feat(dgsi/profile): Add Apple configuration

src/dgsi/templates/dgnum_profile.mobileconfig

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>ConsentText</key>
+	<dict>
+		<key>default</key>
+		<string>Souhaitez-vous configurer votre appareil pour utiliser le Wi-Fi DGNum ?</string>
+		<key>en</key>
+		<string>Dou you want to configure your device to use the DGNum Wi-Fi ?</string>
+	</dict>
+	<key>PayloadUUID</key>
+	<string>304283f2-b4df-4f54-9fd9-9c8e1fdc778f</string>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>AutoJoin</key>
+			<true/>
+			<key>CaptiveBypass</key>
+			<true/>
+			<key>EAPClientConfiguration</key>
+			<dict>
+				<key>AcceptEAPTypes</key>
+				<array>
+					<integer>25</integer>
+				</array>
+				<key>OuterIdentity</key>
+				<string>anonymous</string>
+				<key>TLSMaximumVersion</key>
+				<string>1.3</string>
+				<key>TLSMinimumVersion</key>
+				<string>1.2</string>
+				<key>TLSTrustedServerNames</key>
+				<array>
+					<string>radius.dgnum.eu</string>
+				</array>
+				<key>UserName</key>
+					<string>{{ user.username }}</string>
+				<key>UserPassword</key>
+					<string>{{ user.kanidm.radius_secret }}</string>
+				<key>TTLSInnerAuthentication</key>
+				<string>MSCHAPv2</string>
+			</dict>
+			<key>PayloadUUID</key>
+			<string>a9a6e20c-1d9e-497a-b10c-f93a62e3e7df</string>
+			<key>EncryptionType</key>
+			<string>WPA2</string>
+			<key>HIDDEN_NETWORK</key>
+			<false/>
+			<key>IsHotspot</key>
+			<false/>
+			<key>PayloadDescription</key>
+			<string>DGNum Wi-Fi configuration</string>
+			<key>PayloadDisplayName</key>
+			<string>Wi-Fi</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.wifi.managed.a9a6e20c-1d9e-497a-b10c-f93a62e3e7df</string>
+			<key>PayloadType</key>
+			<string>com.apple.wifi.managed</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProxyType</key>
+			<string>None</string>
+			<key>SSID_STR</key>
+			<string>{{ dgnum_ssid }}</string>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>DGNum Wi-Fi configuration</string>
+	<key>PayloadDisplayName</key>
+	<string>Wi-Fi DGNum</string>
+	<key>PayloadIdentifier</key>
+	<string>dgnum-radius.304283f2-b4df-4f54-9fd9-9c8e1fdc778f</string>
+	<key>PayloadOrganization</key>
+	<string>Délégation Générale Numérique</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

src/dgsi/templates/dgsi/profile.html

@@ -55,7 +55,6 @@
                readonly />
         <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
       </div>
-      <br>
     {% else %}
       <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
          class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
@@ -76,6 +75,15 @@
          readonly />
   <br>
 
+  {% if user.kanidm and user.kanidm.radius_secret %}
+  <div class="buttons">
+    <a href="{% url "dgsi:dgn-apple_profile" %}" class="button is-light">
+      <span class="icon"><i class="ti ti-brand-apple-filled"></i></span>
+      <span>{% trans "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS" %}</span>
+    </a>
+  </div>
+  {% endif %}
+
   {% if user.kanidm %}
     <h2 class="subtitle mt-4">
       {% trans "Informations techniques" %}

src/dgsi/urls.py

@@ -33,6 +33,11 @@ urlpatterns = [
     ),
     # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path(
+        "accounts/profile/apple-config/",
+        views.AppleProfileView.as_view(),
+        name="dgn-apple_profile",
+    ),
     path(
         "accounts/generate-wifi-password/",
         views.GenerateWiFiPasswordView.as_view(),
@@ -48,6 +53,7 @@ urlpatterns = [
         views.CreateKanidmAccountView.as_view(),
         name="dgn-create_kanidm_user",
     ),
+    path("accounts/list/", views.UserListView.as_view(), name="dgn-user_list"),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),

src/dgsi/views.py

@@ -74,6 +74,46 @@ class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
 
+class AppleProfileView(AccessMixin, TemplateView):
+    content_type = "application/x-apple-aspen-config"
+    template_name = "dgnum_profile.mobileconfig"
+    extra_context = {"dgnum_ssid": "DGNum 2G (N)"}
+
+    def dispatch(
+        self, request: HttpRequest, *args: Any, **kwargs: Any
+    ) -> HttpResponseBase:
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        u = User.from_request(request)
+
+        # Check that the user does not already exist
+        if u.kanidm is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez créer un compte DGNum.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-create_self_account"))
+
+        if u.kanidm.radius_secret is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez générer un mot de passe Wi-Fi.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+
+        return super().dispatch(request, *args, **kwargs)
+
+    def render_to_response(
+        self, context: dict[str, Any], **response_kwargs: Any
+    ) -> HttpResponse:
+        headers = response_kwargs.pop("headers", {})
+        headers["Content-Disposition"] = "attachment; filename=wifi_dgnum.mobileconfig"
+        return super().render_to_response(context, headers=headers, **response_kwargs)
+
+
 class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
     url = reverse_lazy("dgsi:dgn-profile")