eimis-ans · ad2ien · May 30, 2024 · May 22, 2024 · May 22, 2024 · May 23, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,29 @@
+name: Lint
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+jobs:
+  lint-python:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+      - run: pip install tox
+      - run: tox -e check_codestyle
+
+  lint-markdown:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Lint markdown files
+        uses: avto-dev/markdown-lint@v1.5.0
+        with:
+          args: "**/*.md"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,18 @@
+name: Tests
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+      - run: pip install tox
+      - run: tox -e py
diff --git a/.markdownlint.yaml b/.markdownlint.yaml
@@ -0,0 +1 @@
+line-length: false
diff --git a/README.md b/README.md
@@ -1,2 +1,55 @@
-# eimis-prosante-connect-module
-A synapse module used by EIMIS to filter and map users registered through Prosanté Connect
+# EIMIS Pro Santé Connect module
+
+![Matrix](https://img.shields.io/badge/matrix-000000?logo=Matrix&logoColor=white)
+![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/eimis-ans/eimis-prosante-connect-module/lint.yml?label=lint&logo=github)
+![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/eimis-ans/eimis-prosante-connect-module/test.yml?label=test&logo=github)
+![License](https://img.shields.io/badge/license-Apache%202-blue.svg)
+
+A synapse module used by EIMIS to filter and map users registered through Pro Santé Connect
+
+## OIDC configuration
+
+Todo: how to configure keycloak to have the same token than PSC?
+
+## Synapse configuration
+
+```yaml
+  - idp_id: psc
+    idp_name: "Pro Santé Connect"
+    idp_icon: "{{ mxc_psc.stdout }}"
+    discover: false
+    issuer: "{{ prosante_connect.issuer }}"
+    authorization_endpoint: "{{ prosante_connect.authorization_endpoint }}"
+    token_endpoint: "{{ prosante_connect.token_endpoint }}"
+    userinfo_endpoint: "{{ prosante_connect.userinfo_endpoint }}"
+    jwks_uri: "{{ prosante_connect.jwks_uri }}"
+    client_id: "{{ prosante_connect.client_id }}"
+    client_secret: "{{ prosante_connect.client_secret }}"
+    user_profile_method: userinfo_endpoint
+    scopes: ["openid", "scope_all"]
+    user_mapping_provider:
+      module: synapse.psc_mapping_provider.ProsanteConnectMappingProvider
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.given_name }} {{ user.family_name }}"
+        email_template: "{{ user.email }}"
+    backchannel_logout_enabled: true # Optional
+```
+
+## User info
+
+<https://industriels.esante.gouv.fr/produits-et-services/pro-sante-connect/userinfo>
+
+## Dev
+
+### lint
+
+```bash
+tox -e check_codestyle
+```
+
+### test
+
+```bash
+tox -e py
+```
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: "3.9"
 services:
   db:
     image: postgres:15-alpine
@@ -49,7 +48,7 @@ services:
       start_period: 30s
 
   synapse:
-    image: matrixdotorg/synapse:v1.98.0
+    image: matrixdotorg/synapse:v1.104.0
     ports:
       - "8008:8008"
     volumes:

diff --git a/psc_mapping_provider/__init__.py b/psc_mapping_provider/__init__.py
@@ -1,12 +1,9 @@
 import logging
-from typing import (
-    Dict,
-    Optional, Any, List,
-)
+from typing import Any, Dict, List, Optional
 
 import attr
 from authlib.oidc.core import UserInfo
-from jinja2 import Template, Environment
+from jinja2 import Environment, Template
 from synapse.config import ConfigError
 from synapse.handlers.oidc import OidcMappingProvider, Token, UserAttributeDict
 from synapse.types import map_username_to_mxid_localpart
@@ -40,14 +37,13 @@ class ProsanteConnectMappingConfig:
 
 
 class ProsanteConnectMappingProvider(OidcMappingProvider[ProsanteConnectMappingConfig]):
-
     def __init__(self, parsed_config: ProsanteConnectMappingConfig):
         self._config = parsed_config
 
     @staticmethod
     def parse_config(config: dict) -> ProsanteConnectMappingConfig:
         def parse_template_config_with_claim(
-                option_name: str, default_claim: str
+            option_name: str, default_claim: str
         ) -> Template:
             template_name = f"{option_name}_template"
             template = config.get(template_name)
@@ -108,10 +104,10 @@ def get_remote_user_id(self, userinfo: UserInfo) -> str:
         return self._config.subject_template.render(user=userinfo).strip()
 
     async def map_user_attributes(
-            self, userinfo: UserInfo, token: Token, failures: int
+        self, userinfo: UserInfo, token: Token, failures: int
     ) -> UserAttributeDict:
         localpart = None
-        logger.info("Mapping user attributes with userinfo %s", userinfo)
+        logger.info("PSC Mapping user attributes with userinfo %s", userinfo)
 
         if self._config.localpart_template:
             localpart = self._config.localpart_template.render(user=userinfo).strip()

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,28 +1,3 @@
-[project]
-name = "eimis-prosante-connect-module"
-description = "A synapse module used by EIMIS to filter and map users registered through Prosanté Connect"
-authors = [
-    { name = "Eimis team", email = "eimis@beta.gouv.fr" },
-]
-readme = "README.md"
-version = "0.0.1"
-requires-python = ">=3.8"
-classifiers = [
-    "Programming Language :: Python :: 3",
-]
-dependencies = [
-    "requests",
-    'importlib-metadata; python_version<"3.10"',
-    "authlib >=0.15.1",
-    "unpaddedbase64 >=2.1.0",
-    "jinja2 >=3.0",
-    "pymacaroons >=0.13.0",
-    "twisted >=18.9.0"
-]
-
 [build-system]
 requires = ["setuptools", "setuptools-scm"]
 build-backend = "setuptools.build_meta"
-
-[project.optional-dependencies]
-ALONE = ["matrix-synapse>=1.98.0"]
diff --git a/setup.cfg b/setup.cfg
@@ -0,0 +1,40 @@
+[metadata]
+name = psc_mapping_provider
+description = "A synapse module used by EIMIS to filter and map users registered through Prosanté Connect"
+long_description = file: README.md
+long_description_content_type = text/markdown
+version = 0.1.0
+
+classifiers =
+  License :: OSI Approved :: Apache Software License
+
+[options]
+python_requires = >= 3.9
+install_requires =
+  attrs
+
+
+[options.extras_require]
+dev =
+  # for tests
+  matrix-synapse
+  tox
+  twisted
+  aiounittest
+  # for type checking
+  mypy == 0.910
+  # for linting
+  black == 22.3.0
+  flake8 == 4.0.1
+  isort == 5.9.3
+
+
+[flake8]
+# see https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
+# for error codes. The ones we ignore are:
+#  W503: line break before binary operator
+#  W504: line break after binary operator
+#  E203: whitespace before ':' (which is contrary to pep8?)
+#  E501: Line too long (black enforces this for us)
+# (this is a subset of those ignored in Synapse)
+ignore=W503,W504,E203,E501
diff --git a/setup.py b/setup.py