🔧(backend) tool for valid fernet key used in OIDC token storage

Add bin/fernetkey that generates a key for the OIDC_STORE_REFRESH_TOKEN_KEY
setting.

Signed-off-by: Fabre Florian <ffabre@hybird.org>

Author: joehybird

bin/fernetkey

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# shellcheck source=bin/_config.sh
+source "$(dirname "${BASH_SOURCE[0]}")/_config.sh"
+
+_dc_run app-dev python -c 'from cryptography.fernet import Fernet;import sys; sys.stdout.write("\n" + Fernet.generate_key().decode() + "\n");'

env.d/development/common

@@ -50,9 +50,12 @@ OIDC_REDIRECT_ALLOWED_HOSTS=["http://localhost:8083", "http://localhost:3000"]
 OIDC_AUTH_REQUEST_EXTRA_PARAMS={"acr_values": "eidas1"}
 
 # Store OIDC tokens in the session
-OIDC_STORE_ACCESS_TOKEN = True  # Store the access token in the session
-OIDC_STORE_REFRESH_TOKEN = True  # Store the encrypted refresh token in the session
-OIDC_STORE_REFRESH_TOKEN_KEY = ThisIsAnExampleKeyForDevPurposeOnly
+OIDC_STORE_ACCESS_TOKEN = True
+OIDC_STORE_REFRESH_TOKEN = True # Store the encrypted refresh token in the session.
+
+# Must be a valid Fernet key (32 url-safe base64-encoded bytes)
+# To create one, use the bin/fernetkey command.
+# OIDC_STORE_REFRESH_TOKEN_KEY="your-32-byte-encryption-key=="
 
 # AI
 AI_FEATURE_ENABLED=true

src/backend/core/tests/test_models_documents.py

@@ -1541,9 +1541,16 @@ def test_models_documents_post_save_indexer_deleted(mock_push, indexer_settings)
     user = factories.UserFactory()
 
     with transaction.atomic():
-        doc = factories.DocumentFactory()
-        doc_deleted = factories.DocumentFactory()
-        doc_ancestor_deleted = factories.DocumentFactory(parent=doc_deleted)
+        doc = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_deleted = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_ancestor_deleted = factories.DocumentFactory(
+            parent=doc_deleted,
+            link_reach=models.LinkReachChoices.AUTHENTICATED,
+        )
         doc_deleted.soft_delete()
         doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at
 
@@ -1596,9 +1603,16 @@ def test_models_documents_post_save_indexer_restored(mock_push, indexer_settings
     user = factories.UserFactory()
 
     with transaction.atomic():
-        doc = factories.DocumentFactory()
-        doc_deleted = factories.DocumentFactory()
-        doc_ancestor_deleted = factories.DocumentFactory(parent=doc_deleted)
+        doc = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_deleted = factories.DocumentFactory(
+            link_reach=models.LinkReachChoices.AUTHENTICATED
+        )
+        doc_ancestor_deleted = factories.DocumentFactory(
+            parent=doc_deleted,
+            link_reach=models.LinkReachChoices.AUTHENTICATED,
+        )
         doc_deleted.soft_delete()
         doc_ancestor_deleted.ancestors_deleted_at = doc_deleted.deleted_at