Merge branch 'master' into fix_620

Author: tykling

README.md

@@ -166,14 +166,18 @@ Enjoy!
 The BornHack website can act as an OIDC IDP. You are welcome to use it for your projects.
 
 
-### OIDC User Claims
+### OIDC Scopes and User Claims
+The website has a view to inspect which OIDC user claims are returned when using the various claim scopes. It can be accessed at https://bornhack.dk/profile/oidc/
 
-The supported standard and custom OIDC user claims can be seen in `bornhack/oauth_validators.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/oauth_validators
 
+### OIDC User Claims Source Code
 
-### OIDC Scopes
+The supported standard and custom OIDC user claims can be seen in `bornhack/oauth_validators.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/oauth_validators.py
 
-Supported oauth2 scopes are split between standard OIDC claim scopes, custom OIDC claim scopes, and API scopes. The current list of supported scopes can be seen in the `OAUTH2_PROVIDER["SCOPES"]` dict in `bornhack/settings.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/settings.py
+
+### OIDC Scopes Source Code
+
+Supported oauth2 scopes are divided into standard OIDC claim scopes, custom OIDC claim scopes, and API scopes. The current list of supported scopes can be seen in the `OAUTH2_PROVIDER["SCOPES"]` dict in `bornhack/settings.py` https://github.com/bornhack/bornhack-website/blob/master/src/bornhack/settings.py
 
 
 ## Notes
@@ -183,29 +187,22 @@ If your database user in your dev setup is not a postgres superuser you will enc
 
 ### Add a camp
 
-Add a new camp by running:
-
-```
-(venv) $ python src/manage.py createcamp {camp-slug}
-```
+First do a commit with:
 
-Then go to the admin interface to edit the camp details, adding the same slug
-that you just used and some current dates.
-
-You can also specify details like:
-
-* A sponsors page, `{camp-slug}_sponsors.html`, to `sponsors/templates`.
 * A frontpage, `{camp-slug}_camp_detail.html`, to `camps/templates`.
-* A call for speakers page, `{camp-slug}_call_for_speakers.html`, to `program/templates`.
 * A `static_src/img/{camp-slug}/logo` and add two logos:
     * `{camp-slug}-logo-large.png`
     * `{camp-slug}-logo-small.png`
 
+Then go to the admin interface and add the camp.
+
+
 ## Contributors
 * Alexander Færøy https://github.com/ahf
 * Benjamin Bach https://github.com/benjaoming
 * coral https://github.com/coral
 * Flemming Jacobsen https://github.com/batmule
+* Florian Klink https://github.com/flokli
 * Henrik Kramshøj https://github.com/kramse
 * Janus Troelsen https://github.com/ysangkok
 * Jeppe Ernst https://github.com/Ern-st

src/bornhack/oauth_validators.py

@@ -8,24 +8,23 @@ class BornhackOAuth2Validator(OAuth2Validator):
 
     # supported user claims and the scopes they require
     # https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#using-oidc-scopes-to-determine-which-claims-are-returned
-    oidc_claim_scope = OAuth2Validator.oidc_claim_scope
-    oidc_claim_scope.update(
-        {
-            # the OIDC standard user claims we support, and the OIDC stanard scopes they require
-            "address": "address",
-            "email": "email",
-            "email_verified": "email",
-            "nickname": "profile",
-            "phone_number": "phone",
-            "phone_number_verified": "phone",
-            "updated_at": "profile",
-            # the custom user claims we support, and the (mostly cusom) scopes they require
-            "bornhack:v2:description": "profile",
-            "bornhack:v2:groups": "groups:read",
-            "bornhack:v2:permissions": "permissions:read",
-            "bornhack:v2:teams": "teams:read",
-        },
-    )
+    oidc_claim_scope = {
+        # the OIDC standard user claims we support, and the OIDC standard scopes they require
+        "sub": "openid",
+        "email": "email",
+        "email_verified": "email",
+        "phone_number": "phone",
+        "preferred_username": "profile",
+        "updated_at": "profile",
+        # the custom user claims available under standard OIDC scopes
+        "bornhack:v2:description": "profile",
+        "bornhack:v2:public_credit_name": "profile",
+        # the custom user claims we support under custom OIDC scopes
+        "bornhack:v2:groups": "groups:read",
+        "bornhack:v2:location": "location:read",
+        "bornhack:v2:permissions": "permissions:read",
+        "bornhack:v2:teams": "teams:read",
+    }
 
     def get_claim_dict(self, request) -> dict[str, str]:
         """Return username (usually a uuid) instead of user pk in the 'sub' claim."""
@@ -45,12 +44,12 @@ def get_additional_claims(self, request) -> dict[str, str | list[dict[str, str]]
         if request.user.is_anonymous:
             return claims
 
+        # these claims are always available
         claims.update(
             {
                 # standard OIDC claims
                 "email": request.user.email,
                 "email_verified": True,
-                "nickname": request.user.profile.get_public_credit_name,
                 "updated_at": int(request.user.profile.updated.timestamp()),
                 # bornhack custom claims
                 "bornhack:v2:teams": [
@@ -68,15 +67,31 @@ def get_additional_claims(self, request) -> dict[str, str | list[dict[str, str]]
             },
         )
 
+        # include bornhack:v2:public_credit_name?
+        if (
+            request.user.profile.public_credit_name_approved
+            and request.user.profile.public_credit_name
+        ):
+            claims["bornhack:v2:public_credit_name"] = (
+                request.user.profile.public_credit_name
+            )
+
+        # include location?
         if request.user.profile.location:
-            claims["address"] = {"formatted": request.user.profile.location}
+            claims["bornhack:v2:location"] = request.user.profile.location
 
+        # include phonenumber?
         if request.user.profile.phonenumber:
             claims["phone_number"] = request.user.profile.phonenumber
-            claims["phone_number_verified"] = True
 
+        # include profile description?
         if request.user.profile.description:
             claims["bornhack:v2:description"] = request.user.profile.description
+
+        # include preferred_username?
+        if request.user.profile.preferred_username:
+            claims["preferred_username"] = request.user.profile.preferred_username
+
         return claims
 
     def get_discovery_claims(self, request) -> list[str]:
@@ -86,17 +101,19 @@ def get_discovery_claims(self, request) -> list[str]:
         """
         return [
             # OIDC standard claims
-            "address",
             "email",
             "email_verified",
             "nickname",
             "phone_number",
             "phone_number_verified",
+            "preferred_username",
             "sub",
             "updated_at",
             # custom user claims
             "bornhack:v2:description",
             "bornhack:v2:groups",
+            "bornhack:v2:location",
             "bornhack:v2:permissions",
+            "bornhack:v2:public_credit_name",
             "bornhack:v2:teams",
         ]

src/bornhack/settings.py

@@ -221,19 +221,24 @@
     "SCOPES": {
         # required
         "openid": "OpenID Connect scope",
+
         # deprecated api scope, remove after 2025 camp
         "profile:read": "Allow the remote site to read your bornhack.dk username (uuid), user id, profile public credit name, profile description, and a list of team memberships using the profile API endpoint (scope profile:read). NOTE: This scope is being deprecated soon! Ask the BornHack website team for more info.",
+
         # standard OIDC claim scopes
         "profile": "Allow the remote site to read your profile public_credit_name, description, and update time (scope: profile)",
         "email": "Allow the remote site to read your email address (scope: email)",
         "address": "Allow the remote site to read your profile location (scope: address)",
         "phone": "Allow the remote site to read your profile phonenumber (scope: phone)",
+
         # custom bornhack user claim scopes
         "groups:read": "Allow the remote site to read a list of your group memberships (scope: groups:read).",
+        "location:read": "Allow the remote site to read your profile location (scope: loocation:read)",
         "permissions:read": "Allow the remote site to read a list of your assigned permissions (scope: permissions:read).",
-        "teams:read": "Allow the remote site to read a list of your team memberships and team lead status (scope: teams)",
+        "teams:read": "Allow the remote site to read a list of your team memberships and team lead status (scope: teams:read)",
+
         # api scopes
-        "phonebook:admin": "Allow the remote site to read the camp phonebook including service numbers and unlisted numbers. Also allows access to the POC API. Only relevant for POC team leads (scope: phonebook:admin).",
+        "phonebook:admin": "Allow the remote site to read the camp phonebook, including service numbers and unlisted numbers. Also allow the remote site to use to the POC API. This scope is only relevant for POC team leads (scope: phonebook:admin).",
         "phonebook:read": "Allow the remote site to read the camp phonebook (scope: phonebook:read).",
     },
     "PKCE_REQUIRED": True,

src/camps/templates/bornhack-2026_camp_detail.html

@@ -0,0 +1,98 @@
+{% extends 'base.html' %}
+{% load commonmark %}
+{% load static %}
+{% load imageutils %}
+
+{% block title %}
+  {{ camp.title }}
+{% endblock %}
+
+{% block content %}
+  <div class="row mt-3">
+    <div class="col-12 text-center">
+      <img src="{% static camp.logo_large %}" width="800" class="img-responsive" id="front-logo" />
+    </div>
+  </div>
+
+
+  <div class="row mt-3">
+    <div class="col-12 col-lg-9">
+      <div class="lead">
+        <b>BornHack</b> is a 7 day <b>outdoor tent camp</b> where hackers, makers and people with an interest in technology or security come together to celebrate technology, socialise, learn and <b>have fun</b>.
+      </div>
+    </div>
+    <div class="col-12 col-lg-3">
+      {% thumbnail 'img/bornhack-2020' 'logotent_pink_people.jpg' 'BornHack Logotent with pink light and people' %}
+    </div>
+  </div>
+
+
+  <div class="row mt-3">
+    <div class="col-12 col-lg-3">
+      {% thumbnail 'img/bornhack-2020' 'participant_tent_laptop.jpg' 'hacker with laptop in front of tent' %}
+    </div>
+    <div class="col-12 col-lg-9">
+      <div class="lead">
+        <strong>BornHack 2026</strong> will be the eleventh BornHack. It will take place from <strong>Wednesday the 15th of July to Wednesday the 22nd of July 2026</strong> at our venue on the Danish island of Funen.
+      </div>
+    </div>
+  </div>
+
+  <br />
+
+  <div class="row mt-3">
+    <div class="col-12 col-lg-9">
+      <div class="lead">
+        The BornHack team looks forward to organising another great event for the hacker community. We <a href="{% url 'teams:list' camp_slug=camp.slug %}">still need volunteers</a>, so please let us know if you want to help!
+      </div>
+    </div>
+    <div class="col-12 col-lg-3">
+      {% thumbnail 'img/bornhack-2021' 'volunteers.jpg' 'The BornHack 2021 volunteers' %}
+    </div>
+  </div>
+
+  <br />
+
+  <div class="row mt-3">
+    <div class="col-12 col-lg-3">
+      {% thumbnail 'img/bornhack-2018/fonsmark' 'FB1_9970_cropped.JPG' 'Danish politicians, government officals and IT-developers debating at BornHack 2018' %}
+    </div>
+    <div class="col-12 col-lg-9">
+      <div class="lead">We want to encourage <strong>hackers, makers, politicians, activists, developers, artists, sysadmins, engineers</strong> with something to say to read our <a href="{% url 'program:call_for_participation' camp_slug=camp.slug %}">call for participation</a>.</div>
+    </div>
+  </div>
+
+  <br />
+
+  <div class="row mt-3">
+    <div class="col-12 col-lg-9">
+      <div class="lead">
+        BornHack aims to <strong>keep ticket prices affordable</strong> for everyone and to that end <strong>we need sponsors</strong>. Please see our <a href="{% url 'sponsors' camp_slug=camp.slug %}">call for sponsors</a> if you want to sponsor us, or if you work for a company you think might be able to help.
+      </div>
+    </div>
+    <div class="col-12 col-lg-3">
+      {% thumbnail 'img/bornhack-2017/fonsmark' 'FB1_7675_cropped.jpg' 'Organisers thanking the BornHack 2017 sponsors' %}
+    </div>
+  </div>
+
+  <br />
+
+  <div class="row mt-3">
+    <div class="col-12">
+      <p class="lead">You are very welcome to ask questions and show your interest on our different channels:</p>
+      {% include 'includes/contact.html' %}
+    </div>
+  </div>
+  <p align="center">
+    {% thumbnail 'img/bornhack-2020' 'ellen_tesla_coil.jpg' 'Little girl and father making arcs with tesla coil' %}
+    {% thumbnail 'img/bornhack-2020' 'dome_lights.jpg' 'Geodesic dome and tents with lights' %}
+    {% thumbnail 'img/bornhack-2017/fonsmark' 'FB1_7724_cropped.jpg' 'A welcoming hug upon arrival at BornHack 2017! <3' %}
+    {% thumbnail 'img/bornhack-2016/fonsmark' 'FB1_5168.JPG' '#irl_bar by night at BornHack 2016' %}
+    {% thumbnail 'img/bornhack-2018/flummer' 'DSC_7054_cropped.jpg' 'The BornHack 2018 badge' %}
+    {% thumbnail 'img/bornhack-2019' 'masked_jeopardy_beer_wall.jpg' 'Masked hacker jeopardy contenders behind beer can wall' %}
+    {% thumbnail 'img/bornhack-2020' 'badge_cyber.jpg' 'The BornHack 2020 badge displaying "cyber"' %}
+    {% thumbnail 'img/bornhack-2020' 'night_stars_lights.jpg' 'Stars above colorfully lit trees' %}
+    {% thumbnail 'img/bornhack-2020' 'bar_people.jpg' 'Bornhack bar in 2020' %}
+    {% thumbnail 'img/bornhack-2017/fonsmark' 'FB1_7521_cropped.jpg' 'Amelia Andersdotter presenting at BornHack 2017' %}
+  </p>
+{% endblock content %}

src/profiles/forms.py

@@ -0,0 +1,12 @@
+from django import forms
+from bornhack.oauth_validators import BornhackOAuth2Validator
+
+def get_scopes() -> list[str]:
+    validator = BornhackOAuth2Validator()
+    return ((scope, scope) for scope in sorted(set(validator.oidc_claim_scope.values())) if scope!="openid")
+
+class OIDCForm(forms.Form):
+    scopes = forms.MultipleChoiceField(
+        choices=get_scopes,
+        help_text="Select the scopes to simulate. The 'openid' scope is always included.",
+    )

src/profiles/migrations/0018_profile_preferred_username.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.20 on 2025-04-28 15:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('profiles', '0017_alter_profile_phonenumber'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='preferred_username',
+            field=models.SlugField(blank=True, help_text="When using your BornHack account to login to other sites with OIDC this value is served as the OIDC standard claim 'preferred_username'. You can set this to the username you would prefer to use on remote sites where you login with your BornHack account."),
+        ),
+    ]

src/profiles/models.py

@@ -67,13 +67,18 @@ class Meta:
         help_text="The phonenumber you can be reached on. This field can be updated automatically when registering a DECT number in the phonebook.",
     )
 
-    # default to near general camping
     location = PointField(
         blank=True,
         null=True,
         help_text="Your location at BornHack. This value is available on public maps.",
     )
 
+    preferred_username = models.SlugField(
+        blank=True,
+        max_length=50,
+        help_text="When using your BornHack account to login to other sites with OIDC this value is served as the OIDC standard claim 'preferred_username'. You can set this to the username you would prefer to use on remote sites where you login with your BornHack account.",
+    )
+
     @property
     def email(self):
         return self.user.email