diff --git a/.env.template b/.env.template
index 0f1d31bceb..3413bec54b 100644
--- a/.env.template
+++ b/.env.template
@@ -3,11 +3,13 @@
############################
# Should be set to the name of the postgres container
-POSTGRES_HOST="hyperion-db"
POSTGRES_USER=""
POSTGRES_PASSWORD=""
+POSTGRES_HOST=""
POSTGRES_DB="hyperion"
POSTGRES_TZ="Etc/UTC"
+# The database can be accessed through the command line with
+# psql -U $POSTGRES_USER -d $POSTGRES_DB
########################
# Redis configuration #
@@ -16,8 +18,8 @@ POSTGRES_TZ="Etc/UTC"
# We use the default redis configuration, so the protected mode is enabled by default (see https://redis.io/docs/manual/security/#protected-mode)
# If you want to use a custom configuration, a password and a specific binds should be used to avoid security issues
-# May be left at "" during dev if you don't have a redis server running, in production it should be set to the name of the redis container
-REDIS_HOST="hyperion-redis"
+# REDIS_HOST may be commented to disable Redis during development if you don't have a redis server running, in production it should be set to the name of the redis container
+#REDIS_HOST="localhost"
REDIS_PORT=6379
# Should be commented during development to work with docker-compose-dev, and set in production
#REDIS_PASSWORD=""
diff --git a/.github/workflows/lintandformat.yml b/.github/workflows/lintandformat.yml
index bb6103ddbb..a3f253cc14 100644
--- a/.github/workflows/lintandformat.yml
+++ b/.github/workflows/lintandformat.yml
@@ -26,7 +26,7 @@ jobs:
uses: actions/cache@v4.3.0
with:
path: ~/.cache/uv
- key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles('requirements-common.txt', 'requirements-dev.txt') }}
+ key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles('requirements.txt', 'requirements-dev.txt') }}
- name: Install uv
run: curl -LsSf https://astral.sh/uv/install.sh | sh
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ca393c56ec..079431ca1a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
- 6379:6379
postgres:
# Docker Hub image
- image: postgres
+ image: "postgres:15.1"
# Provide the password for postgres
env:
POSTGRES_PASSWORD: "somerealpassword"
@@ -57,14 +57,14 @@ jobs:
uses: actions/setup-python@v6
id: setup-python
with:
- python-version: "3.11"
+ python-version: "3.12"
- name: Cache uv folder
id: cache-uv
uses: actions/cache@v4.3.0
with:
path: ~/.cache/uv
- key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles('requirements-common.txt', 'requirements-dev.txt') }}
+ key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles('requirements.txt', 'requirements-dev.txt') }}
- name: Install uv
run: curl -LsSf https://astral.sh/uv/install.sh | sh
diff --git a/.gitignore b/.gitignore
index 12a8f754f3..d02855758b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,28 +1,26 @@
# Cache folders
-__pycache__
-.mypy_cache
-.pytest_cache
-.ruff_cache
-
-# Databases and data
-sql_app.db
-test.db
+__pycache__/
+.mypy_cache/
+.pytest_cache/
+.ruff_cache/
+
+# Databases (PostgreSQL and SQLite)
+hyperion-db/
+*.db
+
+# Persistent data as files
data/
-# Dotenv file
+# Configuration and secrets files
.env
config.yaml
-
-
-# Firebase secrets
firebase.json
# macOS
.DS_Store
# Virtual environment
-.venv
-.python-version
+.venv/
# Logs
logs/
@@ -30,10 +28,9 @@ logs/
# Pytest-cov
.coverage
-# Jinja templates test output
+# Jinja output templates and test output
tests/jinja_test_outputs/
+node_modules/
# Local testing
scripts/
-
-node_modules
\ No newline at end of file
diff --git a/.python-version b/.python-version
new file mode 100644
index 0000000000..25ce095ac1
--- /dev/null
+++ b/.python-version
@@ -0,0 +1 @@
+3.12.11
\ No newline at end of file
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index 95d418c7b2..57739f63ba 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,7 +1,8 @@
{
- "recommendations": [
- "ms-python.python",
- "ms-python.mypy-type-checker",
- "charliermarsh.ruff",
- ]
-}
\ No newline at end of file
+ "recommendations": [
+ "ms-python.python",
+ "ms-python.mypy-type-checker",
+ "charliermarsh.ruff",
+ "tamasfe.even-better-toml"
+ ]
+}
diff --git a/.vscode/launch.json b/.vscode/launch.json
index d6f3ab8e55..defabec9ab 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
"type": "debugpy",
"request": "launch",
"module": "fastapi_cli",
- "args": ["dev", "app/main.py"],
+ "args": ["dev"],
"jinja": true,
"justMyCode": true
}
diff --git a/Dockerfile b/Dockerfile
index e89decef98..f64edf479a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,10 +20,10 @@ RUN groupadd --gid 1000 hyperion && \
WORKDIR /hyperion
# First copy only the requirements to leverage Docker cache
-COPY requirements-common.txt .
+COPY requirements.txt .
# Install dependencies using uv (way faster than pip)
-RUN uv pip install --system --no-cache -r requirements-common.txt
+RUN uv pip install --system --no-cache -r requirements.txt
# Then copy the rest of the application code
COPY alembic.ini .
@@ -43,4 +43,4 @@ EXPOSE 8000
# Use fastapi cli as the entrypoint
# Use sh -c to allow environment variable expansion
-ENTRYPOINT ["sh", "-c", "fastapi run app/main.py --workers $WORKERS --host 0.0.0.0 --port 8000"]
\ No newline at end of file
+ENTRYPOINT ["sh", "-c", "fastapi run --workers $WORKERS --host 0.0.0.0 --port 8000"]
diff --git a/README.md b/README.md
index 913222d0ad..3343cf5ff3 100644
--- a/README.md
+++ b/README.md
@@ -8,16 +8,33 @@ Hyperion is the API of an open-source project launched by ÉCLAIR, the computer
The structure of this project is modular. Hyperion has a core that performs vital functions (authentication, database migration, authorization, etc). The other functions of Hyperion are realized in what we call modules. You can contribute to the project by adding modules if you wish.
-## Creating a virtual environment for Python 3.11.x
+## 1. Creating a virtual environment for Python 3.12
+
+
+
### Windows
+
+
Create the virtual environment
> You need to be in Hyperion main folder
```bash
-py -3.11 -m venv .venv
+py -3.12 -m venv .venv
+```
+
+If you get an error saying roughly:
+
+```
+because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
+```
+
+Then in a Powershell, run this to allow scripts executions for your user:
+
+```ps1
+Set-ExecutionPolicy Unrestricted -Scope CurrentUser
```
Activate it
@@ -26,8 +43,15 @@ Activate it
.\.venv\Scripts\activate
```
+
+
+
+
+
### macOS (using Pyenv)
+
+
Install Pyenv
```bash
@@ -45,7 +69,7 @@ eval "$(pyenv virtualenv-init -)"
Create the virtual environment
```bash
-pyenv virtualenv 3.11.0 hyperion
+pyenv virtualenv 3.12.0 hyperion
```
Activate it
@@ -54,113 +78,338 @@ Activate it
pyenv activate hyperion
```
-## Install dependencies
+
+
+## 2. Install dependencies
+
+### About Jellyfish and Rust
+
+If you don't have Rust installed or don't want to install it, decrease the version of `jellyfish` to `0.10.0` in the `requirements.txt` file:
+
+```
+jellyfish==0.10.0 # String Matching
+```
+
+### About Weasyprint and Pango
-### Development requirements
+Follow the installation steps at https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation.
+
+For Windows, the best way is through MSYS2, Mac users can simply install using Homebrew.
+
+### Install dependencies (for real)
+
+Install the dependencies you'll need using `pip` (the common requirements are included in the development requirements):
```bash
pip install -r requirements-dev.txt
```
-> If you need to remove all modules from your virtual environnement, you may use the following command with caution
->
-> ```bash
-> pip freeze | xargs pip uninstall -y
-> ```
+If you changed the version of Jellyfish, don't forget to set it back:
-## Linting and formating
+```
+jellyfish==1.0.4 # String Matching
+```
-To lint and format, we currently use `Ruff`. We also use `Mypy` for the type checking.
+> If you need to remove all modules from your virtual environnement, delete your `.venv` folder.
-Before each PR or git push you will need to run `ruff check --fix && ruff format` in order to format/lint your code and `mypy .` in order to verify that there is no type mismatch.
+## 3. Install and configure a database
+
+Choose either SQLite or PostgreSQL.
+
+### SQLite
+
+#### Advantages
+
+It is a binary.
+This means:
+
+- SQLite is lightweight
+- It is directly understood by your machine, no special configuration is needed.
+
+#### Disadvantages
+
+Being so light, it does not support some features nowadays common for relational databases:
+
+- Drop your database on every migration: Alembic uses features incompatible with SQLite
+
+#### Installation and configuration
-## Complete the dotenv (`.env`)
+There is nothing to do, it works out of the box.
-> Hyperion settings are documented in [app/core/config.py](./app/core/config.py).
-> Check this file to know what can and should be set using the dotenv.
+### PostgreSQL
-`SQLITE_DB` is None by default. If you want to use SQLite (if you don't use docker or don't have a postgres running), set it with the name of the db file (`app.db` for example).
+#### Advantages
-`ACCESS_TOKEN_SECRET_KEY` should be a strong random key, which will be used to sign JWT tokens
+Its advantages are many:
-`RSA_PRIVATE_PEM_STRING` will be used to sign JWS tokens
+- Very powerful database: it supports all the features you'll ever need.
+- Used in production for Hyperion.
+- Widely used in production in enterprise-grade services: useful competence on your résumé.
+- Supports migrations with Alembic.
+- A powerful CLI tool.
+
+#### Disadvantages
+
+None (not so heavy, configuration not so hard).
+
+#### Configuration
+
+
+
+
+##### Without Docker: native binaries
+
+
+
+1. Download the installer: https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
+2. Launch it and trust the wizard
+ - Keep the default folders and ports, install it all, etc...
+ - ...but put a concise password you'd remember, choose your language
+ - Don't use the "Stack Builder" (not needed)
+3. On Windows: in your path, add `C:\Program Files\PostgreSQL\17\bin` and `C:\Program Files\PostgreSQL\17\lib` (if you installed Postgres 17 in that location)
+4. Create a database named `hyperion`
+
+```sh
+psql -U postgres -c "create database hyperion;"
+```
+
+> [!TIP]
+> SQL keywords are case-insensitive by convention.
+> No need to write `CREATE DATABASE hyperion;`
+
+Now your Hyperion database can be explored by hand (as the `postgres` user, using your password you chose) with:
```bash
-# Generate a 2048 bits long PEM certificate and replace newlines by `\n`
-openssl req -newkey rsa:2048 -nodes -x509 -days 365 | sed 's/$/\\n/g' | tr -d '\n'
-# If you only want to generate a PEM certificate and save it in a file, th following command may be used
-# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
+psql -U postgres -d hyperion
```
-`REDIS` may be left blank to disable Redis during development
-Numerical values are example, change it to your needs
+then running SQL or Postgres commands in this shell, or
-```python
-REDIS_HOST = "localhost" #May be left at "" during dev if you don't have a redis server running
-REDIS_PORT = 6379
-#REDIS_PASSWORD = "pass" Should be commented during development to work with docker-compose-dev, and set in production
-REDIS_LIMIT = 1000
-REDIS_WINDOW = 60
+```bash
+psql -U postgres -d hyperion -c "select firstname from core_user;"
```
-`POSTGRES`: This section will be ignored if `SQLITE_DB` is set to True.
+
+
+
+
+
+##### With Docker
+
+
-```python
-POSTGRES_HOST = "localhost"
-POSTGRES_USER = "hyperion"
-POSTGRES_PASSWORD = "pass"
-POSTGRES_DB = "hyperion"
+> [!WARNING]
+> Work in progress
+
+```
+services:
+ hyperion-db:
+ image: postgres:15.1
+ container_name: hyperion-db
+ restart: unless-stopped
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
+ interval: 5s
+ timeout: 5s
+ retries: 5
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+ POSTGRES_HOST: ${POSTGRES_HOST}
+ POSTGRES_DB: ${POSTGRES_DB}
+ PGTZ: ${POSTGRES_TZ}
+ ports:
+ - 5432:5432
+ volumes:
+ - ./hyperion-db:/var/lib/postgresql/data
```
-## Launch the API
+
+
+## 4. Complete the dotenv (`.env`) and the `config.yaml`
+
+> [!IMPORTANT]
+> Copy the `.env.template` file in a new `.env` file, likewise copy `config.template.yaml` in a new `config.yaml`.
```bash
-fastapi dev app/main.py
+cp .env.template .env && cp config.template.yaml config.yaml
```
-## Use Alembic migrations
+> [!TIP]
+> These template files were carefully crafted to work for you with minimal personal changes to bring, and some preconfigured services.
-See [migrations README](./migrations/README)
+For later reference, these settings are documented in [app/core/config.py](./app/core/config.py).
+Check this file to know what can and should be set using these two files.
-Warning : on SQLite databases, you have to drop the database and recreate it to apply the new DDL.
+### The `.env` file
-## OpenAPI specification
+The `.env` contains environment variables which can be accessed by the OS to convey them to other services that need them, such as the database.
-API endpoints are parsed following the OpenAPI specifications at `http://127.0.0.1:8000/openapi.json`.
+#### With SQLite
-A Swagger UI is available at `http://127.0.0.1:8000/docs`. For authentication to work, a valid `AUTH_CLIENT` must be defined in the `.env`, with `http://127.0.0.1:8000/docs/oauth2-redirect` as the redirect URI, and `scope=API` must be added to the authentication request.
+Again there's nothing to do.
+
+
+
+
+#### With PostgreSQL
+
+
+
+Set your user, password, host and db.
+
+For instance, with the installer you should have something like:
+
+```sh
+POSTGRES_USER="postgres"
+POSTGRES_PASSWORD=""
+POSTGRES_HOST="localhost"
+POSTGRES_DB="hyperion"
+```
+
+While with Docker you should have rather something like:
+
+```sh
+POSTGRES_USER="hyperion"
+POSTGRES_PASSWORD=""
+# POSTGRES_HOST Should be set to the name of the postgres container
+POSTGRES_HOST="hyperion-db"
+POSTGRES_DB="hyperion"
+```
+
+
+
+### The `config.yaml` file
+
+The `config.yaml` contains environment variables that are internal to the Python runtime _because_ they are only used in the Python code.
-## Create the first user
+1. `ACCESS_TOKEN_SECRET_KEY` and `RSA_PRIVATE_PEM_STRING`: An example of each is provided.
+ You can generate your own if you want, or just change a couple characters in the examples, or deliberately leave it as it is.
+2. `SQLITE_DB`: **tells Hyperion whether to use SQLite or PostgreSQL**.
+ - If you use **SQLite**: this field should be a (relative) filename, by default we named it `app.db`, you can change this name.
+ Hyperion will create this file for you and use it as the database.
+ Any PostgreSQL-related configuration will be ignored.
+ - If you use **PostgreSQL**: empty this field.
+ Hyperion will fallback to PostgreSQL settings.
+3. `USE_FACTORIES`: `True` by default, factories seed your database, if empty, with mocked data.
+ This is useful on SQLite to repopulate your new database after dropping the previous one, of to create automatically your own user with admin privileges (see `FACTORIES_DEMO_USERS` below).
+4. `FACTORIES_DEMO_USERS`: **Replace the first user's data with yours**.
+ These future users will be created automatically when launching Hyperion with an empty database.
+ Plus, your user will be there with your password and be admin out of the box.
-You can create the first user either using Titan or calling the API directly.
+## 5. Launch the API
-> You need to use an email with the format `...@etu.ec-lyon.fr` or `...@ec-lyon.fr`
+> [!WARNING]
+> Beforehand, check that your venv is activated.
-To activate your account you will need an activation token which will be printed in the console.
+### Using VS Code
-### With Titan
+1. In the activity bar (the leftmost part), click the _Run and Debug_ icon (the play button).
+2. Click the green play button.
-Press "Créer un compte" on the first page and follow the process.
+Check that your Hyperion instance is up and running by navigating to http://localhost:8000/information.
-### Using the API directly
+### Using the command-line interface
-Create the account:
+```bash
+fastapi dev
+```
+
+Check that your Hyperion instance is up and running by navigating to http://localhost:8000/information.
+
+## 6. Create your own user (if not yet the case using factories)
+
+There are at least 5 distinct ways to do so outside the use of factories, ranked here from easiest (~GUI) to hardest (~CLI).
+
+> [!IMPORTANT]
+> Using factories is the recommended way.
+> All others methods are legacy and kept here for historical reasons (excepted using Titan, which is the way users create their account in production).
+> Feel free to create other users other ways for learning purposes.
+
+Note that registration and activation are distinct steps when calling calls to the API, so for fun you may register one way and activate your account another way (if you create your user directly in database, this distinction is not relevant).
+
+
+
+
+### Using CalypSSO
+
+
+
+#### Registering your account
+
+Go to http://localhost:8000/calypsso/register and type a valid email address to register (start the creation of) your account.
+
+#### Activating your account
+
+Go back to the shell running your Hyperion instance, in the logs look for a link looking like http://localhost:3000/calypsso/activate?activation_token=12345.
+Open it and activate (end the creation of) your account.
+
+
+
+
+
+
+### Using Titan
+
+
+
+1. Click "_Se connecter_" on the login page: you land CalypSSO's login page.
+2. Click "_Créer un compte_" and create your account using CalypSSO as above.
+
+
+
+
+
+
+### Using the API through the swagger
+
+
+
+#### Registering your account
+
+1. Go to http://localhost:8000/docs: this is called the _swagger_, a web interface to interact with the API, it is a layer on top of the "automatic documentation" (the _OpenAPI specification_) generated by FastAPI at http://localhost:8000/openapi.json.
+2. Search `/users/create`.
+3. Open it, click "Try it out".
+4. Fill in your email address, and click "Execute".
+
+#### Activating your account
+
+1. Go back to the shell running your Hyperion instance, in the logs look for a link looking like http://localhost:3000/calypsso/activate?activation_token=12345.
+2. Copy this activation token.
+3. Go again on the swagger and search `/users/activate`.
+4. Open it, click "Try it out".
+5. Fill in your information, using the `activation_token` you copied (click "Schema" next to "Edit Value" so see what fields are optional), and click "Execute".
+
+
+
+
+
+
+### Using the API in command line
+
+
+
+> [!TIP]
+> On Windows, `curl` is different.
+> To get the same results as on Linux and MacOS:
+>
+> - either replace `curl` with `curl.exe`
+> - or run the `curl` commands below in a bash (using WSL or using Git Bash)
+
+#### Registering your account
```bash
-curl --location 'http://127.0.0.1:8000/users/create' \
---header 'Content-Type: application/json' \
---data-raw '{
- "email": "<...>@etu.ec-lyon.fr",
- "account_type": "39691052-2ae5-4e12-99d0-7a9f5f2b0136"
-}'
+curl --json '{"email": "prenom.nom@etu.ec-lyon.fr"}' http://localhost:8000/users/create
```
-Activate the account:
+#### Activating your account
+
+1. Go back to the shell running your Hyperion instance, in the logs look for a link looking like http://localhost:3000/calypsso/activate?activation_token=12345.
+2. Copy this activation token.
+3. Use this `activation_token` in:
```bash
-curl --location 'http://127.0.0.1:8000/users/activate' \
---header 'Content-Type: application/json' \
---data '{
+curl --json '{
"name": "",
"firstname": "",
"nickname": "",
@@ -170,18 +419,69 @@ curl --location 'http://127.0.0.1:8000/users/activate' \
"phone": "",
"promo": 0,
"floor": ""
-}'
+}' http://localhost:8000/users/activate
+```
+
+
+
+
+
+
+### Using a database client in command line
+
+
+
+> [!WARNING]
+> Work in progress
+
+1. Open a shell connected to your database for Hyperion
+ - PostgreSQL: see above, generally `psql -U -d hyperion`.
+ - SQLite: ...
+2. Insert your own user into the users' table (for `centrale_lyon` school, generate your own user UUID and salted hash, feel free to add insert values into nullable columns) :
+
+```sql
+insert into core_user (id, firstname, name, nickname, email, password_hash, school_id, account_type) values ('01234567-89ab-cdef-0123-456789abcdef', '', '', '', '', '$2b$$', 'd9772da7-1142-4002-8b86-b694b431dfed', 'student');
```
-## Make the first user admin
+
+
+## 7. Make your user admin (if not yet the case using factories)
+
+> [!IMPORTANT]
+> Again, using factories is the recommended way.
-If there is exactly one user in the database, you can make it admin using the following command:
+### If there is exactly one user in the database
+
+Then you can make it admin using the following command:
```bash
-curl --location --request POST 'http://127.0.0.1:8000/users/make-admin'
+curl -X POST http://localhost:8000/users/make-admin
```
-## Install docker or an equivalent
+### Using a database client in command line
+
+> [!WARNING]
+> Work in progress
+
+1. Open a shell connected to your database for Hyperion
+ - PostgreSQL: see above, generally `psql -U -d hyperion`.
+ - SQLite: ...
+2. Get the UUID for your own user, then insert it and the UUID for the admin grouptype in the memberships table :
+
+```sql
+insert into core_membership (user_id, group_id) values ('', '0a25cb76-4b63-4fd3-b939-da6d9feabf28');
+```
+
+---
+
+
+
+
+# Beyond initial configuration
+
+
+
+## Install Docker or an equivalent
Install docker and the compose plugin (https://docs.docker.com/compose/install/)
@@ -189,7 +489,24 @@ Install docker and the compose plugin (https://docs.docker.com/compose/install/)
> During dev, `docker-compose-dev.yaml` can be used to run the database, the redis server etc... If you really want to run the project without docker, you can do it but you will have to install the database, redis, etc ... yourself or disable corresponding features in the .env file (which is not recommended).
----
+## Linting and formating
+
+To lint and format, we currently use `Ruff`. We also use `Mypy` for the type checking.
+
+Before each PR or git push you will need to run `ruff check --fix && ruff format` in order to format/lint your code and `mypy .` in order to verify that there is no type mismatch.
+
+## Use Alembic migrations
+
+See [migrations README](./migrations/README)
+
+> [!WARNING]
+> On SQLite databases, you have to drop the database and recreate it to apply the new DDL.
+
+## OpenAPI specification
+
+API endpoints are parsed following the OpenAPI specifications at `http://127.0.0.1:8000/openapi.json`.
+
+A Swagger UI is available at `http://127.0.0.1:8000/docs`. For authentication to work, a valid `AUTH_CLIENT` must be defined in the `.env`, with `http://127.0.0.1:8000/docs/oauth2-redirect` as the redirect URI, and `scope=API` must be added to the authentication request.
## Configure Firebase notifications
@@ -219,3 +536,5 @@ See [app/core/google_api/README.md](./app/core/google_api/README.md) for more in
For production we encourage to use multiple Uvicorn workers. You can use our [docker image](./Dockerfile) and [docker-compose file](./docker-compose.yaml) files to run Hyperion with Unicorn.
You should use our [init file](./init.py) to ensure that database initialization and migrations are only run once.
+
+
diff --git a/app/core/auth/endpoints_auth.py b/app/core/auth/endpoints_auth.py
index 96f236c189..6dcdfb97d7 100644
--- a/app/core/auth/endpoints_auth.py
+++ b/app/core/auth/endpoints_auth.py
@@ -17,7 +17,6 @@
)
from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.security import OAuth2PasswordRequestForm
-from fastapi.templating import Jinja2Templates
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.auth import cruds_auth, models_auth, schemas_auth
@@ -53,8 +52,6 @@
factory=None,
)
-templates = Jinja2Templates(directory="assets/templates")
-
# We could maybe use hyperion.security
hyperion_access_logger = logging.getLogger("hyperion.access")
hyperion_security_logger = logging.getLogger("hyperion.security")
diff --git a/app/core/myeclpay/endpoints_myeclpay.py b/app/core/myeclpay/endpoints_myeclpay.py
index 30f6e30749..1423c4bb97 100644
--- a/app/core/myeclpay/endpoints_myeclpay.py
+++ b/app/core/myeclpay/endpoints_myeclpay.py
@@ -16,7 +16,6 @@
Query,
)
from fastapi.responses import RedirectResponse
-from fastapi.templating import Jinja2Templates
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.core_endpoints import cruds_core
@@ -82,8 +81,6 @@
factory=None,
)
-templates = Jinja2Templates(directory="assets/templates")
-
hyperion_error_logger = logging.getLogger("hyperion.error")
hyperion_security_logger = logging.getLogger("hyperion.security")
diff --git a/app/core/users/endpoints_users.py b/app/core/users/endpoints_users.py
index a3f7cdb39b..a2cb63bc6c 100644
--- a/app/core/users/endpoints_users.py
+++ b/app/core/users/endpoints_users.py
@@ -16,7 +16,6 @@
UploadFile,
)
from fastapi.responses import FileResponse, RedirectResponse
-from fastapi.templating import Jinja2Templates
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.auth import cruds_auth
@@ -65,7 +64,6 @@
hyperion_error_logger = logging.getLogger("hyperion.error")
hyperion_security_logger = logging.getLogger("hyperion.security")
hyperion_s3_logger = logging.getLogger("hyperion.s3")
-templates = Jinja2Templates(directory="assets/templates")
S3_USER_SUBFOLDER = "users"
diff --git a/app/core/utils/config.py b/app/core/utils/config.py
index 4be453f6ae..1ad5fb5052 100644
--- a/app/core/utils/config.py
+++ b/app/core/utils/config.py
@@ -118,10 +118,9 @@ def settings_customise_sources(
###############################################
# Authorization using OAuth or Openid connect #
###############################################
-
- # ACCESS_TOKEN_SECRET_KEY should contain a random string with enough entropy (at least 32 bytes long) to securely sign all access_tokens for OAuth and Openid connect
+ # ACCESS_TOKEN_SECRET_KEY should contain a strong random string with enough entropy (at least 32 bytes long) to securely sign all JWT access_tokens for OAuth2 and OpenID Connect
ACCESS_TOKEN_SECRET_KEY: str
- # RSA_PRIVATE_PEM_STRING should be a string containing the PEM certificate of a private RSA key. It will be used to sign id_tokens for Openid connect authentication
+ # RSA_PRIVATE_PEM_STRING should be a string containing the PEM certificate of a private RSA key. It will be used to sign JWS id_tokens for OpenID Connect authentication
# In the pem certificates newlines can be replaced by `\n`
RSA_PRIVATE_PEM_STRING: bytes
@@ -175,7 +174,6 @@ def settings_customise_sources(
POSTGRES_USER: str = ""
POSTGRES_PASSWORD: str = ""
POSTGRES_DB: str = ""
- POSTGRES_TZ: str = ""
DATABASE_DEBUG: bool = False # If True, the database will log all queries
USE_FACTORIES: bool = (
False # If True, the database will be populated with fake data
@@ -310,7 +308,7 @@ def HYPERION_VERSION(cls) -> str:
def MINIMAL_TITAN_VERSION_CODE(cls) -> str:
with Path("pyproject.toml").open("rb") as pyproject_binary:
pyproject = tomllib.load(pyproject_binary)
- return str(pyproject["project"]["minimal-titan-version-code"])
+ return str(pyproject["tool"]["titan"]["minimal-titan-version-code"])
######################################
# Automatically generated parameters #
@@ -387,7 +385,7 @@ def OIDC_ISSUER(cls) -> str:
@computed_field # type: ignore[prop-decorator]
@cached_property
def REDIS_URL(cls) -> str | None:
- if cls.REDIS_HOST:
+ if cls.REDIS_HOST is not None and cls.REDIS_HOST != "":
# We need to include `:` before the password
return (
f"redis://:{cls.REDIS_PASSWORD or ''}@{cls.REDIS_HOST}:{cls.REDIS_PORT}"
diff --git a/app/core/utils/log.py b/app/core/utils/log.py
index 8d6d517e74..f6fe2d68d8 100644
--- a/app/core/utils/log.py
+++ b/app/core/utils/log.py
@@ -78,7 +78,7 @@ class console_color:
# Logging config
# See https://docs.python.org/3/library/logging.config.html#logging-config-dictschema
- def get_config_dict(self, settings: Settings):
+ def _get_config_dict(self, settings: Settings):
# We can't use a dependency to access settings as this function is not an endpoint. The object must thus be passed as a parameter.
# /!\ WARNING /!\
@@ -398,7 +398,7 @@ def initialize_loggers(self, settings: Settings):
# If logs/ folder does not exist, the logging module won't be able to create file handlers
Path("logs/").mkdir(parents=True, exist_ok=True)
- config_dict = self.get_config_dict(settings=settings)
+ config_dict = self._get_config_dict(settings=settings)
logging.config.dictConfig(config_dict)
loggers = [logging.getLogger(name) for name in config_dict["loggers"]]
diff --git a/app/utils/loggers_tools/matrix_handler.py b/app/utils/loggers_tools/matrix_handler.py
index d09d0e6644..d95a2b6ae1 100644
--- a/app/utils/loggers_tools/matrix_handler.py
+++ b/app/utils/loggers_tools/matrix_handler.py
@@ -1,7 +1,6 @@
import logging
from logging import StreamHandler
-
-from typing_extensions import override
+from typing import override
from app.utils.communication.matrix import Matrix
@@ -42,7 +41,6 @@ def __init__(
def emit(self, record):
if self.enabled:
msg = self.format(record)
-
try:
self.matrix.send_message(self.room_id, msg)
# We should catch and log any error, as Python may discarded them in production
diff --git a/app/utils/loggers_tools/s3_handler.py b/app/utils/loggers_tools/s3_handler.py
index 3aa0c6ed90..a64b0f0825 100644
--- a/app/utils/loggers_tools/s3_handler.py
+++ b/app/utils/loggers_tools/s3_handler.py
@@ -1,8 +1,7 @@
import string
from datetime import UTC, datetime
from logging import StreamHandler
-
-from typing_extensions import override
+from typing import override
from app.types.s3_access import S3Access
from app.utils.tools import get_random_string
diff --git a/app/utils/state.py b/app/utils/state.py
index f5e109e9f8..0a31dde7fe 100644
--- a/app/utils/state.py
+++ b/app/utils/state.py
@@ -85,7 +85,7 @@ def init_redis_client(
Returns None if Redis is not configured.
"""
redis_client: redis.Redis | None = None
- if settings.REDIS_HOST:
+ if settings.REDIS_HOST is not None and settings.REDIS_HOST != "":
try:
redis_client = redis.Redis(
host=settings.REDIS_HOST,
@@ -110,7 +110,7 @@ async def init_scheduler(
settings: Settings,
_dependency_overrides: dict[Callable[..., Any], Callable[..., Any]],
) -> Scheduler:
- if settings.REDIS_HOST:
+ if settings.REDIS_HOST is not None and settings.REDIS_HOST != "":
scheduler = Scheduler()
await scheduler.start(
@@ -152,7 +152,7 @@ def init_payment_tools(
hyperion_error_logger: logging.Logger,
) -> dict[HelloAssoConfigName, PaymentTool]:
if settings.HELLOASSO_API_BASE is None:
- hyperion_error_logger.error(
+ hyperion_error_logger.warning(
"HelloAsso API base URL is not set in settings, payment won't be available",
)
return {}
diff --git a/config.template.yaml b/config.template.yaml
index 19af2cd525..73699fb80a 100644
--- a/config.template.yaml
+++ b/config.template.yaml
@@ -1,71 +1,87 @@
###############################################
# Authorization using OAuth or Openid connect #
###############################################
+
# ACCESS_TOKEN_SECRET_KEY should contain a random string with enough entropy (at least 32 bytes long) to securely sign all access_tokens for OAuth and Openid connect
-ACCESS_TOKEN_SECRET_KEY: ""
+ACCESS_TOKEN_SECRET_KEY: #YWZOHliiI53lJMJc5BI_WbGbA4GF2T7Wbt1airIhOXEa3c021c4-1c55-4182-b141-7778bcc8fac4
+
# RSA_PRIVATE_PEM_STRING should be a string containing the PEM certificate of a private RSA key. It will be used to sign id_tokens for Openid connect authentication
-# The example below was generated using a 2048-bit RSA key generator
+# The 2048-bit-long PEM certificate example below was generated using a 2048-bit RSA key generator online.
+# If you want to generate a PEM certificate and save in a file, the following openssl command may be used:
+# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
RSA_PRIVATE_PEM_STRING: |
- #-----BEGIN RSA PRIVATE KEY-----
- #MIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k
- #iClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN
- #x0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto
- #W9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR
- #9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+
- #VAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/
- #kYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ
- #OKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L
- #H9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA
- #rro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh
- #Kui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF
- #vvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN
- #i0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE
- #xjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt
- #CHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h
- #DygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4
- #EX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c
- #//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC
- #kqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr
- #kQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2
- #6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA
- #0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi
- #1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb
- #nADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32
- #8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=
- #-----END RSA PRIVATE KEY-----
-
-# Host or url of the instance of Hyperion
-# This url will be especially used for oidc/oauth2 discovery endpoint and links send by email
-# NOTE: A trailing / is required
-CLIENT_URL: http://127.0.0.1:8000/
+ # -----BEGIN RSA PRIVATE KEY-----
+ # MIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k
+ # iClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN
+ # x0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto
+ # W9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR
+ # 9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+
+ # VAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/
+ # kYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ
+ # OKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L
+ # H9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA
+ # rro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh
+ # Kui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF
+ # vvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN
+ # i0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE
+ # xjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt
+ # CHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h
+ # DygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4
+ # EX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c
+ # //Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC
+ # kqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr
+ # kQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2
+ # 6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA
+ # 0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi
+ # 1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb
+ # nADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32
+ # 8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=
+ # -----END RSA PRIVATE KEY-----
+
+# Host or URL of the instance of Hyperion
+# This url will be especially used for OIDC/OAuth2 discovery endpoint and links send by email
+CLIENT_URL: http://127.0.0.1:8000/ # NOTE: A trailing / is required
# Sometimes, when running third services with oidc inside Docker containers, and running Hyperion on your local device
# you may need to use a different url for call made from docker and call made from your device
# For exemple:
-# you will access the login page from your browser http://localhost:8000/auth/authorize
-# but the docker container should call http://host.docker.internal:8000/auth/token and not your localhost address
-# NOTE: A trailing / is required
-#OVERRIDDEN_CLIENT_URL_FOR_OIDC: "http://host.docker.internal:8000/"
+# - you will access the login page from your browser http://localhost:8000/auth/authorize
+# - but the docker container should call http://host.docker.internal:8000/auth/token and not your localhost address
+#OVERRIDDEN_CLIENT_URL_FOR_OIDC: http://host.docker.internal:8000/ # NOTE: A trailing / is required
+
+# Origins for the CORS middleware. `["http://localhost:3000"]` can be used for development.
+# See https://fastapi.tiangolo.com/tutorial/cors/
+# It should begin with 'http://' or 'https:// and should never end with a '/'
+CORS_ORIGINS:
+ - "*" # For a local instance, using a wildcard "*" is convenient
+# - http://localhost:3000
+# - http://127.0.0.1:3000
+
+################
+# Auth Clients #
+################
-# Configure AuthClients, to allow services to authenticate users using OAuth2 or Openid connect
-# The following format should be used in yaml config files:
+# Configure AuthClients, to allow services to authenticate users using OAuth2 or OpenID Connect
+# The Python-expected type is `dict[str, AuthClientConfig]` where the class `AuthClientConfig` is from `app.core.utils.config`.
+# Thus, the following format should be used in yaml config files:
# ```yml
# AUTH_CLIENTS:
# :
-# secret:
+# secret: (or to use PKCE instead of a client secret)
# redirect_uri:
# -
# -
# auth_client:
# ```
# `AuthClientClassName` should be a class from `app.utils.auth.providers`
-# `secret` may be omitted to use PKCE instead of a client secret
AUTH_CLIENTS:
Titan:
- secret:
+ secret: null # PKCE
redirect_uri:
- http://localhost:3000/static.html
- http://127.0.0.1:3000/static.html
+ - https://myecl.fr/static.html
+ - fr.myecl.titan://authorized
auth_client: AppAuthClient
Postman:
secret: PostmanSecret
@@ -80,22 +96,42 @@ AUTH_CLIENTS:
# Hyperion settings #
#####################
-LOG_DEBUG_MESSAGES: True
+SQLITE_DB: app.db # If set, the application use a SQLite database instead of PostgreSQL, for testing or development purposes (if possible PostgreSQL should be used instead)
+DATABASE_DEBUG: False # If True, will print all SQL queries in the console
+LOG_DEBUG_MESSAGES: False
-# Origins for the CORS middleware. `["http://localhost"]` can be used for development.
-# See https://fastapi.tiangolo.com/tutorial/cors/
-# It should begin with 'http://' or 'https:// and should never end with a '/'
-CORS_ORIGINS:
- - http://localhost:3000
- - http://127.0.0.1:3000
-# - *
+#############
+# Factories #
+#############
-# If set, the application use a SQLite database instead of PostgreSQL, for testing or development purposes (if possible Postgresql should be used instead)
-SQLITE_DB: app.db
-# If True, will print all SQL queries in the console
-DATABASE_DEBUG: False
-# if True and the database is empty, it will be seeded with mocked data
-USE_FACTORIES: True
+USE_FACTORIES: True # if True and the database is empty, it will be seeded with mocked data
+
+# Configure demo users, to populate the db with your users
+# The Python-expected type is `list[UserDemoFactoryConfig]` where the class `UserDemoFactoryConfig` is from `app.core.utils.config`.
+# Thus, the following format should be used in yaml config files:
+# ```yml
+# FACTORIES_DEMO_USERS
+# - firstname:
+# name:
+# nickname: (or )
+# email:
+# password:
+# groups:
+# -
+# -
+# ```
+# Group UUIDs should be values of the GroupType enum from `app.core.groups.groupe_type.GroupType`
+FACTORIES_DEMO_USERS:
+ - firstname: #Foucauld
+ name: #Bellanger
+ nickname: #Ñool
+ email: #foucauld.bellanger@etu.ec-lyon.fr
+ password: #azerty
+ groups:
+ - 0a25cb76-4b63-4fd3-b939-da6d9feabf28 # admin
+ - 45649735-866a-49df-b04b-a13c74fd5886 # AE
+ - 1f841bd9-00be-41a7-96e1-860a18a46105 # eclair
+ # - firstname: ...
#####################################
# SMTP configuration using starttls #
@@ -103,10 +139,10 @@ USE_FACTORIES: True
SMTP_ACTIVE: False
SMTP_PORT: 587
-SMTP_SERVER: ""
-SMTP_USERNAME: ""
-SMTP_PASSWORD: ""
-SMTP_EMAIL: ""
+SMTP_SERVER:
+SMTP_USERNAME:
+SMTP_PASSWORD:
+SMTP_EMAIL:
##########################
# Firebase Configuration #
@@ -114,7 +150,7 @@ SMTP_EMAIL: ""
# To enable Firebase push notification capabilities, a JSON key file named `firebase.json` should be placed at Hyperion root.
# This file can be created and downloaded from [Google cloud, IAM and administration, Service account](https://console.cloud.google.com/iam-admin/serviceaccounts) page.
-USE_FIREBASE: false
+USE_FIREBASE: False
########################
# Matrix configuration #
########################
@@ -124,10 +160,10 @@ USE_FIREBASE: false
# If the following parameters are not set, logging won't use the Matrix handler
# MATRIX_SERVER_BASE_URL is optional, the official Matrix server will be used if not configured
# Advanced note: Username and password will be used to ask for an access token. A Matrix custom client `Hyperion` is used to make all requests
-#MATRIX_SERVER_BASE_URL: ""
-#MATRIX_TOKEN: ""
-#MATRIX_LOG_ERROR_ROOM_ID: ""
-#MATRIX_LOG_AMAP_ROOM_ID: ""
+#MATRIX_SERVER_BASE_URL: https://matrix.example.org/
+#MATRIX_TOKEN: mct_...
+#MATRIX_LOG_ERROR_ROOM_ID: !...:myecl.fr
+#MATRIX_LOG_AMAP_ROOM_ID:
#############################
# Token to use the TMDB API #
@@ -135,7 +171,7 @@ USE_FIREBASE: false
# This API key is required in order to send requests to the Internet Movie Database.
# It is only used in the Cinema module.
-#THE_MOVIE_DB_API: ""
+#THE_MOVIE_DB_API:
####################
# S3 configuration #
@@ -143,9 +179,9 @@ USE_FIREBASE: false
# S3 configuration is needed to use the S3 storage for MyECLPay logs
-#S3_BUCKET_NAME: ""
-#S3_ACCESS_KEY_ID: ""
-#S3_SECRET_ACCESS_KEY: ""
+#S3_BUCKET_NAME:
+#S3_ACCESS_KEY_ID:
+#S3_SECRET_ACCESS_KEY:
##############
# Google API #
@@ -154,14 +190,14 @@ USE_FIREBASE: false
# Google API configuration #
# Google API is used to upload files to Google Drive
# See ./app/utils/google_api/README.md for more information
-#GOOGLE_API_CLIENT_ID: ""
-#GOOGLE_API_CLIENT_SECRET: ""
+#GOOGLE_API_CLIENT_ID:
+#GOOGLE_API_CLIENT_SECRET:
-#RAID_DRIVE_REFRESH_TOKEN: ""
-#RAID_DRIVE_API_KEY: ""
-#RAID_DRIVE_CLIENT_ID: ""
-#RAID_DRIVE_CLIENT_SECRET: ""
-#RAID_PAYMENT_REDIRECTION_URL: ""
+#RAID_DRIVE_REFRESH_TOKEN:
+#RAID_DRIVE_API_KEY:
+#RAID_DRIVE_CLIENT_ID:
+#RAID_DRIVE_CLIENT_SECRET:
+#RAID_PAYMENT_REDIRECTION_URL:
###########################
# HelloAsso configuration #
@@ -172,18 +208,23 @@ USE_FIREBASE: false
# HELLOASSO_API_BASE should have the format: `api.helloasso-sandbox.com`
# HelloAsso only allow 20 simultaneous active access token. Note that each Hyperion worker will need its own access token.
-# [["name", "helloasso_client_id", "helloasso_client_secret", "helloasso_slug", "redirection_uri"]]
-#HELLOASSO_CONFIGURATIONS: []
-#HELLOASSO_API_BASE: ""
+#HELLOASSO_CONFIGURATIONS:
+# MYECLPAY:
+# helloasso_client_id: ...
+# helloasso_client_secret: ...
+# helloasso_slug: AEECL
+# redirection_uri: null
+#HELLOASSO_API_BASE: api.helloasso-sandbox.com
# Maximum wallet balance for MyECLPay in cents, we will prevent user from adding more money to their wallet if it will make their balance exceed this value
-#MYECLPAY_MAXIMUM_WALLET_BALANCE: 1000
+#MYECLPAY_MAXIMUM_WALLET_BALANCE: 8000
# Trusted urls is a list of redirect payment url that can be trusted by Hyperion.
# These urls will be used to validate the redirect url provided by the front
-#TRUSTED_PAYMENT_REDIRECT_URLS: []
+#TRUSTED_PAYMENT_REDIRECT_URLS:
+# - http://localhost:3000/static.html
# MyECLPay requires an external service to recurrently check for transactions and state integrity, this service needs an access to all the data related to the transactions and the users involved
# This service will use a special token to access the data
# If this token is not set, the service will not be able to access the data and no integrity check will be performed
-#MYECLPAY_DATA_VERIFIER_ACCESS_TOKEN: ""
+#MYECLPAY_DATA_VERIFIER_ACCESS_TOKEN:
diff --git a/pyproject.toml b/pyproject.toml
index feae29e311..468361a5dc 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,7 +7,6 @@ authors = [{ name = "AEECL ECLAIR" }]
# Hyperion follows Semantic Versioning
# https://semver.org/
version = "4.9.9"
-minimal-titan-version-code = 139
requires-python = ">= 3.11, < 3.13"
license = "MIT"
@@ -18,13 +17,15 @@ license-files = [
"assets/myeclpay-terms-of-service.txt",
]
+[tool.titan]
+minimal-titan-version-code = 139
[tool.ruff]
# By default ruff also respect gitignore files
# Same as Black.
line-length = 88
indent-width = 4
-target-version = "py311"
+target-version = "py312"
[tool.ruff.lint]
select = [
@@ -69,7 +70,7 @@ select = [
"FURB",
"RUF",
"TRY",
- "TCH",
+ "TC",
]
# We may want to enable "ERA" to found commented-out code
ignore = [
@@ -129,7 +130,7 @@ skip-magic-trailing-comma = false
line-ending = "auto"
[tool.mypy]
-python_version = "3.11"
+python_version = "3.12"
plugins = ["pydantic.mypy"]
warn_unreachable = true
@@ -201,3 +202,4 @@ exclude_also = []
skip_covered = true
show_missing = true
+
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 552d20ede4..d3441ee165 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,8 +1,7 @@
--r requirements-common.txt
+-r requirements.txt
aiosqlite==0.20.0
boto3-stubs[essential]==1.38.23
google-auth-stubs==0.3.0
-httpx==0.27.0 # needed for tests as a replacement of requests in TestClient
mypy[faster-cache]==1.16.0
pytest-alembic==0.12.1
pytest-asyncio==0.26.0
@@ -15,4 +14,4 @@ types-Authlib==1.5.0.20250516
types-fpdf2==2.8.3.20250516
types-psutil==7.0.0.20250601
types-redis==4.6.0.20241004
-types-requests==2.32.0.20250515
+types-requests==2.32.0.20250515
\ No newline at end of file
diff --git a/requirements-common.txt b/requirements.txt
similarity index 78%
rename from requirements-common.txt
rename to requirements.txt
index 622213bbe8..0a1afc1062 100644
--- a/requirements-common.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
aiofiles==24.1.0 # Asynchronous file manipulation
alembic==1.13.2 # database migrations
arq==0.26.3 # Scheduler
-asyncpg==0.29.0 # PostgreSQL adapter for asynchronous operations
+asyncpg==0.29.0 # PostgreSQL adapter for *asynchronous* operations
authlib==1.6.5
bcrypt==4.1.3 # password hashing
boto3==1.38.23
@@ -12,17 +12,18 @@ fastapi[standard]==0.115.6
firebase-admin==6.5.0 # Firebase is used for push notification
google-auth-oauthlib==1.2.1
helloasso-python==1.0.5
+httpx==0.27.0
icalendar==5.0.13
jellyfish==1.0.4 # String Matching
Jinja2==3.1.6 # template engine for html files
phonenumbers==8.13.43 # Used for phone number validation
psutil==7.0.0 # psutil is used to determine the number of Hyperion workers
+psycopg[binary]==3.2.9 # PostgreSQL adapter for *synchronous* operations at startup (database initializations & migrations)
pydantic-settings==2.3.4
pydantic==2.7.4
pyjwt[crypto]==2.8.0 # generate and verify the JWT tokens, imported as `jwt`
PyMuPDF==1.24.9 # PDF processing, imported as `fitz`
pypdf==4.3.1
-python-dotenv==1.0.1 # load environment variables from .env file
python-multipart==0.0.18 # a form data parser, as oauth flow requires form-data parameters
redis==5.0.8
requests==2.32.4
@@ -31,5 +32,4 @@ SQLAlchemy[asyncio]==2.0.32 # [asyncio] allows greenlet to be installed
unidecode==1.3.8
uvicorn[standard]==0.30.6
weasyprint==65.1 # HTML to PDF converter
-xlsxwriter==3.2.0
-psycopg[binary]==3.1.19 # PostgreSQL adapter for synchronous operations at startup (database initializations & migrations), local installation is recommended for a production site
\ No newline at end of file
+xlsxwriter==3.2.0
\ No newline at end of file
diff --git a/tests/.env.test b/tests/.env.test
index 7ee75aadec..376f866d2e 100644
--- a/tests/.env.test
+++ b/tests/.env.test
@@ -2,16 +2,29 @@
# This dotenv file and its values should NEVER be used in PRODUCTION! #
###########################################################################
+############################
+# PostgreSQL configuration #
+############################
+
# Will be used if tests are run with postgresql (should be the case because postgres is used in production)
+# Should be set to the name of the postgres container
POSTGRES_HOST="localhost"
POSTGRES_USER="hyperion"
POSTGRES_PASSWORD="somerealpassword"
POSTGRES_DB="hyperion"
POSTGRES_TZ="Etc/UTC"
+########################
# Redis configuration #
+########################
+# Redis configuration is needed to use the rate limiter, or multiple uvicorn workers
+# We use the default redis configuration, so the protected mode is enabled by default (see https://redis.io/docs/manual/security/#protected-mode)
+# If you want to use a custom configuration, a password and a specific binds should be used to avoid security issues
+
+# REDIS_HOST may be commented to disable Redis during development if you don't have a redis server running, in production it should be set to the name of the redis container
REDIS_HOST="localhost"
REDIS_PORT=6379
+# Should be commented during development to work with docker-compose-dev, and set in production
#REDIS_PASSWORD=""
REDIS_LIMIT=5
REDIS_WINDOW=60
diff --git a/tests/config.test.yaml b/tests/config.test.yaml
index 96f57d714d..0bc8ea447b 100644
--- a/tests/config.test.yaml
+++ b/tests/config.test.yaml
@@ -2,65 +2,133 @@
# This dotenv file and its values should NEVER be used in PRODUCTION! #
###########################################################################
-# SQLITE_DB: "test.db" # If set, the application use a SQLite database instead of PostgreSQL, for testing or development purposes (should not be used if possible)
+###############################################
+# Authorization using OAuth or Openid connect #
+###############################################
-# Authorization using JWT #
+# ACCESS_TOKEN_SECRET_KEY should contain a random string with enough entropy (at least 32 bytes long) to securely sign all access_tokens for OAuth and Openid connect
+# If you want to generate a 2048-bit long PEM certificate and save it in a file, the following command may be used:
+# openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
ACCESS_TOKEN_SECRET_KEY: "YWZOHliiI53lJMJc5BI_WbGbA4GF2T7Wbt1airIhOXEa3c021c4-1c55-4182-b141-7778bcc8fac4" # Note: modifing this token requires to update the common `test_check_settings_mocking` test
-RSA_PRIVATE_PEM_STRING: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k\niClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN\nx0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto\nW9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR\n9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+\nVAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/\nkYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ\nOKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L\nH9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA\nrro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh\nKui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF\nvvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN\ni0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE\nxjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt\nCHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h\nDygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4\nEX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c\n//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC\nkqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr\nkQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2\n6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA\n0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi\n1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb\nnADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32\n8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=\n-----END RSA PRIVATE KEY-----\n"
-# Host or url of the API, used for Openid connect discovery endpoint
-# NOTE: A trailing / is required
-CLIENT_URL: "http://127.0.0.1:8000/"
+# RSA_PRIVATE_PEM_STRING should be a string containing the PEM certificate of a private RSA key. It will be used to sign id_tokens for Openid connect authentication
+# The example below was generated using a 2048-bit RSA key generator
+RSA_PRIVATE_PEM_STRING: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k
+ iClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN
+ x0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto
+ W9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR
+ 9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+
+ VAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/
+ kYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ
+ OKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L
+ H9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA
+ rro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh
+ Kui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF
+ vvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN
+ i0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE
+ xjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt
+ CHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h
+ DygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4
+ EX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c
+ //Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC
+ kqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr
+ kQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2
+ 6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA
+ 0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi
+ 1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb
+ nADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32
+ 8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=
+ -----END RSA PRIVATE KEY-----
+# Host or URL of the instance of Hyperion
+# This url will be especially used for OIDC/OAuth2 discovery endpoint and links send by email
+CLIENT_URL: http://127.0.0.1:8000/ # NOTE: A trailing / is required
+
+# Sometimes, when running third services with oidc inside Docker containers, and running Hyperion on your local device
+# you may need to use a different url for call made from docker and call made from your device
+# For exemple:
+# - you will access the login page from your browser http://localhost:8000/auth/authorize
+# - but the docker container should call http://host.docker.internal:8000/auth/token and not your localhost address
+#OVERRIDDEN_CLIENT_URL_FOR_OIDC: "http://host.docker.internal:8000/" # NOTE: A trailing / is required
+
+# Origins for the CORS middleware. `["http://localhost:3000"]` can be used for development.
+# See https://fastapi.tiangolo.com/tutorial/cors/
+# It should begin with 'http://' or 'https:// and should never end with a '/'
+CORS_ORIGINS:
+ - https://test-authorized-origin.com
+# - "*" # For a local instance, using a wildcard "*" is convenient
+# - http://localhost:3000
+# - http://127.0.0.1:3000
+
+################
+# Auth Clients #
+################
+
+# Configure AuthClients, to allow services to authenticate users using OAuth2 or OpenID Connect
+# The Python-expected type is `dict[str, AuthClientConfig]` where the class `AuthClientConfig` is from `app.core.utils.config`.
+# Thus, the following format should be used in yaml config files:
+# ```yml
+# AUTH_CLIENTS:
+# :
+# secret: (or to use PKCE instead of a client secret)
+# redirect_uri:
+# -
+# -
+# auth_client:
+# ```
+# `AuthClientClassName` should be a class from `app.utils.auth.providers`
AUTH_CLIENTS:
AppAuthClientWithPKCE:
+ secret: null
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "AppAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: AppAuthClient
AppAuthClientWithClientSecret:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
+ - http://127.0.0.1:8000/docs
auth_client: "AppAuthClient"
BaseAuthClient:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "BaseAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: BaseAuthClient
RalllyAuthClient:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "RalllyAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: RalllyAuthClient
SynapseAuthClient:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "SynapseAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: SynapseAuthClient
AcceptingOnlyECLUsersAuthClient:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "NextcloudAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: NextcloudAuthClient
RestrictingUsersGroupsAuthClient:
- secret: "secret"
+ secret: secret
redirect_uri:
- - "http://127.0.0.1:8000/docs"
- auth_client: "DocumensoAuthClient"
+ - http://127.0.0.1:8000/docs
+ auth_client: DocumensoAuthClient
-# Logging configuration #
+#####################
+# Hyperion settings #
+#####################
-LOG_DEBUG_MESSAGES: true
-ENABLE_RATE_LIMITER: false
-
-# CORS_ORIGINS should be a list of urls allowed to make requests to the API
-# It should begin with 'http://' or 'https:// and should never end with a '/'
-CORS_ORIGINS: ["https://test-authorized-origin.com"]
-
-# If True, will print all SQL queries in the console
-DATABASE_DEBUG: False
+#SQLITE_DB: app.db # If set, the application use a SQLite database instead of PostgreSQL, for testing or development purposes (if possible PostgreSQL should be used instead)
+DATABASE_DEBUG: False # If True, will print all SQL queries in the console
+LOG_DEBUG_MESSAGES: True
+ENABLE_RATE_LIMITER: False
+#####################################
# SMTP configuration using starttls #
+#####################################
+
SMTP_ACTIVE: False
SMTP_PORT: 587
SMTP_SERVER: ""
@@ -68,14 +136,39 @@ SMTP_USERNAME: ""
SMTP_PASSWORD: ""
SMTP_EMAIL: ""
-# Push notifications using Firebase Cloud Messaging
-USE_FIREBASE: false
+##########################
+# Firebase Configuration #
+##########################
+
+# To enable Firebase push notification capabilities, a JSON key file named `firebase.json` should be placed at Hyperion root.
+# This file can be created and downloaded from [Google cloud, IAM and administration, Service account](https://console.cloud.google.com/iam-admin/serviceaccounts) page.
+USE_FIREBASE: False
+
+###########################
+# HelloAsso configuration #
+###########################
-# Payment configuration #
+# To be able to use payment features using HelloAsso, you need to set a client id, secret for their API
+# HelloAsso provide a sandbox to be able to realize tests
+# HELLOASSO_API_BASE should have the format: `api.helloasso-sandbox.com`
+# HelloAsso only allow 20 simultaneous active access token. Note that each Hyperion worker will need its own access token.
-TRUSTED_PAYMENT_REDIRECT_URLS: ["http://localhost:3000/payment_callback"]
+HELLOASSO_CONFIGURATIONS: {} # [["name", "helloasso_client_id", "helloasso_client_secret", "helloasso_slug", "redirection_uri"]]
+# MYECLPAY:
+# helloasso_client_id: ...
+# helloasso_client_secret: ...
+# helloasso_slug: "AEECL"
+# redirection_uri: null
+HELLOASSO_API_BASE: api.helloasso-sandbox.com
-HELLOASSO_API_BASE: "https://api.helloasso.com/v3"
-HELLOASSO_CONFIGURATIONS: {}
+# Maximum wallet balance for MyECLPay in cents, we will prevent user from adding more money to their wallet if it will make their balance exceed this value
+MYECLPAY_MAXIMUM_WALLET_BALANCE: 8000
-MYECLPAY_MAXIMUM_WALLET_BALANCE: 5000
+# Trusted urls is a list of redirect payment url that can be trusted by Hyperion.
+# These urls will be used to validate the redirect url provided by the front
+TRUSTED_PAYMENT_REDIRECT_URLS:
+ - http://localhost:3000/payment_callback
+# MyECLPay requires an external service to recurrently check for transactions and state integrity, this service needs an access to all the data related to the transactions and the users involved
+# This service will use a special token to access the data
+# If this token is not set, the service will not be able to access the data and no integrity check will be performed
+#MYECLPAY_DATA_VERIFIER_ACCESS_TOKEN: ""
diff --git a/tests/test_payment.py b/tests/test_payment.py
index 88cd84264a..33f9af6ebd 100644
--- a/tests/test_payment.py
+++ b/tests/test_payment.py
@@ -12,7 +12,6 @@
HelloAssoApiV5ModelsCartsInitCheckoutResponse,
)
from pytest_mock import MockerFixture
-from requests import Response
from sqlalchemy.ext.asyncio import AsyncSession
from app.core.payment import cruds_payment, models_payment, schemas_payment
@@ -495,8 +494,6 @@ def init_a_checkout_side_effect(
init_checkout_body: HelloAssoApiV5ModelsCartsInitCheckoutBody,
):
if init_checkout_body.payer is not None:
- r = Response()
- r.status_code = 400
raise UnauthorizedException
return HelloAssoApiV5ModelsCartsInitCheckoutResponse(
id=7,