diff --git a/README.md b/README.md index 45170c03d5..cbcb64149c 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Follow these instructions to spin up a service: * [tet-admin](#tet-admin-development-with-docker) * [tet-youth](#tet-youth-development-with-docker) -There is additional README's about [authentication and backend development](https://github.com/City-of-Helsinki/yjdh/tree/develop/backend) and [frontend development](https://github.com/City-of-Helsinki/yjdh/tree/develop/frontend). +There is additional README's about [authentication and backend development](https://github.com/City-of-Helsinki/yjdh/tree/main/backend) and [frontend development](https://github.com/City-of-Helsinki/yjdh/tree/main/frontend). ## Publishing with Release Please & Git workflow diff --git a/backend/README.md b/backend/README.md index 078c79148a..35c838f1db 100644 --- a/backend/README.md +++ b/backend/README.md @@ -1,8 +1,8 @@ # YJDH Django backend -Refer to [top level README](https://github.com/City-of-Helsinki/yjdh/blob/develop/README.md) about running YJDH services locally, which also runs the backend for the service under development. +Refer to [top level README](https://github.com/City-of-Helsinki/yjdh/blob/main/README.md) about running YJDH services locally, which also runs the backend for the service under development. -[kesaseteli/README.md](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/kesaseteli/README.md) or [benefit/README.md](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/benefit/README.md) contain more information about the local setup. This applies to TET pretty well. +[kesaseteli/README.md](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/kesaseteli/README.md) or [benefit/README.md](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/benefit/README.md) contain more information about the local setup. This applies to TET pretty well. ## Authentication in YJDH @@ -27,12 +27,12 @@ The last step is the same for all, but for the previous each project has a diffe ## OIDC flow with Helsinki Profile -* User clicks login button on UI, this redirects to [authenticate url of backend](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/oidc/urls.py#L52) +* User clicks login button on UI, this redirects to [authenticate url of backend](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/oidc/urls.py#L52) * This calls `settings.OIDC_OP_AUTHORIZATION_ENDPOINT` with essentially the following query parameters * `settings.OIDC_RP_CLIENT_ID` (needs to be configured in Auth Provider) * `settings.OIDC_RP_SCOPES` defines the user's details authorized to access * `redirect_uri` Auth provider redirects the user to this login - * with `mozilla_django_oidc` this defaults to view with name [oidc_authentication_callback](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/oidc/urls.py#L59) + * with `mozilla_django_oidc` this defaults to view with name [oidc_authentication_callback](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/oidc/urls.py#L59) * needs to be configured in Helsinki Profile * when testing in localhost, nginx proxy settings may cause the scheme to be `http` instead of `https`, which doesn't work * `code` is a server generated random string that the server uses to verify it initiated the login process @@ -41,16 +41,16 @@ The last step is the same for all, but for the previous each project has a diffe The login process now continues to obtain user's company. After successful completion, the user's HTTP session has the key `organization_roles` set. -* The callback view redirects the user to view [eauth_authentication_init](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/oidc/urls.py#L85) +* The callback view redirects the user to view [eauth_authentication_init](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/oidc/urls.py#L85) * Endpoint `settings.OIDC_OP_USER_ENDPOINT` is called to obtain user's national identification number * The data is present only for Tunnistus service * For Tunnistamo, we need to - * call `settings.TUNNISTAMO_API_TOKENS_ENDPOINT` to [exchange OIDC access token for API access token](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/helsinki_profile/hp_client.py#L67) - * call `settings.HELSINKI_PROFILE_API_URL` with the access token [to get the national identification number](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/helsinki_profile/hp_client.py#L24) -* [register_user](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/oidc/views/eauth_views.py#L38) is called to initiate the process + * call `settings.TUNNISTAMO_API_TOKENS_ENDPOINT` to [exchange OIDC access token for API access token](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/helsinki_profile/hp_client.py#L67) + * call `settings.HELSINKI_PROFILE_API_URL` with the access token [to get the national identification number](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/helsinki_profile/hp_client.py#L24) +* [register_user](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/oidc/views/eauth_views.py#L38) is called to initiate the process * user's national identification number is needed for this call * The user is redirected to the eauthorizations service at `settings.EAUTHORIZATIONS_BASE_URL` to redirect the user to select the company -* The eauthorizations service redirects to view [eauth_authentication_callback](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/shared/shared/oidc/urls.py#L88) +* The eauthorizations service redirects to view [eauth_authentication_callback](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/shared/shared/oidc/urls.py#L88) * This callback URL needs to be configured by DVV (e.g. https://localhost:8000/oidc/eauthorizations/callback/) * If there are errors, the user is logged out of Django and sent to login failed page * The callback request is verified agains the eauthorizations service diff --git a/backend/shared/shared/audit_log/README.md b/backend/shared/shared/audit_log/README.md index 1efc00a6af..31db68cbf2 100644 --- a/backend/shared/shared/audit_log/README.md +++ b/backend/shared/shared/audit_log/README.md @@ -52,6 +52,6 @@ audit_logging.log( ``` Based on: -- [apartment-application-service audit logging](https://github.com/City-of-Helsinki/apartment-application-service/tree/develop/audit_log) +- [apartment-application-service audit logging](https://github.com/City-of-Helsinki/apartment-application-service/tree/main/audit_log) - [Helisnki Profile logging format](https://helsinkisolutionoffice.atlassian.net/wiki/spaces/KAN/pages/416972828/Helsinki+profile+audit+logging#Profile-audit-log---CRUD-events---JSON-content-and-format) - [YJDH Audit logging specification](https://helsinkisolutionoffice.atlassian.net/wiki/spaces/KAN/pages/7494172830/Audit+logging+specification) diff --git a/backend/shared/shared/helsinki_profile/hp_client.py b/backend/shared/shared/helsinki_profile/hp_client.py index a633604257..fcf4f928b0 100644 --- a/backend/shared/shared/helsinki_profile/hp_client.py +++ b/backend/shared/shared/helsinki_profile/hp_client.py @@ -9,7 +9,7 @@ class HelsinkiProfileClient: """ Client for reading data from the Helsinki Profile GraphQL API - See [backend/README.md](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/README.md) for details + See [backend/README.md](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/README.md) for details about the auth flow. https://helsinkisolutionoffice.atlassian.net/wiki/spaces/KAN/pages/6172606574/Full+Helsinki-profile+with+citizen+profile+and+API+authorization+support+features diff --git a/backend/shared/shared/oidc/views/eauth_views.py b/backend/shared/shared/oidc/views/eauth_views.py index 1b982a370d..f7991f6161 100644 --- a/backend/shared/shared/oidc/views/eauth_views.py +++ b/backend/shared/shared/oidc/views/eauth_views.py @@ -28,7 +28,7 @@ class EauthAuthenticationRequestView(View): """ Eauth client authentication HTTP endpoint - See [backend/README.md](https://github.com/City-of-Helsinki/yjdh/blob/develop/backend/README.md) for details + See [backend/README.md](https://github.com/City-of-Helsinki/yjdh/blob/main/backend/README.md) for details about the auth flow. Docs that describe the flow (only in Finnish): diff --git a/frontend/README.md b/frontend/README.md index bdb33d3ef5..83b3a8f07c 100644 --- a/frontend/README.md +++ b/frontend/README.md @@ -5,7 +5,7 @@ Production environment: Project is automatically deployed to production when adding new relase tag, e.g. release-v0.1.0, to repo Testing environment: [https://.test.kuva.hel.ninja](https://.test.kuva.hel.ninja) -Project is automatically deployed to testing environment when pushing to develop brach +Project is automatically deployed to testing environment when merging a PR to main branch ## Requirements diff --git a/frontend/benefit/README.md b/frontend/benefit/README.md index 8c5e20efe5..5945403977 100644 --- a/frontend/benefit/README.md +++ b/frontend/benefit/README.md @@ -5,7 +5,7 @@ Production environment: Project is automatically deployed to production when adding new relase tag, e.g. release-v0.1.0, to repo Testing environment: [https://.test.kuva.hel.ninja](https://.test.kuva.hel.ninja) -Project is automatically deployed to testing environment when pushing to develop brach +Project is automatically deployed to testing environment when merging a PR to main branch ## Requirements diff --git a/frontend/kesaseteli/README.md b/frontend/kesaseteli/README.md index 4819339fa1..49234da53d 100644 --- a/frontend/kesaseteli/README.md +++ b/frontend/kesaseteli/README.md @@ -15,7 +15,7 @@ Production environment: Project is automatically deployed to production when adding new release tag, e.g. release-v0.1.0, to repo Testing environment: [https://.test.kuva.hel.ninja](https://.test.kuva.hel.ninja) -Project is automatically deployed to testing environment when pushing to develop branch +Project is automatically deployed to testing environment when merging a PR to main branch ## Requirements