Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor: enrollment with Backoffice API #1905

Merged
merged 12 commits into from
Mar 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 3 additions & 9 deletions .env.sample
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,8 @@ courtesy_card_verifier_api_auth_key=server-auth-token
mobility_pass_verifier_api_auth_key=server-auth-token
client_private_key='-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on\nCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY\nJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa\n5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR\nqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t\nz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC\nXoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM\nuuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8\n0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya\nhPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A\nPBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0\nfxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX\nfhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk\nG8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR\nZ8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA\nIW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P\n3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8\nLTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY\nkt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK\n4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci\nje9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe\nOsf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8\nFbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix\nW3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c\ntSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA==\n-----END RSA PRIVATE KEY-----'
client_public_key='-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88\n4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R\noxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U\nAlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ\nNd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep\nTsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV\niwIDAQAB\n-----END PUBLIC KEY-----'
mst_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
mst_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----'
mst_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
sacrt_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
sacrt_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----'
sacrt_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
sbmtd_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
sbmtd_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----'
sbmtd_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----'
mst_payment_processor_client_secret=secret
sacrt_payment_processor_client_secret=secret
sbmtd_payment_processor_client_secret=secret

testsecret="Hello from the local environment!"
71 changes: 71 additions & 0 deletions benefits/core/migrations/0002_paymentprocessor_backoffice_api.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# Generated by Django 5.0.2 on 2024-03-07 21:38

import benefits.core.models
import benefits.secrets
from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
("core", "0001_initial"),
]

operations = [
migrations.RemoveField(
model_name="paymentprocessor",
name="api_access_token_endpoint",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="api_access_token_request_key",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="api_access_token_request_val",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="client_cert",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="client_cert_private_key",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="client_cert_root_ca",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="customer_endpoint",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="customers_endpoint",
),
migrations.RemoveField(
model_name="paymentprocessor",
name="group_endpoint",
),
migrations.AddField(
model_name="paymentprocessor",
name="audience",
field=models.TextField(default="audience"),
preserve_default=False,
),
migrations.AddField(
model_name="paymentprocessor",
name="client_id",
field=models.TextField(default="client_id"),
preserve_default=False,
),
migrations.AddField(
model_name="paymentprocessor",
name="client_secret_name",
field=benefits.core.models.SecretNameField(
default="client-secret-name", max_length=127, validators=[benefits.secrets.SecretNameValidator()]
),
preserve_default=False,
),
]
123 changes: 12 additions & 111 deletions benefits/core/migrations/local_fixtures.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,87 +35,6 @@
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 5,
"fields": {
"label": "(MST) payment processor client certificate",
"text_secret_name": "mst-payment-processor-client-cert",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 6,
"fields": {
"label": "(MST) payment processor client certificate private key",
"text_secret_name": "mst-payment-processor-client-cert-private-key",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 7,
"fields": {
"label": "(MST) payment processor client certificate root CA",
"text_secret_name": "mst-payment-processor-client-cert-root-ca",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 8,
"fields": {
"label": "(SacRT) payment processor client certificate",
"text_secret_name": "sacrt-payment-processor-client-cert",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 9,
"fields": {
"label": "(SacRT) payment processor client certificate private key",
"text_secret_name": "sacrt-payment-processor-client-cert-private-key",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 10,
"fields": {
"label": "(SacRT) payment processor client certificate root CA",
"text_secret_name": "sacrt-payment-processor-client-cert-root-ca",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 11,
"fields": {
"label": "(SBMTD) payment processor client certificate",
"text_secret_name": "sbmtd-payment-processor-client-cert",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 12,
"fields": {
"label": "(SBMTD) payment processor client certificate private key",
"text_secret_name": "sbmtd-payment-processor-client-cert-private-key",
"remote_url": null
}
},
{
"model": "core.pemdata",
"pk": 13,
"fields": {
"label": "(SBMTD) payment processor client certificate root CA",
"text_secret_name": "sbmtd-payment-processor-client-cert-root-ca",
"remote_url": null
}
},
{
"model": "core.authprovider",
"pk": 1,
Expand Down Expand Up @@ -324,18 +243,12 @@
"fields": {
"name": "(MST) test payment processor",
"api_base_url": "http://server:8000",
"api_access_token_endpoint": "access-token",
"api_access_token_request_key": "request_access",
"api_access_token_request_val": "REQUEST_ACCESS",
"client_id": "",
"client_secret_name": "mst-payment-processor-client-secret",
"audience": "",
"card_tokenize_url": "http://server:8000/static/tokenize.js",
"card_tokenize_func": "tokenize",
"card_tokenize_env": "test",
"client_cert": 5,
thekaveman marked this conversation as resolved.
Show resolved Hide resolved
"client_cert_private_key": 6,
"client_cert_root_ca": 7,
"customer_endpoint": "customer",
"customers_endpoint": "customers",
"group_endpoint": "group"
"card_tokenize_env": "test"
}
},
{
Expand All @@ -344,18 +257,12 @@
"fields": {
"name": "(SacRT) test payment processor",
"api_base_url": "http://server:8000",
"api_access_token_endpoint": "access-token",
"api_access_token_request_key": "request_access",
"api_access_token_request_val": "REQUEST_ACCESS",
"client_id": "",
"client_secret_name": "sacrt-payment-processor-client-secret",
"audience": "",
"card_tokenize_url": "http://server:8000/static/tokenize.js",
"card_tokenize_func": "tokenize",
"card_tokenize_env": "test",
"client_cert": 8,
"client_cert_private_key": 9,
"client_cert_root_ca": 10,
"customer_endpoint": "customer",
"customers_endpoint": "customers",
"group_endpoint": "group"
"card_tokenize_env": "test"
}
},
{
Expand All @@ -364,18 +271,12 @@
"fields": {
"name": "(SBMTD) test payment processor",
"api_base_url": "http://server:8000",
"api_access_token_endpoint": "access-token",
"api_access_token_request_key": "request_access",
"api_access_token_request_val": "REQUEST_ACCESS",
"client_id": "",
"client_secret_name": "sbmtd-payment-processor-client-secret",
"audience": "",
"card_tokenize_url": "http://server:8000/static/tokenize.js",
"card_tokenize_func": "tokenize",
"card_tokenize_env": "test",
"client_cert": 11,
"client_cert_private_key": 12,
"client_cert_root_ca": 13,
"customer_endpoint": "customer",
"customers_endpoint": "customers",
"group_endpoint": "group"
"card_tokenize_env": "test"
}
},
{
Expand Down
19 changes: 7 additions & 12 deletions benefits/core/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -206,21 +206,16 @@ class PaymentProcessor(models.Model):
id = models.AutoField(primary_key=True)
name = models.TextField()
api_base_url = models.TextField()
thekaveman marked this conversation as resolved.
Show resolved Hide resolved
api_access_token_endpoint = models.TextField()
api_access_token_request_key = models.TextField()
api_access_token_request_val = models.TextField()
client_id = models.TextField()
client_secret_name = SecretNameField()
audience = models.TextField()
card_tokenize_url = models.TextField()
card_tokenize_func = models.TextField()
card_tokenize_env = models.TextField()
# The certificate used for client certificate authentication to the API
client_cert = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT)
# The private key, used to sign the certificate
client_cert_private_key = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT)
# The root CA bundle, used to verify the server.
client_cert_root_ca = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT)
customer_endpoint = models.TextField()
customers_endpoint = models.TextField()
group_endpoint = models.TextField()

thekaveman marked this conversation as resolved.
Show resolved Hide resolved
@property
def client_secret(self):
return get_secret_by_name(self.client_secret_name)

def __str__(self):
return self.name
Expand Down
Loading
Loading