From 3a9e8fb92657e9ddaa9beb1a2b2f4afd12c959a6 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sat, 17 Jun 2023 21:54:25 +0200
Subject: [PATCH] Fix models to work correctly with client secrets

---
 aleksis/apps/kort/models/cards.py | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/aleksis/apps/kort/models/cards.py b/aleksis/apps/kort/models/cards.py
index 70d6971..b19fd31 100644
--- a/aleksis/apps/kort/models/cards.py
+++ b/aleksis/apps/kort/models/cards.py
@@ -14,6 +14,7 @@ from django.utils.translation import gettext as _
 
 from celery.result import AsyncResult
 from model_utils.models import TimeStampedModel
+from oauth2_provider.generators import generate_client_secret
 
 from aleksis.core.mixins import ExtensibleModel
 from aleksis.core.models import OAuthApplication, Person
@@ -82,27 +83,41 @@ class CardPrinter(ExtensibleModel):
         null=True,
         related_name="card_printers",
     )
+    oauth2_client_secret = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("OAuth2 client secret"),
+    )
 
     # Settings
-    cups_printer = models.CharField(max_length=255, verbose_name=_("CUPS printer"), blank=True)
+    cups_printer = models.CharField(
+        max_length=255,
+        verbose_name=_("CUPS printer"),
+        blank=True,
+        help_text=_("Leave blank to deactivate CUPS printing"),
+    )
     generate_number_on_server = models.BooleanField(
         default=True, verbose_name=_("Generate card number on server")
     )
     card_detector = models.CharField(max_length=255, verbose_name=_("Card detector"), blank=True)
 
     def save(self, *args, **kwargs):
+        super().save(*args, **kwargs)
+
         if not self.oauth2_application:
+            client_secret = generate_client_secret()
             application = OAuthApplication(
                 client_type=OAuthApplication.CLIENT_CONFIDENTIAL,
                 authorization_grant_type=OAuthApplication.GRANT_CLIENT_CREDENTIALS,
                 name=f"Card printer: {self.name}",
-                redirect_uris="urn:ietf:wg:oauth:2.0:oob",
                 allowed_scopes=[self.scope],
+                client_secret=client_secret,
             )
             application.save()
             self.oauth2_application = application
+            self.oauth2_client_secret = client_secret
 
-        super().save(*args, **kwargs)
+            super().save(*args, **kwargs)
 
     def __str__(self):
         return self.name
@@ -127,7 +142,7 @@ class CardPrinter(ExtensibleModel):
         config = {
             "base_url": settings.BASE_URL,
             "client_id": self.oauth2_application.client_id,
-            "client_secret": self.oauth2_application.client_secret,
+            "client_secret": self.oauth2_client_secret,
         }
         return config
 
@@ -294,7 +309,7 @@ class Card(ExtensibleModel):
         }
 
     def generate_pdf(self) -> Union[bool, AsyncResult]:
-        from .tasks import generate_card_pdf
+        from ..tasks import generate_card_pdf
 
         if self.pdf_file:
             return True
-- 
GitLab