add federation

ephios/api/access/auth.py

@@ -14,7 +14,7 @@ def authenticate(self, request):
         if oauth_result is None:
             return None
         user, token = oauth_result
-        if not user.is_active:
+        if user is not None and not user.is_active:
             return None
         return user, token
 

ephios/api/templates/api/access_token_list.html

@@ -25,6 +25,10 @@ <h5 class="card-title">
                                 {{ token.application.name }}
                             </h5>
                             <p class="text-body-secondary">
+                                {# this belongs to the federation plugin, but we display the information here for better understanding #}
+                                {% if token.application.federatedhost %}
+                                    {% translate "ephios instance" %}
+                                {% endif %}
                             </p>
                         </div>
                         <div class="col-12 col-lg">

ephios/api/templates/oauth2_provider/application_list.html

@@ -33,21 +33,29 @@ <h4>{% translate "OAuth2 applications" %}</h4>
                             <td>{{ application.created }}</td>
                             <td class="d-flex">
                                 <div>
-                                    <a class="btn btn-secondary"
-                                       href="{{ application.get_absolute_url }}">
-                                        <span class="fa fa-eye"></span>
-                                        <span class="d-none d-lg-inline">{% translate "View" %}</span>
-                                    </a>
-                                    <a class="btn btn-secondary ms-1"
-                                       href="{% url "api:settings-oauth-app-update" application.id %}">
-                                        <span class="fa fa-edit"></span>
-                                        <span class="d-none d-lg-inline">{% translate "Edit" %}</span>
-                                    </a>
-                                    <a class="btn btn-secondary ms-1"
-                                       href="{% url "api:settings-oauth-app-delete" application.id %}">
-                                        <span class="fa fa-trash-alt"></span>
-                                        <span class="d-none d-lg-inline">{% translate "Delete" %}</span>
-                                    </a>
+                                    {% if application.federatedhost %}
+                                        <a class="btn btn-secondary"
+                                           href="{% url "federation:settings" %}">
+                                            <span class="fa fa-cog"></span>
+                                            <span class="d-none d-lg-inline">{% translate "Manage federation" %}</span>
+                                        </a>
+                                    {% else %}
+                                        <a class="btn btn-secondary"
+                                           href="{{ application.get_absolute_url }}">
+                                            <span class="fa fa-eye"></span>
+                                            <span class="d-none d-lg-inline">{% translate "View" %}</span>
+                                        </a>
+                                        <a class="btn btn-secondary ms-1"
+                                           href="{% url "api:settings-oauth-app-update" application.id %}">
+                                            <span class="fa fa-edit"></span>
+                                            <span class="d-none d-lg-inline">{% translate "Edit" %}</span>
+                                        </a>
+                                        <a class="btn btn-secondary ms-1"
+                                           href="{% url "api:settings-oauth-app-delete" application.id %}">
+                                            <span class="fa fa-trash-alt"></span>
+                                            <span class="d-none d-lg-inline">{% translate "Delete" %}</span>
+                                        </a>
+                                    {% endif %}
                                 </div>
                             </td>
                         </tr>

ephios/api/templates/oauth2_provider/authorize.html

@@ -4,7 +4,11 @@
 {% block content %}
     {% if not error %}
         <form id="authorizationForm" method="post">
-            <h3 class="block-center-heading">{% translate "Authorize" %} {{ application.name }}?</h3>
+            <h3 class="block-center-heading">
+                {% blocktranslate trimmed with app_name=application.name %}
+                    Authorize {{ app_name }}?
+                {% endblocktranslate %}
+            </h3>
             {% csrf_token %}
 
                 {# pass query params through the submit process for saving #}

ephios/api/urls.py

@@ -13,13 +13,15 @@
     ApplicationDelete,
 )
 from ephios.api.views.events import EventViewSet
+from ephios.api.views.users import UserProfileMeView
 from ephios.extra.permissions import staff_required
 
 router = routers.DefaultRouter()
 router.register(r"events", EventViewSet)
 
 app_name = "api"
 urlpatterns = [
+    path("users/me/", UserProfileMeView.as_view(), name="user-profile-me"),
     path(
         "settings/",
         include(

ephios/api/views/users.py

@@ -0,0 +1,64 @@
+from django.db.models import Q
+from django.utils import timezone
+from oauth2_provider.contrib.rest_framework import IsAuthenticatedOrTokenHasScope
+from rest_framework.exceptions import PermissionDenied
+from rest_framework.fields import SerializerMethodField
+from rest_framework.generics import RetrieveAPIView
+from rest_framework.relations import SlugRelatedField
+from rest_framework.serializers import ModelSerializer
+
+from ephios.core.models import Qualification, UserProfile
+
+
+class QualificationSerializer(ModelSerializer):
+    category = SlugRelatedField(slug_field="uuid", read_only=True)
+    includes = SerializerMethodField()
+
+    class Meta:
+        model = Qualification
+        fields = [
+            "uuid",
+            "title",
+            "abbreviation",
+            "category",
+            "includes",
+        ]
+
+    def get_includes(self, obj):
+        qualifications = Qualification.collect_all_included_qualifications(obj.includes.all())
+        return [q.uuid for q in qualifications]
+
+
+class UserProfileSerializer(ModelSerializer):
+    qualifications = SerializerMethodField()
+
+    class Meta:
+        model = UserProfile
+        fields = [
+            "first_name",
+            "last_name",
+            "date_of_birth",
+            "email",
+            "qualifications",
+        ]
+
+    def get_qualifications(self, obj):
+        return QualificationSerializer(
+            Qualification.objects.filter(
+                Q(grants__user=obj)
+                & (Q(grants__expires__gte=timezone.now()) | Q(grants__expires__isnull=True))
+            ),
+            many=True,
+        ).data
+
+
+class UserProfileMeView(RetrieveAPIView):
+    serializer_class = UserProfileSerializer
+    queryset = UserProfile.objects.all()
+    permission_classes = [IsAuthenticatedOrTokenHasScope]
+    required_scopes = ["ME_READ"]
+
+    def get_object(self):
+        if self.request.user is None:
+            raise PermissionDenied()
+        return self.request.user

ephios/core/context.py

@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.utils.translation import get_language
+from dynamic_preferences.registries import global_preferences_registry
 
 from ephios.core.models import AbstractParticipation
 from ephios.core.signals import footer_link, nav_link
@@ -22,4 +23,5 @@ def ephios_base_context(request):
         "LANGUAGE_CODE": get_language(),
         "ephios_version": settings.EPHIOS_VERSION,
         "PWA_APP_ICONS": settings.PWA_APP_ICONS,
+        "organization_name": global_preferences_registry.manager()["general__organization_name"],
     }

ephios/plugins/federation/admin.py

@@ -0,0 +1,17 @@
+from django.contrib import admin
+
+from ephios.plugins.federation.models import (
+    FederatedEventShare,
+    FederatedGuest,
+    FederatedHost,
+    FederatedParticipation,
+    FederatedUser,
+    InviteCode,
+)
+
+admin.site.register(FederatedGuest)
+admin.site.register(FederatedHost)
+admin.site.register(FederatedEventShare)
+admin.site.register(FederatedUser)
+admin.site.register(FederatedParticipation)
+admin.site.register(InviteCode)

ephios/plugins/federation/apps.py

@@ -0,0 +1,17 @@
+from django.utils.translation import gettext_lazy as _
+
+from ephios.core.plugins import PluginConfig
+
+
+class PluginApp(PluginConfig):
+    name = "ephios.plugins.federation"
+
+    class EphiosPluginMeta:
+        name = _("Federation")
+        author = "Ephios Team"
+        description = _(
+            "This plugins provides the possibility to share events with other ephios instances."
+        )
+
+    def ready(self):
+        from . import signals  # pylint: disable=unused-import

ephios/plugins/federation/forms.py

@@ -0,0 +1,110 @@
+import base64
+import binascii
+import json
+from json import JSONDecodeError
+from urllib.parse import urljoin, urlparse
+
+import requests
+from django import forms
+from django.conf import settings
+from django.core.exceptions import ValidationError
+from django.forms import CheckboxSelectMultiple
+from django.urls import reverse
+from django.utils.translation import gettext as _
+from dynamic_preferences.registries import global_preferences_registry
+from requests import HTTPError, ReadTimeout
+
+from ephios.api.models import Application
+from ephios.core.forms.events import BasePluginFormMixin
+from ephios.plugins.federation.models import (
+    FederatedEventShare,
+    FederatedGuest,
+    FederatedHost,
+    InviteCode,
+)
+
+
+class EventAllowFederationForm(BasePluginFormMixin, forms.Form):
+    shared_with = forms.ModelMultipleChoiceField(
+        queryset=FederatedGuest.objects.all(), required=False, widget=CheckboxSelectMultiple
+    )
+
+    def __init__(self, *args, **kwargs):
+        kwargs.setdefault("prefix", "federation")
+        self.event = kwargs.pop("event")
+        self.request = kwargs.pop("request")
+        super().__init__(*args, **kwargs)
+        try:
+            self.instance = FederatedEventShare.objects.get(event_id=self.event.id)
+        except (AttributeError, FederatedEventShare.DoesNotExist):
+            self.instance = FederatedEventShare(event=self.event)
+        self.fields["shared_with"].initial = (
+            self.instance.shared_with.all() if self.instance.pk else []
+        )
+
+    def save(self):
+        if self.cleaned_data["shared_with"] and not self.instance.pk:
+            self.instance.save()
+        if self.instance.pk:
+            self.instance.shared_with.set(self.cleaned_data["shared_with"])
+
+    @property
+    def heading(self):
+        return _("Share event with other ephios instances")
+
+    def is_function_active(self):
+        return self.instance.pk and self.instance.shared_with.exists()
+
+
+class InviteCodeForm(forms.ModelForm):
+    class Meta:
+        model = InviteCode
+        fields = ["url"]
+        widgets = {
+            "url": forms.URLInput(attrs={"placeholder": _("https://other-instance.ephios.de/")})
+        }
+
+    def clean_url(self):
+        result = urlparse(self.cleaned_data["url"])
+        cleaned_result = f"{result.scheme}://{result.netloc}{result.path.strip('/')}"
+        return cleaned_result
+
+
+class RedeemInviteCodeForm(forms.Form):
+    code = forms.CharField(label=_("Invite code"))
+
+    def clean_code(self):
+        try:
+            data = json.loads(
+                base64.b64decode(self.cleaned_data["code"].encode("ascii")).decode("ascii")
+            )
+            if settings.GET_SITE_URL() != data["guest_url"]:
+                raise ValidationError(_("This invite code is not issued for this instance."))
+            oauth_application = Application(
+                client_type=Application.CLIENT_CONFIDENTIAL,
+                authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
+                redirect_uris=urljoin(data["host_url"], reverse("federation:oauth_callback")),
+            )
+            response = requests.post(
+                urljoin(data["host_url"], reverse("federation:redeem_invite_code")),
+                data={
+                    "name": global_preferences_registry.manager()["general__organization_name"],
+                    "url": data["guest_url"],
+                    "client_id": oauth_application.client_id,
+                    "client_secret": oauth_application.client_secret,
+                    "code": data["code"],
+                },
+                timeout=10,
+            )
+            response.raise_for_status()
+            response_data = response.json()
+            oauth_application.name = response_data["name"]
+            oauth_application.save()
+            FederatedHost.objects.create(
+                name=response_data["name"],
+                url=data["host_url"],
+                access_token=response_data["access_token"],
+                oauth_application=oauth_application,
+            )
+        except (binascii.Error, JSONDecodeError, KeyError, HTTPError, ReadTimeout) as exc:
+            raise ValidationError(_("Invalid code")) from exc