": "True, False"}, + "search_filter_organizations": {"values": "True, False"}, + "email_new_message": {"values": "True, False"}, + "recipients_email_digest": { + "values": "string, comma-delimited (e.g. 'user1@test.nl, user2@test.nl'" + }, + "contact_phonenumber": {"values": "string"}, + "contact_page": {"values": "string (URL)"}, + "gtm_code": {"values": "string"}, + "ga_code": {"values": "string"}, + "matomo_url": {"values": "string (URL)"}, + "matomo_site_id": {"values": "string"}, + "siteimprove_id": {"values": "string"}, + "cookie_info_text": {"values": "string"}, + "cookie_link_text": {"values": "string"}, + "cookie_link_url": {"values": "string"}, + "kcm_survey_link_text": {"values": "string"}, + "kcm_survey_link_url": {"values": "string (URL)"}, + "openid_connect_login_text": {"values": "string"}, + "openid_display": {"values": "string"}, + "redirect_to": {"values": "string (URL)"}, + "allow_messages_file_sharing": {"values": "True, False"}, + "hide_categories_from_anonymous_users": {"values": "True, False"}, + "hide_search_from_anonymous_users": {"values": "True, False"}, + "display_social": {"values": "True, False"}, + "eherkenning_enabled": {"values": "True, False"}, +} + + +# +# KIC config +# +kic_fields = { + "register_email": { + "values": "string (Email)", + }, + "register_contact_moment": { + "values": "True, False", + }, + "register_bronorganisatie_rsin": { + "values": "string", + }, + "register_channel": { + "values": "string", + }, + "register_type": { + "values": "string", + }, + "register_employee_id": { + "values": "string", + }, + "use_rsin_for_innNnpId_query_parameter": { + "values": "True, False", + }, +} + +klanten_api_fields = generate_api_fields_from_template("klanten_api") +contactmomenten_api_fields = generate_api_fields_from_template("contactmomenten_api") + +# +# ZGW config +# +zgw_fields = { + "zaak_max_confidentiality": { + "values": ",".join(CONFIDENTIALITY_CHOICES), + }, + "document_max_confidentiality": { + "values": ",".join(CONFIDENTIALITY_CHOICES), + }, + "allowed_file_extensions": { + "values": ",".join(FILE_EXTENSION_CHOICES), + }, + "skip_notification_statustype_informeren": { + "values": "True, False", + }, + "reformat_esuite_zaak_identificatie": { + "values": "True, False", + }, + "fetch_eherkenning_zaken_with_rsin": { + "values": "True, False", + }, + "title_text": { + "values": "True, False", + }, + "enable_categories_filtering_with_zaken": { + "values": "True, False", + }, + "action_required_deadline_days": { + "values": "string (number)", + }, +} + +zaak_api_fields = generate_api_fields_from_template("zaak_api") +catalogi_api_fields = generate_api_fields_from_template("catalogi_api") +documenten_api_fields = generate_api_fields_from_template("documenten_api") +formulieren_api_fields = generate_api_fields_from_template("formulieren_api") + + +# +# DigiD OIDC +# +digid_oidc_fields = { + "enabled": { + "values": "True, False", + }, + "identifier_claim_name": { + "values": "string", + }, + "oidc_rp_scopes_list": { + "values": "string, comma-delimited (i.e. 'foo,bar,baz')", + }, + "oidc_rp_client_id": { + "values": "string", + }, + "oidc_rp_client_secret": { + "values": "string", + }, + "oidc_rp_sign_algo": { + "values": "string", + }, + "oidc_op_discovery_endpoint": { + "values": "string (URL)", + }, + "oidc_op_jwks_endpoint": { + "values": "string (URL)", + }, + "oidc_op_authorization_endpoint": { + "values": "string (URL)", + }, + "oidc_op_token_endpoint": { + "values": "string (URL)", + }, + "oidc_op_user_endpoint": { + "values": "string (URL)", + }, + "oidc_rp_idp_sign_key": { + "values": "string", + }, + "oidc_use_nonce": { + "values": "True, False", + }, + "oidc_nonce_size": { + "values": "string (positive integer)", + }, + "oidc_state_size": { + "values": "string (positive integer)", + }, + "oidc_exempt_urls": { + "values": "string, comma-delimited ('foo,bar,baz')", + }, + "userinfo_claims_source": { + "values": ",".join(USER_INFO_CLAIM_SOURCES_CHOICES), + }, + "oidc_op_logout_endpoint": { + "values": "string (URL)", + }, + "error_message_mapping": { + "values": "JSON ({'key':'value'})", + }, + "oidc_keycloak_idp_hint": { + "values": "string", + }, +} + + +# +# eHerkenning OIDC +# +eherkenning_oidc_fields = digid_oidc_fields diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py new file mode 100644 index 0000000000..3010f06cbc --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/models.py @@ -0,0 +1,95 @@ +from digid_eherkenning_oidc_generics.models import ( + OpenIDConnectDigiDConfig, + OpenIDConnectEHerkenningConfig, +) +from open_inwoner.configurations.models import SiteConfiguration +from open_inwoner.openklant.models import OpenKlantConfig +from open_inwoner.openzaak.models import OpenZaakConfig + +from .constants import ( + catalogi_api_fields, + contactmomenten_api_fields, + digid_oidc_fields, + documenten_api_fields, + eherkenning_oidc_fields, + formulieren_api_fields, + kic_fields, + klanten_api_fields, + siteconfig_fields, + zaak_api_fields, + zgw_fields, +) + + +class ConfigSettingsBase: + @classmethod + def get_setting_name(cls, field_name): + return f"{cls.namespace}_" + field_name.upper() + + @classmethod + def get_required_settings(cls): + return [cls.get_setting_name(field_name) for field_name in cls.required_fields] + + @classmethod + def get_config_mapping(cls): + return {cls.get_setting_name(field): field for field in cls.fields} + + +class SiteConfigurationSettings(ConfigSettingsBase): + model = SiteConfiguration + display_name = "Site" + namespace = "SITE" + required_fields = ("name", "primary_color", "secondary_color", "accent_color") + fields = siteconfig_fields + extra_fields = dict() + + +class KICConfigurationSettings(ConfigSettingsBase): + model = OpenKlantConfig + display_name = "Klanten configuration" + namespace = "KIC_CONFIG" + fields = kic_fields + required_fields = ( + *klanten_api_fields.keys(), + *contactmomenten_api_fields.keys(), + "register_type", + "register_contact_moment", + ) + extra_fields = klanten_api_fields | contactmomenten_api_fields + + +class ZGWConfigurationSettings(ConfigSettingsBase): + model = OpenZaakConfig + display_name = "ZGW configuration" + namespace = "ZGW_CONFIG" + fields = zgw_fields + required_fields = ( + *zaak_api_fields.keys(), + *catalogi_api_fields.keys(), + *documenten_api_fields.keys(), + *formulieren_api_fields.keys(), + ) + extra_fields = ( + zaak_api_fields + | catalogi_api_fields + | documenten_api_fields + | formulieren_api_fields + ) + + +class DigiDOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectDigiDConfig + display_name = "DigiD OIDC authentication" + namespace = "DIGID_OIDC" + fields = digid_oidc_fields + required_fields = ("oidp_rp_client_id", "oidp_rp_client_secret") + extra_fields = dict() + + +class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectEHerkenningConfig + display_name = "eHerkenning OIDC authentication" + namespace = "EHERKENNING_OIDC" + fields = eherkenning_oidc_fields + required_fields = ("eherkenning_rp_client_id", "eherkenning_rp_client_secret") + extra_fields = dict() diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index da57acf5ea..7ef50245d3 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -4,6 +4,8 @@ from open_inwoner.configurations.models import SiteConfiguration +from .models import SiteConfigurationSettings + class SiteConfigurationStep(BaseConfigurationStep): """ @@ -11,95 +13,23 @@ class SiteConfigurationStep(BaseConfigurationStep): """ verbose_name = "Site configuration" - required_settings = [ - "SITE_NAME", - "SITE_PRIMARY_COLOR", - "SITE_SECONDARY_COLOR", - "SITE_ACCENT_COLOR", - ] - setting_to_config = { - "SITE_NAME": "name", - "SITE_PRIMARY_COLOR": "primary_color", - "SITE_SECONDARY_COLOR": "secondary_color", - "SITE_ACCENT_COLOR": "accent_color", - "SITE_PRIMARY_FONT_COLOR": "primary_font_color", - "SITE_SECONDARY_FONT_COLOR": "secondary_font_color", - "SITE_ACCENT_FONT_COLOR": "accent_font_color", - "SITE_WARNING_BANNER_ENABLED": "warning_banner_enabled", - "SITE_WARNING_BANNER_TEXT": "warning_banner_text", - "SITE_WARNING_BANNER_BACKGROUND_COLOR": "warning_banner_background_color", - "SITE_WARNING_BANNER_FONT_COLOR": "warning_banner_font_color", - "SITE_LOGIN_SHOW": "login_show", - "SITE_LOGIN_ALLOW_REGISTRATION": "login_allow_registration", - "SITE_LOGIN_2FA_SMS": "login_2fa_sms", - "SITE_LOGIN_TEXT": "login_text", - "SITE_REGISTRATION_TEXT": "registration_text", - "SITE_HOME_WELCOME_TITLE": "home_welcome_title", - "SITE_HOME_WELCOME_INTRO": "home_welcome_intro", - "SITE_HOME_THEME_TITLE": "home_theme_title", - "SITE_HOME_THEME_INTRO": "home_theme_intro", - "SITE_THEME_TITLE": "theme_title", - "SITE_THEME_INTRO": "theme_intro", - "SITE_HOME_MAP_TITLE": "home_map_title", - "SITE_HOME_MAP_INTRO": "home_map_intro", - "SITE_HOME_QUESTIONNAIRE_TITLE": "home_questionnaire_title", - "SITE_HOME_QUESTIONNAIRE_INTRO": "home_questionnaire_intro", - "SITE_HOME_PRODUCT_FINDER_TITLE": "home_product_finder_title", - "SITE_HOME_PRODUCT_FINDER_INTRO": "home_product_finder_intro", - "SITE_SELECT_QUESTIONNAIRE_TITLE": "select_questionnaire_title", - "SITE_SELECT_QUESTIONNAIRE_INTRO": "select_questionnaire_intro", - "SITE_PLANS_INTRO": "plans_intro", - "SITE_PLANS_NO_PLANS_MESSAGE": "plans_no_plans_message", - "SITE_PLANS_EDIT_MESSAGE": "plans_edit_message", - "SITE_FOOTER_LOGO_TITLE": "footer_logo_title", - "SITE_FOOTER_LOGO_URL": "footer_logo_url", - "SITE_HOME_HELP_TEXT": "home_help_text", - "SITE_THEME_HELP_TEXT": "theme_help_text", - "SITE_PRODUCT_HELP_TEXT": "product_help_text", - "SITE_SEARCH_HELP_TEXT": "search_help_text", - "SITE_ACCOUNT_HELP_TEXT": "account_help_text", - "SITE_QUESTIONNAIRE_HELP_TEXT": "questionnaire_help_text", - "SITE_PLAN_HELP_TEXT": "plan_help_text", - "SITE_SEARCH_FILTER_CATEGORIES": "search_filter_categories", - "SITE_SEARCH_FILTER_TAGS": "search_filter_tags", - "SITE_SEARCH_FILTER_ORGANIZATIONS": "search_filter_organizations", - "SITE_EMAIL_NEW_MESSAGE": "email_new_message", - "SITE_RECIPIENTS_EMAIL_DIGEST": "recipients_email_digest", - "SITE_CONTACT_PHONENUMBER": "contact_phonenumber", - "SITE_CONTACT_PAGE": "contact_page", - "SITE_GTM_CODE": "gtm_code", - "SITE_GA_CODE": "ga_code", - "SITE_MATOMO_URL": "matomo_url", - "SITE_MATOMO_SITE_ID": "matomo_site_id", - "SITE_SITEIMPROVE_ID": "siteimprove_id", - "SITE_COOKIE_INFO_TEXT": "cookie_info_text", - "SITE_COOKIE_LINK_TEXT": "cookie_link_text", - "SITE_COOKIE_LINK_URL": "cookie_link_url", - "SITE_KCM_SURVEY_LINK_TEXT": "kcm_survey_link_text", - "SITE_KCM_SURVEY_LINK_URL": "kcm_survey_link_url", - "SITE_OPENID_CONNECT_LOGIN_TEXT": "openid_connect_login_text", - "SITE_OPENID_DISPLAY": "openid_display", - "SITE_REDIRECT_TO": "redirect_to", - "SITE_ALLOW_MESSAGES_FILE_SHARING": "allow_messages_file_sharing", - "SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS": "hide_categories_from_anonymous_users", - "SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS": "hide_search_from_anonymous_users", - "SITE_DISPLAY_SOCIAL": "display_social", - "SITE_EHERKENNING_ENABLED": "eherkenning_enabled", - } def is_configured(self): config = SiteConfiguration.get_solo() + required_settings = SiteConfigurationSettings.get_required_settings() + setting_to_config = SiteConfigurationSettings.get_config_mapping() - for required_setting in self.required_settings: - config_field = self.setting_to_config[required_setting] + for required_setting in required_settings: + config_field = setting_to_config[required_setting] if not getattr(config, config_field, None): return False return True def configure(self): config = SiteConfiguration.get_solo() + setting_to_config = SiteConfigurationSettings.get_config_mapping() - for key, value in self.setting_to_config.items(): + for key, value in setting_to_config.items(): setting = getattr(settings, key) if setting is not None: setattr(config, value, setting) diff --git a/src/open_inwoner/configurations/bootstrap/templates/base.rst.template b/src/open_inwoner/configurations/bootstrap/templates/base.rst.template new file mode 100644 index 0000000000..071768f76c --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/base.rst.template @@ -0,0 +1,36 @@ +{% block link %}{% endblock %} + +{% block title %}{% endblock %} + +Settings Overview +================= + +Required: +""""""""" + +:: + + {% for setting in required_settings -%} + {{ setting }} + {% endfor %} + + +All settings: +""""""""""""" + +:: + + {% for setting in all_settings -%} + {{ setting }} + {% endfor %} + +Detailed Information +==================== + +:: + + {% for detail in detailed_info -%} + {% for part in detail -%} + {{ part }} + {% endfor %} + {% endfor %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template b/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template new file mode 100644 index 0000000000..510ff21fbb --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template @@ -0,0 +1,11 @@ +{% extends "base.rst.template" %} + +{% block link -%} +.. _digid_oidc: +{% endblock -%} + +{% block title -%} +======================== +DigiD OIDC configuration +======================== +{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template b/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template new file mode 100644 index 0000000000..5c491ef480 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template @@ -0,0 +1,11 @@ +{% extends "base.rst.template" %} + +{% block link -%} +.. _eherkenning_oidc: +{% endblock -%} + +{% block title -%} +======================== +eHerkenning OIDC configuration +======================== +{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template b/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template new file mode 100644 index 0000000000..191690831b --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template @@ -0,0 +1,11 @@ +{% extends "base.rst.template" %} + +{% block link -%} +.. _kic: +{% endblock -%} + +{% block title -%} +===================== +Klanten configuration +===================== +{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template b/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template new file mode 100644 index 0000000000..154dbdb071 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template @@ -0,0 +1,11 @@ +{% extends "base.rst.template" %} + +{% block link -%} +.. _siteconfig: +{% endblock -%} + +{% block title -%} +===================== +General configuration +===================== +{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template b/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template new file mode 100644 index 0000000000..d718a1cda0 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template @@ -0,0 +1,11 @@ +{% extends "base.rst.template" %} + +{% block link -%} +.. _zgw: +{% endblock -%} + +{% block title -%} +================= +ZGW configuration +================= +{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/utils.py b/src/open_inwoner/configurations/bootstrap/utils.py new file mode 100644 index 0000000000..985158d5b1 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/utils.py @@ -0,0 +1,17 @@ +def generate_api_fields_from_template(api_name: str) -> dict[str, str]: + name = api_name.split("_")[0].capitalize() + + return { + f"{api_name}_root": { + "verbose_name": f"Root URL of the {name} API", + "values": "string (URL)", + }, + f"{api_name}_client_id": { + "verbose_name": f"Client ID for the {name} API", + "values": "string", + }, + f"{api_name}_client_secret": { + "verbose_name": f"Secret for the {name} API", + "values": "string", + }, + } diff --git a/src/open_inwoner/configurations/management/commands/create_docs.py b/src/open_inwoner/configurations/management/commands/create_docs.py new file mode 100644 index 0000000000..de20b84141 --- /dev/null +++ b/src/open_inwoner/configurations/management/commands/create_docs.py @@ -0,0 +1,90 @@ +import os +from pathlib import Path + +from django.core.management.base import BaseCommand + +from jinja2 import Environment, FileSystemLoader + +from open_inwoner.configurations.bootstrap.models import ( + DigiDOIDCConfigurationSettings, + KICConfigurationSettings, + SiteConfigurationSettings, + ZGWConfigurationSettings, + eHerkenningDOIDCConfigurationSettings, +) + +SUPPORTED_OPTIONS = ["siteconfig", "kic", "zgw", "digid_oidc", "eherkenning_oidc"] + +TEMPLATE_DIR = ( + Path(os.path.abspath(os.path.dirname(__file__))).parent.parent + / "bootstrap" + / "templates" +) +TARGET_DIR = ( + Path(os.path.abspath(os.path.dirname(__file__))).parent.parent.parent.parent.parent + / "docs" + / "configuration" +) + + +class Command(BaseCommand): + help = "Create docs for configuration setup steps" + + def add_arguments(self, parser): + parser.add_argument("config_option") + + def get_config(self, config_option): + mapping = { + "siteconfig": SiteConfigurationSettings, + "kic": KICConfigurationSettings, + "zgw": ZGWConfigurationSettings, + "digid_oidc": DigiDOIDCConfigurationSettings, + "eherkenning_oidc": eHerkenningDOIDCConfigurationSettings, + } + return mapping[config_option] + + def get_detailed_info(self, config): + ret = [] + for field, opts in config.fields.items(): + model_field = config.model._meta.get_field(field) + part = [] + part.append(f"{'Variable':<20}{config.get_setting_name(field)}") + part.append(f"{'Setting':<20}{str(model_field.verbose_name)}") + part.append(f"{'Description':<20}{str(model_field.help_text)}") + part.append(f"{'Possible values':<20}{opts['values']}") + ret.append(part) + return ret + + def write_file_from_template(self, template_path, template_variables, output_path): + with open(template_path, "r") as template: + template_str = template.read() + template = Environment(loader=FileSystemLoader(TEMPLATE_DIR)).from_string( + template_str + ) + rendered = template.render(template_variables) + + with open(output_path, "w") as output: + output.write(rendered) + + def handle(self, *args, **kwargs): + config_option = kwargs["config_option"] + if not config_option or config_option not in SUPPORTED_OPTIONS: + return + + config = self.get_config(config_option) + + required_settings = [ + config.get_setting_name(field) for field in config.required_fields + ] + all_settings = [config.get_setting_name(field) for field in config.fields] + detailed_info = self.get_detailed_info(config) + template_variables = { + "required_settings": required_settings, + "all_settings": all_settings, + "detailed_info": detailed_info, + } + + template_path = TEMPLATE_DIR / f"{config_option}.rst.template" + output_path = TARGET_DIR / f"{config_option}.rst" + + self.write_file_from_template(template_path, template_variables, output_path) diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py index 0597fa5722..a0d3548fd1 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_site_config.py @@ -54,6 +54,7 @@ SITE_SEARCH_FILTER_TAGS=False, SITE_SEARCH_FILTER_ORGANIZATIONS=False, SITE_EMAIL_NEW_MESSAGE=False, + SITE_EMAIL_VERIFICATION_REQUIRED=False, SITE_RECIPIENTS_EMAIL_DIGEST=["test1@test.nl", "test2@test.nl"], SITE_CONTACT_PHONENUMBER="12345", SITE_CONTACT_PAGE="https://test.test", From 925c5f5b64378ffafb464b7665d9b59621bb7aaf Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Thu, 18 Apr 2024 16:17:44 +0200 Subject: [PATCH 3/9] [#2297] Refactor constants for config setup --- docs/configuration/digid_oidc.rst | 137 ++++--- docs/configuration/eherkenning_oidc.rst | 137 ++++--- docs/configuration/general.rst | 14 +- docs/configuration/kic.rst | 40 ++- docs/configuration/siteconfig.rst | 336 +++++++++++------- docs/configuration/zgw.rst | 68 ++-- .../configurations/bootstrap/constants.py | 305 ++++++---------- .../configurations/bootstrap/models.py | 51 +-- .../configurations/bootstrap/siteconfig.py | 8 +- .../bootstrap/templates/base.rst.template | 3 +- .../configurations/bootstrap/utils.py | 65 ++++ ...create_docs.py => generate_config_docs.py} | 71 ++-- 12 files changed, 683 insertions(+), 552 deletions(-) rename src/open_inwoner/configurations/management/commands/{create_docs.py => generate_config_docs.py} (53%) diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index c310838b88..1e43e98ffd 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -14,8 +14,8 @@ Required: :: - DIGID_OIDC_OIDP_RP_CLIENT_ID - DIGID_OIDC_OIDP_RP_CLIENT_SECRET + DIGID_OIDC_OIDC_RP_CLIENT_ID + DIGID_OIDC_OIDC_RP_CLIENT_SECRET @@ -25,150 +25,171 @@ All settings: :: DIGID_OIDC_ENABLED + DIGID_OIDC_ERROR_MESSAGE_MAPPING DIGID_OIDC_IDENTIFIER_CLAIM_NAME - DIGID_OIDC_OIDC_RP_SCOPES_LIST - DIGID_OIDC_OIDC_RP_CLIENT_ID - DIGID_OIDC_OIDC_RP_CLIENT_SECRET - DIGID_OIDC_OIDC_RP_SIGN_ALGO + DIGID_OIDC_OIDC_EXEMPT_URLS + DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + DIGID_OIDC_OIDC_NONCE_SIZE + DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT - DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT DIGID_OIDC_OIDC_OP_USER_ENDPOINT + DIGID_OIDC_OIDC_RP_CLIENT_ID + DIGID_OIDC_OIDC_RP_CLIENT_SECRET DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY - DIGID_OIDC_OIDC_USE_NONCE - DIGID_OIDC_OIDC_NONCE_SIZE + DIGID_OIDC_OIDC_RP_SCOPES_LIST + DIGID_OIDC_OIDC_RP_SIGN_ALGO DIGID_OIDC_OIDC_STATE_SIZE - DIGID_OIDC_OIDC_EXEMPT_URLS + DIGID_OIDC_OIDC_USE_NONCE DIGID_OIDC_USERINFO_CLAIMS_SOURCE - DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT - DIGID_OIDC_ERROR_MESSAGE_MAPPING - DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + Detailed Information ==================== :: - - Variable DIGID_OIDC_ENABLED - Setting enable - Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. - Possible values True, False - - - Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME - Setting BSN claim name - Description The name of the claim in which the BSN of the user is stored - Possible values string - - - Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST - Setting OpenID Connect scopes - Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Possible values string, comma-delimited (i.e. 'foo,bar,baz') - - Variable DIGID_OIDC_OIDC_RP_CLIENT_ID Setting OpenID Connect client ID Description OpenID Connect client ID provided by the OIDC Provider + Model field type CharField Possible values string - + Default value No default Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET Setting OpenID Connect secret Description OpenID Connect secret provided by the OIDC Provider + Model field type CharField Possible values string - + Default value No default Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm Description Algorithm the Identity Provider uses to sign ID tokens + Model field type CharField Possible values string - + Default value HS256 Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT Setting Discovery endpoint Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT Setting JSON Web Key Set endpoint Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT Setting Authorization endpoint Description URL of your OpenID Connect provider authorization endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT Setting Token endpoint Description URL of your OpenID Connect provider token endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT Setting User endpoint Description URL of your OpenID Connect provider userinfo endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY Setting Sign key Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Model field type CharField Possible values string - + Default value No default Variable DIGID_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification + Model field type BooleanField Possible values True, False - + Default value True Variable DIGID_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string (positive integer) - + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value 32 Variable DIGID_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Possible values string (positive integer) - + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value 32 Variable DIGID_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - + Default value No information Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE Setting user information claims extracted from Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint,id_token - + Model field type CharField + Possible values string + Default value userinfo_endpoint Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT Setting Logout endpoint Description URL of your OpenID Connect provider logout endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values JSON ({'key':'value'}) - + Model field type JSONField + Possible values No information available + Default value No information Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT Setting Keycloak Identity Provider hint Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Model field type CharField + Possible values string + Default value No default + + Variable DIGID_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. + Model field type BooleanField + Possible values True, False + Default value False + + Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME + Setting BSN claim name + Description The name of the claim in which the BSN of the user is stored + Model field type CharField Possible values string + Default value bsn + + Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Model field type ArrayField + Possible values string, comma-delimited ('foo,bar,baz') + Default value No information \ No newline at end of file diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index 887016a443..20e526c104 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -14,8 +14,8 @@ Required: :: - EHERKENNING_OIDC_EHERKENNING_RP_CLIENT_ID - EHERKENNING_OIDC_EHERKENNING_RP_CLIENT_SECRET + EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET @@ -25,150 +25,171 @@ All settings: :: EHERKENNING_OIDC_ENABLED + EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME - EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST - EHERKENNING_OIDC_OIDC_RP_CLIENT_ID - EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET - EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + EHERKENNING_OIDC_OIDC_EXEMPT_URLS + EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + EHERKENNING_OIDC_OIDC_NONCE_SIZE + EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT - EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY - EHERKENNING_OIDC_OIDC_USE_NONCE - EHERKENNING_OIDC_OIDC_NONCE_SIZE + EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO EHERKENNING_OIDC_OIDC_STATE_SIZE - EHERKENNING_OIDC_OIDC_EXEMPT_URLS + EHERKENNING_OIDC_OIDC_USE_NONCE EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE - EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT - EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING - EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + Detailed Information ==================== :: - - Variable EHERKENNING_OIDC_ENABLED - Setting enable - Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. - Possible values True, False - - - Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME - Setting KVK claim name - Description The name of the claim in which the KVK of the user is stored - Possible values string - - - Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST - Setting OpenID Connect scopes - Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Possible values string, comma-delimited (i.e. 'foo,bar,baz') - - Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID Setting OpenID Connect client ID Description OpenID Connect client ID provided by the OIDC Provider + Model field type CharField Possible values string - + Default value No default Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET Setting OpenID Connect secret Description OpenID Connect secret provided by the OIDC Provider + Model field type CharField Possible values string - + Default value No default Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm Description Algorithm the Identity Provider uses to sign ID tokens + Model field type CharField Possible values string - + Default value HS256 Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT Setting Discovery endpoint Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT Setting JSON Web Key Set endpoint Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT Setting Authorization endpoint Description URL of your OpenID Connect provider authorization endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT Setting Token endpoint Description URL of your OpenID Connect provider token endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT Setting User endpoint Description URL of your OpenID Connect provider userinfo endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY Setting Sign key Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Model field type CharField Possible values string - + Default value No default Variable EHERKENNING_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification + Model field type BooleanField Possible values True, False - + Default value True Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string (positive integer) - + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value 32 Variable EHERKENNING_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Possible values string (positive integer) - + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value 32 Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - + Default value No information Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE Setting user information claims extracted from Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint,id_token - + Model field type CharField + Possible values string + Default value userinfo_endpoint Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT Setting Logout endpoint Description URL of your OpenID Connect provider logout endpoint - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values JSON ({'key':'value'}) - + Model field type JSONField + Possible values No information available + Default value No information Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT Setting Keycloak Identity Provider hint Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Model field type CharField + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. + Model field type BooleanField + Possible values True, False + Default value False + + Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + Setting KVK claim name + Description The name of the claim in which the KVK of the user is stored + Model field type CharField Possible values string + Default value kvk + + Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Model field type ArrayField + Possible values string, comma-delimited ('foo,bar,baz') + Default value No information \ No newline at end of file diff --git a/docs/configuration/general.rst b/docs/configuration/general.rst index b1fa946a65..a94dde1d5b 100644 --- a/docs/configuration/general.rst +++ b/docs/configuration/general.rst @@ -59,8 +59,12 @@ For a full overview of the command and its options: Supported configurations ======================== -:doc:`General configuration <./siteconfig.rst>` -:doc:`Klanten interactie configuration <./kic.rst>` -:doc:`ZGW configuration <./zgw.rst>` -:doc:`DigiD OIDC configuration <./digid_oidc.rst>` -:doc:`eHerkenning OIDC <./eherkenning_oidc.rst>` +`General configuration <./siteconfig.rst>`_ + +`Klanten configuration <./kic.rst>`_ + +`ZGW configuration <./zgw.rst>`_ + +`DigiD OIDC configuration <./digid_oidc.rst>`_ + +`eHerkenning OIDC configuration <./eherkenning_oidc.rst>`_ diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index 4c33e30bbe..f36637baa8 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -14,14 +14,14 @@ Required: :: - KIC_CONFIG_KLANTEN_API_ROOT - KIC_CONFIG_KLANTEN_API_CLIENT_ID - KIC_CONFIG_KLANTEN_API_CLIENT_SECRET - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET - KIC_CONFIG_REGISTER_TYPE + KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + KIC_CONFIG_KLANTEN_API_CLIENT_ID + KIC_CONFIG_KLANTEN_API_CLIENT_SECRET + KIC_CONFIG_KLANTEN_API_ROOT KIC_CONFIG_REGISTER_CONTACT_MOMENT + KIC_CONFIG_REGISTER_TYPE @@ -30,60 +30,68 @@ All settings: :: - KIC_CONFIG_REGISTER_EMAIL - KIC_CONFIG_REGISTER_CONTACT_MOMENT KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN KIC_CONFIG_REGISTER_CHANNEL - KIC_CONFIG_REGISTER_TYPE + KIC_CONFIG_REGISTER_CONTACT_MOMENT + KIC_CONFIG_REGISTER_EMAIL KIC_CONFIG_REGISTER_EMPLOYEE_ID + KIC_CONFIG_REGISTER_TYPE KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + Detailed Information ==================== :: - Variable KIC_CONFIG_REGISTER_EMAIL Setting Registreer op email adres Description - Possible values string (Email) - + Model field type CharField + Possible values string + Default value No default Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT Setting Registreer in Contactmomenten API Description + Model field type BooleanField Possible values True, False - + Default value False Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN Setting Organisatie RSIN Description + Model field type CharField Possible values string - + Default value Variable KIC_CONFIG_REGISTER_CHANNEL Setting Contactmoment kanaal Description The channel through which contactmomenten are created + Model field type CharField Possible values string - + Default value contactformulier Variable KIC_CONFIG_REGISTER_TYPE Setting Contactmoment type Description Naam van 'contacttype' uit e-Suite + Model field type CharField Possible values string - + Default value Melding Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID Setting Medewerker identificatie Description Gebruikersnaam van actieve medewerker uit e-Suite + Model field type CharField Possible values string - + Default value Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. + Model field type BooleanField Possible values True, False + Default value False \ No newline at end of file diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index 477bbd242a..fdb80617f4 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -14,10 +14,10 @@ Required: :: + SITE_ACCENT_COLOR SITE_NAME SITE_PRIMARY_COLOR SITE_SECONDARY_COLOR - SITE_ACCENT_COLOR @@ -26,480 +26,556 @@ All settings: :: - SITE_NAME - SITE_PRIMARY_COLOR - SITE_SECONDARY_COLOR SITE_ACCENT_COLOR - SITE_PRIMARY_FONT_COLOR - SITE_SECONDARY_FONT_COLOR SITE_ACCENT_FONT_COLOR - SITE_WARNING_BANNER_ENABLED - SITE_WARNING_BANNER_TEXT - SITE_WARNING_BANNER_BACKGROUND_COLOR - SITE_WARNING_BANNER_FONT_COLOR - SITE_LOGIN_SHOW - SITE_LOGIN_ALLOW_REGISTRATION - SITE_LOGIN_2FA_SMS - SITE_LOGIN_TEXT - SITE_REGISTRATION_TEXT - SITE_HOME_WELCOME_TITLE - SITE_HOME_WELCOME_INTRO - SITE_HOME_THEME_TITLE - SITE_HOME_THEME_INTRO - SITE_THEME_TITLE - SITE_THEME_INTRO - SITE_HOME_MAP_TITLE - SITE_HOME_MAP_INTRO - SITE_HOME_QUESTIONNAIRE_TITLE - SITE_HOME_QUESTIONNAIRE_INTRO - SITE_HOME_PRODUCT_FINDER_TITLE - SITE_HOME_PRODUCT_FINDER_INTRO - SITE_SELECT_QUESTIONNAIRE_TITLE - SITE_SELECT_QUESTIONNAIRE_INTRO - SITE_PLANS_INTRO - SITE_PLANS_NO_PLANS_MESSAGE - SITE_PLANS_EDIT_MESSAGE - SITE_FOOTER_LOGO_TITLE - SITE_FOOTER_LOGO_URL - SITE_HOME_HELP_TEXT - SITE_THEME_HELP_TEXT - SITE_PRODUCT_HELP_TEXT - SITE_SEARCH_HELP_TEXT SITE_ACCOUNT_HELP_TEXT - SITE_QUESTIONNAIRE_HELP_TEXT - SITE_PLAN_HELP_TEXT - SITE_SEARCH_FILTER_CATEGORIES - SITE_SEARCH_FILTER_TAGS - SITE_SEARCH_FILTER_ORGANIZATIONS - SITE_EMAIL_NEW_MESSAGE - SITE_RECIPIENTS_EMAIL_DIGEST - SITE_CONTACT_PHONENUMBER + SITE_ALLOW_MESSAGES_FILE_SHARING SITE_CONTACT_PAGE - SITE_GTM_CODE - SITE_GA_CODE - SITE_MATOMO_URL - SITE_MATOMO_SITE_ID - SITE_SITEIMPROVE_ID + SITE_CONTACT_PHONENUMBER SITE_COOKIE_INFO_TEXT SITE_COOKIE_LINK_TEXT SITE_COOKIE_LINK_URL + SITE_DISPLAY_SOCIAL + SITE_EHERKENNING_ENABLED + SITE_EMAIL_NEW_MESSAGE + SITE_EMAIL_VERIFICATION_REQUIRED + SITE_FOOTER_LOGO_TITLE + SITE_FOOTER_LOGO_URL + SITE_GA_CODE + SITE_GTM_CODE + SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + SITE_HOME_HELP_TEXT + SITE_HOME_MAP_INTRO + SITE_HOME_MAP_TITLE + SITE_HOME_PRODUCT_FINDER_INTRO + SITE_HOME_PRODUCT_FINDER_TITLE + SITE_HOME_QUESTIONNAIRE_INTRO + SITE_HOME_QUESTIONNAIRE_TITLE + SITE_HOME_THEME_INTRO + SITE_HOME_THEME_TITLE + SITE_HOME_WELCOME_INTRO + SITE_HOME_WELCOME_TITLE SITE_KCM_SURVEY_LINK_TEXT SITE_KCM_SURVEY_LINK_URL + SITE_LOGIN_2FA_SMS + SITE_LOGIN_ALLOW_REGISTRATION + SITE_LOGIN_SHOW + SITE_LOGIN_TEXT + SITE_MATOMO_SITE_ID + SITE_MATOMO_URL + SITE_NAME SITE_OPENID_CONNECT_LOGIN_TEXT SITE_OPENID_DISPLAY + SITE_PLANS_EDIT_MESSAGE + SITE_PLANS_INTRO + SITE_PLANS_NO_PLANS_MESSAGE + SITE_PLAN_HELP_TEXT + SITE_PRIMARY_COLOR + SITE_PRIMARY_FONT_COLOR + SITE_PRODUCT_HELP_TEXT + SITE_QUESTIONNAIRE_HELP_TEXT + SITE_RECIPIENTS_EMAIL_DIGEST SITE_REDIRECT_TO - SITE_ALLOW_MESSAGES_FILE_SHARING - SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS - SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS - SITE_DISPLAY_SOCIAL - SITE_EHERKENNING_ENABLED + SITE_REGISTRATION_TEXT + SITE_SEARCH_FILTER_CATEGORIES + SITE_SEARCH_FILTER_ORGANIZATIONS + SITE_SEARCH_FILTER_TAGS + SITE_SEARCH_HELP_TEXT + SITE_SECONDARY_COLOR + SITE_SECONDARY_FONT_COLOR + SITE_SELECT_QUESTIONNAIRE_INTRO + SITE_SELECT_QUESTIONNAIRE_TITLE + SITE_SITEIMPROVE_ID + SITE_THEME_HELP_TEXT + SITE_THEME_INTRO + SITE_THEME_TITLE + SITE_WARNING_BANNER_BACKGROUND_COLOR + SITE_WARNING_BANNER_ENABLED + SITE_WARNING_BANNER_FONT_COLOR + SITE_WARNING_BANNER_TEXT + Detailed Information ==================== :: - Variable SITE_NAME Setting Naam Description Naam van de gemeente + Model field type CharField Possible values string - + Default value No default Variable SITE_PRIMARY_COLOR Setting Primaire kleur Description Hoofdkleur van de gemeentesite/huisstijl + Model field type CharField Possible values string - + Default value #FFFFFF Variable SITE_SECONDARY_COLOR Setting Secundaire kleur Description Secundaire kleur van de gemeentesite/huisstijl + Model field type CharField Possible values string - + Default value #FFFFFF Variable SITE_ACCENT_COLOR Setting Accentkleur Description Accentkleur van de gemeentesite/huisstijl + Model field type CharField Possible values string - + Default value #FFFFFF Variable SITE_PRIMARY_FONT_COLOR Setting Primaire tekstkleur Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is + Model field type CharField Possible values string - + Default value #FFFFFF Variable SITE_SECONDARY_FONT_COLOR Setting Secundaire tekstkleur Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is + Model field type CharField Possible values string - + Default value #FFFFFF Variable SITE_ACCENT_FONT_COLOR Setting Accent tekstkleur Description De tekstkleur voor wanneer de achtergrond de accentkleur is + Model field type CharField Possible values string - + Default value #4B4B4B Variable SITE_WARNING_BANNER_ENABLED Setting Toon waarschuwingsbanner Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Model field type BooleanField Possible values True, False - + Default value False Variable SITE_WARNING_BANNER_TEXT Setting Tekstinhoud waarschuwingsbanner Description De tekst die zichtbaar is in de waarschuwingsbanner + Model field type TextField Possible values string - + Default value No default Variable SITE_WARNING_BANNER_BACKGROUND_COLOR Setting Waarschuwingsbanner achtergrond Description Waarschuwingsbanner achtergrondkleur + Model field type CharField Possible values string - + Default value #FFDBAD Variable SITE_WARNING_BANNER_FONT_COLOR Setting Waarschuwingsbanner tekst Description De tekstkleur voor de waarschuwingsbanner + Model field type CharField Possible values string - + Default value #000000 Variable SITE_LOGIN_SHOW Setting Toon inlogknop rechts bovenin Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_LOGIN_ALLOW_REGISTRATION Setting Sta lokale registratie toe Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. + Model field type BooleanField Possible values True, False - + Default value False Variable SITE_LOGIN_2FA_SMS Setting Log in met 2FA-met-SMS Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen + Model field type BooleanField Possible values True, False - + Default value False Variable SITE_LOGIN_TEXT Setting Login tekst Description Deze tekst wordt getoond op de login pagina. + Model field type TextField Possible values string - + Default value No default Variable SITE_REGISTRATION_TEXT Setting Registratie tekst Description Deze tekst wordt getoond op de registratie pagina. + Model field type TextField Possible values string - + Default value No default Variable SITE_HOME_WELCOME_TITLE Setting Koptekst homepage Description Koptekst op de homepage + Model field type CharField Possible values string - + Default value No information Variable SITE_HOME_WELCOME_INTRO Setting Introductietekst homepage Description Introductietekst op de homepage + Model field type TextField Possible values string - + Default value No default Variable SITE_HOME_THEME_TITLE Setting Titel 'Onderwerpen' op de homepage Description Koptekst van de Onderwerpen op de homepage + Model field type CharField Possible values string - + Default value No information Variable SITE_HOME_THEME_INTRO Setting Onderwerpen introductietekst op de homepage Description Introductietekst 'Onderwerpen' op de homepage + Model field type TextField Possible values string - + Default value No default Variable SITE_THEME_TITLE Setting Onderwerpen titel Description Titel op de Onderwerpenpagina + Model field type CharField Possible values string - + Default value No information Variable SITE_THEME_INTRO Setting Onderwerpen introductie Description Introductietekst op de onderwerpenpagina + Model field type TextField Possible values string - + Default value No default Variable SITE_HOME_MAP_TITLE Setting Koptekst van de kaart op de homepage Description Koptekst van de kaart op de homepage + Model field type CharField Possible values string - + Default value No information Variable SITE_HOME_MAP_INTRO Setting Introductietekst kaart Description Introductietekst van de kaart op de homepage + Model field type TextField Possible values string - + Default value No default Variable SITE_HOME_QUESTIONNAIRE_TITLE Setting Titel vragenlijst homepage Description Vragenlijst titel op de homepage. + Model field type CharField Possible values string - + Default value No information Variable SITE_HOME_QUESTIONNAIRE_INTRO Setting Introductietekst vragenlijst homepage Description Vragenlijst introductietekst op de homepage. + Model field type TextField Possible values string - + Default value No information Variable SITE_HOME_PRODUCT_FINDER_TITLE Setting Productzoeker titel Description Titel van de productzoeker op de homepage. + Model field type CharField Possible values string - + Default value No information Variable SITE_HOME_PRODUCT_FINDER_INTRO Setting Introductietekst productzoeker homepage Description Introductietekst van de productzoeker op de homepage. + Model field type TextField Possible values string - + Default value No information Variable SITE_SELECT_QUESTIONNAIRE_TITLE Setting Titel vragenlijst widget Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. + Model field type CharField Possible values string - + Default value No information Variable SITE_SELECT_QUESTIONNAIRE_INTRO Setting Introductietekst vragenlijst widget Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Model field type TextField Possible values string - + Default value No information Variable SITE_PLANS_INTRO Setting Introductietekst Samenwerken Description Subtitel voor de planpagina. + Model field type TextField Possible values string - + Default value No information Variable SITE_PLANS_NO_PLANS_MESSAGE Setting Standaardtekst geen samenwerkingen Description Het bericht als een gebruiker nog geen plannen heeft. + Model field type CharField Possible values string - + Default value No information Variable SITE_PLANS_EDIT_MESSAGE Setting Standaardtekst 'doel wijzigen' Description Het bericht wanneer een gebruiker een doel wijzigt. + Model field type CharField Possible values string - + Default value No information Variable SITE_FOOTER_LOGO_TITLE Setting Footer logo title Description The title - help text of the footer logo. + Model field type CharField Possible values string - + Default value Variable SITE_FOOTER_LOGO_URL Setting Footer logo link Description The external link for the footer logo. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value Variable SITE_HOME_HELP_TEXT Setting Helptekst homepage Description Helptekst in de popup op de voorpagina + Model field type TextField Possible values string - + Default value No information Variable SITE_THEME_HELP_TEXT Setting Onderwerpen help Description Helptekst in de popup op de onderwerpenpagina + Model field type TextField Possible values string - + Default value No information Variable SITE_PRODUCT_HELP_TEXT Setting Helptekst producten Description Helptekst in de popup van de productenpagina's + Model field type TextField Possible values string - + Default value No information Variable SITE_SEARCH_HELP_TEXT Setting Helptekst zoeken Description De helptekst in de popup op de zoekpagina's + Model field type TextField Possible values string - + Default value No information Variable SITE_ACCOUNT_HELP_TEXT Setting Helptekst mijn profiel Description De helptekst in de popup van de profielpagina's + Model field type TextField Possible values string - + Default value No information Variable SITE_QUESTIONNAIRE_HELP_TEXT Setting Helptekst vragenlijst/zelftest Description De helptekst in de popup op de vragenlijst/zelftestpagina's + Model field type TextField Possible values string - + Default value No information Variable SITE_PLAN_HELP_TEXT Setting Helptekst samenwerken Description De helptekst in de popup van de samenwerken-pagina's + Model field type TextField Possible values string - + Default value No information Variable SITE_SEARCH_FILTER_CATEGORIES Setting Onderwerpenfilter toevoegen aan zoekresultaten Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_SEARCH_FILTER_TAGS Setting Tagfilter toevoegen aan zoekresultaten Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_SEARCH_FILTER_ORGANIZATIONS Setting Organisaties-filter toevoegen aan zoekresultaten Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_EMAIL_NEW_MESSAGE Setting Stuur een mail bij nieuwe berichten Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_RECIPIENTS_EMAIL_DIGEST Setting ontvangers e-mailsamenvatting Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. - Possible values string, comma-delimited (e.g. 'user1@test.nl, user2@test.nl' - + Model field type ArrayField + Possible values string, comma-delimited ('foo,bar,baz') + Default value No information + + Variable SITE_EMAIL_VERIFICATION_REQUIRED + Setting Email verification required + Description Whether to require users to verify their email address + Model field type BooleanField + Possible values True, False + Default value False Variable SITE_CONTACT_PHONENUMBER Setting Telefoonnummer Description Telefoonnummer van de organisatie + Model field type CharField Possible values string - + Default value No default Variable SITE_CONTACT_PAGE Setting URL Description URL van de contactpagina van de organisatie - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable SITE_GTM_CODE Setting Google Tag Manager code Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. + Model field type CharField Possible values string - + Default value No default Variable SITE_GA_CODE Setting Google Analytics code Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. + Model field type CharField Possible values string - + Default value No default Variable SITE_MATOMO_URL Setting Matamo server URL Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable SITE_MATOMO_SITE_ID Setting Matamo site ID Description De 'idsite' van de website in Matamo die getrackt dient te worden. - Possible values string - + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value No default Variable SITE_SITEIMPROVE_ID Setting SiteImprove ID Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. + Model field type CharField Possible values string - + Default value Variable SITE_COOKIE_INFO_TEXT Setting Tekst cookiebanner informatie Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. + Model field type CharField Possible values string - + Default value No information Variable SITE_COOKIE_LINK_TEXT Setting Tekst cookiebanner link Description De tekst die wordt gebruikt als link naar de privacypagina. + Model field type CharField Possible values string - + Default value No information Variable SITE_COOKIE_LINK_URL Setting URL van de privacypagina Description De link naar de pagina met het privacybeleid. + Model field type CharField Possible values string - + Default value /pages/privacyverklaring/ Variable SITE_KCM_SURVEY_LINK_TEXT Setting KCM survey link text Description The text that is displayed on the customer satisfaction survey link + Model field type CharField Possible values string - + Default value No default Variable SITE_KCM_SURVEY_LINK_URL Setting KCM survey URL Description The external link for the customer satisfaction survey. - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable SITE_OPENID_CONNECT_LOGIN_TEXT Setting OpenID Connect login tekst Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld + Model field type CharField Possible values string - + Default value Login with Azure AD Variable SITE_OPENID_DISPLAY Setting Toon optie om in te loggen via OpenID Connect Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. + Model field type CharField Possible values string - + Default value admin Variable SITE_REDIRECT_TO Setting Stuur niet-ingelogde gebruiker door naar Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' - Possible values string (URL) - + Model field type CharField + Possible values string + Default value No default Variable SITE_ALLOW_MESSAGES_FILE_SHARING Setting Sta het delen van bestanden via Mijn Berichten toe Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. + Model field type BooleanField Possible values True, False - + Default value False Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS Setting Verberg zoekbalk voor anonieme gebruiker Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. + Model field type BooleanField Possible values True, False - + Default value False Variable SITE_DISPLAY_SOCIAL Setting Toon sociale media knoppen bij elk product Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) + Model field type BooleanField Possible values True, False - + Default value True Variable SITE_EHERKENNING_ENABLED Setting eHerkenning authentication ingeschakeld Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. + Model field type BooleanField Possible values True, False + Default value False \ No newline at end of file diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index 2a263431c8..b9b72ce150 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -14,18 +14,18 @@ Required: :: - ZGW_CONFIG_ZAAK_API_ROOT - ZGW_CONFIG_ZAAK_API_CLIENT_ID - ZGW_CONFIG_ZAAK_API_CLIENT_SECRET - ZGW_CONFIG_CATALOGI_API_ROOT ZGW_CONFIG_CATALOGI_API_CLIENT_ID ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET - ZGW_CONFIG_DOCUMENTEN_API_ROOT + ZGW_CONFIG_CATALOGI_API_ROOT ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET - ZGW_CONFIG_FORMULIEREN_API_ROOT + ZGW_CONFIG_DOCUMENTEN_API_ROOT ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET + ZGW_CONFIG_FORMULIEREN_API_ROOT + ZGW_CONFIG_ZAAK_API_CLIENT_ID + ZGW_CONFIG_ZAAK_API_CLIENT_SECRET + ZGW_CONFIG_ZAAK_API_ROOT @@ -34,74 +34,92 @@ All settings: :: - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + ZGW_CONFIG_MAX_UPLOAD_SIZE + ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ZGW_CONFIG_TITLE_TEXT - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + Detailed Information ==================== :: - Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY Setting Zaak vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken - Possible values openbaar,beperkt_openbaar,intern,zaakvertrouwelijk,vertrouwelijk,confidentieel,geheim,zeer_geheim - + Model field type CharField + Possible values string + Default value openbaar Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY Setting Documenten vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken - Possible values openbaar,beperkt_openbaar,intern,zaakvertrouwelijk,vertrouwelijk,confidentieel,geheim,zeer_geheim + Model field type CharField + Possible values string + Default value openbaar + Variable ZGW_CONFIG_MAX_UPLOAD_SIZE + Setting Maximale upload grootte (in MB) + Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. + Model field type PositiveIntegerField + Possible values string representing a (positive) number + Default value 50 Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS Setting allowed file extensions Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. - Possible values bmp,doc,docx,gif,jpeg,jpg,msg,pdf,png,ppt,pptx,rtf,tiff,txt,vsd,xls,xlsx - + Model field type ArrayField + Possible values string, comma-delimited ('foo,bar,baz') + Default value No information Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN Setting Maak gebruik van StatusType.informeren workaround (eSuite) Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. + Model field type BooleanField Possible values True, False - + Default value False Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE Setting Converteer eSuite zaaknummers Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). + Model field type BooleanField Possible values True, False - + Default value False Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. + Model field type BooleanField Possible values True, False - + Default value False Variable ZGW_CONFIG_TITLE_TEXT Setting Titel tekst Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. - Possible values True, False - + Model field type TextField + Possible values string + Default value No information Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker + Model field type BooleanField Possible values True, False - + Default value False Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS Setting Standaard actie deadline termijn in dagen Description Aantal dagen voor gebruiker om actie te ondernemen. - Possible values string (number) + Model field type IntegerField + Possible values No information available + Default value 15 \ No newline at end of file diff --git a/src/open_inwoner/configurations/bootstrap/constants.py b/src/open_inwoner/configurations/bootstrap/constants.py index d246fc5604..1125db6b58 100644 --- a/src/open_inwoner/configurations/bootstrap/constants.py +++ b/src/open_inwoner/configurations/bootstrap/constants.py @@ -1,229 +1,154 @@ from mozilla_django_oidc_db.models import UserInformationClaimsSources from zgw_consumers.api_models.constants import VertrouwelijkheidsAanduidingen -from open_inwoner.openzaak.models import generate_default_file_extensions +from digid_eherkenning_oidc_generics.models import ( + OpenIDConnectDigiDConfig, + OpenIDConnectEHerkenningConfig, +) +from open_inwoner.configurations.models import SiteConfiguration +from open_inwoner.openklant.models import OpenKlantConfig +from open_inwoner.openzaak.models import ( + OpenZaakConfig, + generate_default_file_extensions, +) -from .utils import generate_api_fields_from_template +from .utils import generate_api_fields_from_template, populate_fields -CONFIDENTIALITY_CHOICES = [ +CONFIDENTIALITY_LEVELS = [ choice[0] for choice in VertrouwelijkheidsAanduidingen.choices ] -FILE_EXTENSION_CHOICES = [ext for ext in generate_default_file_extensions()] -USER_INFO_CLAIM_SOURCES_CHOICES = [ - choice[0] for choice in UserInformationClaimsSources.choices -] +FILE_EXTENSIONS = [ext for ext in generate_default_file_extensions()] +USER_INFO_CLAIM_SOURCES = [choice[0] for choice in UserInformationClaimsSources.choices] +# +# SiteConfiguration +# +require = ( + "name", + "primary_color", + "secondary_color", + "accent_color", +) +exclude = ( + "id", + "email_logo", + "footer_logo", + "favicon", + "openid_connect_logo", + "extra_css", + "logo", + "hero_image_login", + "theme_stylesheet", +) +all_fields = ( + field + for field in SiteConfiguration._meta.concrete_fields + if field.name not in exclude +) siteconfig_fields = { - "name": {"values": "string"}, - "primary_color": {"values": "string"}, - "secondary_color": {"values": "string"}, - "accent_color": {"values": "string"}, - "primary_font_color": {"values": "string"}, - "secondary_font_color": {"values": "string"}, - "accent_font_color": {"values": "string"}, - "warning_banner_enabled": {"values": "True, False"}, - "warning_banner_text": {"values": "string"}, - "warning_banner_background_color": {"values": "string"}, - "warning_banner_font_color": {"values": "string"}, - "login_show": {"values": "True, False"}, - "login_allow_registration": {"values": "True, False"}, - "login_2fa_sms": {"values": "True, False"}, - "login_text": {"values": "string"}, - "registration_text": {"values": "string"}, - "home_welcome_title": {"values": "string"}, - "home_welcome_intro": {"values": "string"}, - "home_theme_title": {"values": "string"}, - "home_theme_intro": {"values": "string"}, - "theme_title": {"values": "string"}, - "theme_intro": {"values": "string"}, - "home_map_title": {"values": "string"}, - "home_map_intro": {"values": "string"}, - "home_questionnaire_title": {"values": "string"}, - "home_questionnaire_intro": {"values": "string"}, - "home_product_finder_title": {"values": "string"}, - "home_product_finder_intro": {"values": "string"}, - "select_questionnaire_title": {"values": "string"}, - "select_questionnaire_intro": {"values": "string"}, - "plans_intro": {"values": "string"}, - "plans_no_plans_message": {"values": "string"}, - "plans_edit_message": {"values": "string"}, - "footer_logo_title": {"values": "string"}, - "footer_logo_url": {"values": "string (URL)"}, - "home_help_text": {"values": "string"}, - "theme_help_text": {"values": "string"}, - "product_help_text": {"values": "string"}, - "search_help_text": {"values": "string"}, - "account_help_text": {"values": "string"}, - "questionnaire_help_text": {"values": "string"}, - "plan_help_text": {"values": "string"}, - "search_filter_categories": {"values": "True, False"}, - "search_filter_tags": {"values": "True, False"}, - "search_filter_organizations": {"values": "True, False"}, - "email_new_message": {"values": "True, False"}, - "recipients_email_digest": { - "values": "string, comma-delimited (e.g. 'user1@test.nl, user2@test.nl'" - }, - "contact_phonenumber": {"values": "string"}, - "contact_page": {"values": "string (URL)"}, - "gtm_code": {"values": "string"}, - "ga_code": {"values": "string"}, - "matomo_url": {"values": "string (URL)"}, - "matomo_site_id": {"values": "string"}, - "siteimprove_id": {"values": "string"}, - "cookie_info_text": {"values": "string"}, - "cookie_link_text": {"values": "string"}, - "cookie_link_url": {"values": "string"}, - "kcm_survey_link_text": {"values": "string"}, - "kcm_survey_link_url": {"values": "string (URL)"}, - "openid_connect_login_text": {"values": "string"}, - "openid_display": {"values": "string"}, - "redirect_to": {"values": "string (URL)"}, - "allow_messages_file_sharing": {"values": "True, False"}, - "hide_categories_from_anonymous_users": {"values": "True, False"}, - "hide_search_from_anonymous_users": {"values": "True, False"}, - "display_social": {"values": "True, False"}, - "eherkenning_enabled": {"values": "True, False"}, + "all": [], + "required": [], } +populate_fields( + siteconfig_fields, require=require, exclude=exclude, all_fields=all_fields +) + # # KIC config # +klanten_api_fields = generate_api_fields_from_template("klanten_api") +contactmomenten_api_fields = generate_api_fields_from_template("contactmomenten_api") + +require = ( + "register_type", + "register_contact_moment", + *klanten_api_fields.keys(), + *contactmomenten_api_fields.keys(), +) +exclude = ("id", "klanten_service", "contactmomenten_service") +all_fields = ( + field + for field in OpenKlantConfig._meta.concrete_fields + if field.name not in exclude +) kic_fields = { - "register_email": { - "values": "string (Email)", - }, - "register_contact_moment": { - "values": "True, False", - }, - "register_bronorganisatie_rsin": { - "values": "string", - }, - "register_channel": { - "values": "string", - }, - "register_type": { - "values": "string", - }, - "register_employee_id": { - "values": "string", - }, - "use_rsin_for_innNnpId_query_parameter": { - "values": "True, False", - }, + "all": [], + "required": [ + "register_type", + "register_contact_moment", + *klanten_api_fields.keys(), + *contactmomenten_api_fields.keys(), + ], } -klanten_api_fields = generate_api_fields_from_template("klanten_api") -contactmomenten_api_fields = generate_api_fields_from_template("contactmomenten_api") +populate_fields(kic_fields, require=None, exclude=exclude, all_fields=all_fields) + # # ZGW config # -zgw_fields = { - "zaak_max_confidentiality": { - "values": ",".join(CONFIDENTIALITY_CHOICES), - }, - "document_max_confidentiality": { - "values": ",".join(CONFIDENTIALITY_CHOICES), - }, - "allowed_file_extensions": { - "values": ",".join(FILE_EXTENSION_CHOICES), - }, - "skip_notification_statustype_informeren": { - "values": "True, False", - }, - "reformat_esuite_zaak_identificatie": { - "values": "True, False", - }, - "fetch_eherkenning_zaken_with_rsin": { - "values": "True, False", - }, - "title_text": { - "values": "True, False", - }, - "enable_categories_filtering_with_zaken": { - "values": "True, False", - }, - "action_required_deadline_days": { - "values": "string (number)", - }, -} - zaak_api_fields = generate_api_fields_from_template("zaak_api") catalogi_api_fields = generate_api_fields_from_template("catalogi_api") documenten_api_fields = generate_api_fields_from_template("documenten_api") formulieren_api_fields = generate_api_fields_from_template("formulieren_api") +exclude = ("id", "catalogi_service", "document_service", "form_service", "zaak_service") +all_fields = ( + field for field in OpenZaakConfig._meta.concrete_fields if field.name not in exclude +) +zgw_fields = { + "all": [], + "required": [ + *zaak_api_fields.keys(), + *catalogi_api_fields.keys(), + *documenten_api_fields.keys(), + *formulieren_api_fields.keys(), + ], +} + +populate_fields(zgw_fields, require=None, exclude=exclude, all_fields=all_fields) + # # DigiD OIDC # +exclude = "id" +all_fields = ( + field + for field in OpenIDConnectDigiDConfig._meta.concrete_fields + if field.name not in exclude +) digid_oidc_fields = { - "enabled": { - "values": "True, False", - }, - "identifier_claim_name": { - "values": "string", - }, - "oidc_rp_scopes_list": { - "values": "string, comma-delimited (i.e. 'foo,bar,baz')", - }, - "oidc_rp_client_id": { - "values": "string", - }, - "oidc_rp_client_secret": { - "values": "string", - }, - "oidc_rp_sign_algo": { - "values": "string", - }, - "oidc_op_discovery_endpoint": { - "values": "string (URL)", - }, - "oidc_op_jwks_endpoint": { - "values": "string (URL)", - }, - "oidc_op_authorization_endpoint": { - "values": "string (URL)", - }, - "oidc_op_token_endpoint": { - "values": "string (URL)", - }, - "oidc_op_user_endpoint": { - "values": "string (URL)", - }, - "oidc_rp_idp_sign_key": { - "values": "string", - }, - "oidc_use_nonce": { - "values": "True, False", - }, - "oidc_nonce_size": { - "values": "string (positive integer)", - }, - "oidc_state_size": { - "values": "string (positive integer)", - }, - "oidc_exempt_urls": { - "values": "string, comma-delimited ('foo,bar,baz')", - }, - "userinfo_claims_source": { - "values": ",".join(USER_INFO_CLAIM_SOURCES_CHOICES), - }, - "oidc_op_logout_endpoint": { - "values": "string (URL)", - }, - "error_message_mapping": { - "values": "JSON ({'key':'value'})", - }, - "oidc_keycloak_idp_hint": { - "values": "string", - }, + "all": [], + "required": [ + "oidc_rp_client_id", + "oidc_rp_client_secret", + ], } +populate_fields(digid_oidc_fields, require=None, exclude=exclude, all_fields=all_fields) + # # eHerkenning OIDC # -eherkenning_oidc_fields = digid_oidc_fields +exclude = "id" +all_fields = ( + field + for field in OpenIDConnectEHerkenningConfig._meta.concrete_fields + if field.name not in exclude +) +eherkenning_oidc_fields = { + "all": [], + "required": [ + "oidc_rp_client_id", + "oidc_rp_client_secret", + ], +} + +populate_fields( + eherkenning_oidc_fields, require=None, exclude=exclude, all_fields=all_fields +) diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py index 3010f06cbc..b875ce46b7 100644 --- a/src/open_inwoner/configurations/bootstrap/models.py +++ b/src/open_inwoner/configurations/bootstrap/models.py @@ -7,89 +7,56 @@ from open_inwoner.openzaak.models import OpenZaakConfig from .constants import ( - catalogi_api_fields, - contactmomenten_api_fields, digid_oidc_fields, - documenten_api_fields, eherkenning_oidc_fields, - formulieren_api_fields, kic_fields, - klanten_api_fields, siteconfig_fields, - zaak_api_fields, zgw_fields, ) +from .utils import ConfigField class ConfigSettingsBase: @classmethod - def get_setting_name(cls, field_name): - return f"{cls.namespace}_" + field_name.upper() + def get_setting_name(cls, field: ConfigField | str) -> str: + if isinstance(field, str): + return f"{cls.namespace}_" + field.upper() + return f"{cls.namespace}_" + field.name.upper() @classmethod - def get_required_settings(cls): - return [cls.get_setting_name(field_name) for field_name in cls.required_fields] + def get_required_settings(cls) -> list[str]: + return [cls.get_setting_name(field) for field in cls.fields["required"]] @classmethod - def get_config_mapping(cls): - return {cls.get_setting_name(field): field for field in cls.fields} + def get_config_mapping(cls) -> list[str]: + return {cls.get_setting_name(field): field for field in cls.fields["all"]} class SiteConfigurationSettings(ConfigSettingsBase): model = SiteConfiguration - display_name = "Site" namespace = "SITE" - required_fields = ("name", "primary_color", "secondary_color", "accent_color") fields = siteconfig_fields - extra_fields = dict() class KICConfigurationSettings(ConfigSettingsBase): model = OpenKlantConfig - display_name = "Klanten configuration" namespace = "KIC_CONFIG" fields = kic_fields - required_fields = ( - *klanten_api_fields.keys(), - *contactmomenten_api_fields.keys(), - "register_type", - "register_contact_moment", - ) - extra_fields = klanten_api_fields | contactmomenten_api_fields class ZGWConfigurationSettings(ConfigSettingsBase): model = OpenZaakConfig - display_name = "ZGW configuration" namespace = "ZGW_CONFIG" fields = zgw_fields - required_fields = ( - *zaak_api_fields.keys(), - *catalogi_api_fields.keys(), - *documenten_api_fields.keys(), - *formulieren_api_fields.keys(), - ) - extra_fields = ( - zaak_api_fields - | catalogi_api_fields - | documenten_api_fields - | formulieren_api_fields - ) class DigiDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectDigiDConfig - display_name = "DigiD OIDC authentication" namespace = "DIGID_OIDC" fields = digid_oidc_fields - required_fields = ("oidp_rp_client_id", "oidp_rp_client_secret") - extra_fields = dict() class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectEHerkenningConfig - display_name = "eHerkenning OIDC authentication" namespace = "EHERKENNING_OIDC" fields = eherkenning_oidc_fields - required_fields = ("eherkenning_rp_client_id", "eherkenning_rp_client_secret") - extra_fields = dict() diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index 7ef50245d3..48e4b7d877 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -21,7 +21,7 @@ def is_configured(self): for required_setting in required_settings: config_field = setting_to_config[required_setting] - if not getattr(config, config_field, None): + if not getattr(config, config_field.name, None): return False return True @@ -29,10 +29,10 @@ def configure(self): config = SiteConfiguration.get_solo() setting_to_config = SiteConfigurationSettings.get_config_mapping() - for key, value in setting_to_config.items(): - setting = getattr(settings, key) + for setting_name, config_field in setting_to_config.items(): + setting = getattr(settings, setting_name) if setting is not None: - setattr(config, value, setting) + setattr(config, config_field.name, setting) config.save() def test_configuration(self): diff --git a/src/open_inwoner/configurations/bootstrap/templates/base.rst.template b/src/open_inwoner/configurations/bootstrap/templates/base.rst.template index 071768f76c..1dacbacd87 100644 --- a/src/open_inwoner/configurations/bootstrap/templates/base.rst.template +++ b/src/open_inwoner/configurations/bootstrap/templates/base.rst.template @@ -24,13 +24,14 @@ All settings: {{ setting }} {% endfor %} + Detailed Information ==================== :: {% for detail in detailed_info -%} - {% for part in detail -%} + {%- for part in detail -%} {{ part }} {% endfor %} {% endfor %} diff --git a/src/open_inwoner/configurations/bootstrap/utils.py b/src/open_inwoner/configurations/bootstrap/utils.py index 985158d5b1..4e94574d14 100644 --- a/src/open_inwoner/configurations/bootstrap/utils.py +++ b/src/open_inwoner/configurations/bootstrap/utils.py @@ -1,3 +1,68 @@ +from dataclasses import dataclass +from typing import Any, Iterator + +from django.db.models.fields import NOT_PROVIDED + + +@dataclass(frozen=True) +class ConfigField: + name: str + verbose_name: str + description: str + field_type: str + default_value: str + values: str + + +def populate_fields( + fields: dict[str, list], + require: tuple[str], + exclude: tuple[str], + all_fields: Iterator, +): + for field in all_fields: + config_field = ConfigField( + name=field.name, + verbose_name=field.verbose_name, + description=field.description, + field_type=field.get_internal_type(), + default_value=get_default_value(field), + values=get_example_value(field), + ) + fields["all"].append(config_field) + if require and config_field.name in require: + fields["required"].append(config_field) + + +def get_default_value(field: Any) -> str: + default = field.default + + if default is NOT_PROVIDED: + return "No default" + if not isinstance(default, (str, bool, int)): + return "No information" + + return default + + +def get_example_value(field: Any) -> str: + match field.get_internal_type(): + case "CharField": + return "string" + case "TextField": + return "string" + case "URLField": + return "string (URL)" + case "BooleanField": + return "True, False" + case "PositiveIntegerField": + return "string representing a (positive) number" + case "ArrayField": + return "string, comma-delimited ('foo,bar,baz')" + case _: + return "No information available" + + def generate_api_fields_from_template(api_name: str) -> dict[str, str]: name = api_name.split("_")[0].capitalize() diff --git a/src/open_inwoner/configurations/management/commands/create_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py similarity index 53% rename from src/open_inwoner/configurations/management/commands/create_docs.py rename to src/open_inwoner/configurations/management/commands/generate_config_docs.py index de20b84141..be72f62a4f 100644 --- a/src/open_inwoner/configurations/management/commands/create_docs.py +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -1,9 +1,11 @@ import os from pathlib import Path +from typing import TypeAlias +from django.conf import settings from django.core.management.base import BaseCommand -from jinja2 import Environment, FileSystemLoader +from jinja2 import Environment, FileSystemLoader, select_autoescape from open_inwoner.configurations.bootstrap.models import ( DigiDOIDCConfigurationSettings, @@ -13,6 +15,15 @@ eHerkenningDOIDCConfigurationSettings, ) +ConfigSetting: TypeAlias = ( + DigiDOIDCConfigurationSettings + | KICConfigurationSettings + | SiteConfigurationSettings + | ZGWConfigurationSettings + | eHerkenningDOIDCConfigurationSettings +) + + SUPPORTED_OPTIONS = ["siteconfig", "kic", "zgw", "digid_oidc", "eherkenning_oidc"] TEMPLATE_DIR = ( @@ -20,20 +31,16 @@ / "bootstrap" / "templates" ) -TARGET_DIR = ( - Path(os.path.abspath(os.path.dirname(__file__))).parent.parent.parent.parent.parent - / "docs" - / "configuration" -) +TARGET_DIR = Path(settings.BASE_DIR) / "docs" / "configuration" class Command(BaseCommand): help = "Create docs for configuration setup steps" def add_arguments(self, parser): - parser.add_argument("config_option") + parser.add_argument("config_option", nargs="?") - def get_config(self, config_option): + def get_config(self, config_option: str) -> dict[str, ConfigSetting]: mapping = { "siteconfig": SiteConfigurationSettings, "kic": KICConfigurationSettings, @@ -43,40 +50,47 @@ def get_config(self, config_option): } return mapping[config_option] - def get_detailed_info(self, config): + def get_detailed_info(self, config: ConfigSetting) -> list[str]: ret = [] - for field, opts in config.fields.items(): - model_field = config.model._meta.get_field(field) + for field in config.fields["all"]: + model_field = config.model._meta.get_field(field.name) part = [] part.append(f"{'Variable':<20}{config.get_setting_name(field)}") part.append(f"{'Setting':<20}{str(model_field.verbose_name)}") part.append(f"{'Description':<20}{str(model_field.help_text)}") - part.append(f"{'Possible values':<20}{opts['values']}") + part.append(f"{'Model field type':<20}{field.field_type}") + part.append(f"{'Possible values':<20}{field.values}") + part.append(f"{'Default value':<20}{field.default_value}") ret.append(part) return ret - def write_file_from_template(self, template_path, template_variables, output_path): + def write_file_from_template( + self, + template_path: os.PathLike, + template_variables: dict[str, list], + output_path: os.PathLike, + ): with open(template_path, "r") as template: template_str = template.read() - template = Environment(loader=FileSystemLoader(TEMPLATE_DIR)).from_string( - template_str - ) + template = Environment( + loader=FileSystemLoader(TEMPLATE_DIR), autoescape=select_autoescape() + ).from_string(template_str) rendered = template.render(template_variables) with open(output_path, "w") as output: output.write(rendered) - def handle(self, *args, **kwargs): - config_option = kwargs["config_option"] - if not config_option or config_option not in SUPPORTED_OPTIONS: - return - + def generate_single_doc(self, config_option: str) -> None: config = self.get_config(config_option) required_settings = [ - config.get_setting_name(field) for field in config.required_fields + config.get_setting_name(field) for field in config.fields["required"] + ] + required_settings.sort() + all_settings = [ + config.get_setting_name(field) for field in config.fields["all"] ] - all_settings = [config.get_setting_name(field) for field in config.fields] + all_settings.sort() detailed_info = self.get_detailed_info(config) template_variables = { "required_settings": required_settings, @@ -88,3 +102,14 @@ def handle(self, *args, **kwargs): output_path = TARGET_DIR / f"{config_option}.rst" self.write_file_from_template(template_path, template_variables, output_path) + + def handle(self, *args, **kwargs) -> None: + config_option = kwargs["config_option"] + + if config_option and config_option not in SUPPORTED_OPTIONS: + return + elif config_option: + self.generate_single_doc(config_option) + else: + for option in SUPPORTED_OPTIONS: + self.generate_single_doc(option) From e66a4f48164d6c73a212eeb532f66f1a52d89887 Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Fri, 19 Apr 2024 15:39:38 +0200 Subject: [PATCH 4/9] [#2297] Process PR feedback for automating config docs --- docs/configuration/digid_oidc.rst | 42 +-- docs/configuration/eherkenning_oidc.rst | 46 +--- docs/configuration/general.rst | 3 +- docs/configuration/kic.rst | 78 ++++-- docs/configuration/siteconfig.rst | 164 ++++-------- docs/configuration/zgw.rst | 120 +++++++-- .../configurations/bootstrap/constants.py | 154 ----------- .../configurations/bootstrap/models.py | 252 ++++++++++++++++-- .../configurations/bootstrap/siteconfig.py | 8 +- .../bootstrap/templates/base.rst.template | 37 --- .../templates/digid_oidc.rst.template | 11 - .../templates/eherkenning_oidc.rst.template | 11 - .../bootstrap/templates/kic.rst.template | 11 - .../templates/siteconfig.rst.template | 11 - .../bootstrap/templates/zgw.rst.template | 11 - .../configurations/bootstrap/typing.py | 17 ++ .../configurations/bootstrap/utils.py | 82 ------ .../commands/generate_config_docs.py | 91 +++---- .../templates/configurations/config_doc.rst | 39 +++ 19 files changed, 543 insertions(+), 645 deletions(-) delete mode 100644 src/open_inwoner/configurations/bootstrap/constants.py delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/base.rst.template delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/kic.rst.template delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template delete mode 100644 src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template create mode 100644 src/open_inwoner/configurations/bootstrap/typing.py delete mode 100644 src/open_inwoner/configurations/bootstrap/utils.py create mode 100644 src/open_inwoner/configurations/templates/configurations/config_doc.rst diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 1e43e98ffd..91d5b1c7e3 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -1,11 +1,9 @@ .. _digid_oidc: - ======================== -DigiD OIDC configuration +DigiD OIDC Configuration ======================== - Settings Overview ================= @@ -16,7 +14,6 @@ Required: DIGID_OIDC_OIDC_RP_CLIENT_ID DIGID_OIDC_OIDC_RP_CLIENT_SECRET - All settings: @@ -44,7 +41,6 @@ All settings: DIGID_OIDC_OIDC_STATE_SIZE DIGID_OIDC_OIDC_USE_NONCE DIGID_OIDC_USERINFO_CLAIMS_SOURCE - Detailed Information @@ -55,141 +51,119 @@ Detailed Information Variable DIGID_OIDC_OIDC_RP_CLIENT_ID Setting OpenID Connect client ID Description OpenID Connect client ID provided by the OIDC Provider - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET Setting OpenID Connect secret Description OpenID Connect secret provided by the OIDC Provider - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm Description Algorithm the Identity Provider uses to sign ID tokens - Model field type CharField Possible values string Default value HS256 Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT Setting Discovery endpoint Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT Setting JSON Web Key Set endpoint Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT Setting Authorization endpoint Description URL of your OpenID Connect provider authorization endpoint - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_OP_TOKEN_ENDPOINT Setting Token endpoint Description URL of your OpenID Connect provider token endpoint - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT Setting User endpoint Description URL of your OpenID Connect provider userinfo endpoint - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY Setting Sign key Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification - Model field type BooleanField Possible values True, False Default value True Variable DIGID_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value 32 Variable DIGID_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value 32 Variable DIGID_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information + Default value No default Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE Setting user information claims extracted from Description Indicates the source from which the user information claims should be extracted. - Model field type CharField - Possible values string + Possible values userinfo_endpoint, id_token Default value userinfo_endpoint Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT Setting Logout endpoint Description URL of your OpenID Connect provider logout endpoint - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Model field type JSONField Possible values No information available - Default value No information + Default value No default Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT Setting Keycloak Identity Provider hint Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). - Model field type CharField Possible values string Default value No default Variable DIGID_OIDC_ENABLED Setting enable Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME Setting BSN claim name Description The name of the claim in which the BSN of the user is stored - Model field type CharField Possible values string Default value bsn Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST Setting OpenID Connect scopes Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information - - \ No newline at end of file + Default value ['openid', 'bsn'] diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index 20e526c104..79c8bbf6ef 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -1,10 +1,8 @@ .. _eherkenning_oidc: - -======================== -eHerkenning OIDC configuration -======================== - +============================== +eHerkenning OIDC Configuration +============================== Settings Overview ================= @@ -16,7 +14,6 @@ Required: EHERKENNING_OIDC_OIDC_RP_CLIENT_ID EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET - All settings: @@ -44,7 +41,6 @@ All settings: EHERKENNING_OIDC_OIDC_STATE_SIZE EHERKENNING_OIDC_OIDC_USE_NONCE EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE - Detailed Information @@ -55,141 +51,119 @@ Detailed Information Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID Setting OpenID Connect client ID Description OpenID Connect client ID provided by the OIDC Provider - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET Setting OpenID Connect secret Description OpenID Connect secret provided by the OIDC Provider - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm Description Algorithm the Identity Provider uses to sign ID tokens - Model field type CharField Possible values string Default value HS256 Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT Setting Discovery endpoint Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT Setting JSON Web Key Set endpoint Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT Setting Authorization endpoint Description URL of your OpenID Connect provider authorization endpoint - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_OP_TOKEN_ENDPOINT Setting Token endpoint Description URL of your OpenID Connect provider token endpoint - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT Setting User endpoint Description URL of your OpenID Connect provider userinfo endpoint - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_RP_IDP_SIGN_KEY Setting Sign key Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification - Model field type BooleanField Possible values True, False Default value True Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value 32 Variable EHERKENNING_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value 32 Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information + Default value No default Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE Setting user information claims extracted from Description Indicates the source from which the user information claims should be extracted. - Model field type CharField - Possible values string + Possible values userinfo_endpoint, id_token Default value userinfo_endpoint Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT Setting Logout endpoint Description URL of your OpenID Connect provider logout endpoint - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Model field type JSONField Possible values No information available - Default value No information + Default value No default Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT Setting Keycloak Identity Provider hint Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). - Model field type CharField Possible values string Default value No default Variable EHERKENNING_OIDC_ENABLED Setting enable Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME Setting KVK claim name Description The name of the claim in which the KVK of the user is stored - Model field type CharField Possible values string Default value kvk Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST Setting OpenID Connect scopes Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information - - \ No newline at end of file + Default value ['openid', 'kvk'] diff --git a/docs/configuration/general.rst b/docs/configuration/general.rst index a94dde1d5b..6804bf03ad 100644 --- a/docs/configuration/general.rst +++ b/docs/configuration/general.rst @@ -33,8 +33,7 @@ If the project is being configured for the first time, run the command from the src/manage.py setup_configuration - -By default, ``setup_configuration`` checks if a configuration already exists and will stop executing if it finds one. In order to overwrite an existing configuration, use: +By default, ``setup_configuration`` checks per configuration step if it is already configured and skips this step if that is the case. In order to overwrite an existing configuration, use: :: diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index f36637baa8..22c47421b7 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -1,11 +1,9 @@ .. _kic: - ===================== -Klanten configuration +Klanten Configuration ===================== - Settings Overview ================= @@ -22,7 +20,6 @@ Required: KIC_CONFIG_KLANTEN_API_ROOT KIC_CONFIG_REGISTER_CONTACT_MOMENT KIC_CONFIG_REGISTER_TYPE - All settings: @@ -30,14 +27,20 @@ All settings: :: + KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID + KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET + KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + KIC_CONFIG_KLANTEN_API_CLIENT_ID + KIC_CONFIG_KLANTEN_API_CLIENT_SECRET + KIC_CONFIG_KLANTEN_API_ROOT KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN KIC_CONFIG_REGISTER_CHANNEL KIC_CONFIG_REGISTER_CONTACT_MOMENT KIC_CONFIG_REGISTER_EMAIL KIC_CONFIG_REGISTER_EMPLOYEE_ID KIC_CONFIG_REGISTER_TYPE + KIC_CONFIG_SEND_EMAIL_CONFIRMATION KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER - Detailed Information @@ -47,51 +50,84 @@ Detailed Information Variable KIC_CONFIG_REGISTER_EMAIL Setting Registreer op email adres - Description - Model field type CharField + Description No description Possible values string Default value No default Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT Setting Registreer in Contactmomenten API - Description - Model field type BooleanField + Description No description Possible values True, False - Default value False + Default value No default Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN Setting Organisatie RSIN - Description - Model field type CharField + Description No description Possible values string - Default value + Default value No default Variable KIC_CONFIG_REGISTER_CHANNEL Setting Contactmoment kanaal - Description The channel through which contactmomenten are created - Model field type CharField + Description De kanaal waarop nieuwe contactmomenten worden aangemaakt Possible values string Default value contactformulier Variable KIC_CONFIG_REGISTER_TYPE Setting Contactmoment type Description Naam van 'contacttype' uit e-Suite - Model field type CharField Possible values string Default value Melding Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID Setting Medewerker identificatie Description Gebruikersnaam van actieve medewerker uit e-Suite - Model field type CharField Possible values string - Default value + Default value No default Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. - Model field type BooleanField Possible values True, False - Default value False + Default value No default + + Variable KIC_CONFIG_SEND_EMAIL_CONFIRMATION + Setting Stuur contactformulier e-mailbevestiging + Description Indien ingeschakeld dan wordt het 'contactform_confimation' e-mailsjabloon gebruikt om een e-mailbevestiging te sturen na het insturen van het contactformulier. Indien uitgeschakeld dan wordt aangenomen dat de externe contactmomenten API (eg. eSuite) de e-mailbevestiging zal sturen + Possible values True, False + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID + Setting Client ID of the Contactmomenten API + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET + Setting Client Secret of the Contactmomenten API + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + Setting Root URL of the Contactmomenten API + Description No description + Possible values string (URL) + Default value No default + + Variable KIC_CONFIG_KLANTEN_API_CLIENT_ID + Setting Client ID of the Klanten API + Description No description + Possible values string + Default value No default - \ No newline at end of file + Variable KIC_CONFIG_KLANTEN_API_CLIENT_SECRET + Setting Client Secret of the Klanten API + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_API_ROOT + Setting Root URL of the Klanten API + Description No description + Possible values string (URL) + Default value No default diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index fdb80617f4..26c0db5189 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -1,11 +1,9 @@ .. _siteconfig: - ===================== -General configuration +General Configuration ===================== - Settings Overview ================= @@ -18,7 +16,6 @@ Required: SITE_NAME SITE_PRIMARY_COLOR SITE_SECONDARY_COLOR - All settings: @@ -94,7 +91,6 @@ All settings: SITE_WARNING_BANNER_ENABLED SITE_WARNING_BANNER_FONT_COLOR SITE_WARNING_BANNER_TEXT - Detailed Information @@ -105,477 +101,407 @@ Detailed Information Variable SITE_NAME Setting Naam Description Naam van de gemeente - Model field type CharField Possible values string Default value No default Variable SITE_PRIMARY_COLOR Setting Primaire kleur Description Hoofdkleur van de gemeentesite/huisstijl - Model field type CharField Possible values string Default value #FFFFFF Variable SITE_SECONDARY_COLOR Setting Secundaire kleur Description Secundaire kleur van de gemeentesite/huisstijl - Model field type CharField Possible values string Default value #FFFFFF Variable SITE_ACCENT_COLOR Setting Accentkleur Description Accentkleur van de gemeentesite/huisstijl - Model field type CharField Possible values string Default value #FFFFFF Variable SITE_PRIMARY_FONT_COLOR Setting Primaire tekstkleur Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is - Model field type CharField - Possible values string + Possible values #FFFFFF, #4B4B4B Default value #FFFFFF Variable SITE_SECONDARY_FONT_COLOR Setting Secundaire tekstkleur Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is - Model field type CharField - Possible values string + Possible values #FFFFFF, #4B4B4B Default value #FFFFFF Variable SITE_ACCENT_FONT_COLOR Setting Accent tekstkleur Description De tekstkleur voor wanneer de achtergrond de accentkleur is - Model field type CharField - Possible values string + Possible values #FFFFFF, #4B4B4B Default value #4B4B4B Variable SITE_WARNING_BANNER_ENABLED Setting Toon waarschuwingsbanner Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable SITE_WARNING_BANNER_TEXT Setting Tekstinhoud waarschuwingsbanner Description De tekst die zichtbaar is in de waarschuwingsbanner - Model field type TextField Possible values string Default value No default Variable SITE_WARNING_BANNER_BACKGROUND_COLOR Setting Waarschuwingsbanner achtergrond Description Waarschuwingsbanner achtergrondkleur - Model field type CharField Possible values string Default value #FFDBAD Variable SITE_WARNING_BANNER_FONT_COLOR Setting Waarschuwingsbanner tekst Description De tekstkleur voor de waarschuwingsbanner - Model field type CharField Possible values string Default value #000000 Variable SITE_LOGIN_SHOW Setting Toon inlogknop rechts bovenin Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen - Model field type BooleanField Possible values True, False Default value True Variable SITE_LOGIN_ALLOW_REGISTRATION Setting Sta lokale registratie toe Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable SITE_LOGIN_2FA_SMS Setting Log in met 2FA-met-SMS Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable SITE_LOGIN_TEXT Setting Login tekst Description Deze tekst wordt getoond op de login pagina. - Model field type TextField Possible values string Default value No default Variable SITE_REGISTRATION_TEXT Setting Registratie tekst Description Deze tekst wordt getoond op de registratie pagina. - Model field type TextField Possible values string Default value No default Variable SITE_HOME_WELCOME_TITLE Setting Koptekst homepage Description Koptekst op de homepage - Model field type CharField Possible values string - Default value No information + Default value Welkom Variable SITE_HOME_WELCOME_INTRO Setting Introductietekst homepage Description Introductietekst op de homepage - Model field type TextField Possible values string Default value No default Variable SITE_HOME_THEME_TITLE Setting Titel 'Onderwerpen' op de homepage Description Koptekst van de Onderwerpen op de homepage - Model field type CharField Possible values string - Default value No information + Default value Onderwerpen Variable SITE_HOME_THEME_INTRO Setting Onderwerpen introductietekst op de homepage Description Introductietekst 'Onderwerpen' op de homepage - Model field type TextField Possible values string Default value No default Variable SITE_THEME_TITLE Setting Onderwerpen titel Description Titel op de Onderwerpenpagina - Model field type CharField Possible values string - Default value No information + Default value Onderwerpen Variable SITE_THEME_INTRO Setting Onderwerpen introductie Description Introductietekst op de onderwerpenpagina - Model field type TextField Possible values string Default value No default Variable SITE_HOME_MAP_TITLE Setting Koptekst van de kaart op de homepage Description Koptekst van de kaart op de homepage - Model field type CharField Possible values string - Default value No information + Default value In de buurt Variable SITE_HOME_MAP_INTRO Setting Introductietekst kaart Description Introductietekst van de kaart op de homepage - Model field type TextField Possible values string Default value No default Variable SITE_HOME_QUESTIONNAIRE_TITLE Setting Titel vragenlijst homepage Description Vragenlijst titel op de homepage. - Model field type CharField Possible values string - Default value No information + Default value Waar bent u naar op zoek? Variable SITE_HOME_QUESTIONNAIRE_INTRO Setting Introductietekst vragenlijst homepage Description Vragenlijst introductietekst op de homepage. - Model field type TextField Possible values string - Default value No information + Default value Test met een paar simpele vragen of u recht heeft op een product Variable SITE_HOME_PRODUCT_FINDER_TITLE Setting Productzoeker titel Description Titel van de productzoeker op de homepage. - Model field type CharField Possible values string - Default value No information + Default value Productzoeker Variable SITE_HOME_PRODUCT_FINDER_INTRO Setting Introductietekst productzoeker homepage Description Introductietekst van de productzoeker op de homepage. - Model field type TextField Possible values string - Default value No information + Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie Variable SITE_SELECT_QUESTIONNAIRE_TITLE Setting Titel vragenlijst widget Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. - Model field type CharField Possible values string - Default value No information + Default value Keuze zelftest? Variable SITE_SELECT_QUESTIONNAIRE_INTRO Setting Introductietekst vragenlijst widget Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. - Model field type TextField Possible values string - Default value No information + Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. Variable SITE_PLANS_INTRO Setting Introductietekst Samenwerken Description Subtitel voor de planpagina. - Model field type TextField Possible values string - Default value No information + Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. Variable SITE_PLANS_NO_PLANS_MESSAGE Setting Standaardtekst geen samenwerkingen Description Het bericht als een gebruiker nog geen plannen heeft. - Model field type CharField Possible values string - Default value No information + Default value U heeft nog geen plan gemaakt. Variable SITE_PLANS_EDIT_MESSAGE Setting Standaardtekst 'doel wijzigen' Description Het bericht wanneer een gebruiker een doel wijzigt. - Model field type CharField Possible values string - Default value No information + Default value Hier kunt u uw doel aanpassen Variable SITE_FOOTER_LOGO_TITLE Setting Footer logo title Description The title - help text of the footer logo. - Model field type CharField Possible values string - Default value + Default value No default Variable SITE_FOOTER_LOGO_URL Setting Footer logo link Description The external link for the footer logo. - Model field type CharField Possible values string - Default value + Default value No default Variable SITE_HOME_HELP_TEXT Setting Helptekst homepage Description Helptekst in de popup op de voorpagina - Model field type TextField Possible values string - Default value No information + Default value Welkom! Op dit scherm vindt u een overzicht van de verschillende onderwerpen en producten & diensten. Variable SITE_THEME_HELP_TEXT Setting Onderwerpen help Description Helptekst in de popup op de onderwerpenpagina - Model field type TextField Possible values string - Default value No information + Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. Variable SITE_PRODUCT_HELP_TEXT Setting Helptekst producten Description Helptekst in de popup van de productenpagina's - Model field type TextField Possible values string - Default value No information + Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. Variable SITE_SEARCH_HELP_TEXT Setting Helptekst zoeken Description De helptekst in de popup op de zoekpagina's - Model field type TextField Possible values string - Default value No information + Default value Op dit scherm kunt u zoeken naar de producten en diensten. Variable SITE_ACCOUNT_HELP_TEXT Setting Helptekst mijn profiel Description De helptekst in de popup van de profielpagina's - Model field type TextField Possible values string - Default value No information + Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. Variable SITE_QUESTIONNAIRE_HELP_TEXT Setting Helptekst vragenlijst/zelftest Description De helptekst in de popup op de vragenlijst/zelftestpagina's - Model field type TextField Possible values string - Default value No information + Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. Variable SITE_PLAN_HELP_TEXT Setting Helptekst samenwerken Description De helptekst in de popup van de samenwerken-pagina's - Model field type TextField Possible values string - Default value No information + Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. Variable SITE_SEARCH_FILTER_CATEGORIES Setting Onderwerpenfilter toevoegen aan zoekresultaten Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. - Model field type BooleanField Possible values True, False Default value True Variable SITE_SEARCH_FILTER_TAGS Setting Tagfilter toevoegen aan zoekresultaten Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. - Model field type BooleanField Possible values True, False Default value True Variable SITE_SEARCH_FILTER_ORGANIZATIONS Setting Organisaties-filter toevoegen aan zoekresultaten Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. - Model field type BooleanField Possible values True, False Default value True Variable SITE_EMAIL_NEW_MESSAGE Setting Stuur een mail bij nieuwe berichten Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. - Model field type BooleanField Possible values True, False Default value True Variable SITE_RECIPIENTS_EMAIL_DIGEST Setting ontvangers e-mailsamenvatting Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information + Default value No default Variable SITE_EMAIL_VERIFICATION_REQUIRED - Setting Email verification required - Description Whether to require users to verify their email address - Model field type BooleanField + Setting E-mailverificatie vereist + Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren Possible values True, False - Default value False + Default value No default Variable SITE_CONTACT_PHONENUMBER Setting Telefoonnummer Description Telefoonnummer van de organisatie - Model field type CharField Possible values string Default value No default Variable SITE_CONTACT_PAGE Setting URL Description URL van de contactpagina van de organisatie - Model field type CharField Possible values string Default value No default Variable SITE_GTM_CODE Setting Google Tag Manager code Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. - Model field type CharField Possible values string Default value No default Variable SITE_GA_CODE Setting Google Analytics code Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. - Model field type CharField Possible values string Default value No default Variable SITE_MATOMO_URL Setting Matamo server URL Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. - Model field type CharField Possible values string Default value No default Variable SITE_MATOMO_SITE_ID Setting Matamo site ID Description De 'idsite' van de website in Matamo die getrackt dient te worden. - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value No default Variable SITE_SITEIMPROVE_ID Setting SiteImprove ID Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. - Model field type CharField Possible values string - Default value + Default value No default Variable SITE_COOKIE_INFO_TEXT Setting Tekst cookiebanner informatie Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. - Model field type CharField Possible values string - Default value No information + Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. Variable SITE_COOKIE_LINK_TEXT Setting Tekst cookiebanner link Description De tekst die wordt gebruikt als link naar de privacypagina. - Model field type CharField Possible values string - Default value No information + Default value Lees meer over ons cookiebeleid. Variable SITE_COOKIE_LINK_URL Setting URL van de privacypagina Description De link naar de pagina met het privacybeleid. - Model field type CharField Possible values string Default value /pages/privacyverklaring/ Variable SITE_KCM_SURVEY_LINK_TEXT - Setting KCM survey link text - Description The text that is displayed on the customer satisfaction survey link - Model field type CharField + Setting Feedbackknop label + Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen Possible values string Default value No default Variable SITE_KCM_SURVEY_LINK_URL - Setting KCM survey URL - Description The external link for the customer satisfaction survey. - Model field type CharField + Setting Feedbackknop URL + Description De externe link achter de feedbackknop feedback. Possible values string Default value No default Variable SITE_OPENID_CONNECT_LOGIN_TEXT Setting OpenID Connect login tekst Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld - Model field type CharField Possible values string Default value Login with Azure AD Variable SITE_OPENID_DISPLAY Setting Toon optie om in te loggen via OpenID Connect Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. - Model field type CharField - Possible values string + Possible values admin, regular Default value admin Variable SITE_REDIRECT_TO Setting Stuur niet-ingelogde gebruiker door naar Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' - Model field type CharField Possible values string Default value No default Variable SITE_ALLOW_MESSAGES_FILE_SHARING Setting Sta het delen van bestanden via Mijn Berichten toe Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden - Model field type BooleanField Possible values True, False Default value True Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS Setting Verberg zoekbalk voor anonieme gebruiker Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable SITE_DISPLAY_SOCIAL Setting Toon sociale media knoppen bij elk product Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) - Model field type BooleanField Possible values True, False Default value True Variable SITE_EHERKENNING_ENABLED Setting eHerkenning authentication ingeschakeld Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. - Model field type BooleanField Possible values True, False - Default value False - - \ No newline at end of file + Default value No default diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index b9b72ce150..a351ec325b 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -1,11 +1,9 @@ .. _zgw: - ================= -ZGW configuration +ZGW Configuration ================= - Settings Overview ================= @@ -26,7 +24,6 @@ Required: ZGW_CONFIG_ZAAK_API_CLIENT_ID ZGW_CONFIG_ZAAK_API_CLIENT_SECRET ZGW_CONFIG_ZAAK_API_ROOT - All settings: @@ -36,15 +33,26 @@ All settings: ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS + ZGW_CONFIG_CATALOGI_API_CLIENT_ID + ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET + ZGW_CONFIG_CATALOGI_API_ROOT + ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID + ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET + ZGW_CONFIG_DOCUMENTEN_API_ROOT ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID + ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET + ZGW_CONFIG_FORMULIEREN_API_ROOT ZGW_CONFIG_MAX_UPLOAD_SIZE ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ZGW_CONFIG_TITLE_TEXT + ZGW_CONFIG_ZAAK_API_CLIENT_ID + ZGW_CONFIG_ZAAK_API_CLIENT_SECRET + ZGW_CONFIG_ZAAK_API_ROOT ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - Detailed Information @@ -55,71 +63,131 @@ Detailed Information Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY Setting Zaak vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken - Model field type CharField - Possible values string + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim Default value openbaar Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY Setting Documenten vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken - Model field type CharField - Possible values string + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim Default value openbaar Variable ZGW_CONFIG_MAX_UPLOAD_SIZE Setting Maximale upload grootte (in MB) Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. - Model field type PositiveIntegerField - Possible values string representing a (positive) number + Possible values string representing a positive number Default value 50 Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS Setting allowed file extensions Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. - Model field type ArrayField Possible values string, comma-delimited ('foo,bar,baz') - Default value No information + Default value ['bmp', 'doc', 'docx', 'gif', 'jpeg', 'jpg', 'msg', 'pdf', 'png', 'ppt', 'pptx', 'rtf', 'tiff', 'txt', 'vsd', 'xls', 'xlsx'] Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN Setting Maak gebruik van StatusType.informeren workaround (eSuite) Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE Setting Converteer eSuite zaaknummers Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable ZGW_CONFIG_TITLE_TEXT Setting Titel tekst Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. - Model field type TextField Possible values string - Default value No information + Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker - Model field type BooleanField Possible values True, False - Default value False + Default value No default Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS Setting Standaard actie deadline termijn in dagen Description Aantal dagen voor gebruiker om actie te ondernemen. - Model field type IntegerField - Possible values No information available + Possible values string representing a number Default value 15 - \ No newline at end of file + Variable ZGW_CONFIG_CATALOGI_API_CLIENT_ID + Setting Client ID of the Catalogi API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET + Setting Client Secret of the Catalogi API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_API_ROOT + Setting Root URL of the Catalogi API + Description No description + Possible values string (URL) + Default value No default + + Variable ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID + Setting Client ID of the Documenten API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET + Setting Client Secret of the Documenten API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENTEN_API_ROOT + Setting Root URL of the Documenten API + Description No description + Possible values string (URL) + Default value No default + + Variable ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID + Setting Client ID of the Formulieren API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET + Setting Client Secret of the Formulieren API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORMULIEREN_API_ROOT + Setting Root URL of the Formulieren API + Description No description + Possible values string (URL) + Default value No default + + Variable ZGW_CONFIG_ZAAK_API_CLIENT_ID + Setting Client ID of the Zaak API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_API_CLIENT_SECRET + Setting Client Secret of the Zaak API + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_API_ROOT + Setting Root URL of the Zaak API + Description No description + Possible values string (URL) + Default value No default diff --git a/src/open_inwoner/configurations/bootstrap/constants.py b/src/open_inwoner/configurations/bootstrap/constants.py deleted file mode 100644 index 1125db6b58..0000000000 --- a/src/open_inwoner/configurations/bootstrap/constants.py +++ /dev/null @@ -1,154 +0,0 @@ -from mozilla_django_oidc_db.models import UserInformationClaimsSources -from zgw_consumers.api_models.constants import VertrouwelijkheidsAanduidingen - -from digid_eherkenning_oidc_generics.models import ( - OpenIDConnectDigiDConfig, - OpenIDConnectEHerkenningConfig, -) -from open_inwoner.configurations.models import SiteConfiguration -from open_inwoner.openklant.models import OpenKlantConfig -from open_inwoner.openzaak.models import ( - OpenZaakConfig, - generate_default_file_extensions, -) - -from .utils import generate_api_fields_from_template, populate_fields - -CONFIDENTIALITY_LEVELS = [ - choice[0] for choice in VertrouwelijkheidsAanduidingen.choices -] -FILE_EXTENSIONS = [ext for ext in generate_default_file_extensions()] -USER_INFO_CLAIM_SOURCES = [choice[0] for choice in UserInformationClaimsSources.choices] - - -# -# SiteConfiguration -# -require = ( - "name", - "primary_color", - "secondary_color", - "accent_color", -) -exclude = ( - "id", - "email_logo", - "footer_logo", - "favicon", - "openid_connect_logo", - "extra_css", - "logo", - "hero_image_login", - "theme_stylesheet", -) -all_fields = ( - field - for field in SiteConfiguration._meta.concrete_fields - if field.name not in exclude -) -siteconfig_fields = { - "all": [], - "required": [], -} - -populate_fields( - siteconfig_fields, require=require, exclude=exclude, all_fields=all_fields -) - - -# -# KIC config -# -klanten_api_fields = generate_api_fields_from_template("klanten_api") -contactmomenten_api_fields = generate_api_fields_from_template("contactmomenten_api") - -require = ( - "register_type", - "register_contact_moment", - *klanten_api_fields.keys(), - *contactmomenten_api_fields.keys(), -) -exclude = ("id", "klanten_service", "contactmomenten_service") -all_fields = ( - field - for field in OpenKlantConfig._meta.concrete_fields - if field.name not in exclude -) -kic_fields = { - "all": [], - "required": [ - "register_type", - "register_contact_moment", - *klanten_api_fields.keys(), - *contactmomenten_api_fields.keys(), - ], -} - -populate_fields(kic_fields, require=None, exclude=exclude, all_fields=all_fields) - - -# -# ZGW config -# -zaak_api_fields = generate_api_fields_from_template("zaak_api") -catalogi_api_fields = generate_api_fields_from_template("catalogi_api") -documenten_api_fields = generate_api_fields_from_template("documenten_api") -formulieren_api_fields = generate_api_fields_from_template("formulieren_api") - -exclude = ("id", "catalogi_service", "document_service", "form_service", "zaak_service") -all_fields = ( - field for field in OpenZaakConfig._meta.concrete_fields if field.name not in exclude -) -zgw_fields = { - "all": [], - "required": [ - *zaak_api_fields.keys(), - *catalogi_api_fields.keys(), - *documenten_api_fields.keys(), - *formulieren_api_fields.keys(), - ], -} - -populate_fields(zgw_fields, require=None, exclude=exclude, all_fields=all_fields) - - -# -# DigiD OIDC -# -exclude = "id" -all_fields = ( - field - for field in OpenIDConnectDigiDConfig._meta.concrete_fields - if field.name not in exclude -) -digid_oidc_fields = { - "all": [], - "required": [ - "oidc_rp_client_id", - "oidc_rp_client_secret", - ], -} - -populate_fields(digid_oidc_fields, require=None, exclude=exclude, all_fields=all_fields) - - -# -# eHerkenning OIDC -# -exclude = "id" -all_fields = ( - field - for field in OpenIDConnectEHerkenningConfig._meta.concrete_fields - if field.name not in exclude -) -eherkenning_oidc_fields = { - "all": [], - "required": [ - "oidc_rp_client_id", - "oidc_rp_client_secret", - ], -} - -populate_fields( - eherkenning_oidc_fields, require=None, exclude=exclude, all_fields=all_fields -) diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py index b875ce46b7..9f0fbc3cab 100644 --- a/src/open_inwoner/configurations/bootstrap/models.py +++ b/src/open_inwoner/configurations/bootstrap/models.py @@ -1,3 +1,9 @@ +import dataclasses +from dataclasses import dataclass, field +from typing import Any, Iterator, TypeAlias + +from django.db.models.fields import NOT_PROVIDED + from digid_eherkenning_oidc_generics.models import ( OpenIDConnectDigiDConfig, OpenIDConnectEHerkenningConfig, @@ -6,57 +12,261 @@ from open_inwoner.openklant.models import OpenKlantConfig from open_inwoner.openzaak.models import OpenZaakConfig -from .constants import ( - digid_oidc_fields, - eherkenning_oidc_fields, - kic_fields, - siteconfig_fields, - zgw_fields, +ConfigModel: TypeAlias = ( + SiteConfiguration + | OpenKlantConfig + | OpenZaakConfig + | OpenIDConnectDigiDConfig + | OpenIDConnectEHerkenningConfig ) -from .utils import ConfigField + + +@dataclass(frozen=True) +class ConfigField: + name: str + verbose_name: str + description: str + default_value: str + values: str + + +@dataclass +class Fields: + all: list[ConfigField] + required: list[ConfigField] class ConfigSettingsBase: + model: ConfigModel + display_name: str + namespace: str + api_fields: tuple[str, ...] + required_fields: tuple[str, ...] + excluded_fields: tuple[str, ...] + api_fields: tuple[str, ...] + + def __init__(self): + self.config_fields = Fields(all=[], required=[]) + + self.populate_fields( + required=self.required_fields, + excluded=self.excluded_fields, + model_fields=self.create_model_config_fields(), + api_fields=self.create_api_config_fields(), + ) + @classmethod - def get_setting_name(cls, field: ConfigField | str) -> str: - if isinstance(field, str): - return f"{cls.namespace}_" + field.upper() + def get_setting_name(cls, field: ConfigField) -> str: return f"{cls.namespace}_" + field.name.upper() - @classmethod - def get_required_settings(cls) -> list[str]: - return [cls.get_setting_name(field) for field in cls.fields["required"]] + @staticmethod + def get_default_value(field: Any) -> str: + default = field.default - @classmethod - def get_config_mapping(cls) -> list[str]: - return {cls.get_setting_name(field): field for field in cls.fields["all"]} + if default is NOT_PROVIDED: + return "No default" + if callable(default): + default = default.__call__() + + return default + + @staticmethod + def get_example_values(field: Any) -> str: + # fields with choices + if choices := field.choices: + values = [choice[0] for choice in choices] + return ", ".join(values) + + # other fields + match field.get_internal_type(): + case "CharField": + return "string" + case "TextField": + return "string" + case "URLField": + return "string (URL)" + case "BooleanField": + return "True, False" + case "IntegerField": + return "string representing a number" + case "PositiveIntegerField": + return "string representing a positive number" + case "ArrayField": + return "string, comma-delimited ('foo,bar,baz')" + case _: + return "No information available" + + def create_model_config_fields(self) -> Iterator[ConfigField]: + model_fields = ( + field + for field in self.model._meta.concrete_fields + if field.name not in self.__class__.excluded_fields + ) + + return ( + ConfigField( + name=model_field.name, + verbose_name=model_field.verbose_name, + description=model_field.help_text, + default_value=self.get_default_value(model_field), + values=self.get_example_values(model_field), + ) + for model_field in model_fields + ) + + def create_single_api_config_field(self, api_field: str) -> ConfigField: + api_type = api_field.split("_api_")[0].capitalize() + + if "api_root" in api_field: + verbose_name = f"Root URL of the {api_type} API" + values = "string (URL)" + elif "api_client_id" in api_field: + verbose_name = f"Client ID of the {api_type} API" + values = "string" + else: + verbose_name = f"Client Secret of the {api_type} API" + values = "string" + + return ConfigField( + name=api_field, + verbose_name=verbose_name, + description="No description", + default_value="No default", + values=values, + ) + + def create_api_config_fields(self) -> Iterator[ConfigField]: + return ( + self.create_single_api_config_field(field_name) + for field_name in self.api_fields + ) + + def populate_fields( + self, + required: tuple[str, ...], + excluded: tuple[str, ...], + model_fields: Iterator[ConfigField], + api_fields: Iterator[ConfigField], + ) -> None: + for config_field in model_fields: + self.config_fields.all.append(config_field) + if config_field.name in self.required_fields: + self.config_fields.required.append(config_field) + + for config_field in api_fields: + self.config_fields.all.append(config_field) + self.config_fields.required.append(config_field) + + def get_required_settings(self) -> tuple[str, ...]: + return tuple( + self.get_setting_name(field) for field in self.config_fields.required + ) + + def get_config_mapping(self) -> dict[str, ConfigField]: + return {self.get_setting_name(field): field for field in self.config_fields.all} class SiteConfigurationSettings(ConfigSettingsBase): model = SiteConfiguration + display_name = "General Configuration" namespace = "SITE" - fields = siteconfig_fields + api_fields = tuple() + required_fields = ( + "name", + "primary_color", + "secondary_color", + "accent_color", + ) + excluded_fields = ( + "id", + "email_logo", + "footer_logo", + "favicon", + "openid_connect_logo", + "extra_css", + "logo", + "hero_image_login", + "theme_stylesheet", + ) class KICConfigurationSettings(ConfigSettingsBase): model = OpenKlantConfig + display_name = "Klanten Configuration" namespace = "KIC_CONFIG" - fields = kic_fields + api_fields = ( + "contactmomenten_api_client_id", + "contactmomenten_api_client_secret", + "contactmomenten_api_root", + "klanten_api_client_id", + "klanten_api_client_secret", + "klanten_api_root", + ) + required_fields = api_fields + ( + "register_type", + "register_contact_moment", + ) + excluded_fields = ("id", "klanten_service", "contactmomenten_service") class ZGWConfigurationSettings(ConfigSettingsBase): model = OpenZaakConfig + display_name = "ZGW Configuration" namespace = "ZGW_CONFIG" - fields = zgw_fields + api_fields = ( + "catalogi_api_client_id", + "catalogi_api_client_secret", + "catalogi_api_root", + "documenten_api_client_id", + "documenten_api_client_secret", + "documenten_api_root", + "formulieren_api_client_id", + "formulieren_api_client_secret", + "formulieren_api_root", + "zaak_api_client_id", + "zaak_api_client_secret", + "zaak_api_root", + ) + required_fields = api_fields + excluded_fields = ( + "id", + "catalogi_service", + "document_service", + "form_service", + "zaak_service", + ) class DigiDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectDigiDConfig + display_name = "DigiD OIDC Configuration" namespace = "DIGID_OIDC" - fields = digid_oidc_fields + api_fields = tuple() + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + excluded_fields = ("id",) class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectEHerkenningConfig + display_name = "eHerkenning OIDC Configuration" namespace = "EHERKENNING_OIDC" - fields = eherkenning_oidc_fields + api_fields = tuple() + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + excluded_fields = ("id",) + + +@dataclass +class ConfigurationSettingsMap: + siteconfig: type = field(default=SiteConfigurationSettings) + kic: type = field(default=KICConfigurationSettings) + zgw: type = field(default=ZGWConfigurationSettings) + digid_oidc: type = field(default=DigiDOIDCConfigurationSettings) + eherkenning_oidc: type = field(default=eHerkenningDOIDCConfigurationSettings) + + @classmethod + def get_fields(cls): + return tuple(field.default for field in dataclasses.fields(cls)) + + @classmethod + def get_field_names(cls): + return tuple(field.name for field in dataclasses.fields(cls)) diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index 48e4b7d877..277abf036a 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -16,8 +16,9 @@ class SiteConfigurationStep(BaseConfigurationStep): def is_configured(self): config = SiteConfiguration.get_solo() - required_settings = SiteConfigurationSettings.get_required_settings() - setting_to_config = SiteConfigurationSettings.get_config_mapping() + config_settings = SiteConfigurationSettings() + required_settings = config_settings.get_required_settings() + setting_to_config = config_settings.get_config_mapping() for required_setting in required_settings: config_field = setting_to_config[required_setting] @@ -27,7 +28,8 @@ def is_configured(self): def configure(self): config = SiteConfiguration.get_solo() - setting_to_config = SiteConfigurationSettings.get_config_mapping() + config_settings = SiteConfigurationSettings() + setting_to_config = config_settings.get_config_mapping() for setting_name, config_field in setting_to_config.items(): setting = getattr(settings, setting_name) diff --git a/src/open_inwoner/configurations/bootstrap/templates/base.rst.template b/src/open_inwoner/configurations/bootstrap/templates/base.rst.template deleted file mode 100644 index 1dacbacd87..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/base.rst.template +++ /dev/null @@ -1,37 +0,0 @@ -{% block link %}{% endblock %} - -{% block title %}{% endblock %} - -Settings Overview -================= - -Required: -""""""""" - -:: - - {% for setting in required_settings -%} - {{ setting }} - {% endfor %} - - -All settings: -""""""""""""" - -:: - - {% for setting in all_settings -%} - {{ setting }} - {% endfor %} - - -Detailed Information -==================== - -:: - - {% for detail in detailed_info -%} - {%- for part in detail -%} - {{ part }} - {% endfor %} - {% endfor %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template b/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template deleted file mode 100644 index 510ff21fbb..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/digid_oidc.rst.template +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.rst.template" %} - -{% block link -%} -.. _digid_oidc: -{% endblock -%} - -{% block title -%} -======================== -DigiD OIDC configuration -======================== -{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template b/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template deleted file mode 100644 index 5c491ef480..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/eherkenning_oidc.rst.template +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.rst.template" %} - -{% block link -%} -.. _eherkenning_oidc: -{% endblock -%} - -{% block title -%} -======================== -eHerkenning OIDC configuration -======================== -{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template b/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template deleted file mode 100644 index 191690831b..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/kic.rst.template +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.rst.template" %} - -{% block link -%} -.. _kic: -{% endblock -%} - -{% block title -%} -===================== -Klanten configuration -===================== -{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template b/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template deleted file mode 100644 index 154dbdb071..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/siteconfig.rst.template +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.rst.template" %} - -{% block link -%} -.. _siteconfig: -{% endblock -%} - -{% block title -%} -===================== -General configuration -===================== -{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template b/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template deleted file mode 100644 index d718a1cda0..0000000000 --- a/src/open_inwoner/configurations/bootstrap/templates/zgw.rst.template +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.rst.template" %} - -{% block link -%} -.. _zgw: -{% endblock -%} - -{% block title -%} -================= -ZGW configuration -================= -{% endblock %} diff --git a/src/open_inwoner/configurations/bootstrap/typing.py b/src/open_inwoner/configurations/bootstrap/typing.py new file mode 100644 index 0000000000..34946fcba4 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/typing.py @@ -0,0 +1,17 @@ +from typing import TypeAlias + +from .models import ( + DigiDOIDCConfigurationSettings, + KICConfigurationSettings, + SiteConfigurationSettings, + ZGWConfigurationSettings, + eHerkenningDOIDCConfigurationSettings, +) + +ConfigSetting: TypeAlias = ( + SiteConfigurationSettings + | KICConfigurationSettings + | ZGWConfigurationSettings + | DigiDOIDCConfigurationSettings + | eHerkenningDOIDCConfigurationSettings +) diff --git a/src/open_inwoner/configurations/bootstrap/utils.py b/src/open_inwoner/configurations/bootstrap/utils.py deleted file mode 100644 index 4e94574d14..0000000000 --- a/src/open_inwoner/configurations/bootstrap/utils.py +++ /dev/null @@ -1,82 +0,0 @@ -from dataclasses import dataclass -from typing import Any, Iterator - -from django.db.models.fields import NOT_PROVIDED - - -@dataclass(frozen=True) -class ConfigField: - name: str - verbose_name: str - description: str - field_type: str - default_value: str - values: str - - -def populate_fields( - fields: dict[str, list], - require: tuple[str], - exclude: tuple[str], - all_fields: Iterator, -): - for field in all_fields: - config_field = ConfigField( - name=field.name, - verbose_name=field.verbose_name, - description=field.description, - field_type=field.get_internal_type(), - default_value=get_default_value(field), - values=get_example_value(field), - ) - fields["all"].append(config_field) - if require and config_field.name in require: - fields["required"].append(config_field) - - -def get_default_value(field: Any) -> str: - default = field.default - - if default is NOT_PROVIDED: - return "No default" - if not isinstance(default, (str, bool, int)): - return "No information" - - return default - - -def get_example_value(field: Any) -> str: - match field.get_internal_type(): - case "CharField": - return "string" - case "TextField": - return "string" - case "URLField": - return "string (URL)" - case "BooleanField": - return "True, False" - case "PositiveIntegerField": - return "string representing a (positive) number" - case "ArrayField": - return "string, comma-delimited ('foo,bar,baz')" - case _: - return "No information available" - - -def generate_api_fields_from_template(api_name: str) -> dict[str, str]: - name = api_name.split("_")[0].capitalize() - - return { - f"{api_name}_root": { - "verbose_name": f"Root URL of the {name} API", - "values": "string (URL)", - }, - f"{api_name}_client_id": { - "verbose_name": f"Client ID for the {name} API", - "values": "string", - }, - f"{api_name}_client_secret": { - "verbose_name": f"Secret for the {name} API", - "values": "string", - }, - } diff --git a/src/open_inwoner/configurations/management/commands/generate_config_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py index be72f62a4f..a31248e456 100644 --- a/src/open_inwoner/configurations/management/commands/generate_config_docs.py +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -1,36 +1,15 @@ import os from pathlib import Path -from typing import TypeAlias from django.conf import settings from django.core.management.base import BaseCommand +from django.template import loader -from jinja2 import Environment, FileSystemLoader, select_autoescape +from open_inwoner.configurations.bootstrap.models import ConfigurationSettingsMap +from open_inwoner.configurations.bootstrap.typing import ConfigSetting -from open_inwoner.configurations.bootstrap.models import ( - DigiDOIDCConfigurationSettings, - KICConfigurationSettings, - SiteConfigurationSettings, - ZGWConfigurationSettings, - eHerkenningDOIDCConfigurationSettings, -) - -ConfigSetting: TypeAlias = ( - DigiDOIDCConfigurationSettings - | KICConfigurationSettings - | SiteConfigurationSettings - | ZGWConfigurationSettings - | eHerkenningDOIDCConfigurationSettings -) - - -SUPPORTED_OPTIONS = ["siteconfig", "kic", "zgw", "digid_oidc", "eherkenning_oidc"] - -TEMPLATE_DIR = ( - Path(os.path.abspath(os.path.dirname(__file__))).parent.parent - / "bootstrap" - / "templates" -) +SUPPORTED_OPTIONS = ConfigurationSettingsMap.get_field_names() +TEMPLATE_PATH = Path("configurations/config_doc.rst") TARGET_DIR = Path(settings.BASE_DIR) / "docs" / "configuration" @@ -40,65 +19,65 @@ class Command(BaseCommand): def add_arguments(self, parser): parser.add_argument("config_option", nargs="?") - def get_config(self, config_option: str) -> dict[str, ConfigSetting]: - mapping = { - "siteconfig": SiteConfigurationSettings, - "kic": KICConfigurationSettings, - "zgw": ZGWConfigurationSettings, - "digid_oidc": DigiDOIDCConfigurationSettings, - "eherkenning_oidc": eHerkenningDOIDCConfigurationSettings, - } - return mapping[config_option] + def get_config(self, config_option: str) -> ConfigSetting: + config_model = getattr(ConfigurationSettingsMap, config_option, None) + config_instance = config_model() + return config_instance - def get_detailed_info(self, config: ConfigSetting) -> list[str]: + def get_detailed_info(self, config: ConfigSetting) -> list[list[str]]: ret = [] - for field in config.fields["all"]: - model_field = config.model._meta.get_field(field.name) + for field in config.config_fields.all: part = [] part.append(f"{'Variable':<20}{config.get_setting_name(field)}") - part.append(f"{'Setting':<20}{str(model_field.verbose_name)}") - part.append(f"{'Description':<20}{str(model_field.help_text)}") - part.append(f"{'Model field type':<20}{field.field_type}") - part.append(f"{'Possible values':<20}{field.values}") - part.append(f"{'Default value':<20}{field.default_value}") + part.append(f"{'Setting':<20}{field.verbose_name}") + part.append(f"{'Description':<20}{field.description or 'No description'}") + part.append(f"{'Possible values':<20}{field.values or 'No information'}") + part.append(f"{'Default value':<20}{field.default_value or 'No default'}") ret.append(part) return ret + def format_display_name(self, display_name): + """Surround title with '=' to display as heading in rst file""" + + heading_bar = f"{'=' * len(display_name)}" + display_name_formatted = ( + heading_bar + "\n" + f"{display_name}" + "\n" + heading_bar + ) + return display_name_formatted + def write_file_from_template( self, template_path: os.PathLike, template_variables: dict[str, list], output_path: os.PathLike, ): - with open(template_path, "r") as template: - template_str = template.read() - template = Environment( - loader=FileSystemLoader(TEMPLATE_DIR), autoescape=select_autoescape() - ).from_string(template_str) - rendered = template.render(template_variables) + template = loader.get_template(template_path) + rendered = template.render(template_variables) - with open(output_path, "w") as output: - output.write(rendered) + with open(output_path, "w") as output: + output.write(rendered) def generate_single_doc(self, config_option: str) -> None: config = self.get_config(config_option) required_settings = [ - config.get_setting_name(field) for field in config.fields["required"] + config.get_setting_name(field) for field in config.config_fields.required ] required_settings.sort() all_settings = [ - config.get_setting_name(field) for field in config.fields["all"] + config.get_setting_name(field) for field in config.config_fields.all ] all_settings.sort() detailed_info = self.get_detailed_info(config) + template_variables = { "required_settings": required_settings, "all_settings": all_settings, "detailed_info": detailed_info, + "link": f".. _{config_option}:", + "title": self.format_display_name(config.display_name), } - - template_path = TEMPLATE_DIR / f"{config_option}.rst.template" + template_path = TEMPLATE_PATH output_path = TARGET_DIR / f"{config_option}.rst" self.write_file_from_template(template_path, template_variables, output_path) @@ -107,6 +86,8 @@ def handle(self, *args, **kwargs) -> None: config_option = kwargs["config_option"] if config_option and config_option not in SUPPORTED_OPTIONS: + self.stdout.write(f"Unsupported config option ({config_option})\n") + self.stdout.write(f"Supported: {', '.join(SUPPORTED_OPTIONS)}") return elif config_option: self.generate_single_doc(config_option) diff --git a/src/open_inwoner/configurations/templates/configurations/config_doc.rst b/src/open_inwoner/configurations/templates/configurations/config_doc.rst new file mode 100644 index 0000000000..59e7b07e04 --- /dev/null +++ b/src/open_inwoner/configurations/templates/configurations/config_doc.rst @@ -0,0 +1,39 @@ +{% block link %}{{ link }}{% endblock %} + +{% block title %}{{ title }}{% endblock %} + +Settings Overview +================= + +Required: +""""""""" + +:: + + {% spaceless %} + {% for setting in required_settings %}{{ setting }} + {% endfor %} + {% endspaceless %} + + +All settings: +""""""""""""" + +:: + + {% spaceless %} + {% for setting in all_settings %}{{ setting }} + {% endfor %} + {% endspaceless %} + + +Detailed Information +==================== + +:: + + {% spaceless %} + {% for detail in detailed_info %} + {% for part in detail %}{{ part|safe }} + {% endfor %}{% endfor %} + {% endspaceless %} From f414aec61ca8ec396f0a77f2795a24340670e45c Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Tue, 23 Apr 2024 11:01:07 +0200 Subject: [PATCH 5/9] [#2297] Refactor model field names for automatic retrieval of related fields data --- docs/configuration/digid_oidc.rst | 136 ++-- docs/configuration/digid_saml.rst | 203 ++++++ docs/configuration/eherkenning_oidc.rst | 126 ++-- docs/configuration/kic.rst | 327 ++++++++-- docs/configuration/siteconfig.rst | 504 +++++++-------- docs/configuration/zgw.rst | 579 +++++++++++++++--- .../configurations/bootstrap/dataclasses.py | 16 + .../configurations/bootstrap/models.py | 238 +++---- 8 files changed, 1515 insertions(+), 614 deletions(-) create mode 100644 docs/configuration/digid_saml.rst create mode 100644 src/open_inwoner/configurations/bootstrap/dataclasses.py diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 91d5b1c7e3..28f4492615 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -48,39 +48,51 @@ Detailed Information :: - Variable DIGID_OIDC_OIDC_RP_CLIENT_ID - Setting OpenID Connect client ID - Description OpenID Connect client ID provided by the OIDC Provider - Possible values string + Variable DIGID_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. + Possible values True, False Default value No default - Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET - Setting OpenID Connect secret - Description OpenID Connect secret provided by the OIDC Provider + Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. Possible values string Default value No default - Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO - Setting OpenID sign algorithm - Description Algorithm the Identity Provider uses to sign ID tokens + Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint Possible values string - Default value HS256 + Default value No default - Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT - Setting Discovery endpoint - Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Variable DIGID_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive number + Default value 32 + + Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint Possible values string Default value No default - Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT - Setting JSON Web Key Set endpoint - Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Variable DIGID_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider Possible values string Default value No default - Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT - Setting Authorization endpoint - Description URL of your OpenID Connect provider authorization endpoint + Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, bsn + + Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider Possible values string Default value No default @@ -90,9 +102,9 @@ Detailed Information Possible values string Default value No default - Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT - Setting User endpoint - Description URL of your OpenID Connect provider userinfo endpoint + Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). Possible values string Default value No default @@ -102,17 +114,29 @@ Detailed Information Possible values string Default value No default - Variable DIGID_OIDC_OIDC_USE_NONCE - Setting Use nonce - Description Controls whether the OpenID Connect client uses nonce verification - Possible values True, False - Default value True + Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME + Setting BSN claim name + Description The name of the claim in which the BSN of the user is stored + Possible values string + Default value bsn - Variable DIGID_OIDC_OIDC_NONCE_SIZE - Setting Nonce size - Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string representing a positive number - Default value 32 + Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint + + Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 Variable DIGID_OIDC_OIDC_STATE_SIZE Setting State size @@ -120,50 +144,26 @@ Detailed Information Possible values string representing a positive number Default value 32 + Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + Variable DIGID_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. Possible values string, comma-delimited ('foo,bar,baz') Default value No default - Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE - Setting user information claims extracted from - Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint, id_token - Default value userinfo_endpoint - - Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT - Setting Logout endpoint - Description URL of your OpenID Connect provider logout endpoint - Possible values string - Default value No default + Variable DIGID_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user Possible values No information available Default value No default - - Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT - Setting Keycloak Identity Provider hint - Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). - Possible values string - Default value No default - - Variable DIGID_OIDC_ENABLED - Setting enable - Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. - Possible values True, False - Default value No default - - Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME - Setting BSN claim name - Description The name of the claim in which the BSN of the user is stored - Possible values string - Default value bsn - - Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST - Setting OpenID Connect scopes - Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Possible values string, comma-delimited ('foo,bar,baz') - Default value ['openid', 'bsn'] diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst new file mode 100644 index 0000000000..a976ee6f78 --- /dev/null +++ b/docs/configuration/digid_saml.rst @@ -0,0 +1,203 @@ +.. _digid_saml: + +======================== +DigiD SAML Configuration +======================== + +Settings Overview +================= + +Required: +""""""""" + +:: + + DIGID_BASE_URL + DIGID_CERTIFICATE_LABEL + DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + DIGID_CERTIFICATE_TYPE + DIGID_ENTITY_ID + DIGID_METADATA_FILE_SOURCE + DIGID_SERVICE_DESCRIPTION + DIGID_SERVICE_NAME + + +All settings: +""""""""""""" + +:: + + DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE + DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX + DIGID_BASE_URL + DIGID_CERTIFICATE_LABEL + DIGID_CERTIFICATE_PRIVATE_KEY + DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + DIGID_CERTIFICATE_TYPE + DIGID_DIGEST_ALGORITHM + DIGID_ENTITY_ID + DIGID_IDP_METADATA_FILE + DIGID_IDP_SERVICE_ENTITY_ID + DIGID_KEY_PASSPHRASE + DIGID_METADATA_FILE_SOURCE + DIGID_ORGANIZATION_NAME + DIGID_ORGANIZATION_URL + DIGID_REQUESTED_ATTRIBUTES + DIGID_SERVICE_DESCRIPTION + DIGID_SERVICE_NAME + DIGID_SIGNATURE_ALGORITHM + DIGID_SLO + DIGID_TECHNICAL_CONTACT_PERSON_EMAIL + DIGID_TECHNICAL_CONTACT_PERSON_TELEPHONE + DIGID_WANT_ASSERTIONS_ENCRYPTED + DIGID_WANT_ASSERTIONS_SIGNED + + +Detailed Information +==================== + +:: + + Variable DIGID_METADATA_FILE_SOURCE + Setting (XML) metadata-URL + Description De URL waar het XML metadata-bestand kan gedownload worden. + Possible values string + Default value No default + + Variable DIGID_SIGNATURE_ALGORITHM + Setting signature algorithm + Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). + Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + + Variable DIGID_SERVICE_DESCRIPTION + Setting Service-omschrijving + Description Een beschrijving van de service die je aanbiedt. + Possible values string + Default value No default + + Variable DIGID_ENTITY_ID + Setting entity ID + Description Service provider entity ID. + Possible values string + Default value No default + + Variable DIGID_WANT_ASSERTIONS_ENCRYPTED + Setting versleutel assertions + Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. + Possible values True, False + Default value No default + + Variable DIGID_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string + Default value No default + + Variable DIGID_TECHNICAL_CONTACT_PERSON_EMAIL + Setting technisch contactpersoon: e-mailadres + Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_WANT_ASSERTIONS_SIGNED + Setting onderteken assertions + Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. + Possible values True, False + Default value True + + Variable DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE + Setting Content-Type 'resolve artifact binding' + Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. + Possible values application/soap+xml, text/xml + Default value application/soap+xml + + Variable DIGID_ORGANIZATION_NAME + Setting organisatienaam + Description Naam van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de URL opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_SLO + Setting Single logout + Description Single Logout is beschikbaar indien ingeschakeld + Possible values True, False + Default value True + + Variable DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting Attribute consuming service index + Description Attribute consuming service index + Possible values string + Default value 1 + + Variable DIGID_DIGEST_ALGORITHM + Setting digest algorithm + Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. + Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 + Default value http://www.w3.org/2000/09/xmldsig#sha1 + + Variable DIGID_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable DIGID_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van strings (of objecten) met de gewenste attributen, bijvoorbeeld '["bsn"]' + Possible values No information available + Default value [{'name': 'bsn', 'required': True}] + + Variable DIGID_IDP_METADATA_FILE + Setting metadata identity provider + Description Het bestand met metadata van de identity provider. Deze wordt automatisch opgehaald via de ingestelde metadata-URL. + Possible values No information available + Default value No default + + Variable DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable DIGID_SERVICE_NAME + Setting servicenaam + Description Naam van de service die je aanbiedt. + Possible values string + Default value No default + + Variable DIGID_KEY_PASSPHRASE + Setting wachtwoordzin private-key + Description Wachtwoord voor de private-key voor de authenticatie-flow. + Possible values string + Default value No default + + Variable DIGID_TECHNICAL_CONTACT_PERSON_TELEPHONE + Setting technisch contactpersoon: telefoonnummer + Description Telefoonnummer van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het e-mailadres opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_IDP_SERVICE_ENTITY_ID + Setting identity provider service entity ID + Description Bijvoorbeeld: 'https://was-preprod1.digid.nl/saml/idp/metadata'. Merk op dat dit moet overeenkomen met het 'entityID'-attribuut op het 'md-EntityDescriptor'-element in de metadata van de identity provider. Dit wordt automatisch opgehaald via de ingestelde metadata-URL. + Possible values string + Default value No default + + Variable DIGID_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable DIGID_ORGANIZATION_URL + Setting organisatie-URL + Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable DIGID_BASE_URL + Setting Basis-URL + Description De basis-URL van de applicatie, zonder slash op het eind. + Possible values string + Default value No default diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index 79c8bbf6ef..1c6092b048 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -48,39 +48,45 @@ Detailed Information :: - Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID - Setting OpenID Connect client ID - Description OpenID Connect client ID provided by the OIDC Provider + Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET - Setting OpenID Connect secret - Description OpenID Connect secret provided by the OIDC Provider + Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO - Setting OpenID sign algorithm - Description Algorithm the Identity Provider uses to sign ID tokens - Possible values string - Default value HS256 + Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive number + Default value 32 - Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT - Setting Discovery endpoint - Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT - Setting JSON Web Key Set endpoint - Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT - Setting Authorization endpoint - Description URL of your OpenID Connect provider authorization endpoint + Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + Setting KVK claim name + Description The name of the claim in which the KVK of the user is stored + Possible values string + Default value kvk + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider Possible values string Default value No default @@ -90,9 +96,15 @@ Detailed Information Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT - Setting User endpoint - Description URL of your OpenID Connect provider userinfo endpoint + Variable EHERKENNING_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. + Possible values True, False + Default value No default + + Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). Possible values string Default value No default @@ -102,17 +114,23 @@ Detailed Information Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_USE_NONCE - Setting Use nonce - Description Controls whether the OpenID Connect client uses nonce verification - Possible values True, False - Default value True + Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint - Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE - Setting Nonce size - Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string representing a positive number - Default value 32 + Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 Variable EHERKENNING_OIDC_OIDC_STATE_SIZE Setting State size @@ -120,23 +138,23 @@ Detailed Information Possible values string representing a positive number Default value 32 + Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS Setting URLs exempt from session renewal Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. Possible values string, comma-delimited ('foo,bar,baz') Default value No default - Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE - Setting user information claims extracted from - Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint, id_token - Default value userinfo_endpoint - - Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT - Setting Logout endpoint - Description URL of your OpenID Connect provider logout endpoint - Possible values string - Default value No default + Variable EHERKENNING_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping @@ -144,26 +162,8 @@ Detailed Information Possible values No information available Default value No default - Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT - Setting Keycloak Identity Provider hint - Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). - Possible values string - Default value No default - - Variable EHERKENNING_OIDC_ENABLED - Setting enable - Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. - Possible values True, False - Default value No default - - Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME - Setting KVK claim name - Description The name of the claim in which the KVK of the user is stored - Possible values string - Default value kvk - Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST Setting OpenID Connect scopes Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider Possible values string, comma-delimited ('foo,bar,baz') - Default value ['openid', 'kvk'] + Default value openid, kvk diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index 22c47421b7..d771761388 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -12,12 +12,12 @@ Required: :: - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT - KIC_CONFIG_KLANTEN_API_CLIENT_ID - KIC_CONFIG_KLANTEN_API_CLIENT_SECRET - KIC_CONFIG_KLANTEN_API_ROOT + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID + KIC_CONFIG_KLANTEN_SERVICE_SECRET KIC_CONFIG_REGISTER_CONTACT_MOMENT KIC_CONFIG_REGISTER_TYPE @@ -27,12 +27,42 @@ All settings: :: - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT - KIC_CONFIG_KLANTEN_API_CLIENT_ID - KIC_CONFIG_KLANTEN_API_CLIENT_SECRET - KIC_CONFIG_KLANTEN_API_ROOT + KIC_CONFIG_CLIENT_CERTIFICATE_ID + KIC_CONFIG_CLIENT_CERTIFICATE_LABEL + KIC_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY + KIC_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE + KIC_CONFIG_CLIENT_CERTIFICATE_TYPE + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_TYPE + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_AUTH_TYPE + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_KEY + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_VALUE + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_ID + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_LABEL + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_NLX + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS_FILE + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_ID + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_REPRESENTATION + KIC_CONFIG_CONTACTMOMENTEN_SERVICE_UUID + KIC_CONFIG_ID + KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + KIC_CONFIG_KLANTEN_SERVICE_API_TYPE + KIC_CONFIG_KLANTEN_SERVICE_AUTH_TYPE + KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID + KIC_CONFIG_KLANTEN_SERVICE_HEADER_KEY + KIC_CONFIG_KLANTEN_SERVICE_HEADER_VALUE + KIC_CONFIG_KLANTEN_SERVICE_ID + KIC_CONFIG_KLANTEN_SERVICE_LABEL + KIC_CONFIG_KLANTEN_SERVICE_NLX + KIC_CONFIG_KLANTEN_SERVICE_OAS + KIC_CONFIG_KLANTEN_SERVICE_OAS_FILE + KIC_CONFIG_KLANTEN_SERVICE_SECRET + KIC_CONFIG_KLANTEN_SERVICE_USER_ID + KIC_CONFIG_KLANTEN_SERVICE_USER_REPRESENTATION + KIC_CONFIG_KLANTEN_SERVICE_UUID KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN KIC_CONFIG_REGISTER_CHANNEL KIC_CONFIG_REGISTER_CONTACT_MOMENT @@ -40,6 +70,11 @@ All settings: KIC_CONFIG_REGISTER_EMPLOYEE_ID KIC_CONFIG_REGISTER_TYPE KIC_CONFIG_SEND_EMAIL_CONFIRMATION + KIC_CONFIG_SERVER_CERTIFICATE_ID + KIC_CONFIG_SERVER_CERTIFICATE_LABEL + KIC_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY + KIC_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE + KIC_CONFIG_SERVER_CERTIFICATE_TYPE KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER @@ -48,29 +83,125 @@ Detailed Information :: - Variable KIC_CONFIG_REGISTER_EMAIL - Setting Registreer op email adres + Variable KIC_CONFIG_KLANTEN_SERVICE_SECRET + Setting secret Description No description Possible values string Default value No default - Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT - Setting Registreer in Contactmomenten API + Variable KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + Setting api root url Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_SERVER_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_SEND_EMAIL_CONFIRMATION + Setting Stuur contactformulier e-mailbevestiging + Description Indien ingeschakeld dan wordt het 'contactform_confimation' e-mailsjabloon gebruikt om een e-mailbevestiging te sturen na het insturen van het contactformulier. Indien uitgeschakeld dan wordt aangenomen dat de externe contactmomenten API (eg. eSuite) de e-mailbevestiging zal sturen Possible values True, False Default value No default + Variable KIC_CONFIG_KLANTEN_SERVICE_AUTH_TYPE + Setting authorization type + Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable KIC_CONFIG_KLANTEN_SERVICE_NLX + Setting NLX url + Description NLX (outway) address + Possible values string + Default value No default + Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN Setting Organisatie RSIN Description No description Possible values string Default value No default - Variable KIC_CONFIG_REGISTER_CHANNEL - Setting Contactmoment kanaal - Description De kanaal waarop nieuwe contactmomenten worden aangemaakt + Variable KIC_CONFIG_CLIENT_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available + Default value No default + + Variable KIC_CONFIG_SERVER_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate Possible values string - Default value contactformulier + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_UUID + Setting UUID + Description No description + Possible values No information available + Default value 98df2dde-736c-4d54-b0d0-c3c46df9ad1b + + Variable KIC_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID + Setting Medewerker identificatie + Description Gebruikersnaam van actieve medewerker uit e-Suite + Possible values string + Default value No default Variable KIC_CONFIG_REGISTER_TYPE Setting Contactmoment type @@ -78,9 +209,81 @@ Detailed Information Possible values string Default value Melding - Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID - Setting Medewerker identificatie - Description Gebruikersnaam van actieve medewerker uit e-Suite + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_HEADER_VALUE + Setting header value + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_CLIENT_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string + Default value No default + + Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT + Setting Registreer in Contactmomenten API + Description No description + Possible values True, False + Default value No default + + Variable KIC_CONFIG_REGISTER_CHANNEL + Setting Contactmoment kanaal + Description De kanaal waarop nieuwe contactmomenten worden aangemaakt + Possible values string + Default value contactformulier + + Variable KIC_CONFIG_CLIENT_CERTIFICATE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable KIC_CONFIG_SERVER_CERTIFICATE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_LABEL + Setting label + Description No description + Possible values string + Default value No default + + Variable KIC_CONFIG_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_VALUE + Setting header value + Description No description Possible values string Default value No default @@ -90,44 +293,86 @@ Detailed Information Possible values True, False Default value No default - Variable KIC_CONFIG_SEND_EMAIL_CONFIRMATION - Setting Stuur contactformulier e-mailbevestiging - Description Indien ingeschakeld dan wordt het 'contactform_confimation' e-mailsjabloon gebruikt om een e-mailbevestiging te sturen na het insturen van het contactformulier. Indien uitgeschakeld dan wordt aangenomen dat de externe contactmomenten API (eg. eSuite) de e-mailbevestiging zal sturen - Possible values True, False + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_ID + Setting ID + Description No description + Possible values No information available Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID - Setting Client ID of the Contactmomenten API + Variable KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID + Setting client id Description No description Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_SECRET - Setting Client Secret of the Contactmomenten API + Variable KIC_CONFIG_KLANTEN_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_LABEL + Setting label Description No description Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_API_ROOT - Setting Root URL of the Contactmomenten API + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_NLX + Setting NLX url + Description NLX (outway) address + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_API_TYPE + Setting type + Description No description + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_UUID + Setting UUID Description No description - Possible values string (URL) + Possible values No information available + Default value d130d5a3-fe6b-4930-8b7d-4ffd99fa5a7a + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. + Possible values string + Default value No default + + Variable KIC_CONFIG_KLANTEN_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string + Default value No default + + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. + Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_API_CLIENT_ID - Setting Client ID of the Klanten API + Variable KIC_CONFIG_REGISTER_EMAIL + Setting Registreer op email adres Description No description Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_API_CLIENT_SECRET - Setting Client Secret of the Klanten API + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_AUTH_TYPE + Setting authorization type Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable KIC_CONFIG_KLANTEN_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_API_ROOT - Setting Root URL of the Klanten API + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_TYPE + Setting type Description No description - Possible values string (URL) + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc Default value No default diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index 26c0db5189..8d47ad8c9d 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -98,21 +98,39 @@ Detailed Information :: - Variable SITE_NAME - Setting Naam - Description Naam van de gemeente + Variable SITE_LOGIN_2FA_SMS + Setting Log in met 2FA-met-SMS + Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen + Possible values True, False + Default value No default + + Variable SITE_KCM_SURVEY_LINK_URL + Setting Feedbackknop URL + Description De externe link achter de feedbackknop feedback. Possible values string Default value No default - Variable SITE_PRIMARY_COLOR - Setting Primaire kleur - Description Hoofdkleur van de gemeentesite/huisstijl + Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + Setting Verberg zoekbalk voor anonieme gebruiker + Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. + Possible values True, False + Default value No default + + Variable SITE_QUESTIONNAIRE_HELP_TEXT + Setting Helptekst vragenlijst/zelftest + Description De helptekst in de popup op de vragenlijst/zelftestpagina's Possible values string + Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. + + Variable SITE_SECONDARY_FONT_COLOR + Setting Secundaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is + Possible values #FFFFFF, #4B4B4B Default value #FFFFFF - Variable SITE_SECONDARY_COLOR - Setting Secundaire kleur - Description Secundaire kleur van de gemeentesite/huisstijl + Variable SITE_PRIMARY_COLOR + Setting Primaire kleur + Description Hoofdkleur van de gemeentesite/huisstijl Possible values string Default value #FFFFFF @@ -122,53 +140,35 @@ Detailed Information Possible values string Default value #FFFFFF - Variable SITE_PRIMARY_FONT_COLOR - Setting Primaire tekstkleur - Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is - Possible values #FFFFFF, #4B4B4B - Default value #FFFFFF - - Variable SITE_SECONDARY_FONT_COLOR - Setting Secundaire tekstkleur - Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is - Possible values #FFFFFF, #4B4B4B - Default value #FFFFFF + Variable SITE_KCM_SURVEY_LINK_TEXT + Setting Feedbackknop label + Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen + Possible values string + Default value No default - Variable SITE_ACCENT_FONT_COLOR - Setting Accent tekstkleur - Description De tekstkleur voor wanneer de achtergrond de accentkleur is - Possible values #FFFFFF, #4B4B4B - Default value #4B4B4B + Variable SITE_SELECT_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst widget + Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Possible values string + Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. - Variable SITE_WARNING_BANNER_ENABLED - Setting Toon waarschuwingsbanner - Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Variable SITE_EMAIL_VERIFICATION_REQUIRED + Setting E-mailverificatie vereist + Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren Possible values True, False Default value No default - Variable SITE_WARNING_BANNER_TEXT - Setting Tekstinhoud waarschuwingsbanner - Description De tekst die zichtbaar is in de waarschuwingsbanner + Variable SITE_MATOMO_URL + Setting Matamo server URL + Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. Possible values string Default value No default - Variable SITE_WARNING_BANNER_BACKGROUND_COLOR - Setting Waarschuwingsbanner achtergrond - Description Waarschuwingsbanner achtergrondkleur - Possible values string - Default value #FFDBAD - - Variable SITE_WARNING_BANNER_FONT_COLOR - Setting Waarschuwingsbanner tekst - Description De tekstkleur voor de waarschuwingsbanner + Variable SITE_PLANS_INTRO + Setting Introductietekst Samenwerken + Description Subtitel voor de planpagina. Possible values string - Default value #000000 - - Variable SITE_LOGIN_SHOW - Setting Toon inlogknop rechts bovenin - Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen - Possible values True, False - Default value True + Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. Variable SITE_LOGIN_ALLOW_REGISTRATION Setting Sta lokale registratie toe @@ -176,33 +176,9 @@ Detailed Information Possible values True, False Default value No default - Variable SITE_LOGIN_2FA_SMS - Setting Log in met 2FA-met-SMS - Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen - Possible values True, False - Default value No default - - Variable SITE_LOGIN_TEXT - Setting Login tekst - Description Deze tekst wordt getoond op de login pagina. - Possible values string - Default value No default - - Variable SITE_REGISTRATION_TEXT - Setting Registratie tekst - Description Deze tekst wordt getoond op de registratie pagina. - Possible values string - Default value No default - - Variable SITE_HOME_WELCOME_TITLE - Setting Koptekst homepage - Description Koptekst op de homepage - Possible values string - Default value Welkom - - Variable SITE_HOME_WELCOME_INTRO - Setting Introductietekst homepage - Description Introductietekst op de homepage + Variable SITE_NAME + Setting Naam + Description Naam van de gemeente Possible values string Default value No default @@ -212,101 +188,101 @@ Detailed Information Possible values string Default value Onderwerpen - Variable SITE_HOME_THEME_INTRO - Setting Onderwerpen introductietekst op de homepage - Description Introductietekst 'Onderwerpen' op de homepage + Variable SITE_SELECT_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst widget + Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. + Possible values string + Default value Keuze zelftest? + + Variable SITE_FOOTER_LOGO_TITLE + Setting Footer logo title + Description The title - help text of the footer logo. Possible values string Default value No default + Variable SITE_EHERKENNING_ENABLED + Setting eHerkenning authentication ingeschakeld + Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. + Possible values True, False + Default value No default + Variable SITE_THEME_TITLE Setting Onderwerpen titel Description Titel op de Onderwerpenpagina Possible values string Default value Onderwerpen - Variable SITE_THEME_INTRO - Setting Onderwerpen introductie - Description Introductietekst op de onderwerpenpagina - Possible values string - Default value No default - - Variable SITE_HOME_MAP_TITLE - Setting Koptekst van de kaart op de homepage - Description Koptekst van de kaart op de homepage + Variable SITE_PLAN_HELP_TEXT + Setting Helptekst samenwerken + Description De helptekst in de popup van de samenwerken-pagina's Possible values string - Default value In de buurt + Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. - Variable SITE_HOME_MAP_INTRO - Setting Introductietekst kaart - Description Introductietekst van de kaart op de homepage + Variable SITE_GTM_CODE + Setting Google Tag Manager code + Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. Possible values string Default value No default - Variable SITE_HOME_QUESTIONNAIRE_TITLE - Setting Titel vragenlijst homepage - Description Vragenlijst titel op de homepage. - Possible values string - Default value Waar bent u naar op zoek? - - Variable SITE_HOME_QUESTIONNAIRE_INTRO - Setting Introductietekst vragenlijst homepage - Description Vragenlijst introductietekst op de homepage. - Possible values string - Default value Test met een paar simpele vragen of u recht heeft op een product + Variable SITE_DISPLAY_SOCIAL + Setting Toon sociale media knoppen bij elk product + Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) + Possible values True, False + Default value True - Variable SITE_HOME_PRODUCT_FINDER_TITLE - Setting Productzoeker titel - Description Titel van de productzoeker op de homepage. - Possible values string - Default value Productzoeker + Variable SITE_EMAIL_NEW_MESSAGE + Setting Stuur een mail bij nieuwe berichten + Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. + Possible values True, False + Default value True - Variable SITE_HOME_PRODUCT_FINDER_INTRO - Setting Introductietekst productzoeker homepage - Description Introductietekst van de productzoeker op de homepage. + Variable SITE_PLANS_NO_PLANS_MESSAGE + Setting Standaardtekst geen samenwerkingen + Description Het bericht als een gebruiker nog geen plannen heeft. Possible values string - Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie + Default value U heeft nog geen plan gemaakt. - Variable SITE_SELECT_QUESTIONNAIRE_TITLE - Setting Titel vragenlijst widget - Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. + Variable SITE_GA_CODE + Setting Google Analytics code + Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. Possible values string - Default value Keuze zelftest? + Default value No default - Variable SITE_SELECT_QUESTIONNAIRE_INTRO - Setting Introductietekst vragenlijst widget - Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Variable SITE_ACCOUNT_HELP_TEXT + Setting Helptekst mijn profiel + Description De helptekst in de popup van de profielpagina's Possible values string - Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. + Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. - Variable SITE_PLANS_INTRO - Setting Introductietekst Samenwerken - Description Subtitel voor de planpagina. + Variable SITE_SITEIMPROVE_ID + Setting SiteImprove ID + Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. Possible values string - Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. + Default value No default - Variable SITE_PLANS_NO_PLANS_MESSAGE - Setting Standaardtekst geen samenwerkingen - Description Het bericht als een gebruiker nog geen plannen heeft. + Variable SITE_CONTACT_PAGE + Setting URL + Description URL van de contactpagina van de organisatie Possible values string - Default value U heeft nog geen plan gemaakt. + Default value No default - Variable SITE_PLANS_EDIT_MESSAGE - Setting Standaardtekst 'doel wijzigen' - Description Het bericht wanneer een gebruiker een doel wijzigt. - Possible values string - Default value Hier kunt u uw doel aanpassen + Variable SITE_MATOMO_SITE_ID + Setting Matamo site ID + Description De 'idsite' van de website in Matamo die getrackt dient te worden. + Possible values string representing a positive number + Default value No default - Variable SITE_FOOTER_LOGO_TITLE - Setting Footer logo title - Description The title - help text of the footer logo. + Variable SITE_COOKIE_INFO_TEXT + Setting Tekst cookiebanner informatie + Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. Possible values string - Default value No default + Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. - Variable SITE_FOOTER_LOGO_URL - Setting Footer logo link - Description The external link for the footer logo. + Variable SITE_HOME_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst homepage + Description Vragenlijst introductietekst op de homepage. Possible values string - Default value No default + Default value Test met een paar simpele vragen of u recht heeft op een product Variable SITE_HOME_HELP_TEXT Setting Helptekst homepage @@ -314,41 +290,59 @@ Detailed Information Possible values string Default value Welkom! Op dit scherm vindt u een overzicht van de verschillende onderwerpen en producten & diensten. - Variable SITE_THEME_HELP_TEXT - Setting Onderwerpen help - Description Helptekst in de popup op de onderwerpenpagina - Possible values string - Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. + Variable SITE_PRIMARY_FONT_COLOR + Setting Primaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is + Possible values #FFFFFF, #4B4B4B + Default value #FFFFFF - Variable SITE_PRODUCT_HELP_TEXT - Setting Helptekst producten - Description Helptekst in de popup van de productenpagina's + Variable SITE_HOME_PRODUCT_FINDER_TITLE + Setting Productzoeker titel + Description Titel van de productzoeker op de homepage. Possible values string - Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. + Default value Productzoeker - Variable SITE_SEARCH_HELP_TEXT - Setting Helptekst zoeken - Description De helptekst in de popup op de zoekpagina's + Variable SITE_CONTACT_PHONENUMBER + Setting Telefoonnummer + Description Telefoonnummer van de organisatie Possible values string - Default value Op dit scherm kunt u zoeken naar de producten en diensten. + Default value No default - Variable SITE_ACCOUNT_HELP_TEXT - Setting Helptekst mijn profiel - Description De helptekst in de popup van de profielpagina's + Variable SITE_ACCENT_FONT_COLOR + Setting Accent tekstkleur + Description De tekstkleur voor wanneer de achtergrond de accentkleur is + Possible values #FFFFFF, #4B4B4B + Default value #4B4B4B + + Variable SITE_OPENID_DISPLAY + Setting Toon optie om in te loggen via OpenID Connect + Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. + Possible values admin, regular + Default value admin + + Variable SITE_THEME_INTRO + Setting Onderwerpen introductie + Description Introductietekst op de onderwerpenpagina Possible values string - Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. + Default value No default - Variable SITE_QUESTIONNAIRE_HELP_TEXT - Setting Helptekst vragenlijst/zelftest - Description De helptekst in de popup op de vragenlijst/zelftestpagina's + Variable SITE_COOKIE_LINK_URL + Setting URL van de privacypagina + Description De link naar de pagina met het privacybeleid. Possible values string - Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. + Default value /pages/privacyverklaring/ - Variable SITE_PLAN_HELP_TEXT - Setting Helptekst samenwerken - Description De helptekst in de popup van de samenwerken-pagina's + Variable SITE_REDIRECT_TO + Setting Stuur niet-ingelogde gebruiker door naar + Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' Possible values string - Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. + Default value No default + + Variable SITE_WARNING_BANNER_ENABLED + Setting Toon waarschuwingsbanner + Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Possible values True, False + Default value No default Variable SITE_SEARCH_FILTER_CATEGORIES Setting Onderwerpenfilter toevoegen aan zoekresultaten @@ -362,101 +356,89 @@ Detailed Information Possible values True, False Default value True - Variable SITE_SEARCH_FILTER_ORGANIZATIONS - Setting Organisaties-filter toevoegen aan zoekresultaten - Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. - Possible values True, False - Default value True - - Variable SITE_EMAIL_NEW_MESSAGE - Setting Stuur een mail bij nieuwe berichten - Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. - Possible values True, False - Default value True - Variable SITE_RECIPIENTS_EMAIL_DIGEST Setting ontvangers e-mailsamenvatting Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. Possible values string, comma-delimited ('foo,bar,baz') Default value No default - Variable SITE_EMAIL_VERIFICATION_REQUIRED - Setting E-mailverificatie vereist - Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren - Possible values True, False - Default value No default - - Variable SITE_CONTACT_PHONENUMBER - Setting Telefoonnummer - Description Telefoonnummer van de organisatie + Variable SITE_LOGIN_TEXT + Setting Login tekst + Description Deze tekst wordt getoond op de login pagina. Possible values string Default value No default - Variable SITE_CONTACT_PAGE - Setting URL - Description URL van de contactpagina van de organisatie + Variable SITE_REGISTRATION_TEXT + Setting Registratie tekst + Description Deze tekst wordt getoond op de registratie pagina. Possible values string Default value No default - Variable SITE_GTM_CODE - Setting Google Tag Manager code - Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. + Variable SITE_HOME_WELCOME_TITLE + Setting Koptekst homepage + Description Koptekst op de homepage Possible values string - Default value No default + Default value Welkom - Variable SITE_GA_CODE - Setting Google Analytics code - Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. + Variable SITE_HOME_THEME_INTRO + Setting Onderwerpen introductietekst op de homepage + Description Introductietekst 'Onderwerpen' op de homepage Possible values string Default value No default - Variable SITE_MATOMO_URL - Setting Matamo server URL - Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. + Variable SITE_HOME_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst homepage + Description Vragenlijst titel op de homepage. Possible values string - Default value No default + Default value Waar bent u naar op zoek? - Variable SITE_MATOMO_SITE_ID - Setting Matamo site ID - Description De 'idsite' van de website in Matamo die getrackt dient te worden. - Possible values string representing a positive number - Default value No default + Variable SITE_PLANS_EDIT_MESSAGE + Setting Standaardtekst 'doel wijzigen' + Description Het bericht wanneer een gebruiker een doel wijzigt. + Possible values string + Default value Hier kunt u uw doel aanpassen - Variable SITE_SITEIMPROVE_ID - Setting SiteImprove ID - Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. + Variable SITE_FOOTER_LOGO_URL + Setting Footer logo link + Description The external link for the footer logo. Possible values string Default value No default - Variable SITE_COOKIE_INFO_TEXT - Setting Tekst cookiebanner informatie - Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. + Variable SITE_THEME_HELP_TEXT + Setting Onderwerpen help + Description Helptekst in de popup op de onderwerpenpagina Possible values string - Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. + Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. - Variable SITE_COOKIE_LINK_TEXT - Setting Tekst cookiebanner link - Description De tekst die wordt gebruikt als link naar de privacypagina. + Variable SITE_SEARCH_HELP_TEXT + Setting Helptekst zoeken + Description De helptekst in de popup op de zoekpagina's Possible values string - Default value Lees meer over ons cookiebeleid. + Default value Op dit scherm kunt u zoeken naar de producten en diensten. - Variable SITE_COOKIE_LINK_URL - Setting URL van de privacypagina - Description De link naar de pagina met het privacybeleid. + Variable SITE_SECONDARY_COLOR + Setting Secundaire kleur + Description Secundaire kleur van de gemeentesite/huisstijl Possible values string - Default value /pages/privacyverklaring/ + Default value #FFFFFF - Variable SITE_KCM_SURVEY_LINK_TEXT - Setting Feedbackknop label - Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen + Variable SITE_HOME_MAP_TITLE + Setting Koptekst van de kaart op de homepage + Description Koptekst van de kaart op de homepage Possible values string - Default value No default + Default value In de buurt - Variable SITE_KCM_SURVEY_LINK_URL - Setting Feedbackknop URL - Description De externe link achter de feedbackknop feedback. + Variable SITE_SEARCH_FILTER_ORGANIZATIONS + Setting Organisaties-filter toevoegen aan zoekresultaten + Description Of er organisatie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True + + Variable SITE_WARNING_BANNER_FONT_COLOR + Setting Waarschuwingsbanner tekst + Description De tekstkleur voor de waarschuwingsbanner Possible values string - Default value No default + Default value #000000 Variable SITE_OPENID_CONNECT_LOGIN_TEXT Setting OpenID Connect login tekst @@ -464,44 +446,62 @@ Detailed Information Possible values string Default value Login with Azure AD - Variable SITE_OPENID_DISPLAY - Setting Toon optie om in te loggen via OpenID Connect - Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. - Possible values admin, regular - Default value admin - - Variable SITE_REDIRECT_TO - Setting Stuur niet-ingelogde gebruiker door naar - Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' + Variable SITE_WARNING_BANNER_BACKGROUND_COLOR + Setting Waarschuwingsbanner achtergrond + Description Waarschuwingsbanner achtergrondkleur Possible values string - Default value No default + Default value #FFDBAD - Variable SITE_ALLOW_MESSAGES_FILE_SHARING - Setting Sta het delen van bestanden via Mijn Berichten toe - Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden + Variable SITE_LOGIN_SHOW + Setting Toon inlogknop rechts bovenin + Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen Possible values True, False Default value True + Variable SITE_HOME_WELCOME_INTRO + Setting Introductietekst homepage + Description Introductietekst op de homepage + Possible values string + Default value No default + + Variable SITE_HOME_MAP_INTRO + Setting Introductietekst kaart + Description Introductietekst van de kaart op de homepage + Possible values string + Default value No default + + Variable SITE_HOME_PRODUCT_FINDER_INTRO + Setting Introductietekst productzoeker homepage + Description Introductietekst van de productzoeker op de homepage. + Possible values string + Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie + + Variable SITE_PRODUCT_HELP_TEXT + Setting Helptekst producten + Description Helptekst in de popup van de productenpagina's + Possible values string + Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. + Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. Possible values True, False Default value No default - Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS - Setting Verberg zoekbalk voor anonieme gebruiker - Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. - Possible values True, False - Default value No default + Variable SITE_COOKIE_LINK_TEXT + Setting Tekst cookiebanner link + Description De tekst die wordt gebruikt als link naar de privacypagina. + Possible values string + Default value Lees meer over ons cookiebeleid. - Variable SITE_DISPLAY_SOCIAL - Setting Toon sociale media knoppen bij elk product - Description Maak het delen mogelijk van producten op sociale media (Facebook, LinkedIn...) + Variable SITE_ALLOW_MESSAGES_FILE_SHARING + Setting Sta het delen van bestanden via Mijn Berichten toe + Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden Possible values True, False Default value True - Variable SITE_EHERKENNING_ENABLED - Setting eHerkenning authentication ingeschakeld - Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. - Possible values True, False + Variable SITE_WARNING_BANNER_TEXT + Setting Tekstinhoud waarschuwingsbanner + Description De tekst die zichtbaar is in de waarschuwingsbanner + Possible values string Default value No default diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index a351ec325b..872fd4deda 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -12,18 +12,18 @@ Required: :: - ZGW_CONFIG_CATALOGI_API_CLIENT_ID - ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET - ZGW_CONFIG_CATALOGI_API_ROOT - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET - ZGW_CONFIG_DOCUMENTEN_API_ROOT - ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID - ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET - ZGW_CONFIG_FORMULIEREN_API_ROOT - ZGW_CONFIG_ZAAK_API_CLIENT_ID - ZGW_CONFIG_ZAAK_API_CLIENT_SECRET - ZGW_CONFIG_ZAAK_API_ROOT + ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + ZGW_CONFIG_CATALOGI_SERVICE_SECRET + ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT + ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID + ZGW_CONFIG_DOCUMENT_SERVICE_SECRET + ZGW_CONFIG_FORM_SERVICE_API_ROOT + ZGW_CONFIG_FORM_SERVICE_CLIENT_ID + ZGW_CONFIG_FORM_SERVICE_SECRET + ZGW_CONFIG_ZAAK_SERVICE_API_ROOT + ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID + ZGW_CONFIG_ZAAK_SERVICE_SECRET All settings: @@ -33,26 +33,85 @@ All settings: ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS - ZGW_CONFIG_CATALOGI_API_CLIENT_ID - ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET - ZGW_CONFIG_CATALOGI_API_ROOT - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET - ZGW_CONFIG_DOCUMENTEN_API_ROOT + ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + ZGW_CONFIG_CATALOGI_SERVICE_API_TYPE + ZGW_CONFIG_CATALOGI_SERVICE_AUTH_TYPE + ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + ZGW_CONFIG_CATALOGI_SERVICE_HEADER_KEY + ZGW_CONFIG_CATALOGI_SERVICE_HEADER_VALUE + ZGW_CONFIG_CATALOGI_SERVICE_ID + ZGW_CONFIG_CATALOGI_SERVICE_LABEL + ZGW_CONFIG_CATALOGI_SERVICE_NLX + ZGW_CONFIG_CATALOGI_SERVICE_OAS + ZGW_CONFIG_CATALOGI_SERVICE_OAS_FILE + ZGW_CONFIG_CATALOGI_SERVICE_SECRET + ZGW_CONFIG_CATALOGI_SERVICE_USER_ID + ZGW_CONFIG_CATALOGI_SERVICE_USER_REPRESENTATION + ZGW_CONFIG_CATALOGI_SERVICE_UUID + ZGW_CONFIG_CLIENT_CERTIFICATE_ID + ZGW_CONFIG_CLIENT_CERTIFICATE_LABEL + ZGW_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY + ZGW_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE + ZGW_CONFIG_CLIENT_CERTIFICATE_TYPE ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT + ZGW_CONFIG_DOCUMENT_SERVICE_API_TYPE + ZGW_CONFIG_DOCUMENT_SERVICE_AUTH_TYPE + ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID + ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_KEY + ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_VALUE + ZGW_CONFIG_DOCUMENT_SERVICE_ID + ZGW_CONFIG_DOCUMENT_SERVICE_LABEL + ZGW_CONFIG_DOCUMENT_SERVICE_NLX + ZGW_CONFIG_DOCUMENT_SERVICE_OAS + ZGW_CONFIG_DOCUMENT_SERVICE_OAS_FILE + ZGW_CONFIG_DOCUMENT_SERVICE_SECRET + ZGW_CONFIG_DOCUMENT_SERVICE_USER_ID + ZGW_CONFIG_DOCUMENT_SERVICE_USER_REPRESENTATION + ZGW_CONFIG_DOCUMENT_SERVICE_UUID ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN - ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID - ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET - ZGW_CONFIG_FORMULIEREN_API_ROOT + ZGW_CONFIG_FORM_SERVICE_API_ROOT + ZGW_CONFIG_FORM_SERVICE_API_TYPE + ZGW_CONFIG_FORM_SERVICE_AUTH_TYPE + ZGW_CONFIG_FORM_SERVICE_CLIENT_ID + ZGW_CONFIG_FORM_SERVICE_HEADER_KEY + ZGW_CONFIG_FORM_SERVICE_HEADER_VALUE + ZGW_CONFIG_FORM_SERVICE_ID + ZGW_CONFIG_FORM_SERVICE_LABEL + ZGW_CONFIG_FORM_SERVICE_NLX + ZGW_CONFIG_FORM_SERVICE_OAS + ZGW_CONFIG_FORM_SERVICE_OAS_FILE + ZGW_CONFIG_FORM_SERVICE_SECRET + ZGW_CONFIG_FORM_SERVICE_USER_ID + ZGW_CONFIG_FORM_SERVICE_USER_REPRESENTATION + ZGW_CONFIG_FORM_SERVICE_UUID + ZGW_CONFIG_ID ZGW_CONFIG_MAX_UPLOAD_SIZE ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_CONFIG_SERVER_CERTIFICATE_ID + ZGW_CONFIG_SERVER_CERTIFICATE_LABEL + ZGW_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY + ZGW_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE + ZGW_CONFIG_SERVER_CERTIFICATE_TYPE ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ZGW_CONFIG_TITLE_TEXT - ZGW_CONFIG_ZAAK_API_CLIENT_ID - ZGW_CONFIG_ZAAK_API_CLIENT_SECRET - ZGW_CONFIG_ZAAK_API_ROOT ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + ZGW_CONFIG_ZAAK_SERVICE_API_ROOT + ZGW_CONFIG_ZAAK_SERVICE_API_TYPE + ZGW_CONFIG_ZAAK_SERVICE_AUTH_TYPE + ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID + ZGW_CONFIG_ZAAK_SERVICE_HEADER_KEY + ZGW_CONFIG_ZAAK_SERVICE_HEADER_VALUE + ZGW_CONFIG_ZAAK_SERVICE_ID + ZGW_CONFIG_ZAAK_SERVICE_LABEL + ZGW_CONFIG_ZAAK_SERVICE_NLX + ZGW_CONFIG_ZAAK_SERVICE_OAS + ZGW_CONFIG_ZAAK_SERVICE_OAS_FILE + ZGW_CONFIG_ZAAK_SERVICE_SECRET + ZGW_CONFIG_ZAAK_SERVICE_USER_ID + ZGW_CONFIG_ZAAK_SERVICE_USER_REPRESENTATION + ZGW_CONFIG_ZAAK_SERVICE_UUID Detailed Information @@ -60,134 +119,488 @@ Detailed Information :: + Variable ZGW_CONFIG_DOCUMENT_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_SECRET + Setting secret + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default + Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY Setting Zaak vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim Default value openbaar - Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY - Setting Documenten vertrouwelijkheid - Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken - Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim - Default value openbaar + Variable ZGW_CONFIG_ID + Setting ID + Description No description + Possible values No information available + Default value No default - Variable ZGW_CONFIG_MAX_UPLOAD_SIZE - Setting Maximale upload grootte (in MB) - Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. - Possible values string representing a positive number - Default value 50 + Variable ZGW_CONFIG_FORM_SERVICE_API_TYPE + Setting type + Description No description + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc + Default value No default + + Variable ZGW_CONFIG_TITLE_TEXT + Setting Titel tekst + Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. + Possible values string + Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. + + Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + Setting Standaard actie deadline termijn in dagen + Description Aantal dagen voor gebruiker om actie te ondernemen. + Possible values string representing a number + Default value 15 + + Variable ZGW_CONFIG_CATALOGI_SERVICE_ID + Setting ID + Description No description + Possible values No information available + Default value No default Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS Setting allowed file extensions Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. Possible values string, comma-delimited ('foo,bar,baz') - Default value ['bmp', 'doc', 'docx', 'gif', 'jpeg', 'jpg', 'msg', 'pdf', 'png', 'ppt', 'pptx', 'rtf', 'tiff', 'txt', 'vsd', 'xls', 'xlsx'] + Default value bmp, doc, docx, gif, jpeg, jpg, msg, pdf, png, ppt, pptx, rtf, tiff, txt, vsd, xls, xlsx - Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN - Setting Maak gebruik van StatusType.informeren workaround (eSuite) - Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. - Possible values True, False + Variable ZGW_CONFIG_FORM_SERVICE_LABEL + Setting label + Description No description + Possible values string Default value No default - Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE - Setting Converteer eSuite zaaknummers - Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). + Variable ZGW_CONFIG_SERVER_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable ZGW_CONFIG_CLIENT_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_HEADER_VALUE + Setting header value + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_LABEL + Setting label + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken + Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker Possible values True, False Default value No default + Variable ZGW_CONFIG_ZAAK_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_UUID + Setting UUID + Description No description + Possible values No information available + Default value fbcc5878-4728-48b7-b5bd-78b06a972d4f + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. Possible values True, False Default value No default - Variable ZGW_CONFIG_TITLE_TEXT - Setting Titel tekst - Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. + Variable ZGW_CONFIG_DOCUMENT_SERVICE_SECRET + Setting secret + Description No description Possible values string - Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. + Default value No default - Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN - Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken - Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker - Possible values True, False + Variable ZGW_CONFIG_MAX_UPLOAD_SIZE + Setting Maximale upload grootte (in MB) + Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. + Possible values string representing a positive number + Default value 50 + + Variable ZGW_CONFIG_CATALOGI_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available Default value No default - Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS - Setting Standaard actie deadline termijn in dagen - Description Aantal dagen voor gebruiker om actie te ondernemen. - Possible values string representing a number - Default value 15 + Variable ZGW_CONFIG_CATALOGI_SERVICE_LABEL + Setting label + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_NLX + Setting NLX url + Description NLX (outway) address + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default - Variable ZGW_CONFIG_CATALOGI_API_CLIENT_ID - Setting Client ID of the Catalogi API + Variable ZGW_CONFIG_CATALOGI_SERVICE_HEADER_VALUE + Setting header value Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CATALOGI_API_CLIENT_SECRET - Setting Client Secret of the Catalogi API + Variable ZGW_CONFIG_ZAAK_SERVICE_SECRET + Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CATALOGI_API_ROOT - Setting Root URL of the Catalogi API + Variable ZGW_CONFIG_CATALOGI_SERVICE_API_TYPE + Setting type Description No description - Possible values string (URL) + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc + Default value No default + + Variable ZGW_CONFIG_SERVER_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID - Setting Client ID of the Documenten API + Variable ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_VALUE + Setting header value Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENTEN_API_CLIENT_SECRET - Setting Client Secret of the Documenten API + Variable ZGW_CONFIG_ZAAK_SERVICE_API_TYPE + Setting type Description No description + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc + Default value No default + + Variable ZGW_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_NLX + Setting NLX url + Description NLX (outway) address Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENTEN_API_ROOT - Setting Root URL of the Documenten API + Variable ZGW_CONFIG_DOCUMENT_SERVICE_ID + Setting ID Description No description - Possible values string (URL) + Possible values No information available Default value No default - Variable ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID - Setting Client ID of the Formulieren API + Variable ZGW_CONFIG_ZAAK_SERVICE_UUID + Setting UUID Description No description + Possible values No information available + Default value 20e4ecdf-a065-4164-8e80-6f612fcd4193 + + Variable ZGW_CONFIG_FORM_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_CLIENT_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate Possible values string Default value No default - Variable ZGW_CONFIG_FORMULIEREN_API_CLIENT_SECRET - Setting Client Secret of the Formulieren API + Variable ZGW_CONFIG_DOCUMENT_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_AUTH_TYPE + Setting authorization type Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable ZGW_CONFIG_FORM_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. Possible values string Default value No default - Variable ZGW_CONFIG_FORMULIEREN_API_ROOT - Setting Root URL of the Formulieren API + Variable ZGW_CONFIG_DOCUMENT_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_UUID + Setting UUID + Description No description + Possible values No information available + Default value 296d4ead-3d27-48d0-ae6d-dcd4454795e5 + + Variable ZGW_CONFIG_CATALOGI_SERVICE_UUID + Setting UUID Description No description - Possible values string (URL) + Possible values No information available + Default value 19873485-41a8-41ae-8821-7405c22b8ae2 + + Variable ZGW_CONFIG_FORM_SERVICE_NLX + Setting NLX url + Description NLX (outway) address + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_USER_REPRESENTATION + Setting user representation + Description Human readable representation of the user. + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_USER_ID + Setting user ID + Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. + Possible values string + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_NLX + Setting NLX url + Description NLX (outway) address + Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_API_CLIENT_ID - Setting Client ID of the Zaak API + Variable ZGW_CONFIG_ZAAK_SERVICE_HEADER_VALUE + Setting header value Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_API_CLIENT_SECRET - Setting Client Secret of the Zaak API + Variable ZGW_CONFIG_FORM_SERVICE_SECRET + Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_API_ROOT - Setting Root URL of the Zaak API + Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_TYPE + Setting type Description No description - Possible values string (URL) + Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string + Default value No default + + Variable ZGW_CONFIG_FORM_SERVICE_HEADER_KEY + Setting header key + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_AUTH_TYPE + Setting authorization type + Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable ZGW_CONFIG_CLIENT_CERTIFICATE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_SERVER_CERTIFICATE_ID + Setting ID + Description No description + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_AUTH_TYPE + Setting authorization type + Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + Setting Converteer eSuite zaaknummers + Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). + Possible values True, False + Default value No default + + Variable ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + Setting Documenten vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim + Default value openbaar + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_OAS_FILE + Setting OAS file + Description OAS yaml file + Possible values No information available + Default value No default + + Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + Setting Maak gebruik van StatusType.informeren workaround (eSuite) + Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. + Possible values True, False + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_LABEL + Setting label + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT + Setting api root url + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + Setting client id + Description No description + Possible values string + Default value No default + + Variable ZGW_CONFIG_DOCUMENT_SERVICE_AUTH_TYPE + Setting authorization type + Description No description + Possible values no_auth, api_key, zgw + Default value zgw + + Variable ZGW_CONFIG_FORM_SERVICE_OAS + Setting OAS url + Description URL to OAS yaml file + Possible values string Default value No default diff --git a/src/open_inwoner/configurations/bootstrap/dataclasses.py b/src/open_inwoner/configurations/bootstrap/dataclasses.py new file mode 100644 index 0000000000..fc4f396519 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/dataclasses.py @@ -0,0 +1,16 @@ +from dataclasses import dataclass + + +@dataclass(frozen=True, eq=True) +class ConfigField: + name: str + verbose_name: str + description: str + default_value: str + values: str + + +@dataclass +class Fields: + all: set[ConfigField] + required: set[ConfigField] diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py index 9f0fbc3cab..a2071a9fa2 100644 --- a/src/open_inwoner/configurations/bootstrap/models.py +++ b/src/open_inwoner/configurations/bootstrap/models.py @@ -2,7 +2,12 @@ from dataclasses import dataclass, field from typing import Any, Iterator, TypeAlias +from django.contrib.postgres.fields import ArrayField from django.db.models.fields import NOT_PROVIDED +from django.db.models.fields.json import JSONField +from django.db.models.fields.related import ForeignKey, OneToOneField + +from digid_eherkenning.models import DigidConfiguration from digid_eherkenning_oidc_generics.models import ( OpenIDConnectDigiDConfig, @@ -12,6 +17,8 @@ from open_inwoner.openklant.models import OpenKlantConfig from open_inwoner.openzaak.models import OpenZaakConfig +from .dataclasses import ConfigField, Fields + ConfigModel: TypeAlias = ( SiteConfiguration | OpenKlantConfig @@ -21,38 +28,22 @@ ) -@dataclass(frozen=True) -class ConfigField: - name: str - verbose_name: str - description: str - default_value: str - values: str - - -@dataclass -class Fields: - all: list[ConfigField] - required: list[ConfigField] - - class ConfigSettingsBase: model: ConfigModel display_name: str namespace: str - api_fields: tuple[str, ...] required_fields: tuple[str, ...] + included_fields: tuple[str, ...] excluded_fields: tuple[str, ...] - api_fields: tuple[str, ...] def __init__(self): - self.config_fields = Fields(all=[], required=[]) + self.config_fields = Fields(all=set(), required=set()) - self.populate_fields( - required=self.required_fields, - excluded=self.excluded_fields, - model_fields=self.create_model_config_fields(), - api_fields=self.create_api_config_fields(), + self.create_model_config_fields( + require=self.required_fields, + exclude=self.excluded_fields, + include=self.included_fields, + model=self.model, ) @classmethod @@ -67,6 +58,11 @@ def get_default_value(field: Any) -> str: return "No default" if callable(default): default = default.__call__() + if isinstance(field, (JSONField, ArrayField)): + try: + default = ", ".join(default) + except TypeError: + default = str(default) return default @@ -96,66 +92,58 @@ def get_example_values(field: Any) -> str: case _: return "No information available" - def create_model_config_fields(self) -> Iterator[ConfigField]: - model_fields = ( + def get_model_fields(self, model) -> Iterator[Any]: + return ( field - for field in self.model._meta.concrete_fields + for field in model._meta.concrete_fields if field.name not in self.__class__.excluded_fields ) - return ( - ConfigField( - name=model_field.name, - verbose_name=model_field.verbose_name, - description=model_field.help_text, - default_value=self.get_default_value(model_field), - values=self.get_example_values(model_field), - ) - for model_field in model_fields - ) - - def create_single_api_config_field(self, api_field: str) -> ConfigField: - api_type = api_field.split("_api_")[0].capitalize() - - if "api_root" in api_field: - verbose_name = f"Root URL of the {api_type} API" - values = "string (URL)" - elif "api_client_id" in api_field: - verbose_name = f"Client ID of the {api_type} API" - values = "string" - else: - verbose_name = f"Client Secret of the {api_type} API" - values = "string" - - return ConfigField( - name=api_field, - verbose_name=verbose_name, - description="No description", - default_value="No default", - values=values, - ) - - def create_api_config_fields(self) -> Iterator[ConfigField]: - return ( - self.create_single_api_config_field(field_name) - for field_name in self.api_fields - ) - - def populate_fields( + def create_model_config_fields( self, - required: tuple[str, ...], - excluded: tuple[str, ...], - model_fields: Iterator[ConfigField], - api_fields: Iterator[ConfigField], + require: tuple[str, ...], + exclude: tuple[str, ...], + include: tuple[str, ...], + model: Any, + relating_field: Any = None, ) -> None: - for config_field in model_fields: - self.config_fields.all.append(config_field) - if config_field.name in self.required_fields: - self.config_fields.required.append(config_field) - for config_field in api_fields: - self.config_fields.all.append(config_field) - self.config_fields.required.append(config_field) + model_fields = self.get_model_fields(model) + + for model_field in model_fields: + if isinstance(model_field, (ForeignKey, OneToOneField)): + self.create_model_config_fields( + require=require, + exclude=exclude, + include=include, + model=model_field.related_model, + relating_field=model_field, + ) + else: + # model field name could be "api_root", + # but we need "xyz_service_api_root" (or similar) for consistency + if relating_field: + name = f"{relating_field.name}_{model_field.name}" + else: + name = model_field.name + + config_field = ConfigField( + name=name, + verbose_name=model_field.verbose_name, + description=model_field.help_text, + default_value=self.get_default_value(model_field), + values=self.get_example_values(model_field), + ) + # whitelist or blacklist + if ( + config_field.name in self.included_fields + or config_field not in self.excluded_fields + ): + self.config_fields.all.add(config_field) + if config_field.name in self.required_fields: + self.config_fields.required.add(config_field) + + # TODO: delegate image field, file field etc. to handler functions/classes def get_required_settings(self) -> tuple[str, ...]: return tuple( @@ -170,13 +158,13 @@ class SiteConfigurationSettings(ConfigSettingsBase): model = SiteConfiguration display_name = "General Configuration" namespace = "SITE" - api_fields = tuple() required_fields = ( "name", "primary_color", "secondary_color", "accent_color", ) + included_fields = () excluded_fields = ( "id", "email_logo", @@ -194,47 +182,59 @@ class KICConfigurationSettings(ConfigSettingsBase): model = OpenKlantConfig display_name = "Klanten Configuration" namespace = "KIC_CONFIG" - api_fields = ( - "contactmomenten_api_client_id", - "contactmomenten_api_client_secret", - "contactmomenten_api_root", - "klanten_api_client_id", - "klanten_api_client_secret", - "klanten_api_root", - ) - required_fields = api_fields + ( + required_fields = ( + "contactmomenten_service_client_id", + "contactmomenten_service_secret", + "contactmomenten_service_api_root", + "klanten_service_client_id", + "klanten_service_secret", + "klanten_service_api_root", "register_type", "register_contact_moment", ) - excluded_fields = ("id", "klanten_service", "contactmomenten_service") + included_fields = required_fields + ( + "register_bronorganisatie_rsin", + "register_channel", + "register_contact_moment", + "register_email", + "register_employee_id", + "register_type", + "use_rsin_for_innnnpid_query_parameter", + ) + excluded_fields = () class ZGWConfigurationSettings(ConfigSettingsBase): model = OpenZaakConfig display_name = "ZGW Configuration" namespace = "ZGW_CONFIG" - api_fields = ( - "catalogi_api_client_id", - "catalogi_api_client_secret", - "catalogi_api_root", - "documenten_api_client_id", - "documenten_api_client_secret", - "documenten_api_root", - "formulieren_api_client_id", - "formulieren_api_client_secret", - "formulieren_api_root", - "zaak_api_client_id", - "zaak_api_client_secret", - "zaak_api_root", + required_fields = ( + "catalogi_service_client_id", + "catalogi_service_secret", + "catalogi_service_api_root", + "document_service_client_id", + "document_service_secret", + "document_service_api_root", + "form_service_client_id", + "form_service_secret", + "form_service_api_root", + "zaak_service_client_id", + "zaak_service_secret", + "zaak_service_api_root", ) - required_fields = api_fields - excluded_fields = ( - "id", - "catalogi_service", - "document_service", - "form_service", - "zaak_service", + included_fields = required_fields + ( + "action_required_deadline_days", + "allowed_file_extensions", + "document_max_confidentiality", + "enable_categories_filtering_with_zaken", + "fetch_eherkenning_zaken_with_rsin", + "max_upload_size", + "reformat_esuite_zaak_identificatie", + "skip_notification_statustype_informeren", + "title_text", + "zaak_max_confidentiality", ) + excluded_fields = () class DigiDOIDCConfigurationSettings(ConfigSettingsBase): @@ -243,6 +243,26 @@ class DigiDOIDCConfigurationSettings(ConfigSettingsBase): namespace = "DIGID_OIDC" api_fields = tuple() required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + included_fields = tuple() + excluded_fields = ("id",) + + +class DigiDSAMLConfigurationSettings(ConfigSettingsBase): + model = DigidConfiguration + display_name = "DigiD SAML Configuration" + namespace = "DIGID" + api_fields = tuple() + required_fields = ( + "certificate_label", + "certificate_type", + "certificate_public_certificate", + "metadata_file_source", + "entity_id", + "base_url", + "service_name", + "service_description", + ) + included_fields = () excluded_fields = ("id",) @@ -252,6 +272,7 @@ class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): namespace = "EHERKENNING_OIDC" api_fields = tuple() required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + included_fields = tuple() excluded_fields = ("id",) @@ -260,9 +281,12 @@ class ConfigurationSettingsMap: siteconfig: type = field(default=SiteConfigurationSettings) kic: type = field(default=KICConfigurationSettings) zgw: type = field(default=ZGWConfigurationSettings) + digid_saml: type = field(default=DigiDSAMLConfigurationSettings) digid_oidc: type = field(default=DigiDOIDCConfigurationSettings) eherkenning_oidc: type = field(default=eHerkenningDOIDCConfigurationSettings) + # TODO: admin_oidc, eherkenning_saml + @classmethod def get_fields(cls): return tuple(field.default for field in dataclasses.fields(cls)) From 8162dec060468f32a822519776d0d984c501bce6 Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Sun, 28 Apr 2024 12:31:39 +0200 Subject: [PATCH 6/9] [#2297] PR feedback --- docs/configuration/digid_oidc.rst | 114 ++-- docs/configuration/digid_saml.rst | 178 +++--- docs/configuration/eherkenning_oidc.rst | 120 ++-- docs/configuration/kic.rst | 302 +--------- docs/configuration/siteconfig.rst | 544 +++++++++--------- docs/configuration/zgw.rst | 505 ++-------------- .../configurations/bootstrap/choices.py | 13 + .../configurations/bootstrap/dataclasses.py | 6 +- .../configurations/bootstrap/models.py | 102 ++-- .../configurations/bootstrap/siteconfig.py | 9 +- .../commands/generate_config_docs.py | 11 +- 11 files changed, 619 insertions(+), 1285 deletions(-) create mode 100644 src/open_inwoner/configurations/bootstrap/choices.py diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 28f4492615..18c0a6fb02 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -52,24 +52,36 @@ Detailed Information Setting enable Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for DigiD authentication. Possible values True, False - Default value No default + Default value False - Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT - Setting JSON Web Key Set endpoint - Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values No information available + Default value + + Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME + Setting BSN claim name + Description The name of the claim in which the BSN of the user is stored Possible values string - Default value No default + Default value bsn - Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT - Setting Logout endpoint - Description URL of your OpenID Connect provider logout endpoint + Variable DIGID_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). Possible values string Default value No default Variable DIGID_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string representing a positive number + Possible values string representing a positive integer Default value 32 Variable DIGID_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT @@ -78,21 +90,21 @@ Detailed Information Possible values string Default value No default - Variable DIGID_OIDC_OIDC_RP_CLIENT_ID - Setting OpenID Connect client ID - Description OpenID Connect client ID provided by the OIDC Provider + Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. Possible values string Default value No default - Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST - Setting OpenID Connect scopes - Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Possible values string, comma-delimited ('foo,bar,baz') - Default value openid, bsn + Variable DIGID_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string + Default value No default - Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET - Setting OpenID Connect secret - Description OpenID Connect secret provided by the OIDC Provider + Variable DIGID_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint Possible values string Default value No default @@ -102,36 +114,36 @@ Detailed Information Possible values string Default value No default - Variable DIGID_OIDC_OIDC_KEYCLOAK_IDP_HINT - Setting Keycloak Identity Provider hint - Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint Possible values string Default value No default - Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY - Setting Sign key - Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Variable DIGID_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider Possible values string Default value No default - Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME - Setting BSN claim name - Description The name of the claim in which the BSN of the user is stored + Variable DIGID_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider Possible values string - Default value bsn - - Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE - Setting user information claims extracted from - Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint, id_token - Default value userinfo_endpoint + Default value No default - Variable DIGID_OIDC_OIDC_OP_DISCOVERY_ENDPOINT - Setting Discovery endpoint - Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Variable DIGID_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. Possible values string Default value No default + Variable DIGID_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, bsn + Variable DIGID_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm Description Algorithm the Identity Provider uses to sign ID tokens @@ -141,29 +153,17 @@ Detailed Information Variable DIGID_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Possible values string representing a positive number + Possible values string representing a positive integer Default value 32 - Variable DIGID_OIDC_OIDC_OP_USER_ENDPOINT - Setting User endpoint - Description URL of your OpenID Connect provider userinfo endpoint - Possible values string - Default value No default - - Variable DIGID_OIDC_OIDC_EXEMPT_URLS - Setting URLs exempt from session renewal - Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. - Possible values string, comma-delimited ('foo,bar,baz') - Default value No default - Variable DIGID_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification Possible values True, False Default value True - Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING - Setting Error message mapping - Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values No information available - Default value No default + Variable DIGID_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst index a976ee6f78..8c1b70eb81 100644 --- a/docs/configuration/digid_saml.rst +++ b/docs/configuration/digid_saml.rst @@ -58,59 +58,83 @@ Detailed Information :: - Variable DIGID_METADATA_FILE_SOURCE - Setting (XML) metadata-URL - Description De URL waar het XML metadata-bestand kan gedownload worden. + Variable DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE + Setting Content-Type 'resolve artifact binding' + Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. + Possible values application/soap+xml, text/xml + Default value application/soap+xml + + Variable DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting Attribute consuming service index + Description Attribute consuming service index Possible values string - Default value No default + Default value 1 - Variable DIGID_SIGNATURE_ALGORITHM - Setting signature algorithm - Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). - Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + Variable DIGID_BASE_URL + Setting Basis-URL + Description De basis-URL van de applicatie, zonder slash op het eind. + Possible values string + Default value No default - Variable DIGID_SERVICE_DESCRIPTION - Setting Service-omschrijving - Description Een beschrijving van de service die je aanbiedt. + Variable DIGID_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate Possible values string Default value No default + Variable DIGID_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable DIGID_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable DIGID_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable DIGID_DIGEST_ALGORITHM + Setting digest algorithm + Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. + Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 + Default value http://www.w3.org/2000/09/xmldsig#sha1 + Variable DIGID_ENTITY_ID Setting entity ID Description Service provider entity ID. Possible values string Default value No default - Variable DIGID_WANT_ASSERTIONS_ENCRYPTED - Setting versleutel assertions - Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. - Possible values True, False + Variable DIGID_IDP_METADATA_FILE + Setting metadata identity provider + Description Het bestand met metadata van de identity provider. Deze wordt automatisch opgehaald via de ingestelde metadata-URL. + Possible values No information available Default value No default - Variable DIGID_CERTIFICATE_LABEL - Setting label - Description Recognisable label for the certificate + Variable DIGID_IDP_SERVICE_ENTITY_ID + Setting identity provider service entity ID + Description Bijvoorbeeld: 'https://was-preprod1.digid.nl/saml/idp/metadata'. Merk op dat dit moet overeenkomen met het 'entityID'-attribuut op het 'md-EntityDescriptor'-element in de metadata van de identity provider. Dit wordt automatisch opgehaald via de ingestelde metadata-URL. Possible values string Default value No default - Variable DIGID_TECHNICAL_CONTACT_PERSON_EMAIL - Setting technisch contactpersoon: e-mailadres - Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. + Variable DIGID_KEY_PASSPHRASE + Setting wachtwoordzin private-key + Description Wachtwoord voor de private-key voor de authenticatie-flow. Possible values string Default value No default - Variable DIGID_WANT_ASSERTIONS_SIGNED - Setting onderteken assertions - Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. - Possible values True, False - Default value True - - Variable DIGID_ARTIFACT_RESOLVE_CONTENT_TYPE - Setting Content-Type 'resolve artifact binding' - Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. - Possible values application/soap+xml, text/xml - Default value application/soap+xml + Variable DIGID_METADATA_FILE_SOURCE + Setting (XML) metadata-URL + Description De URL waar het XML metadata-bestand kan gedownload worden. + Possible values string + Default value Variable DIGID_ORGANIZATION_NAME Setting organisatienaam @@ -118,28 +142,10 @@ Detailed Information Possible values string Default value No default - Variable DIGID_SLO - Setting Single logout - Description Single Logout is beschikbaar indien ingeschakeld - Possible values True, False - Default value True - - Variable DIGID_ATTRIBUTE_CONSUMING_SERVICE_INDEX - Setting Attribute consuming service index - Description Attribute consuming service index + Variable DIGID_ORGANIZATION_URL + Setting organisatie-URL + Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. Possible values string - Default value 1 - - Variable DIGID_DIGEST_ALGORITHM - Setting digest algorithm - Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. - Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 - Default value http://www.w3.org/2000/09/xmldsig#sha1 - - Variable DIGID_CERTIFICATE_PRIVATE_KEY - Setting private key - Description The content of the private key - Possible values No information available Default value No default Variable DIGID_REQUESTED_ATTRIBUTES @@ -148,16 +154,10 @@ Detailed Information Possible values No information available Default value [{'name': 'bsn', 'required': True}] - Variable DIGID_IDP_METADATA_FILE - Setting metadata identity provider - Description Het bestand met metadata van de identity provider. Deze wordt automatisch opgehaald via de ingestelde metadata-URL. - Possible values No information available - Default value No default - - Variable DIGID_CERTIFICATE_PUBLIC_CERTIFICATE - Setting public certificate - Description The content of the certificate - Possible values No information available + Variable DIGID_SERVICE_DESCRIPTION + Setting Service-omschrijving + Description Een beschrijving van de service die je aanbiedt. + Possible values string Default value No default Variable DIGID_SERVICE_NAME @@ -166,9 +166,21 @@ Detailed Information Possible values string Default value No default - Variable DIGID_KEY_PASSPHRASE - Setting wachtwoordzin private-key - Description Wachtwoord voor de private-key voor de authenticatie-flow. + Variable DIGID_SIGNATURE_ALGORITHM + Setting signature algorithm + Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). + Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + + Variable DIGID_SLO + Setting Single logout + Description Single Logout is beschikbaar indien ingeschakeld + Possible values True, False + Default value True + + Variable DIGID_TECHNICAL_CONTACT_PERSON_EMAIL + Setting technisch contactpersoon: e-mailadres + Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. Possible values string Default value No default @@ -178,26 +190,14 @@ Detailed Information Possible values string Default value No default - Variable DIGID_IDP_SERVICE_ENTITY_ID - Setting identity provider service entity ID - Description Bijvoorbeeld: 'https://was-preprod1.digid.nl/saml/idp/metadata'. Merk op dat dit moet overeenkomen met het 'entityID'-attribuut op het 'md-EntityDescriptor'-element in de metadata van de identity provider. Dit wordt automatisch opgehaald via de ingestelde metadata-URL. - Possible values string - Default value No default - - Variable DIGID_CERTIFICATE_TYPE - Setting type - Description Is this only a certificate or is there an associated private key? - Possible values key_pair, cert_only - Default value No default - - Variable DIGID_ORGANIZATION_URL - Setting organisatie-URL - Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. - Possible values string - Default value No default + Variable DIGID_WANT_ASSERTIONS_ENCRYPTED + Setting versleutel assertions + Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. + Possible values True, False + Default value False - Variable DIGID_BASE_URL - Setting Basis-URL - Description De basis-URL van de applicatie, zonder slash op het eind. - Possible values string - Default value No default + Variable DIGID_WANT_ASSERTIONS_SIGNED + Setting onderteken assertions + Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. + Possible values True, False + Default value True diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index 1c6092b048..cb966f1fe2 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -48,22 +48,40 @@ Detailed Information :: - Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT - Setting JSON Web Key Set endpoint - Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Variable EHERKENNING_OIDC_ENABLED + Setting enable + Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. + Possible values True, False + Default value False + + Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING + Setting Error message mapping + Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user + Possible values No information available + Default value + + Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME + Setting KVK claim name + Description The name of the claim in which the KVK of the user is stored Possible values string - Default value No default + Default value kvk - Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT - Setting Logout endpoint - Description URL of your OpenID Connect provider logout endpoint + Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT + Setting Keycloak Identity Provider hint + Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). Possible values string Default value No default Variable EHERKENNING_OIDC_OIDC_NONCE_SIZE Setting Nonce size Description Sets the length of the random string used for OpenID Connect nonce verification - Possible values string representing a positive number + Possible values string representing a positive integer Default value 32 Variable EHERKENNING_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT @@ -72,21 +90,21 @@ Detailed Information Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID - Setting OpenID Connect client ID - Description OpenID Connect client ID provided by the OIDC Provider + Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. Possible values string Default value No default - Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME - Setting KVK claim name - Description The name of the claim in which the KVK of the user is stored + Variable EHERKENNING_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. Possible values string - Default value kvk + Default value No default - Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET - Setting OpenID Connect secret - Description OpenID Connect secret provided by the OIDC Provider + Variable EHERKENNING_OIDC_OIDC_OP_LOGOUT_ENDPOINT + Setting Logout endpoint + Description URL of your OpenID Connect provider logout endpoint Possible values string Default value No default @@ -96,15 +114,21 @@ Detailed Information Possible values string Default value No default - Variable EHERKENNING_OIDC_ENABLED - Setting enable - Description Indicates whether OpenID Connect for authentication/authorization is enabled. This overrides overrides the usage of SAML for eHerkenning authentication. - Possible values True, False + Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string Default value No default - Variable EHERKENNING_OIDC_OIDC_KEYCLOAK_IDP_HINT - Setting Keycloak Identity Provider hint - Description Specific for Keycloak: parameter that indicates which identity provider should be used (therefore skipping the Keycloak login screen). + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + Default value No default + + Variable EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider Possible values string Default value No default @@ -114,17 +138,11 @@ Detailed Information Possible values string Default value No default - Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE - Setting user information claims extracted from - Description Indicates the source from which the user information claims should be extracted. - Possible values userinfo_endpoint, id_token - Default value userinfo_endpoint - - Variable EHERKENNING_OIDC_OIDC_OP_DISCOVERY_ENDPOINT - Setting Discovery endpoint - Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. - Possible values string - Default value No default + Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, kvk Variable EHERKENNING_OIDC_OIDC_RP_SIGN_ALGO Setting OpenID sign algorithm @@ -135,35 +153,17 @@ Detailed Information Variable EHERKENNING_OIDC_OIDC_STATE_SIZE Setting State size Description Sets the length of the random string used for OpenID Connect state verification - Possible values string representing a positive number + Possible values string representing a positive integer Default value 32 - Variable EHERKENNING_OIDC_OIDC_OP_USER_ENDPOINT - Setting User endpoint - Description URL of your OpenID Connect provider userinfo endpoint - Possible values string - Default value No default - - Variable EHERKENNING_OIDC_OIDC_EXEMPT_URLS - Setting URLs exempt from session renewal - Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. - Possible values string, comma-delimited ('foo,bar,baz') - Default value No default - Variable EHERKENNING_OIDC_OIDC_USE_NONCE Setting Use nonce Description Controls whether the OpenID Connect client uses nonce verification Possible values True, False Default value True - Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING - Setting Error message mapping - Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values No information available - Default value No default - - Variable EHERKENNING_OIDC_OIDC_RP_SCOPES_LIST - Setting OpenID Connect scopes - Description OpenID Connect scopes that are requested during login. These scopes are hardcoded and must be supported by the identity provider - Possible values string, comma-delimited ('foo,bar,baz') - Default value openid, kvk + Variable EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index d771761388..623995dbc4 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -27,54 +27,18 @@ All settings: :: - KIC_CONFIG_CLIENT_CERTIFICATE_ID - KIC_CONFIG_CLIENT_CERTIFICATE_LABEL - KIC_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY - KIC_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE - KIC_CONFIG_CLIENT_CERTIFICATE_TYPE KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_TYPE - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_AUTH_TYPE KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_KEY - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_VALUE - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_ID - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_LABEL - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_NLX - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS_FILE KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_ID - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_REPRESENTATION - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_UUID - KIC_CONFIG_ID KIC_CONFIG_KLANTEN_SERVICE_API_ROOT - KIC_CONFIG_KLANTEN_SERVICE_API_TYPE - KIC_CONFIG_KLANTEN_SERVICE_AUTH_TYPE KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID - KIC_CONFIG_KLANTEN_SERVICE_HEADER_KEY - KIC_CONFIG_KLANTEN_SERVICE_HEADER_VALUE - KIC_CONFIG_KLANTEN_SERVICE_ID - KIC_CONFIG_KLANTEN_SERVICE_LABEL - KIC_CONFIG_KLANTEN_SERVICE_NLX - KIC_CONFIG_KLANTEN_SERVICE_OAS - KIC_CONFIG_KLANTEN_SERVICE_OAS_FILE KIC_CONFIG_KLANTEN_SERVICE_SECRET - KIC_CONFIG_KLANTEN_SERVICE_USER_ID - KIC_CONFIG_KLANTEN_SERVICE_USER_REPRESENTATION - KIC_CONFIG_KLANTEN_SERVICE_UUID KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN KIC_CONFIG_REGISTER_CHANNEL KIC_CONFIG_REGISTER_CONTACT_MOMENT KIC_CONFIG_REGISTER_EMAIL KIC_CONFIG_REGISTER_EMPLOYEE_ID KIC_CONFIG_REGISTER_TYPE - KIC_CONFIG_SEND_EMAIL_CONFIRMATION - KIC_CONFIG_SERVER_CERTIFICATE_ID - KIC_CONFIG_SERVER_CERTIFICATE_LABEL - KIC_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY - KIC_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE - KIC_CONFIG_SERVER_CERTIFICATE_TYPE KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER @@ -83,81 +47,39 @@ Detailed Information :: - Variable KIC_CONFIG_KLANTEN_SERVICE_SECRET - Setting secret - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable KIC_CONFIG_SERVER_CERTIFICATE_TYPE - Setting type - Description Is this only a certificate or is there an associated private key? - Possible values key_pair, cert_only - Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_KEY - Setting header key + Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + Setting secret Description No description Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_ID - Setting ID + Variable KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + Setting api root url Description No description - Possible values No information available - Default value No default - - Variable KIC_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE - Setting public certificate - Description The content of the certificate - Possible values No information available + Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET - Setting secret + Variable KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID + Setting client id Description No description Possible values string Default value No default - Variable KIC_CONFIG_SEND_EMAIL_CONFIRMATION - Setting Stuur contactformulier e-mailbevestiging - Description Indien ingeschakeld dan wordt het 'contactform_confimation' e-mailsjabloon gebruikt om een e-mailbevestiging te sturen na het insturen van het contactformulier. Indien uitgeschakeld dan wordt aangenomen dat de externe contactmomenten API (eg. eSuite) de e-mailbevestiging zal sturen - Possible values True, False - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_AUTH_TYPE - Setting authorization type + Variable KIC_CONFIG_KLANTEN_SERVICE_SECRET + Setting secret Description No description - Possible values no_auth, api_key, zgw - Default value zgw - - Variable KIC_CONFIG_KLANTEN_SERVICE_NLX - Setting NLX url - Description NLX (outway) address Possible values string Default value No default @@ -165,43 +87,31 @@ Detailed Information Setting Organisatie RSIN Description No description Possible values string - Default value No default - - Variable KIC_CONFIG_CLIENT_CERTIFICATE_TYPE - Setting type - Description Is this only a certificate or is there an associated private key? - Possible values key_pair, cert_only - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default + Default value - Variable KIC_CONFIG_SERVER_CERTIFICATE_LABEL - Setting label - Description Recognisable label for the certificate + Variable KIC_CONFIG_REGISTER_CHANNEL + Setting Contactmoment kanaal + Description De kanaal waarop nieuwe contactmomenten worden aangemaakt Possible values string - Default value No default + Default value contactformulier - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_UUID - Setting UUID + Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT + Setting Registreer in Contactmomenten API Description No description - Possible values No information available - Default value 98df2dde-736c-4d54-b0d0-c3c46df9ad1b + Possible values True, False + Default value False - Variable KIC_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY - Setting private key - Description The content of the private key - Possible values No information available + Variable KIC_CONFIG_REGISTER_EMAIL + Setting Registreer op email adres + Description No description + Possible values string Default value No default Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID Setting Medewerker identificatie Description Gebruikersnaam van actieve medewerker uit e-Suite Possible values string - Default value No default + Default value Variable KIC_CONFIG_REGISTER_TYPE Setting Contactmoment type @@ -209,170 +119,8 @@ Detailed Information Possible values string Default value Melding - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT - Setting api root url - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE - Setting public certificate - Description The content of the certificate - Possible values No information available - Default value No default - - Variable KIC_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY - Setting private key - Description The content of the private key - Possible values No information available - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_HEADER_VALUE - Setting header value - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_HEADER_KEY - Setting header key - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_CLIENT_CERTIFICATE_LABEL - Setting label - Description Recognisable label for the certificate - Possible values string - Default value No default - - Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT - Setting Registreer in Contactmomenten API - Description No description - Possible values True, False - Default value No default - - Variable KIC_CONFIG_REGISTER_CHANNEL - Setting Contactmoment kanaal - Description De kanaal waarop nieuwe contactmomenten worden aangemaakt - Possible values string - Default value contactformulier - - Variable KIC_CONFIG_CLIENT_CERTIFICATE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable KIC_CONFIG_SERVER_CERTIFICATE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_LABEL - Setting label - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_HEADER_VALUE - Setting header value - Description No description - Possible values string - Default value No default - Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. Possible values True, False - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID - Setting client id - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_LABEL - Setting label - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_NLX - Setting NLX url - Description NLX (outway) address - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_UUID - Setting UUID - Description No description - Possible values No information available - Default value d130d5a3-fe6b-4930-8b7d-4ffd99fa5a7a - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default - - Variable KIC_CONFIG_KLANTEN_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file - Possible values string - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable KIC_CONFIG_REGISTER_EMAIL - Setting Registreer op email adres - Description No description - Possible values string - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_AUTH_TYPE - Setting authorization type - Description No description - Possible values no_auth, api_key, zgw - Default value zgw - - Variable KIC_CONFIG_KLANTEN_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default + Default value False diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index 8d47ad8c9d..a827db84da 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -98,131 +98,59 @@ Detailed Information :: - Variable SITE_LOGIN_2FA_SMS - Setting Log in met 2FA-met-SMS - Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen - Possible values True, False - Default value No default - - Variable SITE_KCM_SURVEY_LINK_URL - Setting Feedbackknop URL - Description De externe link achter de feedbackknop feedback. - Possible values string - Default value No default - - Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS - Setting Verberg zoekbalk voor anonieme gebruiker - Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. - Possible values True, False - Default value No default - - Variable SITE_QUESTIONNAIRE_HELP_TEXT - Setting Helptekst vragenlijst/zelftest - Description De helptekst in de popup op de vragenlijst/zelftestpagina's - Possible values string - Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. - - Variable SITE_SECONDARY_FONT_COLOR - Setting Secundaire tekstkleur - Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is - Possible values #FFFFFF, #4B4B4B - Default value #FFFFFF - - Variable SITE_PRIMARY_COLOR - Setting Primaire kleur - Description Hoofdkleur van de gemeentesite/huisstijl - Possible values string - Default value #FFFFFF - Variable SITE_ACCENT_COLOR Setting Accentkleur Description Accentkleur van de gemeentesite/huisstijl Possible values string Default value #FFFFFF - Variable SITE_KCM_SURVEY_LINK_TEXT - Setting Feedbackknop label - Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen - Possible values string - Default value No default - - Variable SITE_SELECT_QUESTIONNAIRE_INTRO - Setting Introductietekst vragenlijst widget - Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. - Possible values string - Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. - - Variable SITE_EMAIL_VERIFICATION_REQUIRED - Setting E-mailverificatie vereist - Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren - Possible values True, False - Default value No default - - Variable SITE_MATOMO_URL - Setting Matamo server URL - Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. - Possible values string - Default value No default + Variable SITE_ACCENT_FONT_COLOR + Setting Accent tekstkleur + Description De tekstkleur voor wanneer de achtergrond de accentkleur is + Possible values #FFFFFF, #4B4B4B + Default value #4B4B4B - Variable SITE_PLANS_INTRO - Setting Introductietekst Samenwerken - Description Subtitel voor de planpagina. - Possible values string - Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. + Variable SITE_ACCOUNT_HELP_TEXT + Setting Helptekst mijn profiel + Description De helptekst in de popup van de profielpagina's + Possible values text (string) + Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. - Variable SITE_LOGIN_ALLOW_REGISTRATION - Setting Sta lokale registratie toe - Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. + Variable SITE_ALLOW_MESSAGES_FILE_SHARING + Setting Sta het delen van bestanden via Mijn Berichten toe + Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden Possible values True, False - Default value No default + Default value True - Variable SITE_NAME - Setting Naam - Description Naam van de gemeente + Variable SITE_CONTACT_PAGE + Setting URL + Description URL van de contactpagina van de organisatie Possible values string Default value No default - Variable SITE_HOME_THEME_TITLE - Setting Titel 'Onderwerpen' op de homepage - Description Koptekst van de Onderwerpen op de homepage - Possible values string - Default value Onderwerpen - - Variable SITE_SELECT_QUESTIONNAIRE_TITLE - Setting Titel vragenlijst widget - Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. - Possible values string - Default value Keuze zelftest? - - Variable SITE_FOOTER_LOGO_TITLE - Setting Footer logo title - Description The title - help text of the footer logo. + Variable SITE_CONTACT_PHONENUMBER + Setting Telefoonnummer + Description Telefoonnummer van de organisatie Possible values string Default value No default - Variable SITE_EHERKENNING_ENABLED - Setting eHerkenning authentication ingeschakeld - Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. - Possible values True, False - Default value No default - - Variable SITE_THEME_TITLE - Setting Onderwerpen titel - Description Titel op de Onderwerpenpagina + Variable SITE_COOKIE_INFO_TEXT + Setting Tekst cookiebanner informatie + Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. Possible values string - Default value Onderwerpen + Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. - Variable SITE_PLAN_HELP_TEXT - Setting Helptekst samenwerken - Description De helptekst in de popup van de samenwerken-pagina's + Variable SITE_COOKIE_LINK_TEXT + Setting Tekst cookiebanner link + Description De tekst die wordt gebruikt als link naar de privacypagina. Possible values string - Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. + Default value Lees meer over ons cookiebeleid. - Variable SITE_GTM_CODE - Setting Google Tag Manager code - Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. + Variable SITE_COOKIE_LINK_URL + Setting URL van de privacypagina + Description De link naar de pagina met het privacybeleid. Possible values string - Default value No default + Default value /pages/privacyverklaring/ Variable SITE_DISPLAY_SOCIAL Setting Toon sociale media knoppen bij elk product @@ -230,71 +158,83 @@ Detailed Information Possible values True, False Default value True + Variable SITE_EHERKENNING_ENABLED + Setting eHerkenning authentication ingeschakeld + Description Of gebruikers in kunnen loggen met eHerkenning of niet. Standaard wordt de SAML integratie hiervoor gebruikt (van toepassing bij een rechtstreekse aansluiting op een eHerkenning makelaar). Voor het gebruiken van een OpenID Connect (OIDC) koppeling, navigeer naar `OpenID Connect configuratie voor eHerkenning` om deze te activeren. + Possible values True, False + Default value False + Variable SITE_EMAIL_NEW_MESSAGE Setting Stuur een mail bij nieuwe berichten Description Of er een e-mail ter notificatie verstuurd dient te worden na een nieuw bericht voor de gebruiker. Possible values True, False Default value True - Variable SITE_PLANS_NO_PLANS_MESSAGE - Setting Standaardtekst geen samenwerkingen - Description Het bericht als een gebruiker nog geen plannen heeft. - Possible values string - Default value U heeft nog geen plan gemaakt. + Variable SITE_EMAIL_VERIFICATION_REQUIRED + Setting E-mailverificatie vereist + Description Of gebruikers verplicht zijn om na het inloggen hun e-mailadres te verifieren + Possible values True, False + Default value False - Variable SITE_GA_CODE - Setting Google Analytics code - Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. + Variable SITE_FOOTER_LOGO_TITLE + Setting Footer logo title + Description The title - help text of the footer logo. Possible values string - Default value No default + Default value - Variable SITE_ACCOUNT_HELP_TEXT - Setting Helptekst mijn profiel - Description De helptekst in de popup van de profielpagina's + Variable SITE_FOOTER_LOGO_URL + Setting Footer logo link + Description The external link for the footer logo. Possible values string - Default value Op dit scherm ziet u uw persoonlijke profielgegevens en gerelateerde gegevens. + Default value - Variable SITE_SITEIMPROVE_ID - Setting SiteImprove ID - Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. + Variable SITE_GA_CODE + Setting Google Analytics code + Description Normaalgesproken is dit een code van het formaat 'G-XXXX'. Door dit in te stellen wordt Google Analytics gebruikt. Possible values string Default value No default - Variable SITE_CONTACT_PAGE - Setting URL - Description URL van de contactpagina van de organisatie + Variable SITE_GTM_CODE + Setting Google Tag Manager code + Description Normaalgesproken is dit een code van het formaat 'GTM-XXXX'. Door dit in te stellen wordt Google Tag Manager gebruikt. Possible values string Default value No default - Variable SITE_MATOMO_SITE_ID - Setting Matamo site ID - Description De 'idsite' van de website in Matamo die getrackt dient te worden. - Possible values string representing a positive number - Default value No default - - Variable SITE_COOKIE_INFO_TEXT - Setting Tekst cookiebanner informatie - Description De tekstinhoud van de cookiebanner. Wanneer deze wordt ingevuld dan wordt de cookiebanner zichtbaar. - Possible values string - Default value Wij gebruiken cookies om onze website en dienstverlening te verbeteren. + Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS + Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers + Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. + Possible values True, False + Default value False - Variable SITE_HOME_QUESTIONNAIRE_INTRO - Setting Introductietekst vragenlijst homepage - Description Vragenlijst introductietekst op de homepage. - Possible values string - Default value Test met een paar simpele vragen of u recht heeft op een product + Variable SITE_HIDE_SEARCH_FROM_ANONYMOUS_USERS + Setting Verberg zoekbalk voor anonieme gebruiker + Description Indien geselecteerd: alleen ingelogde gebruikers zien de zoekfunctie. + Possible values True, False + Default value False Variable SITE_HOME_HELP_TEXT Setting Helptekst homepage Description Helptekst in de popup op de voorpagina - Possible values string + Possible values text (string) Default value Welkom! Op dit scherm vindt u een overzicht van de verschillende onderwerpen en producten & diensten. - Variable SITE_PRIMARY_FONT_COLOR - Setting Primaire tekstkleur - Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is - Possible values #FFFFFF, #4B4B4B - Default value #FFFFFF + Variable SITE_HOME_MAP_INTRO + Setting Introductietekst kaart + Description Introductietekst van de kaart op de homepage + Possible values text (string) + Default value No default + + Variable SITE_HOME_MAP_TITLE + Setting Koptekst van de kaart op de homepage + Description Koptekst van de kaart op de homepage + Possible values string + Default value In de buurt + + Variable SITE_HOME_PRODUCT_FINDER_INTRO + Setting Introductietekst productzoeker homepage + Description Introductietekst van de productzoeker op de homepage. + Possible values text (string) + Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie Variable SITE_HOME_PRODUCT_FINDER_TITLE Setting Productzoeker titel @@ -302,95 +242,107 @@ Detailed Information Possible values string Default value Productzoeker - Variable SITE_CONTACT_PHONENUMBER - Setting Telefoonnummer - Description Telefoonnummer van de organisatie + Variable SITE_HOME_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst homepage + Description Vragenlijst introductietekst op de homepage. + Possible values text (string) + Default value Test met een paar simpele vragen of u recht heeft op een product + + Variable SITE_HOME_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst homepage + Description Vragenlijst titel op de homepage. Possible values string + Default value Waar bent u naar op zoek? + + Variable SITE_HOME_THEME_INTRO + Setting Onderwerpen introductietekst op de homepage + Description Introductietekst 'Onderwerpen' op de homepage + Possible values text (string) Default value No default - Variable SITE_ACCENT_FONT_COLOR - Setting Accent tekstkleur - Description De tekstkleur voor wanneer de achtergrond de accentkleur is - Possible values #FFFFFF, #4B4B4B - Default value #4B4B4B + Variable SITE_HOME_THEME_TITLE + Setting Titel 'Onderwerpen' op de homepage + Description Koptekst van de Onderwerpen op de homepage + Possible values string + Default value Onderwerpen - Variable SITE_OPENID_DISPLAY - Setting Toon optie om in te loggen via OpenID Connect - Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. - Possible values admin, regular - Default value admin + Variable SITE_HOME_WELCOME_INTRO + Setting Introductietekst homepage + Description Introductietekst op de homepage + Possible values text (string) + Default value No default - Variable SITE_THEME_INTRO - Setting Onderwerpen introductie - Description Introductietekst op de onderwerpenpagina + Variable SITE_HOME_WELCOME_TITLE + Setting Koptekst homepage + Description Koptekst op de homepage Possible values string - Default value No default + Default value Welkom - Variable SITE_COOKIE_LINK_URL - Setting URL van de privacypagina - Description De link naar de pagina met het privacybeleid. + Variable SITE_KCM_SURVEY_LINK_TEXT + Setting Feedbackknop label + Description De label van de knop wat wordt gebruikt om gebruikersfeedback te verzamelen Possible values string - Default value /pages/privacyverklaring/ + Default value No default - Variable SITE_REDIRECT_TO - Setting Stuur niet-ingelogde gebruiker door naar - Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' + Variable SITE_KCM_SURVEY_LINK_URL + Setting Feedbackknop URL + Description De externe link achter de feedbackknop feedback. Possible values string Default value No default - Variable SITE_WARNING_BANNER_ENABLED - Setting Toon waarschuwingsbanner - Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. + Variable SITE_LOGIN_2FA_SMS + Setting Log in met 2FA-met-SMS + Description Bepaalt of gebruikers die met gebruikersnaam+wachtwoord inloggen verplicht een SMS verificatiecode dienen in te vullen Possible values True, False - Default value No default + Default value False - Variable SITE_SEARCH_FILTER_CATEGORIES - Setting Onderwerpenfilter toevoegen aan zoekresultaten - Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Variable SITE_LOGIN_ALLOW_REGISTRATION + Setting Sta lokale registratie toe + Description Wanneer deze optie uit staat is het enkel toegestaan om met DigiD in te loggen. Zet deze instelling aan om ook het inloggen met gebruikersnaam/wachtwoord en het aanmelden zonder DigiD toe te staan. Possible values True, False - Default value True + Default value False - Variable SITE_SEARCH_FILTER_TAGS - Setting Tagfilter toevoegen aan zoekresultaten - Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Variable SITE_LOGIN_SHOW + Setting Toon inlogknop rechts bovenin + Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen Possible values True, False Default value True - Variable SITE_RECIPIENTS_EMAIL_DIGEST - Setting ontvangers e-mailsamenvatting - Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. - Possible values string, comma-delimited ('foo,bar,baz') - Default value No default - Variable SITE_LOGIN_TEXT Setting Login tekst Description Deze tekst wordt getoond op de login pagina. - Possible values string + Possible values text (string) Default value No default - Variable SITE_REGISTRATION_TEXT - Setting Registratie tekst - Description Deze tekst wordt getoond op de registratie pagina. - Possible values string + Variable SITE_MATOMO_SITE_ID + Setting Matamo site ID + Description De 'idsite' van de website in Matamo die getrackt dient te worden. + Possible values string representing a positive integer Default value No default - Variable SITE_HOME_WELCOME_TITLE - Setting Koptekst homepage - Description Koptekst op de homepage + Variable SITE_MATOMO_URL + Setting Matamo server URL + Description De domeinnaam / URL van de Matamo server, bijvoorbeeld 'matamo.example.com'. Possible values string - Default value Welkom + Default value No default - Variable SITE_HOME_THEME_INTRO - Setting Onderwerpen introductietekst op de homepage - Description Introductietekst 'Onderwerpen' op de homepage + Variable SITE_NAME + Setting Naam + Description Naam van de gemeente Possible values string Default value No default - Variable SITE_HOME_QUESTIONNAIRE_TITLE - Setting Titel vragenlijst homepage - Description Vragenlijst titel op de homepage. + Variable SITE_OPENID_CONNECT_LOGIN_TEXT + Setting OpenID Connect login tekst + Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld Possible values string - Default value Waar bent u naar op zoek? + Default value Login with Azure AD + + Variable SITE_OPENID_DISPLAY + Setting Toon optie om in te loggen via OpenID Connect + Description Alleen geselecteerde groepen zullen de optie zien om met OpenID Connect in te loggen. + Possible values admin, regular + Default value admin Variable SITE_PLANS_EDIT_MESSAGE Setting Standaardtekst 'doel wijzigen' @@ -398,35 +350,71 @@ Detailed Information Possible values string Default value Hier kunt u uw doel aanpassen - Variable SITE_FOOTER_LOGO_URL - Setting Footer logo link - Description The external link for the footer logo. - Possible values string - Default value No default + Variable SITE_PLANS_INTRO + Setting Introductietekst Samenwerken + Description Subtitel voor de planpagina. + Possible values text (string) + Default value Hier werkt u aan uw doelen. Dit doet u samen met uw contactpersoon bij de gemeente. - Variable SITE_THEME_HELP_TEXT - Setting Onderwerpen help - Description Helptekst in de popup op de onderwerpenpagina + Variable SITE_PLANS_NO_PLANS_MESSAGE + Setting Standaardtekst geen samenwerkingen + Description Het bericht als een gebruiker nog geen plannen heeft. Possible values string - Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. + Default value U heeft nog geen plan gemaakt. - Variable SITE_SEARCH_HELP_TEXT - Setting Helptekst zoeken - Description De helptekst in de popup op de zoekpagina's - Possible values string - Default value Op dit scherm kunt u zoeken naar de producten en diensten. + Variable SITE_PLAN_HELP_TEXT + Setting Helptekst samenwerken + Description De helptekst in de popup van de samenwerken-pagina's + Possible values text (string) + Default value Met het onderdeel Samenwerken kunt u samen met uw contactpersonen of begeleider van de gemeente aan de slag om met een samenwerkingsplan uw persoonlijke situatie te verbeteren. Door samen aan uw doelen te werken en acties te omschrijven kunnen we elkaar helpen. - Variable SITE_SECONDARY_COLOR - Setting Secundaire kleur - Description Secundaire kleur van de gemeentesite/huisstijl + Variable SITE_PRIMARY_COLOR + Setting Primaire kleur + Description Hoofdkleur van de gemeentesite/huisstijl Possible values string Default value #FFFFFF - Variable SITE_HOME_MAP_TITLE - Setting Koptekst van de kaart op de homepage - Description Koptekst van de kaart op de homepage + Variable SITE_PRIMARY_FONT_COLOR + Setting Primaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de hoofdkleur is + Possible values #FFFFFF, #4B4B4B + Default value #FFFFFF + + Variable SITE_PRODUCT_HELP_TEXT + Setting Helptekst producten + Description Helptekst in de popup van de productenpagina's + Possible values text (string) + Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. + + Variable SITE_QUESTIONNAIRE_HELP_TEXT + Setting Helptekst vragenlijst/zelftest + Description De helptekst in de popup op de vragenlijst/zelftestpagina's + Possible values text (string) + Default value Het onderdeel Zelftest stelt u in staat om met het beantwoorden van enkele vragen een advies te krijgen van de gemeente, met concrete vervolgstappen en producten en diensten. U kunt tevens uw antwoorden en het advies bewaren om met een begeleider van de gemeente te bespreken. + + Variable SITE_RECIPIENTS_EMAIL_DIGEST + Setting ontvangers e-mailsamenvatting + Description De e-mailadressen van beheerders die een dagelijkse samenvatting dienen te krijgen van punten van orde. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable SITE_REDIRECT_TO + Setting Stuur niet-ingelogde gebruiker door naar + Description Geef een URL of pad op waar de niet-ingelogde gebruiker naar toe doorgestuurd moet worden vanuit de niet-ingelogde homepage.Pad voorbeeld: '/accounts/login', URL voorbeeld: 'https://gemeente.groningen.nl' Possible values string - Default value In de buurt + Default value No default + + Variable SITE_REGISTRATION_TEXT + Setting Registratie tekst + Description Deze tekst wordt getoond op de registratie pagina. + Possible values text (string) + Default value No default + + Variable SITE_SEARCH_FILTER_CATEGORIES + Setting Onderwerpenfilter toevoegen aan zoekresultaten + Description Of er categorie-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True Variable SITE_SEARCH_FILTER_ORGANIZATIONS Setting Organisaties-filter toevoegen aan zoekresultaten @@ -434,74 +422,86 @@ Detailed Information Possible values True, False Default value True - Variable SITE_WARNING_BANNER_FONT_COLOR - Setting Waarschuwingsbanner tekst - Description De tekstkleur voor de waarschuwingsbanner - Possible values string - Default value #000000 + Variable SITE_SEARCH_FILTER_TAGS + Setting Tagfilter toevoegen aan zoekresultaten + Description Of er tag-selectievakjes moeten worden weergegeven om het zoekresultaat te filteren. + Possible values True, False + Default value True - Variable SITE_OPENID_CONNECT_LOGIN_TEXT - Setting OpenID Connect login tekst - Description De tekst die getoond wordt wanneer OpenID Connect (OIDC/Azure AD) als loginmethode is ingesteld - Possible values string - Default value Login with Azure AD + Variable SITE_SEARCH_HELP_TEXT + Setting Helptekst zoeken + Description De helptekst in de popup op de zoekpagina's + Possible values text (string) + Default value Op dit scherm kunt u zoeken naar de producten en diensten. - Variable SITE_WARNING_BANNER_BACKGROUND_COLOR - Setting Waarschuwingsbanner achtergrond - Description Waarschuwingsbanner achtergrondkleur + Variable SITE_SECONDARY_COLOR + Setting Secundaire kleur + Description Secundaire kleur van de gemeentesite/huisstijl Possible values string - Default value #FFDBAD + Default value #FFFFFF - Variable SITE_LOGIN_SHOW - Setting Toon inlogknop rechts bovenin - Description Wanneer deze optie uit staat dan kan nog wel worden ingelogd via /accounts/login/ , echter het inloggen is verborgen - Possible values True, False - Default value True + Variable SITE_SECONDARY_FONT_COLOR + Setting Secundaire tekstkleur + Description De tekstkleur voor wanneer de achtergrond de secundaire kleur is + Possible values #FFFFFF, #4B4B4B + Default value #FFFFFF - Variable SITE_HOME_WELCOME_INTRO - Setting Introductietekst homepage - Description Introductietekst op de homepage + Variable SITE_SELECT_QUESTIONNAIRE_INTRO + Setting Introductietekst vragenlijst widget + Description Vragenlijst introductietekst op de onderwerpen en profielpagina's. + Possible values text (string) + Default value Kies hieronder één van de volgende vragenlijsten om de zelftest te starten. + + Variable SITE_SELECT_QUESTIONNAIRE_TITLE + Setting Titel vragenlijst widget + Description Vragenlijst keuzetitel op de onderwerpen en profielpagina's. Possible values string - Default value No default + Default value Keuze zelftest? - Variable SITE_HOME_MAP_INTRO - Setting Introductietekst kaart - Description Introductietekst van de kaart op de homepage + Variable SITE_SITEIMPROVE_ID + Setting SiteImprove ID + Description SiteImprove ID - Dit nummer kan gevonden worden in de SiteImprove snippet, dit is onderdeel van een URL zoals '//siteimproveanalytics.com/js/siteanalyze_xxxxx.js' waarbij het xxxxx-deel de SiteImprove ID is die hier ingevuld moet worden. Possible values string + Default value + + Variable SITE_THEME_HELP_TEXT + Setting Onderwerpen help + Description Helptekst in de popup op de onderwerpenpagina + Possible values text (string) + Default value Op dit scherm vindt u de verschillende onderwerpen waarvoor wij producten en diensten aanbieden. + + Variable SITE_THEME_INTRO + Setting Onderwerpen introductie + Description Introductietekst op de onderwerpenpagina + Possible values text (string) Default value No default - Variable SITE_HOME_PRODUCT_FINDER_INTRO - Setting Introductietekst productzoeker homepage - Description Introductietekst van de productzoeker op de homepage. + Variable SITE_THEME_TITLE + Setting Onderwerpen titel + Description Titel op de Onderwerpenpagina Possible values string - Default value Met een paar simpele vragen ziet u welke producten passen bij uw situatie + Default value Onderwerpen - Variable SITE_PRODUCT_HELP_TEXT - Setting Helptekst producten - Description Helptekst in de popup van de productenpagina's + Variable SITE_WARNING_BANNER_BACKGROUND_COLOR + Setting Waarschuwingsbanner achtergrond + Description Waarschuwingsbanner achtergrondkleur Possible values string - Default value Op dit scherm kunt u de details vinden over het gekozen product of dienst. Afhankelijk van het product kunt u deze direct aanvragen of meer informatie opvragen. + Default value #FFDBAD - Variable SITE_HIDE_CATEGORIES_FROM_ANONYMOUS_USERS - Setting Blokkeer toegang tot Onderwerpen voor niet-ingelogde gebruikers - Description Indien geselecteerd: alleen ingelogde gebruikers hebben toegang tot Onderwerpen. + Variable SITE_WARNING_BANNER_ENABLED + Setting Toon waarschuwingsbanner + Description Of de waarschuwingsbanner zichtbaar moet zijn of niet. Possible values True, False - Default value No default + Default value False - Variable SITE_COOKIE_LINK_TEXT - Setting Tekst cookiebanner link - Description De tekst die wordt gebruikt als link naar de privacypagina. + Variable SITE_WARNING_BANNER_FONT_COLOR + Setting Waarschuwingsbanner tekst + Description De tekstkleur voor de waarschuwingsbanner Possible values string - Default value Lees meer over ons cookiebeleid. - - Variable SITE_ALLOW_MESSAGES_FILE_SHARING - Setting Sta het delen van bestanden via Mijn Berichten toe - Description Of het delen van bestanden via Mijn Berichten mogelijk is of niet. Indien uitgeschakeld dan kunnen alleen tekstberichten worden verzonden - Possible values True, False - Default value True + Default value #000000 Variable SITE_WARNING_BANNER_TEXT Setting Tekstinhoud waarschuwingsbanner Description De tekst die zichtbaar is in de waarschuwingsbanner - Possible values string + Possible values text (string) Default value No default diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index 872fd4deda..413d3aeb7c 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -34,84 +34,25 @@ All settings: ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT - ZGW_CONFIG_CATALOGI_SERVICE_API_TYPE - ZGW_CONFIG_CATALOGI_SERVICE_AUTH_TYPE ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID - ZGW_CONFIG_CATALOGI_SERVICE_HEADER_KEY - ZGW_CONFIG_CATALOGI_SERVICE_HEADER_VALUE - ZGW_CONFIG_CATALOGI_SERVICE_ID - ZGW_CONFIG_CATALOGI_SERVICE_LABEL - ZGW_CONFIG_CATALOGI_SERVICE_NLX - ZGW_CONFIG_CATALOGI_SERVICE_OAS - ZGW_CONFIG_CATALOGI_SERVICE_OAS_FILE ZGW_CONFIG_CATALOGI_SERVICE_SECRET - ZGW_CONFIG_CATALOGI_SERVICE_USER_ID - ZGW_CONFIG_CATALOGI_SERVICE_USER_REPRESENTATION - ZGW_CONFIG_CATALOGI_SERVICE_UUID - ZGW_CONFIG_CLIENT_CERTIFICATE_ID - ZGW_CONFIG_CLIENT_CERTIFICATE_LABEL - ZGW_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY - ZGW_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE - ZGW_CONFIG_CLIENT_CERTIFICATE_TYPE ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT - ZGW_CONFIG_DOCUMENT_SERVICE_API_TYPE - ZGW_CONFIG_DOCUMENT_SERVICE_AUTH_TYPE ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID - ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_KEY - ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_VALUE - ZGW_CONFIG_DOCUMENT_SERVICE_ID - ZGW_CONFIG_DOCUMENT_SERVICE_LABEL - ZGW_CONFIG_DOCUMENT_SERVICE_NLX - ZGW_CONFIG_DOCUMENT_SERVICE_OAS - ZGW_CONFIG_DOCUMENT_SERVICE_OAS_FILE ZGW_CONFIG_DOCUMENT_SERVICE_SECRET - ZGW_CONFIG_DOCUMENT_SERVICE_USER_ID - ZGW_CONFIG_DOCUMENT_SERVICE_USER_REPRESENTATION - ZGW_CONFIG_DOCUMENT_SERVICE_UUID ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN ZGW_CONFIG_FORM_SERVICE_API_ROOT - ZGW_CONFIG_FORM_SERVICE_API_TYPE - ZGW_CONFIG_FORM_SERVICE_AUTH_TYPE ZGW_CONFIG_FORM_SERVICE_CLIENT_ID - ZGW_CONFIG_FORM_SERVICE_HEADER_KEY - ZGW_CONFIG_FORM_SERVICE_HEADER_VALUE - ZGW_CONFIG_FORM_SERVICE_ID - ZGW_CONFIG_FORM_SERVICE_LABEL - ZGW_CONFIG_FORM_SERVICE_NLX - ZGW_CONFIG_FORM_SERVICE_OAS - ZGW_CONFIG_FORM_SERVICE_OAS_FILE ZGW_CONFIG_FORM_SERVICE_SECRET - ZGW_CONFIG_FORM_SERVICE_USER_ID - ZGW_CONFIG_FORM_SERVICE_USER_REPRESENTATION - ZGW_CONFIG_FORM_SERVICE_UUID - ZGW_CONFIG_ID ZGW_CONFIG_MAX_UPLOAD_SIZE ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE - ZGW_CONFIG_SERVER_CERTIFICATE_ID - ZGW_CONFIG_SERVER_CERTIFICATE_LABEL - ZGW_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY - ZGW_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE - ZGW_CONFIG_SERVER_CERTIFICATE_TYPE ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ZGW_CONFIG_TITLE_TEXT ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY ZGW_CONFIG_ZAAK_SERVICE_API_ROOT - ZGW_CONFIG_ZAAK_SERVICE_API_TYPE - ZGW_CONFIG_ZAAK_SERVICE_AUTH_TYPE ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID - ZGW_CONFIG_ZAAK_SERVICE_HEADER_KEY - ZGW_CONFIG_ZAAK_SERVICE_HEADER_VALUE - ZGW_CONFIG_ZAAK_SERVICE_ID - ZGW_CONFIG_ZAAK_SERVICE_LABEL - ZGW_CONFIG_ZAAK_SERVICE_NLX - ZGW_CONFIG_ZAAK_SERVICE_OAS - ZGW_CONFIG_ZAAK_SERVICE_OAS_FILE ZGW_CONFIG_ZAAK_SERVICE_SECRET - ZGW_CONFIG_ZAAK_SERVICE_USER_ID - ZGW_CONFIG_ZAAK_SERVICE_USER_REPRESENTATION - ZGW_CONFIG_ZAAK_SERVICE_UUID Detailed Information @@ -119,343 +60,73 @@ Detailed Information :: - Variable ZGW_CONFIG_DOCUMENT_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_SECRET - Setting secret - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_KEY - Setting header key - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_CLIENT_CERTIFICATE_PUBLIC_CERTIFICATE - Setting public certificate - Description The content of the certificate - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_API_ROOT - Setting api root url - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_SERVER_CERTIFICATE_PRIVATE_KEY - Setting private key - Description The content of the private key - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_HEADER_KEY - Setting header key - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - Setting Zaak vertrouwelijkheid - Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken - Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim - Default value openbaar - - Variable ZGW_CONFIG_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default - - Variable ZGW_CONFIG_TITLE_TEXT - Setting Titel tekst - Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. - Possible values string - Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. - Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS Setting Standaard actie deadline termijn in dagen Description Aantal dagen voor gebruiker om actie te ondernemen. - Possible values string representing a number + Possible values string representing an integer Default value 15 - Variable ZGW_CONFIG_CATALOGI_SERVICE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS Setting allowed file extensions Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. Possible values string, comma-delimited ('foo,bar,baz') Default value bmp, doc, docx, gif, jpeg, jpg, msg, pdf, png, ppt, pptx, rtf, tiff, txt, vsd, xls, xlsx - Variable ZGW_CONFIG_FORM_SERVICE_LABEL - Setting label + Variable ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_SERVER_CERTIFICATE_TYPE - Setting type - Description Is this only a certificate or is there an associated private key? - Possible values key_pair, cert_only - Default value No default - - Variable ZGW_CONFIG_CLIENT_CERTIFICATE_TYPE - Setting type - Description Is this only a certificate or is there an associated private key? - Possible values key_pair, cert_only - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_HEADER_VALUE - Setting header value + Variable ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_SERVICE_LABEL - Setting label + Variable ZGW_CONFIG_CATALOGI_SERVICE_SECRET + Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CLIENT_CERTIFICATE_PRIVATE_KEY - Setting private key - Description The content of the private key - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN - Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken - Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker - Possible values True, False - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default + Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + Setting Documenten vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim + Default value openbaar - Variable ZGW_CONFIG_FORM_SERVICE_API_ROOT + Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_UUID - Setting UUID - Description No description - Possible values No information available - Default value fbcc5878-4728-48b7-b5bd-78b06a972d4f - Variable ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN - Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken - Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. - Possible values True, False - Default value No default - Variable ZGW_CONFIG_DOCUMENT_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_MAX_UPLOAD_SIZE - Setting Maximale upload grootte (in MB) - Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. - Possible values string representing a positive number - Default value 50 - - Variable ZGW_CONFIG_CATALOGI_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_LABEL - Setting label - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_NLX - Setting NLX url - Description NLX (outway) address - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_HEADER_KEY - Setting header key - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_HEADER_VALUE - Setting header value - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_SECRET - Setting secret - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default - - Variable ZGW_CONFIG_SERVER_CERTIFICATE_LABEL - Setting label - Description Recognisable label for the certificate - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_HEADER_VALUE - Setting header value - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default - - Variable ZGW_CONFIG_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE - Setting public certificate - Description The content of the certificate - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_NLX - Setting NLX url - Description NLX (outway) address - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_UUID - Setting UUID - Description No description - Possible values No information available - Default value 20e4ecdf-a065-4164-8e80-6f612fcd4193 - - Variable ZGW_CONFIG_FORM_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_CLIENT_CERTIFICATE_LABEL - Setting label - Description Recognisable label for the certificate - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_AUTH_TYPE - Setting authorization type - Description No description - Possible values no_auth, api_key, zgw - Default value zgw - - Variable ZGW_CONFIG_FORM_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_UUID - Setting UUID - Description No description - Possible values No information available - Default value 296d4ead-3d27-48d0-ae6d-dcd4454795e5 - - Variable ZGW_CONFIG_CATALOGI_SERVICE_UUID - Setting UUID - Description No description - Possible values No information available - Default value 19873485-41a8-41ae-8821-7405c22b8ae2 + Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken + Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker + Possible values True, False + Default value False - Variable ZGW_CONFIG_FORM_SERVICE_NLX - Setting NLX url - Description NLX (outway) address - Possible values string - Default value No default + Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken + Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. + Possible values True, False + Default value False - Variable ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + Variable ZGW_CONFIG_FORM_SERVICE_API_ROOT Setting api root url Description No description Possible values string @@ -467,140 +138,56 @@ Detailed Information Possible values string Default value No default - Variable ZGW_CONFIG_FORM_SERVICE_USER_REPRESENTATION - Setting user representation - Description Human readable representation of the user. - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_USER_ID - Setting user ID - Description User ID to use for the audit trail. Although these external API credentials are typically used bythis API itself instead of a user, the user ID is required. - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_NLX - Setting NLX url - Description NLX (outway) address - Possible values string - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_HEADER_VALUE - Setting header value - Description No description - Possible values string - Default value No default - Variable ZGW_CONFIG_FORM_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_TYPE - Setting type - Description No description - Possible values ac, nrc, zrc, ztc, drc, brc, cmc, kc, vrc, orc - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file - Possible values string - Default value No default - - Variable ZGW_CONFIG_FORM_SERVICE_HEADER_KEY - Setting header key - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_CATALOGI_SERVICE_AUTH_TYPE - Setting authorization type - Description No description - Possible values no_auth, api_key, zgw - Default value zgw - - Variable ZGW_CONFIG_CLIENT_CERTIFICATE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_SERVER_CERTIFICATE_ID - Setting ID - Description No description - Possible values No information available - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_AUTH_TYPE - Setting authorization type - Description No description - Possible values no_auth, api_key, zgw - Default value zgw + Variable ZGW_CONFIG_MAX_UPLOAD_SIZE + Setting Maximale upload grootte (in MB) + Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. + Possible values string representing a positive integer + Default value 50 Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE Setting Converteer eSuite zaaknummers Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). Possible values True, False - Default value No default - - Variable ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID - Setting client id - Description No description - Possible values string - Default value No default - - Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY - Setting Documenten vertrouwelijkheid - Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken - Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim - Default value openbaar - - Variable ZGW_CONFIG_DOCUMENT_SERVICE_OAS_FILE - Setting OAS file - Description OAS yaml file - Possible values No information available - Default value No default + Default value False Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN Setting Maak gebruik van StatusType.informeren workaround (eSuite) Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. Possible values True, False - Default value No default + Default value False - Variable ZGW_CONFIG_DOCUMENT_SERVICE_LABEL - Setting label - Description No description - Possible values string - Default value No default + Variable ZGW_CONFIG_TITLE_TEXT + Setting Titel tekst + Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. + Possible values text (string) + Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. - Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT + Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + Setting Zaak vertrouwelijkheid + Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken + Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim + Default value openbaar + + Variable ZGW_CONFIG_ZAAK_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + Variable ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENT_SERVICE_AUTH_TYPE - Setting authorization type + Variable ZGW_CONFIG_ZAAK_SERVICE_SECRET + Setting secret Description No description - Possible values no_auth, api_key, zgw - Default value zgw - - Variable ZGW_CONFIG_FORM_SERVICE_OAS - Setting OAS url - Description URL to OAS yaml file Possible values string Default value No default diff --git a/src/open_inwoner/configurations/bootstrap/choices.py b/src/open_inwoner/configurations/bootstrap/choices.py new file mode 100644 index 0000000000..730ec5199b --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/choices.py @@ -0,0 +1,13 @@ +from django.db import models +from django.utils.translation import gettext_lazy as _ + + +class BasicFieldDescription(models.TextChoices): + ArrayField = _("string, comma-delimited ('foo,bar,baz')") + BooleanField = "True, False" + CharField = _("string") + IntegerField = _("string representing an integer") + PositiveIntegerField = _("string representing a positive integer") + TextField = _("text (string)") + URLField = _("string (URL)") + UUIDField = _("UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34)") diff --git a/src/open_inwoner/configurations/bootstrap/dataclasses.py b/src/open_inwoner/configurations/bootstrap/dataclasses.py index fc4f396519..b3db9e63e0 100644 --- a/src/open_inwoner/configurations/bootstrap/dataclasses.py +++ b/src/open_inwoner/configurations/bootstrap/dataclasses.py @@ -1,4 +1,4 @@ -from dataclasses import dataclass +from dataclasses import dataclass, field @dataclass(frozen=True, eq=True) @@ -12,5 +12,5 @@ class ConfigField: @dataclass class Fields: - all: set[ConfigField] - required: set[ConfigField] + all: set[ConfigField] = field(default_factory=set) + required: set[ConfigField] = field(default_factory=set) diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py index a2071a9fa2..5b5e8e557f 100644 --- a/src/open_inwoner/configurations/bootstrap/models.py +++ b/src/open_inwoner/configurations/bootstrap/models.py @@ -1,8 +1,9 @@ import dataclasses -from dataclasses import dataclass, field -from typing import Any, Iterator, TypeAlias +from dataclasses import dataclass +from typing import Iterator, TypeAlias from django.contrib.postgres.fields import ArrayField +from django.db import models from django.db.models.fields import NOT_PROVIDED from django.db.models.fields.json import JSONField from django.db.models.fields.related import ForeignKey, OneToOneField @@ -17,6 +18,7 @@ from open_inwoner.openklant.models import OpenKlantConfig from open_inwoner.openzaak.models import OpenZaakConfig +from .choices import BasicFieldDescription from .dataclasses import ConfigField, Fields ConfigModel: TypeAlias = ( @@ -32,12 +34,12 @@ class ConfigSettingsBase: model: ConfigModel display_name: str namespace: str - required_fields: tuple[str, ...] - included_fields: tuple[str, ...] - excluded_fields: tuple[str, ...] + required_fields = tuple() + included_fields = tuple() + excluded_fields = ("id",) def __init__(self): - self.config_fields = Fields(all=set(), required=set()) + self.config_fields = Fields() self.create_model_config_fields( require=self.required_fields, @@ -51,52 +53,45 @@ def get_setting_name(cls, field: ConfigField) -> str: return f"{cls.namespace}_" + field.name.upper() @staticmethod - def get_default_value(field: Any) -> str: + def get_default_value(field: models.Field) -> str: default = field.default if default is NOT_PROVIDED: return "No default" if callable(default): - default = default.__call__() + default = default() if isinstance(field, (JSONField, ArrayField)): try: default = ", ".join(default) except TypeError: default = str(default) + # needed to make `generate_config_docs` idempotent + # because UUID's are randomly generated + if isinstance(field, models.UUIDField): + default = "random UUID string" return default @staticmethod - def get_example_values(field: Any) -> str: + def get_example_values(field: models.Field) -> str: # fields with choices if choices := field.choices: values = [choice[0] for choice in choices] return ", ".join(values) # other fields - match field.get_internal_type(): - case "CharField": - return "string" - case "TextField": - return "string" - case "URLField": - return "string (URL)" - case "BooleanField": - return "True, False" - case "IntegerField": - return "string representing a number" - case "PositiveIntegerField": - return "string representing a positive number" - case "ArrayField": - return "string, comma-delimited ('foo,bar,baz')" + field_type = field.get_internal_type() + match field_type: + case item if item in BasicFieldDescription.names: + return getattr(BasicFieldDescription, field_type) case _: return "No information available" - def get_model_fields(self, model) -> Iterator[Any]: + def get_model_fields(self, model) -> Iterator[models.Field]: return ( field for field in model._meta.concrete_fields - if field.name not in self.__class__.excluded_fields + if field.name not in self.excluded_fields ) def create_model_config_fields( @@ -104,8 +99,8 @@ def create_model_config_fields( require: tuple[str, ...], exclude: tuple[str, ...], include: tuple[str, ...], - model: Any, - relating_field: Any = None, + model: models.Field, + relating_field: models.Field = None, ) -> None: model_fields = self.get_model_fields(model) @@ -134,16 +129,19 @@ def create_model_config_fields( default_value=self.get_default_value(model_field), values=self.get_example_values(model_field), ) - # whitelist or blacklist - if ( - config_field.name in self.included_fields - or config_field not in self.excluded_fields - ): - self.config_fields.all.add(config_field) + if config_field.name in self.required_fields: self.config_fields.required.add(config_field) - # TODO: delegate image field, file field etc. to handler functions/classes + # use combination of whitelist/blacklist for all fields + if self.included_fields: + if ( + config_field.name in self.included_fields + and config_field not in self.excluded_fields + ): + self.config_fields.all.add(config_field) + elif config_field.name not in self.excluded_fields: + self.config_fields.all.add(config_field) def get_required_settings(self) -> tuple[str, ...]: return tuple( @@ -164,7 +162,6 @@ class SiteConfigurationSettings(ConfigSettingsBase): "secondary_color", "accent_color", ) - included_fields = () excluded_fields = ( "id", "email_logo", @@ -198,10 +195,12 @@ class KICConfigurationSettings(ConfigSettingsBase): "register_contact_moment", "register_email", "register_employee_id", - "register_type", - "use_rsin_for_innnnpid_query_parameter", + "use_rsin_for_innNnpId_query_parameter", + ) + excluded_fields = ( + "contactmomenten_service_uuid", + "klanten_service_uuid", ) - excluded_fields = () class ZGWConfigurationSettings(ConfigSettingsBase): @@ -234,24 +233,20 @@ class ZGWConfigurationSettings(ConfigSettingsBase): "title_text", "zaak_max_confidentiality", ) - excluded_fields = () class DigiDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectDigiDConfig display_name = "DigiD OIDC Configuration" namespace = "DIGID_OIDC" - api_fields = tuple() required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") included_fields = tuple() - excluded_fields = ("id",) class DigiDSAMLConfigurationSettings(ConfigSettingsBase): model = DigidConfiguration display_name = "DigiD SAML Configuration" namespace = "DIGID" - api_fields = tuple() required_fields = ( "certificate_label", "certificate_type", @@ -262,34 +257,27 @@ class DigiDSAMLConfigurationSettings(ConfigSettingsBase): "service_name", "service_description", ) - included_fields = () - excluded_fields = ("id",) class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): model = OpenIDConnectEHerkenningConfig display_name = "eHerkenning OIDC Configuration" namespace = "EHERKENNING_OIDC" - api_fields = tuple() required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") - included_fields = tuple() - excluded_fields = ("id",) @dataclass class ConfigurationSettingsMap: - siteconfig: type = field(default=SiteConfigurationSettings) - kic: type = field(default=KICConfigurationSettings) - zgw: type = field(default=ZGWConfigurationSettings) - digid_saml: type = field(default=DigiDSAMLConfigurationSettings) - digid_oidc: type = field(default=DigiDOIDCConfigurationSettings) - eherkenning_oidc: type = field(default=eHerkenningDOIDCConfigurationSettings) - - # TODO: admin_oidc, eherkenning_saml + siteconfig: ConfigModel = SiteConfigurationSettings + kic: ConfigModel = KICConfigurationSettings + zgw: ConfigModel = ZGWConfigurationSettings + digid_oidc: ConfigModel = DigiDOIDCConfigurationSettings + digid_saml: ConfigModel = DigiDSAMLConfigurationSettings + eherkenning_oidc: ConfigModel = eHerkenningDOIDCConfigurationSettings @classmethod def get_fields(cls): - return tuple(field.default for field in dataclasses.fields(cls)) + return tuple(getattr(cls, field.name) for field in dataclasses.fields(cls)) @classmethod def get_field_names(cls): diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index 277abf036a..341d766672 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -13,12 +13,12 @@ class SiteConfigurationStep(BaseConfigurationStep): """ verbose_name = "Site configuration" + config_settings = SiteConfigurationSettings() def is_configured(self): config = SiteConfiguration.get_solo() - config_settings = SiteConfigurationSettings() - required_settings = config_settings.get_required_settings() - setting_to_config = config_settings.get_config_mapping() + required_settings = self.config_settings.get_required_settings() + setting_to_config = self.config_settings.get_config_mapping() for required_setting in required_settings: config_field = setting_to_config[required_setting] @@ -28,8 +28,7 @@ def is_configured(self): def configure(self): config = SiteConfiguration.get_solo() - config_settings = SiteConfigurationSettings() - setting_to_config = config_settings.get_config_mapping() + setting_to_config = self.config_settings.get_config_mapping() for setting_name, config_field in setting_to_config.items(): setting = getattr(settings, setting_name) diff --git a/src/open_inwoner/configurations/management/commands/generate_config_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py index a31248e456..944b350440 100644 --- a/src/open_inwoner/configurations/management/commands/generate_config_docs.py +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -31,18 +31,16 @@ def get_detailed_info(self, config: ConfigSetting) -> list[list[str]]: part.append(f"{'Variable':<20}{config.get_setting_name(field)}") part.append(f"{'Setting':<20}{field.verbose_name}") part.append(f"{'Description':<20}{field.description or 'No description'}") - part.append(f"{'Possible values':<20}{field.values or 'No information'}") - part.append(f"{'Default value':<20}{field.default_value or 'No default'}") + part.append(f"{'Possible values':<20}{field.values}") + part.append(f"{'Default value':<20}{field.default_value}") ret.append(part) return ret def format_display_name(self, display_name): """Surround title with '=' to display as heading in rst file""" - heading_bar = f"{'=' * len(display_name)}" - display_name_formatted = ( - heading_bar + "\n" + f"{display_name}" + "\n" + heading_bar - ) + heading_bar = "=" * len(display_name) + display_name_formatted = f"{heading_bar}\n{display_name}\n{heading_bar}" return display_name_formatted def write_file_from_template( @@ -69,6 +67,7 @@ def generate_single_doc(self, config_option: str) -> None: ] all_settings.sort() detailed_info = self.get_detailed_info(config) + detailed_info.sort() template_variables = { "required_settings": required_settings, From c666f224a1c70f39dcffbf212d3062ae1cf26242 Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Mon, 29 Apr 2024 14:51:11 +0200 Subject: [PATCH 7/9] [#2297] Move config models to separate files, fix type checking --- docs/configuration/admin_oidc.rst | 184 ++++++++++++ docs/configuration/digid_oidc.rst | 3 +- docs/configuration/digid_saml.rst | 3 +- docs/configuration/eherkenning_oidc.rst | 3 +- docs/configuration/eherkenning_saml.rst | 277 +++++++++++++++++ docs/configuration/kic.rst | 1 + docs/configuration/siteconfig.rst | 1 + docs/configuration/zgw.rst | 1 + .../configurations/bootstrap/auth.py | 128 ++++++++ .../configurations/bootstrap/base.py | 162 ++++++++++ .../configurations/bootstrap/dataclasses.py | 16 - .../configurations/bootstrap/kic.py | 30 ++ .../configurations/bootstrap/models.py | 284 ------------------ .../configurations/bootstrap/registry.py | 44 +++ .../configurations/bootstrap/siteconfig.py | 25 +- .../configurations/bootstrap/typing.py | 17 -- .../configurations/bootstrap/zgw.py | 34 +++ .../commands/generate_config_docs.py | 14 +- 18 files changed, 902 insertions(+), 325 deletions(-) create mode 100644 docs/configuration/admin_oidc.rst create mode 100644 docs/configuration/eherkenning_saml.rst create mode 100644 src/open_inwoner/configurations/bootstrap/base.py delete mode 100644 src/open_inwoner/configurations/bootstrap/dataclasses.py delete mode 100644 src/open_inwoner/configurations/bootstrap/models.py create mode 100644 src/open_inwoner/configurations/bootstrap/registry.py delete mode 100644 src/open_inwoner/configurations/bootstrap/typing.py diff --git a/docs/configuration/admin_oidc.rst b/docs/configuration/admin_oidc.rst new file mode 100644 index 0000000000..854866de4b --- /dev/null +++ b/docs/configuration/admin_oidc.rst @@ -0,0 +1,184 @@ +.. _admin_oidc: + +======================== +Admin OIDC Configuration +======================== + +Settings Overview +================= + +Required: +""""""""" + +:: + + ADMIN_OIDC_OIDC_RP_CLIENT_ID + ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + + +All settings: +""""""""""""" + +:: + + ADMIN_OIDC_CLAIM_MAPPING + ADMIN_OIDC_ENABLE + ADMIN_OIDC_GROUPS_CLAIM + ADMIN_OIDC_MAKE_USERS_STAFF + ADMIN_OIDC_OIDC_EXEMPT_URLS + ADMIN_OIDC_OIDC_NONCE_SIZE + ADMIN_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + ADMIN_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + ADMIN_OIDC_OIDC_OP_JWKS_ENDPOINT + ADMIN_OIDC_OIDC_OP_TOKEN_ENDPOINT + ADMIN_OIDC_OIDC_OP_USER_ENDPOINT + ADMIN_OIDC_OIDC_RP_CLIENT_ID + ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + ADMIN_OIDC_OIDC_RP_IDP_SIGN_KEY + ADMIN_OIDC_OIDC_RP_SCOPES_LIST + ADMIN_OIDC_OIDC_RP_SIGN_ALGO + ADMIN_OIDC_OIDC_STATE_SIZE + ADMIN_OIDC_OIDC_USE_NONCE + ADMIN_OIDC_SUPERUSER_GROUP_NAMES + ADMIN_OIDC_SYNC_GROUPS + ADMIN_OIDC_SYNC_GROUPS_GLOB_PATTERN + ADMIN_OIDC_USERINFO_CLAIMS_SOURCE + ADMIN_OIDC_USERNAME_CLAIM + + +Detailed Information +==================== + +:: + + Variable ADMIN_OIDC_CLAIM_MAPPING + Setting claim mapping + Description Mapping from user-model fields to OIDC claims + Possible values No information available + Default value {'email': 'email', 'first_name': 'given_name', 'last_name': 'family_name'} + + Variable ADMIN_OIDC_GROUPS_CLAIM + Setting groups claim + Description The name of the OIDC claim that holds the values to map to local user groups. + Possible values string + Default value roles + + Variable ADMIN_OIDC_MAKE_USERS_STAFF + Setting make users staff + Description Users will be flagged as being a staff user automatically. This allows users to login to the admin interface. By default they have no permissions, even if they are staff. + Possible values True, False + Default value False + + Variable ADMIN_OIDC_OIDC_EXEMPT_URLS + Setting URLs exempt from session renewal + Description This is a list of absolute url paths, regular expressions for url paths, or Django view names. This plus the mozilla-django-oidc urls are exempted from the session renewal by the SessionRefresh middleware. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable ADMIN_OIDC_OIDC_NONCE_SIZE + Setting Nonce size + Description Sets the length of the random string used for OpenID Connect nonce verification + Possible values string representing a positive integer + Default value 32 + + Variable ADMIN_OIDC_OIDC_OP_AUTHORIZATION_ENDPOINT + Setting Authorization endpoint + Description URL of your OpenID Connect provider authorization endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_DISCOVERY_ENDPOINT + Setting Discovery endpoint + Description URL of your OpenID Connect provider discovery endpoint ending with a slash (`.well-known/...` will be added automatically). If this is provided, the remaining endpoints can be omitted, as they will be derived from this endpoint. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_JWKS_ENDPOINT + Setting JSON Web Key Set endpoint + Description URL of your OpenID Connect provider JSON Web Key Set endpoint. Required if `RS256` is used as signing algorithm. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_TOKEN_ENDPOINT + Setting Token endpoint + Description URL of your OpenID Connect provider token endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_OP_USER_ENDPOINT + Setting User endpoint + Description URL of your OpenID Connect provider userinfo endpoint + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_CLIENT_ID + Setting OpenID Connect client ID + Description OpenID Connect client ID provided by the OIDC Provider + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_CLIENT_SECRET + Setting OpenID Connect secret + Description OpenID Connect secret provided by the OIDC Provider + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_IDP_SIGN_KEY + Setting Sign key + Description Key the Identity Provider uses to sign ID tokens in the case of an RSA sign algorithm. Should be the signing key in PEM or DER format. + Possible values string + Default value No default + + Variable ADMIN_OIDC_OIDC_RP_SCOPES_LIST + Setting OpenID Connect scopes + Description OpenID Connect scopes that are requested during login + Possible values string, comma-delimited ('foo,bar,baz') + Default value openid, email, profile + + Variable ADMIN_OIDC_OIDC_RP_SIGN_ALGO + Setting OpenID sign algorithm + Description Algorithm the Identity Provider uses to sign ID tokens + Possible values string + Default value HS256 + + Variable ADMIN_OIDC_OIDC_STATE_SIZE + Setting State size + Description Sets the length of the random string used for OpenID Connect state verification + Possible values string representing a positive integer + Default value 32 + + Variable ADMIN_OIDC_OIDC_USE_NONCE + Setting Use nonce + Description Controls whether the OpenID Connect client uses nonce verification + Possible values True, False + Default value True + + Variable ADMIN_OIDC_SUPERUSER_GROUP_NAMES + Setting Superuser group names + Description If any of these group names are present in the claims upon login, the user will be marked as a superuser. If none of these groups are present the user will lose superuser permissions. + Possible values string, comma-delimited ('foo,bar,baz') + Default value + + Variable ADMIN_OIDC_SYNC_GROUPS + Setting Create local user groups if they do not exist yet + Description If checked, local user groups will be created for group names present in the groups claim, if they do not exist yet locally. + Possible values True, False + Default value True + + Variable ADMIN_OIDC_SYNC_GROUPS_GLOB_PATTERN + Setting groups glob pattern + Description The glob pattern that groups must match to be synchronized to the local database. + Possible values string + Default value * + + Variable ADMIN_OIDC_USERINFO_CLAIMS_SOURCE + Setting user information claims extracted from + Description Indicates the source from which the user information claims should be extracted. + Possible values userinfo_endpoint, id_token + Default value userinfo_endpoint + + Variable ADMIN_OIDC_USERNAME_CLAIM + Setting username claim + Description The name of the OIDC claim that is used as the username + Possible values string + Default value sub diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 18c0a6fb02..8a65a18a0d 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -21,6 +21,7 @@ All settings: :: + DIGID_OIDC_ENABLE DIGID_OIDC_ENABLED DIGID_OIDC_ERROR_MESSAGE_MAPPING DIGID_OIDC_IDENTIFIER_CLAIM_NAME @@ -58,7 +59,7 @@ Detailed Information Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user Possible values No information available - Default value + Default value {} Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME Setting BSN claim name diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst index 8c1b70eb81..c7de5ec3b4 100644 --- a/docs/configuration/digid_saml.rst +++ b/docs/configuration/digid_saml.rst @@ -35,6 +35,7 @@ All settings: DIGID_CERTIFICATE_PUBLIC_CERTIFICATE DIGID_CERTIFICATE_TYPE DIGID_DIGEST_ALGORITHM + DIGID_ENABLE DIGID_ENTITY_ID DIGID_IDP_METADATA_FILE DIGID_IDP_SERVICE_ENTITY_ID @@ -152,7 +153,7 @@ Detailed Information Setting gewenste attributen Description Een lijst van strings (of objecten) met de gewenste attributen, bijvoorbeeld '["bsn"]' Possible values No information available - Default value [{'name': 'bsn', 'required': True}] + Default value {'name': 'bsn', 'required': True} Variable DIGID_SERVICE_DESCRIPTION Setting Service-omschrijving diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index cb966f1fe2..abc5ffaa26 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -21,6 +21,7 @@ All settings: :: + EHERKENNING_OIDC_ENABLE EHERKENNING_OIDC_ENABLED EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME @@ -58,7 +59,7 @@ Detailed Information Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user Possible values No information available - Default value + Default value {} Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME Setting KVK claim name diff --git a/docs/configuration/eherkenning_saml.rst b/docs/configuration/eherkenning_saml.rst new file mode 100644 index 0000000000..5ab7a4d9ce --- /dev/null +++ b/docs/configuration/eherkenning_saml.rst @@ -0,0 +1,277 @@ +.. _eherkenning_saml: + +============================== +eHerkenning SAML Configuration +============================== + +Settings Overview +================= + +Required: +""""""""" + +:: + + EHERKENNING_BASE_URL + EHERKENNING_CERTIFICATE_LABEL + EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + EHERKENNING_CERTIFICATE_TYPE + EHERKENNING_ENTITY_ID + EHERKENNING_MAKELAAR_ID + EHERKENNING_METADATA_FILE_SOURCE + EHERKENNING_OIN + EHERKENNING_PRIVACY_POLICY + EHERKENNING_SERVICE_DESCRIPTION + EHERKENNING_SERVICE_NAME + + +All settings: +""""""""""""" + +:: + + EHERKENNING_ARTIFACT_RESOLVE_CONTENT_TYPE + EHERKENNING_BASE_URL + EHERKENNING_CERTIFICATE_LABEL + EHERKENNING_CERTIFICATE_PRIVATE_KEY + EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + EHERKENNING_CERTIFICATE_TYPE + EHERKENNING_DIGEST_ALGORITHM + EHERKENNING_EH_ATTRIBUTE_CONSUMING_SERVICE_INDEX + EHERKENNING_EH_LOA + EHERKENNING_EH_REQUESTED_ATTRIBUTES + EHERKENNING_EH_SERVICE_INSTANCE_UUID + EHERKENNING_EH_SERVICE_UUID + EHERKENNING_EIDAS_ATTRIBUTE_CONSUMING_SERVICE_INDEX + EHERKENNING_EIDAS_LOA + EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES + EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID + EHERKENNING_EIDAS_SERVICE_UUID + EHERKENNING_ENABLE + EHERKENNING_ENTITY_ID + EHERKENNING_KEY_PASSPHRASE + EHERKENNING_MAKELAAR_ID + EHERKENNING_METADATA_FILE_SOURCE + EHERKENNING_NO_EIDAS + EHERKENNING_OIN + EHERKENNING_ORGANIZATION_NAME + EHERKENNING_ORGANIZATION_URL + EHERKENNING_PRIVACY_POLICY + EHERKENNING_SERVICE_DESCRIPTION + EHERKENNING_SERVICE_LANGUAGE + EHERKENNING_SERVICE_NAME + EHERKENNING_SIGNATURE_ALGORITHM + EHERKENNING_TECHNICAL_CONTACT_PERSON_EMAIL + EHERKENNING_TECHNICAL_CONTACT_PERSON_TELEPHONE + EHERKENNING_WANT_ASSERTIONS_ENCRYPTED + EHERKENNING_WANT_ASSERTIONS_SIGNED + + +Detailed Information +==================== + +:: + + Variable EHERKENNING_ARTIFACT_RESOLVE_CONTENT_TYPE + Setting Content-Type 'resolve artifact binding' + Description 'application/soap+xml' wordt als 'legacy' beschouwd. Moderne brokers verwachten typisch 'text/xml'. + Possible values application/soap+xml, text/xml + Default value application/soap+xml + + Variable EHERKENNING_BASE_URL + Setting Basis-URL + Description De basis-URL van de applicatie, zonder slash op het eind. + Possible values string + Default value No default + + Variable EHERKENNING_CERTIFICATE_LABEL + Setting label + Description Recognisable label for the certificate + Possible values string + Default value No default + + Variable EHERKENNING_CERTIFICATE_PRIVATE_KEY + Setting private key + Description The content of the private key + Possible values No information available + Default value No default + + Variable EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE + Setting public certificate + Description The content of the certificate + Possible values No information available + Default value No default + + Variable EHERKENNING_CERTIFICATE_TYPE + Setting type + Description Is this only a certificate or is there an associated private key? + Possible values key_pair, cert_only + Default value No default + + Variable EHERKENNING_DIGEST_ALGORITHM + Setting digest algorithm + Description Digest algorithm. Note that SHA1 is deprecated, but still the default value in the SAMLv2 standard. Warning: there are known issues with single-logout functionality if using anything other than SHA1 due to some hardcoded algorithm. + Possible values http://www.w3.org/2000/09/xmldsig#sha1, http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmldsig-more#sha384, http://www.w3.org/2001/04/xmlenc#sha512 + Default value http://www.w3.org/2000/09/xmldsig#sha1 + + Variable EHERKENNING_EH_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting eHerkenning attribute consuming service index + Description Attribute consuming service index voor de eHerkenningservice + Possible values string + Default value 9052 + + Variable EHERKENNING_EH_LOA + Setting eHerkenning LoA + Description Level of Assurance (LoA) to use for the eHerkenning service. + Possible values urn:etoegang:core:assurance-class:loa1, urn:etoegang:core:assurance-class:loa2, urn:etoegang:core:assurance-class:loa2plus, urn:etoegang:core:assurance-class:loa3, urn:etoegang:core:assurance-class:loa4 + Default value urn:etoegang:core:assurance-class:loa3 + + Variable EHERKENNING_EH_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. + Possible values No information available + Default value {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} + + Variable EHERKENNING_EH_SERVICE_INSTANCE_UUID + Setting UUID eHerkenningservice instance + Description UUID van de eHerkenningservice-instantie. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EH_SERVICE_UUID + Setting UUID eHerkenningservice + Description UUID van de eHerkenningservice. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EIDAS_ATTRIBUTE_CONSUMING_SERVICE_INDEX + Setting eIDAS attribute consuming service index + Description Attribute consuming service index voor de eIDAS-service + Possible values string + Default value 9053 + + Variable EHERKENNING_EIDAS_LOA + Setting eIDAS LoA + Description Level of Assurance (LoA) to use for the eIDAS service. + Possible values urn:etoegang:core:assurance-class:loa1, urn:etoegang:core:assurance-class:loa2, urn:etoegang:core:assurance-class:loa2plus, urn:etoegang:core:assurance-class:loa3, urn:etoegang:core:assurance-class:loa4 + Default value urn:etoegang:core:assurance-class:loa3 + + Variable EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES + Setting gewenste attributen + Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. + Possible values No information available + Default value {'name': 'urn:etoegang:1.9:attribute:FirstName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:FamilyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:DateOfBirth', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} + + Variable EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID + Setting UUID eIDAS-service instance + Description UUID van de eIDAS-service-instantie. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_EIDAS_SERVICE_UUID + Setting UUID eIDAS-service + Description UUID van de eIDAS-service. Eenmaal dit in catalogi opgenomen is kan de waarde enkel via een handmatig proces gewijzigd worden. + Possible values UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34) + Default value random UUID string + + Variable EHERKENNING_ENTITY_ID + Setting entity ID + Description Service provider entity ID. + Possible values string + Default value No default + + Variable EHERKENNING_KEY_PASSPHRASE + Setting wachtwoordzin private-key + Description Wachtwoord voor de private-key voor de authenticatie-flow. + Possible values string + Default value No default + + Variable EHERKENNING_MAKELAAR_ID + Setting makelaar-ID + Description OIN van de makelaar waarmee eHerkenning/eIDAS ingericht is. + Possible values string + Default value No default + + Variable EHERKENNING_METADATA_FILE_SOURCE + Setting (XML) metadata-URL + Description De URL waar het XML metadata-bestand kan gedownload worden. + Possible values string + Default value + + Variable EHERKENNING_NO_EIDAS + Setting zonder eIDAS + Description Indien aangevinkt, dan zal de dienstcatalogus enkel de eHerkenningservice bevatten. + Possible values True, False + Default value False + + Variable EHERKENNING_OIN + Setting OIN + Description De OIN van het bedrijf dat de service aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_ORGANIZATION_NAME + Setting organisatienaam + Description Naam van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de URL opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_ORGANIZATION_URL + Setting organisatie-URL + Description URL van de organisatie die de service aanbiedt waarvoor DigiD/eHerkenning/eIDAS-authenticatie ingericht is. Je moet ook de organisatienaam opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_PRIVACY_POLICY + Setting privacybeleid + Description De URL waar het privacybeleid van de service-aanbieder (organisatie) beschreven staat. + Possible values string + Default value No default + + Variable EHERKENNING_SERVICE_DESCRIPTION + Setting Service-omschrijving + Description Een beschrijving van de service die je aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_SERVICE_LANGUAGE + Setting servicetaal + Description eHerkenning/eIDAS-metadata zal deze taal bevatten + Possible values string + Default value nl + + Variable EHERKENNING_SERVICE_NAME + Setting servicenaam + Description Naam van de service die je aanbiedt. + Possible values string + Default value No default + + Variable EHERKENNING_SIGNATURE_ALGORITHM + Setting signature algorithm + Description Ondertekenalgoritme. Merk op dat DSA_SHA1 en RSA_SHA1 deprecated zijn, maar RSA_SHA1 is nog steeds de default-waarde ind e SAMLv2-standaard. Opgelet: er zijn bekende problemen met de single-logoutfunctionaliteit indien je een ander algoritme dan SHA1 gebruikt (door hardcoded algoritmes). + Possible values http://www.w3.org/2000/09/xmldsig#dsa-sha1, http://www.w3.org/2000/09/xmldsig#rsa-sha1, http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + Default value http://www.w3.org/2000/09/xmldsig#rsa-sha1 + + Variable EHERKENNING_TECHNICAL_CONTACT_PERSON_EMAIL + Setting technisch contactpersoon: e-mailadres + Description E-mailadres van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het telefoonnummer opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_TECHNICAL_CONTACT_PERSON_TELEPHONE + Setting technisch contactpersoon: telefoonnummer + Description Telefoonnummer van de technische contactpersoon voor deze DigiD/eHerkenning/eIDAS-installatie. Je moet ook het e-mailadres opgeven voor dit in de metadata beschikbaar is. + Possible values string + Default value No default + + Variable EHERKENNING_WANT_ASSERTIONS_ENCRYPTED + Setting versleutel assertions + Description Indien aangevinkt, dan moeten de XML-assertions versleuteld zijn. + Possible values True, False + Default value False + + Variable EHERKENNING_WANT_ASSERTIONS_SIGNED + Setting onderteken assertions + Description Indien aangevinkt, dan moeten de XML-assertions ondertekend zijn. In het andere geval moet de hele response ondertekend zijn. + Possible values True, False + Default value True diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index 623995dbc4..8e1e1f2289 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -30,6 +30,7 @@ All settings: KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + KIC_CONFIG_ENABLE KIC_CONFIG_KLANTEN_SERVICE_API_ROOT KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID KIC_CONFIG_KLANTEN_SERVICE_SECRET diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index a827db84da..4e17ff9b31 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -36,6 +36,7 @@ All settings: SITE_EHERKENNING_ENABLED SITE_EMAIL_NEW_MESSAGE SITE_EMAIL_VERIFICATION_REQUIRED + SITE_ENABLE SITE_FOOTER_LOGO_TITLE SITE_FOOTER_LOGO_URL SITE_GA_CODE diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index 413d3aeb7c..412b70221d 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -40,6 +40,7 @@ All settings: ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID ZGW_CONFIG_DOCUMENT_SERVICE_SECRET + ZGW_CONFIG_ENABLE ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN ZGW_CONFIG_FORM_SERVICE_API_ROOT diff --git a/src/open_inwoner/configurations/bootstrap/auth.py b/src/open_inwoner/configurations/bootstrap/auth.py index 375ff9bbf3..5dd5e2e648 100644 --- a/src/open_inwoner/configurations/bootstrap/auth.py +++ b/src/open_inwoner/configurations/bootstrap/auth.py @@ -25,6 +25,18 @@ ) from open_inwoner.configurations.models import SiteConfiguration +from .base import ConfigSettingsBase + + +# +# DigiD OIDC +# +class DigiDOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectDigiDConfig + display_name = "DigiD OIDC Configuration" + namespace = "DIGID_OIDC" + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + class DigiDOIDCConfigurationStep(BaseConfigurationStep): """ @@ -98,6 +110,16 @@ def test_configuration(self): """ +# +# eHerkenning OIDC +# +class eHerkenningOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectEHerkenningConfig + display_name = "eHerkenning OIDC Configuration" + namespace = "EHERKENNING_OIDC" + required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") + + class eHerkenningOIDCConfigurationStep(BaseConfigurationStep): """ Configure eHerkenning authentication via OpenID Connect @@ -170,6 +192,42 @@ def test_configuration(self): """ +# +# Admin OIDC +# +class AdminOIDCConfigurationSettings(ConfigSettingsBase): + model = OpenIDConnectConfig + display_name = "Admin OIDC Configuration" + namespace = "ADMIN_OIDC" + required_fields = ( + "oidc_rp_client_id", + "oidc_rp_client_secret", + ) + all_fields = required_fields + ( + "claim_mapping", + "default_groups", + "groups_claim", + "make_users_staff", + "oidc_exempt_urls", + "oidc_nonce_size", + "oidc_op_authorization_endpoint", + "oidc_op_discovery_endpoint", + "oidc_op_jwks_endpoint", + "oidc_op_token_endpoint", + "oidc_op_user_endpoint", + "oidc_rp_idp_sign_key", + "oidc_rp_scopes_list", + "oidc_rp_sign_algo", + "oidc_state_size", + "oidc_use_nonce", + "superuser_group_names", + "sync_groups", + "sync_groups_glob_pattern", + "userinfo_claims_source", + "username_claim", + ) + + class AdminOIDCConfigurationStep(BaseConfigurationStep): """ Configure admin login via OpenID Connect @@ -251,6 +309,25 @@ def test_configuration(self): """ +# +# DigiD SAML +# +class DigiDSAMLConfigurationSettings(ConfigSettingsBase): + model = DigidConfiguration + display_name = "DigiD SAML Configuration" + namespace = "DIGID" + required_fields = ( + "certificate_label", + "certificate_type", + "certificate_public_certificate", + "metadata_file_source", + "entity_id", + "base_url", + "service_name", + "service_description", + ) + + class DigiDConfigurationStep(BaseConfigurationStep): """ Configure DigiD via SAML @@ -356,6 +433,57 @@ def test_configuration(self): """ +# +# eHerkenning SAML +# +class eHerkenningSAMLConfigurationSettings(ConfigSettingsBase): + model = EherkenningConfiguration + display_name = "eHerkenning SAML Configuration" + namespace = "EHERKENNING" + required_fields = ( + "base_url", + "certificate_label", + "certificate_public_certificate", + "certificate_type", + "entity_id", + "makelaar_id", + "metadata_file_source", + "oin", + "privacy_policy", + "service_description", + "service_name", + ) + all_fields = required_fields + ( + "artifact_resolve_content_type", + "base_url", + "certificate_private_key", + "digest_algorithm", + "eh_attribute_consuming_service_index", + "eh_loa", + "eh_requested_attributes", + "eh_service_instance_uuid", + "eh_service_uuid", + "eidas_attribute_consuming_service_index", + "eidas_loa", + "eidas_requested_attributes", + "eidas_service_instance_uuid", + "eidas_service_uuid", + "entity_id", + "key_passphrase", + "no_eidas", + "organization_name", + "organization_url", + "service_description", + "service_language", + "service_name", + "signature_algorithm", + "technical_contact_person_email", + "technical_contact_person_telephone", + "want_assertions_encrypted", + "want_assertions_signed", + ) + + class eHerkenningConfigurationStep(BaseConfigurationStep): """ Configure eHerkenning via SAML diff --git a/src/open_inwoner/configurations/bootstrap/base.py b/src/open_inwoner/configurations/bootstrap/base.py new file mode 100644 index 0000000000..4262ca9632 --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/base.py @@ -0,0 +1,162 @@ +from dataclasses import dataclass, field +from typing import Iterator, Mapping, Sequence + +from django.contrib.postgres.fields import ArrayField +from django.db import models +from django.db.models.fields import NOT_PROVIDED +from django.db.models.fields.json import JSONField +from django.db.models.fields.related import ForeignKey, OneToOneField + +from .choices import BasicFieldDescription + + +@dataclass(frozen=True, eq=True) +class ConfigField: + name: str + verbose_name: str + description: str + default_value: str + values: str + + +@dataclass +class Fields: + all: set[ConfigField] = field(default_factory=set) + required: set[ConfigField] = field(default_factory=set) + + +class ConfigSettingsBase: + model: models.Model + display_name: str + namespace: str + required_fields = tuple() + all_fields = tuple() + excluded_fields = ("id",) + + def __init__(self): + self.config_fields = Fields() + + self.create_config_fields( + require=self.required_fields, + exclude=self.excluded_fields, + include=self.all_fields, + model=self.model, + ) + + @classmethod + def get_setting_name(cls, field: ConfigField) -> str: + return f"{cls.namespace}_" + field.name.upper() + + @staticmethod + def get_default_value(field: models.Field) -> str: + default = field.default + + if default is NOT_PROVIDED: + return "No default" + + # needed to make `generate_config_docs` idempotent + # because UUID's are randomly generated + if isinstance(field, models.UUIDField): + return "random UUID string" + + # if default is a function, call the function to retrieve the value; + # we don't immediately return because we need to check the type first + # and cast to another type if necessary (e.g. list is unhashable) + if callable(default): + default = default() + + if isinstance(default, Mapping): + return str(default) + + # check for field type as well to avoid splitting values from CharField + if isinstance(field, (JSONField, ArrayField)) and isinstance(default, Sequence): + try: + return ", ".join(str(item) for item in default) + except TypeError: + return str(default) + + return default + + @staticmethod + def get_example_values(field: models.Field) -> str: + # fields with choices + if choices := field.choices: + values = [choice[0] for choice in choices] + return ", ".join(values) + + # other fields + field_type = field.get_internal_type() + match field_type: + case item if item in BasicFieldDescription.names: + return getattr(BasicFieldDescription, field_type) + case _: + return "No information available" + + def get_model_fields(self, model) -> Iterator[models.Field]: + return ( + field + for field in model._meta.concrete_fields + if field.name not in self.excluded_fields + ) + + def create_config_fields( + self, + require: tuple[str, ...], + exclude: tuple[str, ...], + include: tuple[str, ...], + model: models.Model, + relating_field: models.Field | None = None, + ) -> None: + """ + Create a `ConfigField` instance for each field of the provided `model` and + add it to `all_fields` and `required_fields` + + Basic fields provided the base case, relations (`ForeignKey`, `OneToOneField`) + are handled recursively + """ + + model_fields = self.get_model_fields(model) + + for model_field in model_fields: + if isinstance(model_field, (ForeignKey, OneToOneField)): + self.create_config_fields( + require=require, + exclude=exclude, + include=include, + model=model_field.related_model, + relating_field=model_field, + ) + else: + if model_field.name in self.excluded_fields: + continue + + # model field name could be "api_root", + # but we need "xyz_service_api_root" (or similar) for consistency + if relating_field: + name = f"{relating_field.name}_{model_field.name}" + else: + name = model_field.name + + config_field = ConfigField( + name=name, + verbose_name=model_field.verbose_name, + description=model_field.help_text, + default_value=self.get_default_value(model_field), + values=self.get_example_values(model_field), + ) + + if config_field.name in self.required_fields: + self.config_fields.required.add(config_field) + + # if all_fields is empty, that means we're filtering by blacklist, + # hence the config_field is included by default + if not self.all_fields or config_field.name in self.all_fields: + self.config_fields.all.add(config_field) + + def get_required_settings(self) -> tuple[str, ...]: + return tuple( + self.get_setting_name(field) for field in self.config_fields.required + ) + + def get_config_mapping(self) -> dict[str, ConfigField]: + return {self.get_setting_name(field): field for field in self.config_fields.all} diff --git a/src/open_inwoner/configurations/bootstrap/dataclasses.py b/src/open_inwoner/configurations/bootstrap/dataclasses.py deleted file mode 100644 index b3db9e63e0..0000000000 --- a/src/open_inwoner/configurations/bootstrap/dataclasses.py +++ /dev/null @@ -1,16 +0,0 @@ -from dataclasses import dataclass, field - - -@dataclass(frozen=True, eq=True) -class ConfigField: - name: str - verbose_name: str - description: str - default_value: str - values: str - - -@dataclass -class Fields: - all: set[ConfigField] = field(default_factory=set) - required: set[ConfigField] = field(default_factory=set) diff --git a/src/open_inwoner/configurations/bootstrap/kic.py b/src/open_inwoner/configurations/bootstrap/kic.py index d48d47401e..fab1f6bac0 100644 --- a/src/open_inwoner/configurations/bootstrap/kic.py +++ b/src/open_inwoner/configurations/bootstrap/kic.py @@ -10,6 +10,36 @@ from open_inwoner.openklant.models import OpenKlantConfig from open_inwoner.utils.api import ClientError +from .base import ConfigSettingsBase + + +class KICConfigurationSettings(ConfigSettingsBase): + model = OpenKlantConfig + display_name = "Klanten Configuration" + namespace = "KIC_CONFIG" + required_fields = ( + "contactmomenten_service_client_id", + "contactmomenten_service_secret", + "contactmomenten_service_api_root", + "klanten_service_client_id", + "klanten_service_secret", + "klanten_service_api_root", + "register_type", + "register_contact_moment", + ) + all_fields = required_fields + ( + "register_bronorganisatie_rsin", + "register_channel", + "register_contact_moment", + "register_email", + "register_employee_id", + "use_rsin_for_innNnpId_query_parameter", + ) + excluded_fields = ( + "contactmomenten_service_uuid", + "klanten_service_uuid", + ) + class KlantenAPIConfigurationStep(BaseConfigurationStep): """ diff --git a/src/open_inwoner/configurations/bootstrap/models.py b/src/open_inwoner/configurations/bootstrap/models.py deleted file mode 100644 index 5b5e8e557f..0000000000 --- a/src/open_inwoner/configurations/bootstrap/models.py +++ /dev/null @@ -1,284 +0,0 @@ -import dataclasses -from dataclasses import dataclass -from typing import Iterator, TypeAlias - -from django.contrib.postgres.fields import ArrayField -from django.db import models -from django.db.models.fields import NOT_PROVIDED -from django.db.models.fields.json import JSONField -from django.db.models.fields.related import ForeignKey, OneToOneField - -from digid_eherkenning.models import DigidConfiguration - -from digid_eherkenning_oidc_generics.models import ( - OpenIDConnectDigiDConfig, - OpenIDConnectEHerkenningConfig, -) -from open_inwoner.configurations.models import SiteConfiguration -from open_inwoner.openklant.models import OpenKlantConfig -from open_inwoner.openzaak.models import OpenZaakConfig - -from .choices import BasicFieldDescription -from .dataclasses import ConfigField, Fields - -ConfigModel: TypeAlias = ( - SiteConfiguration - | OpenKlantConfig - | OpenZaakConfig - | OpenIDConnectDigiDConfig - | OpenIDConnectEHerkenningConfig -) - - -class ConfigSettingsBase: - model: ConfigModel - display_name: str - namespace: str - required_fields = tuple() - included_fields = tuple() - excluded_fields = ("id",) - - def __init__(self): - self.config_fields = Fields() - - self.create_model_config_fields( - require=self.required_fields, - exclude=self.excluded_fields, - include=self.included_fields, - model=self.model, - ) - - @classmethod - def get_setting_name(cls, field: ConfigField) -> str: - return f"{cls.namespace}_" + field.name.upper() - - @staticmethod - def get_default_value(field: models.Field) -> str: - default = field.default - - if default is NOT_PROVIDED: - return "No default" - if callable(default): - default = default() - if isinstance(field, (JSONField, ArrayField)): - try: - default = ", ".join(default) - except TypeError: - default = str(default) - # needed to make `generate_config_docs` idempotent - # because UUID's are randomly generated - if isinstance(field, models.UUIDField): - default = "random UUID string" - - return default - - @staticmethod - def get_example_values(field: models.Field) -> str: - # fields with choices - if choices := field.choices: - values = [choice[0] for choice in choices] - return ", ".join(values) - - # other fields - field_type = field.get_internal_type() - match field_type: - case item if item in BasicFieldDescription.names: - return getattr(BasicFieldDescription, field_type) - case _: - return "No information available" - - def get_model_fields(self, model) -> Iterator[models.Field]: - return ( - field - for field in model._meta.concrete_fields - if field.name not in self.excluded_fields - ) - - def create_model_config_fields( - self, - require: tuple[str, ...], - exclude: tuple[str, ...], - include: tuple[str, ...], - model: models.Field, - relating_field: models.Field = None, - ) -> None: - - model_fields = self.get_model_fields(model) - - for model_field in model_fields: - if isinstance(model_field, (ForeignKey, OneToOneField)): - self.create_model_config_fields( - require=require, - exclude=exclude, - include=include, - model=model_field.related_model, - relating_field=model_field, - ) - else: - # model field name could be "api_root", - # but we need "xyz_service_api_root" (or similar) for consistency - if relating_field: - name = f"{relating_field.name}_{model_field.name}" - else: - name = model_field.name - - config_field = ConfigField( - name=name, - verbose_name=model_field.verbose_name, - description=model_field.help_text, - default_value=self.get_default_value(model_field), - values=self.get_example_values(model_field), - ) - - if config_field.name in self.required_fields: - self.config_fields.required.add(config_field) - - # use combination of whitelist/blacklist for all fields - if self.included_fields: - if ( - config_field.name in self.included_fields - and config_field not in self.excluded_fields - ): - self.config_fields.all.add(config_field) - elif config_field.name not in self.excluded_fields: - self.config_fields.all.add(config_field) - - def get_required_settings(self) -> tuple[str, ...]: - return tuple( - self.get_setting_name(field) for field in self.config_fields.required - ) - - def get_config_mapping(self) -> dict[str, ConfigField]: - return {self.get_setting_name(field): field for field in self.config_fields.all} - - -class SiteConfigurationSettings(ConfigSettingsBase): - model = SiteConfiguration - display_name = "General Configuration" - namespace = "SITE" - required_fields = ( - "name", - "primary_color", - "secondary_color", - "accent_color", - ) - excluded_fields = ( - "id", - "email_logo", - "footer_logo", - "favicon", - "openid_connect_logo", - "extra_css", - "logo", - "hero_image_login", - "theme_stylesheet", - ) - - -class KICConfigurationSettings(ConfigSettingsBase): - model = OpenKlantConfig - display_name = "Klanten Configuration" - namespace = "KIC_CONFIG" - required_fields = ( - "contactmomenten_service_client_id", - "contactmomenten_service_secret", - "contactmomenten_service_api_root", - "klanten_service_client_id", - "klanten_service_secret", - "klanten_service_api_root", - "register_type", - "register_contact_moment", - ) - included_fields = required_fields + ( - "register_bronorganisatie_rsin", - "register_channel", - "register_contact_moment", - "register_email", - "register_employee_id", - "use_rsin_for_innNnpId_query_parameter", - ) - excluded_fields = ( - "contactmomenten_service_uuid", - "klanten_service_uuid", - ) - - -class ZGWConfigurationSettings(ConfigSettingsBase): - model = OpenZaakConfig - display_name = "ZGW Configuration" - namespace = "ZGW_CONFIG" - required_fields = ( - "catalogi_service_client_id", - "catalogi_service_secret", - "catalogi_service_api_root", - "document_service_client_id", - "document_service_secret", - "document_service_api_root", - "form_service_client_id", - "form_service_secret", - "form_service_api_root", - "zaak_service_client_id", - "zaak_service_secret", - "zaak_service_api_root", - ) - included_fields = required_fields + ( - "action_required_deadline_days", - "allowed_file_extensions", - "document_max_confidentiality", - "enable_categories_filtering_with_zaken", - "fetch_eherkenning_zaken_with_rsin", - "max_upload_size", - "reformat_esuite_zaak_identificatie", - "skip_notification_statustype_informeren", - "title_text", - "zaak_max_confidentiality", - ) - - -class DigiDOIDCConfigurationSettings(ConfigSettingsBase): - model = OpenIDConnectDigiDConfig - display_name = "DigiD OIDC Configuration" - namespace = "DIGID_OIDC" - required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") - included_fields = tuple() - - -class DigiDSAMLConfigurationSettings(ConfigSettingsBase): - model = DigidConfiguration - display_name = "DigiD SAML Configuration" - namespace = "DIGID" - required_fields = ( - "certificate_label", - "certificate_type", - "certificate_public_certificate", - "metadata_file_source", - "entity_id", - "base_url", - "service_name", - "service_description", - ) - - -class eHerkenningDOIDCConfigurationSettings(ConfigSettingsBase): - model = OpenIDConnectEHerkenningConfig - display_name = "eHerkenning OIDC Configuration" - namespace = "EHERKENNING_OIDC" - required_fields = ("oidc_rp_client_id", "oidc_rp_client_secret") - - -@dataclass -class ConfigurationSettingsMap: - siteconfig: ConfigModel = SiteConfigurationSettings - kic: ConfigModel = KICConfigurationSettings - zgw: ConfigModel = ZGWConfigurationSettings - digid_oidc: ConfigModel = DigiDOIDCConfigurationSettings - digid_saml: ConfigModel = DigiDSAMLConfigurationSettings - eherkenning_oidc: ConfigModel = eHerkenningDOIDCConfigurationSettings - - @classmethod - def get_fields(cls): - return tuple(getattr(cls, field.name) for field in dataclasses.fields(cls)) - - @classmethod - def get_field_names(cls): - return tuple(field.name for field in dataclasses.fields(cls)) diff --git a/src/open_inwoner/configurations/bootstrap/registry.py b/src/open_inwoner/configurations/bootstrap/registry.py new file mode 100644 index 0000000000..8b3931afca --- /dev/null +++ b/src/open_inwoner/configurations/bootstrap/registry.py @@ -0,0 +1,44 @@ +import dataclasses +from typing import TypeAlias + +from .auth import ( + AdminOIDCConfigurationSettings, + DigiDOIDCConfigurationSettings, + DigiDSAMLConfigurationSettings, + eHerkenningSAMLConfigurationSettings, + eHerkenningOIDCConfigurationSettings, +) +from .kic import KICConfigurationSettings +from .siteconfig import SiteConfigurationSettings +from .zgw import ZGWConfigurationSettings + + +ConfigSetting: TypeAlias = ( + SiteConfigurationSettings + | KICConfigurationSettings + | ZGWConfigurationSettings + | AdminOIDCConfigurationSettings + | DigiDOIDCConfigurationSettings + | eHerkenningOIDCConfigurationSettings + | eHerkenningSAMLConfigurationSettings +) + + +@dataclasses.dataclass +class ConfigurationRegistry: + siteconfig: ConfigSetting = SiteConfigurationSettings + kic: ConfigSetting = KICConfigurationSettings + zgw: ConfigSetting = ZGWConfigurationSettings + admin_oidc: ConfigSetting = AdminOIDCConfigurationSettings + digid_oidc: ConfigSetting = DigiDOIDCConfigurationSettings + digid_saml: ConfigSetting = DigiDSAMLConfigurationSettings + eherkenning_oidc: ConfigSetting = eHerkenningOIDCConfigurationSettings + eherkenning_saml: ConfigSetting = eHerkenningSAMLConfigurationSettings + + @classmethod + def get_fields(cls): + return tuple(getattr(cls, field.name) for field in dataclasses.fields(cls)) + + @classmethod + def get_field_names(cls): + return tuple(field.name for field in dataclasses.fields(cls)) diff --git a/src/open_inwoner/configurations/bootstrap/siteconfig.py b/src/open_inwoner/configurations/bootstrap/siteconfig.py index 341d766672..0b66092802 100644 --- a/src/open_inwoner/configurations/bootstrap/siteconfig.py +++ b/src/open_inwoner/configurations/bootstrap/siteconfig.py @@ -4,7 +4,30 @@ from open_inwoner.configurations.models import SiteConfiguration -from .models import SiteConfigurationSettings +from .base import ConfigSettingsBase + + +class SiteConfigurationSettings(ConfigSettingsBase): + model = SiteConfiguration + display_name = "General Configuration" + namespace = "SITE" + required_fields = ( + "name", + "primary_color", + "secondary_color", + "accent_color", + ) + excluded_fields = ( + "id", + "email_logo", + "footer_logo", + "favicon", + "openid_connect_logo", + "extra_css", + "logo", + "hero_image_login", + "theme_stylesheet", + ) class SiteConfigurationStep(BaseConfigurationStep): diff --git a/src/open_inwoner/configurations/bootstrap/typing.py b/src/open_inwoner/configurations/bootstrap/typing.py deleted file mode 100644 index 34946fcba4..0000000000 --- a/src/open_inwoner/configurations/bootstrap/typing.py +++ /dev/null @@ -1,17 +0,0 @@ -from typing import TypeAlias - -from .models import ( - DigiDOIDCConfigurationSettings, - KICConfigurationSettings, - SiteConfigurationSettings, - ZGWConfigurationSettings, - eHerkenningDOIDCConfigurationSettings, -) - -ConfigSetting: TypeAlias = ( - SiteConfigurationSettings - | KICConfigurationSettings - | ZGWConfigurationSettings - | DigiDOIDCConfigurationSettings - | eHerkenningDOIDCConfigurationSettings -) diff --git a/src/open_inwoner/configurations/bootstrap/zgw.py b/src/open_inwoner/configurations/bootstrap/zgw.py index 8e65cfde89..2be71d2c14 100644 --- a/src/open_inwoner/configurations/bootstrap/zgw.py +++ b/src/open_inwoner/configurations/bootstrap/zgw.py @@ -10,6 +10,40 @@ from open_inwoner.openzaak.models import OpenZaakConfig from open_inwoner.utils.api import ClientError +from .base import ConfigSettingsBase + + +class ZGWConfigurationSettings(ConfigSettingsBase): + model = OpenZaakConfig + display_name = "ZGW Configuration" + namespace = "ZGW_CONFIG" + required_fields = ( + "catalogi_service_client_id", + "catalogi_service_secret", + "catalogi_service_api_root", + "document_service_client_id", + "document_service_secret", + "document_service_api_root", + "form_service_client_id", + "form_service_secret", + "form_service_api_root", + "zaak_service_client_id", + "zaak_service_secret", + "zaak_service_api_root", + ) + all_fields = required_fields + ( + "action_required_deadline_days", + "allowed_file_extensions", + "document_max_confidentiality", + "enable_categories_filtering_with_zaken", + "fetch_eherkenning_zaken_with_rsin", + "max_upload_size", + "reformat_esuite_zaak_identificatie", + "skip_notification_statustype_informeren", + "title_text", + "zaak_max_confidentiality", + ) + class ZakenAPIConfigurationStep(BaseConfigurationStep): """ diff --git a/src/open_inwoner/configurations/management/commands/generate_config_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py index 944b350440..6ee5ad14a7 100644 --- a/src/open_inwoner/configurations/management/commands/generate_config_docs.py +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -5,10 +5,12 @@ from django.core.management.base import BaseCommand from django.template import loader -from open_inwoner.configurations.bootstrap.models import ConfigurationSettingsMap -from open_inwoner.configurations.bootstrap.typing import ConfigSetting +from open_inwoner.configurations.bootstrap.registry import ( + ConfigSetting, + ConfigurationRegistry, +) -SUPPORTED_OPTIONS = ConfigurationSettingsMap.get_field_names() +SUPPORTED_OPTIONS = ConfigurationRegistry.get_field_names() TEMPLATE_PATH = Path("configurations/config_doc.rst") TARGET_DIR = Path(settings.BASE_DIR) / "docs" / "configuration" @@ -20,7 +22,7 @@ def add_arguments(self, parser): parser.add_argument("config_option", nargs="?") def get_config(self, config_option: str) -> ConfigSetting: - config_model = getattr(ConfigurationSettingsMap, config_option, None) + config_model = getattr(ConfigurationRegistry, config_option, None) config_instance = config_model() return config_instance @@ -62,10 +64,14 @@ def generate_single_doc(self, config_option: str) -> None: config.get_setting_name(field) for field in config.config_fields.required ] required_settings.sort() + all_settings = [ config.get_setting_name(field) for field in config.config_fields.all ] + # enable setting is not related to any model field + all_settings.append(f"{config.namespace}_ENABLE") all_settings.sort() + detailed_info = self.get_detailed_info(config) detailed_info.sort() From 185d817768e702bda758bb1096e2fa846e61df23 Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Tue, 30 Apr 2024 14:37:55 +0200 Subject: [PATCH 8/9] [#2297] Make variable names consistent --- docs/configuration/admin_oidc.rst | 10 +- docs/configuration/digid_oidc.rst | 10 +- docs/configuration/digid_saml.rst | 10 +- docs/configuration/eherkenning_oidc.rst | 10 +- docs/configuration/eherkenning_saml.rst | 10 +- docs/configuration/general.rst | 6 + docs/configuration/kic.rst | 78 +++++----- docs/configuration/siteconfig.rst | 10 +- docs/configuration/zgw.rst | 122 ++++++++------- .../conf/app/setup_configuration.py | 144 +++++++++--------- .../configurations/bootstrap/base.py | 18 ++- .../configurations/bootstrap/kic.py | 76 ++++----- .../configurations/bootstrap/registry.py | 4 +- .../configurations/bootstrap/zgw.py | 130 ++++++++-------- .../commands/generate_config_docs.py | 3 +- .../templates/configurations/config_doc.rst | 11 +- .../tests/bootstrap/test_setup_kic_config.py | 66 ++++---- .../tests/bootstrap/test_setup_zgw_config.py | 102 ++++++------- 18 files changed, 432 insertions(+), 388 deletions(-) diff --git a/docs/configuration/admin_oidc.rst b/docs/configuration/admin_oidc.rst index 854866de4b..608a45e7f7 100644 --- a/docs/configuration/admin_oidc.rst +++ b/docs/configuration/admin_oidc.rst @@ -7,6 +7,13 @@ Admin OIDC Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + ADMIN_OIDC_CONFIG_ENABLE + Required: """"""""" @@ -15,14 +22,12 @@ Required: ADMIN_OIDC_OIDC_RP_CLIENT_ID ADMIN_OIDC_OIDC_RP_CLIENT_SECRET - All settings: """"""""""""" :: ADMIN_OIDC_CLAIM_MAPPING - ADMIN_OIDC_ENABLE ADMIN_OIDC_GROUPS_CLAIM ADMIN_OIDC_MAKE_USERS_STAFF ADMIN_OIDC_OIDC_EXEMPT_URLS @@ -45,7 +50,6 @@ All settings: ADMIN_OIDC_USERINFO_CLAIMS_SOURCE ADMIN_OIDC_USERNAME_CLAIM - Detailed Information ==================== diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 8a65a18a0d..5e8d252385 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -7,6 +7,13 @@ DigiD OIDC Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + DIGID_OIDC_CONFIG_ENABLE + Required: """"""""" @@ -15,13 +22,11 @@ Required: DIGID_OIDC_OIDC_RP_CLIENT_ID DIGID_OIDC_OIDC_RP_CLIENT_SECRET - All settings: """"""""""""" :: - DIGID_OIDC_ENABLE DIGID_OIDC_ENABLED DIGID_OIDC_ERROR_MESSAGE_MAPPING DIGID_OIDC_IDENTIFIER_CLAIM_NAME @@ -43,7 +48,6 @@ All settings: DIGID_OIDC_OIDC_USE_NONCE DIGID_OIDC_USERINFO_CLAIMS_SOURCE - Detailed Information ==================== diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst index c7de5ec3b4..52db859f41 100644 --- a/docs/configuration/digid_saml.rst +++ b/docs/configuration/digid_saml.rst @@ -7,6 +7,13 @@ DigiD SAML Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + DIGID_CONFIG_ENABLE + Required: """"""""" @@ -21,7 +28,6 @@ Required: DIGID_SERVICE_DESCRIPTION DIGID_SERVICE_NAME - All settings: """"""""""""" @@ -35,7 +41,6 @@ All settings: DIGID_CERTIFICATE_PUBLIC_CERTIFICATE DIGID_CERTIFICATE_TYPE DIGID_DIGEST_ALGORITHM - DIGID_ENABLE DIGID_ENTITY_ID DIGID_IDP_METADATA_FILE DIGID_IDP_SERVICE_ENTITY_ID @@ -53,7 +58,6 @@ All settings: DIGID_WANT_ASSERTIONS_ENCRYPTED DIGID_WANT_ASSERTIONS_SIGNED - Detailed Information ==================== diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index abc5ffaa26..548d9efdaf 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -7,6 +7,13 @@ eHerkenning OIDC Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + EHERKENNING_OIDC_CONFIG_ENABLE + Required: """"""""" @@ -15,13 +22,11 @@ Required: EHERKENNING_OIDC_OIDC_RP_CLIENT_ID EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET - All settings: """"""""""""" :: - EHERKENNING_OIDC_ENABLE EHERKENNING_OIDC_ENABLED EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME @@ -43,7 +48,6 @@ All settings: EHERKENNING_OIDC_OIDC_USE_NONCE EHERKENNING_OIDC_USERINFO_CLAIMS_SOURCE - Detailed Information ==================== diff --git a/docs/configuration/eherkenning_saml.rst b/docs/configuration/eherkenning_saml.rst index 5ab7a4d9ce..c47e185a04 100644 --- a/docs/configuration/eherkenning_saml.rst +++ b/docs/configuration/eherkenning_saml.rst @@ -7,6 +7,13 @@ eHerkenning SAML Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + EHERKENNING_CONFIG_ENABLE + Required: """"""""" @@ -24,7 +31,6 @@ Required: EHERKENNING_SERVICE_DESCRIPTION EHERKENNING_SERVICE_NAME - All settings: """"""""""""" @@ -47,7 +53,6 @@ All settings: EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID EHERKENNING_EIDAS_SERVICE_UUID - EHERKENNING_ENABLE EHERKENNING_ENTITY_ID EHERKENNING_KEY_PASSPHRASE EHERKENNING_MAKELAAR_ID @@ -66,7 +71,6 @@ All settings: EHERKENNING_WANT_ASSERTIONS_ENCRYPTED EHERKENNING_WANT_ASSERTIONS_SIGNED - Detailed Information ==================== diff --git a/docs/configuration/general.rst b/docs/configuration/general.rst index 6804bf03ad..dec4e46896 100644 --- a/docs/configuration/general.rst +++ b/docs/configuration/general.rst @@ -64,6 +64,12 @@ Supported configurations `ZGW configuration <./zgw.rst>`_ +`Admin OIDC configuration <./admin_oidc.rst>`_ + `DigiD OIDC configuration <./digid_oidc.rst>`_ +`DigiD SAML configuration <./digid_saml.rst>`_ + `eHerkenning OIDC configuration <./eherkenning_oidc.rst>`_ + +`eHerkenning SAML configuration <./eherkenning_saml.rst>`_ diff --git a/docs/configuration/kic.rst b/docs/configuration/kic.rst index 8e1e1f2289..b530b1dfb2 100644 --- a/docs/configuration/kic.rst +++ b/docs/configuration/kic.rst @@ -7,120 +7,124 @@ Klanten Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + KIC_CONFIG_ENABLE + Required: """"""""" :: - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET - KIC_CONFIG_KLANTEN_SERVICE_API_ROOT - KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID - KIC_CONFIG_KLANTEN_SERVICE_SECRET - KIC_CONFIG_REGISTER_CONTACT_MOMENT - KIC_CONFIG_REGISTER_TYPE - + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONTACTMOMENTEN_SERVICE_SECRET + KIC_KLANTEN_SERVICE_API_ROOT + KIC_KLANTEN_SERVICE_CLIENT_ID + KIC_KLANTEN_SERVICE_SECRET + KIC_REGISTER_CONTACT_MOMENT + KIC_REGISTER_TYPE All settings: """"""""""""" :: - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID - KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET - KIC_CONFIG_ENABLE - KIC_CONFIG_KLANTEN_SERVICE_API_ROOT - KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID - KIC_CONFIG_KLANTEN_SERVICE_SECRET - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN - KIC_CONFIG_REGISTER_CHANNEL - KIC_CONFIG_REGISTER_CONTACT_MOMENT - KIC_CONFIG_REGISTER_EMAIL - KIC_CONFIG_REGISTER_EMPLOYEE_ID - KIC_CONFIG_REGISTER_TYPE - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER - + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID + KIC_CONTACTMOMENTEN_SERVICE_SECRET + KIC_KLANTEN_SERVICE_API_ROOT + KIC_KLANTEN_SERVICE_CLIENT_ID + KIC_KLANTEN_SERVICE_SECRET + KIC_REGISTER_BRONORGANISATIE_RSIN + KIC_REGISTER_CHANNEL + KIC_REGISTER_CONTACT_MOMENT + KIC_REGISTER_EMAIL + KIC_REGISTER_EMPLOYEE_ID + KIC_REGISTER_TYPE + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER Detailed Information ==================== :: - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_API_ROOT + Variable KIC_CONTACTMOMENTEN_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_CLIENT_ID + Variable KIC_CONTACTMOMENTEN_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable KIC_CONFIG_CONTACTMOMENTEN_SERVICE_SECRET + Variable KIC_CONTACTMOMENTEN_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_SERVICE_API_ROOT + Variable KIC_KLANTEN_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_SERVICE_CLIENT_ID + Variable KIC_KLANTEN_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable KIC_CONFIG_KLANTEN_SERVICE_SECRET + Variable KIC_KLANTEN_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN + Variable KIC_REGISTER_BRONORGANISATIE_RSIN Setting Organisatie RSIN Description No description Possible values string Default value - Variable KIC_CONFIG_REGISTER_CHANNEL + Variable KIC_REGISTER_CHANNEL Setting Contactmoment kanaal Description De kanaal waarop nieuwe contactmomenten worden aangemaakt Possible values string Default value contactformulier - Variable KIC_CONFIG_REGISTER_CONTACT_MOMENT + Variable KIC_REGISTER_CONTACT_MOMENT Setting Registreer in Contactmomenten API Description No description Possible values True, False Default value False - Variable KIC_CONFIG_REGISTER_EMAIL + Variable KIC_REGISTER_EMAIL Setting Registreer op email adres Description No description Possible values string Default value No default - Variable KIC_CONFIG_REGISTER_EMPLOYEE_ID + Variable KIC_REGISTER_EMPLOYEE_ID Setting Medewerker identificatie Description Gebruikersnaam van actieve medewerker uit e-Suite Possible values string Default value - Variable KIC_CONFIG_REGISTER_TYPE + Variable KIC_REGISTER_TYPE Setting Contactmoment type Description Naam van 'contacttype' uit e-Suite Possible values string Default value Melding - Variable KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + Variable KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER Setting Haal bronnen op uit de Klanten- en Contactmomenten-API's voor gebruikers die zijn geauthenticeerd met eHerkenning via RSIN Description Indien ingeschakeld, worden bronnen uit de Klanten- en Contactmomenten-API's voor eHerkenning-gebruikers opgehaald via RSIN (Open Klant). Indien niet ingeschakeld, worden deze bronnen via het KVK-nummer. Possible values True, False diff --git a/docs/configuration/siteconfig.rst b/docs/configuration/siteconfig.rst index 4e17ff9b31..b37c9e67a3 100644 --- a/docs/configuration/siteconfig.rst +++ b/docs/configuration/siteconfig.rst @@ -7,6 +7,13 @@ General Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + SITE_CONFIG_ENABLE + Required: """"""""" @@ -17,7 +24,6 @@ Required: SITE_PRIMARY_COLOR SITE_SECONDARY_COLOR - All settings: """"""""""""" @@ -36,7 +42,6 @@ All settings: SITE_EHERKENNING_ENABLED SITE_EMAIL_NEW_MESSAGE SITE_EMAIL_VERIFICATION_REQUIRED - SITE_ENABLE SITE_FOOTER_LOGO_TITLE SITE_FOOTER_LOGO_URL SITE_GA_CODE @@ -93,7 +98,6 @@ All settings: SITE_WARNING_BANNER_FONT_COLOR SITE_WARNING_BANNER_TEXT - Detailed Information ==================== diff --git a/docs/configuration/zgw.rst b/docs/configuration/zgw.rst index 412b70221d..621b88660b 100644 --- a/docs/configuration/zgw.rst +++ b/docs/configuration/zgw.rst @@ -7,187 +7,191 @@ ZGW Configuration Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + ZGW_CONFIG_ENABLE + Required: """"""""" :: - ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT - ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID - ZGW_CONFIG_CATALOGI_SERVICE_SECRET - ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT - ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID - ZGW_CONFIG_DOCUMENT_SERVICE_SECRET - ZGW_CONFIG_FORM_SERVICE_API_ROOT - ZGW_CONFIG_FORM_SERVICE_CLIENT_ID - ZGW_CONFIG_FORM_SERVICE_SECRET - ZGW_CONFIG_ZAAK_SERVICE_API_ROOT - ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID - ZGW_CONFIG_ZAAK_SERVICE_SECRET - + ZGW_CATALOGI_SERVICE_API_ROOT + ZGW_CATALOGI_SERVICE_CLIENT_ID + ZGW_CATALOGI_SERVICE_SECRET + ZGW_DOCUMENT_SERVICE_API_ROOT + ZGW_DOCUMENT_SERVICE_CLIENT_ID + ZGW_DOCUMENT_SERVICE_SECRET + ZGW_FORM_SERVICE_API_ROOT + ZGW_FORM_SERVICE_CLIENT_ID + ZGW_FORM_SERVICE_SECRET + ZGW_ZAAK_SERVICE_API_ROOT + ZGW_ZAAK_SERVICE_CLIENT_ID + ZGW_ZAAK_SERVICE_SECRET All settings: """"""""""""" :: - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS - ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT - ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID - ZGW_CONFIG_CATALOGI_SERVICE_SECRET - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY - ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT - ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID - ZGW_CONFIG_DOCUMENT_SERVICE_SECRET - ZGW_CONFIG_ENABLE - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN - ZGW_CONFIG_FORM_SERVICE_API_ROOT - ZGW_CONFIG_FORM_SERVICE_CLIENT_ID - ZGW_CONFIG_FORM_SERVICE_SECRET - ZGW_CONFIG_MAX_UPLOAD_SIZE - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN - ZGW_CONFIG_TITLE_TEXT - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - ZGW_CONFIG_ZAAK_SERVICE_API_ROOT - ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID - ZGW_CONFIG_ZAAK_SERVICE_SECRET - + ZGW_ACTION_REQUIRED_DEADLINE_DAYS + ZGW_ALLOWED_FILE_EXTENSIONS + ZGW_CATALOGI_SERVICE_API_ROOT + ZGW_CATALOGI_SERVICE_CLIENT_ID + ZGW_CATALOGI_SERVICE_SECRET + ZGW_DOCUMENT_MAX_CONFIDENTIALITY + ZGW_DOCUMENT_SERVICE_API_ROOT + ZGW_DOCUMENT_SERVICE_CLIENT_ID + ZGW_DOCUMENT_SERVICE_SECRET + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + ZGW_FORM_SERVICE_API_ROOT + ZGW_FORM_SERVICE_CLIENT_ID + ZGW_FORM_SERVICE_SECRET + ZGW_MAX_UPLOAD_SIZE + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + ZGW_TITLE_TEXT + ZGW_ZAAK_MAX_CONFIDENTIALITY + ZGW_ZAAK_SERVICE_API_ROOT + ZGW_ZAAK_SERVICE_CLIENT_ID + ZGW_ZAAK_SERVICE_SECRET Detailed Information ==================== :: - Variable ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + Variable ZGW_ACTION_REQUIRED_DEADLINE_DAYS Setting Standaard actie deadline termijn in dagen Description Aantal dagen voor gebruiker om actie te ondernemen. Possible values string representing an integer Default value 15 - Variable ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS + Variable ZGW_ALLOWED_FILE_EXTENSIONS Setting allowed file extensions Description Een lijst van toegestande bestandsextensies, alleen documentuploads met een van deze extensies worden toegelaten. Possible values string, comma-delimited ('foo,bar,baz') Default value bmp, doc, docx, gif, jpeg, jpg, msg, pdf, png, ppt, pptx, rtf, tiff, txt, vsd, xls, xlsx - Variable ZGW_CONFIG_CATALOGI_SERVICE_API_ROOT + Variable ZGW_CATALOGI_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CATALOGI_SERVICE_CLIENT_ID + Variable ZGW_CATALOGI_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_CATALOGI_SERVICE_SECRET + Variable ZGW_CATALOGI_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + Variable ZGW_DOCUMENT_MAX_CONFIDENTIALITY Setting Documenten vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde documenten van zaken Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim Default value openbaar - Variable ZGW_CONFIG_DOCUMENT_SERVICE_API_ROOT + Variable ZGW_DOCUMENT_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENT_SERVICE_CLIENT_ID + Variable ZGW_DOCUMENT_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_DOCUMENT_SERVICE_SECRET + Variable ZGW_DOCUMENT_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + Variable ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN Setting Inschakelen gepersonaliseerde Onderwerpen op basis van zaken Description Indien ingeschakeld dan worden (indien ingelogd met DigiD/eHerkenning) de getoonde onderwerpen op de Homepage bepaald op basis van de zaken van de gebruiker Possible values True, False Default value False - Variable ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + Variable ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN Setting Maak gebruik van het RSIN voor ophalen eHerkenning zaken Description Indien ingeschakeld dan wordt het RSIN van eHerkenning gebruikers gebruikt om de zaken op te halen. Indien uitgeschakeld dan wordt het KVK nummer gebruikt om de zaken op te halen. Open Zaak hanteert conform de ZGW API specificatie de RSIN, de eSuite maakt gebruik van het KVK nummer. Possible values True, False Default value False - Variable ZGW_CONFIG_FORM_SERVICE_API_ROOT + Variable ZGW_FORM_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_FORM_SERVICE_CLIENT_ID + Variable ZGW_FORM_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_FORM_SERVICE_SECRET + Variable ZGW_FORM_SERVICE_SECRET Setting secret Description No description Possible values string Default value No default - Variable ZGW_CONFIG_MAX_UPLOAD_SIZE + Variable ZGW_MAX_UPLOAD_SIZE Setting Maximale upload grootte (in MB) Description Documentuploads mogen maximaal dit aantal MB groot zijn, anders worden ze geweigerd. Possible values string representing a positive integer Default value 50 - Variable ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + Variable ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE Setting Converteer eSuite zaaknummers Description Schakel dit in om de zaaknummers van het interne eSuite format (ex: '0014ESUITE66392022') om te zetten naar een toegankelijkere notatie ('6639-2022'). Possible values True, False Default value False - Variable ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + Variable ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN Setting Maak gebruik van StatusType.informeren workaround (eSuite) Description Schakel dit in wanneer StatusType.informeren niet wordt ondersteund door de ZGW API waar deze omgeving aan is gekoppeld (zoals de eSuite ZGW API)Hierdoor is het verplicht om per zaaktype aan te geven wanneer een inwoner hier een notificatie van dient te krijgen. Possible values True, False Default value False - Variable ZGW_CONFIG_TITLE_TEXT + Variable ZGW_TITLE_TEXT Setting Titel tekst Description De titel/introductietekst getoond op de lijstweergave van 'Mijn aanvragen'. Possible values text (string) Default value Hier vindt u een overzicht van al uw lopende en afgeronde aanvragen. - Variable ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY + Variable ZGW_ZAAK_MAX_CONFIDENTIALITY Setting Zaak vertrouwelijkheid Description Selecteer de maximale vertrouwelijkheid van de getoonde zaken Possible values openbaar, beperkt_openbaar, intern, zaakvertrouwelijk, vertrouwelijk, confidentieel, geheim, zeer_geheim Default value openbaar - Variable ZGW_CONFIG_ZAAK_SERVICE_API_ROOT + Variable ZGW_ZAAK_SERVICE_API_ROOT Setting api root url Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_SERVICE_CLIENT_ID + Variable ZGW_ZAAK_SERVICE_CLIENT_ID Setting client id Description No description Possible values string Default value No default - Variable ZGW_CONFIG_ZAAK_SERVICE_SECRET + Variable ZGW_ZAAK_SERVICE_SECRET Setting secret Description No description Possible values string diff --git a/src/open_inwoner/conf/app/setup_configuration.py b/src/open_inwoner/conf/app/setup_configuration.py index 3785a90227..f78719c246 100644 --- a/src/open_inwoner/conf/app/setup_configuration.py +++ b/src/open_inwoner/conf/app/setup_configuration.py @@ -19,93 +19,87 @@ OIP_ORGANIZATION = config("OIP_ORGANIZATION", "") # ZGW configuration variables -ZGW_CONFIG_ENABLE = config("ZGW_CONFIG_ENABLE", default=True) -ZGW_CONFIG_ZAKEN_API_ROOT = config("ZGW_CONFIG_ZAKEN_API_ROOT", "") -if ZGW_CONFIG_ZAKEN_API_ROOT and not ZGW_CONFIG_ZAKEN_API_ROOT.endswith("/"): - ZGW_CONFIG_ZAKEN_API_ROOT = f"{ZGW_CONFIG_ZAKEN_API_ROOT.strip()}/" -ZGW_CONFIG_ZAKEN_OAS_URL = ZGW_CONFIG_ZAKEN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_ZAKEN_API_CLIENT_ID = config("ZGW_CONFIG_ZAKEN_API_CLIENT_ID", "") -ZGW_CONFIG_ZAKEN_API_SECRET = config("ZGW_CONFIG_ZAKEN_API_SECRET", "") -ZGW_CONFIG_CATALOGI_API_ROOT = config("ZGW_CONFIG_CATALOGI_API_ROOT", "") -if ZGW_CONFIG_CATALOGI_API_ROOT and not ZGW_CONFIG_CATALOGI_API_ROOT.endswith("/"): - ZGW_CONFIG_CATALOGI_API_ROOT = f"{ZGW_CONFIG_CATALOGI_API_ROOT.strip()}/" -ZGW_CONFIG_CATALOGI_OAS_URL = ZGW_CONFIG_CATALOGI_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_CATALOGI_API_CLIENT_ID = config("ZGW_CONFIG_CATALOGI_API_CLIENT_ID", "") -ZGW_CONFIG_CATALOGI_API_SECRET = config("ZGW_CONFIG_CATALOGI_API_SECRET", "") -ZGW_CONFIG_DOCUMENTEN_API_ROOT = config("ZGW_CONFIG_DOCUMENTEN_API_ROOT", "") -if ZGW_CONFIG_DOCUMENTEN_API_ROOT and not ZGW_CONFIG_DOCUMENTEN_API_ROOT.endswith("/"): - ZGW_CONFIG_DOCUMENTEN_API_ROOT = f"{ZGW_CONFIG_DOCUMENTEN_API_ROOT.strip()}/" -ZGW_CONFIG_DOCUMENTEN_OAS_URL = ZGW_CONFIG_DOCUMENTEN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID = config("ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID", "") -ZGW_CONFIG_DOCUMENTEN_API_SECRET = config("ZGW_CONFIG_DOCUMENTEN_API_SECRET", "") -ZGW_CONFIG_FORMULIEREN_API_ROOT = config("ZGW_CONFIG_FORMULIEREN_API_ROOT", "") -if ZGW_CONFIG_FORMULIEREN_API_ROOT and not ZGW_CONFIG_FORMULIEREN_API_ROOT.endswith( +ZGW_ENABLE = config("ZGW_ENABLE", default=True) +ZGW_ZAAK_SERVICE_API_ROOT = config("ZGW_ZAAK_SERVICE_API_ROOT", "") +if ZGW_ZAAK_SERVICE_API_ROOT and not ZGW_ZAAK_SERVICE_API_ROOT.endswith("/"): + ZGW_ZAAK_SERVICE_API_ROOT = f"{ZGW_ZAAK_SERVICE_API_ROOT.strip()}/" +ZGW_ZAKEN_OAS_URL = ZGW_ZAAK_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_ZAAK_SERVICE_API_CLIENT_ID = config("ZGW_ZAAK_SERVICE_API_CLIENT_ID", "") +ZGW_ZAAK_SERVICE_API_SECRET = config("ZGW_ZAAK_SERVICE_API_SECRET", "") +ZGW_CATALOGI_SERVICE_API_ROOT = config("ZGW_CATALOGI_SERVICE_API_ROOT", "") +if ZGW_CATALOGI_SERVICE_API_ROOT and not ZGW_CATALOGI_SERVICE_API_ROOT.endswith("/"): + ZGW_CATALOGI_SERVICE_API_ROOT = f"{ZGW_CATALOGI_SERVICE_API_ROOT.strip()}/" +ZGW_CATALOGI_OAS_URL = ZGW_CATALOGI_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_CATALOGI_SERVICE_API_CLIENT_ID = config("ZGW_CATALOGI_SERVICE_API_CLIENT_ID", "") +ZGW_CATALOGI_SERVICE_API_SECRET = config("ZGW_CATALOGI_SERVICE_API_SECRET", "") +ZGW_DOCUMENTEN_SERVICE_API_ROOT = config("ZGW_DOCUMENTEN_SERVICE_API_ROOT", "") +if ZGW_DOCUMENTEN_SERVICE_API_ROOT and not ZGW_DOCUMENTEN_SERVICE_API_ROOT.endswith( "/" ): - ZGW_CONFIG_FORMULIEREN_API_ROOT = f"{ZGW_CONFIG_FORMULIEREN_API_ROOT.strip()}/" -ZGW_CONFIG_FORMULIEREN_OAS_URL = ZGW_CONFIG_FORMULIEREN_API_ROOT # this is still required by the form, but not actually used -ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID = config( - "ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID", "" -) -ZGW_CONFIG_FORMULIEREN_API_SECRET = config("ZGW_CONFIG_FORMULIEREN_API_SECRET", "") + ZGW_DOCUMENTEN_SERVICE_API_ROOT = f"{ZGW_DOCUMENTEN_SERVICE_API_ROOT.strip()}/" +ZGW_DOCUMENTEN_OAS_URL = ZGW_DOCUMENTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID = config( + "ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID", "" +) +ZGW_DOCUMENTEN_SERVICE_API_SECRET = config("ZGW_DOCUMENTEN_SERVICE_API_SECRET", "") +ZGW_FORM_SERVICE_API_ROOT = config("ZGW_FORM_SERVICE_API_ROOT", "") +if ZGW_FORM_SERVICE_API_ROOT and not ZGW_FORM_SERVICE_API_ROOT.endswith("/"): + ZGW_FORM_SERVICE_API_ROOT = f"{ZGW_FORM_SERVICE_API_ROOT.strip()}/" +ZGW_FORMULIEREN_OAS_URL = ZGW_FORM_SERVICE_API_ROOT # this is still required by the form, but not actually used +ZGW_FORM_SERVICE_API_CLIENT_ID = config("ZGW_FORM_SERVICE_API_CLIENT_ID", "") +ZGW_FORM_SERVICE_API_SECRET = config("ZGW_FORM_SERVICE_API_SECRET", "") # ZGW config options -ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY = config( - "ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY", None -) -ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY = config( - "ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY", None -) -ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS = config("ACTION_REQUIRED_DEADLINE_DAYS", None) -ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS = config("ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS", None) -ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT = config( - "ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT", None +ZGW_ZAAK_MAX_CONFIDENTIALITY = config("ZGW_ZAAK_MAX_CONFIDENTIALITY", None) +ZGW_DOCUMENT_MAX_CONFIDENTIALITY = config("ZGW_DOCUMENT_MAX_CONFIDENTIALITY", None) +ZGW_ACTION_REQUIRED_DEADLINE_DAYS = config("ACTION_REQUIRED_DEADLINE_DAYS", None) +ZGW_ALLOWED_FILE_EXTENSIONS = config("ZGW_ALLOWED_FILE_EXTENSIONS", None) +ZGW_MIJN_AANVRAGEN_TITLE_TEXT = config("ZGW_MIJN_AANVRAGEN_TITLE_TEXT", None) +ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN = config( + "ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN", None ) -ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN = config( - "ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN", None +ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN = config( + "ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN", None ) -ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN = config( - "ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN", None +ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE = config( + "ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE", None ) -ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE = config( - "ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE", None -) -ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN = config( - "ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN", None +ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN = config( + "ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN", None ) # KIC configuration variables -KIC_CONFIG_ENABLE = config("KIC_CONFIG_ENABLE", default=True) -KIC_CONFIG_KLANTEN_API_ROOT = config("KIC_CONFIG_KLANTEN_API_ROOT", "") -if KIC_CONFIG_KLANTEN_API_ROOT and not KIC_CONFIG_KLANTEN_API_ROOT.endswith("/"): - KIC_CONFIG_KLANTEN_API_ROOT = f"{KIC_CONFIG_KLANTEN_API_ROOT.strip()}/" -KIC_CONFIG_KLANTEN_OAS_URL = KIC_CONFIG_KLANTEN_API_ROOT # this is still required by the form, but not actually used -KIC_CONFIG_KLANTEN_API_CLIENT_ID = config("KIC_CONFIG_KLANTEN_API_CLIENT_ID", "") -KIC_CONFIG_KLANTEN_API_SECRET = config("KIC_CONFIG_KLANTEN_API_SECRET", "") -KIC_CONFIG_CONTACTMOMENTEN_API_ROOT = config("KIC_CONFIG_CONTACTMOMENTEN_API_ROOT", "") +KIC_ENABLE = config("KIC_ENABLE", default=True) +KIC_KLANTEN_SERVICE_API_ROOT = config("KIC_KLANTEN_SERVICE_API_ROOT", "") +if KIC_KLANTEN_SERVICE_API_ROOT and not KIC_KLANTEN_SERVICE_API_ROOT.endswith("/"): + KIC_KLANTEN_SERVICE_API_ROOT = f"{KIC_KLANTEN_SERVICE_API_ROOT.strip()}/" +KIC_KLANTEN_OAS_URL = KIC_KLANTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +KIC_KLANTEN_SERVICE_API_CLIENT_ID = config("KIC_KLANTEN_SERVICE_API_CLIENT_ID", "") +KIC_KLANTEN_SERVICE_API_SECRET = config("KIC_KLANTEN_SERVICE_API_SECRET", "") +KIC_CONTACTMOMENTEN_SERVICE_API_ROOT = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_ROOT", "" +) if ( - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT - and not KIC_CONFIG_CONTACTMOMENTEN_API_ROOT.endswith("/") + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT + and not KIC_CONTACTMOMENTEN_SERVICE_API_ROOT.endswith("/") ): - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT = ( - f"{KIC_CONFIG_CONTACTMOMENTEN_API_ROOT.strip()}/" + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT = ( + f"{KIC_CONTACTMOMENTEN_SERVICE_API_ROOT.strip()}/" ) -KIC_CONFIG_CONTACTMOMENTEN_OAS_URL = KIC_CONFIG_CONTACTMOMENTEN_API_ROOT # this is still required by the form, but not actually used -KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID = config( - "KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID", "" -) -KIC_CONFIG_CONTACTMOMENTEN_API_SECRET = config( - "KIC_CONFIG_CONTACTMOMENTEN_API_SECRET", "" -) -KIC_CONFIG_REGISTER_EMAIL = config("KIC_CONFIG_REGISTER_EMAIL", None) -KIC_CONFIG_REGISTER_CONTACT_MOMENT = config("KIC_CONFIG_REGISTER_CONTACT_MOMENT", None) -KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN = config( - "KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN", None -) -KIC_CONFIG_REGISTER_CHANNEL = config("KIC_CONFIG_REGISTER_CHANNEL", None) -KIC_CONFIG_REGISTER_TYPE = config("KIC_CONFIG_REGISTER_TYPE", None) -KIC_CONFIG_REGISTER_EMPLOYEE_ID = config("KIC_CONFIG_REGISTER_EMPLOYEE_ID", None) -KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER = config( - "KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER", None +KIC_CONTACTMOMENTEN_OAS_URL = KIC_CONTACTMOMENTEN_SERVICE_API_ROOT # this is still required by the form, but not actually used +KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID", "" +) +KIC_CONTACTMOMENTEN_SERVICE_API_SECRET = config( + "KIC_CONTACTMOMENTEN_SERVICE_API_SECRET", "" +) +KIC_REGISTER_EMAIL = config("KIC_REGISTER_EMAIL", None) +KIC_REGISTER_CONTACT_MOMENT = config("KIC_REGISTER_CONTACT_MOMENT", None) +KIC_REGISTER_BRONORGANISATIE_RSIN = config("KIC_REGISTER_BRONORGANISATIE_RSIN", None) +KIC_REGISTER_CHANNEL = config("KIC_REGISTER_CHANNEL", None) +KIC_REGISTER_TYPE = config("KIC_REGISTER_TYPE", None) +KIC_REGISTER_EMPLOYEE_ID = config("KIC_REGISTER_EMPLOYEE_ID", None) +KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER = config( + "KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER", None ) diff --git a/src/open_inwoner/configurations/bootstrap/base.py b/src/open_inwoner/configurations/bootstrap/base.py index 4262ca9632..71b6196fce 100644 --- a/src/open_inwoner/configurations/bootstrap/base.py +++ b/src/open_inwoner/configurations/bootstrap/base.py @@ -10,7 +10,7 @@ from .choices import BasicFieldDescription -@dataclass(frozen=True, eq=True) +@dataclass(frozen=True, slots=True) class ConfigField: name: str verbose_name: str @@ -92,7 +92,11 @@ def get_example_values(field: models.Field) -> str: case _: return "No information available" - def get_model_fields(self, model) -> Iterator[models.Field]: + def get_concrete_model_fields(self, model) -> Iterator[models.Field]: + """ + Get all concrete fields for a given `model`, skipping over backreferences like + `OneToOneRel` and fields that are blacklisted + """ return ( field for field in model._meta.concrete_fields @@ -108,14 +112,14 @@ def create_config_fields( relating_field: models.Field | None = None, ) -> None: """ - Create a `ConfigField` instance for each field of the provided `model` and - add it to `all_fields` and `required_fields` + Create a `ConfigField` instance for each field of the given `model` and + add it to `self.fields.all` and `self.fields.required` - Basic fields provided the base case, relations (`ForeignKey`, `OneToOneField`) - are handled recursively + Basic fields (`CharField`, `IntegerField` etc) constitute the base case, + relations (`ForeignKey`, `OneToOneField`) are handled recursively """ - model_fields = self.get_model_fields(model) + model_fields = self.get_concrete_model_fields(model) for model_field in model_fields: if isinstance(model_field, (ForeignKey, OneToOneField)): diff --git a/src/open_inwoner/configurations/bootstrap/kic.py b/src/open_inwoner/configurations/bootstrap/kic.py index fab1f6bac0..919ff91c8f 100644 --- a/src/open_inwoner/configurations/bootstrap/kic.py +++ b/src/open_inwoner/configurations/bootstrap/kic.py @@ -16,7 +16,7 @@ class KICConfigurationSettings(ConfigSettingsBase): model = OpenKlantConfig display_name = "Klanten Configuration" - namespace = "KIC_CONFIG" + namespace = "KIC" required_fields = ( "contactmomenten_service_client_id", "contactmomenten_service_secret", @@ -48,15 +48,15 @@ class KlantenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Klanten API configuration" required_settings = [ - "KIC_CONFIG_KLANTEN_API_ROOT", - "KIC_CONFIG_KLANTEN_API_CLIENT_ID", - "KIC_CONFIG_KLANTEN_API_SECRET", + "KIC_KLANTEN_SERVICE_API_ROOT", + "KIC_KLANTEN_SERVICE_API_CLIENT_ID", + "KIC_KLANTEN_SERVICE_API_SECRET", ] - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -64,15 +64,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT, + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT, defaults={ "label": "Klanten API", "api_type": APITypes.kc, - "oas": settings.KIC_CONFIG_KLANTEN_API_ROOT, + "oas": settings.KIC_KLANTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.KIC_CONFIG_KLANTEN_API_CLIENT_ID, - "secret": settings.KIC_CONFIG_KLANTEN_API_SECRET, - "user_id": settings.KIC_CONFIG_KLANTEN_API_CLIENT_ID, + "client_id": settings.KIC_KLANTEN_SERVICE_API_CLIENT_ID, + "secret": settings.KIC_KLANTEN_SERVICE_API_SECRET, + "user_id": settings.KIC_KLANTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -90,15 +90,15 @@ class ContactmomentenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Contactmomenten API configuration" required_settings = [ - "KIC_CONFIG_CONTACTMOMENTEN_API_ROOT", - "KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID", - "KIC_CONFIG_CONTACTMOMENTEN_API_SECRET", + "KIC_CONTACTMOMENTEN_SERVICE_API_ROOT", + "KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID", + "KIC_CONTACTMOMENTEN_SERVICE_API_SECRET", ] - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -106,15 +106,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT, + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT, defaults={ "label": "Contactmomenten API", "api_type": APITypes.cmc, - "oas": settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT, + "oas": settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID, - "secret": settings.KIC_CONFIG_CONTACTMOMENTEN_API_SECRET, - "user_id": settings.KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID, + "client_id": settings.KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID, + "secret": settings.KIC_CONTACTMOMENTEN_SERVICE_API_SECRET, + "user_id": settings.KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -131,7 +131,7 @@ class KICAPIsConfigurationStep(BaseConfigurationStep): """ verbose_name = "Klantinteractie APIs configuration" - enable_setting = "KIC_CONFIG_ENABLE" + enable_setting = "KIC_ENABLE" def is_configured(self) -> bool: kic_config = OpenKlantConfig.get_solo() @@ -142,29 +142,29 @@ def is_configured(self) -> bool: def configure(self): config = OpenKlantConfig.get_solo() config.klanten_service = Service.objects.get( - api_root=settings.KIC_CONFIG_KLANTEN_API_ROOT + api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT ) config.contactmomenten_service = Service.objects.get( - api_root=settings.KIC_CONFIG_CONTACTMOMENTEN_API_ROOT + api_root=settings.KIC_CONTACTMOMENTEN_SERVICE_API_ROOT ) - if settings.KIC_CONFIG_REGISTER_EMAIL: - config.register_email = settings.KIC_CONFIG_REGISTER_EMAIL - if settings.KIC_CONFIG_REGISTER_CONTACT_MOMENT is not None: - config.register_contact_moment = settings.KIC_CONFIG_REGISTER_CONTACT_MOMENT - if settings.KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN: + if settings.KIC_REGISTER_EMAIL: + config.register_email = settings.KIC_REGISTER_EMAIL + if settings.KIC_REGISTER_CONTACT_MOMENT is not None: + config.register_contact_moment = settings.KIC_REGISTER_CONTACT_MOMENT + if settings.KIC_REGISTER_BRONORGANISATIE_RSIN: config.register_bronorganisatie_rsin = ( - settings.KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN + settings.KIC_REGISTER_BRONORGANISATIE_RSIN ) - if settings.KIC_CONFIG_REGISTER_CHANNEL: - config.register_channel = settings.KIC_CONFIG_REGISTER_CHANNEL - if settings.KIC_CONFIG_REGISTER_TYPE: - config.register_type = settings.KIC_CONFIG_REGISTER_TYPE - if settings.KIC_CONFIG_REGISTER_EMPLOYEE_ID: - config.register_employee_id = settings.KIC_CONFIG_REGISTER_EMPLOYEE_ID - if settings.KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER is not None: + if settings.KIC_REGISTER_CHANNEL: + config.register_channel = settings.KIC_REGISTER_CHANNEL + if settings.KIC_REGISTER_TYPE: + config.register_type = settings.KIC_REGISTER_TYPE + if settings.KIC_REGISTER_EMPLOYEE_ID: + config.register_employee_id = settings.KIC_REGISTER_EMPLOYEE_ID + if settings.KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER is not None: config.use_rsin_for_innNnpId_query_parameter = ( - settings.KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER + settings.KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER ) config.save() diff --git a/src/open_inwoner/configurations/bootstrap/registry.py b/src/open_inwoner/configurations/bootstrap/registry.py index 8b3931afca..ed065f0c62 100644 --- a/src/open_inwoner/configurations/bootstrap/registry.py +++ b/src/open_inwoner/configurations/bootstrap/registry.py @@ -5,20 +5,20 @@ AdminOIDCConfigurationSettings, DigiDOIDCConfigurationSettings, DigiDSAMLConfigurationSettings, - eHerkenningSAMLConfigurationSettings, eHerkenningOIDCConfigurationSettings, + eHerkenningSAMLConfigurationSettings, ) from .kic import KICConfigurationSettings from .siteconfig import SiteConfigurationSettings from .zgw import ZGWConfigurationSettings - ConfigSetting: TypeAlias = ( SiteConfigurationSettings | KICConfigurationSettings | ZGWConfigurationSettings | AdminOIDCConfigurationSettings | DigiDOIDCConfigurationSettings + | DigiDSAMLConfigurationSettings | eHerkenningOIDCConfigurationSettings | eHerkenningSAMLConfigurationSettings ) diff --git a/src/open_inwoner/configurations/bootstrap/zgw.py b/src/open_inwoner/configurations/bootstrap/zgw.py index 2be71d2c14..43b53531cb 100644 --- a/src/open_inwoner/configurations/bootstrap/zgw.py +++ b/src/open_inwoner/configurations/bootstrap/zgw.py @@ -16,7 +16,7 @@ class ZGWConfigurationSettings(ConfigSettingsBase): model = OpenZaakConfig display_name = "ZGW Configuration" - namespace = "ZGW_CONFIG" + namespace = "ZGW" required_fields = ( "catalogi_service_client_id", "catalogi_service_secret", @@ -52,15 +52,15 @@ class ZakenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Zaken API configuration" required_settings = [ - "ZGW_CONFIG_ZAKEN_API_ROOT", - "ZGW_CONFIG_ZAKEN_API_CLIENT_ID", - "ZGW_CONFIG_ZAKEN_API_SECRET", + "ZGW_ZAAK_SERVICE_API_ROOT", + "ZGW_ZAAK_SERVICE_API_CLIENT_ID", + "ZGW_ZAAK_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT ).exists() def configure(self): @@ -68,15 +68,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT, + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT, defaults={ "label": "Zaken API", "api_type": APITypes.zrc, - "oas": settings.ZGW_CONFIG_ZAKEN_API_ROOT, + "oas": settings.ZGW_ZAAK_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_ZAKEN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_ZAKEN_API_SECRET, - "user_id": settings.ZGW_CONFIG_ZAKEN_API_CLIENT_ID, + "client_id": settings.ZGW_ZAAK_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_ZAAK_SERVICE_API_SECRET, + "user_id": settings.ZGW_ZAAK_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -94,15 +94,15 @@ class CatalogiAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Catalogi API configuration" required_settings = [ - "ZGW_CONFIG_CATALOGI_API_ROOT", - "ZGW_CONFIG_CATALOGI_API_CLIENT_ID", - "ZGW_CONFIG_CATALOGI_API_SECRET", + "ZGW_CATALOGI_SERVICE_API_ROOT", + "ZGW_CATALOGI_SERVICE_API_CLIENT_ID", + "ZGW_CATALOGI_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT ).exists() def configure(self): @@ -110,15 +110,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT, + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT, defaults={ "label": "Catalogi API", "api_type": APITypes.ztc, - "oas": settings.ZGW_CONFIG_CATALOGI_API_ROOT, + "oas": settings.ZGW_CATALOGI_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_CATALOGI_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_CATALOGI_API_SECRET, - "user_id": settings.ZGW_CONFIG_CATALOGI_API_CLIENT_ID, + "client_id": settings.ZGW_CATALOGI_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_CATALOGI_SERVICE_API_SECRET, + "user_id": settings.ZGW_CATALOGI_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -136,15 +136,15 @@ class DocumentenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Documenten API configuration" required_settings = [ - "ZGW_CONFIG_DOCUMENTEN_API_ROOT", - "ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID", - "ZGW_CONFIG_DOCUMENTEN_API_SECRET", + "ZGW_DOCUMENTEN_SERVICE_API_ROOT", + "ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID", + "ZGW_DOCUMENTEN_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT ).exists() def configure(self): @@ -152,15 +152,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT, + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT, defaults={ "label": "Documenten API", "api_type": APITypes.drc, - "oas": settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT, + "oas": settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_DOCUMENTEN_API_SECRET, - "user_id": settings.ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID, + "client_id": settings.ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_DOCUMENTEN_SERVICE_API_SECRET, + "user_id": settings.ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -178,15 +178,15 @@ class FormulierenAPIConfigurationStep(BaseConfigurationStep): verbose_name = "Formulieren APIs configuration" required_settings = [ - "ZGW_CONFIG_FORMULIEREN_API_ROOT", - "ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID", - "ZGW_CONFIG_FORMULIEREN_API_SECRET", + "ZGW_FORM_SERVICE_API_ROOT", + "ZGW_FORM_SERVICE_API_CLIENT_ID", + "ZGW_FORM_SERVICE_API_SECRET", ] - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: return Service.objects.filter( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT + api_root=settings.ZGW_FORM_SERVICE_API_ROOT ).exists() def configure(self): @@ -194,15 +194,15 @@ def configure(self): org_label = f"Open Inwoner {organization}".strip() Service.objects.update_or_create( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT, + api_root=settings.ZGW_FORM_SERVICE_API_ROOT, defaults={ "label": "Formulieren API", "api_type": APITypes.orc, - "oas": settings.ZGW_CONFIG_FORMULIEREN_API_ROOT, + "oas": settings.ZGW_FORM_SERVICE_API_ROOT, "auth_type": AuthTypes.zgw, - "client_id": settings.ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID, - "secret": settings.ZGW_CONFIG_FORMULIEREN_API_SECRET, - "user_id": settings.ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID, + "client_id": settings.ZGW_FORM_SERVICE_API_CLIENT_ID, + "secret": settings.ZGW_FORM_SERVICE_API_SECRET, + "user_id": settings.ZGW_FORM_SERVICE_API_CLIENT_ID, "user_representation": org_label, }, ) @@ -219,7 +219,7 @@ class ZGWAPIsConfigurationStep(BaseConfigurationStep): """ verbose_name = "ZGW APIs configuration" - enable_setting = "ZGW_CONFIG_ENABLE" + enable_setting = "ZGW_ENABLE" def is_configured(self) -> bool: zgw_config = OpenZaakConfig.get_solo() @@ -233,54 +233,52 @@ def is_configured(self) -> bool: def configure(self): config = OpenZaakConfig.get_solo() config.zaak_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_ZAKEN_API_ROOT + api_root=settings.ZGW_ZAAK_SERVICE_API_ROOT ) config.catalogi_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_CATALOGI_API_ROOT + api_root=settings.ZGW_CATALOGI_SERVICE_API_ROOT ) config.document_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_DOCUMENTEN_API_ROOT + api_root=settings.ZGW_DOCUMENTEN_SERVICE_API_ROOT ) config.form_service = Service.objects.get( - api_root=settings.ZGW_CONFIG_FORMULIEREN_API_ROOT + api_root=settings.ZGW_FORM_SERVICE_API_ROOT ) # General config options - if settings.ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY: - config.zaak_max_confidentiality = ( - settings.ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY - ) - if settings.ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY: + if settings.ZGW_ZAAK_MAX_CONFIDENTIALITY: + config.zaak_max_confidentiality = settings.ZGW_ZAAK_MAX_CONFIDENTIALITY + if settings.ZGW_DOCUMENT_MAX_CONFIDENTIALITY: config.document_max_confidentiality = ( - settings.ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY + settings.ZGW_DOCUMENT_MAX_CONFIDENTIALITY ) - if settings.ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS: + if settings.ZGW_ACTION_REQUIRED_DEADLINE_DAYS: config.action_required_deadline_days = ( - settings.ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS + settings.ZGW_ACTION_REQUIRED_DEADLINE_DAYS ) - if settings.ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS: - config.allowed_file_extensions = settings.ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS - if settings.ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT: - config.title_text = settings.ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT + if settings.ZGW_ALLOWED_FILE_EXTENSIONS: + config.allowed_file_extensions = settings.ZGW_ALLOWED_FILE_EXTENSIONS + if settings.ZGW_MIJN_AANVRAGEN_TITLE_TEXT: + config.title_text = settings.ZGW_MIJN_AANVRAGEN_TITLE_TEXT # Feature flags - if settings.ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN is not None: + if settings.ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN is not None: config.enable_categories_filtering_with_zaken = ( - settings.ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN + settings.ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN ) # eSuite specific options - if settings.ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN is not None: + if settings.ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN is not None: config.skip_notification_statustype_informeren = ( - settings.ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN + settings.ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN ) - if settings.ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE is not None: + if settings.ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE is not None: config.reformat_esuite_zaak_identificatie = ( - settings.ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE + settings.ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE ) - if settings.ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN is not None: + if settings.ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN is not None: config.fetch_eherkenning_zaken_with_rsin = ( - settings.ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN + settings.ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN ) config.save() diff --git a/src/open_inwoner/configurations/management/commands/generate_config_docs.py b/src/open_inwoner/configurations/management/commands/generate_config_docs.py index 6ee5ad14a7..a73ece97f8 100644 --- a/src/open_inwoner/configurations/management/commands/generate_config_docs.py +++ b/src/open_inwoner/configurations/management/commands/generate_config_docs.py @@ -68,14 +68,13 @@ def generate_single_doc(self, config_option: str) -> None: all_settings = [ config.get_setting_name(field) for field in config.config_fields.all ] - # enable setting is not related to any model field - all_settings.append(f"{config.namespace}_ENABLE") all_settings.sort() detailed_info = self.get_detailed_info(config) detailed_info.sort() template_variables = { + "enable_settings": f"{config.namespace}_CONFIG_ENABLE", "required_settings": required_settings, "all_settings": all_settings, "detailed_info": detailed_info, diff --git a/src/open_inwoner/configurations/templates/configurations/config_doc.rst b/src/open_inwoner/configurations/templates/configurations/config_doc.rst index 59e7b07e04..b9de9c5833 100644 --- a/src/open_inwoner/configurations/templates/configurations/config_doc.rst +++ b/src/open_inwoner/configurations/templates/configurations/config_doc.rst @@ -5,6 +5,15 @@ Settings Overview ================= +Enable/Disable configuration: +""""""""""""""""""""""""""""" + +:: + + {% spaceless %} + {{ enable_settings }} + {% endspaceless %} + Required: """"""""" @@ -15,7 +24,6 @@ Required: {% endfor %} {% endspaceless %} - All settings: """"""""""""" @@ -26,7 +34,6 @@ All settings: {% endfor %} {% endspaceless %} - Detailed Information ==================== diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py index 45af19e919..4cc2c0c94e 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_kic_config.py @@ -12,25 +12,25 @@ KlantenAPIConfigurationStep, ) -KLANTEN_API_ROOT = "https://openklant.local/klanten/api/v1/" -CONTACTMOMENTEN_API_ROOT = "https://openklant.local/contactmomenten/api/v1/" +KLANTEN_SERVICE_API_ROOT = "https://openklant.local/klanten/api/v1/" +CONTACTMOMENTEN_SERVICE_API_ROOT = "https://openklant.local/contactmomenten/api/v1/" @override_settings( OIP_ORGANIZATION="Maykin", - KIC_CONFIG_KLANTEN_API_ROOT=KLANTEN_API_ROOT, - KIC_CONFIG_KLANTEN_API_CLIENT_ID="open-inwoner-test", - KIC_CONFIG_KLANTEN_API_SECRET="klanten-secret", - KIC_CONFIG_CONTACTMOMENTEN_API_ROOT=CONTACTMOMENTEN_API_ROOT, - KIC_CONFIG_CONTACTMOMENTEN_API_CLIENT_ID="open-inwoner-test", - KIC_CONFIG_CONTACTMOMENTEN_API_SECRET="contactmomenten-secret", - KIC_CONFIG_REGISTER_EMAIL="admin@oip.org", - KIC_CONFIG_REGISTER_CONTACT_MOMENT=True, - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN="837194569", - KIC_CONFIG_REGISTER_CHANNEL="email", - KIC_CONFIG_REGISTER_TYPE="bericht", - KIC_CONFIG_REGISTER_EMPLOYEE_ID="1234", - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=True, + KIC_KLANTEN_SERVICE_API_ROOT=KLANTEN_SERVICE_API_ROOT, + KIC_KLANTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + KIC_KLANTEN_SERVICE_API_SECRET="klanten-secret", + KIC_CONTACTMOMENTEN_SERVICE_API_ROOT=CONTACTMOMENTEN_SERVICE_API_ROOT, + KIC_CONTACTMOMENTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + KIC_CONTACTMOMENTEN_SERVICE_API_SECRET="contactmomenten-secret", + KIC_REGISTER_EMAIL="admin@oip.org", + KIC_REGISTER_CONTACT_MOMENT=True, + KIC_REGISTER_BRONORGANISATIE_RSIN="837194569", + KIC_REGISTER_CHANNEL="email", + KIC_REGISTER_TYPE="bericht", + KIC_REGISTER_EMPLOYEE_ID="1234", + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=True, ) class KICConfigurationTests(TestCase): def test_configure(self): @@ -44,10 +44,12 @@ def test_configure(self): klanten_service = config.klanten_service contactmomenten_service = config.contactmomenten_service - self.assertEqual(klanten_service.api_root, KLANTEN_API_ROOT) + self.assertEqual(klanten_service.api_root, KLANTEN_SERVICE_API_ROOT) self.assertEqual(klanten_service.client_id, "open-inwoner-test") self.assertEqual(klanten_service.secret, "klanten-secret") - self.assertEqual(contactmomenten_service.api_root, CONTACTMOMENTEN_API_ROOT) + self.assertEqual( + contactmomenten_service.api_root, CONTACTMOMENTEN_SERVICE_API_ROOT + ) self.assertEqual(contactmomenten_service.client_id, "open-inwoner-test") self.assertEqual(contactmomenten_service.secret, "contactmomenten-secret") @@ -61,13 +63,13 @@ def test_configure(self): @override_settings( OIP_ORGANIZATION=None, - KIC_CONFIG_REGISTER_EMAIL=None, - KIC_CONFIG_REGISTER_CONTACT_MOMENT=None, - KIC_CONFIG_REGISTER_BRONORGANISATIE_RSIN=None, - KIC_CONFIG_REGISTER_CHANNEL=None, - KIC_CONFIG_REGISTER_TYPE=None, - KIC_CONFIG_REGISTER_EMPLOYEE_ID=None, - KIC_CONFIG_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=None, + KIC_REGISTER_EMAIL=None, + KIC_REGISTER_CONTACT_MOMENT=None, + KIC_REGISTER_BRONORGANISATIE_RSIN=None, + KIC_REGISTER_CHANNEL=None, + KIC_REGISTER_TYPE=None, + KIC_REGISTER_EMPLOYEE_ID=None, + KIC_USE_RSIN_FOR_INNNNPID_QUERY_PARAMETER=None, ) def test_configure_use_defaults(self): KlantenAPIConfigurationStep().configure() @@ -80,10 +82,12 @@ def test_configure_use_defaults(self): klanten_service = config.klanten_service contactmomenten_service = config.contactmomenten_service - self.assertEqual(klanten_service.api_root, KLANTEN_API_ROOT) + self.assertEqual(klanten_service.api_root, KLANTEN_SERVICE_API_ROOT) self.assertEqual(klanten_service.client_id, "open-inwoner-test") self.assertEqual(klanten_service.secret, "klanten-secret") - self.assertEqual(contactmomenten_service.api_root, CONTACTMOMENTEN_API_ROOT) + self.assertEqual( + contactmomenten_service.api_root, CONTACTMOMENTEN_SERVICE_API_ROOT + ) self.assertEqual(contactmomenten_service.client_id, "open-inwoner-test") self.assertEqual(contactmomenten_service.secret, "contactmomenten-secret") @@ -103,8 +107,8 @@ def test_configuration_check_ok(self, m): configuration.configure() - m.get(f"{KLANTEN_API_ROOT}klanten", json=[]) - m.get(f"{CONTACTMOMENTEN_API_ROOT}contactmomenten", json=[]) + m.get(f"{KLANTEN_SERVICE_API_ROOT}klanten", json=[]) + m.get(f"{CONTACTMOMENTEN_SERVICE_API_ROOT}contactmomenten", json=[]) configuration.test_configuration() @@ -112,11 +116,11 @@ def test_configuration_check_ok(self, m): self.assertEqual( status_request.url, - f"{KLANTEN_API_ROOT}klanten?subjectNatuurlijkPersoon__inpBsn=000000000", + f"{KLANTEN_SERVICE_API_ROOT}klanten?subjectNatuurlijkPersoon__inpBsn=000000000", ) self.assertEqual( zaaktype_request.url, - f"{CONTACTMOMENTEN_API_ROOT}contactmomenten?identificatie=00000", + f"{CONTACTMOMENTEN_SERVICE_API_ROOT}contactmomenten?identificatie=00000", ) @requests_mock.Mocker() @@ -135,7 +139,7 @@ def test_configuration_check_failures(self, m): ) for mock_config in mock_kwargs: with self.subTest(mock=mock_config): - m.get(f"{KLANTEN_API_ROOT}klanten", **mock_config) + m.get(f"{KLANTEN_SERVICE_API_ROOT}klanten", **mock_config) with self.assertRaises(SelfTestFailed): configuration.test_configuration() diff --git a/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py b/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py index 87e202b987..4d7acc62a9 100644 --- a/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py +++ b/src/open_inwoner/configurations/tests/bootstrap/test_setup_zgw_config.py @@ -19,35 +19,35 @@ ZGWAPIsConfigurationStep, ) -ZAKEN_API_ROOT = "https://openzaak.local/zaken/api/v1/" -CATALOGI_API_ROOT = "https://openzaak.local/catalogi/api/v1/" -DOCUMENTEN_API_ROOT = "https://openzaak.local/documenten/api/v1/" -FORMULIEREN_API_ROOT = "https://esuite.local.net/formulieren-provider/api/v1/" +ZAAK_SERVICE_API_ROOT = "https://openzaak.local/zaken/api/v1/" +CATALOGI_SERVICE_API_ROOT = "https://openzaak.local/catalogi/api/v1/" +DOCUMENTEN_SERVICE_API_ROOT = "https://openzaak.local/documenten/api/v1/" +FORM_SERVICE_API_ROOT = "https://esuite.local.net/formulieren-provider/api/v1/" @override_settings( OIP_ORGANIZATION="Maykin", - ZGW_CONFIG_ZAKEN_API_ROOT=ZAKEN_API_ROOT, - ZGW_CONFIG_ZAKEN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_ZAKEN_API_SECRET="zaken-secret", - ZGW_CONFIG_CATALOGI_API_ROOT=CATALOGI_API_ROOT, - ZGW_CONFIG_CATALOGI_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_CATALOGI_API_SECRET="catalogi-secret", - ZGW_CONFIG_DOCUMENTEN_API_ROOT=DOCUMENTEN_API_ROOT, - ZGW_CONFIG_DOCUMENTEN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_DOCUMENTEN_API_SECRET="documenten-secret", - ZGW_CONFIG_FORMULIEREN_API_ROOT=FORMULIEREN_API_ROOT, - ZGW_CONFIG_FORMULIEREN_API_CLIENT_ID="open-inwoner-test", - ZGW_CONFIG_FORMULIEREN_API_SECRET="forms-secret", - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.vertrouwelijk, - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.zaakvertrouwelijk, - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=12, - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS=[".pdf", ".txt"], - ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT="title text", - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=True, - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=True, - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=True, - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=True, + ZGW_ZAAK_SERVICE_API_ROOT=ZAAK_SERVICE_API_ROOT, + ZGW_ZAAK_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_ZAAK_SERVICE_API_SECRET="zaken-secret", + ZGW_CATALOGI_SERVICE_API_ROOT=CATALOGI_SERVICE_API_ROOT, + ZGW_CATALOGI_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_CATALOGI_SERVICE_API_SECRET="catalogi-secret", + ZGW_DOCUMENTEN_SERVICE_API_ROOT=DOCUMENTEN_SERVICE_API_ROOT, + ZGW_DOCUMENTEN_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_DOCUMENTEN_SERVICE_API_SECRET="documenten-secret", + ZGW_FORM_SERVICE_API_ROOT=FORM_SERVICE_API_ROOT, + ZGW_FORM_SERVICE_API_CLIENT_ID="open-inwoner-test", + ZGW_FORM_SERVICE_API_SECRET="forms-secret", + ZGW_ZAAK_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.vertrouwelijk, + ZGW_DOCUMENT_MAX_CONFIDENTIALITY=VertrouwelijkheidsAanduidingen.zaakvertrouwelijk, + ZGW_ACTION_REQUIRED_DEADLINE_DAYS=12, + ZGW_ALLOWED_FILE_EXTENSIONS=[".pdf", ".txt"], + ZGW_MIJN_AANVRAGEN_TITLE_TEXT="title text", + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=True, + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=True, + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=True, + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=True, ) class ZGWConfigurationTests(TestCase): def test_configure(self): @@ -65,16 +65,16 @@ def test_configure(self): document_service = config.document_service form_service = config.form_service - self.assertEqual(zaak_service.api_root, ZAKEN_API_ROOT) + self.assertEqual(zaak_service.api_root, ZAAK_SERVICE_API_ROOT) self.assertEqual(zaak_service.client_id, "open-inwoner-test") self.assertEqual(zaak_service.secret, "zaken-secret") - self.assertEqual(catalogi_service.api_root, CATALOGI_API_ROOT) + self.assertEqual(catalogi_service.api_root, CATALOGI_SERVICE_API_ROOT) self.assertEqual(catalogi_service.client_id, "open-inwoner-test") self.assertEqual(catalogi_service.secret, "catalogi-secret") - self.assertEqual(document_service.api_root, DOCUMENTEN_API_ROOT) + self.assertEqual(document_service.api_root, DOCUMENTEN_SERVICE_API_ROOT) self.assertEqual(document_service.client_id, "open-inwoner-test") self.assertEqual(document_service.secret, "documenten-secret") - self.assertEqual(form_service.api_root, FORMULIEREN_API_ROOT) + self.assertEqual(form_service.api_root, FORM_SERVICE_API_ROOT) self.assertEqual(form_service.client_id, "open-inwoner-test") self.assertEqual(form_service.secret, "forms-secret") @@ -96,15 +96,15 @@ def test_configure(self): @override_settings( OIP_ORGANIZATION=None, - ZGW_CONFIG_ZAAK_MAX_CONFIDENTIALITY=None, - ZGW_CONFIG_DOCUMENT_MAX_CONFIDENTIALITY=None, - ZGW_CONFIG_ACTION_REQUIRED_DEADLINE_DAYS=None, - ZGW_CONFIG_ALLOWED_FILE_EXTENSIONS=None, - ZGW_CONFIG_MIJN_AANVRAGEN_TITLE_TEXT=None, - ZGW_CONFIG_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=None, - ZGW_CONFIG_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=None, - ZGW_CONFIG_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=None, - ZGW_CONFIG_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=None, + ZGW_ZAAK_MAX_CONFIDENTIALITY=None, + ZGW_DOCUMENT_MAX_CONFIDENTIALITY=None, + ZGW_ACTION_REQUIRED_DEADLINE_DAYS=None, + ZGW_ALLOWED_FILE_EXTENSIONS=None, + ZGW_MIJN_AANVRAGEN_TITLE_TEXT=None, + ZGW_ENABLE_CATEGORIES_FILTERING_WITH_ZAKEN=None, + ZGW_SKIP_NOTIFICATION_STATUSTYPE_INFORMEREN=None, + ZGW_REFORMAT_ESUITE_ZAAK_IDENTIFICATIE=None, + ZGW_FETCH_EHERKENNING_ZAKEN_WITH_RSIN=None, ) def test_configure_use_defaults(self): ZakenAPIConfigurationStep().configure() @@ -121,16 +121,16 @@ def test_configure_use_defaults(self): document_service = config.document_service form_service = config.form_service - self.assertEqual(zaak_service.api_root, ZAKEN_API_ROOT) + self.assertEqual(zaak_service.api_root, ZAAK_SERVICE_API_ROOT) self.assertEqual(zaak_service.client_id, "open-inwoner-test") self.assertEqual(zaak_service.secret, "zaken-secret") - self.assertEqual(catalogi_service.api_root, CATALOGI_API_ROOT) + self.assertEqual(catalogi_service.api_root, CATALOGI_SERVICE_API_ROOT) self.assertEqual(catalogi_service.client_id, "open-inwoner-test") self.assertEqual(catalogi_service.secret, "catalogi-secret") - self.assertEqual(document_service.api_root, DOCUMENTEN_API_ROOT) + self.assertEqual(document_service.api_root, DOCUMENTEN_SERVICE_API_ROOT) self.assertEqual(document_service.client_id, "open-inwoner-test") self.assertEqual(document_service.secret, "documenten-secret") - self.assertEqual(form_service.api_root, FORMULIEREN_API_ROOT) + self.assertEqual(form_service.api_root, FORM_SERVICE_API_ROOT) self.assertEqual(form_service.client_id, "open-inwoner-test") self.assertEqual(form_service.secret, "forms-secret") @@ -164,11 +164,11 @@ def test_configuration_check_ok(self, m): configuration.configure() - m.get(f"{ZAKEN_API_ROOT}statussen", json=[]) - m.get(f"{CATALOGI_API_ROOT}zaaktypen", json=[]) - m.get(f"{DOCUMENTEN_API_ROOT}objectinformatieobjecten", json=[]) + m.get(f"{ZAAK_SERVICE_API_ROOT}statussen", json=[]) + m.get(f"{CATALOGI_SERVICE_API_ROOT}zaaktypen", json=[]) + m.get(f"{DOCUMENTEN_SERVICE_API_ROOT}objectinformatieobjecten", json=[]) m.get( - f"{FORMULIEREN_API_ROOT}openstaande-inzendingen", + f"{FORM_SERVICE_API_ROOT}openstaande-inzendingen", json=[], ) @@ -181,14 +181,14 @@ def test_configuration_check_ok(self, m): inzendingen_request, ) = m.request_history - self.assertEqual(status_request.url, f"{ZAKEN_API_ROOT}statussen") - self.assertEqual(zaaktype_request.url, f"{CATALOGI_API_ROOT}zaaktypen") + self.assertEqual(status_request.url, f"{ZAAK_SERVICE_API_ROOT}statussen") + self.assertEqual(zaaktype_request.url, f"{CATALOGI_SERVICE_API_ROOT}zaaktypen") self.assertEqual( - oio_request.url, f"{DOCUMENTEN_API_ROOT}objectinformatieobjecten" + oio_request.url, f"{DOCUMENTEN_SERVICE_API_ROOT}objectinformatieobjecten" ) self.assertEqual( inzendingen_request.url, - f"{FORMULIEREN_API_ROOT}openstaande-inzendingen?bsn=000000000", + f"{FORM_SERVICE_API_ROOT}openstaande-inzendingen?bsn=000000000", ) @requests_mock.Mocker() @@ -210,7 +210,7 @@ def test_configuration_check_failures(self, m): ) for mock_config in mock_kwargs: with self.subTest(mock=mock_config): - m.get(f"{ZAKEN_API_ROOT}statussen", **mock_config) + m.get(f"{ZAAK_SERVICE_API_ROOT}statussen", **mock_config) with self.assertRaises(SelfTestFailed): configuration.test_configuration() From 8c8faa8ddba072f1ca51860eaf32dad1037749cb Mon Sep 17 00:00:00 2001 From: Paul Schilling Date: Fri, 3 May 2024 10:10:50 +0200 Subject: [PATCH 9/9] [#2297] Add description for JSONField + FileField --- docs/configuration/admin_oidc.rst | 2 +- docs/configuration/digid_oidc.rst | 2 +- docs/configuration/digid_saml.rst | 8 ++++---- docs/configuration/eherkenning_oidc.rst | 2 +- docs/configuration/eherkenning_saml.rst | 8 ++++---- .../configurations/bootstrap/choices.py | 17 ++++++++++++++++- 6 files changed, 27 insertions(+), 12 deletions(-) diff --git a/docs/configuration/admin_oidc.rst b/docs/configuration/admin_oidc.rst index 608a45e7f7..0da484becb 100644 --- a/docs/configuration/admin_oidc.rst +++ b/docs/configuration/admin_oidc.rst @@ -58,7 +58,7 @@ Detailed Information Variable ADMIN_OIDC_CLAIM_MAPPING Setting claim mapping Description Mapping from user-model fields to OIDC claims - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {'email': 'email', 'first_name': 'given_name', 'last_name': 'family_name'} Variable ADMIN_OIDC_GROUPS_CLAIM diff --git a/docs/configuration/digid_oidc.rst b/docs/configuration/digid_oidc.rst index 5e8d252385..2e1f24cee2 100644 --- a/docs/configuration/digid_oidc.rst +++ b/docs/configuration/digid_oidc.rst @@ -62,7 +62,7 @@ Detailed Information Variable DIGID_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {} Variable DIGID_OIDC_IDENTIFIER_CLAIM_NAME diff --git a/docs/configuration/digid_saml.rst b/docs/configuration/digid_saml.rst index 52db859f41..3743f3c6fc 100644 --- a/docs/configuration/digid_saml.rst +++ b/docs/configuration/digid_saml.rst @@ -90,13 +90,13 @@ Detailed Information Variable DIGID_CERTIFICATE_PRIVATE_KEY Setting private key Description The content of the private key - Possible values No information available + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml Default value No default Variable DIGID_CERTIFICATE_PUBLIC_CERTIFICATE Setting public certificate Description The content of the certificate - Possible values No information available + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml Default value No default Variable DIGID_CERTIFICATE_TYPE @@ -120,7 +120,7 @@ Detailed Information Variable DIGID_IDP_METADATA_FILE Setting metadata identity provider Description Het bestand met metadata van de identity provider. Deze wordt automatisch opgehaald via de ingestelde metadata-URL. - Possible values No information available + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml Default value No default Variable DIGID_IDP_SERVICE_ENTITY_ID @@ -156,7 +156,7 @@ Detailed Information Variable DIGID_REQUESTED_ATTRIBUTES Setting gewenste attributen Description Een lijst van strings (of objecten) met de gewenste attributen, bijvoorbeeld '["bsn"]' - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {'name': 'bsn', 'required': True} Variable DIGID_SERVICE_DESCRIPTION diff --git a/docs/configuration/eherkenning_oidc.rst b/docs/configuration/eherkenning_oidc.rst index 548d9efdaf..b629ca866d 100644 --- a/docs/configuration/eherkenning_oidc.rst +++ b/docs/configuration/eherkenning_oidc.rst @@ -62,7 +62,7 @@ Detailed Information Variable EHERKENNING_OIDC_ERROR_MESSAGE_MAPPING Setting Error message mapping Description Mapping that maps error messages returned by the identity provider to human readable error messages that are shown to the user - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {} Variable EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME diff --git a/docs/configuration/eherkenning_saml.rst b/docs/configuration/eherkenning_saml.rst index c47e185a04..667147db3f 100644 --- a/docs/configuration/eherkenning_saml.rst +++ b/docs/configuration/eherkenning_saml.rst @@ -97,13 +97,13 @@ Detailed Information Variable EHERKENNING_CERTIFICATE_PRIVATE_KEY Setting private key Description The content of the private key - Possible values No information available + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml Default value No default Variable EHERKENNING_CERTIFICATE_PUBLIC_CERTIFICATE Setting public certificate Description The content of the certificate - Possible values No information available + Possible values string represeting the (absolute) path to a file, including file extension: /absolute/path/to/file.xml Default value No default Variable EHERKENNING_CERTIFICATE_TYPE @@ -133,7 +133,7 @@ Detailed Information Variable EHERKENNING_EH_REQUESTED_ATTRIBUTES Setting gewenste attributen Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} Variable EHERKENNING_EH_SERVICE_INSTANCE_UUID @@ -163,7 +163,7 @@ Detailed Information Variable EHERKENNING_EIDAS_REQUESTED_ATTRIBUTES Setting gewenste attributen Description Een lijst van extra gewenste attributen. Eén enkel gewenst attribuut kan een string (de naam van het attribuut) zijn of een object met de sleutels 'name' en 'required', waarbij 'name' een string is en 'required' een boolean. - Possible values No information available + Possible values Mapping: {'some_key': 'Some value'} Default value {'name': 'urn:etoegang:1.9:attribute:FirstName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:FamilyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.9:attribute:DateOfBirth', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}}, {'name': 'urn:etoegang:1.11:attribute-represented:CompanyName', 'required': True, 'purpose_statements': {'en': 'For testing purposes.', 'nl': 'Voor testdoeleinden.'}} Variable EHERKENNING_EIDAS_SERVICE_INSTANCE_UUID diff --git a/src/open_inwoner/configurations/bootstrap/choices.py b/src/open_inwoner/configurations/bootstrap/choices.py index 730ec5199b..02d7cd4cd1 100644 --- a/src/open_inwoner/configurations/bootstrap/choices.py +++ b/src/open_inwoner/configurations/bootstrap/choices.py @@ -6,8 +6,23 @@ class BasicFieldDescription(models.TextChoices): ArrayField = _("string, comma-delimited ('foo,bar,baz')") BooleanField = "True, False" CharField = _("string") + FileField = _( + "string represeting the (absolute) path to a file, including file extension: {example}".format( + example="/absolute/path/to/file.xml" + ) + ) + ImageField = _( + "string represeting the (absolute) path to an image file, including file extension: {example}".format( + example="/absolute/path/to/image.png" + ) + ) IntegerField = _("string representing an integer") + JSONField = _("Mapping: {example}".format(example="{'some_key': 'Some value'}")) PositiveIntegerField = _("string representing a positive integer") TextField = _("text (string)") URLField = _("string (URL)") - UUIDField = _("UUID string (e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34)") + UUIDField = _( + "UUID string {example}".format( + example="(e.g. f6b45142-0c60-4ec7-b43d-28ceacdc0b34)" + ) + )