From 639ea923682c1c980076931da77eb3f8c0bbb4ad Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 21 Aug 2024 19:33:49 +0200
Subject: [PATCH 001/172] feat: init profiles generation

---
 src/app/urls.py                     |  9 +++++
 src/app/utils.py                    | 10 ++++++
 src/app/views.py                    | 18 ++++++++++
 src/shared/templates/home.html      |  6 +++-
 src/shared/templates/iosprofile.xml | 51 +++++++++++++++++++++++++++++
 src/shared/templates/profiles.html  |  8 +++++
 6 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 src/app/utils.py
 create mode 100644 src/app/views.py
 create mode 100644 src/shared/templates/iosprofile.xml
 create mode 100644 src/shared/templates/profiles.html

diff --git a/src/app/urls.py b/src/app/urls.py
index 19fb416..f4a3984 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -17,12 +17,21 @@ Including another URLconf
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
 from django.urls import include, path
 from django.views.generic import TemplateView
 
+from . import views
+
 urlpatterns = [
     path("", TemplateView.as_view(template_name="home.html"), name="index"),
     path("login", TemplateView.as_view(template_name="login.html"), name="login"),
+    path(
+        "profiles.html",
+        login_required(TemplateView.as_view(template_name="profiles.html")),
+        name="profiles",
+    ),
+    path("profiles/ios.xml", views.profile_ios, name="profiles-ios"),
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
 ]
diff --git a/src/app/utils.py b/src/app/utils.py
new file mode 100644
index 0000000..d2cedb7
--- /dev/null
+++ b/src/app/utils.py
@@ -0,0 +1,10 @@
+import json
+
+import kanidm
+
+
+async def get_radius_credential(username):
+    config = kanidm.KanidmClientConfig(uri="https://sso.dgnum.eu")
+    client = kanidm.KanidmClient(config=config)
+    token = await client.get_radius_token(username)
+    return json.loads(token.content)["secret"]
diff --git a/src/app/views.py b/src/app/views.py
new file mode 100644
index 0000000..df52ecf
--- /dev/null
+++ b/src/app/views.py
@@ -0,0 +1,18 @@
+from asgiref.sync import async_to_sync, sync_to_async
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import render
+
+from . import utils
+
+
+@sync_to_async
+@login_required(login_url="/login/")
+@async_to_sync
+async def profile_ios(request):
+    radius_credential = await utils.get_radius_credential(request.user.username)
+    return render(
+        request,
+        "iosprofile.xml",
+        {"radius_credential": radius_credential},
+        content_type="text/xml",
+    )
diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
index f865627..58c992c 100644
--- a/src/shared/templates/home.html
+++ b/src/shared/templates/home.html
@@ -1,3 +1,7 @@
 {% extends "base.html" %}
 
-{% block content %}{% endblock %}
+{% block content %}
+<ul>
+	<li><a href="profiles.html">Profils WiFi</a></li>
+</ul>
+{% endblock %}
diff --git a/src/shared/templates/iosprofile.xml b/src/shared/templates/iosprofile.xml
new file mode 100644
index 0000000..ba8d514
--- /dev/null
+++ b/src/shared/templates/iosprofile.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>PayloadContent</key>
+		<array>
+			<dict>
+				<key>AutoJoin</key>
+				<true/>
+				<key>CaptiveBypass</key>
+				<false/>
+				<key>EncryptionType</key>
+				<string>WPA2</string>
+				<key>HIDDEN_NETWORK</key>
+				<false/>
+				<key>IsHotspot</key>
+				<false/>
+				<key>Password</key>
+				<string>{{ radius_credential }}</string>
+				<key>PayloadDescription</key>
+				<string>Configures Wi-Fi settings</string>
+				<key>PayloadDisplayName</key>
+				<string>DGNum WiFi</string>
+				<key>PayloadIdentifier</key>
+				<string>com.apple.wifi.managed.5A2AE473-F6B7-4D60-9778-B25D26317C41</string>
+				<key>PayloadType</key>
+				<string>com.apple.wifi.managed</string>
+				<key>PayloadUUID</key>
+				<string>5A2AE473-F6B7-4D60-9778-B25D26317C41</string>
+				<key>PayloadVersion</key>
+				<integer>1</integer>
+				<key>ProxyType</key>
+				<string>None</string>
+				<key>SSID_STR</key>
+				<string>DGNum</string>
+			</dict>
+		</array>
+		<key>PayloadDisplayName</key>
+		<string>DGNum WiFi</string>
+		<key>PayloadIdentifier</key>
+		<string>WiFi-PSK-Sample.D5B78A3C-CDA8-471F-984C-06F977EF870C</string>
+		<key>PayloadRemovalDisallowed</key>
+		<false/>
+		<key>PayloadType</key>
+		<string>Configuration</string>
+		<key>PayloadUUID</key>
+		<string>444C9683-221C-49AF-997D-2B6B84710DAA</string>
+		<key>PayloadVersion</key>
+		<integer>1</integer>
+	</dict>
+</plist>
diff --git a/src/shared/templates/profiles.html b/src/shared/templates/profiles.html
new file mode 100644
index 0000000..2046f2c
--- /dev/null
+++ b/src/shared/templates/profiles.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block content %}
+  <div class="buttons">
+    <a class="button is-link is-soft">iOS</a>
+    <a class="button is-danger is-soft">Android</a>
+  </div>
+{% endblock %}

From 772ca45292e9ffcb7990aa3c3dff46f616ab8836 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 11 Sep 2024 21:07:11 +0200
Subject: [PATCH 002/172] feat(pkgs): Update pykanidm

---
 pkgs/pykanidm/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/pykanidm/default.nix b/pkgs/pykanidm/default.nix
index f49d8b2..8f03681 100644
--- a/pkgs/pykanidm/default.nix
+++ b/pkgs/pykanidm/default.nix
@@ -11,14 +11,14 @@
 
 buildPythonPackage rec {
   pname = "kanidm";
-  version = "1.1.0-rc.16";
+  version = "1.2.3";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "kanidm";
     repo = "kanidm";
     rev = "v${version}";
-    hash = "sha256-NH9V5KKI9LAtJ2/WuWtUJUzkjVMfO7Q5NQkK7Ys2olU=";
+    hash = "sha256-J02IbAY5lyoMaq6wJiHizqeFBd5hB6id2YMPxlPsASM=";
   };
 
   sourceRoot = "source/pykanidm";

From 8599992dd755e95c61ce551625d4e310fd0fccda Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 11 Sep 2024 21:08:08 +0200
Subject: [PATCH 003/172] feat(dgsi): Add a basic profile view

---
 .credentials/KANIDM_URI                   |  1 +
 src/dgsi/urls.py                          | 10 ++++++-
 src/dgsi/views.py                         | 34 +++++++++++++++++++++++
 src/shared/kanidm.py                      |  8 ++++++
 src/shared/templates/_hero.html           |  2 +-
 src/shared/templates/account/profile.html | 25 +++++++++++++++++
 6 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 .credentials/KANIDM_URI
 create mode 100644 src/shared/kanidm.py
 create mode 100644 src/shared/templates/account/profile.html

diff --git a/.credentials/KANIDM_URI b/.credentials/KANIDM_URI
new file mode 100644
index 0000000..cd6933f
--- /dev/null
+++ b/.credentials/KANIDM_URI
@@ -0,0 +1 @@
+https://sso.dgnum.eu
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 637600f..deb3429 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -1 +1,9 @@
-urlpatterns = []
+from django.urls import path
+
+from . import views
+
+app_name = "dgsi"
+
+urlpatterns = [
+    path("profile", views.ProfileView.as_view(), name="dgn-profile"),
+]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 60f00ef..2277922 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1 +1,35 @@
 # Create your views here.
+import json
+from typing import Optional
+
+from asgiref.sync import async_to_sync
+from django.contrib.auth import get_user_model
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.db.models import QuerySet
+from django.views.generic import DetailView
+
+from shared.kanidm import client
+
+User = get_user_model()
+
+
+class ProfileView(LoginRequiredMixin, DetailView):
+    model = User
+    template_name = "account/profile.html"
+
+    def get_object(self, queryset: Optional[QuerySet] = None):
+        assert isinstance(self.request.user, User)
+
+        return self.request.user
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+
+        username = self.request.user.get_username()
+
+        ctx["person"] = async_to_sync(client.person_account_get)(username)
+
+        content: str = async_to_sync(client.get_radius_token)(username).content
+
+        ctx["radius_secret"] = json.loads(content).get("secret")
+        return ctx
diff --git a/src/shared/kanidm.py b/src/shared/kanidm.py
new file mode 100644
index 0000000..32a77e1
--- /dev/null
+++ b/src/shared/kanidm.py
@@ -0,0 +1,8 @@
+from kanidm import KanidmClient
+from loadcredential import Credentials
+
+credentials = Credentials(env_prefix="DGSI_")
+
+client = KanidmClient(
+    uri=credentials["KANIDM_URI"], token=credentials["KANIDM_AUTH_TOKEN"]
+)
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 7b5391b..37b4a70 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -8,7 +8,7 @@
           <h1 class="title">
             <a href="{% url 'index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
           </h1>
-          <h2 class="subtitle">Système d'information de la DGNum</h2>
+          <h2 class="subtitle mt-2">Système d'information de la DGNum</h2>
         </div>
         <div class="cell">
           {% if user.is_authenticated %}
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
new file mode 100644
index 0000000..fdbd01c
--- /dev/null
+++ b/src/shared/templates/account/profile.html
@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% block content %}
+  <h2 class="subtitle">
+    <span>Profil de {{ person.displayname }}</span>
+    <span class="tag is-primary is-medium is-pulled-right">{{ person.name }}</span>
+  </h2>
+  <hr>
+
+  <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
+
+  <span class="button is-fullwidth">{{ person.uuid }}</span>
+  <br>
+
+  <h3 class="has-text-weight-bold mb-3">Token RADIUS :</h3>
+
+  <span class="button is-fullwidth">{{ radius_secret }}</span>
+  <br>
+
+  <h3 class="has-text-weight-bold mb-3">Membre des groupes suivants :</h3>
+
+  {% for group in person.memberof %}
+    <span class="button is-fullwidth">{{ group }}</span><br>
+  {% endfor %}
+{% endblock content %}

From 7581bf59dfc08d7c9cad45686d8ae8f0475d5ce6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 13 Sep 2024 16:55:44 +0200
Subject: [PATCH 004/172] feat(models): Add a Profile model

This simplifies the management of the views data
---
 src/dgsi/migrations/0001_initial.py       | 37 +++++++++++++++++++++++
 src/dgsi/models.py                        | 30 ++++++++++++++++++
 src/dgsi/views.py                         | 37 ++++++-----------------
 src/shared/templates/account/profile.html | 10 +++---
 4 files changed, 82 insertions(+), 32 deletions(-)
 create mode 100644 src/dgsi/migrations/0001_initial.py

diff --git a/src/dgsi/migrations/0001_initial.py b/src/dgsi/migrations/0001_initial.py
new file mode 100644
index 0000000..1a56d02
--- /dev/null
+++ b/src/dgsi/migrations/0001_initial.py
@@ -0,0 +1,37 @@
+# Generated by Django 4.2.12 on 2024-09-13 14:30
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Profile",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "user",
+                    models.OneToOneField(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 6b20219..6d3491f 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -1 +1,31 @@
 # Create your models here.
+
+from dataclasses import dataclass
+from functools import cached_property
+from typing import Optional
+
+from asgiref.sync import async_to_sync
+from django.contrib.auth.models import User
+from django.db import models
+from kanidm.models.person import Person
+
+from shared.kanidm import client
+
+
+@dataclass
+class KanidmProfile:
+    person: Person
+    secret: Optional[str]
+
+
+class Profile(models.Model):
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+
+    @cached_property
+    def kanidm_profile(self):
+        person = async_to_sync(client.person_account_get)(self.user.username)
+        data = async_to_sync(client.get_radius_token)(self.user.username).data
+
+        secret = data.get("secret") if data is not None else None
+
+        return KanidmProfile(person, secret)
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 2277922..786a36b 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,35 +1,18 @@
-# Create your views here.
-import json
-from typing import Optional
-
-from asgiref.sync import async_to_sync
-from django.contrib.auth import get_user_model
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.db.models import QuerySet
-from django.views.generic import DetailView
-
-from shared.kanidm import client
-
-User = get_user_model()
+from django.contrib.auth.models import User
+from django.views.generic import TemplateView
 
 
-class ProfileView(LoginRequiredMixin, DetailView):
+class ProfileView(LoginRequiredMixin, TemplateView):
     model = User
     template_name = "account/profile.html"
 
-    def get_object(self, queryset: Optional[QuerySet] = None):
+    def get_context_data(self, **kwargs):
         assert isinstance(self.request.user, User)
 
-        return self.request.user
-
-    def get_context_data(self, **kwargs):
-        ctx = super().get_context_data(**kwargs)
-
-        username = self.request.user.get_username()
-
-        ctx["person"] = async_to_sync(client.person_account_get)(username)
-
-        content: str = async_to_sync(client.get_radius_token)(username).content
-
-        ctx["radius_secret"] = json.loads(content).get("secret")
-        return ctx
+        return super().get_context_data(
+            # Pyright throws a fit as it doesn't detect the reverse relation
+            # giving a user its profile
+            profile=self.request.user.profile.kanidm_profile,  # pyright: ignore
+            **kwargs
+        )
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index fdbd01c..cb3bf13 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -2,24 +2,24 @@
 
 {% block content %}
   <h2 class="subtitle">
-    <span>Profil de {{ person.displayname }}</span>
-    <span class="tag is-primary is-medium is-pulled-right">{{ person.name }}</span>
+    <span>Profil de {{ profile.person.displayname }}</span>
+    <span class="tag is-primary is-medium is-pulled-right">{{ profile.person.name }}</span>
   </h2>
   <hr>
 
   <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
 
-  <span class="button is-fullwidth">{{ person.uuid }}</span>
+  <span class="button is-fullwidth">{{ profile.person.uuid }}</span>
   <br>
 
   <h3 class="has-text-weight-bold mb-3">Token RADIUS :</h3>
 
-  <span class="button is-fullwidth">{{ radius_secret }}</span>
+  <span class="button is-fullwidth">{{ profile.secret }}</span>
   <br>
 
   <h3 class="has-text-weight-bold mb-3">Membre des groupes suivants :</h3>
 
-  {% for group in person.memberof %}
+  {% for group in profile.person.memberof %}
     <span class="button is-fullwidth">{{ group }}</span><br>
   {% endfor %}
 {% endblock content %}

From 7491fdb376b32fb69966400e6343faf2fffce993 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 13 Sep 2024 17:09:21 +0200
Subject: [PATCH 005/172] chore(shell): Switch back to django-stubs

It is more up to date, and no longer requires mypy
---
 default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index a339fb9..8ce494c 100644
--- a/default.nix
+++ b/default.nix
@@ -43,7 +43,7 @@ in
           ps.django-allauth
           ps.django-compressor
           ps.django-debug-toolbar
-          ps.django-types
+          ps.django-stubs
           ps.loadcredential
         ]
         ++ (builtins.map (p: ps.callPackage ./pkgs/${p} { }) [

From aed32e0725c9a50626ff4176a97f187710aa128d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 13 Sep 2024 17:32:45 +0200
Subject: [PATCH 006/172] feat(profile): Change the url so that the redirection
 is automatic after connexion

---
 src/dgsi/urls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index deb3429..cc2e0d0 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -5,5 +5,5 @@ from . import views
 app_name = "dgsi"
 
 urlpatterns = [
-    path("profile", views.ProfileView.as_view(), name="dgn-profile"),
+    path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
 ]

From 855664e4101a859d61c318abc25ac99a3a41cdc4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 13 Sep 2024 21:25:26 +0200
Subject: [PATCH 007/172] feat(templates): Tweak _hero.html

This makes the title fit on one line
---
 src/shared/templates/_hero.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 37b4a70..e482ce2 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -3,8 +3,8 @@
 <section class="hero is-dark is-primary">
   <div class="hero-body">
     <div class="container">
-      <div class="grid">
-        <div class="cell">
+      <div class="grid has-3-cols">
+        <div class="cell is-col-span-2">
           <h1 class="title">
             <a href="{% url 'index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
           </h1>

From c02b29a6f5405f908d5950554381bfe5a8cf4124 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 14:44:47 +0200
Subject: [PATCH 008/172] feat(shell): Use python312

---
 default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index 8ce494c..b4d0d99 100644
--- a/default.nix
+++ b/default.nix
@@ -35,7 +35,7 @@ in
       pkgs.dart-sass
 
       # Python dependencies
-      (pkgs.python3.withPackages (
+      (pkgs.python312.withPackages (
         ps:
         [
           ps.daphne

From f56961c7bbf6132826159e9622504687b6f2cce3 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 15:44:25 +0200
Subject: [PATCH 009/172] feat(User): Switch to a custom model, simplifying the
 logic

---
 src/app/settings.py                       |   1 +
 src/dgsi/admin.py                         |   7 +-
 src/dgsi/migrations/0001_initial.py       | 112 ++++++++++++++++++++--
 src/dgsi/models.py                        |  29 +++---
 src/dgsi/views.py                         |  12 ---
 src/shared/templates/account/profile.html |  11 ++-
 6 files changed, 133 insertions(+), 39 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index af2393f..14c4af8 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -129,6 +129,7 @@ SOCIALACCOUNT_PROVIDERS = {
 }
 
 AUTH_PASSWORD_VALIDATORS = []
+AUTH_USER_MODEL = "dgsi.User"
 
 
 ###
diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 846f6b4..5279d05 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1 +1,6 @@
-# Register your models here.
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+
+from dgsi.models import User
+
+admin.site.register(User, UserAdmin)
diff --git a/src/dgsi/migrations/0001_initial.py b/src/dgsi/migrations/0001_initial.py
index 1a56d02..a9dfd9c 100644
--- a/src/dgsi/migrations/0001_initial.py
+++ b/src/dgsi/migrations/0001_initial.py
@@ -1,7 +1,8 @@
-# Generated by Django 4.2.12 on 2024-09-13 14:30
+# Generated by Django 4.2.12 on 2024-09-14 13:35
 
-import django.db.models.deletion
-from django.conf import settings
+import django.contrib.auth.models
+import django.contrib.auth.validators
+import django.utils.timezone
 from django.db import migrations, models
 
 
@@ -9,12 +10,12 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("auth", "0012_alter_user_first_name_max_length"),
     ]
 
     operations = [
         migrations.CreateModel(
-            name="Profile",
+            name="User",
             fields=[
                 (
                     "id",
@@ -25,13 +26,106 @@ class Migration(migrations.Migration):
                         verbose_name="ID",
                     ),
                 ),
+                ("password", models.CharField(max_length=128, verbose_name="password")),
                 (
-                    "user",
-                    models.OneToOneField(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to=settings.AUTH_USER_MODEL,
+                    "last_login",
+                    models.DateTimeField(
+                        blank=True, null=True, verbose_name="last login"
+                    ),
+                ),
+                (
+                    "is_superuser",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates that this user has all permissions without explicitly assigning them.",
+                        verbose_name="superuser status",
+                    ),
+                ),
+                (
+                    "username",
+                    models.CharField(
+                        error_messages={
+                            "unique": "A user with that username already exists."
+                        },
+                        help_text="Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.",
+                        max_length=150,
+                        unique=True,
+                        validators=[
+                            django.contrib.auth.validators.UnicodeUsernameValidator()
+                        ],
+                        verbose_name="username",
+                    ),
+                ),
+                (
+                    "first_name",
+                    models.CharField(
+                        blank=True, max_length=150, verbose_name="first name"
+                    ),
+                ),
+                (
+                    "last_name",
+                    models.CharField(
+                        blank=True, max_length=150, verbose_name="last name"
+                    ),
+                ),
+                (
+                    "email",
+                    models.EmailField(
+                        blank=True, max_length=254, verbose_name="email address"
+                    ),
+                ),
+                (
+                    "is_staff",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates whether the user can log into this admin site.",
+                        verbose_name="staff status",
+                    ),
+                ),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True,
+                        help_text="Designates whether this user should be treated as active. Unselect this instead of deleting accounts.",
+                        verbose_name="active",
+                    ),
+                ),
+                (
+                    "date_joined",
+                    models.DateTimeField(
+                        default=django.utils.timezone.now, verbose_name="date joined"
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "user_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this user.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.permission",
+                        verbose_name="user permissions",
                     ),
                 ),
             ],
+            options={
+                "verbose_name": "user",
+                "verbose_name_plural": "users",
+                "abstract": False,
+            },
+            managers=[
+                ("objects", django.contrib.auth.models.UserManager()),
+            ],
         ),
     ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 6d3491f..b60cd1d 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -1,31 +1,36 @@
-# Create your models here.
-
 from dataclasses import dataclass
 from functools import cached_property
 from typing import Optional
 
 from asgiref.sync import async_to_sync
-from django.contrib.auth.models import User
-from django.db import models
+from django.contrib.auth.models import AbstractUser
 from kanidm.models.person import Person
 
 from shared.kanidm import client
 
+ADMIN_GROUP = "idm_admins@sso.dgnum.eu"
+
 
 @dataclass
 class KanidmProfile:
     person: Person
-    secret: Optional[str]
+    radius_secret: Optional[str]
 
 
-class Profile(models.Model):
-    user = models.OneToOneField(User, on_delete=models.CASCADE)
+class User(AbstractUser):
+    """
+    Custom User class, to have a direct link to the Kanidm data.
+    """
 
     @cached_property
-    def kanidm_profile(self):
-        person = async_to_sync(client.person_account_get)(self.user.username)
-        data = async_to_sync(client.get_radius_token)(self.user.username).data
+    def kanidm(self) -> KanidmProfile:
+        radius_data = async_to_sync(client.get_radius_token)(self.username).data
 
-        secret = data.get("secret") if data is not None else None
+        return KanidmProfile(
+            person=async_to_sync(client.person_account_get)(self.username),
+            radius_secret=radius_data and radius_data.get("secret"),
+        )
 
-        return KanidmProfile(person, secret)
+    @property
+    def is_admin(self) -> bool:
+        return ADMIN_GROUP in self.kanidm.person.memberof
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 786a36b..75ebf1f 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,18 +1,6 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.models import User
 from django.views.generic import TemplateView
 
 
 class ProfileView(LoginRequiredMixin, TemplateView):
-    model = User
     template_name = "account/profile.html"
-
-    def get_context_data(self, **kwargs):
-        assert isinstance(self.request.user, User)
-
-        return super().get_context_data(
-            # Pyright throws a fit as it doesn't detect the reverse relation
-            # giving a user its profile
-            profile=self.request.user.profile.kanidm_profile,  # pyright: ignore
-            **kwargs
-        )
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index cb3bf13..90e20ae 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -1,25 +1,26 @@
 {% extends "base.html" %}
+{% load i18n %}
 
 {% block content %}
   <h2 class="subtitle">
-    <span>Profil de {{ profile.person.displayname }}</span>
-    <span class="tag is-primary is-medium is-pulled-right">{{ profile.person.name }}</span>
+    <span>Profil de {{ user.kanidm.person.displayname }}</span>
+    <span class="tag is-primary is-medium is-pulled-right">{{ user.kanidm.person.name }}</span>
   </h2>
   <hr>
 
   <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
 
-  <span class="button is-fullwidth">{{ profile.person.uuid }}</span>
+  <span class="button is-fullwidth">{{ user.kanidm.person.uuid }}</span>
   <br>
 
   <h3 class="has-text-weight-bold mb-3">Token RADIUS :</h3>
 
-  <span class="button is-fullwidth">{{ profile.secret }}</span>
+  <span class="button is-fullwidth">{{ user.kanidm.radius_secret }}</span>
   <br>
 
   <h3 class="has-text-weight-bold mb-3">Membre des groupes suivants :</h3>
 
-  {% for group in profile.person.memberof %}
+  {% for group in user.kanidm.person.memberof %}
     <span class="button is-fullwidth">{{ group }}</span><br>
   {% endfor %}
 {% endblock content %}

From 3b2937b6d11664f90089640afac9250e11244982 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 15:44:52 +0200
Subject: [PATCH 010/172] feat(dgsi.mixins): Introduce StaffRequiredMixin

---
 src/dgsi/mixins.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 src/dgsi/mixins.py

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
new file mode 100644
index 0000000..dcb6d70
--- /dev/null
+++ b/src/dgsi/mixins.py
@@ -0,0 +1,16 @@
+from django.contrib.auth.mixins import UserPassesTestMixin
+from django.http import HttpRequest
+
+from dgsi.models import User
+
+
+class StaffRequiredMixin(UserPassesTestMixin):
+    request: HttpRequest
+
+    def test_func(self) -> bool | None:
+        if self.request.user.is_authenticated:
+            return False
+
+        assert isinstance(self.request.user, User)
+
+        return self.request.user.is_admin

From 06351ca22e85fb8fcf61a060585d3e8f3bdfa24f Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 15:45:56 +0200
Subject: [PATCH 011/172] chore(.gitignore): Don't consider backups of the
 local db

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 9054e66..48ab904 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 .pre-commit-config.yaml
 
 db.sqlite3
+db.sqlite3.*
 __pycache__/
 
 .static/*

From 2642a64116f2c92709f26c6b08921ee082682d75 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 15:46:11 +0200
Subject: [PATCH 012/172] feat(shell): Add ipython

---
 default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/default.nix b/default.nix
index b4d0d99..7f377cd 100644
--- a/default.nix
+++ b/default.nix
@@ -45,6 +45,7 @@ in
           ps.django-debug-toolbar
           ps.django-stubs
           ps.loadcredential
+          ps.ipython
         ]
         ++ (builtins.map (p: ps.callPackage ./pkgs/${p} { }) [
           "django-browser-reload"

From 2817054e7e49309247bcbf62751f6ddaf6b8297b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 15:53:10 +0200
Subject: [PATCH 013/172] feat(dgsi.views): Add a view to create users

---
 src/dgsi/urls.py  | 1 +
 src/dgsi/views.py | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index cc2e0d0..38c0e0c 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -6,4 +6,5 @@ app_name = "dgsi"
 
 urlpatterns = [
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path("accounts/create/", views.CreateUserView.as_view(), name="dgn-create_user"),
 ]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 75ebf1f..5515f8f 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,6 +1,13 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.views.generic import TemplateView
+from django.views.generic import CreateView, TemplateView
+
+from dgsi.mixins import StaffRequiredMixin
+from dgsi.models import User
 
 
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "account/profile.html"
+
+
+class CreateUserView(StaffRequiredMixin, CreateView):
+    model = User

From abc71eb52d251daa22e36dee8825b54bf383a2f7 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 14 Sep 2024 16:35:57 +0200
Subject: [PATCH 014/172] feat(accounts): Simplify the template and disable
 signup

---
 src/app/settings.py                           |  4 ++
 src/shared/account.py                         | 10 ++++
 .../templates/allauth/layouts/base.html       | 50 -------------------
 3 files changed, 14 insertions(+), 50 deletions(-)
 create mode 100644 src/shared/account.py

diff --git a/src/app/settings.py b/src/app/settings.py
index 14c4af8..0328933 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -110,6 +110,10 @@ AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
+ACCOUNT_ADAPTER = "shared.account.AccountAdapter"
+ACCOUNT_CHANGE_EMAIL = True
+ACCOUNT_EMAIL_NOTIFICATIONS = True
+
 SOCIALACCOUNT_ONLY = True
 SOCIALACCOUNT_PROVIDERS = {
     "openid_connect": {
diff --git a/src/shared/account.py b/src/shared/account.py
new file mode 100644
index 0000000..544fcd4
--- /dev/null
+++ b/src/shared/account.py
@@ -0,0 +1,10 @@
+from allauth.account.adapter import DefaultAccountAdapter
+
+
+class AccountAdapter(DefaultAccountAdapter):
+    """
+    Overrides the Account Adapter.
+    """
+
+    def is_open_for_signup(self, request):
+        return False
diff --git a/src/shared/templates/allauth/layouts/base.html b/src/shared/templates/allauth/layouts/base.html
index 3746ddc..eb6082e 100644
--- a/src/shared/templates/allauth/layouts/base.html
+++ b/src/shared/templates/allauth/layouts/base.html
@@ -16,56 +16,6 @@
     {% include "_hero.html" %}
 
     <section class="section container">
-      <nav class="level">
-        {% if user.is_authenticated %}
-          {% url 'account_email' as email_url %}
-          {% if email_url %}
-            <li class="level-item button is-light">
-              <a href="{{ email_url }}">{% trans "Change Email" %}</a>
-            </li>
-          {% endif %}
-          {% url 'account_change_password' as change_password_url %}
-          {% if change_password_url %}
-            <li class="level-item button is-light">
-              <a href="{{ change_password_url }}">{% trans "Change Password" %}</a>
-            </li>
-          {% endif %}
-          {% url 'mfa_index' as mfa_url %}
-          {% if mfa_url %}
-            <li class="level-item button is-light">
-              <a href="{{ mfa_url }}">{% trans "Two-Factor Authentication" %}</a>
-            </li>
-          {% endif %}
-          {% url 'usersessions_list' as usersessions_list_url %}
-          {% if usersessions_list_url %}
-            <li class="level-item button is-light">
-              <a href="{{ usersessions_list_url }}">{% trans "Sessions" %}</a>
-            </li>
-          {% endif %}
-          {% url 'account_logout' as logout_url %}
-          {% if logout_url %}
-            <li class="level-item button is-light">
-              <a href="{{ logout_url }}">{% trans "Sign Out" %}</a>
-            </li>
-          {% endif %}
-        {% else %}
-          {% url 'account_login' as login_url %}
-          {% if login_url %}
-            <li class="level-item button is-light has-text-weight-bold">
-              <a href="{{ login_url }}">{% trans "Sign In" %}</a>
-            </li>
-          {% endif %}
-          {% url 'account_signup' as signup_url %}
-          {% if signup_url %}
-            <li class="level-item button is-light has-text-weight-bold">
-              <a href="{{ signup_url }}">{% trans "Sign Up" %}</a>
-            </li>
-          {% endif %}
-        {% endif %}
-      </nav>
-
-      <hr>
-
       <div class="content">
         {% block content %}
         {% endblock content %}

From 8baad602c6c5c1189aa9557985937af647f50dab Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 16 Sep 2024 17:56:53 +0200
Subject: [PATCH 015/172] feat(pkgs): Add django-allauth-cas

---
 pkgs/django-allauth-cas/01-setup.patch | 12 +++++++
 pkgs/django-allauth-cas/default.nix    | 46 ++++++++++++++++++++++++++
 pkgs/python-cas/default.nix            | 43 ++++++++++++++++++++++++
 3 files changed, 101 insertions(+)
 create mode 100644 pkgs/django-allauth-cas/01-setup.patch
 create mode 100644 pkgs/django-allauth-cas/default.nix
 create mode 100644 pkgs/python-cas/default.nix

diff --git a/pkgs/django-allauth-cas/01-setup.patch b/pkgs/django-allauth-cas/01-setup.patch
new file mode 100644
index 0000000..92897d2
--- /dev/null
+++ b/pkgs/django-allauth-cas/01-setup.patch
@@ -0,0 +1,12 @@
+diff --git a/setup.py b/setup.py
+index fb06ec0..506677f 100644
+--- a/setup.py
++++ b/setup.py
+@@ -52,7 +52,6 @@ setup(
+     install_requires=[
+         "django-allauth",
+         "python-cas",
+-        "six",
+     ],
+     extras_require={
+         "docs": ["sphinx"],
diff --git a/pkgs/django-allauth-cas/default.nix b/pkgs/django-allauth-cas/default.nix
new file mode 100644
index 0000000..8721e21
--- /dev/null
+++ b/pkgs/django-allauth-cas/default.nix
@@ -0,0 +1,46 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  setuptools,
+  wheel,
+  django-allauth,
+  python-cas,
+}:
+
+buildPythonPackage rec {
+  pname = "django-allauth-cas";
+  version = "unstable-2024-01-25";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "jlucasp25";
+    repo = "django-allauth-cas";
+    rev = "77e02f3796cd564a9a0c48b5b568b14d4d4c5687";
+    hash = "sha256-y/IquXl/4+9MJmsgbWtPun3tBbRJ4kJFzWo5c+5WeHk=";
+  };
+
+  patches = [ ./01-setup.patch ];
+
+  build-system = [
+    setuptools
+    wheel
+  ];
+
+  dependencies = [
+    django-allauth
+    python-cas
+  ];
+
+  pythonImportsCheck = [
+    "allauth_cas"
+  ];
+
+  meta = {
+    description = "CAS support for django-allauth";
+    homepage = "https://github.com/jlucasp25/django-allauth-cas";
+    changelog = "https://github.com/jlucasp25/django-allauth-cas/blob/${src.rev}/CHANGELOG.rst";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ ];
+  };
+}
diff --git a/pkgs/python-cas/default.nix b/pkgs/python-cas/default.nix
new file mode 100644
index 0000000..c8c2ac7
--- /dev/null
+++ b/pkgs/python-cas/default.nix
@@ -0,0 +1,43 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  setuptools,
+  wheel,
+  lxml,
+  requests,
+  six,
+}:
+
+buildPythonPackage rec {
+  pname = "python-cas";
+  version = "1.6.0";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "python-cas";
+    repo = "python-cas";
+    rev = "v${version}";
+    hash = "sha256-0lpjG/Sma0tJGtahiFE1CjvTyswrBUp+F6f1S65b+lk=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+    wheel
+  ];
+
+  propagatedBuildInputs = [
+    lxml
+    requests
+    six
+  ];
+
+  pythonImportsCheck = [ "cas" ];
+
+  meta = with lib; {
+    description = "Python CAS (Central Authentication Service) client library support CAS 1.0/2.0/3.0";
+    homepage = "https://github.com/python-cas/python-cas";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+  };
+}

From 99764928c61a43c1d78f32ddc2637d86273c6137 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 16 Sep 2024 17:57:26 +0200
Subject: [PATCH 016/172] feat(nix): Rework the python environment

---
 default.nix | 45 +++++++++++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/default.nix b/default.nix
index 7f377cd..c818152 100644
--- a/default.nix
+++ b/default.nix
@@ -24,6 +24,14 @@ let
       commitizen.enable = true;
     };
   };
+
+  python = pkgs.python312.override {
+    packageOverrides =
+      self: _:
+      pkgs.lib.genAttrs (builtins.attrNames (builtins.readDir ./pkgs)) (
+        p: self.callPackage ./pkgs/${p} { }
+      );
+  };
 in
 
 {
@@ -35,26 +43,23 @@ in
       pkgs.dart-sass
 
       # Python dependencies
-      (pkgs.python312.withPackages (
-        ps:
-        [
-          ps.daphne
-          ps.django
-          ps.django-allauth
-          ps.django-compressor
-          ps.django-debug-toolbar
-          ps.django-stubs
-          ps.loadcredential
-          ps.ipython
-        ]
-        ++ (builtins.map (p: ps.callPackage ./pkgs/${p} { }) [
-          "django-browser-reload"
-          "django-bulma-forms"
-          "django-sass-processor"
-          "django-sass-processor-dart-sass"
-          "pykanidm"
-        ])
-      ))
+      (python.withPackages (ps: [
+        ps.daphne
+        ps.django
+        ps.django-allauth
+        ps.django-allauth-cas
+        ps.django-browser-reload
+        ps.django-bulma-forms
+        ps.django-compressor
+        ps.django-debug-toolbar
+        ps.django-sass-processor
+        ps.django-sass-processor-dart-sass
+        ps.django-stubs
+        ps.ipython
+        ps.loadcredential
+        ps.pykanidm
+        ps.python-cas
+      ]))
     ] ++ check.enabledPackages;
 
     env = {

From 82123717cc0830cc56b2c67d5c95561a3fd0ceec Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 16 Sep 2024 19:07:02 +0200
Subject: [PATCH 017/172] feat(app): Remove daphne

---
 default.nix         | 1 -
 src/app/settings.py | 1 -
 2 files changed, 2 deletions(-)

diff --git a/default.nix b/default.nix
index c818152..60a6190 100644
--- a/default.nix
+++ b/default.nix
@@ -44,7 +44,6 @@ in
 
       # Python dependencies
       (python.withPackages (ps: [
-        ps.daphne
         ps.django
         ps.django-allauth
         ps.django-allauth-cas
diff --git a/src/app/settings.py b/src/app/settings.py
index 0328933..08e8d03 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -24,7 +24,6 @@ ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
 # List the installed applications
 
 INSTALLED_APPS = [
-    "daphne",
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",

From fd5e036f4970748300baeb5251edc756b8c5f7db Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 16 Sep 2024 19:07:19 +0200
Subject: [PATCH 018/172] feat(profile): Add more informations

---
 src/shared/templates/account/profile.html | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 90e20ae..4627f5b 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -8,19 +8,30 @@
   </h2>
   <hr>
 
-  <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
+  {% if user.kanidm.radius_secret %}
+  <h3 class="has-text-weight-bold mb-3">Mot de passe WiFi :</h3>
 
-  <span class="button is-fullwidth">{{ user.kanidm.person.uuid }}</span>
+  <span class="button is-fullwidth is-primary is-size-4">{{ user.kanidm.radius_secret }}</span>
+  <br>
+  {% endif %}
+
+  <h3 class="has-text-weight-bold mb-3">Adresse e-mail :</h3>
+  <span class="button is-fullwidth">{{ user.email }}</span>
   <br>
 
-  <h3 class="has-text-weight-bold mb-3">Token RADIUS :</h3>
+  <h2 class="subtitle mt-4">Informations techniques</h2>
+  <hr>
 
-  <span class="button is-fullwidth">{{ user.kanidm.radius_secret }}</span>
+  <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
+
+  <span class="button is-fullwidth is-static">{{ user.kanidm.person.uuid }}</span>
   <br>
 
   <h3 class="has-text-weight-bold mb-3">Membre des groupes suivants :</h3>
 
+  <div class="grid" style="--bulma-grid-column-min: 24rem">
   {% for group in user.kanidm.person.memberof %}
-    <span class="button is-fullwidth">{{ group }}</span><br>
+    <span class="cell button is-fullwidth is-static">{{ group }}</span>
   {% endfor %}
+  </div>
 {% endblock content %}

From 0272edc266752a0afa8a416732b8ac833440eb0d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 17 Sep 2024 10:36:37 +0200
Subject: [PATCH 019/172] feat(profile): Make the password selectable on click

---
 src/shared/templates/account/profile.html | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 4627f5b..997e977 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -11,7 +11,13 @@
   {% if user.kanidm.radius_secret %}
   <h3 class="has-text-weight-bold mb-3">Mot de passe WiFi :</h3>
 
-  <span class="button is-fullwidth is-primary is-size-4">{{ user.kanidm.radius_secret }}</span>
+  <input
+    id="radius-secret"
+    onclick="document.querySelector('#radius-secret').select()"
+    class="button is-fullwidth is-primary is-size-4"
+    value="{{ user.kanidm.radius_secret }}"
+    readonly
+  />
   <br>
   {% endif %}
 

From 590ac25b8c73ab4846bffb5118f0df8cb77e5ac0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 17 Sep 2024 17:12:20 +0200
Subject: [PATCH 020/172] feat(home): Add profile link

---
 src/shared/templates/home.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
index f865627..45f2c21 100644
--- a/src/shared/templates/home.html
+++ b/src/shared/templates/home.html
@@ -1,3 +1,8 @@
 {% extends "base.html" %}
+{% load i18n %}
 
-{% block content %}{% endblock %}
+{% block content %}
+  {% if user.is_authenticated %}
+    <a class="button is-fullwidth is-size-4 is-primary has-text-dark" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
+  {% endif %}
+{% endblock content %}

From 763c2dfcbbe43fe7f3c3489e96ba24a580813737 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 17 Sep 2024 17:12:45 +0200
Subject: [PATCH 021/172] feat(profile): Add translations and tweak template

---
 src/shared/templates/account/profile.html | 30 +++++++++++++++++------
 src/shared/templates/base.html            |  2 ++
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 997e977..39d5a29 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -1,15 +1,23 @@
 {% extends "base.html" %}
 {% load i18n %}
 
+{% block extra_head %}
+  <style>
+    .grid.groups {
+      --bulma-grid-column-min: 24rem;
+    }
+  </style>
+{% endblock extra_head %}
+
 {% block content %}
   <h2 class="subtitle">
-    <span>Profil de {{ user.kanidm.person.displayname }}</span>
+    <span>{% blocktrans with displayname=user.kanidm.person.displayname %}Profil de {{ displayname }}{% endblocktrans %}</span>
     <span class="tag is-primary is-medium is-pulled-right">{{ user.kanidm.person.name }}</span>
   </h2>
   <hr>
 
   {% if user.kanidm.radius_secret %}
-  <h3 class="has-text-weight-bold mb-3">Mot de passe WiFi :</h3>
+  <h3 class="has-text-weight-bold mb-3">{% trans "Mot de passe WiFi :" %}</h3>
 
   <input
     id="radius-secret"
@@ -21,21 +29,27 @@
   <br>
   {% endif %}
 
-  <h3 class="has-text-weight-bold mb-3">Adresse e-mail :</h3>
+  <h3 class="has-text-weight-bold mb-3">{% trans "Adresse e-mail :" %}</h3>
   <span class="button is-fullwidth">{{ user.email }}</span>
   <br>
 
-  <h2 class="subtitle mt-4">Informations techniques</h2>
+  <h2 class="subtitle mt-4">{% trans "Informations techniques" %}</h2>
   <hr>
 
-  <h3 class="has-text-weight-bold mb-3">Identifiant unique :</h3>
+  <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant unique :" %}</h3>
 
-  <span class="button is-fullwidth is-static">{{ user.kanidm.person.uuid }}</span>
+  <input
+    id="uuid"
+    onclick="document.querySelector('#uuid').select()"
+    class="button is-fullwidth"
+    value="{{ user.kanidm.person.uuid }}"
+    readonly
+  />
   <br>
 
-  <h3 class="has-text-weight-bold mb-3">Membre des groupes suivants :</h3>
+  <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
 
-  <div class="grid" style="--bulma-grid-column-min: 24rem">
+  <div class="grid groups">
   {% for group in user.kanidm.person.memberof %}
     <span class="cell button is-fullwidth is-static">{{ group }}</span>
   {% endfor %}
diff --git a/src/shared/templates/base.html b/src/shared/templates/base.html
index 3432ddc..8f5d395 100644
--- a/src/shared/templates/base.html
+++ b/src/shared/templates/base.html
@@ -7,6 +7,8 @@
     <meta name="description" content="Système d'information de la DGNum" />
     <title>DGNum</title>
 
+    {% block extra_head %}{% endblock extra_head %}
+
     {% include "_links.html" %}
   </head>
 

From 1732249a2ddc79907a1a5f2405dd3146de9639c9 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 22:14:40 +0200
Subject: [PATCH 022/172] feat(pkgs): Add django-allauth and django-allauth-cas

---
 pkgs/django-allauth-cas/02-registry.patch | 39 +++++++++
 pkgs/django-allauth-cas/default.nix       |  5 +-
 pkgs/django-allauth/default.nix           | 96 +++++++++++++++++++++++
 src/app/settings.py                       |  2 +
 src/shared/cas/__init__.py                |  0
 src/shared/cas/provider.py                | 11 +++
 src/shared/cas/urls.py                    |  5 ++
 src/shared/cas/views.py                   | 14 ++++
 8 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/django-allauth-cas/02-registry.patch
 create mode 100644 pkgs/django-allauth/default.nix
 create mode 100644 src/shared/cas/__init__.py
 create mode 100644 src/shared/cas/provider.py
 create mode 100644 src/shared/cas/urls.py
 create mode 100644 src/shared/cas/views.py

diff --git a/pkgs/django-allauth-cas/02-registry.patch b/pkgs/django-allauth-cas/02-registry.patch
new file mode 100644
index 0000000..cfd905f
--- /dev/null
+++ b/pkgs/django-allauth-cas/02-registry.patch
@@ -0,0 +1,39 @@
+diff --git a/allauth_cas/signals.py b/allauth_cas/signals.py
+index 36c9b24..530c26e 100644
+--- a/allauth_cas/signals.py
++++ b/allauth_cas/signals.py
+@@ -1,4 +1,4 @@
+-from allauth.account.adapter import get_adapter
++from allauth.socialaccount.adapter import get_adapter
+ from allauth.account.utils import get_next_redirect_url
+ from allauth.socialaccount import providers
+ from django.contrib.auth.signals import user_logged_out
+@@ -14,7 +14,7 @@ def cas_account_logout(sender, request, **kwargs):
+     if not provider_id:
+         return
+ 
+-    provider = providers.registry.by_id(provider_id, request)
++    provider = get_adapter(request).get_provider(request, provider_id)
+ 
+     if not provider.message_suggest_caslogout_on_logout(request):
+         return
+diff --git a/allauth_cas/views.py b/allauth_cas/views.py
+index d08e354..9e81e53 100644
+--- a/allauth_cas/views.py
++++ b/allauth_cas/views.py
+@@ -1,5 +1,5 @@
+ import cas
+-from allauth.account.adapter import get_adapter
++from allauth.socialaccount.adapter import get_adapter
+ from allauth.account.utils import get_next_redirect_url
+ from allauth.socialaccount import providers
+ from allauth.socialaccount.helpers import (
+@@ -56,7 +56,7 @@ class CASAdapter:
+         """
+         Returns a provider instance for the current request.
+         """
+-        return providers.registry.by_id(self.provider_id, self.request)
++        return get_adapter(self.request).get_provider(self.request, self.provider_id)
+ 
+     def complete_login(self, request, response):
+         """
diff --git a/pkgs/django-allauth-cas/default.nix b/pkgs/django-allauth-cas/default.nix
index 8721e21..7914852 100644
--- a/pkgs/django-allauth-cas/default.nix
+++ b/pkgs/django-allauth-cas/default.nix
@@ -20,7 +20,10 @@ buildPythonPackage rec {
     hash = "sha256-y/IquXl/4+9MJmsgbWtPun3tBbRJ4kJFzWo5c+5WeHk=";
   };
 
-  patches = [ ./01-setup.patch ];
+  patches = [
+    ./01-setup.patch
+    ./02-registry.patch
+  ];
 
   build-system = [
     setuptools
diff --git a/pkgs/django-allauth/default.nix b/pkgs/django-allauth/default.nix
new file mode 100644
index 0000000..509c3b1
--- /dev/null
+++ b/pkgs/django-allauth/default.nix
@@ -0,0 +1,96 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  pythonOlder,
+  # build-system
+  setuptools,
+  # dependencies
+  django,
+  python3-openid,
+  requests,
+  requests-oauthlib,
+  pyjwt,
+  # optional-dependencies
+  python3-saml,
+  qrcode,
+  fido2,
+  # tests
+  pillow,
+  pytestCheckHook,
+  pytest-django,
+  # passthru tests
+  dj-rest-auth,
+}:
+
+buildPythonPackage rec {
+  pname = "django-allauth";
+  version = "64.2.1";
+  pyproject = true;
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "pennersr";
+    repo = "django-allauth";
+    rev = "refs/tags/${version}";
+    hash = "sha256-JKjM+zqrXidxpbi+fo6wbvdXlw2oDYH51EsvQ5yp3R8=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+  ];
+
+  propagatedBuildInputs = [
+    django
+  ];
+
+  passthru.optional-dependencies = {
+    mfa = [
+      qrcode
+      fido2
+    ];
+    openid = [
+      python3-openid
+    ];
+    saml = [
+      python3-saml
+    ];
+    socialaccount = [
+      pyjwt
+      requests
+      requests-oauthlib
+    ] ++ pyjwt.optional-dependencies.crypto;
+    steam = [
+      python3-openid
+    ];
+  };
+
+  pythonImportsCheck = [
+    "allauth"
+  ];
+
+  nativeCheckInputs = [
+    pillow
+    pytestCheckHook
+    pytest-django
+  ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);
+
+  disabledTests = [
+    # Tests require network access
+    "test_login"
+  ];
+
+  passthru.tests = {
+    inherit dj-rest-auth;
+  };
+
+  meta = with lib; {
+    changelog = "https://github.com/pennersr/django-allauth/blob/${version}/ChangeLog.rst";
+    description = "Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication";
+    downloadPage = "https://github.com/pennersr/django-allauth";
+    homepage = "https://www.intenct.nl/projects/django-allauth";
+    license = licenses.mit;
+    maintainers = with maintainers; [ derdennisop ];
+  };
+}
diff --git a/src/app/settings.py b/src/app/settings.py
index 08e8d03..abca0ea 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -37,6 +37,8 @@ INSTALLED_APPS = [
     "allauth.account",
     "allauth.socialaccount",
     "allauth.socialaccount.providers.openid_connect",
+    "allauth_cas",
+    "shared.cas",
     # Main app
     "dgsi",
 ]
diff --git a/src/shared/cas/__init__.py b/src/shared/cas/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/shared/cas/provider.py b/src/shared/cas/provider.py
new file mode 100644
index 0000000..fea3fa4
--- /dev/null
+++ b/src/shared/cas/provider.py
@@ -0,0 +1,11 @@
+from allauth.socialaccount.providers.base import ProviderAccount
+from allauth_cas.providers import CASProvider as Provider
+
+
+class CASProvider(Provider):
+    id = "cas"  # Choose an identifier for your provider
+    name = "CAS ENS"  # Verbose name of your provider
+    account_class = ProviderAccount
+
+
+provider_classes = [CASProvider]
diff --git a/src/shared/cas/urls.py b/src/shared/cas/urls.py
new file mode 100644
index 0000000..34c1ea1
--- /dev/null
+++ b/src/shared/cas/urls.py
@@ -0,0 +1,5 @@
+from allauth_cas.urls import default_urlpatterns
+
+from .provider import CASProvider
+
+urlpatterns = default_urlpatterns(CASProvider)
diff --git a/src/shared/cas/views.py b/src/shared/cas/views.py
new file mode 100644
index 0000000..51bfd00
--- /dev/null
+++ b/src/shared/cas/views.py
@@ -0,0 +1,14 @@
+from allauth_cas.views import CASAdapter as Adapter
+from allauth_cas.views import CASCallbackView, CASLoginView
+
+from .provider import CASProvider
+
+
+class CASAdapter(Adapter):
+    provider_id = CASProvider.id
+    url = "https://cas.eleves.ens.fr"
+    version = 3
+
+
+login = CASLoginView.adapter_view(CASAdapter)
+callback = CASCallbackView.adapter_view(CASAdapter)

From 1d2f4a5866846f7dabc2d0b58816df73b17779f2 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 22:19:33 +0200
Subject: [PATCH 023/172] feat(account): Use a custom adpater

---
 src/app/settings.py   | 20 +++++++++++++++-----
 src/shared/account.py | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index abca0ea..59c3418 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -111,11 +111,6 @@ AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
-ACCOUNT_ADAPTER = "shared.account.AccountAdapter"
-ACCOUNT_CHANGE_EMAIL = True
-ACCOUNT_EMAIL_NOTIFICATIONS = True
-
-SOCIALACCOUNT_ONLY = True
 SOCIALACCOUNT_PROVIDERS = {
     "openid_connect": {
         "OAUTH_PKCE_ENABLED": True,
@@ -127,12 +122,25 @@ SOCIALACCOUNT_PROVIDERS = {
                 "secret": credentials["KANIDM_SECRET"],
                 "settings": {
                     "server_url": f"https://sso.dgnum.eu/oauth2/openid/{credentials['KANIDM_CLIENT']}",
+                    "color": "primary",
                 },
             }
         ],
     },
+    "cas": {
+        "APP": {
+            "provider_id": "ens_cas",
+            "name": "CAS ENS",
+            "settings": {"color": "danger"},
+        },
+    },
 }
 
+SOCIALACCOUNT_ONLY = True
+SOCIALACCOUNT_ADAPTER = "shared.account.SharedAccountAdapter"
+ACCOUNT_EMAIL_VERIFICATION = "none"
+ACCOUNT_AUTHENTICATION_METHOD = "username"
+
 AUTH_PASSWORD_VALIDATORS = []
 AUTH_USER_MODEL = "dgsi.User"
 
@@ -206,6 +214,8 @@ if DEBUG:
         "django_browser_reload.middleware.BrowserReloadMiddleware",
     ]
 
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+
     INTERNAL_IPS = ["127.0.0.1"]
 
     DEBUG_TOOLBAR_CONFIG = {"INSERT_BEFORE": "</footer>"}
diff --git a/src/shared/account.py b/src/shared/account.py
index 544fcd4..601cccb 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -1,10 +1,35 @@
-from allauth.account.adapter import DefaultAccountAdapter
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.models import SocialLogin
+
+from dgsi.models import User
 
 
-class AccountAdapter(DefaultAccountAdapter):
+class SharedAccountAdapter(DefaultSocialAccountAdapter):
     """
-    Overrides the Account Adapter.
+    Overrides the Account Adapter, to allow a simpler connection via CAS.
     """
 
-    def is_open_for_signup(self, request):
-        return False
+    def pre_social_login(self, request, sociallogin):
+        match sociallogin.account.provider:
+            # TODO: Add a correspondance table between ENS logins and ours
+            case "ens_cas":
+                # In this case, the username is located in extra_data["uid"]
+                username = sociallogin.account.extra_data["uid"]
+            case "kanidm":
+                username = sociallogin.account.extra_data["preferred_username"]
+            case _p:
+                raise KeyError(f"No sociallogin '{_p}' is supposed to exist.")
+
+        try:
+            # Connect an existing user if the login already exists, even if it
+            # with another social method
+            user = User.objects.get(username=username)
+            sociallogin.connect(request, user)
+        except User.DoesNotExist:
+            pass
+
+    def populate_user(self, request, sociallogin, data):
+        return super().populate_user(request, sociallogin, data)
+
+    def save_user(self, request, sociallogin: SocialLogin, form=None):
+        return super().save_user(request, sociallogin, form)

From 97535a6bc0baa15b469236a92f60270ca267945b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 22:20:05 +0200
Subject: [PATCH 024/172] fix(models): Don't crash when no kanidm profile
 exists

---
 src/dgsi/models.py | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index b60cd1d..70c2b4d 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -4,6 +4,7 @@ from typing import Optional
 
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
+from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
 
 from shared.kanidm import client
@@ -23,14 +24,19 @@ class User(AbstractUser):
     """
 
     @cached_property
-    def kanidm(self) -> KanidmProfile:
-        radius_data = async_to_sync(client.get_radius_token)(self.username).data
+    def kanidm(self) -> Optional[KanidmProfile]:
+        try:
+            radius_data = async_to_sync(client.get_radius_token)(self.username).data
 
-        return KanidmProfile(
-            person=async_to_sync(client.person_account_get)(self.username),
-            radius_secret=radius_data and radius_data.get("secret"),
-        )
+            return KanidmProfile(
+                person=async_to_sync(client.person_account_get)(self.username),
+                radius_secret=radius_data and radius_data.get("secret"),
+            )
+        except NoMatchingEntries:
+            return None
 
     @property
     def is_admin(self) -> bool:
-        return ADMIN_GROUP in self.kanidm.person.memberof
+        return (self.kanidm is not None) and (
+            ADMIN_GROUP in self.kanidm.person.memberof
+        )

From 35d6a7fa8ceadb45a79371a5308725d2be9a64c3 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 22:20:17 +0200
Subject: [PATCH 025/172] feat(templates): Tweak

---
 src/shared/templates/_hero.html                |  2 +-
 .../templates/allauth/elements/provider.html   |  2 +-
 src/shared/templates/login.html                |  2 +-
 .../socialaccount/snippets/provider_list.html  | 18 ++++++++++++++++++
 4 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 src/shared/templates/socialaccount/snippets/provider_list.html

diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index e482ce2..4fd16c8 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -21,7 +21,7 @@
             </span>
           </a>
           {% else %}
-          <a href="{% url 'login' %}" class="button is-light is-pulled-right">
+          <a href="{% url 'account_login' %}" class="button is-light is-pulled-right">
             <span>
               <span>{% trans "Connexion" %}</span>
               <span class="icon">
diff --git a/src/shared/templates/allauth/elements/provider.html b/src/shared/templates/allauth/elements/provider.html
index 36bc3f7..89b8094 100644
--- a/src/shared/templates/allauth/elements/provider.html
+++ b/src/shared/templates/allauth/elements/provider.html
@@ -1 +1 @@
-<a class="cell button is-primary is-light" title="{{ attrs.name }}" href="{{ attrs.href }}">{{ attrs.name }}</a>
+<a class="cell button is-{{ attrs.color }} is-light py-4" title="{{ attrs.name }}" href="{{ attrs.href }}">{{ attrs.name }}</a>
diff --git a/src/shared/templates/login.html b/src/shared/templates/login.html
index 03e6ca0..d6a5160 100644
--- a/src/shared/templates/login.html
+++ b/src/shared/templates/login.html
@@ -15,7 +15,7 @@
         </span>
       </a>
 
-      <a href="{% provider_login_url 'kanidm' %}"
+      <a href="{% provider_login_url 'ens_cas' %}"
          class="cell has-background-primary p-6 has-radius-normal has-text-centered has-text-white">
         <span class="icon-text">
           <span class="icon">
diff --git a/src/shared/templates/socialaccount/snippets/provider_list.html b/src/shared/templates/socialaccount/snippets/provider_list.html
new file mode 100644
index 0000000..87a3119
--- /dev/null
+++ b/src/shared/templates/socialaccount/snippets/provider_list.html
@@ -0,0 +1,18 @@
+{% load allauth socialaccount %}
+{% get_providers as socialaccount_providers %}
+{% if socialaccount_providers %}
+    {% element provider_list %}
+        {% for provider in socialaccount_providers %}
+            {% if provider.id == "openid" %}
+                {% for brand in provider.get_brands %}
+                    {% provider_login_url provider openid=brand.openid_url process=process as href %}
+                    {% element provider name=brand.name provider_id=provider.id href=href color=provider.app.settings.color %}
+                    {% endelement %}
+                {% endfor %}
+            {% endif %}
+            {% provider_login_url provider process=process scope=scope auth_params=auth_params as href %}
+            {% element provider name=provider.name provider_id=provider.id href=href color=provider.app.settings.color %}
+            {% endelement %}
+        {% endfor %}
+    {% endelement %}
+{% endif %}

From c3f0e703847a4886341ce745357c17562f8bf59d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 22:32:44 +0200
Subject: [PATCH 026/172] feat(profile): Use the local name, add a notification
 when no dgn account exists

---
 src/dgsi/views.py                         | 9 +++++++++
 src/shared/templates/account/profile.html | 8 ++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 5515f8f..cb3c4f7 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -8,6 +8,15 @@ from dgsi.models import User
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "account/profile.html"
 
+    def get_context_data(self, **kwargs):
+        u = self.request.user
+        assert isinstance(u, User)
+
+        return super().get_context_data(
+            displayname=f"{u.first_name} {u.last_name}",
+            **kwargs,
+        )
+
 
 class CreateUserView(StaffRequiredMixin, CreateView):
     model = User
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 39d5a29..14a90dc 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -11,8 +11,8 @@
 
 {% block content %}
   <h2 class="subtitle">
-    <span>{% blocktrans with displayname=user.kanidm.person.displayname %}Profil de {{ displayname }}{% endblocktrans %}</span>
-    <span class="tag is-primary is-medium is-pulled-right">{{ user.kanidm.person.name }}</span>
+    <span>{% blocktrans %}Profil de {{ displayname }}{% endblocktrans %}</span>
+    <span class="tag is-primary is-medium is-pulled-right">{{ user.username }}</span>
   </h2>
   <hr>
 
@@ -33,6 +33,7 @@
   <span class="button is-fullwidth">{{ user.email }}</span>
   <br>
 
+  {% if user.kanidm %}
   <h2 class="subtitle mt-4">{% trans "Informations techniques" %}</h2>
   <hr>
 
@@ -54,4 +55,7 @@
     <span class="cell button is-fullwidth is-static">{{ group }}</span>
   {% endfor %}
   </div>
+  {% else %}
+    <div class="notification px-5 py-5 is-warning is-light has-text-centered is-size-4 mt-6">{% trans "Pas de compte DGNum répertorié." %}</div>
+  {% endif %}
 {% endblock content %}

From 5af8e2fd24601ac579bfec521df03e970e0e06dc Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 18 Sep 2024 23:00:36 +0200
Subject: [PATCH 027/172] feat(account): Prevent connections from some
 categories of users

---
 src/shared/account.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/shared/account.py b/src/shared/account.py
index 601cccb..0210a79 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -1,5 +1,7 @@
+from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
+from django.http import HttpResponseRedirect
 
 from dgsi.models import User
 
@@ -15,6 +17,16 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
             case "ens_cas":
                 # In this case, the username is located in extra_data["uid"]
                 username = sociallogin.account.extra_data["uid"]
+
+                # Validate that the user is a regular one
+                home = sociallogin.account.extra_data["homeDirectory"].split("/")
+
+                if (home[1] != "users") or (
+                    home[2]
+                    in ["absint", "algo", "grecc", "guests", "spi", "spi1", "staffs"]
+                ):
+                    raise ImmediateHttpResponse(HttpResponseRedirect("/"))
+
             case "kanidm":
                 username = sociallogin.account.extra_data["preferred_username"]
             case _p:

From cd8859f610aa88b6cbe392c4b8bc8a60bd66e94d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 19 Sep 2024 09:14:42 +0200
Subject: [PATCH 028/172] feat(account): Add a template with a message when a
 CAS account is forbidden

---
 src/dgsi/urls.py                                     | 5 +++++
 src/shared/account.py                                | 5 ++++-
 src/shared/templates/account/forbidden_category.html | 8 ++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 src/shared/templates/account/forbidden_category.html

diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 38c0e0c..2555ae0 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -7,4 +7,9 @@ app_name = "dgsi"
 urlpatterns = [
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
     path("accounts/create/", views.CreateUserView.as_view(), name="dgn-create_user"),
+    path(
+        "accounts/forbidden/",
+        views.TemplateView.as_view(template_name="account/forbidden_category.html"),
+        name="dgn-forbidden_account",
+    ),
 ]
diff --git a/src/shared/account.py b/src/shared/account.py
index 0210a79..31eb5ad 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -2,6 +2,7 @@ from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
 from django.http import HttpResponseRedirect
+from django.urls import reverse
 
 from dgsi.models import User
 
@@ -25,7 +26,9 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
                     home[2]
                     in ["absint", "algo", "grecc", "guests", "spi", "spi1", "staffs"]
                 ):
-                    raise ImmediateHttpResponse(HttpResponseRedirect("/"))
+                    raise ImmediateHttpResponse(
+                        HttpResponseRedirect(reverse("dgsi:dgn-forbidden_account"))
+                    )
 
             case "kanidm":
                 username = sociallogin.account.extra_data["preferred_username"]
diff --git a/src/shared/templates/account/forbidden_category.html b/src/shared/templates/account/forbidden_category.html
new file mode 100644
index 0000000..1892cce
--- /dev/null
+++ b/src/shared/templates/account/forbidden_category.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block content %}
+  <div class="notification is-warning is-light px-5 py-5 has-text-centered is-size-5">
+    {% blocktrans %}Votre catégorie de compte ENS ne permet pas de vous identifier auprès de la DGNum.<br>Si vous pensez qu'il s'agit une erreur, merci de contacter la DGNum à l'adresse : <a href="mailto:contact@dgnum.eu">contact@dgnum.eu</a>{% endblocktrans  %}
+  </div>
+{% endblock content %}

From 36ccc6be24a7df9acf1505df86f43c98ca10e5cb Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 19 Sep 2024 11:37:45 +0200
Subject: [PATCH 029/172] feat(account): Add a view to create accounts

TODO: include the reset mechanism for the password
---
 src/dgsi/forms.py                             | 35 +++++++++++++++++++
 src/dgsi/urls.py                              |  6 +++-
 src/dgsi/views.py                             | 31 ++++++++++++++--
 .../templates/account/create_kanidm.html      | 14 ++++++++
 src/shared/templates/home.html                |  5 ++-
 5 files changed, 86 insertions(+), 5 deletions(-)
 create mode 100644 src/dgsi/forms.py
 create mode 100644 src/shared/templates/account/create_kanidm.html

diff --git a/src/dgsi/forms.py b/src/dgsi/forms.py
new file mode 100644
index 0000000..2bc31a7
--- /dev/null
+++ b/src/dgsi/forms.py
@@ -0,0 +1,35 @@
+from asgiref.sync import async_to_sync
+from django.core.exceptions import ValidationError
+from django.forms import BooleanField, CharField, EmailField, forms
+from django.utils.translation import gettext_lazy as _
+
+from shared.kanidm import client
+
+
+@async_to_sync
+async def name_validator(value: str) -> None:
+    try:
+        await client.person_account_get(value)
+    except ValueError:
+        return
+
+    raise ValidationError(_("Identifiant déjà présent dans la base de données."))
+
+
+class CreateKanidmAccountForm(forms.Form):
+    # TODO: Add a field for the clipper login information for the local mapping
+    name = CharField(
+        label=_("Identifiant"),
+        help_text=_("De préférence identique au login ENS de la personne concernée"),
+        validators=[name_validator],
+    )
+    displayname = CharField(label=_("Nom d'usage"))
+    mail = EmailField(
+        label=_("Adresse e-mail"),
+        help_text=_("De préférence l'adresse '@ens.psl.eu'"),
+    )
+    active = BooleanField(
+        label=_("Membre actif"),
+        help_text=_("Si selectionné, la personne sera ajoutée au groupe dgnum_members"),
+        required=False,
+    )
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 2555ae0..09cd361 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -6,7 +6,11 @@ app_name = "dgsi"
 
 urlpatterns = [
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
-    path("accounts/create/", views.CreateUserView.as_view(), name="dgn-create_user"),
+    path(
+        "accounts/create-kanidm/",
+        views.CreateKanidmAccountView.as_view(),
+        name="dgn-create_user",
+    ),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="account/forbidden_category.html"),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index cb3c4f7..f1e5d95 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,8 +1,12 @@
+from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.views.generic import CreateView, TemplateView
+from django.urls import reverse_lazy
+from django.views.generic import FormView, TemplateView
 
+from dgsi.forms import CreateKanidmAccountForm
 from dgsi.mixins import StaffRequiredMixin
 from dgsi.models import User
+from shared.kanidm import client
 
 
 class ProfileView(LoginRequiredMixin, TemplateView):
@@ -18,5 +22,26 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
-class CreateUserView(StaffRequiredMixin, CreateView):
-    model = User
+class CreateKanidmAccountView(StaffRequiredMixin, FormView):
+    form_class = CreateKanidmAccountForm
+    template_name = "account/create_kanidm.html"
+
+    success_url = reverse_lazy("dgsi:dgn-create_user")
+
+    @async_to_sync
+    async def form_valid(self, form):
+        d = form.cleaned_data
+
+        # Create the base account
+        await client.person_account_create(d["name"], d["displayname"])
+
+        # Update the information
+        await client.person_account_update(d["name"], mail=d["mail"])
+
+        # If necessary, add the user to the active members group
+        if d["active"]:
+            await client.group_add_members("dgnum_members", [d["name"]])
+
+        # TODO: Generate a reset token, and update it
+
+        return super().form_valid(form)
diff --git a/src/shared/templates/account/create_kanidm.html b/src/shared/templates/account/create_kanidm.html
new file mode 100644
index 0000000..2ccb838
--- /dev/null
+++ b/src/shared/templates/account/create_kanidm.html
@@ -0,0 +1,14 @@
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Création de compte Kanidm" %}</h2>
+  <hr>
+
+  <form class="container is-max-tablet" method="post">
+    {% csrf_token %}
+    {% include "bulma/form.html" with form=form %}
+
+    <button class="button is-fullwidth mt-6">{% trans "Enregistrer" %}</button>
+  </form>
+{% endblock content %}
diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
index 45f2c21..a0b0968 100644
--- a/src/shared/templates/home.html
+++ b/src/shared/templates/home.html
@@ -3,6 +3,9 @@
 
 {% block content %}
   {% if user.is_authenticated %}
-    <a class="button is-fullwidth is-size-4 is-primary has-text-dark" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
+    <a class="button is-fullwidth is-size-4 is-primary has-text-dark block" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
+  {% endif %}
+  {% if user.is_admin %}
+    <a class="button is-fullwidth is-size-4 is-danger has-text-dark block" href="{% url 'dgsi:dgn-create_user' %}">{% trans "Créer un nouveau compte" %}</a>
   {% endif %}
 {% endblock content %}

From ea3c5cf6fd94b959414b1a382b1ad56d5f4eb2b5 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 19 Sep 2024 11:40:16 +0200
Subject: [PATCH 030/172] fix(mixins): Use the correct test function

---
 src/dgsi/mixins.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index dcb6d70..90deae0 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -7,8 +7,8 @@ from dgsi.models import User
 class StaffRequiredMixin(UserPassesTestMixin):
     request: HttpRequest
 
-    def test_func(self) -> bool | None:
-        if self.request.user.is_authenticated:
+    def test_func(self) -> bool:
+        if not self.request.user.is_authenticated:
             return False
 
         assert isinstance(self.request.user, User)

From 283815d55504353d0e6931bdbf35c0a10229a4a9 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 19 Sep 2024 11:59:24 +0200
Subject: [PATCH 031/172] fix(create_user): Kanidm expects a list of email
 addresses

---
 src/dgsi/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index f1e5d95..86f1651 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -36,7 +36,7 @@ class CreateKanidmAccountView(StaffRequiredMixin, FormView):
         await client.person_account_create(d["name"], d["displayname"])
 
         # Update the information
-        await client.person_account_update(d["name"], mail=d["mail"])
+        await client.person_account_update(d["name"], mail=[d["mail"]])
 
         # If necessary, add the user to the active members group
         if d["active"]:

From 7c11b0de4bbf20394929258861dfc987ddcc1f6e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 19 Sep 2024 13:03:09 +0200
Subject: [PATCH 032/172] feat(create_user): Send an email with the credentials
 reset link

---
 src/dgsi/views.py                             | 26 ++++++++++++++++++-
 .../templates/mail/credentials_reset.txt      | 17 ++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 src/shared/templates/mail/credentials_reset.txt

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 86f1651..742da24 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,5 +1,7 @@
 from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.core.mail import EmailMessage
+from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.views.generic import FormView, TemplateView
 
@@ -30,6 +32,8 @@ class CreateKanidmAccountView(StaffRequiredMixin, FormView):
 
     @async_to_sync
     async def form_valid(self, form):
+        ttl = 86400  # 24h
+
         d = form.cleaned_data
 
         # Create the base account
@@ -42,6 +46,26 @@ class CreateKanidmAccountView(StaffRequiredMixin, FormView):
         if d["active"]:
             await client.group_add_members("dgnum_members", [d["name"]])
 
-        # TODO: Generate a reset token, and update it
+        # FIXME: Will maybe change when kanidm gets its shit together and switches to POST
+        r = await client.call_get(
+            f"/v1/person/{d['name']}/_credential/_update_intent/{ttl}"
+        )
+
+        assert r.data is not None
+
+        token: str = r.data["token"]
+        link = f"https://sso.dgnum.eu/ui/reset?token={token}"
+
+        # Send an email to the new user with the given email address
+        EmailMessage(
+            subject="Réinitialisation de mot de passe DGNum -- DGNum password reset",
+            body=render_to_string(
+                "mail/credentials_reset.txt",
+                context={"link": link},
+            ),
+            from_email="To Be Determined <dgsi@infra.dgnum.eu>",
+            to=[d["mail"]],
+            headers={"Reply-To": "contact@dgnum.eu"},
+        ).send()
 
         return super().form_valid(form)
diff --git a/src/shared/templates/mail/credentials_reset.txt b/src/shared/templates/mail/credentials_reset.txt
new file mode 100644
index 0000000..f20a603
--- /dev/null
+++ b/src/shared/templates/mail/credentials_reset.txt
@@ -0,0 +1,17 @@
+Bonjour,
+
+Une demande de réinitialisation de votre mot de passe DGNum a été effectuée.
+
+Pour mettre à jour vos moyens de connexion, merci de vous rendre à l'adresse : {{ link }}
+
+-- 
+
+Hello,
+
+A request to reset your DGNum password has been made.
+
+To update your login details, please go to: {{ link }}
+
+
+Bien cordialement,
+La Délégation Générale Numérique

From e31731f8e6ca1e787064a2ba58eb72ec5b0e1079 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 21 Sep 2024 23:01:21 +0200
Subject: [PATCH 033/172] feat(apps): Install django-unfold

---
 default.nix                    |  1 +
 pkgs/django-unfold/default.nix | 40 ++++++++++++++++++++++++++++++++++
 src/app/settings.py            |  1 +
 src/app/urls.py                |  2 +-
 4 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/django-unfold/default.nix

diff --git a/default.nix b/default.nix
index 60a6190..33d30c0 100644
--- a/default.nix
+++ b/default.nix
@@ -54,6 +54,7 @@ in
         ps.django-sass-processor
         ps.django-sass-processor-dart-sass
         ps.django-stubs
+        ps.django-unfold
         ps.ipython
         ps.loadcredential
         ps.pykanidm
diff --git a/pkgs/django-unfold/default.nix b/pkgs/django-unfold/default.nix
new file mode 100644
index 0000000..a6d1889
--- /dev/null
+++ b/pkgs/django-unfold/default.nix
@@ -0,0 +1,40 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  poetry-core,
+  django,
+}:
+
+buildPythonPackage rec {
+  pname = "django-unfold";
+  version = "0.39.0";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "unfoldadmin";
+    repo = "django-unfold";
+    rev = version;
+    hash = "sha256-CmmlTx2eLcANc6ANy25ii1KVebkmUEJmDCe+/RwakAg=";
+  };
+
+  build-system = [
+    poetry-core
+  ];
+
+  dependencies = [
+    django
+  ];
+
+  pythonImportsCheck = [
+    "unfold"
+  ];
+
+  meta = {
+    description = "Modern Django admin theme for seamless interface development";
+    homepage = "https://github.com/unfoldadmin/django-unfold";
+    changelog = "https://github.com/unfoldadmin/django-unfold/blob/${src.rev}/CHANGELOG.md";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ ];
+  };
+}
diff --git a/src/app/settings.py b/src/app/settings.py
index 59c3418..dd6ea60 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -24,6 +24,7 @@ ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
 # List the installed applications
 
 INSTALLED_APPS = [
+    "unfold",
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
diff --git a/src/app/urls.py b/src/app/urls.py
index 19fb416..7a3942a 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -25,11 +25,11 @@ urlpatterns = [
     path("login", TemplateView.as_view(template_name="login.html"), name="login"),
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
+    path("admin/", admin.site.urls),
 ]
 
 if settings.DEBUG:
     urlpatterns += [
-        path("admin/", admin.site.urls),
         path("__reload__/", include("django_browser_reload.urls")),
         path("__debug__/", include("debug_toolbar.urls")),
     ] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

From 5ec6a482ccad8175ea457a55f62a088cf53f706b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 21 Sep 2024 23:01:42 +0200
Subject: [PATCH 034/172] feat(accounts): Copy distant attributes

---
 src/shared/account.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/shared/account.py b/src/shared/account.py
index 31eb5ad..863d1c7 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -41,7 +41,13 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
             user = User.objects.get(username=username)
             sociallogin.connect(request, user)
         except User.DoesNotExist:
-            pass
+            return
+
+        # We now know that a user exists, copy the distant attributes
+        user.is_staff = user.is_admin
+        user.is_superuser = user.is_admin
+
+        user.save()
 
     def populate_user(self, request, sociallogin, data):
         return super().populate_user(request, sociallogin, data)

From 01597ffb7b5dec58112a56321d50ee448815662e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 21 Sep 2024 23:01:59 +0200
Subject: [PATCH 035/172] feat(home): Add a link to the admin panel

---
 src/shared/templates/home.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
index a0b0968..6cb248e 100644
--- a/src/shared/templates/home.html
+++ b/src/shared/templates/home.html
@@ -7,5 +7,6 @@
   {% endif %}
   {% if user.is_admin %}
     <a class="button is-fullwidth is-size-4 is-danger has-text-dark block" href="{% url 'dgsi:dgn-create_user' %}">{% trans "Créer un nouveau compte" %}</a>
+    <a class="button is-fullwidth is-size-4 is-warning has-text-dark block" href="{% url 'admin:index' %}">{% trans "Interface admin" %}</a>
   {% endif %}
 {% endblock content %}

From ef80f9389bc74103966a5760a2e62fa5b986ec7e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 22 Sep 2024 20:12:52 +0200
Subject: [PATCH 036/172] feat(messages): Add support for dismissable
 notifications

---
 src/app/settings.py                | 13 +++++++++++++
 src/dgsi/views.py                  |  5 ++++-
 src/shared/static/bulma/bulma.scss | 13 +++++++++++++
 src/shared/static/js/dgsi.js       | 11 +++++++++++
 src/shared/templates/_links.html   |  3 +++
 src/shared/templates/base.html     | 12 +++++++++++-
 6 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 src/shared/static/js/dgsi.js

diff --git a/src/app/settings.py b/src/app/settings.py
index dd6ea60..879214d 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -4,6 +4,7 @@ Django settings for the DGSI project.
 
 from pathlib import Path
 
+from django.contrib.messages import constants as messages
 from loadcredential import Credentials
 
 credentials = Credentials(env_prefix="DGSI_")
@@ -201,6 +202,18 @@ SASS_PROCESSOR_ENABLED = True
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
 
+##
+# Messages configuration
+
+MESSAGE_TAGS = {
+    messages.DEBUG: "is-dark",
+    messages.INFO: "is-primary",
+    messages.SUCCESS: "is-success",
+    messages.WARNING: "is-warning",
+    messages.ERROR: "is-danger",
+}
+
+
 ###
 # Extend settings when running in dev mode
 
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 742da24..b4e73be 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,8 +1,10 @@
 from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.core.mail import EmailMessage
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
+from django.utils.translation import gettext_lazy as _
 from django.views.generic import FormView, TemplateView
 
 from dgsi.forms import CreateKanidmAccountForm
@@ -24,9 +26,10 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
-class CreateKanidmAccountView(StaffRequiredMixin, FormView):
+class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView):
     form_class = CreateKanidmAccountForm
     template_name = "account/create_kanidm.html"
+    success_message = _("Compte DGNum pour %(displayname)s [%(name)s] créé.")
 
     success_url = reverse_lazy("dgsi:dgn-create_user")
 
diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 3321e66..8bcb9a5 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -16,3 +16,16 @@ body {
   flex-direction: column;
   justify-content: space-between;
 }
+
+#notifications {
+  margin-left: -0.75rem;
+  margin-right: -0.75rem;
+  position: sticky;
+  display: block;
+  inset: 1.5rem;
+  z-index: 500;
+}
+
+.notification {
+  margin-bottom: var(--bulma-block-spacing);
+}
diff --git a/src/shared/static/js/dgsi.js b/src/shared/static/js/dgsi.js
new file mode 100644
index 0000000..61f1234
--- /dev/null
+++ b/src/shared/static/js/dgsi.js
@@ -0,0 +1,11 @@
+document.addEventListener("DOMContentLoaded", () => {
+  (document.querySelectorAll(".notification .delete") || []).forEach(
+    ($delete) => {
+      const $notification = $delete.parentNode;
+      const dismiss = () => $notification.parentNode.removeChild($notification);
+
+      $delete.addEventListener("click", dismiss);
+      setTimeout(dismiss, 15000);
+    },
+  );
+});
diff --git a/src/shared/templates/_links.html b/src/shared/templates/_links.html
index 14ee324..84065b7 100644
--- a/src/shared/templates/_links.html
+++ b/src/shared/templates/_links.html
@@ -10,3 +10,6 @@
 <!-- CSS -->
 <link href="{% sass_src 'bulma/bulma.scss' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'tabler-icons/tabler-icons.min.css' %}" rel="stylesheet" type="text/css" />
+
+<!-- JS -->
+<script src="{% static 'js/dgsi.js' %}"></script>
diff --git a/src/shared/templates/base.html b/src/shared/templates/base.html
index 8f5d395..e535d9a 100644
--- a/src/shared/templates/base.html
+++ b/src/shared/templates/base.html
@@ -7,7 +7,8 @@
     <meta name="description" content="Système d'information de la DGNum" />
     <title>DGNum</title>
 
-    {% block extra_head %}{% endblock extra_head %}
+    {% block extra_head %}
+    {% endblock extra_head %}
 
     {% include "_links.html" %}
   </head>
@@ -16,6 +17,15 @@
     {% include "_hero.html" %}
 
     <section class="section">
+      <div id="notifications">
+        {% for message in messages %}
+          <article class="notification is-light has-text-centered {{ message.tags }}">
+            <button class="delete"></button>
+            {{ message|safe }}
+          </article>
+        {% endfor %}
+      </div>
+
       {% block content %}
       {% endblock content %}
     </section>

From ef9877ea60a8dd0d36f2ff583bc916b275206803 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 22 Sep 2024 20:13:15 +0200
Subject: [PATCH 037/172] chore(nix): Remove eslint hook, as it does not really
 work

---
 default.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/default.nix b/default.nix
index 33d30c0..e83ff83 100644
--- a/default.nix
+++ b/default.nix
@@ -8,9 +8,6 @@ let
     src = ./.;
 
     hooks = {
-      # JS hooks
-      eslint.enable = true;
-
       # Python hooks
       ruff.enable = true;
       black.enable = true;

From 26fdcbe8efaf33bb0c242c3c67eb9a7a88d3892e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 22 Sep 2024 20:13:55 +0200
Subject: [PATCH 038/172] feat(home):feat(templates): Move style to the sass
 bundle

---
 src/shared/static/bulma/bulma.scss            | 22 ++++++-
 .../templates/account/create_kanidm.html      |  3 +-
 .../templates/account/forbidden_category.html |  1 +
 src/shared/templates/account/profile.html     | 61 ++++++++-----------
 src/shared/templates/home.html                | 18 +++---
 .../socialaccount/snippets/provider_list.html | 29 ++++-----
 6 files changed, 76 insertions(+), 58 deletions(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 8bcb9a5..526e83d 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -7,7 +7,7 @@ $dark: rgb(46, 46, 46);
 @use "sass" with (
   $primary: $blue,
   $link: rgb(72, 95, 199),
-  $dark: $dark,
+  $dark: $dark
 );
 
 body {
@@ -17,6 +17,26 @@ body {
   justify-content: space-between;
 }
 
+.bt-link {
+  display: flex;
+  width: 100%;
+  margin-bottom: calc(0.5 * var(--bulma-block-spacing));
+  font-size: 1.25rem;
+
+  // Dark color for text
+  --bulma-color-l: var(--bulma-dark-l);
+  --bulma-color-l-delta: 0%;
+  color: hsl(
+    var(--bulma-dark-h),
+    var(--bulma-dark-s),
+    calc(var(--bulma-color-l) + var(--bulma-color-l-delta))
+  );
+}
+
+.grid.groups {
+  --bulma-grid-column-min: 24rem;
+}
+
 #notifications {
   margin-left: -0.75rem;
   margin-right: -0.75rem;
diff --git a/src/shared/templates/account/create_kanidm.html b/src/shared/templates/account/create_kanidm.html
index 2ccb838..c17aa91 100644
--- a/src/shared/templates/account/create_kanidm.html
+++ b/src/shared/templates/account/create_kanidm.html
@@ -1,11 +1,12 @@
 {% extends "base.html" %}
+
 {% load i18n %}
 
 {% block content %}
   <h2 class="subtitle">{% trans "Création de compte Kanidm" %}</h2>
   <hr>
 
-  <form class="container is-max-tablet" method="post">
+  <form method="post">
     {% csrf_token %}
     {% include "bulma/form.html" with form=form %}
 
diff --git a/src/shared/templates/account/forbidden_category.html b/src/shared/templates/account/forbidden_category.html
index 1892cce..c296c89 100644
--- a/src/shared/templates/account/forbidden_category.html
+++ b/src/shared/templates/account/forbidden_category.html
@@ -1,4 +1,5 @@
 {% extends "base.html" %}
+
 {% load i18n %}
 
 {% block content %}
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 14a90dc..2c8dc79 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -1,13 +1,6 @@
 {% extends "base.html" %}
-{% load i18n %}
 
-{% block extra_head %}
-  <style>
-    .grid.groups {
-      --bulma-grid-column-min: 24rem;
-    }
-  </style>
-{% endblock extra_head %}
+{% load i18n %}
 
 {% block content %}
   <h2 class="subtitle">
@@ -17,16 +10,14 @@
   <hr>
 
   {% if user.kanidm.radius_secret %}
-  <h3 class="has-text-weight-bold mb-3">{% trans "Mot de passe WiFi :" %}</h3>
+    <h3 class="has-text-weight-bold mb-3">{% trans "Mot de passe WiFi :" %}</h3>
 
-  <input
-    id="radius-secret"
-    onclick="document.querySelector('#radius-secret').select()"
-    class="button is-fullwidth is-primary is-size-4"
-    value="{{ user.kanidm.radius_secret }}"
-    readonly
-  />
-  <br>
+    <input id="radius-secret"
+           onclick="document.querySelector('#radius-secret').select()"
+           class="button is-fullwidth is-primary is-size-4"
+           value="{{ user.kanidm.radius_secret }}"
+           readonly />
+    <br>
   {% endif %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Adresse e-mail :" %}</h3>
@@ -34,28 +25,28 @@
   <br>
 
   {% if user.kanidm %}
-  <h2 class="subtitle mt-4">{% trans "Informations techniques" %}</h2>
-  <hr>
+    <h2 class="subtitle mt-4">{% trans "Informations techniques" %}</h2>
+    <hr>
 
-  <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant unique :" %}</h3>
+    <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant unique :" %}</h3>
 
-  <input
-    id="uuid"
-    onclick="document.querySelector('#uuid').select()"
-    class="button is-fullwidth"
-    value="{{ user.kanidm.person.uuid }}"
-    readonly
-  />
-  <br>
+    <input id="uuid"
+           onclick="document.querySelector('#uuid').select()"
+           class="button is-fullwidth"
+           value="{{ user.kanidm.person.uuid }}"
+           readonly />
+    <br>
 
-  <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
+    <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
 
-  <div class="grid groups">
-  {% for group in user.kanidm.person.memberof %}
-    <span class="cell button is-fullwidth is-static">{{ group }}</span>
-  {% endfor %}
-  </div>
+    <div class="grid groups">
+      {% for group in user.kanidm.person.memberof %}
+        <span class="cell button is-fullwidth is-static">{{ group }}</span>
+      {% endfor %}
+    </div>
   {% else %}
-    <div class="notification px-5 py-5 is-warning is-light has-text-centered is-size-4 mt-6">{% trans "Pas de compte DGNum répertorié." %}</div>
+    <div class="notification px-5 py-5 is-warning is-light has-text-centered is-size-4 mt-6">
+      {% trans "Pas de compte DGNum répertorié." %}
+    </div>
   {% endif %}
 {% endblock content %}
diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
index 6cb248e..ffe3eb9 100644
--- a/src/shared/templates/home.html
+++ b/src/shared/templates/home.html
@@ -1,12 +1,16 @@
 {% extends "base.html" %}
+
 {% load i18n %}
 
 {% block content %}
-  {% if user.is_authenticated %}
-    <a class="button is-fullwidth is-size-4 is-primary has-text-dark block" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
-  {% endif %}
-  {% if user.is_admin %}
-    <a class="button is-fullwidth is-size-4 is-danger has-text-dark block" href="{% url 'dgsi:dgn-create_user' %}">{% trans "Créer un nouveau compte" %}</a>
-    <a class="button is-fullwidth is-size-4 is-warning has-text-dark block" href="{% url 'admin:index' %}">{% trans "Interface admin" %}</a>
-  {% endif %}
+  <section class="section">
+    {% if user.is_authenticated %}
+      <a class="button bt-link is-primary" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
+    {% endif %}
+    {% if user.is_admin %}
+      <a class="button bt-link is-danger"
+         href="{% url 'dgsi:dgn-create_user' %}">{% trans "Créer un nouveau compte Kanidm" %}</a>
+      <a class="button bt-link is-warning" href="{% url 'admin:index' %}">{% trans "Interface admin" %}</a>
+    {% endif %}
+  </section>
 {% endblock content %}
diff --git a/src/shared/templates/socialaccount/snippets/provider_list.html b/src/shared/templates/socialaccount/snippets/provider_list.html
index 87a3119..3eb191e 100644
--- a/src/shared/templates/socialaccount/snippets/provider_list.html
+++ b/src/shared/templates/socialaccount/snippets/provider_list.html
@@ -1,18 +1,19 @@
 {% load allauth socialaccount %}
+
 {% get_providers as socialaccount_providers %}
 {% if socialaccount_providers %}
-    {% element provider_list %}
-        {% for provider in socialaccount_providers %}
-            {% if provider.id == "openid" %}
-                {% for brand in provider.get_brands %}
-                    {% provider_login_url provider openid=brand.openid_url process=process as href %}
-                    {% element provider name=brand.name provider_id=provider.id href=href color=provider.app.settings.color %}
-                    {% endelement %}
-                {% endfor %}
-            {% endif %}
-            {% provider_login_url provider process=process scope=scope auth_params=auth_params as href %}
-            {% element provider name=provider.name provider_id=provider.id href=href color=provider.app.settings.color %}
-            {% endelement %}
-        {% endfor %}
-    {% endelement %}
+  {% element provider_list %}
+  {% for provider in socialaccount_providers %}
+    {% if provider.id == "openid" %}
+      {% for brand in provider.get_brands %}
+        {% provider_login_url provider openid=brand.openid_url process=process as href %}
+        {% element provider name=brand.name provider_id=provider.id href=href color=provider.app.settings.color %}
+      {% endelement %}
+    {% endfor %}
+  {% endif %}
+  {% provider_login_url provider process=process scope=scope auth_params=auth_params as href %}
+  {% element provider name=provider.name provider_id=provider.id href=href color=provider.app.settings.color %}
+{% endelement %}
+{% endfor %}
+{% endelement %}
 {% endif %}

From 0c54fd29abc21a973580785452308bd58ae3ac43 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 16:53:40 +0200
Subject: [PATCH 039/172] fix(profile): Tweak CSS so that the group names don't
 overflow

We do not really lose any information as all groups end with
`@sso.dgnum.eu`
---
 src/shared/static/bulma/bulma.scss        | 5 +++++
 src/shared/templates/account/profile.html | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 526e83d..a465188 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -37,6 +37,11 @@ body {
   --bulma-grid-column-min: 24rem;
 }
 
+.groups > .button > span {
+  overflow-x: hidden;
+  text-overflow: ellipsis;
+}
+
 #notifications {
   margin-left: -0.75rem;
   margin-right: -0.75rem;
diff --git a/src/shared/templates/account/profile.html b/src/shared/templates/account/profile.html
index 2c8dc79..eed8365 100644
--- a/src/shared/templates/account/profile.html
+++ b/src/shared/templates/account/profile.html
@@ -41,7 +41,9 @@
 
     <div class="grid groups">
       {% for group in user.kanidm.person.memberof %}
-        <span class="cell button is-fullwidth is-static">{{ group }}</span>
+        <div class="cell button is-static">
+          <span>{{ group }}</span>
+        </div>
       {% endfor %}
     </div>
   {% else %}

From 39623a88029ce943068d099e6dbe6b0e3ec2a536 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 18:16:02 +0200
Subject: [PATCH 040/172] feat(admin): Update the registration of the User
 model

---
 src/dgsi/admin.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 5279d05..7bf0b54 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,6 +1,9 @@
 from django.contrib import admin
-from django.contrib.auth.admin import UserAdmin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 
 from dgsi.models import User
+from unfold.admin import ModelAdmin
 
-admin.site.register(User, UserAdmin)
+@admin.register(User)
+class UserAdmin(BaseUserAdmin, ModelAdmin):
+    pass

From cfa14a6aae970cd09b2aaef0b3b0831a2a5b4c0e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 18:16:21 +0200
Subject: [PATCH 041/172] fix(shell): Run linters at pre-push

---
 default.nix | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/default.nix b/default.nix
index e83ff83..3facc5c 100644
--- a/default.nix
+++ b/default.nix
@@ -9,13 +9,25 @@ let
 
     hooks = {
       # Python hooks
-      ruff.enable = true;
-      black.enable = true;
-      isort.enable = true;
+      black = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+
+      isort = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
 
       # Nix Hooks
-      statix.enable = true;
-      deadnix.enable = true;
+      statix = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+      deadnix = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
 
       # Misc Hooks
       commitizen.enable = true;

From 9b7f4f17e88697836a8922b9a22538739ad28375 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 18:17:51 +0200
Subject: [PATCH 042/172] feat(dgsi): Add a Service model

This will allow to list our services, whith links directly in the app
and perform ToS verification
---
 src/dgsi/admin.py                   | 10 +++++++--
 src/dgsi/migrations/0002_service.py | 33 +++++++++++++++++++++++++++++
 src/dgsi/models.py                  | 10 +++++++++
 src/dgsi/urls.py                    |  1 +
 src/dgsi/views.py                   | 12 +++++++++--
 5 files changed, 62 insertions(+), 4 deletions(-)
 create mode 100644 src/dgsi/migrations/0002_service.py

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 7bf0b54..cbccfc7 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,9 +1,15 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
-
-from dgsi.models import User
 from unfold.admin import ModelAdmin
 
+from dgsi.models import Service, User
+
+
 @admin.register(User)
 class UserAdmin(BaseUserAdmin, ModelAdmin):
     pass
+
+
+@admin.register(Service)
+class AdminClass(ModelAdmin):
+    compressed_fields = True
diff --git a/src/dgsi/migrations/0002_service.py b/src/dgsi/migrations/0002_service.py
new file mode 100644
index 0000000..454008a
--- /dev/null
+++ b/src/dgsi/migrations/0002_service.py
@@ -0,0 +1,33 @@
+# Generated by Django 4.2.12 on 2024-09-23 15:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dgsi", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Service",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "name",
+                    models.CharField(
+                        max_length=255, verbose_name="Nom du service proposé"
+                    ),
+                ),
+                ("url", models.URLField(verbose_name="Adresse du service")),
+            ],
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 70c2b4d..f484630 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -4,6 +4,8 @@ from typing import Optional
 
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
+from django.db import models
+from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
 
@@ -12,6 +14,14 @@ from shared.kanidm import client
 ADMIN_GROUP = "idm_admins@sso.dgnum.eu"
 
 
+class Service(models.Model):
+    name = models.CharField(_("Nom du service proposé"), max_length=255)
+    url = models.URLField(_("Adresse du service"))
+
+    def __str__(self) -> str:
+        return f"{self.name} [{self.url}]"
+
+
 @dataclass
 class KanidmProfile:
     person: Person
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 09cd361..7c2f866 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -16,4 +16,5 @@ urlpatterns = [
         views.TemplateView.as_view(template_name="account/forbidden_category.html"),
         name="dgn-forbidden_account",
     ),
+    path("services/", views.ServiceListView.as_view(), name="dgn-services"),
 ]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index b4e73be..54231bf 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -5,11 +5,11 @@ from django.core.mail import EmailMessage
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import FormView, TemplateView
+from django.views.generic import FormView, ListView, TemplateView
 
 from dgsi.forms import CreateKanidmAccountForm
 from dgsi.mixins import StaffRequiredMixin
-from dgsi.models import User
+from dgsi.models import Service, User
 from shared.kanidm import client
 
 
@@ -26,6 +26,14 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
+class ServiceListView(LoginRequiredMixin, ListView):
+    model = Service
+
+
+##
+# INFO: Below are views related to the administration of DGSI
+
+
 class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView):
     form_class = CreateKanidmAccountForm
     template_name = "account/create_kanidm.html"

From 8c3cba0af8af8c1081f74a5687011f611c0255b0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 21:40:35 +0200
Subject: [PATCH 043/172] feat(kanidm): Update the required group to be an
 admin

---
 src/dgsi/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index f484630..4c4b670 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -11,7 +11,7 @@ from kanidm.models.person import Person
 
 from shared.kanidm import client
 
-ADMIN_GROUP = "idm_admins@sso.dgnum.eu"
+ADMIN_GROUP = "dgnum_admins@sso.dgnum.eu"
 
 
 class Service(models.Model):

From cab836955872a8455ddf7567367b0180b4e7b119 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 23 Sep 2024 23:59:29 +0200
Subject: [PATCH 044/172] feat(services): Add an icon, and a transitive
 redirect view

---
 src/dgsi/migrations/0003_service_icon.py  | 19 +++++++++++++++++++
 src/dgsi/models.py                        |  1 +
 src/dgsi/templates/dgsi/service_list.html | 18 ++++++++++++++++++
 src/dgsi/urls.py                          |  5 +++++
 src/dgsi/views.py                         | 11 ++++++++++-
 src/shared/static/bulma/bulma.scss        |  8 ++++++++
 6 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 src/dgsi/migrations/0003_service_icon.py
 create mode 100644 src/dgsi/templates/dgsi/service_list.html

diff --git a/src/dgsi/migrations/0003_service_icon.py b/src/dgsi/migrations/0003_service_icon.py
new file mode 100644
index 0000000..25666b9
--- /dev/null
+++ b/src/dgsi/migrations/0003_service_icon.py
@@ -0,0 +1,19 @@
+# Generated by Django 4.2.12 on 2024-09-23 21:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dgsi", "0002_service"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="service",
+            name="icon",
+            field=models.CharField(
+                blank=True, max_length=255, verbose_name="Icône du service"
+            ),
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 4c4b670..404ff51 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -17,6 +17,7 @@ ADMIN_GROUP = "dgnum_admins@sso.dgnum.eu"
 class Service(models.Model):
     name = models.CharField(_("Nom du service proposé"), max_length=255)
     url = models.URLField(_("Adresse du service"))
+    icon = models.CharField(_("Icône du service"), max_length=255, blank=True)
 
     def __str__(self) -> str:
         return f"{self.name} [{self.url}]"
diff --git a/src/dgsi/templates/dgsi/service_list.html b/src/dgsi/templates/dgsi/service_list.html
new file mode 100644
index 0000000..2c7b2bb
--- /dev/null
+++ b/src/dgsi/templates/dgsi/service_list.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Services accessibles via la DGNum" %}</h2>
+  <hr>
+
+  <div class="buttons bt-links">
+    {% for service in service_list %}
+      <a class="button is-medium"
+         href="{% url "dgsi:dgn-services_redirect" service.pk %}">
+        <span class="icon"><i class="ti ti-{{ service.icon }}"></i></span>
+        <span>{{ service.name }}</span>
+      </a>
+    {% endfor %}
+  </div>
+{% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 7c2f866..848df88 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -17,4 +17,9 @@ urlpatterns = [
         name="dgn-forbidden_account",
     ),
     path("services/", views.ServiceListView.as_view(), name="dgn-services"),
+    path(
+        "services/redirect/<int:pk>",
+        views.ServiceRedirectView.as_view(),
+        name="dgn-services_redirect",
+    ),
 ]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 54231bf..a9b2e7a 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,3 +1,4 @@
+from typing import Any
 from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
@@ -5,7 +6,8 @@ from django.core.mail import EmailMessage
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import FormView, ListView, TemplateView
+from django.views.generic import FormView, ListView, RedirectView, TemplateView
+from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.forms import CreateKanidmAccountForm
 from dgsi.mixins import StaffRequiredMixin
@@ -30,6 +32,13 @@ class ServiceListView(LoginRequiredMixin, ListView):
     model = Service
 
 
+class ServiceRedirectView(LoginRequiredMixin, SingleObjectMixin, RedirectView):
+    model = Service
+
+    def get_redirect_url(self, *args: Any, **kwargs: Any) -> str:
+        return self.get_object().url
+
+
 ##
 # INFO: Below are views related to the administration of DGSI
 
diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index a465188..fd9e8a7 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -33,6 +33,14 @@ body {
   );
 }
 
+.bt-links {
+  justify-content: space-evenly;
+}
+
+.bt-links > .button {
+  width: 47.5%;
+}
+
 .grid.groups {
   --bulma-grid-column-min: 24rem;
 }

From 87e13b357ec15882f53f10013fd03199afb7c350 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 10:06:51 +0200
Subject: [PATCH 045/172] chore(services): Add comments

---
 src/dgsi/models.py | 3 +++
 src/dgsi/views.py  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 404ff51..9b15ff6 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -19,6 +19,9 @@ class Service(models.Model):
     url = models.URLField(_("Adresse du service"))
     icon = models.CharField(_("Icône du service"), max_length=255, blank=True)
 
+    # TODO: Add a group field, to show only if the user really has access,
+    # when this field is null, then it is open bar
+
     def __str__(self) -> str:
         return f"{self.name} [{self.url}]"
 
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index a9b2e7a..42add5a 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,4 +1,5 @@
 from typing import Any
+
 from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
@@ -31,6 +32,8 @@ class ProfileView(LoginRequiredMixin, TemplateView):
 class ServiceListView(LoginRequiredMixin, ListView):
     model = Service
 
+    # TODO: Only show available websites
+
 
 class ServiceRedirectView(LoginRequiredMixin, SingleObjectMixin, RedirectView):
     model = Service

From e8ce6f343b932af9e197fa506fb7b0c6d1451f5e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 11:28:44 +0200
Subject: [PATCH 046/172] feat(unfold): Change the name

---
 src/app/settings.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index 879214d..41fb61e 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -5,6 +5,7 @@ Django settings for the DGSI project.
 from pathlib import Path
 
 from django.contrib.messages import constants as messages
+from django.utils.translation import gettext_lazy as _
 from loadcredential import Credentials
 
 credentials = Credentials(env_prefix="DGSI_")
@@ -214,6 +215,14 @@ MESSAGE_TAGS = {
 }
 
 
+###
+# Unfold Interface configuration
+
+UNFOLD = {
+    "SITE_HEADER": _("Administration de DGSI"),
+}
+
+
 ###
 # Extend settings when running in dev mode
 

From e10d33176b69376e1d9878c20f9fa07d9e05039d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 11:29:47 +0200
Subject: [PATCH 047/172] chore(templates): Rename templates

---
 .../templates/dgsi/create_kanidm_account.html}                | 0
 .../templates/account => dgsi/templates/dgsi}/profile.html    | 0
 src/dgsi/urls.py                                              | 2 +-
 src/dgsi/views.py                                             | 4 ++--
 .../templates/{account => accounts}/forbidden_category.html   | 3 +++
 5 files changed, 6 insertions(+), 3 deletions(-)
 rename src/{shared/templates/account/create_kanidm.html => dgsi/templates/dgsi/create_kanidm_account.html} (100%)
 rename src/{shared/templates/account => dgsi/templates/dgsi}/profile.html (100%)
 rename src/shared/templates/{account => accounts}/forbidden_category.html (86%)

diff --git a/src/shared/templates/account/create_kanidm.html b/src/dgsi/templates/dgsi/create_kanidm_account.html
similarity index 100%
rename from src/shared/templates/account/create_kanidm.html
rename to src/dgsi/templates/dgsi/create_kanidm_account.html
diff --git a/src/shared/templates/account/profile.html b/src/dgsi/templates/dgsi/profile.html
similarity index 100%
rename from src/shared/templates/account/profile.html
rename to src/dgsi/templates/dgsi/profile.html
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 848df88..107b945 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -13,7 +13,7 @@ urlpatterns = [
     ),
     path(
         "accounts/forbidden/",
-        views.TemplateView.as_view(template_name="account/forbidden_category.html"),
+        views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),
         name="dgn-forbidden_account",
     ),
     path("services/", views.ServiceListView.as_view(), name="dgn-services"),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 42add5a..5b7d3c1 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -17,7 +17,7 @@ from shared.kanidm import client
 
 
 class ProfileView(LoginRequiredMixin, TemplateView):
-    template_name = "account/profile.html"
+    template_name = "dgsi/profile.html"
 
     def get_context_data(self, **kwargs):
         u = self.request.user
@@ -48,7 +48,7 @@ class ServiceRedirectView(LoginRequiredMixin, SingleObjectMixin, RedirectView):
 
 class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView):
     form_class = CreateKanidmAccountForm
-    template_name = "account/create_kanidm.html"
+    template_name = "dgsi/create_kanidm_account.html"
     success_message = _("Compte DGNum pour %(displayname)s [%(name)s] créé.")
 
     success_url = reverse_lazy("dgsi:dgn-create_user")
diff --git a/src/shared/templates/account/forbidden_category.html b/src/shared/templates/accounts/forbidden_category.html
similarity index 86%
rename from src/shared/templates/account/forbidden_category.html
rename to src/shared/templates/accounts/forbidden_category.html
index c296c89..887aa24 100644
--- a/src/shared/templates/account/forbidden_category.html
+++ b/src/shared/templates/accounts/forbidden_category.html
@@ -3,6 +3,9 @@
 {% load i18n %}
 
 {% block content %}
+  <h2 class="subtitle">{% trans "Connexion impossible" %}</h2>
+  <hr>
+
   <div class="notification is-warning is-light px-5 py-5 has-text-centered is-size-5">
     {% blocktrans %}Votre catégorie de compte ENS ne permet pas de vous identifier auprès de la DGNum.<br>Si vous pensez qu'il s'agit une erreur, merci de contacter la DGNum à l'adresse : <a href="mailto:contact@dgnum.eu">contact@dgnum.eu</a>{% endblocktrans  %}
   </div>

From b9f165c1e6797910594ef7cbfaafcf77e2af5e8d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 11:31:05 +0200
Subject: [PATCH 048/172] chore(index): Move the view inside dgsi

---
 src/app/urls.py                 | 1 -
 src/dgsi/urls.py                | 4 ++++
 src/dgsi/views.py               | 4 ++++
 src/shared/templates/_hero.html | 2 +-
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/app/urls.py b/src/app/urls.py
index 7a3942a..5d0ec79 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -21,7 +21,6 @@ from django.urls import include, path
 from django.views.generic import TemplateView
 
 urlpatterns = [
-    path("", TemplateView.as_view(template_name="home.html"), name="index"),
     path("login", TemplateView.as_view(template_name="login.html"), name="login"),
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 107b945..71cd35f 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -5,6 +5,9 @@ from . import views
 app_name = "dgsi"
 
 urlpatterns = [
+    # Misc views
+    path("", views.IndexView.as_view(), name="dgn-index"),
+    # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
     path(
         "accounts/create-kanidm/",
@@ -16,6 +19,7 @@ urlpatterns = [
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),
         name="dgn-forbidden_account",
     ),
+    # Services views
     path("services/", views.ServiceListView.as_view(), name="dgn-services"),
     path(
         "services/redirect/<int:pk>",
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 5b7d3c1..47ea5dc 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -16,6 +16,10 @@ from dgsi.models import Service, User
 from shared.kanidm import client
 
 
+class IndexView(TemplateView):
+    template_name = "dgsi/index.html"
+
+
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 4fd16c8..9267783 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -6,7 +6,7 @@
       <div class="grid has-3-cols">
         <div class="cell is-col-span-2">
           <h1 class="title">
-            <a href="{% url 'index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
+            <a href="{% url 'dgsi:dgn-index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
           </h1>
           <h2 class="subtitle mt-2">Système d'information de la DGNum</h2>
         </div>

From 2490d83459ecd289e6dc613b099c9d80caedbd94 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 11:31:54 +0200
Subject: [PATCH 049/172] feat(index): Add parametrization to links

---
 src/dgsi/templates/_index_link.html |  4 +++
 src/dgsi/templates/dgsi/index.html  | 20 +++++++++++++++
 src/dgsi/views.py                   | 39 ++++++++++++++++++++++++++++-
 src/shared/templates/home.html      | 16 ------------
 4 files changed, 62 insertions(+), 17 deletions(-)
 create mode 100644 src/dgsi/templates/_index_link.html
 create mode 100644 src/dgsi/templates/dgsi/index.html
 delete mode 100644 src/shared/templates/home.html

diff --git a/src/dgsi/templates/_index_link.html b/src/dgsi/templates/_index_link.html
new file mode 100644
index 0000000..ae98b12
--- /dev/null
+++ b/src/dgsi/templates/_index_link.html
@@ -0,0 +1,4 @@
+<a class="button bt-link {{ link.color }}" href="{% url link.reverse %}">
+  {% if link.icon %}<span class="icon"><i class="ti ti-{{ link.icon }}"></i></span>{% endif %}
+  <span>{{ link.text }}</span>
+</a>
diff --git a/src/dgsi/templates/dgsi/index.html b/src/dgsi/templates/dgsi/index.html
new file mode 100644
index 0000000..840804a
--- /dev/null
+++ b/src/dgsi/templates/dgsi/index.html
@@ -0,0 +1,20 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <section class="section">
+    {% if user.is_authenticated %}
+      {% for link in links.authenticated %}
+        {% include "_index_link.html" %}
+      {% endfor %}
+    {% endif %}
+
+    {% if user.is_admin %}
+      <hr>
+      {% for link in links.admin %}
+        {% include "_index_link.html" %}
+      {% endfor %}
+    {% endif %}
+  </section>
+{% endblock content %}
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 47ea5dc..239f30d 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,4 +1,4 @@
-from typing import Any
+from typing import Any, NamedTuple
 
 from asgiref.sync import async_to_sync
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -6,6 +6,7 @@ from django.contrib.messages.views import SuccessMessageMixin
 from django.core.mail import EmailMessage
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
+from django.utils.functional import Promise
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import FormView, ListView, RedirectView, TemplateView
 from django.views.generic.detail import SingleObjectMixin
@@ -16,9 +17,45 @@ from dgsi.models import Service, User
 from shared.kanidm import client
 
 
+class Link(NamedTuple):
+    color: str
+    reverse: str
+    text: str | Promise
+    icon: str | None = None
+
+
 class IndexView(TemplateView):
     template_name = "dgsi/index.html"
 
+    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+        return super().get_context_data(
+            links={
+                "authenticated": [
+                    Link(
+                        "is-primary",
+                        "dgsi:dgn-profile",
+                        _("Mon profil"),
+                        "user-filled",
+                    ),
+                ],
+                "admin": [
+                    Link(
+                        "is-danger",
+                        "dgsi:dgn-create_user",
+                        _("Créer un nouveau compte Kanidm"),
+                        "user-plus",
+                    ),
+                    Link(
+                        "is-warning",
+                        "admin:index",
+                        _("Interface d'administration"),
+                        "settings-filled",
+                    ),
+                ],
+            },
+            **kwargs,
+        )
+
 
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
diff --git a/src/shared/templates/home.html b/src/shared/templates/home.html
deleted file mode 100644
index ffe3eb9..0000000
--- a/src/shared/templates/home.html
+++ /dev/null
@@ -1,16 +0,0 @@
-{% extends "base.html" %}
-
-{% load i18n %}
-
-{% block content %}
-  <section class="section">
-    {% if user.is_authenticated %}
-      <a class="button bt-link is-primary" href="{% url 'dgsi:dgn-profile' %}">{% trans "Mon profil" %}</a>
-    {% endif %}
-    {% if user.is_admin %}
-      <a class="button bt-link is-danger"
-         href="{% url 'dgsi:dgn-create_user' %}">{% trans "Créer un nouveau compte Kanidm" %}</a>
-      <a class="button bt-link is-warning" href="{% url 'admin:index' %}">{% trans "Interface admin" %}</a>
-    {% endif %}
-  </section>
-{% endblock content %}

From 1dc83050277a8d6fb6565bf1d899f09b3714ca85 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 14:27:44 +0200
Subject: [PATCH 050/172] chore(index): Move the links outside of the class

---
 src/dgsi/templates/_index_link.html |  2 +-
 src/dgsi/views.py                   | 42 ++++++++++++++---------------
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/src/dgsi/templates/_index_link.html b/src/dgsi/templates/_index_link.html
index ae98b12..c89b0cf 100644
--- a/src/dgsi/templates/_index_link.html
+++ b/src/dgsi/templates/_index_link.html
@@ -1,4 +1,4 @@
-<a class="button bt-link {{ link.color }}" href="{% url link.reverse %}">
+<a class="button bt-link is-light {{ link.color }}" href="{% url link.reverse %}">
   {% if link.icon %}<span class="icon"><i class="ti ti-{{ link.icon }}"></i></span>{% endif %}
   <span>{{ link.text }}</span>
 </a>
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 239f30d..0d142fb 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -24,34 +24,32 @@ class Link(NamedTuple):
     icon: str | None = None
 
 
+AUTHENTICATED_LINKS: list[Link] = [
+    Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
+    Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
+]
+
+ADMIN_LINKS: list[Link] = [
+    Link(
+        "is-danger",
+        "dgsi:dgn-create_user",
+        _("Créer un nouveau compte Kanidm"),
+        "user-plus",
+    ),
+    Link(
+        "is-warning", "admin:index", _("Interface d'administration"), "settings-filled"
+    ),
+]
+
+
 class IndexView(TemplateView):
     template_name = "dgsi/index.html"
 
     def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         return super().get_context_data(
             links={
-                "authenticated": [
-                    Link(
-                        "is-primary",
-                        "dgsi:dgn-profile",
-                        _("Mon profil"),
-                        "user-filled",
-                    ),
-                ],
-                "admin": [
-                    Link(
-                        "is-danger",
-                        "dgsi:dgn-create_user",
-                        _("Créer un nouveau compte Kanidm"),
-                        "user-plus",
-                    ),
-                    Link(
-                        "is-warning",
-                        "admin:index",
-                        _("Interface d'administration"),
-                        "settings-filled",
-                    ),
-                ],
+                "authenticated": AUTHENTICATED_LINKS,
+                "admin": ADMIN_LINKS,
             },
             **kwargs,
         )

From abdcb2c8ad038d4187887e12c804dfbfda40da3e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 14:28:24 +0200
Subject: [PATCH 051/172] feat: Setup media

---
 src/app/settings.py |  1 +
 src/app/urls.py     | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 41fb61e..1a22f82 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -165,6 +165,7 @@ USE_TZ = True
 #   -> https://docs.djangoproject.com/en/4.2/howto/static-files/
 
 STATIC_URL = "static/"
+MEDIA_URL = "media/"
 
 STATICFILES_DIRS = [BASE_DIR / "shared" / "static"]
 STATICFILES_FINDERS = [
diff --git a/src/app/urls.py b/src/app/urls.py
index 5d0ec79..96be59a 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -28,7 +28,11 @@ urlpatterns = [
 ]
 
 if settings.DEBUG:
-    urlpatterns += [
-        path("__reload__/", include("django_browser_reload.urls")),
-        path("__debug__/", include("debug_toolbar.urls")),
-    ] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+    urlpatterns += (
+        [
+            path("__reload__/", include("django_browser_reload.urls")),
+            path("__debug__/", include("debug_toolbar.urls")),
+        ]
+        + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+        + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+    )

From b5cedebda1824bfa76e9a40916648ec187604a25 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 14:29:51 +0200
Subject: [PATCH 052/172] feat(legal-documents): Init list view and acceptance
 flow

---
 src/dgsi/admin.py                             |  4 +-
 ..._statutes_user_accepted_bylaws_and_more.py | 81 +++++++++++++++++++
 src/dgsi/models.py                            | 52 +++++++++++-
 src/dgsi/templates/_legal_document.html       | 23 ++++++
 src/dgsi/templates/dgsi/legal_documents.html  | 17 ++++
 src/dgsi/urls.py                              | 11 +++
 src/dgsi/views.py                             | 42 +++++++++-
 7 files changed, 226 insertions(+), 4 deletions(-)
 create mode 100644 src/dgsi/migrations/0004_bylaws_statutes_user_accepted_bylaws_and_more.py
 create mode 100644 src/dgsi/templates/_legal_document.html
 create mode 100644 src/dgsi/templates/dgsi/legal_documents.html

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index cbccfc7..8c1fb0d 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -2,7 +2,7 @@ from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from unfold.admin import ModelAdmin
 
-from dgsi.models import Service, User
+from dgsi.models import Bylaws, Service, Statutes, User
 
 
 @admin.register(User)
@@ -10,6 +10,6 @@ class UserAdmin(BaseUserAdmin, ModelAdmin):
     pass
 
 
-@admin.register(Service)
+@admin.register(Bylaws, Service, Statutes)
 class AdminClass(ModelAdmin):
     compressed_fields = True
diff --git a/src/dgsi/migrations/0004_bylaws_statutes_user_accepted_bylaws_and_more.py b/src/dgsi/migrations/0004_bylaws_statutes_user_accepted_bylaws_and_more.py
new file mode 100644
index 0000000..e7bd985
--- /dev/null
+++ b/src/dgsi/migrations/0004_bylaws_statutes_user_accepted_bylaws_and_more.py
@@ -0,0 +1,81 @@
+# Generated by Django 4.2.12 on 2024-09-24 08:07
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dgsi", "0003_service_icon"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Bylaws",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("date", models.DateField(verbose_name="Date du document")),
+                (
+                    "name",
+                    models.CharField(max_length=255, verbose_name="Nom du document"),
+                ),
+                ("file", models.FileField(upload_to="", verbose_name="Fichier PDF")),
+            ],
+            options={
+                "get_latest_by": "date",
+                "abstract": False,
+            },
+        ),
+        migrations.CreateModel(
+            name="Statutes",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("date", models.DateField(verbose_name="Date du document")),
+                (
+                    "name",
+                    models.CharField(max_length=255, verbose_name="Nom du document"),
+                ),
+                ("file", models.FileField(upload_to="", verbose_name="Fichier PDF")),
+            ],
+            options={
+                "get_latest_by": "date",
+                "abstract": False,
+            },
+        ),
+        migrations.AddField(
+            model_name="user",
+            name="accepted_bylaws",
+            field=models.ForeignKey(
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="dgsi.bylaws",
+            ),
+        ),
+        migrations.AddField(
+            model_name="user",
+            name="accepted_statutes",
+            field=models.ForeignKey(
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="dgsi.statutes",
+            ),
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 9b15ff6..44cc14f 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -1,6 +1,6 @@
 from dataclasses import dataclass
 from functools import cached_property
-from typing import Optional
+from typing import Optional, Self
 
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
@@ -26,6 +26,48 @@ class Service(models.Model):
         return f"{self.name} [{self.url}]"
 
 
+class LegalDocument(models.Model):
+    date = models.DateField(_("Date du document"))
+    name = models.CharField(_("Nom du document"), max_length=255)
+    file = models.FileField(_("Fichier PDF"))
+
+    @classmethod
+    def latest(cls, **kwargs) -> Self | None:
+        return cls.objects.filter(**kwargs).latest()
+
+    def __str__(self) -> str:
+        return self.name
+
+    class Meta:  # pyright: ignore
+        abstract = True
+
+
+class Statutes(LegalDocument):
+    """
+    Statutes of the association.
+    """
+
+    kind = "statutes"
+
+    class Meta:  # pyright: ignore
+        get_latest_by = "date"
+        verbose_name = _("Statuts")
+        verbose_name_plural = _("Statuts")
+
+
+class Bylaws(LegalDocument):
+    """
+    Bylaws of the association.
+    """
+
+    kind = "bylaws"
+
+    class Meta:  # pyright: ignore
+        get_latest_by = "date"
+        verbose_name = _("Règlement Intérieur")
+        verbose_name_plural = _("Règlements Intérieurs")
+
+
 @dataclass
 class KanidmProfile:
     person: Person
@@ -37,6 +79,14 @@ class User(AbstractUser):
     Custom User class, to have a direct link to the Kanidm data.
     """
 
+    accepted_statutes = models.ForeignKey(
+        Statutes, on_delete=models.SET_NULL, null=True, default=None
+    )
+    accepted_bylaws = models.ForeignKey(
+        Bylaws, on_delete=models.SET_NULL, null=True, default=None
+    )
+    # accepted_terms = models.ManyToManyField(TermsAndConditions)
+
     @cached_property
     def kanidm(self) -> Optional[KanidmProfile]:
         try:
diff --git a/src/dgsi/templates/_legal_document.html b/src/dgsi/templates/_legal_document.html
new file mode 100644
index 0000000..8bbc557
--- /dev/null
+++ b/src/dgsi/templates/_legal_document.html
@@ -0,0 +1,23 @@
+{% load i18n %}
+
+<h2 class="subtitle">
+  {{ title }}
+  <span class="tags is-pulled-right">
+    {% if user_document != document %}
+      <a class="tag is-warning"
+         href="{% url "dgsi:dgn-accept_legal_document" document.kind %}"
+         onclick="return confirm(('{% trans " En acceptant, vous assurez avoir lu ce document et en approuver le contenu." %}'))">
+        <span>{{ accept_question }}</span>
+        <span class="icon is-size-6"><i class="ti ti-alert-circle"></i></span>
+      </a>
+    {% else %}
+      <span class="tag is-success">
+        <span>{% trans "Accepté" %}</span>
+        <span class="icon is-size-6"><i class="ti ti-checkbox"></i></span>
+      </span>
+    {% endif %}
+    <span class="tag is-dark">{{ document.date }}</span>
+  </span>
+</h2>
+
+<a class="button bt-link" href="{{ document.file.url }}">{{ document }}</a>
diff --git a/src/dgsi/templates/dgsi/legal_documents.html b/src/dgsi/templates/dgsi/legal_documents.html
new file mode 100644
index 0000000..1c65b99
--- /dev/null
+++ b/src/dgsi/templates/dgsi/legal_documents.html
@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">Documents Légaux</h2>
+  <hr>
+
+  <br class="my-5">
+
+  {% include "_legal_document.html" with document=statutes user_document=user.accepted_statutes title=_("Statuts") accept_question=_("Accepter les statuts") %}
+
+  <br class="my-4">
+
+  {% include "_legal_document.html" with document=bylaws user_document=user.accepted_bylaws title=_("Règlement Intérieur") accept_question=_("Accepter le règlement intérieur") %}
+
+{% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 71cd35f..ddc1e32 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -7,6 +7,17 @@ app_name = "dgsi"
 urlpatterns = [
     # Misc views
     path("", views.IndexView.as_view(), name="dgn-index"),
+    # Legal documents
+    path(
+        "legal-documents/",
+        views.LegalDocumentsView.as_view(),
+        name="dgn-legal_documents",
+    ),
+    path(
+        "legal-documents/accept/<slug:kind>/",
+        views.AcceptLegalDocumentView.as_view(),
+        name="dgn-accept_legal_document",
+    ),
     # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
     path(
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 0d142fb..5b1310f 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,9 +1,11 @@
 from typing import Any, NamedTuple
 
 from asgiref.sync import async_to_sync
+from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.mail import EmailMessage
+from django.http import HttpRequest, HttpResponseBase
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.utils.functional import Promise
@@ -13,7 +15,7 @@ from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.forms import CreateKanidmAccountForm
 from dgsi.mixins import StaffRequiredMixin
-from dgsi.models import Service, User
+from dgsi.models import Bylaws, Service, Statutes, User
 from shared.kanidm import client
 
 
@@ -68,6 +70,44 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
+class LegalDocumentsView(LoginRequiredMixin, TemplateView):
+    template_name = "dgsi/legal_documents.html"
+
+    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+        return super().get_context_data(
+            statutes=Statutes.latest(),
+            bylaws=Bylaws.latest(),
+            **kwargs,
+        )
+
+
+class AcceptLegalDocumentView(LoginRequiredMixin, RedirectView):
+    url = reverse_lazy("dgsi:dgn-legal_documents")
+
+    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
+        u = User.from_request(self.request)
+
+        match kwargs.get("kind"):
+            case "statutes":
+                u.accepted_statutes = Statutes.latest()
+                u.save()
+            case "bylaws":
+                u.accepted_bylaws = Bylaws.latest()
+                u.save()
+            case k:
+                messages.add_message(
+                    request,
+                    messages.WARNING,
+                    _("Type de document invalide : %(kind)s") % {"kind": k},
+                )
+
+        return super().get(request, *args, **kwargs)
+
+
+##
+# INFO: Below are classes related to services offered by the DGNum
+
+
 class ServiceListView(LoginRequiredMixin, ListView):
     model = Service
 

From a9d369d55da34501979640edf6ee05a4ab1b7517 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 14:30:33 +0200
Subject: [PATCH 053/172] feat(kanidm): Use an async function to get the data

---
 src/dgsi/models.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 44cc14f..9ee00b3 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -88,12 +88,13 @@ class User(AbstractUser):
     # accepted_terms = models.ManyToManyField(TermsAndConditions)
 
     @cached_property
-    def kanidm(self) -> Optional[KanidmProfile]:
+    @async_to_sync
+    async def kanidm(self) -> Optional[KanidmProfile]:
         try:
-            radius_data = async_to_sync(client.get_radius_token)(self.username).data
+            radius_data = (await client.get_radius_token(self.username)).data
 
             return KanidmProfile(
-                person=async_to_sync(client.person_account_get)(self.username),
+                person=(await client.person_account_get(self.username)),
                 radius_secret=radius_data and radius_data.get("secret"),
             )
         except NoMatchingEntries:

From e370977aacbdf00fcd60307f7176ae28566c74e7 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 14:30:58 +0200
Subject: [PATCH 054/172] feat(user): Add a type guard to extract the user from
 a request

---
 src/dgsi/models.py | 9 +++++++++
 src/dgsi/views.py  | 3 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 9ee00b3..59c5f4d 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -5,6 +5,7 @@ from typing import Optional, Self
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
 from django.db import models
+from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
@@ -87,6 +88,14 @@ class User(AbstractUser):
     )
     # accepted_terms = models.ManyToManyField(TermsAndConditions)
 
+    @classmethod
+    def from_request(cls, request: HttpRequest) -> Self:
+        u = request.user
+
+        assert isinstance(u, cls)
+
+        return u
+
     @cached_property
     @async_to_sync
     async def kanidm(self) -> Optional[KanidmProfile]:
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 5b1310f..ba78f82 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -61,8 +61,7 @@ class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
     def get_context_data(self, **kwargs):
-        u = self.request.user
-        assert isinstance(u, User)
+        u = User.from_request(self.request)
 
         return super().get_context_data(
             displayname=f"{u.first_name} {u.last_name}",

From 6c18ec3855445d835261e6ef72851550d22f7634 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 15:55:29 +0200
Subject: [PATCH 055/172] chore(legal-documents): Add an icon

---
 src/dgsi/templates/_legal_document.html | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/templates/_legal_document.html b/src/dgsi/templates/_legal_document.html
index 8bbc557..8316bd5 100644
--- a/src/dgsi/templates/_legal_document.html
+++ b/src/dgsi/templates/_legal_document.html
@@ -20,4 +20,7 @@
   </span>
 </h2>
 
-<a class="button bt-link" href="{{ document.file.url }}">{{ document }}</a>
+<a class="button bt-link" href="{{ document.file.url }}">
+  <span>{{ document }}</span>
+  <span class="icon"><i class="ti ti-file-download"></i></span>
+</a>

From 5f0dfff4aedfeec2c722a34d970de3efb2d36e5c Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 15:57:28 +0200
Subject: [PATCH 056/172] feat(accout): Add a view to self-create an account

Various checks are in place to make sure that the user does not already
have an account, and has accepted the rules of the association
---
 src/dgsi/forms.py                             |  8 ++
 .../templates/dgsi/create_self_account.html   | 15 +++
 src/dgsi/templates/dgsi/legal_documents.html  | 15 +++
 src/dgsi/templates/dgsi/profile.html          |  7 +-
 src/dgsi/urls.py                              |  9 +-
 src/dgsi/views.py                             | 98 +++++++++++++++++--
 6 files changed, 141 insertions(+), 11 deletions(-)
 create mode 100644 src/dgsi/templates/dgsi/create_self_account.html

diff --git a/src/dgsi/forms.py b/src/dgsi/forms.py
index 2bc31a7..404328c 100644
--- a/src/dgsi/forms.py
+++ b/src/dgsi/forms.py
@@ -33,3 +33,11 @@ class CreateKanidmAccountForm(forms.Form):
         help_text=_("Si selectionné, la personne sera ajoutée au groupe dgnum_members"),
         required=False,
     )
+
+
+class CreateSelfAccountForm(forms.Form):
+    displayname = CharField(label=_("Nom d'usage"))
+    mail = EmailField(
+        label=_("Adresse e-mail"),
+        help_text=_("De préférence l'adresse '@ens.psl.eu'"),
+    )
diff --git a/src/dgsi/templates/dgsi/create_self_account.html b/src/dgsi/templates/dgsi/create_self_account.html
new file mode 100644
index 0000000..9e06865
--- /dev/null
+++ b/src/dgsi/templates/dgsi/create_self_account.html
@@ -0,0 +1,15 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Création d'un compte DGNum" %}</h2>
+  <hr>
+
+  <form method="post">
+    {% csrf_token %}
+    {% include "bulma/form.html" with form=form %}
+
+    <button class="button is-fullwidth mt-6">{% trans "Enregistrer" %}</button>
+  </form>
+{% endblock content %}
diff --git a/src/dgsi/templates/dgsi/legal_documents.html b/src/dgsi/templates/dgsi/legal_documents.html
index 1c65b99..36ec809 100644
--- a/src/dgsi/templates/dgsi/legal_documents.html
+++ b/src/dgsi/templates/dgsi/legal_documents.html
@@ -6,6 +6,21 @@
   <h2 class="subtitle">Documents Légaux</h2>
   <hr>
 
+  {% if user.kanidm is None %}
+    {% if show_message %}
+      <div class="notification is-warning is-light has-text-centered">
+        <b>{% trans "Vous devez accepter les Statuts et le Règlement Intérieur de la DGNum avant de pouvoir créer un compte." %}</b>
+      </div>
+    {% else %}
+      <div class="notification is-primary is-light has-text-centered">
+        <b>{% trans "Vous n'avez pas encore de compte DGNum, mais vous pouvez désormais en créer un." %}</b>
+        <br>
+        <a class="button mt-5 is-light"
+           href="{% url "dgsi:dgn-create_self_account" %}">{% trans "Poursuivre la création d'un compte DGNum" %}</a>
+      </div>
+    {% endif %}
+  {% endif %}
+
   <br class="my-5">
 
   {% include "_legal_document.html" with document=statutes user_document=user.accepted_statutes title=_("Statuts") accept_question=_("Accepter les statuts") %}
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index eed8365..0790195 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -47,8 +47,11 @@
       {% endfor %}
     </div>
   {% else %}
-    <div class="notification px-5 py-5 is-warning is-light has-text-centered is-size-4 mt-6">
-      {% trans "Pas de compte DGNum répertorié." %}
+    <div class="notification is-primary is-light has-text-centered mt-6">
+      <b>{% trans "Pas de compte DGNum répertorié." %}</b>
+      <br>
+      <a class="button mt-5 is-light"
+         href="{% url "dgsi:dgn-create_self_account" %}">{% trans "Créer un compte DGNum" %}</a>
     </div>
   {% endif %}
 {% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index ddc1e32..cf7945c 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -20,10 +20,15 @@ urlpatterns = [
     ),
     # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path(
+        "accounts/create/",
+        views.CreateSelfAccountView.as_view(),
+        name="dgn-create_self_account",
+    ),
     path(
         "accounts/create-kanidm/",
         views.CreateKanidmAccountView.as_view(),
-        name="dgn-create_user",
+        name="dgn-create_kanidm_user",
     ),
     path(
         "accounts/forbidden/",
@@ -33,7 +38,7 @@ urlpatterns = [
     # Services views
     path("services/", views.ServiceListView.as_view(), name="dgn-services"),
     path(
-        "services/redirect/<int:pk>",
+        "services/redirect/<int:pk>/",
         views.ServiceRedirectView.as_view(),
         name="dgn-services_redirect",
     ),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index ba78f82..3d3df6c 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -2,10 +2,10 @@ from typing import Any, NamedTuple
 
 from asgiref.sync import async_to_sync
 from django.contrib import messages
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.mail import EmailMessage
-from django.http import HttpRequest, HttpResponseBase
+from django.http import HttpRequest, HttpResponseBase, HttpResponseRedirect
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.utils.functional import Promise
@@ -13,7 +13,7 @@ from django.utils.translation import gettext_lazy as _
 from django.views.generic import FormView, ListView, RedirectView, TemplateView
 from django.views.generic.detail import SingleObjectMixin
 
-from dgsi.forms import CreateKanidmAccountForm
+from dgsi.forms import CreateKanidmAccountForm, CreateSelfAccountForm
 from dgsi.mixins import StaffRequiredMixin
 from dgsi.models import Bylaws, Service, Statutes, User
 from shared.kanidm import client
@@ -34,7 +34,7 @@ AUTHENTICATED_LINKS: list[Link] = [
 ADMIN_LINKS: list[Link] = [
     Link(
         "is-danger",
-        "dgsi:dgn-create_user",
+        "dgsi:dgn-create_kanidm_user",
         _("Créer un nouveau compte Kanidm"),
         "user-plus",
     ),
@@ -69,13 +69,97 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
+# INFO: We subclass AccessMixin and not LoginRequiredMixin because the way we want to
+#       use dispatch means that we need to execute the login check anyways.
+class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
+    template_name = "dgsi/create_self_account.html"
+    form_class = CreateSelfAccountForm
+    success_message = _("Compte DGNum créé avec succès")
+    success_url = reverse_lazy("dgsi:dgn-profile")
+
+    def dispatch(
+        self, request: HttpRequest, *args: Any, **kwargs: Any
+    ) -> HttpResponseBase:
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        u = User.from_request(request)
+
+        # Check that the user does not already exist
+        if u.kanidm is not None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Vous possédez déjà un compte DGNum !</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+
+        # Check that the Statutes and Bylaws have been accepted
+        if (
+            u.accepted_statutes != Statutes.latest()
+            or u.accepted_bylaws != Bylaws.latest()
+        ):
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("Vous devez accepter les Statuts et le Règlement Intérieur."),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-legal_documents"))
+
+        return super().dispatch(request, *args, **kwargs)
+
+    @async_to_sync
+    async def form_valid(self, form):
+        ttl = 86400  # 24h
+
+        d = form.cleaned_data
+        u = User.from_request(self.request)
+
+        # Create the base account
+        await client.person_account_create(u.username, d["displayname"])
+
+        # Update the information
+        await client.person_account_update(u.username, mail=[d["mail"]])
+
+        # FIXME: Will maybe change when kanidm gets its shit together and switches to POST
+        r = await client.call_get(
+            f"/v1/person/{u.username}/_credential/_update_intent/{ttl}"
+        )
+
+        assert r.data is not None
+
+        token: str = r.data["token"]
+        link = f"https://sso.dgnum.eu/ui/reset?token={token}"
+
+        # Send an email to the new user with the given email address
+        EmailMessage(
+            subject="Réinitialisation de mot de passe DGNum -- DGNum password reset",
+            body=render_to_string(
+                "mail/credentials_reset.txt",
+                context={"link": link},
+            ),
+            from_email="To Be Determined <dgsi@infra.dgnum.eu>",
+            to=[d["mail"]],
+            headers={"Reply-To": "contact@dgnum.eu"},
+        ).send()
+
+        return super().form_valid(form)
+
+
 class LegalDocumentsView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/legal_documents.html"
 
     def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+        u = User.from_request(self.request)
+        statutes = Statutes.latest()
+        bylaws = Bylaws.latest()
+
         return super().get_context_data(
-            statutes=Statutes.latest(),
-            bylaws=Bylaws.latest(),
+            statutes=statutes,
+            bylaws=bylaws,
+            show_message=(
+                (u.accepted_bylaws != bylaws) or (u.accepted_statutes != statutes)
+            ),
             **kwargs,
         )
 
@@ -129,7 +213,7 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
     template_name = "dgsi/create_kanidm_account.html"
     success_message = _("Compte DGNum pour %(displayname)s [%(name)s] créé.")
 
-    success_url = reverse_lazy("dgsi:dgn-create_user")
+    success_url = reverse_lazy("dgsi:dgn-create_kanidm_user")
 
     @async_to_sync
     async def form_valid(self, form):

From 8a46e4ddb522a145046d9a5bfc729a8e46d99f44 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 16:45:06 +0200
Subject: [PATCH 057/172] feat(pkgs/pykanidm): Update to current version

---
 pkgs/pykanidm/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/pykanidm/default.nix b/pkgs/pykanidm/default.nix
index 8f03681..ce8e09f 100644
--- a/pkgs/pykanidm/default.nix
+++ b/pkgs/pykanidm/default.nix
@@ -11,14 +11,14 @@
 
 buildPythonPackage rec {
   pname = "kanidm";
-  version = "1.2.3";
+  version = "1.3.3";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "kanidm";
     repo = "kanidm";
     rev = "v${version}";
-    hash = "sha256-J02IbAY5lyoMaq6wJiHizqeFBd5hB6id2YMPxlPsASM=";
+    hash = "sha256-W5G7osV4du6w/BfyY9YrDzorcLNizRsoz70RMfO2AbY=";
   };
 
   sourceRoot = "source/pykanidm";

From 7537b26fbe97258f04941417ec47719e31cd3c88 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:06:50 +0200
Subject: [PATCH 058/172] feat(settings): Make databases configurable

---
 src/app/settings.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 1a22f82..ccccb63 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -98,12 +98,15 @@ ASGI_APPLICATION = "app.asgi.application"
 # Database configuration
 #   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases
 
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "db.sqlite3",
-    }
-}
+DATABASES = credentials.get_json(
+    "DATABASES",
+    {
+        "default": {
+            "ENGINE": "django.db.backends.sqlite3",
+            "NAME": BASE_DIR / "db.sqlite3",
+        }
+    },
+)
 
 
 ###

From 76c07e308629ae8717a400e744ef0735e4cd7114 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:08:09 +0200
Subject: [PATCH 059/172] feat(settings): Make MEDIA_ROOT configurable

---
 src/app/settings.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index ccccb63..92db313 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -177,7 +177,8 @@ STATICFILES_FINDERS = [
     "sass_processor.finders.CssFinder",
 ]
 
-STATIC_ROOT = credentials["STATIC_ROOT"]
+STATIC_ROOT = credentials.get("STATIC_ROOT")
+MEDIA_ROOT = credentials.get("MEDIA_ROOT")
 
 ###
 # Storages configuration

From fee28c598c3c02d7980074cca0f9deacfbe6a444 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:35:50 +0200
Subject: [PATCH 060/172] chore(wsgi): Don't set an invalid settings module

---
 src/app/wsgi.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/app/wsgi.py b/src/app/wsgi.py
index bfbc45a..63c3d04 100644
--- a/src/app/wsgi.py
+++ b/src/app/wsgi.py
@@ -7,10 +7,6 @@ For more information on this file, see
 https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/
 """
 
-import os
-
 from django.core.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "api.settings")
-
 application = get_wsgi_application()

From 49f1133fedb15791a2aa6ae0527ce8966f17f1c0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:40:53 +0200
Subject: [PATCH 061/172] fix(settings): We use wsgi

---
 src/app/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 92db313..7ef813f 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -90,9 +90,9 @@ TEMPLATES = [
 ]
 
 ###
-# ASGI application configuration
+# WSGI application configuration
 
-ASGI_APPLICATION = "app.asgi.application"
+WSGI_APPLICATION = "app.wsgi.application"
 
 ###
 # Database configuration

From 7064a3aa4b8367c53a0688574cf08b9ac72da08e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:45:42 +0200
Subject: [PATCH 062/172] feat(settings): Add e-mail configuration

---
 .credentials/EMAIL_HOST   |  1 +
 .credentials/FROM_EMAIL   |  1 +
 .credentials/SERVER_EMAIL |  1 +
 src/app/settings.py       | 10 ++++++++++
 4 files changed, 13 insertions(+)
 create mode 100644 .credentials/EMAIL_HOST
 create mode 100644 .credentials/FROM_EMAIL
 create mode 100644 .credentials/SERVER_EMAIL

diff --git a/.credentials/EMAIL_HOST b/.credentials/EMAIL_HOST
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/.credentials/EMAIL_HOST
@@ -0,0 +1 @@
+localhost
diff --git a/.credentials/FROM_EMAIL b/.credentials/FROM_EMAIL
new file mode 100644
index 0000000..083bff6
--- /dev/null
+++ b/.credentials/FROM_EMAIL
@@ -0,0 +1 @@
+Délégation Générale Numérique <dgsi@localhost>
diff --git a/.credentials/SERVER_EMAIL b/.credentials/SERVER_EMAIL
new file mode 100644
index 0000000..bad804c
--- /dev/null
+++ b/.credentials/SERVER_EMAIL
@@ -0,0 +1 @@
+dgsi@localhost
diff --git a/src/app/settings.py b/src/app/settings.py
index 7ef813f..dbece05 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -94,6 +94,16 @@ TEMPLATES = [
 
 WSGI_APPLICATION = "app.wsgi.application"
 
+###
+# E-Mail configuration
+
+DEFAULT_FROM_EMAIL = credentials["FROM_EMAIL"]
+EMAIL_HOST = credentials.get("EMAIL_HOST", "localhost")
+EMAIL_HOST_PASSWORD = credentials.get("EMAIL_HOST_PASSWORD", "")
+EMAIL_HOST_USER = credentials.get("EMAIL_HOST_USER", "")
+EMAIL_USE_SSL = credentials.get("EMAIL_USE_SSL", False)
+SERVER_EMAIL = credentials["SERVER_EMAIL"]
+
 ###
 # Database configuration
 #   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases

From 1080ec0c440208ab680b16634087c7bd674e283b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 22:45:56 +0200
Subject: [PATCH 063/172] feat(pkgs): Update loadcredential

---
 pkgs/loadcredential/default.nix | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 pkgs/loadcredential/default.nix

diff --git a/pkgs/loadcredential/default.nix b/pkgs/loadcredential/default.nix
new file mode 100644
index 0000000..2d8ced5
--- /dev/null
+++ b/pkgs/loadcredential/default.nix
@@ -0,0 +1,34 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  setuptools,
+  wheel,
+}:
+
+buildPythonPackage rec {
+  pname = "loadcredential";
+  version = "1.2";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "Tom-Hubrecht";
+    repo = "loadcredential";
+    rev = "v${version}";
+    hash = "sha256-rNWFD89h1p1jYWLcfzsa/w8nK3bR4aVJsUPx0UtZnIw=";
+  };
+
+  build-system = [
+    setuptools
+    wheel
+  ];
+
+  pythonImportsCheck = [ "loadcredential" ];
+
+  meta = {
+    description = "A simple python package to read credentials passed through systemd's LoadCredential, with a fallback on env variables ";
+    homepage = "https://github.com/Tom-Hubrecht/loadcredential";
+    license = lib.licenses.mit;
+    maintainers = [ ]; # with lib.maintainers; [ thubrecht ];
+  };
+}

From 088d6d613ac43e5638c8a3db2d4fe4677d73bb27 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 23:06:09 +0200
Subject: [PATCH 064/172] fix: Always include django-browser-reload

---
 src/app/settings.py | 4 ++--
 src/app/urls.py     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index dbece05..f5af54d 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -33,6 +33,7 @@ INSTALLED_APPS = [
     "django.contrib.sessions",
     "django.contrib.messages",
     "shared.staticfiles.StaticFilesApp",  # Overrides the default staticfiles app to filter out the sccs sources
+    "django_browser_reload",
     "sass_processor",
     "bulma",
     # Authentication
@@ -57,6 +58,7 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "django_browser_reload.middleware.BrowserReloadMiddleware",
     "allauth.account.middleware.AccountMiddleware",
 ]
 
@@ -244,12 +246,10 @@ UNFOLD = {
 if DEBUG:
     INSTALLED_APPS += [
         "debug_toolbar",
-        "django_browser_reload",
     ]
 
     MIDDLEWARE += [
         "debug_toolbar.middleware.DebugToolbarMiddleware",
-        "django_browser_reload.middleware.BrowserReloadMiddleware",
     ]
 
     EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
diff --git a/src/app/urls.py b/src/app/urls.py
index 96be59a..7869da3 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -25,12 +25,12 @@ urlpatterns = [
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
     path("admin/", admin.site.urls),
+    path("__reload__/", include("django_browser_reload.urls")),
 ]
 
 if settings.DEBUG:
     urlpatterns += (
         [
-            path("__reload__/", include("django_browser_reload.urls")),
             path("__debug__/", include("debug_toolbar.urls")),
         ]
         + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

From 59fa7409501d3b9f98a6935e815e9f535111e401 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 23:29:01 +0200
Subject: [PATCH 065/172] fix(css): Don't overflow on group names

---
 src/shared/static/bulma/bulma.scss | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index fd9e8a7..65676da 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -42,7 +42,7 @@ body {
 }
 
 .grid.groups {
-  --bulma-grid-column-min: 24rem;
+  --bulma-grid-column-min: min(24rem, 100%);
 }
 
 .groups > .button > span {

From 91d5d68da3a89d2ce8c7df1c094afb7bdff29a70 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 24 Sep 2024 23:33:24 +0200
Subject: [PATCH 066/172] feat(settings): Add console logging

---
 src/app/settings.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index f5af54d..7f65e4d 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -62,6 +62,23 @@ MIDDLEWARE = [
     "allauth.account.middleware.AccountMiddleware",
 ]
 
+###
+# Logging configuration
+
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
+        },
+    },
+    "root": {
+        "handlers": ["console"],
+        "level": credentials.get("LOG_LEVEL", "WARNING"),
+    },
+}
+
 ###
 # The main url configuration
 

From 48005ae251846df525d6f811ff562b933f288da4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 25 Sep 2024 13:56:34 +0200
Subject: [PATCH 067/172] chore(migrations): Reflect the change in models.Meta

---
 ...r_bylaws_options_alter_statutes_options.py | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 src/dgsi/migrations/0005_alter_bylaws_options_alter_statutes_options.py

diff --git a/src/dgsi/migrations/0005_alter_bylaws_options_alter_statutes_options.py b/src/dgsi/migrations/0005_alter_bylaws_options_alter_statutes_options.py
new file mode 100644
index 0000000..1bafc09
--- /dev/null
+++ b/src/dgsi/migrations/0005_alter_bylaws_options_alter_statutes_options.py
@@ -0,0 +1,28 @@
+# Generated by Django 4.2.12 on 2024-09-24 20:22
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dgsi", "0004_bylaws_statutes_user_accepted_bylaws_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="bylaws",
+            options={
+                "get_latest_by": "date",
+                "verbose_name": "Règlement Intérieur",
+                "verbose_name_plural": "Règlements Intérieurs",
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="statutes",
+            options={
+                "get_latest_by": "date",
+                "verbose_name": "Statuts",
+                "verbose_name_plural": "Statuts",
+            },
+        ),
+    ]

From 88e2c25ce483e86f5d7478d9f28f16dfa3371319 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 25 Sep 2024 13:57:01 +0200
Subject: [PATCH 068/172] feat(shell): Add media root

---
 default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/default.nix b/default.nix
index 3facc5c..6598c74 100644
--- a/default.nix
+++ b/default.nix
@@ -75,6 +75,7 @@ in
       CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
       DGSI_DEBUG = "true";
       DGSI_STATIC_ROOT = builtins.toString ./.static;
+      DGSI_MEDIA_ROOT = builtins.toString ./.media;
       DGSI_KANIDM_CLIENT = "dgsi_test";
     };
 

From 5381b0379b112778cee05f7fa5dc989da96a77ba Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 25 Sep 2024 13:57:16 +0200
Subject: [PATCH 069/172] feat(index): Add a link to the services

---
 src/dgsi/views.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 3d3df6c..c842073 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -29,6 +29,12 @@ class Link(NamedTuple):
 AUTHENTICATED_LINKS: list[Link] = [
     Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
     Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
+    Link(
+        "is-info",
+        "dgsi:dgn-services",
+        _("Services proposés par la DGNum"),
+        "apps-filled",
+    ),
 ]
 
 ADMIN_LINKS: list[Link] = [

From 9119ad38b026a644edbccd494578552555e1cd13 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 12:04:38 +0200
Subject: [PATCH 070/172] feat(accounts): Allow divergence between cas_login
 and username

- Adds a Translation table between cas_login and the effective username
- Show more descriptive errors when the connection cannot happen

TODO: The translation mechanism is currently fragile, we need to update
usernames when a translation is created/deleted and also disable updates
to a translation
---
 src/dgsi/admin.py                             |   4 +-
 src/dgsi/migrations/0006_translation.py       |  32 +++++
 src/dgsi/models.py                            |  12 ++
 src/shared/account.py                         | 110 ++++++++++++++----
 .../accounts/forbidden_category.html          |   2 +-
 5 files changed, 134 insertions(+), 26 deletions(-)
 create mode 100644 src/dgsi/migrations/0006_translation.py

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 8c1fb0d..a12277d 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -2,7 +2,7 @@ from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from unfold.admin import ModelAdmin
 
-from dgsi.models import Bylaws, Service, Statutes, User
+from dgsi.models import Bylaws, Service, Statutes, Translation, User
 
 
 @admin.register(User)
@@ -10,6 +10,6 @@ class UserAdmin(BaseUserAdmin, ModelAdmin):
     pass
 
 
-@admin.register(Bylaws, Service, Statutes)
+@admin.register(Bylaws, Service, Statutes, Translation)
 class AdminClass(ModelAdmin):
     compressed_fields = True
diff --git a/src/dgsi/migrations/0006_translation.py b/src/dgsi/migrations/0006_translation.py
new file mode 100644
index 0000000..df54ca2
--- /dev/null
+++ b/src/dgsi/migrations/0006_translation.py
@@ -0,0 +1,32 @@
+# Generated by Django 4.2.12 on 2024-09-26 09:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dgsi", "0005_alter_bylaws_options_alter_statutes_options"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Translation",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("cas_login", models.CharField(max_length=255, unique=True)),
+                ("username", models.CharField(max_length=255, unique=True)),
+            ],
+            options={
+                "verbose_name": "Correspondance de login",
+                "verbose_name_plural": "Correspondances de login",
+            },
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 59c5f4d..da77aad 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -69,6 +69,18 @@ class Bylaws(LegalDocument):
         verbose_name_plural = _("Règlements Intérieurs")
 
 
+class Translation(models.Model):
+    cas_login = models.CharField(max_length=255, unique=True)
+    username = models.CharField(max_length=255, unique=True)
+
+    def __str__(self) -> str:
+        return f"{self.cas_login} → {self.username}"
+
+    class Meta:  # pyright: ignore
+        verbose_name = _("Correspondance de login")
+        verbose_name_plural = _("Correspondances de login")
+
+
 @dataclass
 class KanidmProfile:
     person: Person
diff --git a/src/shared/account.py b/src/shared/account.py
index 863d1c7..f3f91bb 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -1,10 +1,15 @@
+from functools import lru_cache
+from typing import Optional
+
 from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
-from django.http import HttpResponseRedirect
+from django.contrib import messages
+from django.http import HttpRequest, HttpResponseRedirect
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 
-from dgsi.models import User
+from dgsi.models import Translation, User
 
 
 class SharedAccountAdapter(DefaultSocialAccountAdapter):
@@ -12,42 +17,101 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
     Overrides the Account Adapter, to allow a simpler connection via CAS.
     """
 
-    def pre_social_login(self, request, sociallogin):
-        match sociallogin.account.provider:
-            # TODO: Add a correspondance table between ENS logins and ours
-            case "ens_cas":
-                # In this case, the username is located in extra_data["uid"]
-                username = sociallogin.account.extra_data["uid"]
+    @lru_cache
+    def _get_username(self, request: HttpRequest, sociallogin: SocialLogin) -> str:
+        """
+        Returns the required username
+        """
 
-                # Validate that the user is a regular one
+        match sociallogin.account.provider:
+            case "ens_cas":
+                cas_login = sociallogin.account.extra_data["uid"]
+
+                # Verify that this user can indeed connect to the website
                 home = sociallogin.account.extra_data["homeDirectory"].split("/")
 
                 if (home[1] != "users") or (
                     home[2]
                     in ["absint", "algo", "grecc", "guests", "spi", "spi1", "staffs"]
                 ):
+                    messages.error(request, _("Catégorie de compte ENS interdite."))
                     raise ImmediateHttpResponse(
                         HttpResponseRedirect(reverse("dgsi:dgn-forbidden_account"))
                     )
 
+                # Continue with the login flow
+                try:
+                    return Translation.objects.get(cas_login=cas_login).username
+                except Translation.DoesNotExist:
+                    return cas_login
+
             case "kanidm":
-                username = sociallogin.account.extra_data["preferred_username"]
-            case _p:
-                raise KeyError(f"No sociallogin '{_p}' is supposed to exist.")
+                return sociallogin.account.extra_data["preferred_username"]
 
-        try:
-            # Connect an existing user if the login already exists, even if it
-            # with another social method
-            user = User.objects.get(username=username)
-            sociallogin.connect(request, user)
-        except User.DoesNotExist:
-            return
+            case _:
+                # INFO: This should never happen
+                messages.error(request, _("Méthode de connexion invalide."))
+                raise ImmediateHttpResponse(
+                    HttpResponseRedirect(reverse("dgsi:dgn-forbidden_account"))
+                )
 
-        # We now know that a user exists, copy the distant attributes
-        user.is_staff = user.is_admin
-        user.is_superuser = user.is_admin
+    def _get_user(
+        self, request: HttpRequest, sociallogin: SocialLogin
+    ) -> Optional[User]:
+        """
+        Returns the required user for completing the login
+        """
 
-        user.save()
+        # The user is already linked to the social login, no reason to change it
+        if sociallogin.is_existing:
+            return sociallogin.user
+
+        # No user is currently linked to this social login, either the user has already
+        # logged in with another method, or it truly does not exist
+        return User.objects.filter(
+            username=self._get_username(request, sociallogin)
+        ).first()
+
+    def _update_user(self, request: HttpRequest, sociallogin: SocialLogin):
+        """
+        Updates the required attributes of the user:
+        - username
+        - permissions
+        """
+
+        u = sociallogin.user
+
+        assert isinstance(u, User)
+
+        # Update the username first, so that calls to kanidm return the correct information
+        u.username = self._get_username(request, sociallogin)
+
+        # Update the global permissions
+        u.is_staff = u.is_admin
+        u.is_superuser = u.is_admin
+
+        # Save the updated user if needed
+        if sociallogin.is_existing:
+            u.save()
+
+    def pre_social_login(self, request, sociallogin: SocialLogin):
+        ###
+        # The flow is the following:
+        #  - Get the correct user
+        #  - Do the connection if possible
+        #  - Update the required attributes
+
+        user = self._get_user(request, sociallogin)
+
+        if user is not None:
+            sociallogin.user = user
+
+        # If the user exists, connect to it
+        # FIXME: May not be necessary
+        # if sociallogin.is_existing:
+        #     sociallogin.connect(request, sociallogin.user)
+
+        self._update_user(request, sociallogin)
 
     def populate_user(self, request, sociallogin, data):
         return super().populate_user(request, sociallogin, data)
diff --git a/src/shared/templates/accounts/forbidden_category.html b/src/shared/templates/accounts/forbidden_category.html
index 887aa24..e400a6e 100644
--- a/src/shared/templates/accounts/forbidden_category.html
+++ b/src/shared/templates/accounts/forbidden_category.html
@@ -7,6 +7,6 @@
   <hr>
 
   <div class="notification is-warning is-light px-5 py-5 has-text-centered is-size-5">
-    {% blocktrans %}Votre catégorie de compte ENS ne permet pas de vous identifier auprès de la DGNum.<br>Si vous pensez qu'il s'agit une erreur, merci de contacter la DGNum à l'adresse : <a href="mailto:contact@dgnum.eu">contact@dgnum.eu</a>{% endblocktrans  %}
+    {% blocktrans %}Vos informations ne permettent pas de vous identifier auprès de la DGNum.<br>Si vous pensez qu'il s'agit une erreur, merci de nous contacter à l'adresse : <a href="mailto:contact@dgnum.eu">contact@dgnum.eu</a>{% endblocktrans  %}
   </div>
 {% endblock content %}

From 3b3f2dd34d0161eac52a6fae1a6ccb7787accae6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 12:12:26 +0200
Subject: [PATCH 071/172] fix(accounts): This was, in fact, necessary

---
 src/shared/account.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/shared/account.py b/src/shared/account.py
index f3f91bb..a4682ea 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -107,9 +107,8 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
             sociallogin.user = user
 
         # If the user exists, connect to it
-        # FIXME: May not be necessary
-        # if sociallogin.is_existing:
-        #     sociallogin.connect(request, sociallogin.user)
+        if sociallogin.is_existing:
+            sociallogin.connect(request, sociallogin.user)
 
         self._update_user(request, sociallogin)
 

From 941f2b031e85ba58bdce1251457026ed94a8539f Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 12:12:58 +0200
Subject: [PATCH 072/172] fix(translations): Disable updates to an existing
 translation

---
 src/dgsi/models.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index da77aad..32e706d 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -69,6 +69,14 @@ class Bylaws(LegalDocument):
         verbose_name_plural = _("Règlements Intérieurs")
 
 
+# class TermsAndConditions(LegalDocument):
+#     """
+#     Terms and Conditions of use regarding a service offered by the association.
+#     """
+#
+#     service = models.ForeignKey(Service, on_delete=models.CASCADE)
+
+
 class Translation(models.Model):
     cas_login = models.CharField(max_length=255, unique=True)
     username = models.CharField(max_length=255, unique=True)
@@ -76,6 +84,12 @@ class Translation(models.Model):
     def __str__(self) -> str:
         return f"{self.cas_login} → {self.username}"
 
+    def save(self, **kwargs) -> None:  # pyright: ignore
+        # INFO: Only update the model if it does not already exist
+        #       This will prevent a lot of pain
+        if self.pk is None:
+            return super().save(**kwargs)
+
     class Meta:  # pyright: ignore
         verbose_name = _("Correspondance de login")
         verbose_name_plural = _("Correspondances de login")

From b33f13db301da068635b48b5e02597f7a5b75e87 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 13:29:36 +0200
Subject: [PATCH 073/172] feat(accounts): Add a mechanism to automatically
 change the local username when creating or deleting translations

---
 src/dgsi/models.py | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 32e706d..a851d3e 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -2,9 +2,12 @@ from dataclasses import dataclass
 from functools import cached_property
 from typing import Optional, Self
 
+from allauth.socialaccount.models import SocialAccount
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
 from django.db import models
+from django.db.models.signals import pre_delete
+from django.dispatch import receiver
 from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
@@ -84,17 +87,47 @@ class Translation(models.Model):
     def __str__(self) -> str:
         return f"{self.cas_login} → {self.username}"
 
-    def save(self, **kwargs) -> None:  # pyright: ignore
+    def save(self, *args, **kwargs) -> None:
         # INFO: Only update the model if it does not already exist
         #       This will prevent a lot of pain
         if self.pk is None:
-            return super().save(**kwargs)
+            try:
+                # Find out if a user exists with the cas_login to update
+                account = SocialAccount.objects.get(
+                    provider="ens_cas", uid=self.cas_login
+                )
+                account.user.username = self.username
+                account.user.save()
+
+                # TODO: Update the distant kanidm data
+            except SocialAccount.DoesNotExist:
+                # No user has registered with this cas_login yet
+                pass
+            return super().save(*args, **kwargs)
 
     class Meta:  # pyright: ignore
         verbose_name = _("Correspondance de login")
         verbose_name_plural = _("Correspondances de login")
 
 
+# INFO: We need to use a signal receiver here, as the delete method is not called
+#       when deleteing objects from the admin interface
+@receiver(pre_delete, sender=Translation)
+def restore_username(**kwargs):
+    """
+    Restore the username to the cas_login
+    """
+
+    cas_login = kwargs["instance"].cas_login
+    try:
+        account = SocialAccount.objects.get(provider="ens_cas", uid=cas_login)
+        account.user.username = cas_login
+        account.user.save()
+    except SocialAccount.DoesNotExist:
+        # No user has registered with this cas_login yet
+        pass
+
+
 @dataclass
 class KanidmProfile:
     person: Person

From be0cf4c0f5ee5f806f3b94ab0c0ef66ffbef5f0f Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 13:31:40 +0200
Subject: [PATCH 074/172] chore(kanidm): Rename client to klient

---
 src/dgsi/forms.py    |  4 ++--
 src/dgsi/models.py   |  6 +++---
 src/dgsi/views.py    | 16 ++++++++--------
 src/shared/kanidm.py |  2 +-
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/dgsi/forms.py b/src/dgsi/forms.py
index 404328c..1f5e474 100644
--- a/src/dgsi/forms.py
+++ b/src/dgsi/forms.py
@@ -3,13 +3,13 @@ from django.core.exceptions import ValidationError
 from django.forms import BooleanField, CharField, EmailField, forms
 from django.utils.translation import gettext_lazy as _
 
-from shared.kanidm import client
+from shared.kanidm import klient
 
 
 @async_to_sync
 async def name_validator(value: str) -> None:
     try:
-        await client.person_account_get(value)
+        await klient.person_account_get(value)
     except ValueError:
         return
 
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index a851d3e..54a8e7c 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -13,7 +13,7 @@ from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
 
-from shared.kanidm import client
+from shared.kanidm import klient
 
 ADMIN_GROUP = "dgnum_admins@sso.dgnum.eu"
 
@@ -159,10 +159,10 @@ class User(AbstractUser):
     @async_to_sync
     async def kanidm(self) -> Optional[KanidmProfile]:
         try:
-            radius_data = (await client.get_radius_token(self.username)).data
+            radius_data = (await klient.get_radius_token(self.username)).data
 
             return KanidmProfile(
-                person=(await client.person_account_get(self.username)),
+                person=(await klient.person_account_get(self.username)),
                 radius_secret=radius_data and radius_data.get("secret"),
             )
         except NoMatchingEntries:
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index c842073..623b104 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -16,7 +16,7 @@ from django.views.generic.detail import SingleObjectMixin
 from dgsi.forms import CreateKanidmAccountForm, CreateSelfAccountForm
 from dgsi.mixins import StaffRequiredMixin
 from dgsi.models import Bylaws, Service, Statutes, User
-from shared.kanidm import client
+from shared.kanidm import klient
 
 
 class Link(NamedTuple):
@@ -122,13 +122,13 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
         u = User.from_request(self.request)
 
         # Create the base account
-        await client.person_account_create(u.username, d["displayname"])
+        await klient.person_account_create(u.username, d["displayname"])
 
         # Update the information
-        await client.person_account_update(u.username, mail=[d["mail"]])
+        await klient.person_account_update(u.username, mail=[d["mail"]])
 
         # FIXME: Will maybe change when kanidm gets its shit together and switches to POST
-        r = await client.call_get(
+        r = await klient.call_get(
             f"/v1/person/{u.username}/_credential/_update_intent/{ttl}"
         )
 
@@ -228,17 +228,17 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
         d = form.cleaned_data
 
         # Create the base account
-        await client.person_account_create(d["name"], d["displayname"])
+        await klient.person_account_create(d["name"], d["displayname"])
 
         # Update the information
-        await client.person_account_update(d["name"], mail=[d["mail"]])
+        await klient.person_account_update(d["name"], mail=[d["mail"]])
 
         # If necessary, add the user to the active members group
         if d["active"]:
-            await client.group_add_members("dgnum_members", [d["name"]])
+            await klient.group_add_members("dgnum_members", [d["name"]])
 
         # FIXME: Will maybe change when kanidm gets its shit together and switches to POST
-        r = await client.call_get(
+        r = await klient.call_get(
             f"/v1/person/{d['name']}/_credential/_update_intent/{ttl}"
         )
 
diff --git a/src/shared/kanidm.py b/src/shared/kanidm.py
index 32a77e1..3102da4 100644
--- a/src/shared/kanidm.py
+++ b/src/shared/kanidm.py
@@ -3,6 +3,6 @@ from loadcredential import Credentials
 
 credentials = Credentials(env_prefix="DGSI_")
 
-client = KanidmClient(
+klient = KanidmClient(
     uri=credentials["KANIDM_URI"], token=credentials["KANIDM_AUTH_TOKEN"]
 )

From 5019b89ef2dfc19f027f5f24d2d840254db75654 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 14:23:35 +0200
Subject: [PATCH 075/172] feat(translations): Factorize the user renaming
 scheme, and update the remote data

---
 src/dgsi/models.py | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 54a8e7c..8666680 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -87,22 +87,27 @@ class Translation(models.Model):
     def __str__(self) -> str:
         return f"{self.cas_login} → {self.username}"
 
+    def update_user(self, username: str):
+        # Update the username of the person with the required cas_login
+        try:
+            # Find out if a user exists with the cas_login to update
+            account = SocialAccount.objects.get(provider="ens_cas", uid=self.cas_login)
+
+            # WARNING: This updates the remote data, we need to be careful with what we do
+            async_to_sync(klient.person_account_update)(account.user.username, username)
+
+            account.user.username = username
+            account.user.save()
+        except SocialAccount.DoesNotExist:
+            # No user has registered with this cas_login yet
+            pass
+
     def save(self, *args, **kwargs) -> None:
         # INFO: Only update the model if it does not already exist
         #       This will prevent a lot of pain
         if self.pk is None:
-            try:
-                # Find out if a user exists with the cas_login to update
-                account = SocialAccount.objects.get(
-                    provider="ens_cas", uid=self.cas_login
-                )
-                account.user.username = self.username
-                account.user.save()
+            self.update_user(self.username)
 
-                # TODO: Update the distant kanidm data
-            except SocialAccount.DoesNotExist:
-                # No user has registered with this cas_login yet
-                pass
             return super().save(*args, **kwargs)
 
     class Meta:  # pyright: ignore
@@ -118,14 +123,8 @@ def restore_username(**kwargs):
     Restore the username to the cas_login
     """
 
-    cas_login = kwargs["instance"].cas_login
-    try:
-        account = SocialAccount.objects.get(provider="ens_cas", uid=cas_login)
-        account.user.username = cas_login
-        account.user.save()
-    except SocialAccount.DoesNotExist:
-        # No user has registered with this cas_login yet
-        pass
+    self = kwargs["instance"]
+    self.update_user(self.cas_login)
 
 
 @dataclass

From 97e3ae9702b3594ced2abe8934b343399c92d398 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 14:40:58 +0200
Subject: [PATCH 076/172] fix(settings): Allow specifying the EMAIL_PORT

---
 src/app/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index 7f65e4d..665a524 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -120,6 +120,7 @@ DEFAULT_FROM_EMAIL = credentials["FROM_EMAIL"]
 EMAIL_HOST = credentials.get("EMAIL_HOST", "localhost")
 EMAIL_HOST_PASSWORD = credentials.get("EMAIL_HOST_PASSWORD", "")
 EMAIL_HOST_USER = credentials.get("EMAIL_HOST_USER", "")
+EMAIL_PORT = credentials.get_json("EMAIL_PORT", 465)
 EMAIL_USE_SSL = credentials.get("EMAIL_USE_SSL", False)
 SERVER_EMAIL = credentials["SERVER_EMAIL"]
 

From 7885252b4a745426ff9cc062ca00d18b98f0723a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 14:50:45 +0200
Subject: [PATCH 077/172] fix(views): Use default from email

---
 src/dgsi/views.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 623b104..bb705ac 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -254,7 +254,6 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
                 "mail/credentials_reset.txt",
                 context={"link": link},
             ),
-            from_email="To Be Determined <dgsi@infra.dgnum.eu>",
             to=[d["mail"]],
             headers={"Reply-To": "contact@dgnum.eu"},
         ).send()

From 2978c1facba9fb18e56ac4521b1178f360c76029 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 15:25:26 +0200
Subject: [PATCH 078/172] feat(settings): Allow giving the admin list

---
 src/app/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index 665a524..1192bda 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -22,6 +22,8 @@ DEBUG = credentials.get_json("DEBUG", False)
 
 ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
 
+ADMINS = credentials.get_json("ADMINS", [])
+
 ###
 # List the installed applications
 

From bf5bce5fc548115c26e1beec8be145bcb9d16688 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 16:00:35 +0200
Subject: [PATCH 079/172] chore(templates): Add checkmarcks on buttons

---
 src/dgsi/templates/dgsi/create_kanidm_account.html | 5 ++++-
 src/dgsi/templates/dgsi/create_self_account.html   | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/templates/dgsi/create_kanidm_account.html b/src/dgsi/templates/dgsi/create_kanidm_account.html
index c17aa91..62ef674 100644
--- a/src/dgsi/templates/dgsi/create_kanidm_account.html
+++ b/src/dgsi/templates/dgsi/create_kanidm_account.html
@@ -10,6 +10,9 @@
     {% csrf_token %}
     {% include "bulma/form.html" with form=form %}
 
-    <button class="button is-fullwidth mt-6">{% trans "Enregistrer" %}</button>
+    <button class="button is-fullwidth mt-6">
+      <span>{% trans "Enregistrer" %}</span>
+      <span class="icon"><i class="ti ti-check"></i></span>
+    </button>
   </form>
 {% endblock content %}
diff --git a/src/dgsi/templates/dgsi/create_self_account.html b/src/dgsi/templates/dgsi/create_self_account.html
index 9e06865..5b2fc62 100644
--- a/src/dgsi/templates/dgsi/create_self_account.html
+++ b/src/dgsi/templates/dgsi/create_self_account.html
@@ -10,6 +10,9 @@
     {% csrf_token %}
     {% include "bulma/form.html" with form=form %}
 
-    <button class="button is-fullwidth mt-6">{% trans "Enregistrer" %}</button>
+    <button class="button is-fullwidth mt-6">
+      <span>{% trans "Enregistrer" %}</span>
+      <span class="icon"><i class="ti ti-check"></i></span>
+    </button>
   </form>
 {% endblock content %}

From 997fd254ca9b69996de74c835f4fea87ec6a0d76 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 16:11:06 +0200
Subject: [PATCH 080/172] chore(accounts): Remove unused login view

---
 src/app/urls.py                 |  1 -
 src/shared/templates/login.html | 29 -----------------------------
 2 files changed, 30 deletions(-)
 delete mode 100644 src/shared/templates/login.html

diff --git a/src/app/urls.py b/src/app/urls.py
index 7869da3..0e5a90a 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -21,7 +21,6 @@ from django.urls import include, path
 from django.views.generic import TemplateView
 
 urlpatterns = [
-    path("login", TemplateView.as_view(template_name="login.html"), name="login"),
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
     path("admin/", admin.site.urls),
diff --git a/src/shared/templates/login.html b/src/shared/templates/login.html
deleted file mode 100644
index d6a5160..0000000
--- a/src/shared/templates/login.html
+++ /dev/null
@@ -1,29 +0,0 @@
-{% extends "base.html" %}
-
-{% load i18n socialaccount %}
-
-{% block content %}
-  <div class="fixed-grid">
-    <div class="grid">
-      <a href="{% provider_login_url 'kanidm' %}"
-         class="cell has-background-primary-dark p-6 has-radius-normal has-text-centered has-text-white">
-        <span class="icon-text">
-          <span class="icon">
-            <i class="ti ti-login"></i>
-          </span>
-          <span><b>{% trans "Connexion via la DGNum" %}</b></span>
-        </span>
-      </a>
-
-      <a href="{% provider_login_url 'ens_cas' %}"
-         class="cell has-background-primary p-6 has-radius-normal has-text-centered has-text-white">
-        <span class="icon-text">
-          <span class="icon">
-            <i class="ti ti-login"></i>
-          </span>
-          <span><b>{% trans "Connexion via l'ENS" %}</b></span>
-        </span>
-      </a>
-    </div>
-  </div>
-{% endblock content %}

From 45bd436ea786d8a44dcd589f705721bb8c6066ff Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 26 Sep 2024 23:01:09 +0200
Subject: [PATCH 081/172] feat(i18n): Add an english translation

---
 default.nix                                |   3 +-
 src/app/settings.py                        |  14 +-
 src/app/urls.py                            |   1 +
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 0 -> 5262 bytes
 src/shared/locale/en/LC_MESSAGES/django.po | 269 +++++++++++++++++++++
 src/shared/static/bulma/bulma.scss         |   6 +
 src/shared/templates/_footer.html          |   4 +-
 src/shared/templates/_hero.html            |  80 ++++--
 8 files changed, 348 insertions(+), 29 deletions(-)
 create mode 100644 src/shared/locale/en/LC_MESSAGES/django.mo
 create mode 100644 src/shared/locale/en/LC_MESSAGES/django.po

diff --git a/default.nix b/default.nix
index 6598c74..0210594 100644
--- a/default.nix
+++ b/default.nix
@@ -48,8 +48,9 @@ in
     name = "dgsi.dev";
 
     packages = [
-      pkgs.jq
       pkgs.dart-sass
+      pkgs.gettext
+      pkgs.jq
 
       # Python dependencies
       (python.withPackages (ps: [
diff --git a/src/app/settings.py b/src/app/settings.py
index 1192bda..98e7808 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -55,6 +55,7 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
@@ -187,9 +188,18 @@ AUTH_USER_MODEL = "dgsi.User"
 # Internationalization configuration
 #   -> https://docs.djangoproject.com/en/4.2/topics/i18n/
 
-LANGUAGE_CODE = "fr-fr"
+LANGUAGE_CODE = "fr"
 
-TIME_ZONE = "UTC"
+LANGUAGES = [
+    ("en", "English"),
+    ("fr", "Français"),
+]
+
+LOCALE_PATHS = [
+    (BASE_DIR / "shared" / "locale"),
+]
+
+TIME_ZONE = "Europe/Paris"
 
 USE_I18N = True
 USE_TZ = True
diff --git a/src/app/urls.py b/src/app/urls.py
index 0e5a90a..c33a36f 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -24,6 +24,7 @@ urlpatterns = [
     path("", include("dgsi.urls")),
     path("accounts/", include("allauth.urls")),
     path("admin/", admin.site.urls),
+    path("i18n/", include("django.conf.urls.i18n")),
     path("__reload__/", include("django_browser_reload.urls")),
 ]
 
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
new file mode 100644
index 0000000000000000000000000000000000000000..6b1f9befecf2385570989679def79d9c2949933e
GIT binary patch
literal 5262
zcmbuCTWlOx8OKi{P%tf&1SsWFPE&$&@va?{hGgqlNqh+=abjX80R@DPch2rkGCQ-K
zGh=6~O0AIKi5FD$CRMb3K`|gC1iV!UX{nHa2P7mU#7z_-R0*{&AQcq>zwgZK#U{MK
zXpjFhXXc#m_W!=~`FFc_J)yX2j1MvXa+^{Yz!%@lAFkJTDRmC~J6Hu5-=frgU=F?q
zd<uLU_$}~#;P=7Z;LpH!g1-mv0$&C12me*RzyGaDX`YXQN5CuK+rh7ZvhS1N-QYLD
z_k%s~gWzw#4}h<OB5%*_N__-82#TCffhWPM;5hg!_-^n=;2q#E!FPavEb+DS{Tt=;
zofz`~@9zOcj|-sa5r8815pW573Y7i+0Dc&J6&wTaz=%EI-Js}o2o!l|!FPdIK-sSe
ziXR^Z4}dR#_kceI-wXZ;l<(dE<-0v>F8e(Io(3<0sH~m_KMFn%{sMdnyaqml&>3(S
zN`4wV1zx>PsmH-9Jim6QQv1O(1WEkU0Y&dGf|#P7ET5kP#n0ab`Kh1qN9_0&DDiv+
zlz89C<X%vN;=ehNP^&H|`#%aIQhgPaeVzkl-*1Cr=S$`DZ$XLkUqSi)E`oXjycZOG
zKL_$keF=mD>Io2Ps%Jsb`vp+!_(u8s15o_;V^H*b1r)je0EJh3Q0^=^0gAjEp!oUA
zAg)wj2SwlSfD->7f)dYPgYx~KLCKrHfnvvQgovI8LHT|a6g}e-b5Qho1QgzU4Lk+D
z2#Wsy1V#Ss7;zIE2QPp>2PZ%cDNlmSAmQ}B2E1(1M`BQA$hUHdujCRNL=UlDczuZR
zF^1S8{E_PzLv-$6xJZ41v9FxC7ZjfzW{B=`9c2g)L}$4^&X9PBEpkmW-sJC;s(|7f
z%@FSPuW@d0pTER6Q{}z*b&`SUo)a>CgmHi&<>??pa^*Oq#voPvg$oCl<P?-2ToO~^
zrP2$rHubvgWG2og^hT09ZJf(f`>-|}Nto&=*LACdq@K5JoN3FCC7n*1<QtaPR@aj_
zvvFQkGwZXLWrI%QTyHC2i=el4t@pgnV?JtkGOOp$oX^|(zM0AOS#`?GE%r!zH=B|5
z62ds^ZKa{j)6p-ScA3fY%$1Y9Ep;krhjHk#)MQ~2>p*s2U1B=5&Y^OyolQ5wx*bf}
zO523djz?Wna|V&k1fjA^sp`V{RgEq-4Z_S;)m$qHZ^-M&@Qa(dRdb^@)zjWqZwsf{
zx^{WJ-n;3xf6z(tRPWm#gsu~rZfx52fYVp^?Jw>=uZs;3l*F;UfkneR9k#`%;d&%O
zQ|#*`abRKz3<@R9P(B`=cOx%Qtn|?MjzFln;k$v|XH6UiZU2hc+-gNJ9SZ>r>?piY
zE}J(*8Q1p-qvoydAf-V}ttcD@&?tN;x0<zHbuFGQ9NV#}6Z3^rb(_Y$E&CrEMB}E6
z@c2m^yK2WpRhy5i`I4eepCgzizoF)PTkKOhb0JP`Q`lltwHVf0Ay%x+FRG<_?|TRw
zVat-&uo03GYUI98X0gUeDi8oCY*;tKHh#!LVOQO@Dv!OfHMJBslC<q3;dEx}E&swX
z562otVu@v=lvd}6Y(2D*h~BVK(&@l3&m+>XW5_<EXN+#8wsB%_E6X~rHaQtI<GhVW
z_Rjibo0&ATRkdu}>nSd;XJMoN5Ll<1q;UsydANbSj$~LSm&oo0iL#tvCGn#oSbZg2
z4CQriD{CcUu8&gTT@q!(M1;1g&L?dQ$(?E1;(mk+{@oxgMGCYglUI!A>$Vz!mtjLj
zQuem0YK7zx9kBtMB~|_#rB}S_qTP;MQx}Id2A}t9%y8D};j~k$MeU#*Ql^UBb9y6`
z<S(k&@Qc13RK6l6-tlTRqyR-0mwRGN$jSl1DNRP3Ye|kGJ{5{cXdk^Vv<VlfpjOM8
zx7O{H6f4Vc-`~21nb*TOIN;Rf#1V%Pl0j?awQWXu7QT2V`x0LyVMB7j<PiF1Q7=l%
zsx#~9EZX}|JLDLZ{Goh2jI<j!%`l@VSZygcc{-unHm!%^Zt8)Pyv-mP`%?CYnOYmt
zR4Q<m)XEP}4%xbMMu>||Y#P`NIgW<Mh0~>D<T&C48pd!WgrZYFR+MGfEi+_~Kh}go
zMI9?xSN(rPm5bwXs{g~@(UiIbt|D-h)OgE;u&6jBDWCp?bW#?W=3E_U1>@7?8r-QY
z1(nNC0S?t5hYPEHkBwclog~dF%dQy)mD73CRo0T49$UFkxo9^+Sy7Q{T+`E2(?=>(
z$1BrE_4IV@$nir{(^FGp=ZwoLYbix6GNf5euaUW*%qbJ~R;FjNq+M;5PlG7UvWlaR
z+^(!y)2``7DeA4kY)v=PvE`-Zg`v)et5aihzC%D7G_FzmZe)|3fnofhuD49;Y<A+(
z+G6F{@H^3}VbjV2ZVbY>S<}bX!)$CN%2N|n7IB!X>A2$`-HGW3b#Z%Qf2?Qq;R9oz
zshqJf8RqReLx)frsgE439v)Nrbho4vdr#<YBBxl~2-CLCS|;-oEn=xtYXYVSPX9d9
zCJwY|rq=4sFl*_MnkmdB!+ZnuS@trKtm|sOMVV6~FUjL<wDn<UtJk}c+3a^Uex_)2
zY=6!MO8OeTz1^XS@u#3p8pWcr)miW@jyA<xwf(WC<ftt*(RIi{)6*q$sSXs1kU|ku
zRX@bT>V*Q*w)GcEdqYWV<WbaxvX*^B$I(xyLObj4_Fl&?LYD7cF2#n{MrVn*GKTfV
zJlWFe5TWf)ZigtZfV4|R2QtudFhA!t)H?z}gCjaH9otR4eeIx^;Ec~Ksc0c1Dt626
zrEVfoR>CI^ExMR85JiO-L!^PhF(a#G!OM?5J<_(k{Ma*tSe>&?_8qh_Vl~HuT7`&;
zPDOJfTiO+l=N&P>#9<;`r0U-c7#PN0Nvtr^rBv0Wq8l03|C(C!t%#U3dU(LE(N?7B
zgr!SSt4Sl<G`_g`p2P-PqAhu`-u2@8EeWRXY)Y_qv@JQs;YgYl$DQv>sL7>ujU<Ya
zO~PL^DUQ~oTQ(+E`DTO@&21)WAib4uKl=264eTjx3jGL<L3^D$TFL%@G2UDLO+RYB
z6~UDLzYOOSy_3;-%yx6+dKlBaN-X;n6P0(;tLQ_lyxQ4_oGwzngj+NkzRwT=UWH+!
zku=~TN|t^u-YzxDM76<$*Q#XTW*9|!9fAh|OG>(KYcC4NR?9Afg41{7px9-;U=KPB
zid)K=mT`njMf8QkNR+(X!e0n7IlAK}DKJt?eLsPkQfDcq@pbu2uR?F7+qC57x}Bhc
zTNvtVDGdbS(kA<#+Xkt^?c8Nj4EW!6M7^SMpyL(377@Tn5ZG%<O_W2pC=C8TW2xCy
nb*ufh?Igh}b}K$Eozta1xz#B!q1W@`m=S?74lIQxF-iJwMCSrX

literal 0
HcmV?d00001

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
new file mode 100644
index 0000000..d3aeb5d
--- /dev/null
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -0,0 +1,269 @@
+# DG·SI english translation
+# Copyright (C) 2024 DGNum
+# This file is distributed under the same license as the dgsi package.
+# Tom Hubrecht <tom.hubrecht@dgnum.eu>, 2024.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dgsi.dgnum.eu\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-09-26 22:48+0200\n"
+"PO-Revision-Date: 2024-09-26 22:49+0200\n"
+"Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
+"Language-Team: French\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1)\n"
+"X-Generator: Gtranslator 46.1\n"
+
+#: app/settings.py:276
+msgid "Administration de DGSI"
+msgstr "DGSI Administration"
+
+#: dgsi/forms.py:16
+msgid "Identifiant déjà présent dans la base de données."
+msgstr "Username already in the database."
+
+#: dgsi/forms.py:22
+msgid "Identifiant"
+msgstr "Username"
+
+#: dgsi/forms.py:23
+msgid "De préférence identique au login ENS de la personne concernée"
+msgstr "Preferably identical to the ENS login of the person concerned"
+
+#: dgsi/forms.py:26 dgsi/forms.py:39
+msgid "Nom d'usage"
+msgstr "Name in use"
+
+#: dgsi/forms.py:28 dgsi/forms.py:41
+msgid "Adresse e-mail"
+msgstr "E-mail address"
+
+#: dgsi/forms.py:29 dgsi/forms.py:42
+msgid "De préférence l'adresse '@ens.psl.eu'"
+msgstr "Preferably the ‘@ens.psl.eu’ address"
+
+#: dgsi/forms.py:32
+msgid "Membre actif"
+msgstr "Active member"
+
+#: dgsi/forms.py:33
+msgid "Si selectionné, la personne sera ajoutée au groupe dgnum_members"
+msgstr "If selected, the person will be added to the dgnum_members group."
+
+#: dgsi/models.py:22
+msgid "Nom du service proposé"
+msgstr "Name of the proposed service"
+
+#: dgsi/models.py:23
+msgid "Adresse du service"
+msgstr "Address of the service"
+
+#: dgsi/models.py:24
+msgid "Icône du service"
+msgstr "Icon of the service"
+
+#: dgsi/models.py:34
+msgid "Date du document"
+msgstr "Document date"
+
+#: dgsi/models.py:35
+msgid "Nom du document"
+msgstr "Document name"
+
+#: dgsi/models.py:36
+msgid "Fichier PDF"
+msgstr "PDF file"
+
+#: dgsi/models.py:58 dgsi/models.py:59
+#: dgsi/templates/dgsi/legal_documents.html:26
+msgid "Statuts"
+msgstr "Statutes"
+
+#: dgsi/models.py:71 dgsi/templates/dgsi/legal_documents.html:30
+msgid "Règlement Intérieur"
+msgstr "Bylaws"
+
+#: dgsi/models.py:72
+msgid "Règlements Intérieurs"
+msgstr "Bylaws"
+
+#: dgsi/models.py:114
+msgid "Correspondance de login"
+msgstr "Login mapping"
+
+#: dgsi/models.py:115
+msgid "Correspondances de login"
+msgstr "Login mappings"
+
+#: dgsi/templates/_legal_document.html:9
+msgid ""
+" En acceptant, vous assurez avoir lu ce document et en approuver le contenu."
+msgstr ""
+" By accepting, you confirm that you have read this document and agree with "
+"its content."
+
+#: dgsi/templates/_legal_document.html:15
+msgid "Accepté"
+msgstr "Accepted"
+
+#: dgsi/templates/dgsi/create_kanidm_account.html:6
+msgid "Création de compte Kanidm"
+msgstr "Kanidm account creation"
+
+#: dgsi/templates/dgsi/create_kanidm_account.html:14
+#: dgsi/templates/dgsi/create_self_account.html:14
+msgid "Enregistrer"
+msgstr "Save"
+
+#: dgsi/templates/dgsi/create_self_account.html:6
+msgid "Création d'un compte DGNum"
+msgstr "DGNum account creation"
+
+#: dgsi/templates/dgsi/legal_documents.html:12
+msgid ""
+"Vous devez accepter les Statuts et le Règlement Intérieur de la DGNum avant "
+"de pouvoir créer un compte."
+msgstr ""
+"You must accept the DGNum Statutes and Bylaws before you can create an "
+"account."
+
+#: dgsi/templates/dgsi/legal_documents.html:16
+msgid ""
+"Vous n'avez pas encore de compte DGNum, mais vous pouvez désormais en créer "
+"un."
+msgstr "You do not yet have a DGNum account, but you can now create one."
+
+#: dgsi/templates/dgsi/legal_documents.html:19
+msgid "Poursuivre la création d'un compte DGNum"
+msgstr "Continue the creation of a DGNum account"
+
+#: dgsi/templates/dgsi/legal_documents.html:26
+msgid "Accepter les statuts"
+msgstr "Accept the statutes"
+
+#: dgsi/templates/dgsi/legal_documents.html:30
+msgid "Accepter le règlement intérieur"
+msgstr "Accept the bylaws"
+
+#: dgsi/templates/dgsi/profile.html:7
+#, python-format
+msgid "Profil de %(displayname)s"
+msgstr "Profile of %(displayname)s"
+
+#: dgsi/templates/dgsi/profile.html:13
+msgid "Mot de passe WiFi :"
+msgstr "WiFi password:"
+
+#: dgsi/templates/dgsi/profile.html:23
+msgid "Adresse e-mail :"
+msgstr "E-mail address:"
+
+#: dgsi/templates/dgsi/profile.html:28
+msgid "Informations techniques"
+msgstr "Technical informations"
+
+#: dgsi/templates/dgsi/profile.html:31
+msgid "Identifiant unique :"
+msgstr "Unique identifier:"
+
+#: dgsi/templates/dgsi/profile.html:40
+msgid "Membre des groupes suivants :"
+msgstr "Member of the following groups:"
+
+#: dgsi/templates/dgsi/profile.html:51
+msgid "Pas de compte DGNum répertorié."
+msgstr "No DGNum account found."
+
+#: dgsi/templates/dgsi/profile.html:54
+msgid "Créer un compte DGNum"
+msgstr "Create a DGNum account"
+
+#: dgsi/templates/dgsi/service_list.html:6
+msgid "Services accessibles via la DGNum"
+msgstr "Services accessible via the DGNum"
+
+#: dgsi/views.py:30
+msgid "Mon profil"
+msgstr "My profile"
+
+#: dgsi/views.py:31
+msgid "Documents Légaux"
+msgstr "Legal Documents"
+
+#: dgsi/views.py:35
+msgid "Services proposés par la DGNum"
+msgstr "Services offered by the DGNum"
+
+#: dgsi/views.py:44
+msgid "Créer un nouveau compte Kanidm"
+msgstr "Create a new Kanidm account"
+
+#: dgsi/views.py:48
+msgid "Interface d'administration"
+msgstr "Administration interface"
+
+#: dgsi/views.py:83
+msgid "Compte DGNum créé avec succès"
+msgstr "DGNum account successfully created"
+
+#: dgsi/views.py:99
+msgid "<b>Vous possédez déjà un compte DGNum !</b>"
+msgstr "<b>You already have a DGNum account!</b>"
+
+#: dgsi/views.py:111
+msgid "Vous devez accepter les Statuts et le Règlement Intérieur."
+msgstr "You must accept the Statutes and the Bylaws."
+
+#: dgsi/views.py:190
+#, python-format
+msgid "Type de document invalide : %(kind)s"
+msgstr "Invalid document type: %(kind)s"
+
+#: dgsi/views.py:220
+#, python-format
+msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
+msgstr "DGNum account for %(displayname)s [%(name)s] created."
+
+#: shared/account.py:37
+msgid "Catégorie de compte ENS interdite."
+msgstr "ENS account category not permitted."
+
+#: shared/account.py:53
+msgid "Méthode de connexion invalide."
+msgstr "Invalid connection method."
+
+#: shared/templates/_footer.html:4
+msgid ""
+"Logiciel développé pour et par la <a href=\"https://dgnum.eu\">DGNum</a>."
+msgstr ""
+"Software developed for and by the <a href=‘https://dgnum.eu’>DGNum</a>."
+
+#: shared/templates/_hero.html:18
+msgid "Déconnexion"
+msgstr "Logout"
+
+#: shared/templates/_hero.html:27
+msgid "Connexion"
+msgstr "Login"
+
+#: shared/templates/_hero.html:41
+msgid "Choix de la langue"
+msgstr "Language selection"
+
+#: shared/templates/accounts/forbidden_category.html:6
+msgid "Connexion impossible"
+msgstr "Unable to connect"
+
+#: shared/templates/accounts/forbidden_category.html:10
+msgid ""
+"Vos informations ne permettent pas de vous identifier auprès de la DGNum."
+"<br>Si vous pensez qu'il s'agit une erreur, merci de nous contacter à "
+"l'adresse : <a href=\"mailto:contact@dgnum.eu\">contact@dgnum.eu</a>"
+msgstr ""
+"Your details do not allow the DGNum to authenticate you.<br>If you think "
+"this is a mistake, please contact us at: <a href=\"mailto:contact@dgnum."
+"eu\">contact@dgnum.eu</a>"
diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 65676da..1cf47fc 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -62,3 +62,9 @@ body {
 .notification {
   margin-bottom: var(--bulma-block-spacing);
 }
+
+.dropdown.is-fullwidth,
+.dropdown.is-fullwidth > .dropdown-trigger,
+.dropdown.is-fullwidth > .dropdown-menu {
+  width: 100%;
+}
diff --git a/src/shared/templates/_footer.html b/src/shared/templates/_footer.html
index f58de5e..af91d07 100644
--- a/src/shared/templates/_footer.html
+++ b/src/shared/templates/_footer.html
@@ -1,6 +1,6 @@
-{% load  django_browser_reload %}
+{% load i18n django_browser_reload %}
 
 <footer class="footer has-text-centered">
-  <b>Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.</b>
+  <b>{%blocktrans %}Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.{% endblocktrans %}</b>
   {% django_browser_reload_script %}
 </footer>
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 9267783..78ba4b7 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -1,35 +1,67 @@
 {% load i18n %}
 
 <section class="hero is-dark is-primary">
-  <div class="hero-body">
-    <div class="container">
-      <div class="grid has-3-cols">
-        <div class="cell is-col-span-2">
-          <h1 class="title">
-            <a href="{% url 'dgsi:dgn-index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
-          </h1>
-          <h2 class="subtitle mt-2">Système d'information de la DGNum</h2>
-        </div>
-        <div class="cell">
+  <div class="hero-body px-0">
+    <div class="columns mx-6">
+      <div class="column is-three-quarters">
+        <h1 class="title">
+          <a href="{% url 'dgsi:dgn-index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
+        </h1>
+        <h2 class="subtitle mt-2">Système d'information de la DGNum</h2>
+      </div>
+      <div class="column">
+        <div class="buttons mt-5">
           {% if user.is_authenticated %}
-          <a href="{% url 'account_logout' %}" class="button is-light is-pulled-right">
-            <span>
-              <span>{% trans "Déconnexion" %}</span>
-              <span class="icon">
-                <i class="ti ti-door-exit"></i>
+            <a href="{% url 'account_logout' %}"
+               class="button is-light is-fullwidth">
+              <span>
+                <span>{% trans "Déconnexion" %}</span>
+                <span class="icon">
+                  <i class="ti ti-door-exit"></i>
+                </span>
               </span>
-            </span>
-          </a>
+            </a>
           {% else %}
-          <a href="{% url 'account_login' %}" class="button is-light is-pulled-right">
-            <span>
-              <span>{% trans "Connexion" %}</span>
-              <span class="icon">
-                <i class="ti ti-door-enter"></i>
+            <a href="{% url 'account_login' %}" class="button is-fullwidth is-light">
+              <span>
+                <span>{% trans "Connexion" %}</span>
+                <span class="icon">
+                  <i class="ti ti-door-enter"></i>
+                </span>
               </span>
-            </span>
-          </a>
+            </a>
           {% endif %}
+          <div class="dropdown is-hoverable is-fullwidth">
+            <div class="dropdown-trigger"
+                 aria-haspopup="true"
+                 aria-controls="lang-menu">
+              <button class="button is-primary is-light is-fullwidth has-text-dark">
+                <span class="icon"><i class="ti ti-language"></i></span>
+                <span>{% trans "Choix de la langue" %}</span>
+                <span class="icon is-pulled-right">
+                  <i class="ti ti-chevron-down" aria-hidden="true"></i>
+                </span>
+              </button>
+            </div>
+
+            <div class="dropdown-menu" id="lang-menu" role="menu">
+              <div class="dropdown-content px-2">
+                {% get_current_language as LANGUAGE_CODE %}
+                {% get_available_languages as LANGUAGES %}
+                {% get_language_info_list for LANGUAGES as languages %}
+                {% for language in languages %}
+                  <form action="{% url 'set_language' %}" method="post">
+                    {% csrf_token %}
+                    <input name="next" type="hidden" value="{{ redirect }}">
+                    <input type="hidden" name="language" value="{{ language.code }}">
+                    <button class="dropdown-item {% if language.code == LANGUAGE_CODE %}is-active{% endif %}">
+                      {{ language.name_local|capfirst }}
+                    </button>
+                  </form>
+                {% endfor %}
+              </div>
+            </div>
+          </div>
         </div>
       </div>
     </div>

From 224f9df858e205157dcc9aee37b2927ffda27ee6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 10:38:32 +0200
Subject: [PATCH 082/172] chore(npins): Update

---
 npins/sources.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/npins/sources.json b/npins/sources.json
index 7ffea61..9061aeb 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -8,15 +8,15 @@
         "repo": "git-hooks.nix"
       },
       "branch": "master",
-      "revision": "e35aed5fda3cc79f88ed7f1795021e559582093a",
-      "url": "https://github.com/cachix/pre-commit-hooks.nix/archive/e35aed5fda3cc79f88ed7f1795021e559582093a.tar.gz",
-      "hash": "1bq0yrjmkddj964s2q6393nwp4mqrlmc2i5wsy992r034awyywp1"
+      "revision": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/4e743a6920eab45e8ba0fbe49dc459f1423a4b74.tar.gz",
+      "hash": "0fc69dsn5rhv2zb16c2bfgx84ja8cmn7d7j2mrw3n4m8y611x40g"
     },
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre630522.3305b2b25e4a/nixexprs.tar.xz",
-      "hash": "1bg240s2jbyvdixpy14rc4fcn9zrjf36mcd2xv59rcxx508gwhi2"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre685691.28b5b8af91ff/nixexprs.tar.xz",
+      "hash": "14ldh9js6l9nqch7j8z6nhyplxc5d9jw375pg8h4s24m7x37xnvy"
     }
   },
   "version": 3

From 97dc77fd5d40fd8a54e6d0bf64998e092916f7c4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 10:55:05 +0200
Subject: [PATCH 083/172] feat(apps): Add django-import-export

---
 default.nix         |  1 +
 src/app/settings.py |  5 +++++
 src/dgsi/admin.py   | 17 ++++++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/default.nix b/default.nix
index 0210594..1008f2a 100644
--- a/default.nix
+++ b/default.nix
@@ -61,6 +61,7 @@ in
         ps.django-bulma-forms
         ps.django-compressor
         ps.django-debug-toolbar
+        ps.django-import-export
         ps.django-sass-processor
         ps.django-sass-processor-dart-sass
         ps.django-stubs
diff --git a/src/app/settings.py b/src/app/settings.py
index 98e7808..50967a5 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -28,16 +28,21 @@ ADMINS = credentials.get_json("ADMINS", [])
 # List the installed applications
 
 INSTALLED_APPS = [
+    # Unfold apps
     "unfold",
+    "unfold.contrib.import_export",
+    # Django standard apps
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
     "django.contrib.sessions",
     "django.contrib.messages",
+    # Custom apps
     "shared.staticfiles.StaticFilesApp",  # Overrides the default staticfiles app to filter out the sccs sources
     "django_browser_reload",
     "sass_processor",
     "bulma",
+    "import_export",
     # Authentication
     "allauth",
     "allauth.account",
diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index a12277d..7ec4ca8 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,15 +1,26 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from import_export.admin import ImportExportMixin
 from unfold.admin import ModelAdmin
+from unfold.contrib.import_export.forms import (
+    ExportForm,
+    ImportForm,
+    SelectableFieldsExportForm,
+)
 
 from dgsi.models import Bylaws, Service, Statutes, Translation, User
 
 
 @admin.register(User)
-class UserAdmin(BaseUserAdmin, ModelAdmin):
-    pass
+class UserAdmin(BaseUserAdmin, ImportExportMixin, ModelAdmin):
+    import_form_class = ImportForm
+    export_form_class = ExportForm
+    export_form_class = SelectableFieldsExportForm
 
 
 @admin.register(Bylaws, Service, Statutes, Translation)
-class AdminClass(ModelAdmin):
+class AdminClass(ImportExportMixin, ModelAdmin):
     compressed_fields = True
+    import_form_class = ImportForm
+    export_form_class = ExportForm
+    export_form_class = SelectableFieldsExportForm

From 2f5482a091c6ba539d3519197c3899594a9f03b3 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 10:56:22 +0200
Subject: [PATCH 084/172] fix(isort): Make it compatible with black

---
 pyproject.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 60895e3..940e775 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -28,3 +28,6 @@ profile = "django"
 
 [tool.djlint.js]
 indent_size = 4
+
+[tool.isort]
+profile = "black"

From dc8f89be8630fd215b2924b5fbe716f658c4fc6e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 11:08:35 +0200
Subject: [PATCH 085/172] feat(admin): Unregister most socialaccount models,
 and re-register SocialAccount

This allows to use the django-unfold ModelAdmin class
---
 src/dgsi/admin.py | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 7ec4ca8..f4b8357 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,3 +1,4 @@
+from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from import_export.admin import ImportExportMixin
@@ -11,6 +12,29 @@ from unfold.contrib.import_export.forms import (
 from dgsi.models import Bylaws, Service, Statutes, Translation, User
 
 
+# Unregister allauth models
+def unregister(*models, site=None):
+    """
+    Unregister the given model(s) classes.
+
+    unregister(Author)
+
+    The `site` kwarg is an admin site to use instead of the default admin site.
+    """
+
+    from django.contrib.admin.sites import site as default_site
+
+    admin_site = site or default_site
+
+    if not isinstance(admin_site, admin.AdminSite):
+        raise ValueError("site must subclass AdminSite")
+
+    admin_site.unregister(models)
+
+
+unregister(SocialAccount, SocialApp, SocialToken)
+
+
 @admin.register(User)
 class UserAdmin(BaseUserAdmin, ImportExportMixin, ModelAdmin):
     import_form_class = ImportForm
@@ -18,7 +42,7 @@ class UserAdmin(BaseUserAdmin, ImportExportMixin, ModelAdmin):
     export_form_class = SelectableFieldsExportForm
 
 
-@admin.register(Bylaws, Service, Statutes, Translation)
+@admin.register(Bylaws, Service, SocialAccount, Statutes, Translation)
 class AdminClass(ImportExportMixin, ModelAdmin):
     compressed_fields = True
     import_form_class = ImportForm

From c7e13b76f26014b3c11e2afe83e1e642fa892bb9 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 12:41:02 +0200
Subject: [PATCH 086/172] feat(admin): Add fields to the user admin panel

---
 src/dgsi/admin.py                             | 16 +++++++--
 ...007_alter_user_accepted_bylaws_and_more.py | 36 +++++++++++++++++++
 src/dgsi/models.py                            | 12 +++++--
 3 files changed, 60 insertions(+), 4 deletions(-)
 create mode 100644 src/dgsi/migrations/0007_alter_user_accepted_bylaws_and_more.py

diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index f4b8357..29a6911 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,6 +1,7 @@
 from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
 from django.contrib import admin
-from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.admin import UserAdmin as DjangoUserAdmin
+from django.utils.translation import gettext_lazy as _
 from import_export.admin import ImportExportMixin
 from unfold.admin import ModelAdmin
 from unfold.contrib.import_export.forms import (
@@ -11,6 +12,8 @@ from unfold.contrib.import_export.forms import (
 
 from dgsi.models import Bylaws, Service, Statutes, Translation, User
 
+assert DjangoUserAdmin.fieldsets is not None
+
 
 # Unregister allauth models
 def unregister(*models, site=None):
@@ -36,11 +39,20 @@ unregister(SocialAccount, SocialApp, SocialToken)
 
 
 @admin.register(User)
-class UserAdmin(BaseUserAdmin, ImportExportMixin, ModelAdmin):
+class UserAdmin(DjangoUserAdmin, ImportExportMixin, ModelAdmin):
     import_form_class = ImportForm
     export_form_class = ExportForm
     export_form_class = SelectableFieldsExportForm
 
+    # Add the local fields
+    fieldsets = (
+        *DjangoUserAdmin.fieldsets,
+        (
+            _("Documents DGNum"),
+            {"fields": ("accepted_statutes", "accepted_bylaws")},
+        ),
+    )
+
 
 @admin.register(Bylaws, Service, SocialAccount, Statutes, Translation)
 class AdminClass(ImportExportMixin, ModelAdmin):
diff --git a/src/dgsi/migrations/0007_alter_user_accepted_bylaws_and_more.py b/src/dgsi/migrations/0007_alter_user_accepted_bylaws_and_more.py
new file mode 100644
index 0000000..cd203b0
--- /dev/null
+++ b/src/dgsi/migrations/0007_alter_user_accepted_bylaws_and_more.py
@@ -0,0 +1,36 @@
+# Generated by Django 4.2.16 on 2024-09-27 10:40
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("dgsi", "0006_translation"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="accepted_bylaws",
+            field=models.ForeignKey(
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="dgsi.bylaws",
+                verbose_name="Dernier Règlement Intérieur accepté",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="user",
+            name="accepted_statutes",
+            field=models.ForeignKey(
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="dgsi.statutes",
+                verbose_name="Derniers statuts acceptés",
+            ),
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 8666680..d2837cb 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -139,10 +139,18 @@ class User(AbstractUser):
     """
 
     accepted_statutes = models.ForeignKey(
-        Statutes, on_delete=models.SET_NULL, null=True, default=None
+        Statutes,
+        on_delete=models.SET_NULL,
+        null=True,
+        default=None,
+        verbose_name=_("Derniers statuts acceptés"),
     )
     accepted_bylaws = models.ForeignKey(
-        Bylaws, on_delete=models.SET_NULL, null=True, default=None
+        Bylaws,
+        on_delete=models.SET_NULL,
+        null=True,
+        default=None,
+        verbose_name=_("Dernier Règlement Intérieur accepté"),
     )
     # accepted_terms = models.ManyToManyField(TermsAndConditions)
 

From fa8f8a214fce9b8eaea1aa7da530237d1e650ff2 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 12:42:47 +0200
Subject: [PATCH 087/172] feat(templates): Add analytics

---
 src/shared/templates/_links.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/shared/templates/_links.html b/src/shared/templates/_links.html
index 84065b7..c602519 100644
--- a/src/shared/templates/_links.html
+++ b/src/shared/templates/_links.html
@@ -13,3 +13,4 @@
 
 <!-- JS -->
 <script src="{% static 'js/dgsi.js' %}"></script>
+<script defer data-domain="profil.dgnum.eu" src="https://analytics.dgnum.eu/js/script.js"></script>

From 6a581fcec418197343e08c5cd42ee694ad9f3738 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 27 Sep 2024 14:41:41 +0200
Subject: [PATCH 088/172] feat(scss): More idiomatic writing

---
 src/shared/static/bulma/bulma.scss | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 1cf47fc..6005991 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -35,19 +35,19 @@ body {
 
 .bt-links {
   justify-content: space-evenly;
-}
 
-.bt-links > .button {
-  width: 47.5%;
+  .button {
+    width: 47.5%;
+  }
 }
 
 .grid.groups {
   --bulma-grid-column-min: min(24rem, 100%);
-}
 
-.groups > .button > span {
-  overflow-x: hidden;
-  text-overflow: ellipsis;
+  .button > span {
+    overflow-x: hidden;
+    text-overflow: ellipsis;
+  }
 }
 
 #notifications {
@@ -63,8 +63,11 @@ body {
   margin-bottom: var(--bulma-block-spacing);
 }
 
-.dropdown.is-fullwidth,
-.dropdown.is-fullwidth > .dropdown-trigger,
-.dropdown.is-fullwidth > .dropdown-menu {
+.dropdown.is-fullwidth {
   width: 100%;
+
+  .dropdown-trigger,
+  .dropdown-menu {
+    width: 100%;
+  }
 }

From fb70bf13f8f405eafc345387b30876b74254e89a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 29 Sep 2024 19:50:35 +0200
Subject: [PATCH 089/172] feat(profile): Add a way to reset/generate a wifi
 password

TODO: Maybe switch to a post request, as it modifies the internal state
---
 src/dgsi/templates/dgsi/profile.html | 29 ++++++++++++++++++++--------
 src/dgsi/urls.py                     |  5 +++++
 src/dgsi/views.py                    | 16 +++++++++++++++
 3 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 0790195..7053901 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -9,15 +9,28 @@
   </h2>
   <hr>
 
-  {% if user.kanidm.radius_secret %}
-    <h3 class="has-text-weight-bold mb-3">{% trans "Mot de passe WiFi :" %}</h3>
+  {% if user.kanidm %}
+    <h3 class="has-text-weight-bold mb-3">
+      <span>{% trans "Mot de passe WiFi :" %}</span>
+      {% if user.kanidm.radius_secret %}
+        {% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" as confirm_wifi_reset %}
+        <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
+           class="tag is-warning is-light is-medium is-pulled-right"
+           onclick="return confirm('{{ confirm_wifi_reset }}')">{% trans "Réinitialiser le mot de passe WiFi" %}</a>
+      {% endif %}
+    </h3>
 
-    <input id="radius-secret"
-           onclick="document.querySelector('#radius-secret').select()"
-           class="button is-fullwidth is-primary is-size-4"
-           value="{{ user.kanidm.radius_secret }}"
-           readonly />
-    <br>
+    {% if user.kanidm.radius_secret %}
+      <input id="radius-secret"
+             onclick="document.querySelector('#radius-secret').select()"
+             class="button is-fullwidth is-primary is-size-4"
+             value="{{ user.kanidm.radius_secret }}"
+             readonly />
+      <br>
+    {% else %}
+      <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
+         class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
+    {% endif %}
   {% endif %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Adresse e-mail :" %}</h3>
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index cf7945c..4236850 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -20,6 +20,11 @@ urlpatterns = [
     ),
     # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path(
+        "accounts/generate-wifi-password/",
+        views.GenerateWiFiPasswordView.as_view(),
+        name="dgn-generate_wifi_password",
+    ),
     path(
         "accounts/create/",
         views.CreateSelfAccountView.as_view(),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index bb705ac..d446b3e 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -75,6 +75,22 @@ class ProfileView(LoginRequiredMixin, TemplateView):
         )
 
 
+class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
+    url = reverse_lazy("dgsi:dgn-profile")
+
+    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
+        user = User.from_request(self.request)
+
+        if user.kanidm is None:
+            messages.error(self.request, _("Compte DGNum inexistant."))
+        elif not user.kanidm.radius_secret:
+            messages.error(self.request, _("Mot de passe WiFi déjà existant."))
+        else:
+            async_to_sync(klient.call_post)(f"/v1/person/{user.username}/_radius")
+
+        return super().get(request, *args, **kwargs)
+
+
 # INFO: We subclass AccessMixin and not LoginRequiredMixin because the way we want to
 #       use dispatch means that we need to execute the login check anyways.
 class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):

From f4428ace59892179457b5607079cbecd7418091d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 29 Sep 2024 19:58:29 +0200
Subject: [PATCH 090/172] feat(kanidm): Log some errors

---
 src/dgsi/models.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index d2837cb..aad5918 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -1,3 +1,4 @@
+import logging
 from dataclasses import dataclass
 from functools import cached_property
 from typing import Optional, Self
@@ -12,6 +13,7 @@ from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
+from kanidm.radius import ClientConnectorError
 
 from shared.kanidm import klient
 
@@ -174,6 +176,9 @@ class User(AbstractUser):
             )
         except NoMatchingEntries:
             return None
+        except (TimeoutError, ClientConnectorError) as e:
+            logging.error(f"Erreur lors de la requête à Kanidm: {e}")
+            return None
 
     @property
     def is_admin(self) -> bool:

From a88d31541cfd836ba2bd4bb3c8ec8142e4cd8aa2 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 29 Sep 2024 20:05:05 +0200
Subject: [PATCH 091/172] feat(radius): Add the user to the correct group

When generating the first WiFi password, the user is added to the
`radius_access` group, which will allow them to connect. This also fix a
previous incorrect logic where users without wifi password could not
generate one.
---
 src/dgsi/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index d446b3e..8c3b9f8 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -83,9 +83,12 @@ class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
 
         if user.kanidm is None:
             messages.error(self.request, _("Compte DGNum inexistant."))
-        elif not user.kanidm.radius_secret:
-            messages.error(self.request, _("Mot de passe WiFi déjà existant."))
         else:
+            # Give access to the wifi network when the user creates its first password
+            if not user.kanidm.radius_secret:
+                async_to_sync(klient.group_add_members)(
+                    "radius_access", [user.username]
+                )
             async_to_sync(klient.call_post)(f"/v1/person/{user.username}/_radius")
 
         return super().get(request, *args, **kwargs)

From 61e3d4ed1951123aadf431af2a8ffe42ad0231ca Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 30 Sep 2024 10:14:45 +0200
Subject: [PATCH 092/172] feat(bulma): Tweak bt-link width

---
 src/shared/static/bulma/bulma.scss | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 6005991..8e656ef 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -10,6 +10,9 @@ $dark: rgb(46, 46, 46);
   $dark: $dark
 );
 
+@use "./sass/utilities/mixins" as mx;
+@use "./sass/utilities/initial-variables.scss" as iv;
+
 body {
   min-height: 100vh;
   display: flex;
@@ -37,7 +40,13 @@ body {
   justify-content: space-evenly;
 
   .button {
-    width: 47.5%;
+    @include mx.from(iv.$desktop) {
+      width: 47.5%;
+    }
+
+    @include mx.until(iv.$desktop) {
+      width: 100%;
+    }
   }
 }
 

From 119867a91ed07cfd01536eb0000aeaa3da7a05c4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 4 Oct 2024 14:43:42 +0200
Subject: [PATCH 093/172] fix(index): Shorten names to fit on small screens

---
 src/dgsi/views.py | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 8c3b9f8..aa8e646 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -29,19 +29,14 @@ class Link(NamedTuple):
 AUTHENTICATED_LINKS: list[Link] = [
     Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
     Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
-    Link(
-        "is-info",
-        "dgsi:dgn-services",
-        _("Services proposés par la DGNum"),
-        "apps-filled",
-    ),
+    Link("is-info", "dgsi:dgn-services", _("Services proposés"), "apps-filled"),
 ]
 
 ADMIN_LINKS: list[Link] = [
     Link(
         "is-danger",
         "dgsi:dgn-create_kanidm_user",
-        _("Créer un nouveau compte Kanidm"),
+        _("Créer un compte Kanidm"),
         "user-plus",
     ),
     Link(

From 3fa4591665f82fdf6af688b42e0bc64cb787289a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 4 Oct 2024 14:48:00 +0200
Subject: [PATCH 094/172] feat(shell): Add SAML dependencies

---
 default.nix | 40 ++++++++++++++++++++++------------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/default.nix b/default.nix
index 1008f2a..28d9316 100644
--- a/default.nix
+++ b/default.nix
@@ -53,24 +53,28 @@ in
       pkgs.jq
 
       # Python dependencies
-      (python.withPackages (ps: [
-        ps.django
-        ps.django-allauth
-        ps.django-allauth-cas
-        ps.django-browser-reload
-        ps.django-bulma-forms
-        ps.django-compressor
-        ps.django-debug-toolbar
-        ps.django-import-export
-        ps.django-sass-processor
-        ps.django-sass-processor-dart-sass
-        ps.django-stubs
-        ps.django-unfold
-        ps.ipython
-        ps.loadcredential
-        ps.pykanidm
-        ps.python-cas
-      ]))
+      (python.withPackages (
+        ps:
+        [
+          ps.django
+          ps.django-allauth
+          ps.django-allauth-cas
+          ps.django-browser-reload
+          ps.django-bulma-forms
+          ps.django-compressor
+          ps.django-debug-toolbar
+          ps.django-import-export
+          ps.django-sass-processor
+          ps.django-sass-processor-dart-sass
+          ps.django-stubs
+          ps.django-unfold
+          ps.ipython
+          ps.loadcredential
+          ps.pykanidm
+          ps.python-cas
+        ]
+        ++ ps.django-allauth.optional-dependencies.saml
+      ))
     ] ++ check.enabledPackages;
 
     env = {

From 9c4413faa1610167d65b5c6110cdbc714eb14887 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 6 Oct 2024 14:43:41 +0200
Subject: [PATCH 095/172] feat(settings): Add SAML auth

---
 src/app/settings.py | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index 50967a5..38d8a7a 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -48,6 +48,7 @@ INSTALLED_APPS = [
     "allauth.account",
     "allauth.socialaccount",
     "allauth.socialaccount.providers.openid_connect",
+    "allauth.socialaccount.providers.saml",
     "allauth_cas",
     "shared.cas",
     # Main app
@@ -178,6 +179,50 @@ SOCIALACCOUNT_PROVIDERS = {
             "settings": {"color": "danger"},
         },
     },
+    "saml": {
+        "APPS": [
+            {
+                "provider_id": "ens_saml",
+                "name": "SSO ENS",
+                "client_id": "ens",
+                "settings": {
+                    "color": "info",
+                    "idp": {
+                        "entity_id": "https://federation-test.ens.psl.eu/idp/shibboleth",
+                        "metadata_url": "https://federation-test.ens.psl.eu/idp/shibboleth",
+                    },
+                    # Our configuration
+                    "sp": {
+                        "entity_id": "https://profil.dgnum.eu/accounts/saml/ens/metadata",
+                    },
+                    "advanced": {
+                        "authn_request_signed": True,
+                        "metadata_signed": True,
+                        "private_key": credentials["X509_KEY"],
+                        "x509cert": credentials["X509_CERT"],
+                        "want_assertion_encrypted": True,
+                    },
+                    "organization": {
+                        "en": {
+                            "name": "Délégation Générale Numérique",
+                            "displayname": "Délégation Générale Numérique",
+                            "url": "https://dgnum.eu",
+                        },
+                    },
+                    "contact_person": {
+                        "technical": {
+                            "givenName": "Tom Hubrecht",
+                            "emailAddress": "admins@dgnum.eu",
+                        },
+                        "administrative": {
+                            "givenName": "Jean-Marc Gailis",
+                            "emailAddress": "bureau@dgnum.eu",
+                        },
+                    },
+                },
+            }
+        ],
+    },
 }
 
 SOCIALACCOUNT_ONLY = True

From 61bb59d2448dc33deedf2831bddcf230c2c3f903 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 6 Oct 2024 16:52:15 +0200
Subject: [PATCH 096/172] chore(app/urls): Cleaner file

---
 src/app/urls.py | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/app/urls.py b/src/app/urls.py
index c33a36f..8cc4af3 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -14,11 +14,11 @@ Including another URLconf
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
+
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.urls import include, path
-from django.views.generic import TemplateView
 
 urlpatterns = [
     path("", include("dgsi.urls")),
@@ -29,10 +29,8 @@ urlpatterns = [
 ]
 
 if settings.DEBUG:
-    urlpatterns += (
-        [
-            path("__debug__/", include("debug_toolbar.urls")),
-        ]
-        + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
-        + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
-    )
+    urlpatterns += [
+        path("__debug__/", include("debug_toolbar.urls")),
+        *static(settings.STATIC_URL, document_root=settings.STATIC_ROOT),
+        *static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT),
+    ]

From c2911123509bdaa4a6fa83cfbab2e4a7c3d2dbc3 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 6 Oct 2024 16:52:49 +0200
Subject: [PATCH 097/172] feat(commit-hooks): Add ruff

---
 default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/default.nix b/default.nix
index 28d9316..5c9096a 100644
--- a/default.nix
+++ b/default.nix
@@ -19,6 +19,11 @@ let
         stages = [ "pre-push" ];
       };
 
+      ruff = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+
       # Nix Hooks
       statix = {
         enable = true;

From 833c855b5c2c9b2c7c14837e1fa7fa6555d169a1 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 7 Oct 2024 23:33:22 +0200
Subject: [PATCH 098/172] feat(templates): Update

---
 src/shared/templates/_footer.html             |  2 +-
 src/shared/templates/account/login.html       | 36 +++++++++++++++++++
 src/shared/templates/account/logout.html      | 18 ++++++++++
 .../templates/allauth/elements/button.html    |  1 +
 .../templates/allauth/elements/provider.html  |  1 -
 .../allauth/elements/provider_list.html       |  6 ----
 .../templates/allauth/layouts/base.html       | 15 +++++---
 .../socialaccount/authentication_error.html   | 13 +++++++
 src/shared/templates/socialaccount/login.html | 23 ++++++++++++
 .../socialaccount/snippets/provider_list.html | 19 ----------
 10 files changed, 103 insertions(+), 31 deletions(-)
 create mode 100644 src/shared/templates/account/login.html
 create mode 100644 src/shared/templates/account/logout.html
 delete mode 100644 src/shared/templates/allauth/elements/provider.html
 delete mode 100644 src/shared/templates/allauth/elements/provider_list.html
 create mode 100644 src/shared/templates/socialaccount/authentication_error.html
 create mode 100644 src/shared/templates/socialaccount/login.html
 delete mode 100644 src/shared/templates/socialaccount/snippets/provider_list.html

diff --git a/src/shared/templates/_footer.html b/src/shared/templates/_footer.html
index af91d07..63052d4 100644
--- a/src/shared/templates/_footer.html
+++ b/src/shared/templates/_footer.html
@@ -1,6 +1,6 @@
 {% load i18n django_browser_reload %}
 
 <footer class="footer has-text-centered">
-  <b>{%blocktrans %}Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.{% endblocktrans %}</b>
+  <b>{% blocktrans %}Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.{% endblocktrans %}</b>
   {% django_browser_reload_script %}
 </footer>
diff --git a/src/shared/templates/account/login.html b/src/shared/templates/account/login.html
new file mode 100644
index 0000000..87eb4cb
--- /dev/null
+++ b/src/shared/templates/account/login.html
@@ -0,0 +1,36 @@
+{% extends "base.html" %}
+
+{% load i18n socialaccount %}
+{% load allauth account %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Connexion via un compte tiers" %}</h2>
+  <hr>
+
+  {% get_providers as providers %}
+
+  <div class="grid mt-5">
+    {% for provider in providers %}
+      {% if provider.id == "openid" %}
+        {% for brand in provider.get_brands %}
+          <a class="cell button is-{{ provider.app.settings.color }} is-light py-5 is-size-4"
+             title="{{ brand.name }}"
+             href="{% provider_login_url provider openid=brand.openid_url process="login" %}"><b>{{ brand.name }}</b></a>
+        {% endfor %}
+      {% endif %}
+
+      <a class="cell button is-{{ provider.app.settings.color }} is-light py-5 is-size-5"
+         title="{{ provider.id }}"
+         href="{% provider_login_url provider process="login" scope=scope auth_params=auth_params %}">{{ provider.name }}</a>
+    {% endfor %}
+  </div>
+
+  <!-- TODO: Write a text explaining how the different methods work -->
+{% endblock content %}
+
+{% block extra_body %}
+  {{ block.super }}
+  {% if PASSKEY_LOGIN_ENABLED %}
+    {% include "mfa/webauthn/snippets/login_script.html" with button_id="passkey_login" %}
+  {% endif %}
+{% endblock extra_body %}
diff --git a/src/shared/templates/account/logout.html b/src/shared/templates/account/logout.html
new file mode 100644
index 0000000..8ff4077
--- /dev/null
+++ b/src/shared/templates/account/logout.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% load allauth i18n %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Déconnexion" %}</h2>
+  <hr>
+
+  <p class="notification is-warning is-light has-text-centered">
+    {% trans "Êtes vous certain·e de vouloir vous déconnecter ?" %}
+  </p>
+
+  <form method="post" action="{% url 'account_logout' %}">
+    {% csrf_token %}
+    {{ redirect_field }}
+    <button class="button is-fullwidth" type="submit">{% trans "Se déconnecter" %}</button>
+  </form>
+{% endblock content %}
diff --git a/src/shared/templates/allauth/elements/button.html b/src/shared/templates/allauth/elements/button.html
index e168e8e..7fe19ef 100644
--- a/src/shared/templates/allauth/elements/button.html
+++ b/src/shared/templates/allauth/elements/button.html
@@ -1,4 +1,5 @@
 {% load allauth %}
+
 {% comment %} djlint:off {% endcomment %}
 <{% if attrs.href %}a href="{{ attrs.href }}"{% else %}button{% endif %}
 {% if attrs.form %}form="{{ attrs.form }}"{% endif %}
diff --git a/src/shared/templates/allauth/elements/provider.html b/src/shared/templates/allauth/elements/provider.html
deleted file mode 100644
index 89b8094..0000000
--- a/src/shared/templates/allauth/elements/provider.html
+++ /dev/null
@@ -1 +0,0 @@
-<a class="cell button is-{{ attrs.color }} is-light py-4" title="{{ attrs.name }}" href="{{ attrs.href }}">{{ attrs.name }}</a>
diff --git a/src/shared/templates/allauth/elements/provider_list.html b/src/shared/templates/allauth/elements/provider_list.html
deleted file mode 100644
index 8430750..0000000
--- a/src/shared/templates/allauth/elements/provider_list.html
+++ /dev/null
@@ -1,6 +0,0 @@
-{% load allauth %}
-
-<div class="grid mt-5">
-  {% slot default %}
-  {% endslot %}
-</div>
diff --git a/src/shared/templates/allauth/layouts/base.html b/src/shared/templates/allauth/layouts/base.html
index eb6082e..08c8108 100644
--- a/src/shared/templates/allauth/layouts/base.html
+++ b/src/shared/templates/allauth/layouts/base.html
@@ -1,5 +1,3 @@
-{% load django_browser_reload i18n sass_tags static %}
-
 <!DOCTYPE html>
 <html lang="fr">
   <head>
@@ -15,8 +13,17 @@
   <body>
     {% include "_hero.html" %}
 
-    <section class="section container">
-      <div class="content">
+    <section class="section">
+      <div id="notifications">
+        {% for message in messages %}
+          <article class="notification is-light has-text-centered {{ message.tags }}">
+            <button class="delete"></button>
+            {{ message|safe }}
+          </article>
+        {% endfor %}
+      </div>
+
+      <div class="content container">
         {% block content %}
         {% endblock content %}
       </div>
diff --git a/src/shared/templates/socialaccount/authentication_error.html b/src/shared/templates/socialaccount/authentication_error.html
new file mode 100644
index 0000000..679c2ea
--- /dev/null
+++ b/src/shared/templates/socialaccount/authentication_error.html
@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+{% load allauth %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Erreur lors de la connexion" %}</h2>
+  <hr>
+
+  <p class="notification is-danger is-light has-text-centered">
+    {% trans "Une erreur est survenue lors de votre tentative de connexion avec un compte tiers." %}
+  </p>
+{% endblock content %}
diff --git a/src/shared/templates/socialaccount/login.html b/src/shared/templates/socialaccount/login.html
new file mode 100644
index 0000000..86b9081
--- /dev/null
+++ b/src/shared/templates/socialaccount/login.html
@@ -0,0 +1,23 @@
+{% extends "base.html" %}
+
+{% load allauth i18n %}
+
+{% block title %}
+  {% trans "Connexion" %}
+{% endblock title %}
+
+{% block content %}
+  <h2 class="subtitle">
+    {% blocktrans with provider.name as provider %}Se connecter via un compte <b>{{ provider }}</b>{% endblocktrans %}
+  </h2>
+  <hr>
+
+  <p class="notification is-warning is-light has-text-centered">
+    {% blocktrans with provider.name as provider %}Vous vous apprêtez à vous connecter à l'aide d'un compte tiers provenant de {{ provider }}.{% endblocktrans %}
+  </p>
+
+  <form method="post">
+    {% csrf_token %}
+    <button class="button is-fullwidth" type="submit">{% trans "Continuer" %}</button>
+  </form>
+{% endblock content %}
diff --git a/src/shared/templates/socialaccount/snippets/provider_list.html b/src/shared/templates/socialaccount/snippets/provider_list.html
deleted file mode 100644
index 3eb191e..0000000
--- a/src/shared/templates/socialaccount/snippets/provider_list.html
+++ /dev/null
@@ -1,19 +0,0 @@
-{% load allauth socialaccount %}
-
-{% get_providers as socialaccount_providers %}
-{% if socialaccount_providers %}
-  {% element provider_list %}
-  {% for provider in socialaccount_providers %}
-    {% if provider.id == "openid" %}
-      {% for brand in provider.get_brands %}
-        {% provider_login_url provider openid=brand.openid_url process=process as href %}
-        {% element provider name=brand.name provider_id=provider.id href=href color=provider.app.settings.color %}
-      {% endelement %}
-    {% endfor %}
-  {% endif %}
-  {% provider_login_url provider process=process scope=scope auth_params=auth_params as href %}
-  {% element provider name=provider.name provider_id=provider.id href=href color=provider.app.settings.color %}
-{% endelement %}
-{% endfor %}
-{% endelement %}
-{% endif %}

From 6caf3dbf610ed17f07de18a6ead62a782e42b942 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 7 Oct 2024 23:34:00 +0200
Subject: [PATCH 099/172] feat(project/djlint): Declare custom blocks used by
 allauth

---
 pyproject.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pyproject.toml b/pyproject.toml
index 940e775..6dbc2e8 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,6 +21,7 @@ Repository = "https://git.dgnum.eu/DGNum/dgsi"
 
 [tool.djlint]
 blank_line_after_tag = "load,extends"
+custom_blocks = "slot,element"
 format_js = true
 indent = 2
 max_blank_lines = 1

From f6fcd90622151e116adedb41f53da0445f1ee387 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 9 Oct 2024 10:41:15 +0200
Subject: [PATCH 100/172] feat(account): WIP

---
 src/shared/account.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/shared/account.py b/src/shared/account.py
index a4682ea..6d4eef6 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -1,3 +1,4 @@
+import logging
 from functools import lru_cache
 from typing import Optional
 
@@ -11,6 +12,8 @@ from django.utils.translation import gettext_lazy as _
 
 from dgsi.models import Translation, User
 
+logger = logging.getLogger(__name__)
+
 
 class SharedAccountAdapter(DefaultSocialAccountAdapter):
     """
@@ -49,6 +52,7 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
                 return sociallogin.account.extra_data["preferred_username"]
 
             case _:
+                logger.warning(sociallogin.user)
                 # INFO: This should never happen
                 messages.error(request, _("Méthode de connexion invalide."))
                 raise ImmediateHttpResponse(

From 6921373d6c73245d5812b77844460218a2568022 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 07:58:19 +0200
Subject: [PATCH 101/172] feat(templates): Add a visual indication that some
 pages give more power

---
 src/dgsi/mixins.py              |  4 ++++
 src/shared/templates/_hero.html | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index 90deae0..77da158 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -14,3 +14,7 @@ class StaffRequiredMixin(UserPassesTestMixin):
         assert isinstance(self.request.user, User)
 
         return self.request.user.is_admin
+
+    def get_context_data(self, **kwargs):
+        # NOTE: We are only allowed to do this if a class is supplied to the right when constructing the view
+        return super().get_context_data(admin_view=True, **kwargs)  # pyright: ignore
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 78ba4b7..858b1d5 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<section class="hero is-dark is-primary">
+<section class="hero {% if admin_view %}is-danger{% else %}is-primary{% endif %}">
   <div class="hero-body px-0">
     <div class="columns mx-6">
       <div class="column is-three-quarters">
@@ -66,4 +66,15 @@
       </div>
     </div>
   </div>
+
+  {% if admin_view %}
+    <div class="hero is-dark">
+      <div class="hero-body py-2 has-text-centered">
+        <span class="icon">
+          <i class="ti ti-lock-open-2"></i>
+        </span>
+        <span>{% trans "Interface d'administration" %}</span>
+      </div>
+    </div>
+  {% endif %}
 </section>

From faa8ea051a7d6312089426a13e6572e4f3baaca0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 08:03:25 +0200
Subject: [PATCH 102/172] fix(bulma): Only use dark text when the button is
 light

This makes the documents readable when using dark mode
---
 src/shared/static/bulma/bulma.scss | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 8e656ef..e358754 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -26,14 +26,16 @@ body {
   margin-bottom: calc(0.5 * var(--bulma-block-spacing));
   font-size: 1.25rem;
 
-  // Dark color for text
-  --bulma-color-l: var(--bulma-dark-l);
-  --bulma-color-l-delta: 0%;
-  color: hsl(
-    var(--bulma-dark-h),
-    var(--bulma-dark-s),
-    calc(var(--bulma-color-l) + var(--bulma-color-l-delta))
-  );
+  &.is-light {
+    // Dark color for text
+    --bulma-color-l: var(--bulma-dark-l);
+    --bulma-color-l-delta: 0%;
+    color: hsl(
+      var(--bulma-dark-h),
+      var(--bulma-dark-s),
+      calc(var(--bulma-color-l) + var(--bulma-color-l-delta))
+    );
+  }
 }
 
 .bt-links {

From 5a84ea6e0f58bde65be9a2780f99019cd8b919c4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 08:05:01 +0200
Subject: [PATCH 103/172] chore(app): Disable SAML auth for now

This does not work, and quite a bit of time will be necessary to fix it
---
 src/app/settings.py | 92 +++++++++++++++++++++++----------------------
 1 file changed, 47 insertions(+), 45 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 38d8a7a..a201185 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -48,7 +48,7 @@ INSTALLED_APPS = [
     "allauth.account",
     "allauth.socialaccount",
     "allauth.socialaccount.providers.openid_connect",
-    "allauth.socialaccount.providers.saml",
+    # "allauth.socialaccount.providers.saml",
     "allauth_cas",
     "shared.cas",
     # Main app
@@ -179,50 +179,52 @@ SOCIALACCOUNT_PROVIDERS = {
             "settings": {"color": "danger"},
         },
     },
-    "saml": {
-        "APPS": [
-            {
-                "provider_id": "ens_saml",
-                "name": "SSO ENS",
-                "client_id": "ens",
-                "settings": {
-                    "color": "info",
-                    "idp": {
-                        "entity_id": "https://federation-test.ens.psl.eu/idp/shibboleth",
-                        "metadata_url": "https://federation-test.ens.psl.eu/idp/shibboleth",
-                    },
-                    # Our configuration
-                    "sp": {
-                        "entity_id": "https://profil.dgnum.eu/accounts/saml/ens/metadata",
-                    },
-                    "advanced": {
-                        "authn_request_signed": True,
-                        "metadata_signed": True,
-                        "private_key": credentials["X509_KEY"],
-                        "x509cert": credentials["X509_CERT"],
-                        "want_assertion_encrypted": True,
-                    },
-                    "organization": {
-                        "en": {
-                            "name": "Délégation Générale Numérique",
-                            "displayname": "Délégation Générale Numérique",
-                            "url": "https://dgnum.eu",
-                        },
-                    },
-                    "contact_person": {
-                        "technical": {
-                            "givenName": "Tom Hubrecht",
-                            "emailAddress": "admins@dgnum.eu",
-                        },
-                        "administrative": {
-                            "givenName": "Jean-Marc Gailis",
-                            "emailAddress": "bureau@dgnum.eu",
-                        },
-                    },
-                },
-            }
-        ],
-    },
+    # "saml": {
+    #     "APPS": [
+    #         {
+    #             "provider_id": "ens_saml",
+    #             "name": "SSO ENS",
+    #             "client_id": "ens",
+    #             "settings": {
+    #                 "color": "info",
+    #                 "idp": {
+    #                     "entity_id": "https://federation-test.ens.psl.eu/idp/shibboleth",
+    #                     "metadata_url": "https://federation-test.ens.psl.eu/idp/shibboleth",
+    #                 },
+    #                 # Our configuration
+    #                 "sp": {
+    #                     "entity_id": "https://profil.dgnum.eu/accounts/saml/ens/metadata",
+    #                 },
+    #                 "advanced": {
+    #                     "authn_request_signed": True,
+    #                     "metadata_signed": True,
+    #                     "private_key": credentials["X509_KEY"],
+    #                     "x509cert": credentials["X509_CERT"],
+    #                     "want_assertion_encrypted": False,
+    #                     "want_attribute_statement": True,
+    #                     "want_name_id": True,
+    #                 },
+    #                 "organization": {
+    #                     "en": {
+    #                         "name": "Délégation Générale Numérique",
+    #                         "displayname": "Délégation Générale Numérique",
+    #                         "url": "https://dgnum.eu",
+    #                     },
+    #                 },
+    #                 "contact_person": {
+    #                     "technical": {
+    #                         "givenName": "Tom Hubrecht",
+    #                         "emailAddress": "admins@dgnum.eu",
+    #                     },
+    #                     "administrative": {
+    #                         "givenName": "Jean-Marc Gailis",
+    #                         "emailAddress": "bureau@dgnum.eu",
+    #                     },
+    #                 },
+    #             },
+    #         }
+    #     ],
+    # },
 }
 
 SOCIALACCOUNT_ONLY = True

From 615eb6041f483ac6e45983da40bf296b02ecf7b6 Mon Sep 17 00:00:00 2001
From: jemagius <jmg@dgnum.eu>
Date: Sat, 12 Oct 2024 10:52:15 +0200
Subject: [PATCH 104/172] feat: precising the conditions of some operations
 when creating account as admin

Signed-off-by: jemagius <jmg@dgnum.eu>
---
 src/dgsi/forms.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/dgsi/forms.py b/src/dgsi/forms.py
index 1f5e474..154bc5c 100644
--- a/src/dgsi/forms.py
+++ b/src/dgsi/forms.py
@@ -20,17 +20,17 @@ class CreateKanidmAccountForm(forms.Form):
     # TODO: Add a field for the clipper login information for the local mapping
     name = CharField(
         label=_("Identifiant"),
-        help_text=_("De préférence identique au login ENS de la personne concernée"),
+        help_text=_("De préférence identique au login ENS de la personne concernée."),
         validators=[name_validator],
     )
     displayname = CharField(label=_("Nom d'usage"))
     mail = EmailField(
         label=_("Adresse e-mail"),
-        help_text=_("De préférence l'adresse '@ens.psl.eu'"),
+        help_text=_("De préférence l'adresse '@ens.psl.eu' (si en scola) ou '@normalesup.org' (si archikhûbe), sauf si exté (accord explicite du bureau nécessaire)."),
     )
     active = BooleanField(
         label=_("Membre actif"),
-        help_text=_("Si selectionné, la personne sera ajoutée au groupe dgnum_members"),
+        help_text=_("Si selectionné, la personne sera ajoutée au groupe dgnum_members. L'accord du bureau est nécessaire pour cette opération donnant des privilèges."),
         required=False,
     )
 

From 868c406af930343e24dcb3f5f05eb4ab54912a67 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 21:47:22 +0200
Subject: [PATCH 105/172] feat(translations): Update en

---
 .../0008_alter_user_accepted_statutes.py      |  25 +++
 src/dgsi/models.py                            |   2 +-
 src/shared/locale/en/LC_MESSAGES/django.mo    | Bin 5262 -> 6630 bytes
 src/shared/locale/en/LC_MESSAGES/django.po    | 143 +++++++++++++-----
 4 files changed, 131 insertions(+), 39 deletions(-)
 create mode 100644 src/dgsi/migrations/0008_alter_user_accepted_statutes.py

diff --git a/src/dgsi/migrations/0008_alter_user_accepted_statutes.py b/src/dgsi/migrations/0008_alter_user_accepted_statutes.py
new file mode 100644
index 0000000..7b261df
--- /dev/null
+++ b/src/dgsi/migrations/0008_alter_user_accepted_statutes.py
@@ -0,0 +1,25 @@
+# Generated by Django 4.2.16 on 2024-10-12 20:04
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("dgsi", "0007_alter_user_accepted_bylaws_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="accepted_statutes",
+            field=models.ForeignKey(
+                default=None,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="dgsi.statutes",
+                verbose_name="Derniers Statuts acceptés",
+            ),
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index aad5918..a02ea21 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -145,7 +145,7 @@ class User(AbstractUser):
         on_delete=models.SET_NULL,
         null=True,
         default=None,
-        verbose_name=_("Derniers statuts acceptés"),
+        verbose_name=_("Derniers Statuts acceptés"),
     )
     accepted_bylaws = models.ForeignKey(
         Bylaws,
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index 6b1f9befecf2385570989679def79d9c2949933e..4b433d5f1fc34af80ff68f98b3ae6bc7ce951e44 100644
GIT binary patch
delta 2833
zcmZvcTWl0n7{^a*rP_i(xfhWGaur%A<syg_N-q{G2v`V0Os2a-J7zmmW@cN#=q4tF
zgdiF>VDv?d2~t!Z?1LJj53JFc5P2X*V-z1S>H`{LG!f&2zyDquD4gs!zjMx<^WA5U
zFaD)5bET%@gkf|b_an)2V;uN?1rNsZF~)Sl23QYYgmd5ra5B6E?}0zVsqlAL11l<x
zxerc*6W{{)AY23WelN7fWQ@;bIvcORmGBI_7ybxk;8!>c{#V?u#o9F1^PujnhcjUp
ztc3@l961Jc?j0xx&cluHB3uZ^VPpaJ%_=6kxDSqpgK#1|0>{EPU^P4qW$44=`fK<A
z>+hk?-ze@^SD};jG^hZcfO4c8%FZF!0Z+iO*f&2hQH0kZKU0OZNpK3B4HrW>(7{6v
zc0nn0p-S-rTnyiWGvHTn3cLz+?gmuqClZZHxC%;75@w_zW}=#$gw1dWl5KMh&Vzr!
z9dO1tV=luKd=_q`!0X|Aa69}B?t|;lu2Q}Z+u%jGw~U~u!*13A=~@K8oJjtay6Zd?
zaXDU49y1kcJsYZ)jS$^t3zX-3pd#`hKl3t=x$qQJigQpUxB~BnlTju+wNL>qg|f4K
z68R?>^E4YW&<ka75Gr-Yi|f<H^`}thzk!d!t5A{5q0qXw1*$0>C`S(!c@*+tm^Yz5
zthXV)nbR32^5he!+FgL?G(QyguS1pS2GoU_6jp}np$xUc$Kf+jj-7?-nUA4*={u;v
zu0mzzPe?nMaVXLG%nT;_?iWHu+yWKRKBx<ap*%lT<hxMk&OtTZ7f`)&9m>&vpgy-+
z4sC)<paSfJa%=#$!;|ogzW*yswy|-9aF)Vv;YL_NI@CO^P>PSiHSioP(|cqiQjRnr
z`hr>!jSU6lKR-<sfU;E@%5Y&&|EA(}B~%kVR$SBcW-UTMdB@0H{*Pk;RL0a$O0BY`
zTF*z6(#=RC(t<pUC`$^UG?X3vZ|KX}gnhFNDGicgmLN*~U5HXv8frMDTAi;hR(4e5
z)rf{VUE?8S6{0kc9_!esFK#Y}Yn9T{P-Cc8b;u)#{_WIsWIX?u+zj>4wF0rje^&%$
z)t>J@=S8vO$MxA=V|LH?wGMnc;5jz!+eFaUAG<d8+%Phm13&isv>Rs6jyam0Rau$c
zT=~)%H}rX%{j7RgqmxLu{c&!{v=lZYyEAs;bR5~zo5-{TiFBXqv)9tTHQkrZRW5C7
z4MR5_+EfrmHtE`wgWaMdrp-(AqTfE*(q`IoLw;^3WQA*eL9E05P87Lzx7X$k|64hu
zJhLM=<oRCgIVmsVV9LGypxNmb3?yPs+#2cn?hW%7^@qWLmvqC$(fVcG8+1IG8_K(+
z8?3_tFX0xViXyK&#awD|JiDxFdiJTR13S8W*Sdwc+$gqDIvjAx-AIrFK^&4;GU3GD
z02Ycq<+JY$xQWr}uOI%r>QY%|SCGb-9!`IMm^&N0hivXtVQ0ie?W7hu#9)&PN0rek
zI@hP-vUzi`^(J>TRw&Y*aKqT~{0krDU1KX1cqD6&-rbxH+f=w!m%kO|&WEF}gtr!?
z5ch4xvrXC8#%`}}SYFq#!memow{rFHA7i`9YqthA-=Ln~Q)n2qQjk`=Hjm#{M@#x{
zA})2TW8+>gOxE=~VSKQ3a-?swua57_mQ6UEafmY3Yr54<+UA2PXD~9IqqYmZ>(a7n
zR6EkRrqk_lQa7)Io**5Yom9=x%0Xz8=}-=*f*#K|bgtd+rCihQ`fiAkiPp(CY`%8~
zgD|;ncxb}qvW^{Y<i<o$Xy=i)rZecVo^J=exR;xE=+Kc!brM&y&(}0&&)1~dH~H#8
z9O`u<8zd5G8Zv1Id-2A`;X(Nr2L(4v>hF-i`r!qWddo7D-a7QG(~XJZJ^7W6r00&Q
xxBJ7OZ&Z(MLd8K;@kJCSgKEWs8*;wM+;SrBb>jT_xutVqK24|yZ_Q$p`5%1tJ@5bk

delta 1439
zcmX}sTS!zv9LMol)6{fxb1k!r9kVo7Gg~jE6j+I2mKqU4_F}b_v27-9B?t>a7b=1{
zXa$n_5>gVx;+sTJ5>!MW1W_3g6++ZYfnikN-{I8Y|9sBPng9G}&VDMtTojwkOzbnX
z8e$3Y#bZn}j?Lmgn@%)lJO0E{tWPo~52KicS1|=gZ~=~DCO*Tt_zr#e74z|r`#gWP
zF_tkgQ^iRI4_Yx5FQGc_$85ZV3-KW?#y7YKr%?m?lZ{!10n|X-uol~}5C?D`KEiZ-
ziD~%3F=os+_k|hvftTr2@<I+Ok!DmP2T%j|Vgp`9b@(2a;#Zu5>CD29*{H;dQ3Ez&
z2DYO5JA`?RZ(^Jj;SlEFQ=E?<Q7_J*O75q3by$g;aW|5)xrQt7CQjfu9>MF3x&af(
zawl%WHkQ}MR<6H!8G98cTUjWTs1ud>X=E~{-@P70l{$|6nI{}HlUJxUokFd-mz&Gc
zLRD}JvfQQz)qe~b(_BIIGnm2ptK+-e&`ifs*Kbj4{T=lWJ{EQ(=Ashbi##%CkZoZ4
zko{=}P>BzrCUV=ozK^QlV^pG3sBwPzsJ}LspY$5B1U29(RH@G*)ik$I8Q(+gfd{BH
zeT{nmGwSR4ftpArqbSh;>iu1)L?f<IR6@NmPPBP$;3gbH&EPjGfn=sJjD^^YFR%nH
zc4jT^K$g@gH#mbUAuU5Gp?B3(Ej3L-iD>rP+_7Q~1%zg!O{BJ-P}ct%)iUddmF|sP
zRMplJN?xss&|Xl|YUPBMM3Yeq5(&<kF{@G4u^8Xk!R~$Md!>R-Q+dkVbCq@t!Q`EN
zq1zQi5ux9y0HH6Yny4Z8V4Ow~|2KVEZ2bRC%bH~3rL!X*do;PhE=W0-961&}5o(Xx
zBPkc`^QnQf`i}jFJ3?JnOI>|@IyEQ3?oO}pTAl4(R=C}&+u9U8Y7eI$kB7a_J+|N1
zl2%r|I#^`|gEbY^@rZACf<2kpWbg5ZXGKCM?Q#EE`(oDO6gsmGc7#Lm*I5%DdwN08
VYwhc?x(|ok9s}9o_+<7W&tK37m^}ah

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index d3aeb5d..591645a 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-09-26 22:48+0200\n"
-"PO-Revision-Date: 2024-09-26 22:49+0200\n"
+"POT-Creation-Date: 2024-10-12 21:42+0200\n"
+"PO-Revision-Date: 2024-10-12 21:46+0200\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -18,10 +18,14 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1)\n"
 "X-Generator: Gtranslator 46.1\n"
 
-#: app/settings.py:276
+#: app/settings.py:321
 msgid "Administration de DGSI"
 msgstr "DGSI Administration"
 
+#: dgsi/admin.py:51
+msgid "Documents DGNum"
+msgstr "DGNum Documents"
+
 #: dgsi/forms.py:16
 msgid "Identifiant déjà présent dans la base de données."
 msgstr "Username already in the database."
@@ -54,51 +58,59 @@ msgstr "Active member"
 msgid "Si selectionné, la personne sera ajoutée au groupe dgnum_members"
 msgstr "If selected, the person will be added to the dgnum_members group."
 
-#: dgsi/models.py:22
+#: dgsi/models.py:24
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
-#: dgsi/models.py:23
+#: dgsi/models.py:25
 msgid "Adresse du service"
 msgstr "Address of the service"
 
-#: dgsi/models.py:24
+#: dgsi/models.py:26
 msgid "Icône du service"
 msgstr "Icon of the service"
 
-#: dgsi/models.py:34
+#: dgsi/models.py:36
 msgid "Date du document"
 msgstr "Document date"
 
-#: dgsi/models.py:35
+#: dgsi/models.py:37
 msgid "Nom du document"
 msgstr "Document name"
 
-#: dgsi/models.py:36
+#: dgsi/models.py:38
 msgid "Fichier PDF"
 msgstr "PDF file"
 
-#: dgsi/models.py:58 dgsi/models.py:59
+#: dgsi/models.py:60 dgsi/models.py:61
 #: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Statuts"
 msgstr "Statutes"
 
-#: dgsi/models.py:71 dgsi/templates/dgsi/legal_documents.html:30
+#: dgsi/models.py:73 dgsi/templates/dgsi/legal_documents.html:30
 msgid "Règlement Intérieur"
 msgstr "Bylaws"
 
-#: dgsi/models.py:72
+#: dgsi/models.py:74
 msgid "Règlements Intérieurs"
 msgstr "Bylaws"
 
-#: dgsi/models.py:114
+#: dgsi/models.py:116
 msgid "Correspondance de login"
 msgstr "Login mapping"
 
-#: dgsi/models.py:115
+#: dgsi/models.py:117
 msgid "Correspondances de login"
 msgstr "Login mappings"
 
+#: dgsi/models.py:148
+msgid "Derniers Statuts acceptés"
+msgstr "Latest accepted Statutes"
+
+#: dgsi/models.py:155
+msgid "Dernier Règlement Intérieur accepté"
+msgstr "Latest accepted Bylaws"
+
 #: dgsi/templates/_legal_document.html:9
 msgid ""
 " En acceptant, vous assurez avoir lu ce document et en approuver le contenu."
@@ -154,31 +166,43 @@ msgstr "Accept the bylaws"
 msgid "Profil de %(displayname)s"
 msgstr "Profile of %(displayname)s"
 
-#: dgsi/templates/dgsi/profile.html:13
+#: dgsi/templates/dgsi/profile.html:14
 msgid "Mot de passe WiFi :"
 msgstr "WiFi password:"
 
-#: dgsi/templates/dgsi/profile.html:23
+#: dgsi/templates/dgsi/profile.html:16
+msgid "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?"
+msgstr "Are you sure that you want to reset your WiFi password?"
+
+#: dgsi/templates/dgsi/profile.html:19
+msgid "Réinitialiser le mot de passe WiFi"
+msgstr "Reset the WiFi password"
+
+#: dgsi/templates/dgsi/profile.html:32
+msgid "Générer un mot de passe WiFi"
+msgstr "Generate a WiFi password:"
+
+#: dgsi/templates/dgsi/profile.html:36
 msgid "Adresse e-mail :"
 msgstr "E-mail address:"
 
-#: dgsi/templates/dgsi/profile.html:28
+#: dgsi/templates/dgsi/profile.html:41
 msgid "Informations techniques"
 msgstr "Technical informations"
 
-#: dgsi/templates/dgsi/profile.html:31
+#: dgsi/templates/dgsi/profile.html:44
 msgid "Identifiant unique :"
 msgstr "Unique identifier:"
 
-#: dgsi/templates/dgsi/profile.html:40
+#: dgsi/templates/dgsi/profile.html:53
 msgid "Membre des groupes suivants :"
 msgstr "Member of the following groups:"
 
-#: dgsi/templates/dgsi/profile.html:51
+#: dgsi/templates/dgsi/profile.html:64
 msgid "Pas de compte DGNum répertorié."
 msgstr "No DGNum account found."
 
-#: dgsi/templates/dgsi/profile.html:54
+#: dgsi/templates/dgsi/profile.html:67
 msgid "Créer un compte DGNum"
 msgstr "Create a DGNum account"
 
@@ -194,45 +218,49 @@ msgstr "My profile"
 msgid "Documents Légaux"
 msgstr "Legal Documents"
 
-#: dgsi/views.py:35
-msgid "Services proposés par la DGNum"
-msgstr "Services offered by the DGNum"
+#: dgsi/views.py:32
+msgid "Services proposés"
+msgstr "Services offered"
 
-#: dgsi/views.py:44
-msgid "Créer un nouveau compte Kanidm"
-msgstr "Create a new Kanidm account"
+#: dgsi/views.py:39
+msgid "Créer un compte Kanidm"
+msgstr "Create a Kanidm account"
 
-#: dgsi/views.py:48
+#: dgsi/views.py:43 shared/templates/_hero.html:76
 msgid "Interface d'administration"
 msgstr "Administration interface"
 
-#: dgsi/views.py:83
+#: dgsi/views.py:80
+msgid "Compte DGNum inexistant."
+msgstr "No existing DGNum account."
+
+#: dgsi/views.py:97
 msgid "Compte DGNum créé avec succès"
 msgstr "DGNum account successfully created"
 
-#: dgsi/views.py:99
+#: dgsi/views.py:113
 msgid "<b>Vous possédez déjà un compte DGNum !</b>"
 msgstr "<b>You already have a DGNum account!</b>"
 
-#: dgsi/views.py:111
+#: dgsi/views.py:125
 msgid "Vous devez accepter les Statuts et le Règlement Intérieur."
 msgstr "You must accept the Statutes and the Bylaws."
 
-#: dgsi/views.py:190
+#: dgsi/views.py:204
 #, python-format
 msgid "Type de document invalide : %(kind)s"
 msgstr "Invalid document type: %(kind)s"
 
-#: dgsi/views.py:220
+#: dgsi/views.py:234
 #, python-format
 msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
 msgstr "DGNum account for %(displayname)s [%(name)s] created."
 
-#: shared/account.py:37
+#: shared/account.py:40
 msgid "Catégorie de compte ENS interdite."
 msgstr "ENS account category not permitted."
 
-#: shared/account.py:53
+#: shared/account.py:57
 msgid "Méthode de connexion invalide."
 msgstr "Invalid connection method."
 
@@ -242,18 +270,30 @@ msgid ""
 msgstr ""
 "Software developed for and by the <a href=‘https://dgnum.eu’>DGNum</a>."
 
-#: shared/templates/_hero.html:18
+#: shared/templates/_hero.html:18 shared/templates/account/logout.html:6
 msgid "Déconnexion"
 msgstr "Logout"
 
-#: shared/templates/_hero.html:27
+#: shared/templates/_hero.html:27 shared/templates/socialaccount/login.html:6
 msgid "Connexion"
 msgstr "Login"
 
-#: shared/templates/_hero.html:41
+#: shared/templates/_hero.html:40
 msgid "Choix de la langue"
 msgstr "Language selection"
 
+#: shared/templates/account/login.html:7
+msgid "Connexion via un compte tiers"
+msgstr "Connection via a third-party account"
+
+#: shared/templates/account/logout.html:10
+msgid "Êtes vous certain·e de vouloir vous déconnecter ?"
+msgstr "Are you sure you want to log out?"
+
+#: shared/templates/account/logout.html:16
+msgid "Se déconnecter"
+msgstr "Log out"
+
 #: shared/templates/accounts/forbidden_category.html:6
 msgid "Connexion impossible"
 msgstr "Unable to connect"
@@ -267,3 +307,30 @@ msgstr ""
 "Your details do not allow the DGNum to authenticate you.<br>If you think "
 "this is a mistake, please contact us at: <a href=\"mailto:contact@dgnum."
 "eu\">contact@dgnum.eu</a>"
+
+#: shared/templates/socialaccount/authentication_error.html:7
+msgid "Erreur lors de la connexion"
+msgstr "Error during login"
+
+#: shared/templates/socialaccount/authentication_error.html:11
+msgid ""
+"Une erreur est survenue lors de votre tentative de connexion avec un compte "
+"tiers."
+msgstr ""
+"An error has occurred while trying to login with a third-party account."
+
+#: shared/templates/socialaccount/login.html:11
+#, python-format
+msgid "Se connecter via un compte <b>%(provider)s</b>"
+msgstr "Log in with a <b>%(provider)s</b> account"
+
+#: shared/templates/socialaccount/login.html:16
+#, python-format
+msgid ""
+"Vous vous apprêtez à vous connecter à l'aide d'un compte tiers provenant de "
+"%(provider)s."
+msgstr "You are about to log in using a third-party account from %(provider)s."
+
+#: shared/templates/socialaccount/login.html:21
+msgid "Continuer"
+msgstr "Continue"

From 37ddb5f075ffe1706e826d07bc6a7ee41d05e4ce Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 21:49:02 +0200
Subject: [PATCH 106/172] chore: Don't commit the auth token

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 48ab904..89db8df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ __pycache__/
 !.static/.gitkeep
 src/shared/static/bulma/bulma.css
 src/shared/static/bulma/bulma.css.map
+.credentials/KANIDM_AUTH_TOKEN

From 41396ccae23fbf9ad682675f80f201fc664eada4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 21:51:10 +0200
Subject: [PATCH 107/172] fix(dgsi/models): Import from the original source

---
 src/dgsi/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index a02ea21..0be7927 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -3,6 +3,7 @@ from dataclasses import dataclass
 from functools import cached_property
 from typing import Optional, Self
 
+from aiohttp.client_exceptions import ClientConnectorError
 from allauth.socialaccount.models import SocialAccount
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
@@ -13,7 +14,6 @@ from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
-from kanidm.radius import ClientConnectorError
 
 from shared.kanidm import klient
 

From 304fe1f24968263872a8d73dc5fc7c4d7e4a7db1 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 22:05:33 +0200
Subject: [PATCH 108/172] fix(forms): Reword what JM wrote

---
 src/dgsi/forms.py                          |  12 +++++-
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 6630 -> 7279 bytes
 src/shared/locale/en/LC_MESSAGES/django.po |  41 ++++++++++++++-------
 3 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/src/dgsi/forms.py b/src/dgsi/forms.py
index 154bc5c..b12ac9f 100644
--- a/src/dgsi/forms.py
+++ b/src/dgsi/forms.py
@@ -26,11 +26,19 @@ class CreateKanidmAccountForm(forms.Form):
     displayname = CharField(label=_("Nom d'usage"))
     mail = EmailField(
         label=_("Adresse e-mail"),
-        help_text=_("De préférence l'adresse '@ens.psl.eu' (si en scola) ou '@normalesup.org' (si archikhûbe), sauf si exté (accord explicite du bureau nécessaire)."),
+        help_text=_(
+            "De préférence :<br>"
+            "- l'adresse <code>@ens.psl.eu</code> pour les personnes en scolarité ;<br>"
+            "- l'adresse <code>@normalesup.org</code> pour les personnes ayant fini leur scolarité ;<br>"
+            "<b>Pour les personnes extérieures, le bureau doit donner son accord.</b>"
+        ),
     )
     active = BooleanField(
         label=_("Membre actif"),
-        help_text=_("Si selectionné, la personne sera ajoutée au groupe dgnum_members. L'accord du bureau est nécessaire pour cette opération donnant des privilèges."),
+        help_text=_(
+            "Si selectionné, la personne sera ajoutée au groupe <code>dgnum_members</code>.<br>"
+            "<b>L'accord préalable du bureau est nécessaire !</b>"
+        ),
         required=False,
     )
 
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index 4b433d5f1fc34af80ff68f98b3ae6bc7ce951e44..40c380e107b51d4f66fe6317b56524f61a6c57b2 100644
GIT binary patch
delta 2298
zcmaLXZEO@p9LMqL1BC*W+7?knnF3P4azH7xwC7Q@R#AwBsC_{b*z0ZEHP_u^_m23K
zTw-G)f+VEz6$yz?2~CWB(N`vzV44_A#E2RnLPDZ1(8LGS1Yb$;``bH6G2kS#pV_^g
z`Oo}k_AYI{+*!QXQ2nN%JV9MX%~l%Y;^}HGl>QoHcHtgO;7M%8bJ&EJaUNFBHRdj?
z!v<W1cVGwBV;`=>f%5M!p*5yxj?uWAAEvM!&tffJMFp74==b3=)blP}g1xAIgLp3%
za48-~P2_#ldo!pBT);UM#{7yqxc`g6T8MAj=Nq${2ZN{q#&Hpz#5?f=T!?3I0iHtz
z{JwmD1@Gs+f*<w1MZMR?WecWI3(2D<bQl%qE!;_bbDD+%)Ns*C8<8>1CTzqcF2{c4
zRg*(a@MYA1M^RhyF0RE-@E-gF7vuc8(t8%Q1)Zp^9K@mqIzmGOoIvf}NBBB^f$W0W
z$40KgA>50v;a7M8pTj8zN#auSyaxwx5GPSvT0>g;up9TW1+U-$_ZJ(;{~8)wStifS
ze$<K&a$%dytL6J+s6BlfiD^DWP5dlsMc<(&{tvFeMdVv4ZbNOsZk&VTs5pmF3p&w6
z{uSs94_K`E6cylGRKQE96kjdhFD9S5Z$-V|i{Id0OyOEOX+fi?{>QoKke)(K_~WwY
zkq^iGP^6(R?Pt^qenU-2QM8A($fC?j)bkG1R`sCXPa|DS0Tt*dK8f$4Cio}n>|8^g
zspY(+1+GJ7sJM-W4%O4B4hK;G13uEn96_z<9aM+UP&5Cj?C+@euAmNI9kbS%=|D|%
zJL>aua2!L_LjFc3Ry5aWJjR3NjD8A7@F}e48*9Y_*n@AN4$<eRffqB&4(veA)Q$2G
ztuE@$@{?ZFf*zr6r7E~eGQMsveF{1h`i3p_L8|s@GgT{jl-fd7+LY>T)c7;S1rz7z
zG!`|jEmV~rs`B(WmBHiOKwOj`mD&<Fu3EmzM(V@V4Z5M|i0XK&v{OlOoO|7K;Nk<o
z!7Q38ZnSxP@TQxpqVukzW2qBB+Twgc{AVxMQ6Er)qD|_ITcr!z5}(X9xSp!hqy5-K
z-9fFSuAnw6NvmnJO|P$+sw{RT(_w18&9*q1(2XM3CWnHIo9c1>D3Ob@3Ad2k5I?cG
zpb*-u8`+#2MuG3sa(x>O1z9Kb@-vgR`!+-QK{)2nv5-py;mFOy6>l2PdBO4XcG&Yh
z0uk-MgD2Ce{#(rAd7_6N9o(pujy6rpDcDTl<+(6ZMhblE3=IWgCXw8bPMKcU=E9lD
z;fb&3byg&%7uJ4R^-O8ynGwG*wtvhWOS8=KWD{B$!FRQk#)$hmStm`fOyPPwH_BUo
zW^#x$I$r47W<{F*Wnr<Zx~*$t`?OzQth%1>{OJE=+R4OwVTS`Io-brvKOdEoJFDNV
z(>l9v&JA+RaMU^E`6F>!qurx!#xjUk8rgG81GBb1f(3<q<YicQtKPBczzH*UtiZZP
zyhE<_@{x6NxiC27WaBhW{MeWxd$y^w>e<_8&yIuvdtc6Bf9MhE`Y?7l48~>!^CBC%
Q2MeSxQ%YZU$%~c$0+!Wt82|tP

delta 1676
zcmZA1OGs2v9LMqF%w#n>)%a}2N-fh&o3!zrm6}#s5(W~f6pCU+YFQ=-HLDQ9Y9Si6
z$q39|2F<33HU&i>1w|B*wlJ!Nkwig4i@ra-v#5jr`J8jT_dNdR-21)Yvp+Bq<rpxO
zN@5w&Y%``2Z#(#*WQ7~E3$xLOr!g7tU<|&*1^5Z$@Eb;<W4<wqFdmm+Dz3tO)c@--
z$(Vp?r?Qj_7cd7$a3PMP2Ka)@@sD-g%V_bmQ&7(pV*=Kq7muMP(ucb58fpR$u>{93
z4P6Y9%J?RiiXLph#n_E*?8QjDgb_H58t9(Yet|1!zen9aV_lDM(kJbB)B>te6KO(?
z(}R^bfRT)EK2p&Nr;tD6WVC3E#Y9X;O`wt=O|TZ#VGC+2PGLG;K@UF1Se!)NH-k#O
zo7HFwb5Z>?V?Z68prSn)#4@~rWZO((3jV}B=y4hI8js*%EMbF-@fOzLS8Tu{de>H7
z#BDf+^<gZEeb`I8gLJLIXKwPZ)J^lF72B8v+hgKT?L^dG`jNg(6>8@DP%Aow{F!t7
zti&Nyil3miU;^i144r8lFKR)VsBvnd$v=xRbzIN@2T=odqf&R?Y7blON2vSX;3k|z
ztt6R^)^k;;L)nO$XpiMt<i#+TQ7_h2WNv0SKt(fofZDsqNT23|b$uGOMKh=e64+P`
z<U<Wqfje<OYGOB0XXZZYEWJZ5Y!a23AINbqE;`Zu0S^_u_i3mVm!nqHfO_BzYUV?h
z*HQP4q7L0t)LEHEP4qYFb@OslDQ2J+*oK<eN!*TuIHLD|g34|#^s<~xe2XRMARRh9
z6{wE;Fds)TO#dfJ2pf@2=nbkMR5s5s`}(P>1t?pgq72U!_J502%|RWa9aft|Zwd((
zG&?aeH~Zm8MP*C}N~u-0wAZT%rF1LdC(4NeLRr!RLPgopcSCPZDdU^<M5vGqlR+r;
zc0wr&6&*OGS|?wpSlQ7Y=MgG8=_+f9TtaF7zZ7x7XI;#~LZviRbTG76>xhknzIHlv
zWPJ9MT!#8`Z6K0@)!}z-{WfP-(C>U@cQv=RceNd8YiVn0={z2+TNJQ6vWs%^g5&Oh
dz26__54Oe?*kk^=E2*`!qwA<I_{-B{`wJx4l@9;_

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 591645a..5651a64 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-12 21:42+0200\n"
-"PO-Revision-Date: 2024-10-12 21:46+0200\n"
+"POT-Creation-Date: 2024-10-12 21:59+0200\n"
+"PO-Revision-Date: 2024-10-12 22:04+0200\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -35,28 +35,43 @@ msgid "Identifiant"
 msgstr "Username"
 
 #: dgsi/forms.py:23
-msgid "De préférence identique au login ENS de la personne concernée"
-msgstr "Preferably identical to the ENS login of the person concerned"
+msgid "De préférence identique au login ENS de la personne concernée."
+msgstr "Preferably identical to the ENS login of the person concerned."
 
-#: dgsi/forms.py:26 dgsi/forms.py:39
+#: dgsi/forms.py:26 dgsi/forms.py:47
 msgid "Nom d'usage"
 msgstr "Name in use"
 
-#: dgsi/forms.py:28 dgsi/forms.py:41
+#: dgsi/forms.py:28 dgsi/forms.py:49
 msgid "Adresse e-mail"
 msgstr "E-mail address"
 
-#: dgsi/forms.py:29 dgsi/forms.py:42
-msgid "De préférence l'adresse '@ens.psl.eu'"
-msgstr "Preferably the ‘@ens.psl.eu’ address"
+#: dgsi/forms.py:30
+msgid ""
+"De préférence :<br>- l'adresse <code>@ens.psl.eu</code> pour les personnes "
+"en scolarité ;<br>- l'adresse <code>@normalesup.org</code> pour les "
+"personnes ayant fini leur scolarité ;<br><b>Pour les personnes extérieures, "
+"le bureau doit donner son accord.</b>"
+msgstr ""
+"Preferably:<br>- the <code>@ens.psl.eu</code> address for students;<br>- the "
+"<code>@normalesup.org</code> address for people having finished their "
+"studies;<br><b>For outsiders, the board must give its approval.</b>"
 
-#: dgsi/forms.py:32
+#: dgsi/forms.py:37
 msgid "Membre actif"
 msgstr "Active member"
 
-#: dgsi/forms.py:33
-msgid "Si selectionné, la personne sera ajoutée au groupe dgnum_members"
-msgstr "If selected, the person will be added to the dgnum_members group."
+#: dgsi/forms.py:39
+msgid ""
+"Si selectionné, la personne sera ajoutée au groupe <code>dgnum_members</"
+"code>.<br><b>L'accord préalable du bureau est nécessaire !</b>"
+msgstr ""
+"If selected, the person will be added to the <code>dgnum_members</code> "
+"group.<br><b>Prior approval from the board is required!</b>"
+
+#: dgsi/forms.py:50
+msgid "De préférence l'adresse '@ens.psl.eu'"
+msgstr "Preferably the ‘@ens.psl.eu’ address"
 
 #: dgsi/models.py:24
 msgid "Nom du service proposé"

From 24f825c1dd34a3948cce7d39c19623ecf948ffa7 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 12 Oct 2024 22:24:16 +0200
Subject: [PATCH 109/172] feat(templates): Tweak base template

This allows content to stay at a reasonable size
---
 src/shared/templates/base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/templates/base.html b/src/shared/templates/base.html
index e535d9a..8aed9cb 100644
--- a/src/shared/templates/base.html
+++ b/src/shared/templates/base.html
@@ -16,7 +16,7 @@
   <body>
     {% include "_hero.html" %}
 
-    <section class="section">
+    <section class="container is-max-widescreen py-6">
       <div id="notifications">
         {% for message in messages %}
           <article class="notification is-light has-text-centered {{ message.tags }}">

From b859a72747648b7e2ce6384de02354bf3e6837cd Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 25 Jan 2025 19:37:50 +0100
Subject: [PATCH 110/172] feat(dgsi): Add archives

---
 default.nix                                |   1 +
 src/app/settings.py                        |   8 +++
 src/app/urls.py                            |   4 ++
 src/dgsi/admin.py                          |   4 +-
 src/dgsi/migrations/0009_archive.py        |  48 +++++++++++++
 src/dgsi/models.py                         |  24 ++++++-
 src/dgsi/templates/dgsi/archive_list.html  |  51 ++++++++++++++
 src/dgsi/urls.py                           |   7 ++
 src/dgsi/views.py                          |  43 +++++++++++-
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 7279 -> 7504 bytes
 src/shared/locale/en/LC_MESSAGES/django.po |  74 +++++++++++++--------
 11 files changed, 229 insertions(+), 35 deletions(-)
 create mode 100644 src/dgsi/migrations/0009_archive.py
 create mode 100644 src/dgsi/templates/dgsi/archive_list.html

diff --git a/default.nix b/default.nix
index 5c9096a..5bb3ece 100644
--- a/default.nix
+++ b/default.nix
@@ -88,6 +88,7 @@ in
       DGSI_STATIC_ROOT = builtins.toString ./.static;
       DGSI_MEDIA_ROOT = builtins.toString ./.media;
       DGSI_KANIDM_CLIENT = "dgsi_test";
+      DGSI_ARCHIVES_ROOT = builtins.toString ./.archives;
     };
 
     shellHook = ''
diff --git a/src/app/settings.py b/src/app/settings.py
index a201185..6a6c6a8 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -277,6 +277,7 @@ MEDIA_ROOT = credentials.get("MEDIA_ROOT")
 ###
 # Storages configuration
 
+ARCHIVES_INTERNAL = credentials.get("ARCHIVES_INTERNAL", "_archives")
 STORAGES = {
     "default": {
         "BACKEND": "django.core.files.storage.FileSystemStorage",
@@ -284,6 +285,13 @@ STORAGES = {
     "staticfiles": {
         "BACKEND": "django.contrib.staticfiles.storage.ManifestStaticFilesStorage",
     },
+    "archives": {
+        "BACKEND": "django.core.files.storage.FileSystemStorage",
+        "OPTIONS": {
+            "location": credentials["ARCHIVES_ROOT"],
+            "base_url": f"/{ARCHIVES_INTERNAL}/",
+        },
+    },
 }
 
 ###
diff --git a/src/app/urls.py b/src/app/urls.py
index 8cc4af3..4907912 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -33,4 +33,8 @@ if settings.DEBUG:
         path("__debug__/", include("debug_toolbar.urls")),
         *static(settings.STATIC_URL, document_root=settings.STATIC_ROOT),
         *static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT),
+        *static(
+            settings.STORAGES["archives"]["OPTIONS"]["base_url"],
+            document_root=settings.STORAGES["archives"]["OPTIONS"]["location"],
+        ),
     ]
diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 29a6911..8e374a7 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -10,7 +10,7 @@ from unfold.contrib.import_export.forms import (
     SelectableFieldsExportForm,
 )
 
-from dgsi.models import Bylaws, Service, Statutes, Translation, User
+from dgsi.models import Archive, Bylaws, Service, Statutes, Translation, User
 
 assert DjangoUserAdmin.fieldsets is not None
 
@@ -54,7 +54,7 @@ class UserAdmin(DjangoUserAdmin, ImportExportMixin, ModelAdmin):
     )
 
 
-@admin.register(Bylaws, Service, SocialAccount, Statutes, Translation)
+@admin.register(Archive, Bylaws, Service, SocialAccount, Statutes, Translation)
 class AdminClass(ImportExportMixin, ModelAdmin):
     compressed_fields = True
     import_form_class = ImportForm
diff --git a/src/dgsi/migrations/0009_archive.py b/src/dgsi/migrations/0009_archive.py
new file mode 100644
index 0000000..efb7aab
--- /dev/null
+++ b/src/dgsi/migrations/0009_archive.py
@@ -0,0 +1,48 @@
+# Generated by Django 4.2.16 on 2025-01-25 15:27
+
+import django.core.files.storage
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("dgsi", "0008_alter_user_accepted_statutes"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Archive",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("date", models.DateField(verbose_name="Date du document")),
+                (
+                    "name",
+                    models.CharField(max_length=255, verbose_name="Nom du document"),
+                ),
+                (
+                    "file",
+                    models.FileField(
+                        storage=django.core.files.storage.FileSystemStorage(
+                            base_url="/archives/",
+                            location="/home/thubrecht/Software/git.dgnum.eu/DGNum/dgsi/.archives",
+                        ),
+                        upload_to="",
+                        verbose_name="Fichier PDF",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Document d'archives",
+                "verbose_name_plural": "Documents d'archives",
+            },
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 0be7927..2314b3a 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -7,6 +7,7 @@ from aiohttp.client_exceptions import ClientConnectorError
 from allauth.socialaccount.models import SocialAccount
 from asgiref.sync import async_to_sync
 from django.contrib.auth.models import AbstractUser
+from django.core.files import storage
 from django.db import models
 from django.db.models.signals import pre_delete
 from django.dispatch import receiver
@@ -74,6 +75,23 @@ class Bylaws(LegalDocument):
         verbose_name_plural = _("Règlements Intérieurs")
 
 
+class Archive(models.Model):
+    """
+    Archived documents for the association.
+    """
+
+    date = models.DateField(_("Date du document"))
+    name = models.CharField(_("Nom du document"), max_length=255)
+    file = models.FileField(_("Fichier PDF"), storage=storage.storages["archives"])
+
+    def __str__(self) -> str:
+        return self.name
+
+    class Meta:  # pyright: ignore
+        verbose_name = _("Document d'archives")
+        verbose_name_plural = _("Documents d'archives")
+
+
 # class TermsAndConditions(LegalDocument):
 #     """
 #     Terms and Conditions of use regarding a service offered by the association.
@@ -118,7 +136,7 @@ class Translation(models.Model):
 
 
 # INFO: We need to use a signal receiver here, as the delete method is not called
-#       when deleteing objects from the admin interface
+#       when deleting objects from the admin interface
 @receiver(pre_delete, sender=Translation)
 def restore_username(**kwargs):
     """
@@ -185,3 +203,7 @@ class User(AbstractUser):
         return (self.kanidm is not None) and (
             ADMIN_GROUP in self.kanidm.person.memberof
         )
+
+    def can_access_archive(self, archive: Archive) -> bool:
+        # Prepare a more complex workflow
+        return True
diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
new file mode 100644
index 0000000..2badaf4
--- /dev/null
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -0,0 +1,51 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">{% trans "Archives de la DGNum" %}</h2>
+  <hr>
+
+  {% for file in archive_list %}
+    <a class="button is-fullwidth is-block mb-2"
+       href="{% url "dgsi:dgn-protected-archive" file.pk %}">
+      <span class="tag is-pulled-left">
+        <span class="icon"><i class="ti ti-archive"></i></span>
+      </span>
+      <span class="icon"><i class="ti ti-download"></i></span>
+      <span>{{ file }}</span>
+      <span class="tag is-pulled-right">{{ file.date }}</span>
+    </a>
+  {% endfor %}
+
+  <hr>
+  <h2 class="subtitle">{% trans "Statuts" %}</h2>
+
+  {% for document in statutes_list %}
+    <a class="button is-fullwidth is-block mb-2"
+       href="{{ document.file.url }}">
+      <span class="tag is-pulled-left">
+        <span class="icon"><i class="ti ti-script"></i></span>
+      </span>
+      <span class="icon"><i class="ti ti-download"></i></span>
+      <span>{{ document }}</span>
+      <span class="tag is-pulled-right">{{ document.date }}</span>
+    </a>
+  {% endfor %}
+
+  <hr>
+  <h2 class="subtitle">{% trans "Règlements Intérieurs" %}</h2>
+
+  {% for document in bylaws_list %}
+    <a class="button is-fullwidth is-block mb-2"
+       href="{{ document.file.url }}">
+      <span class="tag is-pulled-left">
+        <span class="icon"><i class="ti ti-script"></i></span>
+      </span>
+      <span class="icon"><i class="ti ti-download"></i></span>
+      <span>{{ document }}</span>
+      <span class="tag is-pulled-right">{{ document.date }}</span>
+    </a>
+  {% endfor %}
+
+{% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 4236850..d3d546e 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -7,6 +7,13 @@ app_name = "dgsi"
 urlpatterns = [
     # Misc views
     path("", views.IndexView.as_view(), name="dgn-index"),
+    # Archives
+    path("archives/", views.ArchiveListView.as_view(), name="dgn-archives"),
+    path(
+        "archives/<int:pk>/",
+        views.ProtectedArchiveView.as_view(),
+        name="dgn-protected-archive",
+    ),
     # Legal documents
     path(
         "legal-documents/",
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index aa8e646..d3d1a0a 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,21 +1,23 @@
 from typing import Any, NamedTuple
 
 from asgiref.sync import async_to_sync
+from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.mail import EmailMessage
-from django.http import HttpRequest, HttpResponseBase, HttpResponseRedirect
+from django.http import Http404, HttpRequest, HttpResponseBase, HttpResponseRedirect
+from django.http.response import HttpResponse
 from django.template.loader import render_to_string
 from django.urls import reverse_lazy
 from django.utils.functional import Promise
 from django.utils.translation import gettext_lazy as _
-from django.views.generic import FormView, ListView, RedirectView, TemplateView
+from django.views.generic import FormView, ListView, RedirectView, TemplateView, View
 from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.forms import CreateKanidmAccountForm, CreateSelfAccountForm
 from dgsi.mixins import StaffRequiredMixin
-from dgsi.models import Bylaws, Service, Statutes, User
+from dgsi.models import Archive, Bylaws, Service, Statutes, User
 from shared.kanidm import klient
 
 
@@ -30,6 +32,7 @@ AUTHENTICATED_LINKS: list[Link] = [
     Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
     Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
     Link("is-info", "dgsi:dgn-services", _("Services proposés"), "apps-filled"),
+    Link("is-success", "dgsi:dgn-archives", _("Archives"), "archive"),
 ]
 
 ADMIN_LINKS: list[Link] = [
@@ -166,6 +169,40 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
         return super().form_valid(form)
 
 
+class ArchiveListView(LoginRequiredMixin, ListView):
+    model = Archive
+    ordering = ["-date"]
+
+    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+        return super().get_context_data(
+            bylaws_list=Bylaws.objects.all(),
+            statutes_list=Statutes.objects.all(),
+            **kwargs,
+        )
+
+
+class ProtectedArchiveView(LoginRequiredMixin, View):
+    http_method_names = ["get"]
+
+    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
+        u = User.from_request(request)
+        archive = Archive.objects.get(pk=self.kwargs["pk"])
+
+        if u.can_access_archive(archive):
+            # INFO: When in DEBUG mode, redirect to the "real" file
+            if settings.DEBUG:
+                return HttpResponseRedirect(redirect_to=archive.file.url)
+
+            return HttpResponse(
+                headers={
+                    "Content-Disposition": f"attachment; filename={archive.file.name}",
+                    "X-Accel-Redirect": f"/{settings.ARCHIVES_INTERNAL}/{archive.file.name}",
+                }
+            )
+        else:
+            raise Http404
+
+
 class LegalDocumentsView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/legal_documents.html"
 
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index 40c380e107b51d4f66fe6317b56524f61a6c57b2..d3248fc23eddf58adbf821b0f40e12c4eae5fd7c 100644
GIT binary patch
delta 1898
zcmZ|POH5Q(9LMoLBZv%Ihldow$3^8)5DUo2Lq$fk;0vlIR3k~FFp4dYMDUTO_BLr_
zlg5Nb#BLhnLK8J<B(hOlU|i|KRxuT0Q$trxFwwdpu^Qs{ce$h8cryR{Irrw=^Zeg=
zUU{$DeUchKV3bB;0dX>5_9ecK=R&zS(`+kV!WB4)IhdPhmX7r}3tKP)qnL_c;|JJ>
zAv}v}cLnv{HC$@u+FdGo;RQMvPpeGK#d55{B<w-GcpMkvDgXH(e#reW>b+6S#;2Ht
ziM*_dEkU)bLQQBpCd9dB`=~^C&>l3)$IF<9qo@vEVj89=o6W@nOu<Ujgf`=B{2cjN
z2NzA?n16p77jb_M_1=j8{62;m-~OVaj?(BwGb}(2T#K7<5Aw4MT(t75$eipRYGQxl
zVtkHtWpn3DPc$3VUlHoa>hL3s;(Y8wcOI2XRMc<;ITIU0o%Ji!iVHbNbx@5usuuha
zyOC3~|8N-wXuJdS@d18?UtlBqy#}x2cAUf(Y)Ik!b;cLimrw99?ulbCM){2U<1DWL
z|3Gcs6!NnW+r{zPGSq!B>Wm}ETx=I=;s;Rej-nR&Eoy;hPzxDOXaAQ_xyu7>`M(&(
zWLhU+1T}CyYK6N|9e#ssj{SfdZ~!%d^QfJ?;om>-?<Y|012lSwA*{iFTq;^&9&b^#
zCR7&hM`fvtTFFno=TH+GM7~73h5AzOpjPx7YJz{G&UgZ~L-BN~=b5OZ%t5tx>!@hp
zX5?p`T(;l|)Qm?_$u*8jI`yg*C!=;O3zc+XRQm|(f20W++d5DS{2tZ*SJcFBPwU$6
zRMhYxDm$N{k}8wdnyG`@iS_s$?nJF*484hAJ@@+NE<yt~;R{@j5oS}1U8o$pg6ek?
zE66{~<eMVryuu<amsm?^P!+9KIT9<YscazBiMCdG;t<t@b}mAwY$dc(=HcydE%JqW
zlPW{6FurXgv_&k$TbZ_#|0LT;kdI!`&b+VaSUx6{7fLD?=B*U0j%Xk@5$lLXVhy2E
zLAaG%iU|Ef#Y!F(ZLJcom{6kVi2h%6*6Rr+Um>ACCVg7^2PN6PvYBhSU-yoPI;U#^
zB0T-P%u1-NAXX7G2z_QN3FSbnl=_t_IkatNFm7SwP;2|aBhem<Rh+h{)3MjtP~UjC
zbErA-(-}dhEr0KHtNvetxoO?4hdZNPy*=+9_Y92$QxZer;*!$hvanNHRb5_ER8rbM
yp7JuTqW^K~)S_7D??&m~@AS4u{b9z^CITV9jnn22(0?-{C+Y3Op+^}%C%ge9>%lny

delta 1676
zcmX}sSx8h-9LMqFHl}8pqgiS>F1cIdG&*j%lv%dmLg0f!RzwjI75NYa7m^^;BpK>O
z5Ud1)$cK3f46GmwGK`=FLFlCgDl0GuGW-6ng9rZibIzT6&-%YJQ#oI5%_W52G?cwW
z8gVMrm}58*&V|zAFlIlt;uajn44lS9oX1rd9%;-vjKu`Z#x>}}cx=QhY!Ci^5naYu
zW`N3iei%nDPGJ--q6Ubh_l=l_x?hRO*noPk6H~DpQ*aP9k^89Uo}wl&ixDBle8qa&
zzvwKN@r^gym>h0&qB`ioI2^{c_yAYqB*x%0YQXow_5yCA9m0=#-i3P3!=)5!PzyPa
znouuloDpndd^15s130*7rB0+zQ-V&c#&m2!9yMoB6TF1#upf0KcQGHI;RgJHNf;fw
z{G1DQ1m&os>_kf)^-)m=L#VTRgx7EeIR(?fL1yDoY{RSg8fWn&j?+msrm)Yg*p8ie
z4|SvtwxtoPu!AGGjP11N64?JdDrGE_d*%>o#b>#2Oy)|kJ%BpX+sK&aA!_1Ns1?0K
zP5durVjTOeE%u;}-~dKo4{DrV)PjZ**?$c*$qg23o}&hMiyH7FYKs?x?IiY7?IP6k
z4fqDzum<yaNeeoGdVi3Ml5`9;;m1K=As>$UU{TSR_8GN;Z>R}r6rEudvM7^<y6;0B
zRUPX2BgiYJ8#Pcr?!!^k1b?D(X9<;4={%$b7NB;>s-U8zI*59q3-v#68hOX`p;mMU
z^}-9(%s&PFj(TnZm3*<xS~=rGO|%yE`5nd{JcnAyZ)9SYS)#I=8|m~uhR3lP<N3yl
zunX((Ix2}?qB>4umOk_$Iki%@Q>!GJf_EBF3))GP5gJ^j+P>B<e+o(peZwxIkkDCe
zBearTL@uFi(^gjy_GgMQ{*ef$rD>HCDs_bRX%9i?_TGS9v_C3Q%dA|rd=)pbgV?GD
zMJcNER`C*SvAy?dlW=wdkeHSUqoKp&gEv)#it=4WX{iig+wA=U`_En$5Svw@=#a|o
z+VX{Cu`@FdiwR|q&ZC5=Cqju#B14;$L&Xyqbwq~*rX!of{O*|4Kvzs$WW2Yy#9dtC
lad|wIZf~L6<F^w2gp~O&IR6E1C4LF@-$-@^o+J-M{0BuJkPiR=

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 5651a64..0d8972e 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -1,14 +1,14 @@
 # DG·SI english translation
 # Copyright (C) 2024 DGNum
 # This file is distributed under the same license as the dgsi package.
-# Tom Hubrecht <tom.hubrecht@dgnum.eu>, 2024.
+# Tom Hubrecht <tom.hubrecht@dgnum.eu>, 2024-2025.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-12 21:59+0200\n"
-"PO-Revision-Date: 2024-10-12 22:04+0200\n"
+"POT-Creation-Date: 2025-01-25 19:38+0100\n"
+"PO-Revision-Date: 2025-01-25 19:40+0100\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -16,9 +16,9 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1)\n"
-"X-Generator: Gtranslator 46.1\n"
+"X-Generator: Gtranslator 47.1\n"
 
-#: app/settings.py:321
+#: app/settings.py:329
 msgid "Administration de DGSI"
 msgstr "DGSI Administration"
 
@@ -73,56 +73,64 @@ msgstr ""
 msgid "De préférence l'adresse '@ens.psl.eu'"
 msgstr "Preferably the ‘@ens.psl.eu’ address"
 
-#: dgsi/models.py:24
+#: dgsi/models.py:27
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
-#: dgsi/models.py:25
+#: dgsi/models.py:28
 msgid "Adresse du service"
 msgstr "Address of the service"
 
-#: dgsi/models.py:26
+#: dgsi/models.py:29
 msgid "Icône du service"
 msgstr "Icon of the service"
 
-#: dgsi/models.py:36
+#: dgsi/models.py:39 dgsi/models.py:85
 msgid "Date du document"
 msgstr "Document date"
 
-#: dgsi/models.py:37
+#: dgsi/models.py:40 dgsi/models.py:86
 msgid "Nom du document"
 msgstr "Document name"
 
-#: dgsi/models.py:38
+#: dgsi/models.py:41 dgsi/models.py:87
 msgid "Fichier PDF"
 msgstr "PDF file"
 
-#: dgsi/models.py:60 dgsi/models.py:61
+#: dgsi/models.py:63 dgsi/models.py:64 dgsi/templates/dgsi/archive_list.html:22
 #: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Statuts"
 msgstr "Statutes"
 
-#: dgsi/models.py:73 dgsi/templates/dgsi/legal_documents.html:30
+#: dgsi/models.py:76 dgsi/templates/dgsi/legal_documents.html:30
 msgid "Règlement Intérieur"
 msgstr "Bylaws"
 
-#: dgsi/models.py:74
+#: dgsi/models.py:77 dgsi/templates/dgsi/archive_list.html:37
 msgid "Règlements Intérieurs"
 msgstr "Bylaws"
 
-#: dgsi/models.py:116
+#: dgsi/models.py:93
+msgid "Document d'archives"
+msgstr "Archive document"
+
+#: dgsi/models.py:94
+msgid "Documents d'archives"
+msgstr "Archive documents"
+
+#: dgsi/models.py:136
 msgid "Correspondance de login"
 msgstr "Login mapping"
 
-#: dgsi/models.py:117
+#: dgsi/models.py:137
 msgid "Correspondances de login"
 msgstr "Login mappings"
 
-#: dgsi/models.py:148
+#: dgsi/models.py:168
 msgid "Derniers Statuts acceptés"
 msgstr "Latest accepted Statutes"
 
-#: dgsi/models.py:155
+#: dgsi/models.py:175
 msgid "Dernier Règlement Intérieur accepté"
 msgstr "Latest accepted Bylaws"
 
@@ -137,6 +145,10 @@ msgstr ""
 msgid "Accepté"
 msgstr "Accepted"
 
+#: dgsi/templates/dgsi/archive_list.html:6
+msgid "Archives de la DGNum"
+msgstr "Archives of the DGNum"
+
 #: dgsi/templates/dgsi/create_kanidm_account.html:6
 msgid "Création de compte Kanidm"
 msgstr "Kanidm account creation"
@@ -225,48 +237,52 @@ msgstr "Create a DGNum account"
 msgid "Services accessibles via la DGNum"
 msgstr "Services accessible via the DGNum"
 
-#: dgsi/views.py:30
+#: dgsi/views.py:32
 msgid "Mon profil"
 msgstr "My profile"
 
-#: dgsi/views.py:31
+#: dgsi/views.py:33
 msgid "Documents Légaux"
 msgstr "Legal Documents"
 
-#: dgsi/views.py:32
+#: dgsi/views.py:34
 msgid "Services proposés"
 msgstr "Services offered"
 
-#: dgsi/views.py:39
+#: dgsi/views.py:35
+msgid "Archives"
+msgstr "Archives"
+
+#: dgsi/views.py:42
 msgid "Créer un compte Kanidm"
 msgstr "Create a Kanidm account"
 
-#: dgsi/views.py:43 shared/templates/_hero.html:76
+#: dgsi/views.py:46 shared/templates/_hero.html:76
 msgid "Interface d'administration"
 msgstr "Administration interface"
 
-#: dgsi/views.py:80
+#: dgsi/views.py:83
 msgid "Compte DGNum inexistant."
 msgstr "No existing DGNum account."
 
-#: dgsi/views.py:97
+#: dgsi/views.py:100
 msgid "Compte DGNum créé avec succès"
 msgstr "DGNum account successfully created"
 
-#: dgsi/views.py:113
+#: dgsi/views.py:116
 msgid "<b>Vous possédez déjà un compte DGNum !</b>"
 msgstr "<b>You already have a DGNum account!</b>"
 
-#: dgsi/views.py:125
+#: dgsi/views.py:128
 msgid "Vous devez accepter les Statuts et le Règlement Intérieur."
 msgstr "You must accept the Statutes and the Bylaws."
 
-#: dgsi/views.py:204
+#: dgsi/views.py:241
 #, python-format
 msgid "Type de document invalide : %(kind)s"
 msgstr "Invalid document type: %(kind)s"
 
-#: dgsi/views.py:234
+#: dgsi/views.py:271
 #, python-format
 msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
 msgstr "DGNum account for %(displayname)s [%(name)s] created."

From 73acb2c2a48a3968bce639d706d97bc8906a46a0 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 25 Jan 2025 20:25:38 +0100
Subject: [PATCH 111/172] fix(dgsi/archives): Set the Content-Type header so
 that django's default does not apply

---
 src/dgsi/views.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index d3d1a0a..859bd1b 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -1,3 +1,4 @@
+from mimetypes import guess_type
 from typing import Any, NamedTuple
 
 from asgiref.sync import async_to_sync
@@ -193,9 +194,21 @@ class ProtectedArchiveView(LoginRequiredMixin, View):
             if settings.DEBUG:
                 return HttpResponseRedirect(redirect_to=archive.file.url)
 
+            content_type, encoding = guess_type(archive.file.name)
+
+            if encoding is not None:
+                content_type = {
+                    "br": "application/x-brotli",
+                    "bzip2": "application/x-bzip",
+                    "compress": "application/x-compress",
+                    "gzip": "application/gzip",
+                    "xz": "application/x-xz",
+                }.get(encoding, content_type)
+
             return HttpResponse(
                 headers={
-                    "Content-Disposition": f"attachment; filename={archive.file.name}",
+                    "Content-Type": content_type,
+                    "Content-Disposition": f"inline; filename={archive.file.name}",
                     "X-Accel-Redirect": f"/{settings.ARCHIVES_INTERNAL}/{archive.file.name}",
                 }
             )

From 5937f2a0d078b2823475866d9e1939f239a05d30 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 26 Jan 2025 00:49:10 +0100
Subject: [PATCH 112/172] fix(mobile): Make it readable

---
 src/dgsi/templates/_legal_document.html   |  2 +-
 src/dgsi/templates/dgsi/archive_list.html | 17 ++++++-----------
 src/shared/static/bulma/bulma.scss        | 13 +++++++++++++
 src/shared/templates/base.html            |  2 +-
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/dgsi/templates/_legal_document.html b/src/dgsi/templates/_legal_document.html
index 8316bd5..a69159e 100644
--- a/src/dgsi/templates/_legal_document.html
+++ b/src/dgsi/templates/_legal_document.html
@@ -21,6 +21,6 @@
 </h2>
 
 <a class="button bt-link" href="{{ document.file.url }}">
-  <span>{{ document }}</span>
+  <span class="ellipsis">{{ document }}</span>
   <span class="icon"><i class="ti ti-file-download"></i></span>
 </a>
diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index 2badaf4..2b6bcb2 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -7,13 +7,12 @@
   <hr>
 
   {% for file in archive_list %}
-    <a class="button is-fullwidth is-block mb-2"
+    <a class="button bt-archive"
        href="{% url "dgsi:dgn-protected-archive" file.pk %}">
       <span class="tag is-pulled-left">
         <span class="icon"><i class="ti ti-archive"></i></span>
       </span>
-      <span class="icon"><i class="ti ti-download"></i></span>
-      <span>{{ file }}</span>
+      <span class="ellipsis mx-2">{{ file }}</span>
       <span class="tag is-pulled-right">{{ file.date }}</span>
     </a>
   {% endfor %}
@@ -22,13 +21,11 @@
   <h2 class="subtitle">{% trans "Statuts" %}</h2>
 
   {% for document in statutes_list %}
-    <a class="button is-fullwidth is-block mb-2"
-       href="{{ document.file.url }}">
+    <a class="button bt-archive" href="{{ document.file.url }}">
       <span class="tag is-pulled-left">
         <span class="icon"><i class="ti ti-script"></i></span>
       </span>
-      <span class="icon"><i class="ti ti-download"></i></span>
-      <span>{{ document }}</span>
+      <span class="ellipsis mx-2">{{ document }}</span>
       <span class="tag is-pulled-right">{{ document.date }}</span>
     </a>
   {% endfor %}
@@ -37,13 +34,11 @@
   <h2 class="subtitle">{% trans "Règlements Intérieurs" %}</h2>
 
   {% for document in bylaws_list %}
-    <a class="button is-fullwidth is-block mb-2"
-       href="{{ document.file.url }}">
+    <a class="button bt-archive" href="{{ document.file.url }}">
       <span class="tag is-pulled-left">
         <span class="icon"><i class="ti ti-script"></i></span>
       </span>
-      <span class="icon"><i class="ti ti-download"></i></span>
-      <span>{{ document }}</span>
+      <span class="ellipsis mx-2">{{ document }}</span>
       <span class="tag is-pulled-right">{{ document.date }}</span>
     </a>
   {% endfor %}
diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index e358754..8f95fe5 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -20,6 +20,19 @@ body {
   justify-content: space-between;
 }
 
+.ellipsis {
+  overflow-x: hidden;
+  text-overflow: ellipsis;
+  display: block;
+}
+
+.bt-archive {
+  display: flex;
+  width: 100%;
+  margin-bottom: calc(0.5 * var(--bulma-block-spacing));
+  justify-content: space-between;
+}
+
 .bt-link {
   display: flex;
   width: 100%;
diff --git a/src/shared/templates/base.html b/src/shared/templates/base.html
index 8aed9cb..005a7be 100644
--- a/src/shared/templates/base.html
+++ b/src/shared/templates/base.html
@@ -16,7 +16,7 @@
   <body>
     {% include "_hero.html" %}
 
-    <section class="container is-max-widescreen py-6">
+    <section class="container is-max-widescreen py-6 px-4">
       <div id="notifications">
         {% for message in messages %}
           <article class="notification is-light has-text-centered {{ message.tags }}">

From 57fb348bdb4f3320bcd524920e004cce4074060b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 26 Jan 2025 00:49:32 +0100
Subject: [PATCH 113/172] chore(icons): Put all the icons before the text

---
 src/dgsi/templates/dgsi/create_kanidm_account.html | 2 +-
 src/dgsi/templates/dgsi/create_self_account.html   | 2 +-
 src/shared/templates/_hero.html                    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/dgsi/templates/dgsi/create_kanidm_account.html b/src/dgsi/templates/dgsi/create_kanidm_account.html
index 62ef674..178e2cf 100644
--- a/src/dgsi/templates/dgsi/create_kanidm_account.html
+++ b/src/dgsi/templates/dgsi/create_kanidm_account.html
@@ -11,8 +11,8 @@
     {% include "bulma/form.html" with form=form %}
 
     <button class="button is-fullwidth mt-6">
-      <span>{% trans "Enregistrer" %}</span>
       <span class="icon"><i class="ti ti-check"></i></span>
+      <span>{% trans "Enregistrer" %}</span>
     </button>
   </form>
 {% endblock content %}
diff --git a/src/dgsi/templates/dgsi/create_self_account.html b/src/dgsi/templates/dgsi/create_self_account.html
index 5b2fc62..7ebe3bd 100644
--- a/src/dgsi/templates/dgsi/create_self_account.html
+++ b/src/dgsi/templates/dgsi/create_self_account.html
@@ -11,8 +11,8 @@
     {% include "bulma/form.html" with form=form %}
 
     <button class="button is-fullwidth mt-6">
-      <span>{% trans "Enregistrer" %}</span>
       <span class="icon"><i class="ti ti-check"></i></span>
+      <span>{% trans "Enregistrer" %}</span>
     </button>
   </form>
 {% endblock content %}
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 858b1d5..9efcf35 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -15,19 +15,19 @@
             <a href="{% url 'account_logout' %}"
                class="button is-light is-fullwidth">
               <span>
-                <span>{% trans "Déconnexion" %}</span>
                 <span class="icon">
                   <i class="ti ti-door-exit"></i>
                 </span>
+                <span>{% trans "Déconnexion" %}</span>
               </span>
             </a>
           {% else %}
             <a href="{% url 'account_login' %}" class="button is-fullwidth is-light">
               <span>
-                <span>{% trans "Connexion" %}</span>
                 <span class="icon">
                   <i class="ti ti-door-enter"></i>
                 </span>
+                <span>{% trans "Connexion" %}</span>
               </span>
             </a>
           {% endif %}

From 2b08dfa40ec26a3f6f358526c4b93065159b6ddf Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 27 Jan 2025 21:30:13 +0100
Subject: [PATCH 114/172] feat(index): Add outline link

---
 src/dgsi/templates/_index_link.html        |   3 +-
 src/dgsi/views.py                          |   8 +++
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 7504 -> 7563 bytes
 src/shared/locale/en/LC_MESSAGES/django.po |  70 +++++++++++----------
 4 files changed, 47 insertions(+), 34 deletions(-)

diff --git a/src/dgsi/templates/_index_link.html b/src/dgsi/templates/_index_link.html
index c89b0cf..85142be 100644
--- a/src/dgsi/templates/_index_link.html
+++ b/src/dgsi/templates/_index_link.html
@@ -1,4 +1,5 @@
-<a class="button bt-link is-light {{ link.color }}" href="{% url link.reverse %}">
+<a class="button bt-link is-light {{ link.color }}"
+  href="{% if link.absolute %}{{ link.reverse }}{% else %}{% url link.reverse %}{% endif %}">
   {% if link.icon %}<span class="icon"><i class="ti ti-{{ link.icon }}"></i></span>{% endif %}
   <span>{{ link.text }}</span>
 </a>
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 859bd1b..73cc253 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -27,10 +27,18 @@ class Link(NamedTuple):
     reverse: str
     text: str | Promise
     icon: str | None = None
+    absolute: bool = False
 
 
 AUTHENTICATED_LINKS: list[Link] = [
     Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
+    Link(
+        "is-success",
+        "https://docs.dgnum.eu/s/doc-publique",
+        _("Aide et Documention"),
+        "help",
+        True,
+    ),
     Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
     Link("is-info", "dgsi:dgn-services", _("Services proposés"), "apps-filled"),
     Link("is-success", "dgsi:dgn-archives", _("Archives"), "archive"),
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index d3248fc23eddf58adbf821b0f40e12c4eae5fd7c..96170c23b9231ff7cf267996919b30609b149470 100644
GIT binary patch
delta 1782
zcmY+^OGs2v9LMo9Hlt?wnl#HYC(B;iLvykmO)H%=r=%oWWPvq9R5nIvtEn3aK^9SH
zv?z*MRU3&0LTe#K5E4aExahfP6SWFTi0JYCUGFS9%zr-T+<Wf5=bZn!_eIUQfc3%a
zzHBIM#9U%9#hAl5-NPScIMtXCj^GMRO*3Xb`Y{i8VLEo<OzcH3p2sY_fjKyYGjJ5u
z{}pn*W!_O)z=3b53-dYa!zDNiTd)fE;Z(eWdT<<z@Sb!0H5SnRfVyr1=U_G$6=E4`
zfI(EhJ($DuO)nLX%a}8`ffMI5j9HA&aS=|SZcsFBat3QLn|26uu>&=rC{D*d<YzAO
zrvY4Z+QT@H_G8p_pLCq(n;%sC=;CVKs2VlG5bD8UY(We8nKAw}^KoQs<~wR>|6(!D
z$ebL&YScjMQTJ;@rS1SO#j|M5rjnqNkIzsYKcQ0c3zhR?5~&+)L)~C6DpjYj9|w@^
znR#?th>LIsw&E+ij)(9V8=)58<8~~}W&Jy-bg>@F@fZg25AG%<O*~~6?Ksn0f<KW{
zri5kEjH{3|n`WoI9hKt<GA0v4o^8%K$FHLL-$hOMK_2U`nZD$JX7mF~FrBmZra?dL
zAnJvPp$2doHPb=V4M&j0GLKLXet{auN7RZ=IPEMBs$GieUuRJnr_ze+v4pdlX(w{X
z^rLoj9Q7LAN6qM|<6G2#z9Mg^`HgOLbCD)A6*a)Qs8pAtR<7PTZnaZUPCHN+oJ2kN
z67n;*_-n<7s1av!7j3dRsLdBZ%{Yi!v7N|%Hb+tYW2o;+KQcCR6E(q6q`zf8Q_;w$
z(2^Obj=88^x)im!+ED}DjarEl*oPNTGxYMV*#pDPv;%kx`>+km8AUn9umNvlQ1Aa2
zD!Oq6?^HFmBYV#-jLrTAC^cGU6)nH^OtREcX(F_5*gp0?(ftBMh}cM|Y$Y^79%oN*
z17@z}Z#l7=NEROz&76VTGvl?kzkEStAK7KuK-^O>aL41el!R4;l2=dY%b@wIG!pu9
zY#|y5twSB5q9?B-v?f}&WLZo_3Dg>|AhcV^{eMLX-$by}4w*74`mX7HP-eAzRJ3dS
z#5SUtP$5?)g;=8orGi*VXx*m}r9>5>geOa-Q>jVBQ?p&(gW-rT(&KCF-rsv9674zI
r9Zd|SJ;_L`_ElEYRIW?JyuVyCn<HIEeVx&;FYI*dv^yTpdz1bTKL?%k

delta 1728
zcmYk+UrbM79LMo*`K1*4_e1ipqW_BMNB_{TP)IE{e^#5#7M5_~f|(o}W5bq7F0Bh~
zWwZYLT#yUqiVOd0G>ma!wruF8jm*41r_<)y`JUHv&Yts}=leX*IhRXcmN*|1d>uxq
zB^DA_!p#ojA0H=5_jI!w?7@5-$5c#@H1lH>Mqwk)#U@O^(>NR3Fb;2`+V!HIyN657
z9D7DZ4~$_7`e>De=~#&CaRweoJ=lti@S1nO59e_`h<a`a7vMKc#z-F4z|v6dictfq
z$A~b;Y(JGCHx5OcW#Vnjz#&uzzc3N~F=nxth4EN~8qijpiTjYlS~zI{C%x<IxR~os
z)N>EL`>!y-`|Sf2b(Bai8etad#pSpK8<4}gI4Sc1WK8xFHL&-%1b-l1S?sLIfi6Jx
zmy24mO3cP4oR4kj%%RdlMGYS!Yhoj)wVps_oWnw@gA&wIHR2^ahOC<X#$^~z;~kiZ
z!*~jtv6lHR!~0l|<JgGR@vOhrxQlt&jPI}^jF<72-CVblUKYMaP2FGQusEiR<+Wv~
z>pavN2a&PZ9@M}OqS~E6C3+T>;0;tFgMQ{ejmk4_Xv%+L0Apw!fkD)Zt56y4MRj-v
znH;-_dSM4@0Jl&x`M|p#_O3@!?ZavG2IFu&es!oQ!wjCHYIUexd;qme9aJV)Jv&hY
z>O;OndyM*0pQ18)jvC-+)EbYXX2?gUx}Stv%2ZT)r;>_ZybC$(2&Zj$0X5<w)aLqx
z+H~qw8ONYzEE%=w0;u*u)PJN7dAGHo5<HJ;e+M=2CzCq%f{GfxLG8}(s7;kbYmGDo
zH4_zh4tJt589{eoSjDxzxo)V&Ivm607-Tf%coenAdQtt3<68EgCGkzM=iEY)mQJiA
z^imaNt35JRN~vrl)QP56`y_=ZAvAMALZyaKri{a#;d0~)bqBQy-J+@4PDm1QGt+eP
zPqIw}`_V1g?fnt++8;&u94*2MLc2g)h&0^1z$%GqLVt}7L@iN9sH`Q5h+IOyqp6ZX
zMf0d#mPcq;Xg&TfTG$GLoz`qQRP-Cthot`{TiY#LITw0$cR{GLmKII~y!$ILpIAdo
wBlJzJCbZyFrNFBchx(_-hP8+M@u4q~ccUW%DFwwPg)2jy2@_$V0sq^me{|rHDgXcg

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 0d8972e..2a43264 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-25 19:38+0100\n"
-"PO-Revision-Date: 2025-01-25 19:40+0100\n"
+"POT-Creation-Date: 2025-01-27 21:28+0100\n"
+"PO-Revision-Date: 2025-01-27 21:29+0100\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -73,64 +73,64 @@ msgstr ""
 msgid "De préférence l'adresse '@ens.psl.eu'"
 msgstr "Preferably the ‘@ens.psl.eu’ address"
 
-#: dgsi/models.py:27
+#: dgsi/models.py:25
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
-#: dgsi/models.py:28
+#: dgsi/models.py:26
 msgid "Adresse du service"
 msgstr "Address of the service"
 
-#: dgsi/models.py:29
+#: dgsi/models.py:27
 msgid "Icône du service"
 msgstr "Icon of the service"
 
-#: dgsi/models.py:39 dgsi/models.py:85
+#: dgsi/models.py:37 dgsi/models.py:83
 msgid "Date du document"
 msgstr "Document date"
 
-#: dgsi/models.py:40 dgsi/models.py:86
+#: dgsi/models.py:38 dgsi/models.py:84
 msgid "Nom du document"
 msgstr "Document name"
 
-#: dgsi/models.py:41 dgsi/models.py:87
+#: dgsi/models.py:39 dgsi/models.py:85
 msgid "Fichier PDF"
 msgstr "PDF file"
 
-#: dgsi/models.py:63 dgsi/models.py:64 dgsi/templates/dgsi/archive_list.html:22
+#: dgsi/models.py:61 dgsi/models.py:62 dgsi/templates/dgsi/archive_list.html:21
 #: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Statuts"
 msgstr "Statutes"
 
-#: dgsi/models.py:76 dgsi/templates/dgsi/legal_documents.html:30
+#: dgsi/models.py:74 dgsi/templates/dgsi/legal_documents.html:30
 msgid "Règlement Intérieur"
 msgstr "Bylaws"
 
-#: dgsi/models.py:77 dgsi/templates/dgsi/archive_list.html:37
+#: dgsi/models.py:75 dgsi/templates/dgsi/archive_list.html:34
 msgid "Règlements Intérieurs"
 msgstr "Bylaws"
 
-#: dgsi/models.py:93
+#: dgsi/models.py:91
 msgid "Document d'archives"
 msgstr "Archive document"
 
-#: dgsi/models.py:94
+#: dgsi/models.py:92
 msgid "Documents d'archives"
 msgstr "Archive documents"
 
-#: dgsi/models.py:136
+#: dgsi/models.py:134
 msgid "Correspondance de login"
 msgstr "Login mapping"
 
-#: dgsi/models.py:137
+#: dgsi/models.py:135
 msgid "Correspondances de login"
 msgstr "Login mappings"
 
-#: dgsi/models.py:168
+#: dgsi/models.py:166
 msgid "Derniers Statuts acceptés"
 msgstr "Latest accepted Statutes"
 
-#: dgsi/models.py:175
+#: dgsi/models.py:173
 msgid "Dernier Règlement Intérieur accepté"
 msgstr "Latest accepted Bylaws"
 
@@ -153,8 +153,8 @@ msgstr "Archives of the DGNum"
 msgid "Création de compte Kanidm"
 msgstr "Kanidm account creation"
 
-#: dgsi/templates/dgsi/create_kanidm_account.html:14
-#: dgsi/templates/dgsi/create_self_account.html:14
+#: dgsi/templates/dgsi/create_kanidm_account.html:15
+#: dgsi/templates/dgsi/create_self_account.html:15
 msgid "Enregistrer"
 msgstr "Save"
 
@@ -237,52 +237,56 @@ msgstr "Create a DGNum account"
 msgid "Services accessibles via la DGNum"
 msgstr "Services accessible via the DGNum"
 
-#: dgsi/views.py:32
+#: dgsi/views.py:34
 msgid "Mon profil"
 msgstr "My profile"
 
-#: dgsi/views.py:33
+#: dgsi/views.py:38
+msgid "Aide et Documention"
+msgstr "Help and documentation"
+
+#: dgsi/views.py:42
 msgid "Documents Légaux"
 msgstr "Legal Documents"
 
-#: dgsi/views.py:34
+#: dgsi/views.py:43
 msgid "Services proposés"
 msgstr "Services offered"
 
-#: dgsi/views.py:35
+#: dgsi/views.py:44
 msgid "Archives"
 msgstr "Archives"
 
-#: dgsi/views.py:42
+#: dgsi/views.py:51
 msgid "Créer un compte Kanidm"
 msgstr "Create a Kanidm account"
 
-#: dgsi/views.py:46 shared/templates/_hero.html:76
+#: dgsi/views.py:55 shared/templates/_hero.html:76
 msgid "Interface d'administration"
 msgstr "Administration interface"
 
-#: dgsi/views.py:83
+#: dgsi/views.py:92
 msgid "Compte DGNum inexistant."
 msgstr "No existing DGNum account."
 
-#: dgsi/views.py:100
+#: dgsi/views.py:109
 msgid "Compte DGNum créé avec succès"
 msgstr "DGNum account successfully created"
 
-#: dgsi/views.py:116
+#: dgsi/views.py:125
 msgid "<b>Vous possédez déjà un compte DGNum !</b>"
 msgstr "<b>You already have a DGNum account!</b>"
 
-#: dgsi/views.py:128
+#: dgsi/views.py:137
 msgid "Vous devez accepter les Statuts et le Règlement Intérieur."
 msgstr "You must accept the Statutes and the Bylaws."
 
-#: dgsi/views.py:241
+#: dgsi/views.py:262
 #, python-format
 msgid "Type de document invalide : %(kind)s"
 msgstr "Invalid document type: %(kind)s"
 
-#: dgsi/views.py:271
+#: dgsi/views.py:292
 #, python-format
 msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
 msgstr "DGNum account for %(displayname)s [%(name)s] created."
@@ -301,11 +305,11 @@ msgid ""
 msgstr ""
 "Software developed for and by the <a href=‘https://dgnum.eu’>DGNum</a>."
 
-#: shared/templates/_hero.html:18 shared/templates/account/logout.html:6
+#: shared/templates/_hero.html:21 shared/templates/account/logout.html:6
 msgid "Déconnexion"
 msgstr "Logout"
 
-#: shared/templates/_hero.html:27 shared/templates/socialaccount/login.html:6
+#: shared/templates/_hero.html:30 shared/templates/socialaccount/login.html:6
 msgid "Connexion"
 msgstr "Login"
 

From 0e22a71df6e47ecf781ac7ef8c419215151ab703 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 28 Jan 2025 08:54:48 +0100
Subject: [PATCH 115/172] feat(account): Distinguish between staff and
 superuser

---
 src/app/settings.py   |  3 +++
 src/dgsi/models.py    | 10 +++++-----
 src/shared/account.py |  5 +++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 6a6c6a8..25a7a5e 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -235,6 +235,9 @@ ACCOUNT_AUTHENTICATION_METHOD = "username"
 AUTH_PASSWORD_VALIDATORS = []
 AUTH_USER_MODEL = "dgsi.User"
 
+DGSI_STAFF_GROUP = credentials.get("STAFF_GROUP", "dgnum_admins@sso.dgnum.eu")
+DGSI_SUPERUSER_GROUP = credentials.get("SUPERUSER_GROUP", "dgnum_admins@sso.dgnum.eu")
+
 
 ###
 # Internationalization configuration
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 2314b3a..94a5173 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -6,6 +6,7 @@ from typing import Optional, Self
 from aiohttp.client_exceptions import ClientConnectorError
 from allauth.socialaccount.models import SocialAccount
 from asgiref.sync import async_to_sync
+from django.conf import settings
 from django.contrib.auth.models import AbstractUser
 from django.core.files import storage
 from django.db import models
@@ -18,8 +19,6 @@ from kanidm.models.person import Person
 
 from shared.kanidm import klient
 
-ADMIN_GROUP = "dgnum_admins@sso.dgnum.eu"
-
 
 class Service(models.Model):
     name = models.CharField(_("Nom du service proposé"), max_length=255)
@@ -200,9 +199,10 @@ class User(AbstractUser):
 
     @property
     def is_admin(self) -> bool:
-        return (self.kanidm is not None) and (
-            ADMIN_GROUP in self.kanidm.person.memberof
-        )
+        return self.part_of(settings.DGSI_STAFF_GROUP)
+
+    def part_of(self, group: str) -> bool:
+        return (self.kanidm is not None) and group in self.kanidm.person.memberof
 
     def can_access_archive(self, archive: Archive) -> bool:
         # Prepare a more complex workflow
diff --git a/src/shared/account.py b/src/shared/account.py
index 6d4eef6..956fe5b 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -5,6 +5,7 @@ from typing import Optional
 from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
+from django.conf import settings
 from django.contrib import messages
 from django.http import HttpRequest, HttpResponseRedirect
 from django.urls import reverse
@@ -91,8 +92,8 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
         u.username = self._get_username(request, sociallogin)
 
         # Update the global permissions
-        u.is_staff = u.is_admin
-        u.is_superuser = u.is_admin
+        u.is_superuser = u.part_of(settings.DGSI_SUPERUSER_GROUP)
+        u.is_staff = u.is_superuser or u.part_of(settings.DGSI_STAFF_GROUP)
 
         # Save the updated user if needed
         if sociallogin.is_existing:

From 21fe6c01a8eec76d220d12802ee699de03e4efaa Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 28 Jan 2025 18:10:42 +0100
Subject: [PATCH 116/172] chore(dgsi): Add a legal notice

---
 src/dgsi/templates/dgsi/mentions-legales.html | 43 +++++++++++++++++++
 src/dgsi/urls.py                              |  6 +++
 src/shared/templates/_footer.html             |  2 +
 3 files changed, 51 insertions(+)
 create mode 100644 src/dgsi/templates/dgsi/mentions-legales.html

diff --git a/src/dgsi/templates/dgsi/mentions-legales.html b/src/dgsi/templates/dgsi/mentions-legales.html
new file mode 100644
index 0000000..8bc7695
--- /dev/null
+++ b/src/dgsi/templates/dgsi/mentions-legales.html
@@ -0,0 +1,43 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  <h2 class="subtitle">Mentions Légales</h2>
+  <hr>
+
+  <section class="section content">
+    <p class="is-size-4">Éditeur</p>
+    <p>Ce site web est édité par la Délégation Générale Numérique.</p>
+    <p>
+      <b>Délégation Générale Numérique (DGNum)</b>
+      <br>
+      Association de loi 1901
+    </p>
+    <p>
+      Siège social&nbsp;:
+      <br>
+      <i>45 rue d'Ulm, 75005 Paris - France</i>
+    </p>
+    <p>Directeur de publication&nbsp;: Jean-Marc Gailis</p>
+    <p>Contact&nbsp;: contact[at]dgnum.eu</p>
+
+    <hr>
+    <p class="is-size-4">Hébergeur</p>
+    <p>Ce site web est hébergé par la Délégation Générale Numérique.</p>
+    <p>
+      <b>Délégation Générale Numérique (DGNum)</b>
+      <br>
+      Association de loi 1901
+    </p>
+    <p>
+      Siège social&nbsp;:
+      <br>
+      <i>45 rue d'Ulm, 75005 Paris - France</i>
+    </p>
+    <p>Directeur de publication&nbsp;: Jean-Marc Gailis</p>
+    <p>Contact&nbsp;: contact[at]dgnum.eu</p>
+
+  </section>
+
+{% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index d3d546e..d2392f4 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -1,4 +1,5 @@
 from django.urls import path
+from django.views.generic import TemplateView
 
 from . import views
 
@@ -7,6 +8,11 @@ app_name = "dgsi"
 urlpatterns = [
     # Misc views
     path("", views.IndexView.as_view(), name="dgn-index"),
+    path(
+        "mentions-legales",
+        TemplateView.as_view(template_name="dgsi/mentions-legales.html"),
+        name="dgn-mentions-legales",
+    ),
     # Archives
     path("archives/", views.ArchiveListView.as_view(), name="dgn-archives"),
     path(
diff --git a/src/shared/templates/_footer.html b/src/shared/templates/_footer.html
index 63052d4..58e27ea 100644
--- a/src/shared/templates/_footer.html
+++ b/src/shared/templates/_footer.html
@@ -2,5 +2,7 @@
 
 <footer class="footer has-text-centered">
   <b>{% blocktrans %}Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.{% endblocktrans %}</b>
+  <hr class="my-2">
+  <a class="tag is-medium" href="{% url "dgsi:dgn-mentions-legales" %}">Mentions Légales</a>
   {% django_browser_reload_script %}
 </footer>

From 5940aaa2846b07a1293e972267b056255f96ee4e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 09:19:46 +0100
Subject: [PATCH 117/172] fix(models/archive): Don't serialize local dev info
 in the migration

---
 src/dgsi/migrations/0009_archive.py | 8 +++-----
 src/dgsi/models.py                  | 6 +++++-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/dgsi/migrations/0009_archive.py b/src/dgsi/migrations/0009_archive.py
index efb7aab..8127218 100644
--- a/src/dgsi/migrations/0009_archive.py
+++ b/src/dgsi/migrations/0009_archive.py
@@ -1,8 +1,9 @@
 # Generated by Django 4.2.16 on 2025-01-25 15:27
 
-import django.core.files.storage
 from django.db import migrations, models
 
+import dgsi.models
+
 
 class Migration(migrations.Migration):
 
@@ -31,10 +32,7 @@ class Migration(migrations.Migration):
                 (
                     "file",
                     models.FileField(
-                        storage=django.core.files.storage.FileSystemStorage(
-                            base_url="/archives/",
-                            location="/home/thubrecht/Software/git.dgnum.eu/DGNum/dgsi/.archives",
-                        ),
+                        storage=dgsi.models.get_storage,
                         upload_to="",
                         verbose_name="Fichier PDF",
                     ),
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 94a5173..54c2b49 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -74,6 +74,10 @@ class Bylaws(LegalDocument):
         verbose_name_plural = _("Règlements Intérieurs")
 
 
+def get_storage(*args, **kwargs):
+    return storage.storages["archives"]
+
+
 class Archive(models.Model):
     """
     Archived documents for the association.
@@ -81,7 +85,7 @@ class Archive(models.Model):
 
     date = models.DateField(_("Date du document"))
     name = models.CharField(_("Nom du document"), max_length=255)
-    file = models.FileField(_("Fichier PDF"), storage=storage.storages["archives"])
+    file = models.FileField(_("Fichier PDF"), storage=get_storage)
 
     def __str__(self) -> str:
         return self.name

From 6860d6cb3ba36812f5a6c5119f98780943a095d1 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 09:46:58 +0100
Subject: [PATCH 118/172] feat(shared/kanidm): Add helper function sync_call

This avoids wrapping the methods each time we want to call the API in
sync mode
---
 src/shared/kanidm.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/shared/kanidm.py b/src/shared/kanidm.py
index 3102da4..3a09e27 100644
--- a/src/shared/kanidm.py
+++ b/src/shared/kanidm.py
@@ -1,3 +1,4 @@
+from asgiref.sync import async_to_sync
 from kanidm import KanidmClient
 from loadcredential import Credentials
 
@@ -6,3 +7,10 @@ credentials = Credentials(env_prefix="DGSI_")
 klient = KanidmClient(
     uri=credentials["KANIDM_URI"], token=credentials["KANIDM_AUTH_TOKEN"]
 )
+
+
+def sync_call(name, *args, **kwargs):
+    """
+    Wraps the required action for use in sync contexts
+    """
+    return async_to_sync(getattr(klient, name))(*args, **kwargs)

From d3d342879c1e1bd3ad6bc29aad00d6a8477a13e6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 10:03:48 +0100
Subject: [PATCH 119/172] feat(dgsi/user): Add VLAN information and machinery

Only via the shell for now, we can attribute a VLAN to a user and
reclaim it if needed
---
 src/app/settings.py                           |  3 +
 src/dgsi/admin.py                             |  6 ++
 ...lter_user_options_user_vlan_id_and_more.py | 30 ++++++
 src/dgsi/models.py                            | 98 ++++++++++++++++++-
 4 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 src/dgsi/migrations/0010_alter_user_options_user_vlan_id_and_more.py

diff --git a/src/app/settings.py b/src/app/settings.py
index 25a7a5e..31c6a11 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -238,6 +238,9 @@ AUTH_USER_MODEL = "dgsi.User"
 DGSI_STAFF_GROUP = credentials.get("STAFF_GROUP", "dgnum_admins@sso.dgnum.eu")
 DGSI_SUPERUSER_GROUP = credentials.get("SUPERUSER_GROUP", "dgnum_admins@sso.dgnum.eu")
 
+VLAN_ID_MAX = 4094
+VLAN_ID_MIN = (VLAN_ID_MAX - 850) + 1
+
 
 ###
 # Internationalization configuration
diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 8e374a7..6347f0c 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -44,9 +44,15 @@ class UserAdmin(DjangoUserAdmin, ImportExportMixin, ModelAdmin):
     export_form_class = ExportForm
     export_form_class = SelectableFieldsExportForm
 
+    readonly_fields = ("vlan_id",)
+
     # Add the local fields
     fieldsets = (
         *DjangoUserAdmin.fieldsets,
+        (
+            _("Informations réseau"),
+            {"fields": ("vlan_id",)},
+        ),
         (
             _("Documents DGNum"),
             {"fields": ("accepted_statutes", "accepted_bylaws")},
diff --git a/src/dgsi/migrations/0010_alter_user_options_user_vlan_id_and_more.py b/src/dgsi/migrations/0010_alter_user_options_user_vlan_id_and_more.py
new file mode 100644
index 0000000..4f55801
--- /dev/null
+++ b/src/dgsi/migrations/0010_alter_user_options_user_vlan_id_and_more.py
@@ -0,0 +1,30 @@
+# Generated by Django 4.2.16 on 2025-01-30 08:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("dgsi", "0009_archive"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="user",
+            options={},
+        ),
+        migrations.AddField(
+            model_name="user",
+            name="vlan_id",
+            field=models.PositiveSmallIntegerField(
+                null=True, verbose_name="VLAN associé au compte"
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="user",
+            constraint=models.UniqueConstraint(
+                fields=("vlan_id",), name="unique_vlan_attribution"
+            ),
+        ),
+    ]
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 54c2b49..69372c9 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -9,7 +9,7 @@ from asgiref.sync import async_to_sync
 from django.conf import settings
 from django.contrib.auth.models import AbstractUser
 from django.core.files import storage
-from django.db import models
+from django.db import models, transaction
 from django.db.models.signals import pre_delete
 from django.dispatch import receiver
 from django.http import HttpRequest
@@ -17,7 +17,9 @@ from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
 
-from shared.kanidm import klient
+from shared.kanidm import klient, sync_call
+
+logger = logging.getLogger(__name__)
 
 
 class Service(models.Model):
@@ -177,6 +179,8 @@ class User(AbstractUser):
     )
     # accepted_terms = models.ManyToManyField(TermsAndConditions)
 
+    vlan_id = models.PositiveSmallIntegerField(_("VLAN associé au compte"), null=True)
+
     @classmethod
     def from_request(cls, request: HttpRequest) -> Self:
         u = request.user
@@ -211,3 +215,93 @@ class User(AbstractUser):
     def can_access_archive(self, archive: Archive) -> bool:
         # Prepare a more complex workflow
         return True
+
+    ###
+    # VLAN attribution machinery
+    #
+    # NOTE: It is a bit cumbersome because we need to store the vlan_id
+    # information both in DG·SI and in Kanidm
+    # Now the question will be « Which is the source of truth ? »
+    # For now, I believe it has to be DG·SI, so a sync script will
+    # have to be run regularly.
+
+    @transaction.atomic
+    def set_unique_vlan_id(self):
+        if self.vlan_id is not None:
+            raise ValueError(_("Ce compte a déjà un VLAN associé"))
+
+        self.vlan_id = min(
+            set(range(settings.VLAN_ID_MIN, settings.VLAN_ID_MAX))
+            - set(User.objects.exclude(vlan_id__isnull=True).values_list("vlan_id"))
+        )
+
+        # Preempt the vlan attribution
+        self.save(update_fields=["vlan_id"])
+
+    @transaction.atomic
+    def register_unique_vlan(self) -> None:
+        self.set_unique_vlan_id()
+
+        group_name = f"vlan_{self.vlan_id}"
+
+        res = sync_call("group_create", group_name)
+
+        if res.data is not None:
+            if (
+                res.data.get("plugin", {}).get("attrunique")
+                == "duplicate value detected"
+            ):
+                logger.info(f"The {group_name} group already exists")
+                group = sync_call("group_get", group_name)
+
+                if group.member != []:
+                    raise ValueError(
+                        _("Le VLAN {} est déjà attribué.").format(self.vlan_id)
+                    )
+
+        # The group is created and should be empty, so we can add the user to it
+        sync_call("group_add_members", group_name, [self.username])
+
+        # Check that we succeeded in setting a VLAN that is unique to the current user
+        group = sync_call("group_get", group_name)
+
+        if group.member != [f"{self.username}@sso.dgnum.eu"]:
+            # Remove the user from the group
+            sync_call("group_delete_members", self.username)
+            self.vlan_id = None
+            self.save(update_fields=["vlan_id"])
+            raise RuntimeError("Duplicate VLAN attribution detected")
+
+    def reclaim_vlan(self):
+        if self.vlan_id is None:
+            # Nothing to do, just return
+            logger.warning(
+                f"Reclaiming VLAN for {self.username} who does not have one."
+            )
+            return
+
+        group_name = f"vlan_{self.vlan_id}"
+
+        sync_call("group_delete_members", group_name, [self.username])
+
+        # Check that the call succeeded
+        try:
+            group = sync_call("group_get", group_name)
+
+            if "{self.username}@sso.dgnum.eu" in group.member:
+                raise RuntimeError(
+                    f"Something went wrong in trying to reclaim vlan {self.vlan_id}"
+                )
+        except ValueError:
+            # The group does not exist apparently, keep going
+            logger.warning(
+                f"Reclaiming VLAN {self.vlan_id}, but the associated group does not exist."
+            )
+        finally:
+            self.vlan_id = None
+            self.save(update_fields=["vlan_id"])
+
+    class Meta:
+        constraints = [
+            models.UniqueConstraint(fields=["vlan_id"], name="unique_vlan_attribution")
+        ]

From ad244a26f5d0e35b58bbc0747950c5570164b8de Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Tue, 28 Jan 2025 21:57:07 +0100
Subject: [PATCH 120/172] fix(profile): Emphasize username

---
 src/dgsi/templates/dgsi/profile.html       |   6 +-
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 7563 -> 7610 bytes
 src/shared/locale/en/LC_MESSAGES/django.po |  62 +++++++++++----------
 3 files changed, 38 insertions(+), 30 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 7053901..8de06c7 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -5,10 +5,14 @@
 {% block content %}
   <h2 class="subtitle">
     <span>{% blocktrans %}Profil de {{ displayname }}{% endblocktrans %}</span>
-    <span class="tag is-primary is-medium is-pulled-right">{{ user.username }}</span>
   </h2>
   <hr>
 
+  <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'utilisateur :" %}</h3>
+  <span class="button is-fullwidth">{{ user.username }}</span>
+  <br>
+
+
   {% if user.kanidm %}
     <h3 class="has-text-weight-bold mb-3">
       <span>{% trans "Mot de passe WiFi :" %}</span>
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index 96170c23b9231ff7cf267996919b30609b149470..ab77488a0fc85dcd87736015bfae60fa1a298de7 100644
GIT binary patch
delta 1541
zcmXZcOGs2v9LMo9H8YkuzA|kr8y}ShnrIEFQ{&j=GfN99L!m?@G))?nh@uI@MY<@M
za^=DzD##L(=m8Z3hC$Gxuv%n`%2gRrt?T<6?`6*YoOA9u=l;**&am%^FFcoQziPM|
zNoz@?ON=?Lyn`FpjMJEUe1)4aHO81Mti%*NhRg6Qrs5zb<0!`C1SaA$T#0W`?Y|)X
z!{$4g94c(os^bRC#1dSMhjA;0a5>&Wy?7Ec@TFD%71Jm$p!zv!yaqj(jy_a?2T|?1
zF_HJ1K{5`TF(X*PgV9)Ha&ZnfqI1RK00pQS)L;U(U=ntr0y>9r7(sq!jGF=&x5_iP
zj`BNHzu&6o{l-BrFD9V|szycFf{MHkYw;5DGatEW=JQC5#_n1SECD@~bC9u3(5i1h
z1>A-jw->dA!x-K~<}MjGzQ<Mg3)L`&4b;|nP<tOl4HQBRFo4>!8#sgyk=-;qX|x{e
za6k6oTYQ0?IKqM0j<zJ$e;*k?>(PRjQG5LZt1z3<o7tKUJVbe#_0Pi$mWd{&3biFo
z$hMm<tK5&;>x)QCW(;|^nXu}gquS4=u>P9yXDT$)zo;3xsm#WF)D|?L7dufO#uzGq
zo2Z#SLJjx{Sv)h3dhs7rAWOMvMblB`Vyj#mCZi6mIEy{#$0}NDrh`b8xraK{)2PpB
z4mG2nmj6%zCD4d3)nuU^^H38iKm`~;ZFMbb<-%>&gHxzIJ&)>e9rfY|$j`jywi~~p
z0xn_{9kz1RAv}VbaVKiUPNNRt73=vJs^1;d|IA|~=CGM1qnR$CI;L^c42msFk%lIK
zI;>5oLpFd4cnGy3<9Gp|qGnpbx2FK>uo^q@Hr~euY$l3)vyF(z1gQ9cI&^NnEe(7W
zd29xdGZ?*yG5ViS9?5WcywM{{4TmOrD%7i#w1*TV>Do)ubTns8V`t=~qtI3zx#rkX
z6rijRxrU^xlC*=Qb*>;al5`k!m5|CJ4rigOE?Qn(?Ol-yr^i)KjhCcp)keCVL7Q)C
p(iw5a=l1t?banK$_O<tiGRvm?E`MC?f!_AeiPr9R%4gh(_W!*jlN$g4

delta 1499
zcmXZcOGs2v9LMo9HFHyQd|UaPvNR=2L<g<OSLUQSDJJ1U3yPvBi3r?{-AV{jiQ*b9
zio#V!5Y#}ZEyQReQ51%o$`)>-RzV68J-)x|T;|-*Ip>~p?*BaQOov87_F{(jw&Cg|
z<&(zN7;_GjecZSvEn^}$g}cyNXUrB1Vixvb0`}tu9KZ}5#T0yiY4`*)aR$|X9_eqJ
zPh_@I@dMQ{o2Q$x6gOcTR^tgw#5<@Lk7EHokJo>|jg%Kr{Z=p!Q|Xk8J5T|JQSFXm
z8t*p)WPBcDu3-}oMw5)$j&HF9S5N~KtY4i$Ev8bAU^@1p0y>Y$IE4JnO>PR{Uc5Ys
zg_K{R`YoxR_nT!hLG;jD1J$4+jG$h865G&5erArFX1;*LW`3fU_8$f?)4v)(6)MmM
z)Oek!tviincpdE=GBGmQ_y*N*3AH7^QF|U>BQ;P5YJg*?t-6fE=pegi3Td<rOYktZ
z<2>HSvv`q%uopjL7v`q3{(WTnSr6^;9ER~P_Oc}{yrqZoIMXY|U&td<#4>5d)yOuR
z)_A!Kwa2HBm`oITw;74o-$k{5hMMq;EY@E$eNTmEw2VcVz*G0oV32Yc^+7~Y0bE7R
zbPP4%6tY<6CF;fRP=S0wt>{X;oI<6_#i;gmHkk!7?O2aRJk?B(BUNS?b(+UfpV2gG
zMz7<3L<RI6`9jSf^rDwenouGtz<ktJ7o%3LAzp8HlhK~`p*mbbz4#XLGZWm}aTXP^
zpHXzk@=%8_gqm>}wPHt*^K34l+DB3UE5k@^<{@f=Ge~>ed?lmE*HV&6sD|mNQ(A^P
zT-~TZdr>Pfh(mY-HNy<PH8(IkKskgHIE0;8P88)B#YTLDVSVV|$Y|h7zNs4QM$Vpl
z5u5uTQ19&Y1%fS<bUHXB?rBi35Gg|1N78kOq-ijyJB=piim$>GcAomGDjTTNhpX^(
z?I-EOK1gaLDa<;Ou3FM=C)=vfBD$AWx!LKm0)FjBkkmnHbq1|w&z{(<<yf&Z{@Uc&
I<D69Qf6bYQUH||9

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 2a43264..4a7e766 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-27 21:28+0100\n"
+"POT-Creation-Date: 2025-01-28 21:35+0100\n"
 "PO-Revision-Date: 2025-01-27 21:29+0100\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1)\n"
 "X-Generator: Gtranslator 47.1\n"
 
-#: app/settings.py:329
+#: app/settings.py:332
 msgid "Administration de DGSI"
 msgstr "DGSI Administration"
 
@@ -73,64 +73,64 @@ msgstr ""
 msgid "De préférence l'adresse '@ens.psl.eu'"
 msgstr "Preferably the ‘@ens.psl.eu’ address"
 
-#: dgsi/models.py:25
+#: dgsi/models.py:24
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
-#: dgsi/models.py:26
+#: dgsi/models.py:25
 msgid "Adresse du service"
 msgstr "Address of the service"
 
-#: dgsi/models.py:27
+#: dgsi/models.py:26
 msgid "Icône du service"
 msgstr "Icon of the service"
 
-#: dgsi/models.py:37 dgsi/models.py:83
+#: dgsi/models.py:36 dgsi/models.py:82
 msgid "Date du document"
 msgstr "Document date"
 
-#: dgsi/models.py:38 dgsi/models.py:84
+#: dgsi/models.py:37 dgsi/models.py:83
 msgid "Nom du document"
 msgstr "Document name"
 
-#: dgsi/models.py:39 dgsi/models.py:85
+#: dgsi/models.py:38 dgsi/models.py:84
 msgid "Fichier PDF"
 msgstr "PDF file"
 
-#: dgsi/models.py:61 dgsi/models.py:62 dgsi/templates/dgsi/archive_list.html:21
+#: dgsi/models.py:60 dgsi/models.py:61 dgsi/templates/dgsi/archive_list.html:21
 #: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Statuts"
 msgstr "Statutes"
 
-#: dgsi/models.py:74 dgsi/templates/dgsi/legal_documents.html:30
+#: dgsi/models.py:73 dgsi/templates/dgsi/legal_documents.html:30
 msgid "Règlement Intérieur"
 msgstr "Bylaws"
 
-#: dgsi/models.py:75 dgsi/templates/dgsi/archive_list.html:34
+#: dgsi/models.py:74 dgsi/templates/dgsi/archive_list.html:34
 msgid "Règlements Intérieurs"
 msgstr "Bylaws"
 
-#: dgsi/models.py:91
+#: dgsi/models.py:90
 msgid "Document d'archives"
 msgstr "Archive document"
 
-#: dgsi/models.py:92
+#: dgsi/models.py:91
 msgid "Documents d'archives"
 msgstr "Archive documents"
 
-#: dgsi/models.py:134
+#: dgsi/models.py:133
 msgid "Correspondance de login"
 msgstr "Login mapping"
 
-#: dgsi/models.py:135
+#: dgsi/models.py:134
 msgid "Correspondances de login"
 msgstr "Login mappings"
 
-#: dgsi/models.py:166
+#: dgsi/models.py:165
 msgid "Derniers Statuts acceptés"
 msgstr "Latest accepted Statutes"
 
-#: dgsi/models.py:173
+#: dgsi/models.py:172
 msgid "Dernier Règlement Intérieur accepté"
 msgstr "Latest accepted Bylaws"
 
@@ -193,43 +193,47 @@ msgstr "Accept the bylaws"
 msgid "Profil de %(displayname)s"
 msgstr "Profile of %(displayname)s"
 
-#: dgsi/templates/dgsi/profile.html:14
+#: dgsi/templates/dgsi/profile.html:11
+msgid "Nom d'utilisateur :"
+msgstr "Username :"
+
+#: dgsi/templates/dgsi/profile.html:18
 msgid "Mot de passe WiFi :"
 msgstr "WiFi password:"
 
-#: dgsi/templates/dgsi/profile.html:16
+#: dgsi/templates/dgsi/profile.html:20
 msgid "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?"
 msgstr "Are you sure that you want to reset your WiFi password?"
 
-#: dgsi/templates/dgsi/profile.html:19
+#: dgsi/templates/dgsi/profile.html:23
 msgid "Réinitialiser le mot de passe WiFi"
 msgstr "Reset the WiFi password"
 
-#: dgsi/templates/dgsi/profile.html:32
+#: dgsi/templates/dgsi/profile.html:36
 msgid "Générer un mot de passe WiFi"
 msgstr "Generate a WiFi password:"
 
-#: dgsi/templates/dgsi/profile.html:36
+#: dgsi/templates/dgsi/profile.html:40
 msgid "Adresse e-mail :"
 msgstr "E-mail address:"
 
-#: dgsi/templates/dgsi/profile.html:41
+#: dgsi/templates/dgsi/profile.html:45
 msgid "Informations techniques"
 msgstr "Technical informations"
 
-#: dgsi/templates/dgsi/profile.html:44
+#: dgsi/templates/dgsi/profile.html:48
 msgid "Identifiant unique :"
 msgstr "Unique identifier:"
 
-#: dgsi/templates/dgsi/profile.html:53
+#: dgsi/templates/dgsi/profile.html:57
 msgid "Membre des groupes suivants :"
 msgstr "Member of the following groups:"
 
-#: dgsi/templates/dgsi/profile.html:64
+#: dgsi/templates/dgsi/profile.html:68
 msgid "Pas de compte DGNum répertorié."
 msgstr "No DGNum account found."
 
-#: dgsi/templates/dgsi/profile.html:67
+#: dgsi/templates/dgsi/profile.html:71
 msgid "Créer un compte DGNum"
 msgstr "Create a DGNum account"
 
@@ -291,11 +295,11 @@ msgstr "Invalid document type: %(kind)s"
 msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
 msgstr "DGNum account for %(displayname)s [%(name)s] created."
 
-#: shared/account.py:40
+#: shared/account.py:41
 msgid "Catégorie de compte ENS interdite."
 msgstr "ENS account category not permitted."
 
-#: shared/account.py:57
+#: shared/account.py:58
 msgid "Méthode de connexion invalide."
 msgstr "Invalid connection method."
 

From 1a842639f595a0569f3cfcdd803cf675988f1ff7 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 10:15:54 +0100
Subject: [PATCH 121/172] feat(dgsi/profile): Hide the technical info by
 default

---
 src/dgsi/templates/dgsi/profile.html | 37 ++++++++++++++++------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 8de06c7..5284cce 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -12,7 +12,6 @@
   <span class="button is-fullwidth">{{ user.username }}</span>
   <br>
 
-
   {% if user.kanidm %}
     <h3 class="has-text-weight-bold mb-3">
       <span>{% trans "Mot de passe WiFi :" %}</span>
@@ -42,26 +41,32 @@
   <br>
 
   {% if user.kanidm %}
-    <h2 class="subtitle mt-4">{% trans "Informations techniques" %}</h2>
+    <h2 class="subtitle mt-4">
+      {% trans "Informations techniques" %}
+      <a class="tag is-medium is-primary is-light is-pulled-right"
+         onclick="document.querySelector('#technical-info').classList.toggle('is-hidden')">{% trans "Afficher" %}</a>
+    </h2>
     <hr>
 
-    <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant unique :" %}</h3>
+    <div id="technical-info" class="is-hidden">
+      <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant interne :" %}</h3>
 
-    <input id="uuid"
-           onclick="document.querySelector('#uuid').select()"
-           class="button is-fullwidth"
-           value="{{ user.kanidm.person.uuid }}"
-           readonly />
-    <br>
+      <input id="uuid"
+             onclick="document.querySelector('#uuid').select()"
+             class="button is-fullwidth is-light"
+             value="{{ user.kanidm.person.uuid }}"
+             readonly />
+      <br>
 
-    <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
+      <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
 
-    <div class="grid groups">
-      {% for group in user.kanidm.person.memberof %}
-        <div class="cell button is-static">
-          <span>{{ group }}</span>
-        </div>
-      {% endfor %}
+      <div class="grid groups">
+        {% for group in user.kanidm.person.memberof %}
+          <div class="cell button is-static">
+            <span>{{ group }}</span>
+          </div>
+        {% endfor %}
+      </div>
     </div>
   {% else %}
     <div class="notification is-primary is-light has-text-centered mt-6">

From 60c227a942af996a14827a96eab6fc356a40b99e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 10:19:55 +0100
Subject: [PATCH 122/172] feat(dgsi/profile): Add VLAN info in the technical
 information

---
 src/dgsi/templates/dgsi/profile.html | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 5284cce..2343cb3 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -58,6 +58,16 @@
              readonly />
       <br>
 
+      {% if user.vlan_id %}
+        <h3 class="has-text-weight-bold mb-3">{% trans "VLAN attribué :" %}</h3>
+        <span class="button is-fullwidth">{{ user.vlan_id }}</span>
+        <br>
+      {% else %}
+        <div class="notification is-warning is-light has-text-centered">
+          <b>{% trans "Pas de VLAN attribué." %}</b>
+        </div>
+      {% endif %}
+
       <h3 class="has-text-weight-bold mb-3">{% trans "Membre des groupes suivants :" %}</h3>
 
       <div class="grid groups">

From 561d5c60d769ea9a54441505e45caa2088e01a4b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 30 Jan 2025 17:31:57 +0100
Subject: [PATCH 123/172] fix(dgsi): We can use is_staff now instead

---
 src/dgsi/mixins.py                 | 2 +-
 src/dgsi/models.py                 | 6 +-----
 src/dgsi/templates/dgsi/index.html | 2 +-
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index 77da158..ea97851 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -13,7 +13,7 @@ class StaffRequiredMixin(UserPassesTestMixin):
 
         assert isinstance(self.request.user, User)
 
-        return self.request.user.is_admin
+        return self.request.user.is_staff
 
     def get_context_data(self, **kwargs):
         # NOTE: We are only allowed to do this if a class is supplied to the right when constructing the view
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 69372c9..2abe8b7 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -205,12 +205,8 @@ class User(AbstractUser):
             logging.error(f"Erreur lors de la requête à Kanidm: {e}")
             return None
 
-    @property
-    def is_admin(self) -> bool:
-        return self.part_of(settings.DGSI_STAFF_GROUP)
-
     def part_of(self, group: str) -> bool:
-        return (self.kanidm is not None) and group in self.kanidm.person.memberof
+        return (self.kanidm is not None) and (group in self.kanidm.person.memberof)
 
     def can_access_archive(self, archive: Archive) -> bool:
         # Prepare a more complex workflow
diff --git a/src/dgsi/templates/dgsi/index.html b/src/dgsi/templates/dgsi/index.html
index 840804a..028166c 100644
--- a/src/dgsi/templates/dgsi/index.html
+++ b/src/dgsi/templates/dgsi/index.html
@@ -10,7 +10,7 @@
       {% endfor %}
     {% endif %}
 
-    {% if user.is_admin %}
+    {% if user.is_staff %}
       <hr>
       {% for link in links.admin %}
         {% include "_index_link.html" %}

From 2e132057207af59b134513108bf92442af1ca78b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 31 Jan 2025 09:57:32 +0100
Subject: [PATCH 124/172] feat(dgsi/js): Add data- driven listeners

---
 src/dgsi/templates/dgsi/profile.html | 14 ++++++++------
 src/shared/static/js/dgsi.js         | 22 ++++++++++++++++++++++
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 2343cb3..e1b6a20 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -24,8 +24,7 @@
     </h3>
 
     {% if user.kanidm.radius_secret %}
-      <input id="radius-secret"
-             onclick="document.querySelector('#radius-secret').select()"
+      <input data-select
              class="button is-fullwidth is-primary is-size-4"
              value="{{ user.kanidm.radius_secret }}"
              readonly />
@@ -43,16 +42,19 @@
   {% if user.kanidm %}
     <h2 class="subtitle mt-4">
       {% trans "Informations techniques" %}
-      <a class="tag is-medium is-primary is-light is-pulled-right"
-         onclick="document.querySelector('#technical-info').classList.toggle('is-hidden')">{% trans "Afficher" %}</a>
+      <a class="button is-small is-primary is-light is-pulled-right"
+         data-toggle="on"
+         data-target="#technical-info"
+         data-class="is-hidden"
+         data-on-html="<span>{% trans "Afficher" %}</span>"
+         data-off-html="<span>{% trans "Cacher" %}</span>">{% trans "Afficher" %}</a>
     </h2>
     <hr>
 
     <div id="technical-info" class="is-hidden">
       <h3 class="has-text-weight-bold mb-3">{% trans "Identifiant interne :" %}</h3>
 
-      <input id="uuid"
-             onclick="document.querySelector('#uuid').select()"
+      <input data-select
              class="button is-fullwidth is-light"
              value="{{ user.kanidm.person.uuid }}"
              readonly />
diff --git a/src/shared/static/js/dgsi.js b/src/shared/static/js/dgsi.js
index 61f1234..89f9185 100644
--- a/src/shared/static/js/dgsi.js
+++ b/src/shared/static/js/dgsi.js
@@ -8,4 +8,26 @@ document.addEventListener("DOMContentLoaded", () => {
       setTimeout(dismiss, 15000);
     },
   );
+
+  (document.querySelectorAll("[data-toggle]") || []).forEach(($toggle) => {
+    const target = document.querySelector($toggle.dataset.target);
+
+    $toggle.addEventListener("click", () => {
+      if ($toggle.dataset.toggle === "on") {
+        $toggle.dataset.toggle = "off";
+        $toggle.innerHTML = $toggle.dataset.offHtml;
+        target.classList.remove($toggle.dataset.class);
+      } else {
+        $toggle.dataset.toggle = "on";
+        $toggle.innerHTML = $toggle.dataset.onHtml;
+        target.classList.add($toggle.dataset.class);
+      }
+    });
+  });
+
+  (document.querySelectorAll("[data-select]") || []).forEach(($input) => {
+    $input.addEventListener("click", () => {
+      $input.select();
+    });
+  });
 });

From 80ac57ba065bc25b18672e3aa332e9010e0e3548 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 31 Jan 2025 14:31:14 +0100
Subject: [PATCH 125/172] chore(settings): Update the default staff grouo

---
 src/app/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/settings.py b/src/app/settings.py
index 31c6a11..7591fad 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -235,7 +235,7 @@ ACCOUNT_AUTHENTICATION_METHOD = "username"
 AUTH_PASSWORD_VALIDATORS = []
 AUTH_USER_MODEL = "dgsi.User"
 
-DGSI_STAFF_GROUP = credentials.get("STAFF_GROUP", "dgnum_admins@sso.dgnum.eu")
+DGSI_STAFF_GROUP = credentials.get("STAFF_GROUP", "dgnum_bureau@sso.dgnum.eu")
 DGSI_SUPERUSER_GROUP = credentials.get("SUPERUSER_GROUP", "dgnum_admins@sso.dgnum.eu")
 
 VLAN_ID_MAX = 4094

From 162870f4ae36f7df27df37a67063b1086e0a490e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Fri, 31 Jan 2025 21:12:07 +0100
Subject: [PATCH 126/172] feat(dgsi/archives): Add toggle switches for each
 category

---
 src/dgsi/templates/dgsi/archive_list.html | 99 ++++++++++++++++-------
 1 file changed, 70 insertions(+), 29 deletions(-)

diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index 2b6bcb2..8a9249d 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -3,44 +3,85 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">{% trans "Archives de la DGNum" %}</h2>
-  <hr>
-
-  {% for file in archive_list %}
-    <a class="button bt-archive"
-       href="{% url "dgsi:dgn-protected-archive" file.pk %}">
-      <span class="tag is-pulled-left">
-        <span class="icon"><i class="ti ti-archive"></i></span>
+  <h2 class="subtitle">
+    {% trans "Archives de la DGNum" %}
+    <a class="button is-small is-primary is-pulled-right"
+       data-toggle="off"
+       data-class="is-hidden"
+       data-target="#archives"
+       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
+       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
+      <span class="icon">
+        <i class="ti ti-x"></i>
       </span>
-      <span class="ellipsis mx-2">{{ file }}</span>
-      <span class="tag is-pulled-right">{{ file.date }}</span>
     </a>
-  {% endfor %}
+  </h2>
 
-  <hr>
-  <h2 class="subtitle">{% trans "Statuts" %}</h2>
+  <div id="archives">
+    {% for file in archive_list %}
+      <a class="button bt-archive"
+         href="{% url "dgsi:dgn-protected-archive" file.pk %}">
+        <span class="tag is-pulled-left">
+          <span class="icon"><i class="ti ti-archive"></i></span>
+        </span>
+        <span class="ellipsis mx-2">{{ file }}</span>
+        <span class="tag is-pulled-right">{{ file.date }}</span>
+      </a>
+    {% endfor %}
+    <hr>
+  </div>
 
-  {% for document in statutes_list %}
-    <a class="button bt-archive" href="{{ document.file.url }}">
-      <span class="tag is-pulled-left">
-        <span class="icon"><i class="ti ti-script"></i></span>
+  <h2 class="subtitle">
+    {% trans "Statuts" %}
+    <a class="button is-small is-primary is-pulled-right"
+       data-toggle="off"
+       data-class="is-hidden"
+       data-target="#statutes"
+       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
+       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
+      <span class="icon">
+        <i class="ti ti-x"></i>
       </span>
-      <span class="ellipsis mx-2">{{ document }}</span>
-      <span class="tag is-pulled-right">{{ document.date }}</span>
     </a>
-  {% endfor %}
+  </h2>
 
-  <hr>
-  <h2 class="subtitle">{% trans "Règlements Intérieurs" %}</h2>
+  <div id="statutes">
+    {% for document in statutes_list %}
+      <a class="button bt-archive" href="{{ document.file.url }}">
+        <span class="tag is-pulled-left">
+          <span class="icon"><i class="ti ti-script"></i></span>
+        </span>
+        <span class="ellipsis mx-2">{{ document }}</span>
+        <span class="tag is-pulled-right">{{ document.date }}</span>
+      </a>
+    {% endfor %}
+    <hr>
+  </div>
 
-  {% for document in bylaws_list %}
-    <a class="button bt-archive" href="{{ document.file.url }}">
-      <span class="tag is-pulled-left">
-        <span class="icon"><i class="ti ti-script"></i></span>
+  <h2 class="subtitle">
+    {% trans "Règlements Intérieurs" %}
+    <a class="button is-small is-primary is-pulled-right"
+       data-toggle="off"
+       data-class="is-hidden"
+       data-target="#bylaws"
+       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
+       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
+      <span class="icon">
+        <i class="ti ti-x"></i>
       </span>
-      <span class="ellipsis mx-2">{{ document }}</span>
-      <span class="tag is-pulled-right">{{ document.date }}</span>
     </a>
-  {% endfor %}
+  </h2>
+
+  <div id="bylaws">
+    {% for document in bylaws_list %}
+      <a class="button bt-archive" href="{{ document.file.url }}">
+        <span class="tag is-pulled-left">
+          <span class="icon"><i class="ti ti-script"></i></span>
+        </span>
+        <span class="ellipsis mx-2">{{ document }}</span>
+        <span class="tag is-pulled-right">{{ document.date }}</span>
+      </a>
+    {% endfor %}
+  </div>
 
 {% endblock content %}

From d79520f7a6206cf3a601240725b1e4c9eb4afc52 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 16:55:01 +0100
Subject: [PATCH 127/172] feat(dgsi/profile): Hide the password by default

---
 src/dgsi/templates/dgsi/profile.html | 32 ++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index e1b6a20..e8d0132 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -2,6 +2,25 @@
 
 {% load i18n %}
 
+{% block extra_head %}
+  <script>
+      document.addEventListener("DOMContentLoaded", () => {
+          const secret = document.getElementById("radius-secret");
+          const toggle = document.getElementById("secret-toggle");
+
+          toggle.addEventListener("click", () => {
+              if (secret.type === "password") {
+                  secret.type = "text";
+                  toggle.innerHTML = `<span class="icon"><i class="ti ti-eye-off"></i></span>`;
+              } else {
+                  secret.type = "password";
+                  toggle.innerHTML = `<span class="icon"><i class="ti ti-eye"></i></span>`;
+              }
+          })
+      })
+  </script>
+{% endblock extra_head %}
+
 {% block content %}
   <h2 class="subtitle">
     <span>{% blocktrans %}Profil de {{ displayname }}{% endblocktrans %}</span>
@@ -24,10 +43,15 @@
     </h3>
 
     {% if user.kanidm.radius_secret %}
-      <input data-select
-             class="button is-fullwidth is-primary is-size-4"
-             value="{{ user.kanidm.radius_secret }}"
-             readonly />
+      <div class="buttons has-addons is-flex">
+        <input id="radius-secret"
+               data-select
+               class="button is-primary is-size-4 is-flex-grow-2"
+               value="{{ user.kanidm.radius_secret }}"
+               type="password"
+               readonly />
+        <a id="secret-toggle" class="button is-size-4"><span class="icon"><i class="ti ti-eye"></i></span></a>
+      </div>
       <br>
     {% else %}
       <a href="{% url "dgsi:dgn-generate_wifi_password" %}"

From 615bc458d3e0720187deb07bdb9449c0df6b77c5 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 17:32:05 +0100
Subject: [PATCH 128/172] feat(dev): Add django-extensions to run https in dev
 mode

---
 default.nix         | 3 +++
 src/app/settings.py | 1 +
 2 files changed, 4 insertions(+)

diff --git a/default.nix b/default.nix
index 5bb3ece..879258c 100644
--- a/default.nix
+++ b/default.nix
@@ -77,6 +77,9 @@ in
           ps.loadcredential
           ps.pykanidm
           ps.python-cas
+          ps.django-extensions
+          ps.werkzeug
+          ps.pyopenssl
         ]
         ++ ps.django-allauth.optional-dependencies.saml
       ))
diff --git a/src/app/settings.py b/src/app/settings.py
index 7591fad..b4e2dcd 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -342,6 +342,7 @@ UNFOLD = {
 if DEBUG:
     INSTALLED_APPS += [
         "debug_toolbar",
+        "django_extensions",
     ]
 
     MIDDLEWARE += [

From c51f391938705fcaffd10fc6fbe21da8bc806ab1 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 17:32:33 +0100
Subject: [PATCH 129/172] chore(npins): Update

---
 npins/sources.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/npins/sources.json b/npins/sources.json
index 9061aeb..b342725 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -8,15 +8,15 @@
         "repo": "git-hooks.nix"
       },
       "branch": "master",
-      "revision": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
-      "url": "https://github.com/cachix/git-hooks.nix/archive/4e743a6920eab45e8ba0fbe49dc459f1423a4b74.tar.gz",
-      "hash": "0fc69dsn5rhv2zb16c2bfgx84ja8cmn7d7j2mrw3n4m8y611x40g"
+      "revision": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/9364dc02281ce2d37a1f55b6e51f7c0f65a75f17.tar.gz",
+      "hash": "1n2qlj5l8c4g7gm5v6rvc4hff3ka8ljv7y62inybli093bd2ypa7"
     },
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre685691.28b5b8af91ff/nixexprs.tar.xz",
-      "hash": "14ldh9js6l9nqch7j8z6nhyplxc5d9jw375pg8h4s24m7x37xnvy"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre745387.762a39889257/nixexprs.tar.xz",
+      "hash": "1pyr54allmvlxd5q4nhflmbdmma41nv2cib3i1qbrhaqm65vf97x"
     }
   },
   "version": 3

From e89f0e4ae5e65c62deb38d59f930f2190b316708 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 17:33:17 +0100
Subject: [PATCH 130/172] feat(dgsi/js): Add htmx

---
 default.nix                      |  1 +
 src/app/settings.py              |  2 ++
 src/shared/static/js/htmx.min.js |  1 +
 src/shared/templates/_links.html | 31 ++++++++++++++++++++++++-------
 4 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 src/shared/static/js/htmx.min.js

diff --git a/default.nix b/default.nix
index 879258c..afd1e90 100644
--- a/default.nix
+++ b/default.nix
@@ -68,6 +68,7 @@ in
           ps.django-bulma-forms
           ps.django-compressor
           ps.django-debug-toolbar
+          ps.django-htmx
           ps.django-import-export
           ps.django-sass-processor
           ps.django-sass-processor-dart-sass
diff --git a/src/app/settings.py b/src/app/settings.py
index b4e2dcd..890a5ad 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -43,6 +43,7 @@ INSTALLED_APPS = [
     "sass_processor",
     "bulma",
     "import_export",
+    "django_htmx",
     # Authentication
     "allauth",
     "allauth.account",
@@ -67,6 +68,7 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "django_htmx.middleware.HtmxMiddleware",
     "django_browser_reload.middleware.BrowserReloadMiddleware",
     "allauth.account.middleware.AccountMiddleware",
 ]
diff --git a/src/shared/static/js/htmx.min.js b/src/shared/static/js/htmx.min.js
new file mode 100644
index 0000000..59937d7
--- /dev/null
+++ b/src/shared/static/js/htmx.min.js
@@ -0,0 +1 @@
+var htmx=function(){"use strict";const Q={onLoad:null,process:null,on:null,off:null,trigger:null,ajax:null,find:null,findAll:null,closest:null,values:function(e,t){const n=cn(e,t||"post");return n.values},remove:null,addClass:null,removeClass:null,toggleClass:null,takeClass:null,swap:null,defineExtension:null,removeExtension:null,logAll:null,logNone:null,logger:null,config:{historyEnabled:true,historyCacheSize:10,refreshOnHistoryMiss:false,defaultSwapStyle:"innerHTML",defaultSwapDelay:0,defaultSettleDelay:20,includeIndicatorStyles:true,indicatorClass:"htmx-indicator",requestClass:"htmx-request",addedClass:"htmx-added",settlingClass:"htmx-settling",swappingClass:"htmx-swapping",allowEval:true,allowScriptTags:true,inlineScriptNonce:"",inlineStyleNonce:"",attributesToSettle:["class","style","width","height"],withCredentials:false,timeout:0,wsReconnectDelay:"full-jitter",wsBinaryType:"blob",disableSelector:"[hx-disable], [data-hx-disable]",scrollBehavior:"instant",defaultFocusScroll:false,getCacheBusterParam:false,globalViewTransitions:false,methodsThatUseUrlParams:["get","delete"],selfRequestsOnly:true,ignoreTitle:false,scrollIntoViewOnBoost:true,triggerSpecsCache:null,disableInheritance:false,responseHandling:[{code:"204",swap:false},{code:"[23]..",swap:true},{code:"[45]..",swap:false,error:true}],allowNestedOobSwaps:true},parseInterval:null,_:null,version:"2.0.4"};Q.onLoad=j;Q.process=kt;Q.on=ye;Q.off=be;Q.trigger=he;Q.ajax=Rn;Q.find=u;Q.findAll=x;Q.closest=g;Q.remove=z;Q.addClass=K;Q.removeClass=G;Q.toggleClass=W;Q.takeClass=Z;Q.swap=$e;Q.defineExtension=Fn;Q.removeExtension=Bn;Q.logAll=V;Q.logNone=_;Q.parseInterval=d;Q._=e;const n={addTriggerHandler:St,bodyContains:le,canAccessLocalStorage:B,findThisElement:Se,filterValues:hn,swap:$e,hasAttribute:s,getAttributeValue:te,getClosestAttributeValue:re,getClosestMatch:o,getExpressionVars:En,getHeaders:fn,getInputValues:cn,getInternalData:ie,getSwapSpecification:gn,getTriggerSpecs:st,getTarget:Ee,makeFragment:P,mergeObjects:ce,makeSettleInfo:xn,oobSwap:He,querySelectorExt:ae,settleImmediately:Kt,shouldCancel:ht,triggerEvent:he,triggerErrorEvent:fe,withExtensions:Ft};const r=["get","post","put","delete","patch"];const H=r.map(function(e){return"[hx-"+e+"], [data-hx-"+e+"]"}).join(", ");function d(e){if(e==undefined){return undefined}let t=NaN;if(e.slice(-2)=="ms"){t=parseFloat(e.slice(0,-2))}else if(e.slice(-1)=="s"){t=parseFloat(e.slice(0,-1))*1e3}else if(e.slice(-1)=="m"){t=parseFloat(e.slice(0,-1))*1e3*60}else{t=parseFloat(e)}return isNaN(t)?undefined:t}function ee(e,t){return e instanceof Element&&e.getAttribute(t)}function s(e,t){return!!e.hasAttribute&&(e.hasAttribute(t)||e.hasAttribute("data-"+t))}function te(e,t){return ee(e,t)||ee(e,"data-"+t)}function c(e){const t=e.parentElement;if(!t&&e.parentNode instanceof ShadowRoot)return e.parentNode;return t}function ne(){return document}function m(e,t){return e.getRootNode?e.getRootNode({composed:t}):ne()}function o(e,t){while(e&&!t(e)){e=c(e)}return e||null}function i(e,t,n){const r=te(t,n);const o=te(t,"hx-disinherit");var i=te(t,"hx-inherit");if(e!==t){if(Q.config.disableInheritance){if(i&&(i==="*"||i.split(" ").indexOf(n)>=0)){return r}else{return null}}if(o&&(o==="*"||o.split(" ").indexOf(n)>=0)){return"unset"}}return r}function re(t,n){let r=null;o(t,function(e){return!!(r=i(t,ue(e),n))});if(r!=="unset"){return r}}function h(e,t){const n=e instanceof Element&&(e.matches||e.matchesSelector||e.msMatchesSelector||e.mozMatchesSelector||e.webkitMatchesSelector||e.oMatchesSelector);return!!n&&n.call(e,t)}function T(e){const t=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i;const n=t.exec(e);if(n){return n[1].toLowerCase()}else{return""}}function q(e){const t=new DOMParser;return t.parseFromString(e,"text/html")}function L(e,t){while(t.childNodes.length>0){e.append(t.childNodes[0])}}function A(e){const t=ne().createElement("script");se(e.attributes,function(e){t.setAttribute(e.name,e.value)});t.textContent=e.textContent;t.async=false;if(Q.config.inlineScriptNonce){t.nonce=Q.config.inlineScriptNonce}return t}function N(e){return e.matches("script")&&(e.type==="text/javascript"||e.type==="module"||e.type==="")}function I(e){Array.from(e.querySelectorAll("script")).forEach(e=>{if(N(e)){const t=A(e);const n=e.parentNode;try{n.insertBefore(t,e)}catch(e){O(e)}finally{e.remove()}}})}function P(e){const t=e.replace(/<head(\s[^>]*)?>[\s\S]*?<\/head>/i,"");const n=T(t);let r;if(n==="html"){r=new DocumentFragment;const i=q(e);L(r,i.body);r.title=i.title}else if(n==="body"){r=new DocumentFragment;const i=q(t);L(r,i.body);r.title=i.title}else{const i=q('<body><template class="internal-htmx-wrapper">'+t+"</template></body>");r=i.querySelector("template").content;r.title=i.title;var o=r.querySelector("title");if(o&&o.parentNode===r){o.remove();r.title=o.innerText}}if(r){if(Q.config.allowScriptTags){I(r)}else{r.querySelectorAll("script").forEach(e=>e.remove())}}return r}function oe(e){if(e){e()}}function t(e,t){return Object.prototype.toString.call(e)==="[object "+t+"]"}function k(e){return typeof e==="function"}function D(e){return t(e,"Object")}function ie(e){const t="htmx-internal-data";let n=e[t];if(!n){n=e[t]={}}return n}function M(t){const n=[];if(t){for(let e=0;e<t.length;e++){n.push(t[e])}}return n}function se(t,n){if(t){for(let e=0;e<t.length;e++){n(t[e])}}}function X(e){const t=e.getBoundingClientRect();const n=t.top;const r=t.bottom;return n<window.innerHeight&&r>=0}function le(e){return e.getRootNode({composed:true})===document}function F(e){return e.trim().split(/\s+/)}function ce(e,t){for(const n in t){if(t.hasOwnProperty(n)){e[n]=t[n]}}return e}function S(e){try{return JSON.parse(e)}catch(e){O(e);return null}}function B(){const e="htmx:localStorageTest";try{localStorage.setItem(e,e);localStorage.removeItem(e);return true}catch(e){return false}}function U(t){try{const e=new URL(t);if(e){t=e.pathname+e.search}if(!/^\/$/.test(t)){t=t.replace(/\/+$/,"")}return t}catch(e){return t}}function e(e){return vn(ne().body,function(){return eval(e)})}function j(t){const e=Q.on("htmx:load",function(e){t(e.detail.elt)});return e}function V(){Q.logger=function(e,t,n){if(console){console.log(t,e,n)}}}function _(){Q.logger=null}function u(e,t){if(typeof e!=="string"){return e.querySelector(t)}else{return u(ne(),e)}}function x(e,t){if(typeof e!=="string"){return e.querySelectorAll(t)}else{return x(ne(),e)}}function E(){return window}function z(e,t){e=y(e);if(t){E().setTimeout(function(){z(e);e=null},t)}else{c(e).removeChild(e)}}function ue(e){return e instanceof Element?e:null}function $(e){return e instanceof HTMLElement?e:null}function J(e){return typeof e==="string"?e:null}function f(e){return e instanceof Element||e instanceof Document||e instanceof DocumentFragment?e:null}function K(e,t,n){e=ue(y(e));if(!e){return}if(n){E().setTimeout(function(){K(e,t);e=null},n)}else{e.classList&&e.classList.add(t)}}function G(e,t,n){let r=ue(y(e));if(!r){return}if(n){E().setTimeout(function(){G(r,t);r=null},n)}else{if(r.classList){r.classList.remove(t);if(r.classList.length===0){r.removeAttribute("class")}}}}function W(e,t){e=y(e);e.classList.toggle(t)}function Z(e,t){e=y(e);se(e.parentElement.children,function(e){G(e,t)});K(ue(e),t)}function g(e,t){e=ue(y(e));if(e&&e.closest){return e.closest(t)}else{do{if(e==null||h(e,t)){return e}}while(e=e&&ue(c(e)));return null}}function l(e,t){return e.substring(0,t.length)===t}function Y(e,t){return e.substring(e.length-t.length)===t}function ge(e){const t=e.trim();if(l(t,"<")&&Y(t,"/>")){return t.substring(1,t.length-2)}else{return t}}function p(t,r,n){if(r.indexOf("global ")===0){return p(t,r.slice(7),true)}t=y(t);const o=[];{let t=0;let n=0;for(let e=0;e<r.length;e++){const l=r[e];if(l===","&&t===0){o.push(r.substring(n,e));n=e+1;continue}if(l==="<"){t++}else if(l==="/"&&e<r.length-1&&r[e+1]===">"){t--}}if(n<r.length){o.push(r.substring(n))}}const i=[];const s=[];while(o.length>0){const r=ge(o.shift());let e;if(r.indexOf("closest ")===0){e=g(ue(t),ge(r.substr(8)))}else if(r.indexOf("find ")===0){e=u(f(t),ge(r.substr(5)))}else if(r==="next"||r==="nextElementSibling"){e=ue(t).nextElementSibling}else if(r.indexOf("next ")===0){e=pe(t,ge(r.substr(5)),!!n)}else if(r==="previous"||r==="previousElementSibling"){e=ue(t).previousElementSibling}else if(r.indexOf("previous ")===0){e=me(t,ge(r.substr(9)),!!n)}else if(r==="document"){e=document}else if(r==="window"){e=window}else if(r==="body"){e=document.body}else if(r==="root"){e=m(t,!!n)}else if(r==="host"){e=t.getRootNode().host}else{s.push(r)}if(e){i.push(e)}}if(s.length>0){const e=s.join(",");const c=f(m(t,!!n));i.push(...M(c.querySelectorAll(e)))}return i}var pe=function(t,e,n){const r=f(m(t,n)).querySelectorAll(e);for(let e=0;e<r.length;e++){const o=r[e];if(o.compareDocumentPosition(t)===Node.DOCUMENT_POSITION_PRECEDING){return o}}};var me=function(t,e,n){const r=f(m(t,n)).querySelectorAll(e);for(let e=r.length-1;e>=0;e--){const o=r[e];if(o.compareDocumentPosition(t)===Node.DOCUMENT_POSITION_FOLLOWING){return o}}};function ae(e,t){if(typeof e!=="string"){return p(e,t)[0]}else{return p(ne().body,e)[0]}}function y(e,t){if(typeof e==="string"){return u(f(t)||document,e)}else{return e}}function xe(e,t,n,r){if(k(t)){return{target:ne().body,event:J(e),listener:t,options:n}}else{return{target:y(e),event:J(t),listener:n,options:r}}}function ye(t,n,r,o){Vn(function(){const e=xe(t,n,r,o);e.target.addEventListener(e.event,e.listener,e.options)});const e=k(n);return e?n:r}function be(t,n,r){Vn(function(){const e=xe(t,n,r);e.target.removeEventListener(e.event,e.listener)});return k(n)?n:r}const ve=ne().createElement("output");function we(e,t){const n=re(e,t);if(n){if(n==="this"){return[Se(e,t)]}else{const r=p(e,n);if(r.length===0){O('The selector "'+n+'" on '+t+" returned no matches!");return[ve]}else{return r}}}}function Se(e,t){return ue(o(e,function(e){return te(ue(e),t)!=null}))}function Ee(e){const t=re(e,"hx-target");if(t){if(t==="this"){return Se(e,"hx-target")}else{return ae(e,t)}}else{const n=ie(e);if(n.boosted){return ne().body}else{return e}}}function Ce(t){const n=Q.config.attributesToSettle;for(let e=0;e<n.length;e++){if(t===n[e]){return true}}return false}function Oe(t,n){se(t.attributes,function(e){if(!n.hasAttribute(e.name)&&Ce(e.name)){t.removeAttribute(e.name)}});se(n.attributes,function(e){if(Ce(e.name)){t.setAttribute(e.name,e.value)}})}function Re(t,e){const n=Un(e);for(let e=0;e<n.length;e++){const r=n[e];try{if(r.isInlineSwap(t)){return true}}catch(e){O(e)}}return t==="outerHTML"}function He(e,o,i,t){t=t||ne();let n="#"+ee(o,"id");let s="outerHTML";if(e==="true"){}else if(e.indexOf(":")>0){s=e.substring(0,e.indexOf(":"));n=e.substring(e.indexOf(":")+1)}else{s=e}o.removeAttribute("hx-swap-oob");o.removeAttribute("data-hx-swap-oob");const r=p(t,n,false);if(r){se(r,function(e){let t;const n=o.cloneNode(true);t=ne().createDocumentFragment();t.appendChild(n);if(!Re(s,e)){t=f(n)}const r={shouldSwap:true,target:e,fragment:t};if(!he(e,"htmx:oobBeforeSwap",r))return;e=r.target;if(r.shouldSwap){qe(t);_e(s,e,e,t,i);Te()}se(i.elts,function(e){he(e,"htmx:oobAfterSwap",r)})});o.parentNode.removeChild(o)}else{o.parentNode.removeChild(o);fe(ne().body,"htmx:oobErrorNoTarget",{content:o})}return e}function Te(){const e=u("#--htmx-preserve-pantry--");if(e){for(const t of[...e.children]){const n=u("#"+t.id);n.parentNode.moveBefore(t,n);n.remove()}e.remove()}}function qe(e){se(x(e,"[hx-preserve], [data-hx-preserve]"),function(e){const t=te(e,"id");const n=ne().getElementById(t);if(n!=null){if(e.moveBefore){let e=u("#--htmx-preserve-pantry--");if(e==null){ne().body.insertAdjacentHTML("afterend","<div id='--htmx-preserve-pantry--'></div>");e=u("#--htmx-preserve-pantry--")}e.moveBefore(n,null)}else{e.parentNode.replaceChild(n,e)}}})}function Le(l,e,c){se(e.querySelectorAll("[id]"),function(t){const n=ee(t,"id");if(n&&n.length>0){const r=n.replace("'","\\'");const o=t.tagName.replace(":","\\:");const e=f(l);const i=e&&e.querySelector(o+"[id='"+r+"']");if(i&&i!==e){const s=t.cloneNode();Oe(t,i);c.tasks.push(function(){Oe(t,s)})}}})}function Ae(e){return function(){G(e,Q.config.addedClass);kt(ue(e));Ne(f(e));he(e,"htmx:load")}}function Ne(e){const t="[autofocus]";const n=$(h(e,t)?e:e.querySelector(t));if(n!=null){n.focus()}}function a(e,t,n,r){Le(e,n,r);while(n.childNodes.length>0){const o=n.firstChild;K(ue(o),Q.config.addedClass);e.insertBefore(o,t);if(o.nodeType!==Node.TEXT_NODE&&o.nodeType!==Node.COMMENT_NODE){r.tasks.push(Ae(o))}}}function Ie(e,t){let n=0;while(n<e.length){t=(t<<5)-t+e.charCodeAt(n++)|0}return t}function Pe(t){let n=0;if(t.attributes){for(let e=0;e<t.attributes.length;e++){const r=t.attributes[e];if(r.value){n=Ie(r.name,n);n=Ie(r.value,n)}}}return n}function ke(t){const n=ie(t);if(n.onHandlers){for(let e=0;e<n.onHandlers.length;e++){const r=n.onHandlers[e];be(t,r.event,r.listener)}delete n.onHandlers}}function De(e){const t=ie(e);if(t.timeout){clearTimeout(t.timeout)}if(t.listenerInfos){se(t.listenerInfos,function(e){if(e.on){be(e.on,e.trigger,e.listener)}})}ke(e);se(Object.keys(t),function(e){if(e!=="firstInitCompleted")delete t[e]})}function b(e){he(e,"htmx:beforeCleanupElement");De(e);if(e.children){se(e.children,function(e){b(e)})}}function Me(t,e,n){if(t instanceof Element&&t.tagName==="BODY"){return Ve(t,e,n)}let r;const o=t.previousSibling;const i=c(t);if(!i){return}a(i,t,e,n);if(o==null){r=i.firstChild}else{r=o.nextSibling}n.elts=n.elts.filter(function(e){return e!==t});while(r&&r!==t){if(r instanceof Element){n.elts.push(r)}r=r.nextSibling}b(t);if(t instanceof Element){t.remove()}else{t.parentNode.removeChild(t)}}function Xe(e,t,n){return a(e,e.firstChild,t,n)}function Fe(e,t,n){return a(c(e),e,t,n)}function Be(e,t,n){return a(e,null,t,n)}function Ue(e,t,n){return a(c(e),e.nextSibling,t,n)}function je(e){b(e);const t=c(e);if(t){return t.removeChild(e)}}function Ve(e,t,n){const r=e.firstChild;a(e,r,t,n);if(r){while(r.nextSibling){b(r.nextSibling);e.removeChild(r.nextSibling)}b(r);e.removeChild(r)}}function _e(t,e,n,r,o){switch(t){case"none":return;case"outerHTML":Me(n,r,o);return;case"afterbegin":Xe(n,r,o);return;case"beforebegin":Fe(n,r,o);return;case"beforeend":Be(n,r,o);return;case"afterend":Ue(n,r,o);return;case"delete":je(n);return;default:var i=Un(e);for(let e=0;e<i.length;e++){const s=i[e];try{const l=s.handleSwap(t,n,r,o);if(l){if(Array.isArray(l)){for(let e=0;e<l.length;e++){const c=l[e];if(c.nodeType!==Node.TEXT_NODE&&c.nodeType!==Node.COMMENT_NODE){o.tasks.push(Ae(c))}}}return}}catch(e){O(e)}}if(t==="innerHTML"){Ve(n,r,o)}else{_e(Q.config.defaultSwapStyle,e,n,r,o)}}}function ze(e,n,r){var t=x(e,"[hx-swap-oob], [data-hx-swap-oob]");se(t,function(e){if(Q.config.allowNestedOobSwaps||e.parentElement===null){const t=te(e,"hx-swap-oob");if(t!=null){He(t,e,n,r)}}else{e.removeAttribute("hx-swap-oob");e.removeAttribute("data-hx-swap-oob")}});return t.length>0}function $e(e,t,r,o){if(!o){o={}}e=y(e);const i=o.contextElement?m(o.contextElement,false):ne();const n=document.activeElement;let s={};try{s={elt:n,start:n?n.selectionStart:null,end:n?n.selectionEnd:null}}catch(e){}const l=xn(e);if(r.swapStyle==="textContent"){e.textContent=t}else{let n=P(t);l.title=n.title;if(o.selectOOB){const u=o.selectOOB.split(",");for(let t=0;t<u.length;t++){const a=u[t].split(":",2);let e=a[0].trim();if(e.indexOf("#")===0){e=e.substring(1)}const f=a[1]||"true";const h=n.querySelector("#"+e);if(h){He(f,h,l,i)}}}ze(n,l,i);se(x(n,"template"),function(e){if(e.content&&ze(e.content,l,i)){e.remove()}});if(o.select){const d=ne().createDocumentFragment();se(n.querySelectorAll(o.select),function(e){d.appendChild(e)});n=d}qe(n);_e(r.swapStyle,o.contextElement,e,n,l);Te()}if(s.elt&&!le(s.elt)&&ee(s.elt,"id")){const g=document.getElementById(ee(s.elt,"id"));const p={preventScroll:r.focusScroll!==undefined?!r.focusScroll:!Q.config.defaultFocusScroll};if(g){if(s.start&&g.setSelectionRange){try{g.setSelectionRange(s.start,s.end)}catch(e){}}g.focus(p)}}e.classList.remove(Q.config.swappingClass);se(l.elts,function(e){if(e.classList){e.classList.add(Q.config.settlingClass)}he(e,"htmx:afterSwap",o.eventInfo)});if(o.afterSwapCallback){o.afterSwapCallback()}if(!r.ignoreTitle){kn(l.title)}const c=function(){se(l.tasks,function(e){e.call()});se(l.elts,function(e){if(e.classList){e.classList.remove(Q.config.settlingClass)}he(e,"htmx:afterSettle",o.eventInfo)});if(o.anchor){const e=ue(y("#"+o.anchor));if(e){e.scrollIntoView({block:"start",behavior:"auto"})}}yn(l.elts,r);if(o.afterSettleCallback){o.afterSettleCallback()}};if(r.settleDelay>0){E().setTimeout(c,r.settleDelay)}else{c()}}function Je(e,t,n){const r=e.getResponseHeader(t);if(r.indexOf("{")===0){const o=S(r);for(const i in o){if(o.hasOwnProperty(i)){let e=o[i];if(D(e)){n=e.target!==undefined?e.target:n}else{e={value:e}}he(n,i,e)}}}else{const s=r.split(",");for(let e=0;e<s.length;e++){he(n,s[e].trim(),[])}}}const Ke=/\s/;const v=/[\s,]/;const Ge=/[_$a-zA-Z]/;const We=/[_$a-zA-Z0-9]/;const Ze=['"',"'","/"];const w=/[^\s]/;const Ye=/[{(]/;const Qe=/[})]/;function et(e){const t=[];let n=0;while(n<e.length){if(Ge.exec(e.charAt(n))){var r=n;while(We.exec(e.charAt(n+1))){n++}t.push(e.substring(r,n+1))}else if(Ze.indexOf(e.charAt(n))!==-1){const o=e.charAt(n);var r=n;n++;while(n<e.length&&e.charAt(n)!==o){if(e.charAt(n)==="\\"){n++}n++}t.push(e.substring(r,n+1))}else{const i=e.charAt(n);t.push(i)}n++}return t}function tt(e,t,n){return Ge.exec(e.charAt(0))&&e!=="true"&&e!=="false"&&e!=="this"&&e!==n&&t!=="."}function nt(r,o,i){if(o[0]==="["){o.shift();let e=1;let t=" return (function("+i+"){ return (";let n=null;while(o.length>0){const s=o[0];if(s==="]"){e--;if(e===0){if(n===null){t=t+"true"}o.shift();t+=")})";try{const l=vn(r,function(){return Function(t)()},function(){return true});l.source=t;return l}catch(e){fe(ne().body,"htmx:syntax:error",{error:e,source:t});return null}}}else if(s==="["){e++}if(tt(s,n,i)){t+="(("+i+"."+s+") ? ("+i+"."+s+") : (window."+s+"))"}else{t=t+s}n=o.shift()}}}function C(e,t){let n="";while(e.length>0&&!t.test(e[0])){n+=e.shift()}return n}function rt(e){let t;if(e.length>0&&Ye.test(e[0])){e.shift();t=C(e,Qe).trim();e.shift()}else{t=C(e,v)}return t}const ot="input, textarea, select";function it(e,t,n){const r=[];const o=et(t);do{C(o,w);const l=o.length;const c=C(o,/[,\[\s]/);if(c!==""){if(c==="every"){const u={trigger:"every"};C(o,w);u.pollInterval=d(C(o,/[,\[\s]/));C(o,w);var i=nt(e,o,"event");if(i){u.eventFilter=i}r.push(u)}else{const a={trigger:c};var i=nt(e,o,"event");if(i){a.eventFilter=i}C(o,w);while(o.length>0&&o[0]!==","){const f=o.shift();if(f==="changed"){a.changed=true}else if(f==="once"){a.once=true}else if(f==="consume"){a.consume=true}else if(f==="delay"&&o[0]===":"){o.shift();a.delay=d(C(o,v))}else if(f==="from"&&o[0]===":"){o.shift();if(Ye.test(o[0])){var s=rt(o)}else{var s=C(o,v);if(s==="closest"||s==="find"||s==="next"||s==="previous"){o.shift();const h=rt(o);if(h.length>0){s+=" "+h}}}a.from=s}else if(f==="target"&&o[0]===":"){o.shift();a.target=rt(o)}else if(f==="throttle"&&o[0]===":"){o.shift();a.throttle=d(C(o,v))}else if(f==="queue"&&o[0]===":"){o.shift();a.queue=C(o,v)}else if(f==="root"&&o[0]===":"){o.shift();a[f]=rt(o)}else if(f==="threshold"&&o[0]===":"){o.shift();a[f]=C(o,v)}else{fe(e,"htmx:syntax:error",{token:o.shift()})}C(o,w)}r.push(a)}}if(o.length===l){fe(e,"htmx:syntax:error",{token:o.shift()})}C(o,w)}while(o[0]===","&&o.shift());if(n){n[t]=r}return r}function st(e){const t=te(e,"hx-trigger");let n=[];if(t){const r=Q.config.triggerSpecsCache;n=r&&r[t]||it(e,t,r)}if(n.length>0){return n}else if(h(e,"form")){return[{trigger:"submit"}]}else if(h(e,'input[type="button"], input[type="submit"]')){return[{trigger:"click"}]}else if(h(e,ot)){return[{trigger:"change"}]}else{return[{trigger:"click"}]}}function lt(e){ie(e).cancelled=true}function ct(e,t,n){const r=ie(e);r.timeout=E().setTimeout(function(){if(le(e)&&r.cancelled!==true){if(!gt(n,e,Mt("hx:poll:trigger",{triggerSpec:n,target:e}))){t(e)}ct(e,t,n)}},n.pollInterval)}function ut(e){return location.hostname===e.hostname&&ee(e,"href")&&ee(e,"href").indexOf("#")!==0}function at(e){return g(e,Q.config.disableSelector)}function ft(t,n,e){if(t instanceof HTMLAnchorElement&&ut(t)&&(t.target===""||t.target==="_self")||t.tagName==="FORM"&&String(ee(t,"method")).toLowerCase()!=="dialog"){n.boosted=true;let r,o;if(t.tagName==="A"){r="get";o=ee(t,"href")}else{const i=ee(t,"method");r=i?i.toLowerCase():"get";o=ee(t,"action");if(o==null||o===""){o=ne().location.href}if(r==="get"&&o.includes("?")){o=o.replace(/\?[^#]+/,"")}}e.forEach(function(e){pt(t,function(e,t){const n=ue(e);if(at(n)){b(n);return}de(r,o,n,t)},n,e,true)})}}function ht(e,t){const n=ue(t);if(!n){return false}if(e.type==="submit"||e.type==="click"){if(n.tagName==="FORM"){return true}if(h(n,'input[type="submit"], button')&&(h(n,"[form]")||g(n,"form")!==null)){return true}if(n instanceof HTMLAnchorElement&&n.href&&(n.getAttribute("href")==="#"||n.getAttribute("href").indexOf("#")!==0)){return true}}return false}function dt(e,t){return ie(e).boosted&&e instanceof HTMLAnchorElement&&t.type==="click"&&(t.ctrlKey||t.metaKey)}function gt(e,t,n){const r=e.eventFilter;if(r){try{return r.call(t,n)!==true}catch(e){const o=r.source;fe(ne().body,"htmx:eventFilter:error",{error:e,source:o});return true}}return false}function pt(l,c,e,u,a){const f=ie(l);let t;if(u.from){t=p(l,u.from)}else{t=[l]}if(u.changed){if(!("lastValue"in f)){f.lastValue=new WeakMap}t.forEach(function(e){if(!f.lastValue.has(u)){f.lastValue.set(u,new WeakMap)}f.lastValue.get(u).set(e,e.value)})}se(t,function(i){const s=function(e){if(!le(l)){i.removeEventListener(u.trigger,s);return}if(dt(l,e)){return}if(a||ht(e,l)){e.preventDefault()}if(gt(u,l,e)){return}const t=ie(e);t.triggerSpec=u;if(t.handledFor==null){t.handledFor=[]}if(t.handledFor.indexOf(l)<0){t.handledFor.push(l);if(u.consume){e.stopPropagation()}if(u.target&&e.target){if(!h(ue(e.target),u.target)){return}}if(u.once){if(f.triggeredOnce){return}else{f.triggeredOnce=true}}if(u.changed){const n=event.target;const r=n.value;const o=f.lastValue.get(u);if(o.has(n)&&o.get(n)===r){return}o.set(n,r)}if(f.delayed){clearTimeout(f.delayed)}if(f.throttle){return}if(u.throttle>0){if(!f.throttle){he(l,"htmx:trigger");c(l,e);f.throttle=E().setTimeout(function(){f.throttle=null},u.throttle)}}else if(u.delay>0){f.delayed=E().setTimeout(function(){he(l,"htmx:trigger");c(l,e)},u.delay)}else{he(l,"htmx:trigger");c(l,e)}}};if(e.listenerInfos==null){e.listenerInfos=[]}e.listenerInfos.push({trigger:u.trigger,listener:s,on:i});i.addEventListener(u.trigger,s)})}let mt=false;let xt=null;function yt(){if(!xt){xt=function(){mt=true};window.addEventListener("scroll",xt);window.addEventListener("resize",xt);setInterval(function(){if(mt){mt=false;se(ne().querySelectorAll("[hx-trigger*='revealed'],[data-hx-trigger*='revealed']"),function(e){bt(e)})}},200)}}function bt(e){if(!s(e,"data-hx-revealed")&&X(e)){e.setAttribute("data-hx-revealed","true");const t=ie(e);if(t.initHash){he(e,"revealed")}else{e.addEventListener("htmx:afterProcessNode",function(){he(e,"revealed")},{once:true})}}}function vt(e,t,n,r){const o=function(){if(!n.loaded){n.loaded=true;he(e,"htmx:trigger");t(e)}};if(r>0){E().setTimeout(o,r)}else{o()}}function wt(t,n,e){let i=false;se(r,function(r){if(s(t,"hx-"+r)){const o=te(t,"hx-"+r);i=true;n.path=o;n.verb=r;e.forEach(function(e){St(t,e,n,function(e,t){const n=ue(e);if(g(n,Q.config.disableSelector)){b(n);return}de(r,o,n,t)})})}});return i}function St(r,e,t,n){if(e.trigger==="revealed"){yt();pt(r,n,t,e);bt(ue(r))}else if(e.trigger==="intersect"){const o={};if(e.root){o.root=ae(r,e.root)}if(e.threshold){o.threshold=parseFloat(e.threshold)}const i=new IntersectionObserver(function(t){for(let e=0;e<t.length;e++){const n=t[e];if(n.isIntersecting){he(r,"intersect");break}}},o);i.observe(ue(r));pt(ue(r),n,t,e)}else if(!t.firstInitCompleted&&e.trigger==="load"){if(!gt(e,r,Mt("load",{elt:r}))){vt(ue(r),n,t,e.delay)}}else if(e.pollInterval>0){t.polling=true;ct(ue(r),n,e)}else{pt(r,n,t,e)}}function Et(e){const t=ue(e);if(!t){return false}const n=t.attributes;for(let e=0;e<n.length;e++){const r=n[e].name;if(l(r,"hx-on:")||l(r,"data-hx-on:")||l(r,"hx-on-")||l(r,"data-hx-on-")){return true}}return false}const Ct=(new XPathEvaluator).createExpression('.//*[@*[ starts-with(name(), "hx-on:") or starts-with(name(), "data-hx-on:") or'+' starts-with(name(), "hx-on-") or starts-with(name(), "data-hx-on-") ]]');function Ot(e,t){if(Et(e)){t.push(ue(e))}const n=Ct.evaluate(e);let r=null;while(r=n.iterateNext())t.push(ue(r))}function Rt(e){const t=[];if(e instanceof DocumentFragment){for(const n of e.childNodes){Ot(n,t)}}else{Ot(e,t)}return t}function Ht(e){if(e.querySelectorAll){const n=", [hx-boost] a, [data-hx-boost] a, a[hx-boost], a[data-hx-boost]";const r=[];for(const i in Mn){const s=Mn[i];if(s.getSelectors){var t=s.getSelectors();if(t){r.push(t)}}}const o=e.querySelectorAll(H+n+", form, [type='submit'],"+" [hx-ext], [data-hx-ext], [hx-trigger], [data-hx-trigger]"+r.flat().map(e=>", "+e).join(""));return o}else{return[]}}function Tt(e){const t=g(ue(e.target),"button, input[type='submit']");const n=Lt(e);if(n){n.lastButtonClicked=t}}function qt(e){const t=Lt(e);if(t){t.lastButtonClicked=null}}function Lt(e){const t=g(ue(e.target),"button, input[type='submit']");if(!t){return}const n=y("#"+ee(t,"form"),t.getRootNode())||g(t,"form");if(!n){return}return ie(n)}function At(e){e.addEventListener("click",Tt);e.addEventListener("focusin",Tt);e.addEventListener("focusout",qt)}function Nt(t,e,n){const r=ie(t);if(!Array.isArray(r.onHandlers)){r.onHandlers=[]}let o;const i=function(e){vn(t,function(){if(at(t)){return}if(!o){o=new Function("event",n)}o.call(t,e)})};t.addEventListener(e,i);r.onHandlers.push({event:e,listener:i})}function It(t){ke(t);for(let e=0;e<t.attributes.length;e++){const n=t.attributes[e].name;const r=t.attributes[e].value;if(l(n,"hx-on")||l(n,"data-hx-on")){const o=n.indexOf("-on")+3;const i=n.slice(o,o+1);if(i==="-"||i===":"){let e=n.slice(o+1);if(l(e,":")){e="htmx"+e}else if(l(e,"-")){e="htmx:"+e.slice(1)}else if(l(e,"htmx-")){e="htmx:"+e.slice(5)}Nt(t,e,r)}}}}function Pt(t){if(g(t,Q.config.disableSelector)){b(t);return}const n=ie(t);const e=Pe(t);if(n.initHash!==e){De(t);n.initHash=e;he(t,"htmx:beforeProcessNode");const r=st(t);const o=wt(t,n,r);if(!o){if(re(t,"hx-boost")==="true"){ft(t,n,r)}else if(s(t,"hx-trigger")){r.forEach(function(e){St(t,e,n,function(){})})}}if(t.tagName==="FORM"||ee(t,"type")==="submit"&&s(t,"form")){At(t)}n.firstInitCompleted=true;he(t,"htmx:afterProcessNode")}}function kt(e){e=y(e);if(g(e,Q.config.disableSelector)){b(e);return}Pt(e);se(Ht(e),function(e){Pt(e)});se(Rt(e),It)}function Dt(e){return e.replace(/([a-z0-9])([A-Z])/g,"$1-$2").toLowerCase()}function Mt(e,t){let n;if(window.CustomEvent&&typeof window.CustomEvent==="function"){n=new CustomEvent(e,{bubbles:true,cancelable:true,composed:true,detail:t})}else{n=ne().createEvent("CustomEvent");n.initCustomEvent(e,true,true,t)}return n}function fe(e,t,n){he(e,t,ce({error:t},n))}function Xt(e){return e==="htmx:afterProcessNode"}function Ft(e,t){se(Un(e),function(e){try{t(e)}catch(e){O(e)}})}function O(e){if(console.error){console.error(e)}else if(console.log){console.log("ERROR: ",e)}}function he(e,t,n){e=y(e);if(n==null){n={}}n.elt=e;const r=Mt(t,n);if(Q.logger&&!Xt(t)){Q.logger(e,t,n)}if(n.error){O(n.error);he(e,"htmx:error",{errorInfo:n})}let o=e.dispatchEvent(r);const i=Dt(t);if(o&&i!==t){const s=Mt(i,r.detail);o=o&&e.dispatchEvent(s)}Ft(ue(e),function(e){o=o&&(e.onEvent(t,r)!==false&&!r.defaultPrevented)});return o}let Bt=location.pathname+location.search;function Ut(){const e=ne().querySelector("[hx-history-elt],[data-hx-history-elt]");return e||ne().body}function jt(t,e){if(!B()){return}const n=_t(e);const r=ne().title;const o=window.scrollY;if(Q.config.historyCacheSize<=0){localStorage.removeItem("htmx-history-cache");return}t=U(t);const i=S(localStorage.getItem("htmx-history-cache"))||[];for(let e=0;e<i.length;e++){if(i[e].url===t){i.splice(e,1);break}}const s={url:t,content:n,title:r,scroll:o};he(ne().body,"htmx:historyItemCreated",{item:s,cache:i});i.push(s);while(i.length>Q.config.historyCacheSize){i.shift()}while(i.length>0){try{localStorage.setItem("htmx-history-cache",JSON.stringify(i));break}catch(e){fe(ne().body,"htmx:historyCacheError",{cause:e,cache:i});i.shift()}}}function Vt(t){if(!B()){return null}t=U(t);const n=S(localStorage.getItem("htmx-history-cache"))||[];for(let e=0;e<n.length;e++){if(n[e].url===t){return n[e]}}return null}function _t(e){const t=Q.config.requestClass;const n=e.cloneNode(true);se(x(n,"."+t),function(e){G(e,t)});se(x(n,"[data-disabled-by-htmx]"),function(e){e.removeAttribute("disabled")});return n.innerHTML}function zt(){const e=Ut();const t=Bt||location.pathname+location.search;let n;try{n=ne().querySelector('[hx-history="false" i],[data-hx-history="false" i]')}catch(e){n=ne().querySelector('[hx-history="false"],[data-hx-history="false"]')}if(!n){he(ne().body,"htmx:beforeHistorySave",{path:t,historyElt:e});jt(t,e)}if(Q.config.historyEnabled)history.replaceState({htmx:true},ne().title,window.location.href)}function $t(e){if(Q.config.getCacheBusterParam){e=e.replace(/org\.htmx\.cache-buster=[^&]*&?/,"");if(Y(e,"&")||Y(e,"?")){e=e.slice(0,-1)}}if(Q.config.historyEnabled){history.pushState({htmx:true},"",e)}Bt=e}function Jt(e){if(Q.config.historyEnabled)history.replaceState({htmx:true},"",e);Bt=e}function Kt(e){se(e,function(e){e.call(undefined)})}function Gt(o){const e=new XMLHttpRequest;const i={path:o,xhr:e};he(ne().body,"htmx:historyCacheMiss",i);e.open("GET",o,true);e.setRequestHeader("HX-Request","true");e.setRequestHeader("HX-History-Restore-Request","true");e.setRequestHeader("HX-Current-URL",ne().location.href);e.onload=function(){if(this.status>=200&&this.status<400){he(ne().body,"htmx:historyCacheMissLoad",i);const e=P(this.response);const t=e.querySelector("[hx-history-elt],[data-hx-history-elt]")||e;const n=Ut();const r=xn(n);kn(e.title);qe(e);Ve(n,t,r);Te();Kt(r.tasks);Bt=o;he(ne().body,"htmx:historyRestore",{path:o,cacheMiss:true,serverResponse:this.response})}else{fe(ne().body,"htmx:historyCacheMissLoadError",i)}};e.send()}function Wt(e){zt();e=e||location.pathname+location.search;const t=Vt(e);if(t){const n=P(t.content);const r=Ut();const o=xn(r);kn(t.title);qe(n);Ve(r,n,o);Te();Kt(o.tasks);E().setTimeout(function(){window.scrollTo(0,t.scroll)},0);Bt=e;he(ne().body,"htmx:historyRestore",{path:e,item:t})}else{if(Q.config.refreshOnHistoryMiss){window.location.reload(true)}else{Gt(e)}}}function Zt(e){let t=we(e,"hx-indicator");if(t==null){t=[e]}se(t,function(e){const t=ie(e);t.requestCount=(t.requestCount||0)+1;e.classList.add.call(e.classList,Q.config.requestClass)});return t}function Yt(e){let t=we(e,"hx-disabled-elt");if(t==null){t=[]}se(t,function(e){const t=ie(e);t.requestCount=(t.requestCount||0)+1;e.setAttribute("disabled","");e.setAttribute("data-disabled-by-htmx","")});return t}function Qt(e,t){se(e.concat(t),function(e){const t=ie(e);t.requestCount=(t.requestCount||1)-1});se(e,function(e){const t=ie(e);if(t.requestCount===0){e.classList.remove.call(e.classList,Q.config.requestClass)}});se(t,function(e){const t=ie(e);if(t.requestCount===0){e.removeAttribute("disabled");e.removeAttribute("data-disabled-by-htmx")}})}function en(t,n){for(let e=0;e<t.length;e++){const r=t[e];if(r.isSameNode(n)){return true}}return false}function tn(e){const t=e;if(t.name===""||t.name==null||t.disabled||g(t,"fieldset[disabled]")){return false}if(t.type==="button"||t.type==="submit"||t.tagName==="image"||t.tagName==="reset"||t.tagName==="file"){return false}if(t.type==="checkbox"||t.type==="radio"){return t.checked}return true}function nn(t,e,n){if(t!=null&&e!=null){if(Array.isArray(e)){e.forEach(function(e){n.append(t,e)})}else{n.append(t,e)}}}function rn(t,n,r){if(t!=null&&n!=null){let e=r.getAll(t);if(Array.isArray(n)){e=e.filter(e=>n.indexOf(e)<0)}else{e=e.filter(e=>e!==n)}r.delete(t);se(e,e=>r.append(t,e))}}function on(t,n,r,o,i){if(o==null||en(t,o)){return}else{t.push(o)}if(tn(o)){const s=ee(o,"name");let e=o.value;if(o instanceof HTMLSelectElement&&o.multiple){e=M(o.querySelectorAll("option:checked")).map(function(e){return e.value})}if(o instanceof HTMLInputElement&&o.files){e=M(o.files)}nn(s,e,n);if(i){sn(o,r)}}if(o instanceof HTMLFormElement){se(o.elements,function(e){if(t.indexOf(e)>=0){rn(e.name,e.value,n)}else{t.push(e)}if(i){sn(e,r)}});new FormData(o).forEach(function(e,t){if(e instanceof File&&e.name===""){return}nn(t,e,n)})}}function sn(e,t){const n=e;if(n.willValidate){he(n,"htmx:validation:validate");if(!n.checkValidity()){t.push({elt:n,message:n.validationMessage,validity:n.validity});he(n,"htmx:validation:failed",{message:n.validationMessage,validity:n.validity})}}}function ln(n,e){for(const t of e.keys()){n.delete(t)}e.forEach(function(e,t){n.append(t,e)});return n}function cn(e,t){const n=[];const r=new FormData;const o=new FormData;const i=[];const s=ie(e);if(s.lastButtonClicked&&!le(s.lastButtonClicked)){s.lastButtonClicked=null}let l=e instanceof HTMLFormElement&&e.noValidate!==true||te(e,"hx-validate")==="true";if(s.lastButtonClicked){l=l&&s.lastButtonClicked.formNoValidate!==true}if(t!=="get"){on(n,o,i,g(e,"form"),l)}on(n,r,i,e,l);if(s.lastButtonClicked||e.tagName==="BUTTON"||e.tagName==="INPUT"&&ee(e,"type")==="submit"){const u=s.lastButtonClicked||e;const a=ee(u,"name");nn(a,u.value,o)}const c=we(e,"hx-include");se(c,function(e){on(n,r,i,ue(e),l);if(!h(e,"form")){se(f(e).querySelectorAll(ot),function(e){on(n,r,i,e,l)})}});ln(r,o);return{errors:i,formData:r,values:An(r)}}function un(e,t,n){if(e!==""){e+="&"}if(String(n)==="[object Object]"){n=JSON.stringify(n)}const r=encodeURIComponent(n);e+=encodeURIComponent(t)+"="+r;return e}function an(e){e=qn(e);let n="";e.forEach(function(e,t){n=un(n,t,e)});return n}function fn(e,t,n){const r={"HX-Request":"true","HX-Trigger":ee(e,"id"),"HX-Trigger-Name":ee(e,"name"),"HX-Target":te(t,"id"),"HX-Current-URL":ne().location.href};bn(e,"hx-headers",false,r);if(n!==undefined){r["HX-Prompt"]=n}if(ie(e).boosted){r["HX-Boosted"]="true"}return r}function hn(n,e){const t=re(e,"hx-params");if(t){if(t==="none"){return new FormData}else if(t==="*"){return n}else if(t.indexOf("not ")===0){se(t.slice(4).split(","),function(e){e=e.trim();n.delete(e)});return n}else{const r=new FormData;se(t.split(","),function(t){t=t.trim();if(n.has(t)){n.getAll(t).forEach(function(e){r.append(t,e)})}});return r}}else{return n}}function dn(e){return!!ee(e,"href")&&ee(e,"href").indexOf("#")>=0}function gn(e,t){const n=t||re(e,"hx-swap");const r={swapStyle:ie(e).boosted?"innerHTML":Q.config.defaultSwapStyle,swapDelay:Q.config.defaultSwapDelay,settleDelay:Q.config.defaultSettleDelay};if(Q.config.scrollIntoViewOnBoost&&ie(e).boosted&&!dn(e)){r.show="top"}if(n){const s=F(n);if(s.length>0){for(let e=0;e<s.length;e++){const l=s[e];if(l.indexOf("swap:")===0){r.swapDelay=d(l.slice(5))}else if(l.indexOf("settle:")===0){r.settleDelay=d(l.slice(7))}else if(l.indexOf("transition:")===0){r.transition=l.slice(11)==="true"}else if(l.indexOf("ignoreTitle:")===0){r.ignoreTitle=l.slice(12)==="true"}else if(l.indexOf("scroll:")===0){const c=l.slice(7);var o=c.split(":");const u=o.pop();var i=o.length>0?o.join(":"):null;r.scroll=u;r.scrollTarget=i}else if(l.indexOf("show:")===0){const a=l.slice(5);var o=a.split(":");const f=o.pop();var i=o.length>0?o.join(":"):null;r.show=f;r.showTarget=i}else if(l.indexOf("focus-scroll:")===0){const h=l.slice("focus-scroll:".length);r.focusScroll=h=="true"}else if(e==0){r.swapStyle=l}else{O("Unknown modifier in hx-swap: "+l)}}}}return r}function pn(e){return re(e,"hx-encoding")==="multipart/form-data"||h(e,"form")&&ee(e,"enctype")==="multipart/form-data"}function mn(t,n,r){let o=null;Ft(n,function(e){if(o==null){o=e.encodeParameters(t,r,n)}});if(o!=null){return o}else{if(pn(n)){return ln(new FormData,qn(r))}else{return an(r)}}}function xn(e){return{tasks:[],elts:[e]}}function yn(e,t){const n=e[0];const r=e[e.length-1];if(t.scroll){var o=null;if(t.scrollTarget){o=ue(ae(n,t.scrollTarget))}if(t.scroll==="top"&&(n||o)){o=o||n;o.scrollTop=0}if(t.scroll==="bottom"&&(r||o)){o=o||r;o.scrollTop=o.scrollHeight}}if(t.show){var o=null;if(t.showTarget){let e=t.showTarget;if(t.showTarget==="window"){e="body"}o=ue(ae(n,e))}if(t.show==="top"&&(n||o)){o=o||n;o.scrollIntoView({block:"start",behavior:Q.config.scrollBehavior})}if(t.show==="bottom"&&(r||o)){o=o||r;o.scrollIntoView({block:"end",behavior:Q.config.scrollBehavior})}}}function bn(r,e,o,i){if(i==null){i={}}if(r==null){return i}const s=te(r,e);if(s){let e=s.trim();let t=o;if(e==="unset"){return null}if(e.indexOf("javascript:")===0){e=e.slice(11);t=true}else if(e.indexOf("js:")===0){e=e.slice(3);t=true}if(e.indexOf("{")!==0){e="{"+e+"}"}let n;if(t){n=vn(r,function(){return Function("return ("+e+")")()},{})}else{n=S(e)}for(const l in n){if(n.hasOwnProperty(l)){if(i[l]==null){i[l]=n[l]}}}}return bn(ue(c(r)),e,o,i)}function vn(e,t,n){if(Q.config.allowEval){return t()}else{fe(e,"htmx:evalDisallowedError");return n}}function wn(e,t){return bn(e,"hx-vars",true,t)}function Sn(e,t){return bn(e,"hx-vals",false,t)}function En(e){return ce(wn(e),Sn(e))}function Cn(t,n,r){if(r!==null){try{t.setRequestHeader(n,r)}catch(e){t.setRequestHeader(n,encodeURIComponent(r));t.setRequestHeader(n+"-URI-AutoEncoded","true")}}}function On(t){if(t.responseURL&&typeof URL!=="undefined"){try{const e=new URL(t.responseURL);return e.pathname+e.search}catch(e){fe(ne().body,"htmx:badResponseUrl",{url:t.responseURL})}}}function R(e,t){return t.test(e.getAllResponseHeaders())}function Rn(t,n,r){t=t.toLowerCase();if(r){if(r instanceof Element||typeof r==="string"){return de(t,n,null,null,{targetOverride:y(r)||ve,returnPromise:true})}else{let e=y(r.target);if(r.target&&!e||r.source&&!e&&!y(r.source)){e=ve}return de(t,n,y(r.source),r.event,{handler:r.handler,headers:r.headers,values:r.values,targetOverride:e,swapOverride:r.swap,select:r.select,returnPromise:true})}}else{return de(t,n,null,null,{returnPromise:true})}}function Hn(e){const t=[];while(e){t.push(e);e=e.parentElement}return t}function Tn(e,t,n){let r;let o;if(typeof URL==="function"){o=new URL(t,document.location.href);const i=document.location.origin;r=i===o.origin}else{o=t;r=l(t,document.location.origin)}if(Q.config.selfRequestsOnly){if(!r){return false}}return he(e,"htmx:validateUrl",ce({url:o,sameHost:r},n))}function qn(e){if(e instanceof FormData)return e;const t=new FormData;for(const n in e){if(e.hasOwnProperty(n)){if(e[n]&&typeof e[n].forEach==="function"){e[n].forEach(function(e){t.append(n,e)})}else if(typeof e[n]==="object"&&!(e[n]instanceof Blob)){t.append(n,JSON.stringify(e[n]))}else{t.append(n,e[n])}}}return t}function Ln(r,o,e){return new Proxy(e,{get:function(t,e){if(typeof e==="number")return t[e];if(e==="length")return t.length;if(e==="push"){return function(e){t.push(e);r.append(o,e)}}if(typeof t[e]==="function"){return function(){t[e].apply(t,arguments);r.delete(o);t.forEach(function(e){r.append(o,e)})}}if(t[e]&&t[e].length===1){return t[e][0]}else{return t[e]}},set:function(e,t,n){e[t]=n;r.delete(o);e.forEach(function(e){r.append(o,e)});return true}})}function An(o){return new Proxy(o,{get:function(e,t){if(typeof t==="symbol"){const r=Reflect.get(e,t);if(typeof r==="function"){return function(){return r.apply(o,arguments)}}else{return r}}if(t==="toJSON"){return()=>Object.fromEntries(o)}if(t in e){if(typeof e[t]==="function"){return function(){return o[t].apply(o,arguments)}}else{return e[t]}}const n=o.getAll(t);if(n.length===0){return undefined}else if(n.length===1){return n[0]}else{return Ln(e,t,n)}},set:function(t,n,e){if(typeof n!=="string"){return false}t.delete(n);if(e&&typeof e.forEach==="function"){e.forEach(function(e){t.append(n,e)})}else if(typeof e==="object"&&!(e instanceof Blob)){t.append(n,JSON.stringify(e))}else{t.append(n,e)}return true},deleteProperty:function(e,t){if(typeof t==="string"){e.delete(t)}return true},ownKeys:function(e){return Reflect.ownKeys(Object.fromEntries(e))},getOwnPropertyDescriptor:function(e,t){return Reflect.getOwnPropertyDescriptor(Object.fromEntries(e),t)}})}function de(t,n,r,o,i,D){let s=null;let l=null;i=i!=null?i:{};if(i.returnPromise&&typeof Promise!=="undefined"){var e=new Promise(function(e,t){s=e;l=t})}if(r==null){r=ne().body}const M=i.handler||Dn;const X=i.select||null;if(!le(r)){oe(s);return e}const c=i.targetOverride||ue(Ee(r));if(c==null||c==ve){fe(r,"htmx:targetError",{target:te(r,"hx-target")});oe(l);return e}let u=ie(r);const a=u.lastButtonClicked;if(a){const L=ee(a,"formaction");if(L!=null){n=L}const A=ee(a,"formmethod");if(A!=null){if(A.toLowerCase()!=="dialog"){t=A}}}const f=re(r,"hx-confirm");if(D===undefined){const K=function(e){return de(t,n,r,o,i,!!e)};const G={target:c,elt:r,path:n,verb:t,triggeringEvent:o,etc:i,issueRequest:K,question:f};if(he(r,"htmx:confirm",G)===false){oe(s);return e}}let h=r;let d=re(r,"hx-sync");let g=null;let F=false;if(d){const N=d.split(":");const I=N[0].trim();if(I==="this"){h=Se(r,"hx-sync")}else{h=ue(ae(r,I))}d=(N[1]||"drop").trim();u=ie(h);if(d==="drop"&&u.xhr&&u.abortable!==true){oe(s);return e}else if(d==="abort"){if(u.xhr){oe(s);return e}else{F=true}}else if(d==="replace"){he(h,"htmx:abort")}else if(d.indexOf("queue")===0){const W=d.split(" ");g=(W[1]||"last").trim()}}if(u.xhr){if(u.abortable){he(h,"htmx:abort")}else{if(g==null){if(o){const P=ie(o);if(P&&P.triggerSpec&&P.triggerSpec.queue){g=P.triggerSpec.queue}}if(g==null){g="last"}}if(u.queuedRequests==null){u.queuedRequests=[]}if(g==="first"&&u.queuedRequests.length===0){u.queuedRequests.push(function(){de(t,n,r,o,i)})}else if(g==="all"){u.queuedRequests.push(function(){de(t,n,r,o,i)})}else if(g==="last"){u.queuedRequests=[];u.queuedRequests.push(function(){de(t,n,r,o,i)})}oe(s);return e}}const p=new XMLHttpRequest;u.xhr=p;u.abortable=F;const m=function(){u.xhr=null;u.abortable=false;if(u.queuedRequests!=null&&u.queuedRequests.length>0){const e=u.queuedRequests.shift();e()}};const B=re(r,"hx-prompt");if(B){var x=prompt(B);if(x===null||!he(r,"htmx:prompt",{prompt:x,target:c})){oe(s);m();return e}}if(f&&!D){if(!confirm(f)){oe(s);m();return e}}let y=fn(r,c,x);if(t!=="get"&&!pn(r)){y["Content-Type"]="application/x-www-form-urlencoded"}if(i.headers){y=ce(y,i.headers)}const U=cn(r,t);let b=U.errors;const j=U.formData;if(i.values){ln(j,qn(i.values))}const V=qn(En(r));const v=ln(j,V);let w=hn(v,r);if(Q.config.getCacheBusterParam&&t==="get"){w.set("org.htmx.cache-buster",ee(c,"id")||"true")}if(n==null||n===""){n=ne().location.href}const S=bn(r,"hx-request");const _=ie(r).boosted;let E=Q.config.methodsThatUseUrlParams.indexOf(t)>=0;const C={boosted:_,useUrlParams:E,formData:w,parameters:An(w),unfilteredFormData:v,unfilteredParameters:An(v),headers:y,target:c,verb:t,errors:b,withCredentials:i.credentials||S.credentials||Q.config.withCredentials,timeout:i.timeout||S.timeout||Q.config.timeout,path:n,triggeringEvent:o};if(!he(r,"htmx:configRequest",C)){oe(s);m();return e}n=C.path;t=C.verb;y=C.headers;w=qn(C.parameters);b=C.errors;E=C.useUrlParams;if(b&&b.length>0){he(r,"htmx:validation:halted",C);oe(s);m();return e}const z=n.split("#");const $=z[0];const O=z[1];let R=n;if(E){R=$;const Z=!w.keys().next().done;if(Z){if(R.indexOf("?")<0){R+="?"}else{R+="&"}R+=an(w);if(O){R+="#"+O}}}if(!Tn(r,R,C)){fe(r,"htmx:invalidPath",C);oe(l);return e}p.open(t.toUpperCase(),R,true);p.overrideMimeType("text/html");p.withCredentials=C.withCredentials;p.timeout=C.timeout;if(S.noHeaders){}else{for(const k in y){if(y.hasOwnProperty(k)){const Y=y[k];Cn(p,k,Y)}}}const H={xhr:p,target:c,requestConfig:C,etc:i,boosted:_,select:X,pathInfo:{requestPath:n,finalRequestPath:R,responsePath:null,anchor:O}};p.onload=function(){try{const t=Hn(r);H.pathInfo.responsePath=On(p);M(r,H);if(H.keepIndicators!==true){Qt(T,q)}he(r,"htmx:afterRequest",H);he(r,"htmx:afterOnLoad",H);if(!le(r)){let e=null;while(t.length>0&&e==null){const n=t.shift();if(le(n)){e=n}}if(e){he(e,"htmx:afterRequest",H);he(e,"htmx:afterOnLoad",H)}}oe(s);m()}catch(e){fe(r,"htmx:onLoadError",ce({error:e},H));throw e}};p.onerror=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:sendError",H);oe(l);m()};p.onabort=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:sendAbort",H);oe(l);m()};p.ontimeout=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:timeout",H);oe(l);m()};if(!he(r,"htmx:beforeRequest",H)){oe(s);m();return e}var T=Zt(r);var q=Yt(r);se(["loadstart","loadend","progress","abort"],function(t){se([p,p.upload],function(e){e.addEventListener(t,function(e){he(r,"htmx:xhr:"+t,{lengthComputable:e.lengthComputable,loaded:e.loaded,total:e.total})})})});he(r,"htmx:beforeSend",H);const J=E?null:mn(p,r,w);p.send(J);return e}function Nn(e,t){const n=t.xhr;let r=null;let o=null;if(R(n,/HX-Push:/i)){r=n.getResponseHeader("HX-Push");o="push"}else if(R(n,/HX-Push-Url:/i)){r=n.getResponseHeader("HX-Push-Url");o="push"}else if(R(n,/HX-Replace-Url:/i)){r=n.getResponseHeader("HX-Replace-Url");o="replace"}if(r){if(r==="false"){return{}}else{return{type:o,path:r}}}const i=t.pathInfo.finalRequestPath;const s=t.pathInfo.responsePath;const l=re(e,"hx-push-url");const c=re(e,"hx-replace-url");const u=ie(e).boosted;let a=null;let f=null;if(l){a="push";f=l}else if(c){a="replace";f=c}else if(u){a="push";f=s||i}if(f){if(f==="false"){return{}}if(f==="true"){f=s||i}if(t.pathInfo.anchor&&f.indexOf("#")===-1){f=f+"#"+t.pathInfo.anchor}return{type:a,path:f}}else{return{}}}function In(e,t){var n=new RegExp(e.code);return n.test(t.toString(10))}function Pn(e){for(var t=0;t<Q.config.responseHandling.length;t++){var n=Q.config.responseHandling[t];if(In(n,e.status)){return n}}return{swap:false}}function kn(e){if(e){const t=u("title");if(t){t.innerHTML=e}else{window.document.title=e}}}function Dn(o,i){const s=i.xhr;let l=i.target;const e=i.etc;const c=i.select;if(!he(o,"htmx:beforeOnLoad",i))return;if(R(s,/HX-Trigger:/i)){Je(s,"HX-Trigger",o)}if(R(s,/HX-Location:/i)){zt();let e=s.getResponseHeader("HX-Location");var t;if(e.indexOf("{")===0){t=S(e);e=t.path;delete t.path}Rn("get",e,t).then(function(){$t(e)});return}const n=R(s,/HX-Refresh:/i)&&s.getResponseHeader("HX-Refresh")==="true";if(R(s,/HX-Redirect:/i)){i.keepIndicators=true;location.href=s.getResponseHeader("HX-Redirect");n&&location.reload();return}if(n){i.keepIndicators=true;location.reload();return}if(R(s,/HX-Retarget:/i)){if(s.getResponseHeader("HX-Retarget")==="this"){i.target=o}else{i.target=ue(ae(o,s.getResponseHeader("HX-Retarget")))}}const u=Nn(o,i);const r=Pn(s);const a=r.swap;let f=!!r.error;let h=Q.config.ignoreTitle||r.ignoreTitle;let d=r.select;if(r.target){i.target=ue(ae(o,r.target))}var g=e.swapOverride;if(g==null&&r.swapOverride){g=r.swapOverride}if(R(s,/HX-Retarget:/i)){if(s.getResponseHeader("HX-Retarget")==="this"){i.target=o}else{i.target=ue(ae(o,s.getResponseHeader("HX-Retarget")))}}if(R(s,/HX-Reswap:/i)){g=s.getResponseHeader("HX-Reswap")}var p=s.response;var m=ce({shouldSwap:a,serverResponse:p,isError:f,ignoreTitle:h,selectOverride:d,swapOverride:g},i);if(r.event&&!he(l,r.event,m))return;if(!he(l,"htmx:beforeSwap",m))return;l=m.target;p=m.serverResponse;f=m.isError;h=m.ignoreTitle;d=m.selectOverride;g=m.swapOverride;i.target=l;i.failed=f;i.successful=!f;if(m.shouldSwap){if(s.status===286){lt(o)}Ft(o,function(e){p=e.transformResponse(p,s,o)});if(u.type){zt()}var x=gn(o,g);if(!x.hasOwnProperty("ignoreTitle")){x.ignoreTitle=h}l.classList.add(Q.config.swappingClass);let n=null;let r=null;if(c){d=c}if(R(s,/HX-Reselect:/i)){d=s.getResponseHeader("HX-Reselect")}const y=re(o,"hx-select-oob");const b=re(o,"hx-select");let e=function(){try{if(u.type){he(ne().body,"htmx:beforeHistoryUpdate",ce({history:u},i));if(u.type==="push"){$t(u.path);he(ne().body,"htmx:pushedIntoHistory",{path:u.path})}else{Jt(u.path);he(ne().body,"htmx:replacedInHistory",{path:u.path})}}$e(l,p,x,{select:d||b,selectOOB:y,eventInfo:i,anchor:i.pathInfo.anchor,contextElement:o,afterSwapCallback:function(){if(R(s,/HX-Trigger-After-Swap:/i)){let e=o;if(!le(o)){e=ne().body}Je(s,"HX-Trigger-After-Swap",e)}},afterSettleCallback:function(){if(R(s,/HX-Trigger-After-Settle:/i)){let e=o;if(!le(o)){e=ne().body}Je(s,"HX-Trigger-After-Settle",e)}oe(n)}})}catch(e){fe(o,"htmx:swapError",i);oe(r);throw e}};let t=Q.config.globalViewTransitions;if(x.hasOwnProperty("transition")){t=x.transition}if(t&&he(o,"htmx:beforeTransition",i)&&typeof Promise!=="undefined"&&document.startViewTransition){const v=new Promise(function(e,t){n=e;r=t});const w=e;e=function(){document.startViewTransition(function(){w();return v})}}if(x.swapDelay>0){E().setTimeout(e,x.swapDelay)}else{e()}}if(f){fe(o,"htmx:responseError",ce({error:"Response Status Error Code "+s.status+" from "+i.pathInfo.requestPath},i))}}const Mn={};function Xn(){return{init:function(e){return null},getSelectors:function(){return null},onEvent:function(e,t){return true},transformResponse:function(e,t,n){return e},isInlineSwap:function(e){return false},handleSwap:function(e,t,n,r){return false},encodeParameters:function(e,t,n){return null}}}function Fn(e,t){if(t.init){t.init(n)}Mn[e]=ce(Xn(),t)}function Bn(e){delete Mn[e]}function Un(e,n,r){if(n==undefined){n=[]}if(e==undefined){return n}if(r==undefined){r=[]}const t=te(e,"hx-ext");if(t){se(t.split(","),function(e){e=e.replace(/ /g,"");if(e.slice(0,7)=="ignore:"){r.push(e.slice(7));return}if(r.indexOf(e)<0){const t=Mn[e];if(t&&n.indexOf(t)<0){n.push(t)}}})}return Un(ue(c(e)),n,r)}var jn=false;ne().addEventListener("DOMContentLoaded",function(){jn=true});function Vn(e){if(jn||ne().readyState==="complete"){e()}else{ne().addEventListener("DOMContentLoaded",e)}}function _n(){if(Q.config.includeIndicatorStyles!==false){const e=Q.config.inlineStyleNonce?` nonce="${Q.config.inlineStyleNonce}"`:"";ne().head.insertAdjacentHTML("beforeend","<style"+e+">      ."+Q.config.indicatorClass+"{opacity:0}      ."+Q.config.requestClass+" ."+Q.config.indicatorClass+"{opacity:1; transition: opacity 200ms ease-in;}      ."+Q.config.requestClass+"."+Q.config.indicatorClass+"{opacity:1; transition: opacity 200ms ease-in;}      </style>")}}function zn(){const e=ne().querySelector('meta[name="htmx-config"]');if(e){return S(e.content)}else{return null}}function $n(){const e=zn();if(e){Q.config=ce(Q.config,e)}}Vn(function(){$n();_n();let e=ne().body;kt(e);const t=ne().querySelectorAll("[hx-trigger='restored'],[data-hx-trigger='restored']");e.addEventListener("htmx:abort",function(e){const t=e.target;const n=ie(t);if(n&&n.xhr){n.xhr.abort()}});const n=window.onpopstate?window.onpopstate.bind(window):null;window.onpopstate=function(e){if(e.state&&e.state.htmx){Wt();se(t,function(e){he(e,"htmx:restored",{document:ne(),triggerEvent:he})})}else{if(n){n(e)}}};E().setTimeout(function(){he(e,"htmx:load",{});e=null},0)});return Q}();
\ No newline at end of file
diff --git a/src/shared/templates/_links.html b/src/shared/templates/_links.html
index c602519..4497f65 100644
--- a/src/shared/templates/_links.html
+++ b/src/shared/templates/_links.html
@@ -1,16 +1,33 @@
-{% load sass_tags static %}
+{% load django_htmx sass_tags static %}
 
 <!-- Icons -->
 <link href="{% static 'favicon.ico' %}" rel="icon" />
 <link href="{% static 'apple-touch-icon.png' %}" rel="apple-touch-icon" />
-<link rel="icon" type="image/png" href="{% static 'favicon-16x16.png' %}" sizes="16x16" />
-<link rel="icon" type="image/png" href="{% static 'favicon-32x32.png' %}" sizes="32x32" />
-<link rel="icon" type="image/png" href="{% static 'android-chrome-192x192.png' %}" sizes="192x192" />
+<link rel="icon"
+      type="image/png"
+      href="{% static 'favicon-16x16.png' %}"
+      sizes="16x16" />
+<link rel="icon"
+      type="image/png"
+      href="{% static 'favicon-32x32.png' %}"
+      sizes="32x32" />
+<link rel="icon"
+      type="image/png"
+      href="{% static 'android-chrome-192x192.png' %}"
+      sizes="192x192" />
 
 <!-- CSS -->
-<link href="{% sass_src 'bulma/bulma.scss' %}" rel="stylesheet" type="text/css" />
-<link href="{% static 'tabler-icons/tabler-icons.min.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% sass_src 'bulma/bulma.scss' %}"
+      rel="stylesheet"
+      type="text/css" />
+<link href="{% static 'tabler-icons/tabler-icons.min.css' %}"
+      rel="stylesheet"
+      type="text/css" />
 
 <!-- JS -->
 <script src="{% static 'js/dgsi.js' %}"></script>
-<script defer data-domain="profil.dgnum.eu" src="https://analytics.dgnum.eu/js/script.js"></script>
+<script defer src="{% static 'js/htmx.min.js' %}"></script>
+<script defer
+        data-domain="profil.dgnum.eu"
+        src="https://analytics.dgnum.eu/js/script.js"></script>
+{% django_htmx_script %}

From 5f7185d3c9008b816a637ed992ece153f5ba3567 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 17:42:38 +0100
Subject: [PATCH 131/172] feat(dgsi/profile): Switch to selectable inputs for
 useful informations

---
 src/dgsi/templates/dgsi/profile.html | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index e8d0132..5475b91 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -28,7 +28,10 @@
   <hr>
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'utilisateur :" %}</h3>
-  <span class="button is-fullwidth">{{ user.username }}</span>
+  <input data-select
+         class="button is-fullwidth"
+         value="{{ user.username }}"
+         readonly />
   <br>
 
   {% if user.kanidm %}
@@ -60,7 +63,10 @@
   {% endif %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Adresse e-mail :" %}</h3>
-  <span class="button is-fullwidth">{{ user.email }}</span>
+  <input data-select
+         class="button is-fullwidth"
+         value="{{ user.email }}"
+         readonly />
   <br>
 
   {% if user.kanidm %}
@@ -86,7 +92,10 @@
 
       {% if user.vlan_id %}
         <h3 class="has-text-weight-bold mb-3">{% trans "VLAN attribué :" %}</h3>
-        <span class="button is-fullwidth">{{ user.vlan_id }}</span>
+        <input data-select
+               class="button is-fullwidth"
+               value="{{ user.vlan_id }}"
+               readonly />
         <br>
       {% else %}
         <div class="notification is-warning is-light has-text-centered">

From 7e7d8e74ffb018de7134a591ac56da1ba53fb82a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 17:49:54 +0100
Subject: [PATCH 132/172] chore(dgsi/profile): Tweak the look of the password
 refresh button

---
 src/dgsi/templates/dgsi/profile.html | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 5475b91..61a05c1 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -40,8 +40,11 @@
       {% if user.kanidm.radius_secret %}
         {% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" as confirm_wifi_reset %}
         <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
-           class="tag is-warning is-light is-medium is-pulled-right"
-           onclick="return confirm('{{ confirm_wifi_reset }}')">{% trans "Réinitialiser le mot de passe WiFi" %}</a>
+           class="button is-small is-danger is-pulled-right"
+           onclick="return confirm('{{ confirm_wifi_reset }}')">
+          <span class="icon"><i class="ti ti-refresh"></i></span>
+          <span class="has-text-weight-normal">{% trans "Réinitialiser le mot de passe WiFi" %}</span>
+        </a>
       {% endif %}
     </h3>
 

From 3d320806afeeacb89dd8f8d7cc31b9d55d65ef55 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 18:20:56 +0100
Subject: [PATCH 133/172] chore(dgsi/profile): Simplify view

---
 src/dgsi/templates/dgsi/profile.html | 2 +-
 src/dgsi/views.py                    | 8 --------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 61a05c1..11d9c2f 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -23,7 +23,7 @@
 
 {% block content %}
   <h2 class="subtitle">
-    <span>{% blocktrans %}Profil de {{ displayname }}{% endblocktrans %}</span>
+    <span>{% blocktrans with first_name=user.first_name last_name=user.last_name %}Profil de {{ first_name }}&nbsp;{{ last_name }}{% endblocktrans %}</span>
   </h2>
   <hr>
 
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 73cc253..52df253 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -73,14 +73,6 @@ class IndexView(TemplateView):
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
-    def get_context_data(self, **kwargs):
-        u = User.from_request(self.request)
-
-        return super().get_context_data(
-            displayname=f"{u.first_name} {u.last_name}",
-            **kwargs,
-        )
-
 
 class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
     url = reverse_lazy("dgsi:dgn-profile")

From 9b0ea5e6e8869be97f0750304da311f06d6a491d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 18:56:18 +0100
Subject: [PATCH 134/172] feat(dgsi/archives): Put all documents in the same
 list, and add colored icons

---
 src/dgsi/models.py                        |  7 ++
 src/dgsi/templates/dgsi/archive_list.html | 89 +++--------------------
 src/dgsi/views.py                         | 16 ++--
 3 files changed, 29 insertions(+), 83 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 2abe8b7..53aceae 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -39,6 +39,8 @@ class LegalDocument(models.Model):
     name = models.CharField(_("Nom du document"), max_length=255)
     file = models.FileField(_("Fichier PDF"))
 
+    icon = "script"
+
     @classmethod
     def latest(cls, **kwargs) -> Self | None:
         return cls.objects.filter(**kwargs).latest()
@@ -56,6 +58,7 @@ class Statutes(LegalDocument):
     """
 
     kind = "statutes"
+    color = "primary"
 
     class Meta:  # pyright: ignore
         get_latest_by = "date"
@@ -69,6 +72,7 @@ class Bylaws(LegalDocument):
     """
 
     kind = "bylaws"
+    color = "success"
 
     class Meta:  # pyright: ignore
         get_latest_by = "date"
@@ -89,6 +93,9 @@ class Archive(models.Model):
     name = models.CharField(_("Nom du document"), max_length=255)
     file = models.FileField(_("Fichier PDF"), storage=get_storage)
 
+    icon = "archive"
+    color = "warning"
+
     def __str__(self) -> str:
         return self.name
 
diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index 8a9249d..ef7841b 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -3,85 +3,18 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">
-    {% trans "Archives de la DGNum" %}
-    <a class="button is-small is-primary is-pulled-right"
-       data-toggle="off"
-       data-class="is-hidden"
-       data-target="#archives"
-       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
-       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
-      <span class="icon">
-        <i class="ti ti-x"></i>
+  <h2 class="subtitle">{% trans "Archives de la DGNum" %}</h2>
+  <hr>
+
+  {% for file in document_list %}
+    <a class="button bt-archive"
+       href="{% url "dgsi:dgn-protected-archive" file.pk %}">
+      <span class="tag is-{{ file.color }} is-pulled-left">
+        <span class="icon"><i class="ti ti-{{ file.icon }}"></i></span>
       </span>
+      <span class="ellipsis mx-2">{{ file }}</span>
+      <span class="tag is-pulled-right">{{ file.date }}</span>
     </a>
-  </h2>
-
-  <div id="archives">
-    {% for file in archive_list %}
-      <a class="button bt-archive"
-         href="{% url "dgsi:dgn-protected-archive" file.pk %}">
-        <span class="tag is-pulled-left">
-          <span class="icon"><i class="ti ti-archive"></i></span>
-        </span>
-        <span class="ellipsis mx-2">{{ file }}</span>
-        <span class="tag is-pulled-right">{{ file.date }}</span>
-      </a>
-    {% endfor %}
-    <hr>
-  </div>
-
-  <h2 class="subtitle">
-    {% trans "Statuts" %}
-    <a class="button is-small is-primary is-pulled-right"
-       data-toggle="off"
-       data-class="is-hidden"
-       data-target="#statutes"
-       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
-       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
-      <span class="icon">
-        <i class="ti ti-x"></i>
-      </span>
-    </a>
-  </h2>
-
-  <div id="statutes">
-    {% for document in statutes_list %}
-      <a class="button bt-archive" href="{{ document.file.url }}">
-        <span class="tag is-pulled-left">
-          <span class="icon"><i class="ti ti-script"></i></span>
-        </span>
-        <span class="ellipsis mx-2">{{ document }}</span>
-        <span class="tag is-pulled-right">{{ document.date }}</span>
-      </a>
-    {% endfor %}
-    <hr>
-  </div>
-
-  <h2 class="subtitle">
-    {% trans "Règlements Intérieurs" %}
-    <a class="button is-small is-primary is-pulled-right"
-       data-toggle="off"
-       data-class="is-hidden"
-       data-target="#bylaws"
-       data-on-html='<span class="icon"><i class="ti ti-chevron-down"></i></span>'
-       data-off-html='<span class="icon"><i class="ti ti-x"></i></span>'>
-      <span class="icon">
-        <i class="ti ti-x"></i>
-      </span>
-    </a>
-  </h2>
-
-  <div id="bylaws">
-    {% for document in bylaws_list %}
-      <a class="button bt-archive" href="{{ document.file.url }}">
-        <span class="tag is-pulled-left">
-          <span class="icon"><i class="ti ti-script"></i></span>
-        </span>
-        <span class="ellipsis mx-2">{{ document }}</span>
-        <span class="tag is-pulled-right">{{ document.date }}</span>
-      </a>
-    {% endfor %}
-  </div>
+  {% endfor %}
 
 {% endblock content %}
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 52df253..aa33b03 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -170,14 +170,20 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
         return super().form_valid(form)
 
 
-class ArchiveListView(LoginRequiredMixin, ListView):
-    model = Archive
-    ordering = ["-date"]
+class ArchiveListView(LoginRequiredMixin, TemplateView):
+    template_name = "dgsi/archive_list.html"
 
     def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         return super().get_context_data(
-            bylaws_list=Bylaws.objects.all(),
-            statutes_list=Statutes.objects.all(),
+            document_list=sorted(
+                [
+                    *Archive.objects.all(),
+                    *Bylaws.objects.all(),
+                    *Statutes.objects.all(),
+                ],
+                key=lambda obj: obj.date,
+                reverse=True,
+            ),
             **kwargs,
         )
 

From ef1943f7085f884c7d8a199b130991ca2efbb2e6 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 19:53:22 +0100
Subject: [PATCH 135/172] feat(dgsi): Add a button to go back

---
 src/dgsi/templates/_subtitle.html                  | 12 ++++++++++++
 src/dgsi/templates/dgsi/archive_list.html          |  3 +--
 src/dgsi/templates/dgsi/create_kanidm_account.html |  3 +--
 src/dgsi/templates/dgsi/create_self_account.html   |  3 +--
 src/dgsi/templates/dgsi/legal_documents.html       |  3 +--
 src/dgsi/templates/dgsi/mentions-legales.html      |  3 +--
 src/dgsi/templates/dgsi/profile.html               |  5 +----
 src/dgsi/templates/dgsi/service_list.html          |  3 +--
 src/dgsi/views.py                                  |  3 +++
 9 files changed, 22 insertions(+), 16 deletions(-)
 create mode 100644 src/dgsi/templates/_subtitle.html

diff --git a/src/dgsi/templates/_subtitle.html b/src/dgsi/templates/_subtitle.html
new file mode 100644
index 0000000..e69f188
--- /dev/null
+++ b/src/dgsi/templates/_subtitle.html
@@ -0,0 +1,12 @@
+{% load i18n %}
+
+<h2 class="subtitle">
+  {% trans subtitle %}
+  <a class="button is-small is-pulled-right is-primary" href="{% url backlink|default:'dgsi:dgn-index' %}">
+    <span class="icon">
+      <i class="ti ti-arrow-big-left-filled"></i>
+    </span>
+    <span>{% trans "Retour" %}</span>
+  </a>
+</h2>
+<hr>
diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index ef7841b..eee021c 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">{% trans "Archives de la DGNum" %}</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Archives de la DGNum" %}
 
   {% for file in document_list %}
     <a class="button bt-archive"
diff --git a/src/dgsi/templates/dgsi/create_kanidm_account.html b/src/dgsi/templates/dgsi/create_kanidm_account.html
index 178e2cf..aded3d4 100644
--- a/src/dgsi/templates/dgsi/create_kanidm_account.html
+++ b/src/dgsi/templates/dgsi/create_kanidm_account.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">{% trans "Création de compte Kanidm" %}</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Création de compte Kanidm" %}
 
   <form method="post">
     {% csrf_token %}
diff --git a/src/dgsi/templates/dgsi/create_self_account.html b/src/dgsi/templates/dgsi/create_self_account.html
index 7ebe3bd..3d2038b 100644
--- a/src/dgsi/templates/dgsi/create_self_account.html
+++ b/src/dgsi/templates/dgsi/create_self_account.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">{% trans "Création d'un compte DGNum" %}</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Création d'un compte DGNum" %}
 
   <form method="post">
     {% csrf_token %}
diff --git a/src/dgsi/templates/dgsi/legal_documents.html b/src/dgsi/templates/dgsi/legal_documents.html
index 36ec809..6149067 100644
--- a/src/dgsi/templates/dgsi/legal_documents.html
+++ b/src/dgsi/templates/dgsi/legal_documents.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">Documents Légaux</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Documents légaux" %}
 
   {% if user.kanidm is None %}
     {% if show_message %}
diff --git a/src/dgsi/templates/dgsi/mentions-legales.html b/src/dgsi/templates/dgsi/mentions-legales.html
index 8bc7695..60cc861 100644
--- a/src/dgsi/templates/dgsi/mentions-legales.html
+++ b/src/dgsi/templates/dgsi/mentions-legales.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">Mentions Légales</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Mentions Légales" %}
 
   <section class="section content">
     <p class="is-size-4">Éditeur</p>
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 11d9c2f..ac8adc4 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -22,10 +22,7 @@
 {% endblock extra_head %}
 
 {% block content %}
-  <h2 class="subtitle">
-    <span>{% blocktrans with first_name=user.first_name last_name=user.last_name %}Profil de {{ first_name }}&nbsp;{{ last_name }}{% endblocktrans %}</span>
-  </h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Profil personnel" %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'utilisateur :" %}</h3>
   <input data-select
diff --git a/src/dgsi/templates/dgsi/service_list.html b/src/dgsi/templates/dgsi/service_list.html
index 2c7b2bb..c4a6db0 100644
--- a/src/dgsi/templates/dgsi/service_list.html
+++ b/src/dgsi/templates/dgsi/service_list.html
@@ -3,8 +3,7 @@
 {% load i18n %}
 
 {% block content %}
-  <h2 class="subtitle">{% trans "Services accessibles via la DGNum" %}</h2>
-  <hr>
+  {% include "_subtitle.html" with subtitle="Services accessibles via la DGNum" %}
 
   <div class="buttons bt-links">
     {% for service in service_list %}
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index aa33b03..2a2738a 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -169,6 +169,9 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
 
         return super().form_valid(form)
 
+    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+        return super().get_context_data(backlink="dgsi:dgn-profile", **kwargs)
+
 
 class ArchiveListView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/archive_list.html"

From a9a7ecfa3eb6d4602a425b2e3d82d1a2a5520441 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 19:54:03 +0100
Subject: [PATCH 136/172] feat(dgsi/profile): Improve eye-visual and add Name
 info

---
 src/dgsi/templates/dgsi/profile.html | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index ac8adc4..a45af82 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -53,7 +53,7 @@
                value="{{ user.kanidm.radius_secret }}"
                type="password"
                readonly />
-        <a id="secret-toggle" class="button is-size-4"><span class="icon"><i class="ti ti-eye"></i></span></a>
+        <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
       </div>
       <br>
     {% else %}
@@ -62,6 +62,13 @@
     {% endif %}
   {% endif %}
 
+  <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'usage :" %}</h3>
+  <input data-select
+         class="button is-fullwidth"
+         value="{{ user.first_name }}&nbsp;{{ user.last_name|upper }}"
+         readonly />
+  <br>
+
   <h3 class="has-text-weight-bold mb-3">{% trans "Adresse e-mail :" %}</h3>
   <input data-select
          class="button is-fullwidth"

From adfd7b27a8bcd3738a72fdab37bb70c0efafc71b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 21:26:01 +0100
Subject: [PATCH 137/172] feat(dgsi/profile): Add Apple configuration

---
 src/dgsi/templates/dgnum_profile.mobileconfig | 83 +++++++++++++++++++
 src/dgsi/templates/dgsi/profile.html          | 10 ++-
 src/dgsi/urls.py                              |  6 ++
 src/dgsi/views.py                             | 40 +++++++++
 4 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 src/dgsi/templates/dgnum_profile.mobileconfig

diff --git a/src/dgsi/templates/dgnum_profile.mobileconfig b/src/dgsi/templates/dgnum_profile.mobileconfig
new file mode 100644
index 0000000..f5da903
--- /dev/null
+++ b/src/dgsi/templates/dgnum_profile.mobileconfig
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>ConsentText</key>
+	<dict>
+		<key>default</key>
+		<string>Souhaitez-vous configurer votre appareil pour utiliser le Wi-Fi DGNum ?</string>
+		<key>en</key>
+		<string>Dou you want to configure your device to use the DGNum Wi-Fi ?</string>
+	</dict>
+	<key>PayloadUUID</key>
+	<string>304283f2-b4df-4f54-9fd9-9c8e1fdc778f</string>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>AutoJoin</key>
+			<true/>
+			<key>CaptiveBypass</key>
+			<true/>
+			<key>EAPClientConfiguration</key>
+			<dict>
+				<key>AcceptEAPTypes</key>
+				<array>
+					<integer>25</integer>
+				</array>
+				<key>OuterIdentity</key>
+				<string>anonymous</string>
+				<key>TLSMaximumVersion</key>
+				<string>1.3</string>
+				<key>TLSMinimumVersion</key>
+				<string>1.2</string>
+				<key>TLSTrustedServerNames</key>
+				<array>
+					<string>radius.dgnum.eu</string>
+				</array>
+				<key>UserName</key>
+					<string>{{ user.username }}</string>
+				<key>UserPassword</key>
+					<string>{{ user.kanidm.radius_secret }}</string>
+				<key>TTLSInnerAuthentication</key>
+				<string>MSCHAPv2</string>
+			</dict>
+			<key>PayloadUUID</key>
+			<string>a9a6e20c-1d9e-497a-b10c-f93a62e3e7df</string>
+			<key>EncryptionType</key>
+			<string>WPA2</string>
+			<key>HIDDEN_NETWORK</key>
+			<false/>
+			<key>IsHotspot</key>
+			<false/>
+			<key>PayloadDescription</key>
+			<string>DGNum Wi-Fi configuration</string>
+			<key>PayloadDisplayName</key>
+			<string>Wi-Fi</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.wifi.managed.a9a6e20c-1d9e-497a-b10c-f93a62e3e7df</string>
+			<key>PayloadType</key>
+			<string>com.apple.wifi.managed</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProxyType</key>
+			<string>None</string>
+			<key>SSID_STR</key>
+			<string>{{ dgnum_ssid }}</string>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>DGNum Wi-Fi configuration</string>
+	<key>PayloadDisplayName</key>
+	<string>Wi-Fi DGNum</string>
+	<key>PayloadIdentifier</key>
+	<string>dgnum-radius.304283f2-b4df-4f54-9fd9-9c8e1fdc778f</string>
+	<key>PayloadOrganization</key>
+	<string>Délégation Générale Numérique</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index a45af82..0e05c82 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -55,7 +55,6 @@
                readonly />
         <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
       </div>
-      <br>
     {% else %}
       <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
          class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
@@ -76,6 +75,15 @@
          readonly />
   <br>
 
+  {% if user.kanidm and user.kanidm.radius_secret %}
+  <div class="buttons">
+    <a href="{% url "dgsi:dgn-apple_profile" %}" class="button is-light">
+      <span class="icon"><i class="ti ti-brand-apple-filled"></i></span>
+      <span>{% trans "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS" %}</span>
+    </a>
+  </div>
+  {% endif %}
+
   {% if user.kanidm %}
     <h2 class="subtitle mt-4">
       {% trans "Informations techniques" %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index d2392f4..a0616ab 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -33,6 +33,11 @@ urlpatterns = [
     ),
     # Account views
     path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path(
+        "accounts/profile/apple-config/",
+        views.AppleProfileView.as_view(),
+        name="dgn-apple_profile",
+    ),
     path(
         "accounts/generate-wifi-password/",
         views.GenerateWiFiPasswordView.as_view(),
@@ -48,6 +53,7 @@ urlpatterns = [
         views.CreateKanidmAccountView.as_view(),
         name="dgn-create_kanidm_user",
     ),
+    path("accounts/list/", views.UserListView.as_view(), name="dgn-user_list"),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 2a2738a..3a25013 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -74,6 +74,46 @@ class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
 
+class AppleProfileView(AccessMixin, TemplateView):
+    content_type = "application/x-apple-aspen-config"
+    template_name = "dgnum_profile.mobileconfig"
+    extra_context = {"dgnum_ssid": "DGNum 2G (N)"}
+
+    def dispatch(
+        self, request: HttpRequest, *args: Any, **kwargs: Any
+    ) -> HttpResponseBase:
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        u = User.from_request(request)
+
+        # Check that the user does not already exist
+        if u.kanidm is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez créer un compte DGNum.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-create_self_account"))
+
+        if u.kanidm.radius_secret is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez générer un mot de passe Wi-Fi.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+
+        return super().dispatch(request, *args, **kwargs)
+
+    def render_to_response(
+        self, context: dict[str, Any], **response_kwargs: Any
+    ) -> HttpResponse:
+        headers = response_kwargs.pop("headers", {})
+        headers["Content-Disposition"] = "attachment; filename=wifi_dgnum.mobileconfig"
+        return super().render_to_response(context, headers=headers, **response_kwargs)
+
+
 class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
     url = reverse_lazy("dgsi:dgn-profile")
 

From aad898467866f3d443016d7c05932c3f98a70c0c Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 21:26:32 +0100
Subject: [PATCH 138/172] chore(dgsi/view): Random improvements

---
 src/dgsi/views.py | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 3a25013..7950dba 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -59,15 +59,12 @@ ADMIN_LINKS: list[Link] = [
 
 class IndexView(TemplateView):
     template_name = "dgsi/index.html"
-
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
-        return super().get_context_data(
-            links={
-                "authenticated": AUTHENTICATED_LINKS,
-                "admin": ADMIN_LINKS,
-            },
-            **kwargs,
-        )
+    extra_context = {
+        "links": {
+            "authenticated": AUTHENTICATED_LINKS,
+            "admin": ADMIN_LINKS,
+        }
+    }
 
 
 class ProfileView(LoginRequiredMixin, TemplateView):
@@ -125,10 +122,14 @@ class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
         else:
             # Give access to the wifi network when the user creates its first password
             if not user.kanidm.radius_secret:
+                message = _("Mot de passe Wi-Fi généré avec succès.")
                 async_to_sync(klient.group_add_members)(
                     "radius_access", [user.username]
                 )
+            else:
+                message = _("Mot de passe Wi-Fi reinitialisé avec succès.")
             async_to_sync(klient.call_post)(f"/v1/person/{user.username}/_radius")
+            messages.add_message(request, messages.SUCCESS, message)
 
         return super().get(request, *args, **kwargs)
 
@@ -140,6 +141,7 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
     form_class = CreateSelfAccountForm
     success_message = _("Compte DGNum créé avec succès")
     success_url = reverse_lazy("dgsi:dgn-profile")
+    extra_context = {"backlink": "dgsi:dgn-profile"}
 
     def dispatch(
         self, request: HttpRequest, *args: Any, **kwargs: Any
@@ -209,9 +211,6 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
 
         return super().form_valid(form)
 
-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
-        return super().get_context_data(backlink="dgsi:dgn-profile", **kwargs)
-
 
 class ArchiveListView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/archive_list.html"

From 7d6379276a820399544ed24edcc0b0a34feba97d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 21:48:20 +0100
Subject: [PATCH 139/172] feat(locale): Update translations

---
 src/dgsi/templates/dgsi/archive_list.html     |   3 +-
 .../templates/dgsi/create_kanidm_account.html |   3 +-
 .../templates/dgsi/create_self_account.html   |   3 +-
 src/dgsi/templates/dgsi/legal_documents.html  |   3 +-
 src/dgsi/templates/dgsi/profile.html          |   3 +-
 src/dgsi/templates/dgsi/service_list.html     |   3 +-
 src/shared/locale/en/LC_MESSAGES/django.mo    | Bin 7610 -> 9093 bytes
 src/shared/locale/en/LC_MESSAGES/django.po    | 164 ++++++++----------
 8 files changed, 88 insertions(+), 94 deletions(-)

diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index eee021c..8ece760 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -3,7 +3,8 @@
 {% load i18n %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Archives de la DGNum" %}
+  {% trans "Archives de la DGNum" as subtitle %}
+  {% include "_subtitle.html" %}
 
   {% for file in document_list %}
     <a class="button bt-archive"
diff --git a/src/dgsi/templates/dgsi/create_kanidm_account.html b/src/dgsi/templates/dgsi/create_kanidm_account.html
index aded3d4..4b68428 100644
--- a/src/dgsi/templates/dgsi/create_kanidm_account.html
+++ b/src/dgsi/templates/dgsi/create_kanidm_account.html
@@ -3,7 +3,8 @@
 {% load i18n %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Création de compte Kanidm" %}
+  {% trans "Création de compte Kanidm" as subtitle %}
+  {% include "_subtitle.html" %}
 
   <form method="post">
     {% csrf_token %}
diff --git a/src/dgsi/templates/dgsi/create_self_account.html b/src/dgsi/templates/dgsi/create_self_account.html
index 3d2038b..4ea6885 100644
--- a/src/dgsi/templates/dgsi/create_self_account.html
+++ b/src/dgsi/templates/dgsi/create_self_account.html
@@ -3,7 +3,8 @@
 {% load i18n %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Création d'un compte DGNum" %}
+  {% trans "Création d'un compte DGNum" as subtitle %}
+  {% include "_subtitle.html" %}
 
   <form method="post">
     {% csrf_token %}
diff --git a/src/dgsi/templates/dgsi/legal_documents.html b/src/dgsi/templates/dgsi/legal_documents.html
index 6149067..b9abc97 100644
--- a/src/dgsi/templates/dgsi/legal_documents.html
+++ b/src/dgsi/templates/dgsi/legal_documents.html
@@ -3,7 +3,8 @@
 {% load i18n %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Documents légaux" %}
+  {% trans "Documents légaux" as subtitle %}
+  {% include "_subtitle.html" %}
 
   {% if user.kanidm is None %}
     {% if show_message %}
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index 0e05c82..a34d377 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -22,7 +22,8 @@
 {% endblock extra_head %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Profil personnel" %}
+  {% trans "Profil personnel" as subtitle %}
+  {% include "_subtitle.html" %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'utilisateur :" %}</h3>
   <input data-select
diff --git a/src/dgsi/templates/dgsi/service_list.html b/src/dgsi/templates/dgsi/service_list.html
index c4a6db0..5dfe92b 100644
--- a/src/dgsi/templates/dgsi/service_list.html
+++ b/src/dgsi/templates/dgsi/service_list.html
@@ -3,7 +3,8 @@
 {% load i18n %}
 
 {% block content %}
-  {% include "_subtitle.html" with subtitle="Services accessibles via la DGNum" %}
+  {% trans "Services accessibles via la DGNum" as subtitle %}
+  {% include "_subtitle.html" %}
 
   <div class="buttons bt-links">
     {% for service in service_list %}
diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index ab77488a0fc85dcd87736015bfae60fa1a298de7..292fbef32acc1516a29e3a37ae2037aa6ef20bcb 100644
GIT binary patch
delta 3419
zcmZXV3v3kE6^5^|!5Cwp#(*7yb8&)cco@txm`8E#Vj#u_Y#<HLWV}1O9<rWscXoNC
zMGmSeHIJqdqpA^+QX*Q3O_NrYn<y$uRco6{eM%8+s#H~4BHE^{)K=+Rk*a?G?ks`y
zO8<WM&Yn5<oO93J{r1++_D#IiSo1~0NTJ(Nf3-1>!cWiOgK=>t&){=#Is7wR3m4WI
z(*gV7Qg{+J!KWc6=0&&=z6=}TPv9K*8#oXC1!6a0%q(N(^Pmpa!X;1+mO(k}fQqFD
z-U;`{^r0M|hZcSnHpB134e-~HJxo)5*-tB6!g@W_^8;{^_CLx*FNSb2d;;DEFGFQe
zgp1%Wp(1}5POmbidbTm$tm_)emAMzTvksx&zW|lkOK>jy0sIhr6DqMkY0dtny5P$+
zQXhPqJ7TVc3TSh@9)fc80BnT;l*1?E?=QlQtY3f&;M-6e{TnKQ23}TR%b<lj;e;GG
zO!mMKDv(#9O7%lX70o+v1^gTAfUT54neBsjKnE)DbC9IW=b`*Q17-Ij<W(~T70ByQ
zmHop!>c5nUtnUVGknc=C)R`ZL$|MQ(;=@oqa2_g<m!Ta07Rt{*pn75vACJKmP(Ae$
zybHbxx5KyLL1^bwe>n~blPa0Vp#r!7ufngv6L5k$Zi9b>2jFs|ItI_c4e$-P3)Yj?
z(JGw7BdouU^JQ=b4W`?(3Vs+4Lt-^&Cz!B@`2tkeUy9c+K$YmbP=WmdD%0P=8u-un
z`}d$K)!0&gzXhsdZBTaiKvirzRD~T#^5${a1}C0nqNbRF8{x0ublAv4Mc52gx)o3X
z4nm#reNcg=paRW9Rq}~={grrq1<L*^d;?yCJK!sHHkFt#|6(EsmR}!|F`J=|U_VsG
zPRvh21#~W6M^Kqxf(q<;sEj9}GJGX|{v#+qKZE3Eu0vJ)zoqXv|3+F}&9fNlx@?Ea
z<RDaFC!hj52Q9n+72p+kFZ?l7hRxhb-G+9kTeAzc!vj#IJ`Gi|XCOr|&%=85H?J|#
zwR;^ZleeH8{2t2jyO3Z@-c^Am?4khIKuT!(paL3)>h^O`m3cJgQ&9F_g6e^9K-s+s
zCzSa$CUQ`1jrk00f(qnm$XDh$xCKtZKKLF~Ks~&y03U?P%!ilZSvUyWNqZGM33tLv
za2LD|F)=Ie<Zov)lYO*k71U7ox@Z8&sWLo()WsS{&~dZ_twuTm1z8!oX2Ylh?M2(s
ztY~Wb{H1DdjS-~$@7IEH3~fcbWi_GennJxuu_<vSt81>I%TO8m(Nsbjb?D=02I@xY
z!D(nGQv2vqIY>X0O1>It96~CVe(4|3g=k^2A8D*dI&zH_=qOsF#Z5!atkI7sY-z0J
zvkTpW+DlK2*#vc}+fWapZA+*5Ak<Lr59tq4M@Gw)j`kC<GSsvhA3>c+x9vWpu@bFA
z38WrNB3+)3BDI#rK6DtV7j+{oI*2sX{~yyNdTqv`VK?t(GVa4Rku4V7tj+s25sZ!J
zT-)0>kRR*Vwq|69**3D{aK$cNEcnGjwrn~U<ZRNl<4zd5_K3H7msffrT2OnXHkI-c
zqi#0(Y3;(5nM{y(v!*+n81+uN;f;x2&N$_*Ophb`^E2Dq+)50NO%@9$iWe2u;r{Lc
z%SJ)MD;6g2nmJw_9j~vmnPMUB<WHO4Vj&UuzI)mWd@Vw!ylM31`b~4(Fvnw?%$K}G
zSL+{X_57Th^<CR#_V}qFJLbqDv{WH<oqTk3_Qp=PyyvIRTHdcj;^cB!ZzNwVbeMiG
zq)tgUjKdA1Cucvkmm=7>NX3G6PPz#j<`aqH<*>u-`@eeGtn2w+&T}$e_(Ah%PQ&iz
z&`B%Efndxgm*;aHc23UCXQP3J-nr$P+=wW8tYLWGxSI`Ch>SVt=7M~7@~;gORojP)
z1uB&ob+T!WF2k8+gOrykA6oeU>^Roe8ys3?z5PydaLBqjJLV(?ha!LOp-nfJ-#Ym?
zXLD-^A6VM1$*H;jnKo<P>b0GAU1!&Z^^@OgJXW=Lf5vs_m_*hk7aKQ#brOjn@8@px
zTx^wgeK%XSJK|AXb=#>Rn=H55?M;_zhDL)^(RZ3!YQoS<N7rhbqIa4aYIb``H~M?i
zvb%>zy|CikIvF-ip0T42&wMqMm-gLc>8K~07tE?|b<<A9CWAzN%=L4j=?~IDK4*G~
zSf<hP=C*R(#~h!tkx{g}`TkXVN)5%UZ0qN|l;>tSHaAD84|#stdN;LM^sVO3&f(Gb
z8%zPlfmI?Z_m>S)mC(cJdh_S{)LxYe*h*=Vr51C;FqO|_&UBd4Reawp>xLYqy6}cc
z<h5*W8gRy3;<EYB?J|c#?t?QHJ=?N%P9=s?RXU=dxAZJ3brso_`^GhWfgN!Y4^4L7
zwxw!IZ*a=b1WwZC$f@+h5jR$BZMk8$bQa5UXL*bFY^mJr@<HT+l9#v{O!v(PbnB{X
K@|%n6ru`3>xNQUg

delta 2022
zcmZwHSxj729LMo9>`W`eQlL|TxonnJsLlv2TMLwytti!KTT&7wFf@ZOgDg=J?HCME
z+oYNtZDN9v7~_&s8$0fanrLcj(!>WF)CcjwT3@ursPVxE{r-l_i}7Us_jB%<d(Zu!
z<=(~a4_o4E`DxD^%3-2}SV}SGLDkbaP%dW}(~n=^E-cD4rW_CA7CeDj_$U_PBIe@~
z=HLa)#gDN7zeHXC19E@d{7j{i1`n;eu^Jt0#H~1p^*D{$_!{cLZ(%8Z?zUgUV$N@%
z?#tlfn=ydfumzRi5!7{)n9K9cB9(NHF=w%ZKbE}4Y{xac1v56ScTk5KK@a+H2=j0P
zmC#Atj28KsWe!SU#XY}_Wt?9{-S@lNdA>>Kt_I9Qb<~Z@a0r$8EcW6v$j^MsK_kD8
z<Y>}vT2IV}0nRItzD=jwK7dMi1l8{hY6(wcd<T{DRQ&ig7UFNH3o}_jElmKm_MNDX
zrcoU%pqA_vJcaKet7-OgQ5E*#Js88U@KYSevuub~^yD%BcT?HNd<@~UsI~qDyRd@Z
zkFzupJj(ec=D!9@nI<kVU8p5FhAg|8aL?yZYyC8mlUYWdZ7#U&pP;T^-NO89#NX4P
zk^YGqk)Os2tVJ!s05;$_>cv<_CGaY0r0=6T{0^Bsa~<{IKTwIJa?p%!L!F1*^WHcW
z-7t)+7{h(o#nl?=BGP2uMD6NJsMl!?HKJc#|3M|><09TvQ;um^gBnmBD#3QtQum@}
zE<WP^@i1ylA4lErGU~zaAU|`3!y)_;m2i+=wAtEFoA7?rh{sVgHjmnb&$<6EqwYJ0
z`p$fS<QzAvR5a2Xs2htpXaphGCgeiXj@qopP@8N4mGCLljI7`j_z`NP9lU!=un)U&
z9AC$aIDp5=qE_$!IV$Zme1qC_e%>v0`~dF31!NB<3ppmg32mt9R?#wO?`)J-D#^`@
zY^UUYQGZRuokS<0au<=o^OMt|5$-26MRmj-#71$bXyhcG9GSiW*@Q;L{z{geuK$OY
z=XOHN+D_=((L<=j4|3Q`Xl*-)!-O`VN+Z!s)DoJ?jk2AJ)>hNLi_k{W9#QFAC%G36
zP}e5BmC%<@Z;F;$`%0x>lh8m#>(Q$g3d?6wh}}A&1c}=SEk!C(P1F<G0~;meR$A-}
zS%daa_PhC!(XbPqbq>Tv<|f0@*+?vEtGwm5-&>im-e~Hk&)yh`MWf+I^vBMe-F7PH
zWY%0X^3Yt^X||hv4R+Rd#t!8++P8CCZDwA70sU3ij7DarCWhyu!;|41Gsfl?7AEHN
zA|C4$+?!Y__$$R5tPAaNLc!)xQ{sHlkjEa~`ch#}cw)*Kj*dE`ZZgB9V~hRecCWuG
zaoV4qnjSk5o13*4ODgQOlEM7@*7INpBt8}iPdD30Y0zFNebT;IR&ReQYqFt0n}0es
b7MTb;v9bRqmUt@A<gtG{J&DK4vr_&A6+q+3

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 4a7e766..7df508e 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-01-28 21:35+0100\n"
-"PO-Revision-Date: 2025-01-27 21:29+0100\n"
+"POT-Creation-Date: 2025-02-01 21:40+0100\n"
+"PO-Revision-Date: 2025-02-01 21:43+0100\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -18,35 +18,30 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1)\n"
 "X-Generator: Gtranslator 47.1\n"
 
-#: app/settings.py:332
 msgid "Administration de DGSI"
 msgstr "DGSI Administration"
 
-#: dgsi/admin.py:51
+msgid "Informations réseau"
+msgstr "Networking informations"
+
 msgid "Documents DGNum"
 msgstr "DGNum Documents"
 
-#: dgsi/forms.py:16
 msgid "Identifiant déjà présent dans la base de données."
 msgstr "Username already in the database."
 
-#: dgsi/forms.py:22
 msgid "Identifiant"
 msgstr "Username"
 
-#: dgsi/forms.py:23
 msgid "De préférence identique au login ENS de la personne concernée."
 msgstr "Preferably identical to the ENS login of the person concerned."
 
-#: dgsi/forms.py:26 dgsi/forms.py:47
 msgid "Nom d'usage"
 msgstr "Name in use"
 
-#: dgsi/forms.py:28 dgsi/forms.py:49
 msgid "Adresse e-mail"
 msgstr "E-mail address"
 
-#: dgsi/forms.py:30
 msgid ""
 "De préférence :<br>- l'adresse <code>@ens.psl.eu</code> pour les personnes "
 "en scolarité ;<br>- l'adresse <code>@normalesup.org</code> pour les "
@@ -57,11 +52,9 @@ msgstr ""
 "<code>@normalesup.org</code> address for people having finished their "
 "studies;<br><b>For outsiders, the board must give its approval.</b>"
 
-#: dgsi/forms.py:37
 msgid "Membre actif"
 msgstr "Active member"
 
-#: dgsi/forms.py:39
 msgid ""
 "Si selectionné, la personne sera ajoutée au groupe <code>dgnum_members</"
 "code>.<br><b>L'accord préalable du bureau est nécessaire !</b>"
@@ -69,100 +62,90 @@ msgstr ""
 "If selected, the person will be added to the <code>dgnum_members</code> "
 "group.<br><b>Prior approval from the board is required!</b>"
 
-#: dgsi/forms.py:50
 msgid "De préférence l'adresse '@ens.psl.eu'"
 msgstr "Preferably the ‘@ens.psl.eu’ address"
 
-#: dgsi/models.py:24
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
-#: dgsi/models.py:25
 msgid "Adresse du service"
 msgstr "Address of the service"
 
-#: dgsi/models.py:26
 msgid "Icône du service"
 msgstr "Icon of the service"
 
-#: dgsi/models.py:36 dgsi/models.py:82
 msgid "Date du document"
 msgstr "Document date"
 
-#: dgsi/models.py:37 dgsi/models.py:83
 msgid "Nom du document"
 msgstr "Document name"
 
-#: dgsi/models.py:38 dgsi/models.py:84
 msgid "Fichier PDF"
 msgstr "PDF file"
 
-#: dgsi/models.py:60 dgsi/models.py:61 dgsi/templates/dgsi/archive_list.html:21
-#: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Statuts"
 msgstr "Statutes"
 
-#: dgsi/models.py:73 dgsi/templates/dgsi/legal_documents.html:30
 msgid "Règlement Intérieur"
 msgstr "Bylaws"
 
-#: dgsi/models.py:74 dgsi/templates/dgsi/archive_list.html:34
 msgid "Règlements Intérieurs"
 msgstr "Bylaws"
 
-#: dgsi/models.py:90
 msgid "Document d'archives"
 msgstr "Archive document"
 
-#: dgsi/models.py:91
 msgid "Documents d'archives"
 msgstr "Archive documents"
 
-#: dgsi/models.py:133
 msgid "Correspondance de login"
 msgstr "Login mapping"
 
-#: dgsi/models.py:134
 msgid "Correspondances de login"
 msgstr "Login mappings"
 
-#: dgsi/models.py:165
 msgid "Derniers Statuts acceptés"
 msgstr "Latest accepted Statutes"
 
-#: dgsi/models.py:172
 msgid "Dernier Règlement Intérieur accepté"
 msgstr "Latest accepted Bylaws"
 
-#: dgsi/templates/_legal_document.html:9
+msgid "VLAN associé au compte"
+msgstr "VLAN assigned to the account"
+
+msgid "Ce compte a déjà un VLAN associé"
+msgstr "This account already has an assigned VLAN"
+
+msgid "Le VLAN {} est déjà attribué."
+msgstr "The VLAN {} is already assigned."
+
 msgid ""
 " En acceptant, vous assurez avoir lu ce document et en approuver le contenu."
 msgstr ""
 " By accepting, you confirm that you have read this document and agree with "
 "its content."
 
-#: dgsi/templates/_legal_document.html:15
 msgid "Accepté"
 msgstr "Accepted"
 
-#: dgsi/templates/dgsi/archive_list.html:6
+msgid "Retour"
+msgstr "Go back"
+
 msgid "Archives de la DGNum"
 msgstr "Archives of the DGNum"
 
-#: dgsi/templates/dgsi/create_kanidm_account.html:6
 msgid "Création de compte Kanidm"
 msgstr "Kanidm account creation"
 
-#: dgsi/templates/dgsi/create_kanidm_account.html:15
-#: dgsi/templates/dgsi/create_self_account.html:15
 msgid "Enregistrer"
 msgstr "Save"
 
-#: dgsi/templates/dgsi/create_self_account.html:6
 msgid "Création d'un compte DGNum"
 msgstr "DGNum account creation"
 
-#: dgsi/templates/dgsi/legal_documents.html:12
+msgid "Documents légaux"
+msgstr "Legal documents"
+
 msgid ""
 "Vous devez accepter les Statuts et le Règlement Intérieur de la DGNum avant "
 "de pouvoir créer un compte."
@@ -170,174 +153,180 @@ msgstr ""
 "You must accept the DGNum Statutes and Bylaws before you can create an "
 "account."
 
-#: dgsi/templates/dgsi/legal_documents.html:16
 msgid ""
 "Vous n'avez pas encore de compte DGNum, mais vous pouvez désormais en créer "
 "un."
 msgstr "You do not yet have a DGNum account, but you can now create one."
 
-#: dgsi/templates/dgsi/legal_documents.html:19
 msgid "Poursuivre la création d'un compte DGNum"
 msgstr "Continue the creation of a DGNum account"
 
-#: dgsi/templates/dgsi/legal_documents.html:26
 msgid "Accepter les statuts"
 msgstr "Accept the statutes"
 
-#: dgsi/templates/dgsi/legal_documents.html:30
 msgid "Accepter le règlement intérieur"
 msgstr "Accept the bylaws"
 
-#: dgsi/templates/dgsi/profile.html:7
-#, python-format
-msgid "Profil de %(displayname)s"
-msgstr "Profile of %(displayname)s"
+msgid "Profil personnel"
+msgstr "Personal profile"
 
-#: dgsi/templates/dgsi/profile.html:11
 msgid "Nom d'utilisateur :"
 msgstr "Username :"
 
-#: dgsi/templates/dgsi/profile.html:18
 msgid "Mot de passe WiFi :"
 msgstr "WiFi password:"
 
-#: dgsi/templates/dgsi/profile.html:20
 msgid "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?"
 msgstr "Are you sure that you want to reset your WiFi password?"
 
-#: dgsi/templates/dgsi/profile.html:23
 msgid "Réinitialiser le mot de passe WiFi"
 msgstr "Reset the WiFi password"
 
-#: dgsi/templates/dgsi/profile.html:36
 msgid "Générer un mot de passe WiFi"
 msgstr "Generate a WiFi password:"
 
-#: dgsi/templates/dgsi/profile.html:40
+msgid "Nom d'usage :"
+msgstr "Name in use:"
+
 msgid "Adresse e-mail :"
 msgstr "E-mail address:"
 
-#: dgsi/templates/dgsi/profile.html:45
+msgid "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS"
+msgstr "Download the DGNum Wi-Fi profile for iOS, iPadOS or macOS"
+
 msgid "Informations techniques"
 msgstr "Technical informations"
 
-#: dgsi/templates/dgsi/profile.html:48
-msgid "Identifiant unique :"
-msgstr "Unique identifier:"
+msgid "Afficher"
+msgstr "Show"
+
+msgid "Cacher"
+msgstr "Hide"
+
+msgid "Identifiant interne :"
+msgstr "Internal identifier:"
+
+msgid "VLAN attribué :"
+msgstr "Assigned VLAN:"
+
+msgid "Pas de VLAN attribué."
+msgstr "No assigned VLAN."
 
-#: dgsi/templates/dgsi/profile.html:57
 msgid "Membre des groupes suivants :"
 msgstr "Member of the following groups:"
 
-#: dgsi/templates/dgsi/profile.html:68
 msgid "Pas de compte DGNum répertorié."
 msgstr "No DGNum account found."
 
-#: dgsi/templates/dgsi/profile.html:71
 msgid "Créer un compte DGNum"
 msgstr "Create a DGNum account"
 
-#: dgsi/templates/dgsi/service_list.html:6
 msgid "Services accessibles via la DGNum"
 msgstr "Services accessible via the DGNum"
 
-#: dgsi/views.py:34
+msgid "Nom d'utilisateur"
+msgstr "Username"
+
+msgid "VLAN attribué"
+msgstr "Assigned VLAN"
+
+msgid "Gestion du VLAN"
+msgstr "VLAN management"
+
+msgid "Désallouer"
+msgstr "Deassign"
+
+msgid "Allouer"
+msgstr "Assign"
+
 msgid "Mon profil"
 msgstr "My profile"
 
-#: dgsi/views.py:38
 msgid "Aide et Documention"
 msgstr "Help and documentation"
 
-#: dgsi/views.py:42
 msgid "Documents Légaux"
 msgstr "Legal Documents"
 
-#: dgsi/views.py:43
 msgid "Services proposés"
 msgstr "Services offered"
 
-#: dgsi/views.py:44
 msgid "Archives"
 msgstr "Archives"
 
-#: dgsi/views.py:51
 msgid "Créer un compte Kanidm"
 msgstr "Create a Kanidm account"
 
-#: dgsi/views.py:55 shared/templates/_hero.html:76
+msgid "Liste des comptes"
+msgstr "List of accounts"
+
 msgid "Interface d'administration"
 msgstr "Administration interface"
 
-#: dgsi/views.py:92
+msgid "<b>Veuillez créer un compte DGNum.</b>"
+msgstr "<b>Please create a DGNum account.</b>"
+
+msgid "<b>Veuillez générer un mot de passe Wi-Fi.</b>"
+msgstr "<b>Please generate a WiFi password.</b>"
+
 msgid "Compte DGNum inexistant."
 msgstr "No existing DGNum account."
 
-#: dgsi/views.py:109
+msgid "Mot de passe Wi-Fi généré avec succès."
+msgstr "Wi-Fi password generated successfully."
+
+msgid "Mot de passe Wi-Fi reinitialisé avec succès."
+msgstr "Wi-Fi password reset successfully."
+
 msgid "Compte DGNum créé avec succès"
 msgstr "DGNum account successfully created"
 
-#: dgsi/views.py:125
 msgid "<b>Vous possédez déjà un compte DGNum !</b>"
 msgstr "<b>You already have a DGNum account!</b>"
 
-#: dgsi/views.py:137
 msgid "Vous devez accepter les Statuts et le Règlement Intérieur."
 msgstr "You must accept the Statutes and the Bylaws."
 
-#: dgsi/views.py:262
 #, python-format
 msgid "Type de document invalide : %(kind)s"
 msgstr "Invalid document type: %(kind)s"
 
-#: dgsi/views.py:292
 #, python-format
 msgid "Compte DGNum pour %(displayname)s [%(name)s] créé."
 msgstr "DGNum account for %(displayname)s [%(name)s] created."
 
-#: shared/account.py:41
 msgid "Catégorie de compte ENS interdite."
 msgstr "ENS account category not permitted."
 
-#: shared/account.py:58
 msgid "Méthode de connexion invalide."
 msgstr "Invalid connection method."
 
-#: shared/templates/_footer.html:4
 msgid ""
 "Logiciel développé pour et par la <a href=\"https://dgnum.eu\">DGNum</a>."
 msgstr ""
 "Software developed for and by the <a href=‘https://dgnum.eu’>DGNum</a>."
 
-#: shared/templates/_hero.html:21 shared/templates/account/logout.html:6
 msgid "Déconnexion"
 msgstr "Logout"
 
-#: shared/templates/_hero.html:30 shared/templates/socialaccount/login.html:6
 msgid "Connexion"
 msgstr "Login"
 
-#: shared/templates/_hero.html:40
 msgid "Choix de la langue"
 msgstr "Language selection"
 
-#: shared/templates/account/login.html:7
 msgid "Connexion via un compte tiers"
 msgstr "Connection via a third-party account"
 
-#: shared/templates/account/logout.html:10
 msgid "Êtes vous certain·e de vouloir vous déconnecter ?"
 msgstr "Are you sure you want to log out?"
 
-#: shared/templates/account/logout.html:16
 msgid "Se déconnecter"
 msgstr "Log out"
 
-#: shared/templates/accounts/forbidden_category.html:6
 msgid "Connexion impossible"
 msgstr "Unable to connect"
 
-#: shared/templates/accounts/forbidden_category.html:10
 msgid ""
 "Vos informations ne permettent pas de vous identifier auprès de la DGNum."
 "<br>Si vous pensez qu'il s'agit une erreur, merci de nous contacter à "
@@ -347,29 +336,28 @@ msgstr ""
 "this is a mistake, please contact us at: <a href=\"mailto:contact@dgnum."
 "eu\">contact@dgnum.eu</a>"
 
-#: shared/templates/socialaccount/authentication_error.html:7
 msgid "Erreur lors de la connexion"
 msgstr "Error during login"
 
-#: shared/templates/socialaccount/authentication_error.html:11
 msgid ""
 "Une erreur est survenue lors de votre tentative de connexion avec un compte "
 "tiers."
 msgstr ""
 "An error has occurred while trying to login with a third-party account."
 
-#: shared/templates/socialaccount/login.html:11
 #, python-format
 msgid "Se connecter via un compte <b>%(provider)s</b>"
 msgstr "Log in with a <b>%(provider)s</b> account"
 
-#: shared/templates/socialaccount/login.html:16
 #, python-format
 msgid ""
 "Vous vous apprêtez à vous connecter à l'aide d'un compte tiers provenant de "
 "%(provider)s."
 msgstr "You are about to log in using a third-party account from %(provider)s."
 
-#: shared/templates/socialaccount/login.html:21
 msgid "Continuer"
 msgstr "Continue"
+
+#, python-format
+#~ msgid "Profil de %(displayname)s"
+#~ msgstr "Profile of %(displayname)s"

From 01be28a69c6764ca51213fa4723da60af8d18604 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 21:52:00 +0100
Subject: [PATCH 140/172] fix(dgsi/urls): Don't include future work

---
 src/dgsi/urls.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index a0616ab..9f45a80 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -53,7 +53,6 @@ urlpatterns = [
         views.CreateKanidmAccountView.as_view(),
         name="dgn-create_kanidm_user",
     ),
-    path("accounts/list/", views.UserListView.as_view(), name="dgn-user_list"),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),

From fe7bdf5a20f601ee81f1ef033e8acc1cd0baaac9 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Feb 2025 23:03:20 +0100
Subject: [PATCH 141/172] fix(dgsi/archives): Use the correct url for statutes
 and bylaws

---
 src/dgsi/templates/dgsi/archive_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index 8ece760..02cf566 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -8,7 +8,7 @@
 
   {% for file in document_list %}
     <a class="button bt-archive"
-       href="{% url "dgsi:dgn-protected-archive" file.pk %}">
+       {% if file.kind == "statutes" or file.kind == "bylaws" %} href="{{ file.file.url }}" {% else %} href="{% url "dgsi:dgn-protected-archive" file.pk %}" {% endif %}>
       <span class="tag is-{{ file.color }} is-pulled-left">
         <span class="icon"><i class="ti ti-{{ file.icon }}"></i></span>
       </span>

From e43e42afedfe5e119c3f9f45e50eec6666f7f3da Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 11:07:06 +0100
Subject: [PATCH 142/172] chore(dgsi/templates): Split out some partials

---
 .../dgsi/partials/profile-radius_secret.html  | 31 ++++++++++++++
 src/dgsi/templates/dgsi/profile.html          | 42 ++++---------------
 src/shared/templates/base.html                |  9 ++--
 .../templates/partials/notification.html      |  4 ++
 4 files changed, 46 insertions(+), 40 deletions(-)
 create mode 100644 src/dgsi/templates/dgsi/partials/profile-radius_secret.html
 create mode 100644 src/shared/templates/partials/notification.html

diff --git a/src/dgsi/templates/dgsi/partials/profile-radius_secret.html b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
new file mode 100644
index 0000000..fddee59
--- /dev/null
+++ b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
@@ -0,0 +1,31 @@
+{% load i18n %}
+
+{% if user.kanidm %}
+  <h3 class="has-text-weight-bold mb-3">
+    <span>{% trans "Mot de passe WiFi :" %}</span>
+    {% if user.kanidm.radius_secret %}
+      {% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" as confirm_wifi_reset %}
+      <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
+         class="button is-small is-danger is-pulled-right"
+         onclick="return confirm('{{ confirm_wifi_reset }}')">
+        <span class="icon"><i class="ti ti-refresh"></i></span>
+        <span class="has-text-weight-normal">{% trans "Réinitialiser le mot de passe WiFi" %}</span>
+      </a>
+    {% endif %}
+  </h3>
+
+  {% if user.kanidm.radius_secret %}
+    <div class="buttons has-addons is-flex">
+      <input id="radius-secret"
+             data-select
+             class="button is-primary is-size-4 is-flex-grow-2"
+             value="{{ user.kanidm.radius_secret }}"
+             type="password"
+             readonly />
+      <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
+    </div>
+  {% else %}
+    <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
+       class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
+  {% endif %}
+{% endif %}
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index a34d377..a48ae1b 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -32,35 +32,7 @@
          readonly />
   <br>
 
-  {% if user.kanidm %}
-    <h3 class="has-text-weight-bold mb-3">
-      <span>{% trans "Mot de passe WiFi :" %}</span>
-      {% if user.kanidm.radius_secret %}
-        {% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" as confirm_wifi_reset %}
-        <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
-           class="button is-small is-danger is-pulled-right"
-           onclick="return confirm('{{ confirm_wifi_reset }}')">
-          <span class="icon"><i class="ti ti-refresh"></i></span>
-          <span class="has-text-weight-normal">{% trans "Réinitialiser le mot de passe WiFi" %}</span>
-        </a>
-      {% endif %}
-    </h3>
-
-    {% if user.kanidm.radius_secret %}
-      <div class="buttons has-addons is-flex">
-        <input id="radius-secret"
-               data-select
-               class="button is-primary is-size-4 is-flex-grow-2"
-               value="{{ user.kanidm.radius_secret }}"
-               type="password"
-               readonly />
-        <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
-      </div>
-    {% else %}
-      <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
-         class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
-    {% endif %}
-  {% endif %}
+  {% include "dgsi/partials/profile-radius_secret.html" %}
 
   <h3 class="has-text-weight-bold mb-3">{% trans "Nom d'usage :" %}</h3>
   <input data-select
@@ -77,12 +49,12 @@
   <br>
 
   {% if user.kanidm and user.kanidm.radius_secret %}
-  <div class="buttons">
-    <a href="{% url "dgsi:dgn-apple_profile" %}" class="button is-light">
-      <span class="icon"><i class="ti ti-brand-apple-filled"></i></span>
-      <span>{% trans "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS" %}</span>
-    </a>
-  </div>
+    <div class="buttons">
+      <a href="{% url "dgsi:dgn-apple_profile" %}" class="button is-light">
+        <span class="icon"><i class="ti ti-brand-apple-filled"></i></span>
+        <span>{% trans "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS" %}</span>
+      </a>
+    </div>
   {% endif %}
 
   {% if user.kanidm %}
diff --git a/src/shared/templates/base.html b/src/shared/templates/base.html
index 005a7be..1d15088 100644
--- a/src/shared/templates/base.html
+++ b/src/shared/templates/base.html
@@ -5,6 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="keywords" content="dgnum,dgsi,ens" />
     <meta name="description" content="Système d'information de la DGNum" />
+    <meta name="htmx-config"
+          content='{"defaultSwapStyle":"outerHTML","requestClass":"is-loading"}' />
     <title>DGNum</title>
 
     {% block extra_head %}
@@ -13,16 +15,13 @@
     {% include "_links.html" %}
   </head>
 
-  <body>
+  <body hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'>
     {% include "_hero.html" %}
 
     <section class="container is-max-widescreen py-6 px-4">
       <div id="notifications">
         {% for message in messages %}
-          <article class="notification is-light has-text-centered {{ message.tags }}">
-            <button class="delete"></button>
-            {{ message|safe }}
-          </article>
+          {% include "partials/notification.html" %}
         {% endfor %}
       </div>
 
diff --git a/src/shared/templates/partials/notification.html b/src/shared/templates/partials/notification.html
new file mode 100644
index 0000000..0008bb2
--- /dev/null
+++ b/src/shared/templates/partials/notification.html
@@ -0,0 +1,4 @@
+<article class="notification is-light has-text-centered {{ message.tags }}">
+  <button class="delete"></button>
+  {{ message|safe }}
+</article>

From b1d80b383796f49531632580527ea2dfb0d80ef8 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 11:08:15 +0100
Subject: [PATCH 143/172] feat(dgsi): Add a list of accounts and allow managin
 the assigned VLAN

---
 src/dgsi/mixins.py                            | 23 ++++++++++++++
 src/dgsi/models.py                            |  4 +--
 .../dgsi/partials/user_list-user.html         | 19 ++++++++++++
 src/dgsi/templates/dgsi/user_list.html        | 25 ++++++++++++++++
 src/dgsi/urls.py                              | 15 ++++++++++
 src/dgsi/views.py                             | 25 +++++++++++++++-
 src/shared/static/js/dgsi.js                  | 30 ++++++++++++-------
 7 files changed, 127 insertions(+), 14 deletions(-)
 create mode 100644 src/dgsi/templates/dgsi/partials/user_list-user.html
 create mode 100644 src/dgsi/templates/dgsi/user_list.html

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index ea97851..63b796c 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -1,5 +1,7 @@
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.http import HttpRequest
+from django.views.generic.base import ContextMixin, TemplateResponseMixin
+from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.models import User
 
@@ -18,3 +20,24 @@ class StaffRequiredMixin(UserPassesTestMixin):
     def get_context_data(self, **kwargs):
         # NOTE: We are only allowed to do this if a class is supplied to the right when constructing the view
         return super().get_context_data(admin_view=True, **kwargs)  # pyright: ignore
+
+
+class HtmxPostMixin(TemplateResponseMixin, ContextMixin):
+    http_method_names = ["post"]
+
+    def execute_action(self, *args, **kwargs) -> None:
+        return None
+
+    def post(self, request, *args, **kwargs):
+        # Execute action
+        self.execute_action()
+
+        context = self.get_context_data(**kwargs)
+        return self.render_to_response(context)
+
+
+class HtmxPostObjectMixin(SingleObjectMixin, HtmxPostMixin):
+
+    def post(self, request, *args, **kwargs):
+        self.object = self.get_object()
+        return super().post(request, *args, **kwargs)
diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 53aceae..4598301 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -235,7 +235,7 @@ class User(AbstractUser):
 
         self.vlan_id = min(
             set(range(settings.VLAN_ID_MIN, settings.VLAN_ID_MAX))
-            - set(User.objects.exclude(vlan_id__isnull=True).values_list("vlan_id"))
+            - set(*User.objects.exclude(vlan_id__isnull=True).values_list("vlan_id"))
         )
 
         # Preempt the vlan attribution
@@ -270,7 +270,7 @@ class User(AbstractUser):
 
         if group.member != [f"{self.username}@sso.dgnum.eu"]:
             # Remove the user from the group
-            sync_call("group_delete_members", self.username)
+            sync_call("group_delete_members", group_name, [self.username])
             self.vlan_id = None
             self.save(update_fields=["vlan_id"])
             raise RuntimeError("Duplicate VLAN attribution detected")
diff --git a/src/dgsi/templates/dgsi/partials/user_list-user.html b/src/dgsi/templates/dgsi/partials/user_list-user.html
new file mode 100644
index 0000000..600d78e
--- /dev/null
+++ b/src/dgsi/templates/dgsi/partials/user_list-user.html
@@ -0,0 +1,19 @@
+{% load i18n %}
+
+<tr id="user-{{ person.pk }}">
+  <th>{{ person.username }}</th>
+  <td>{{ person.first_name }}&nbsp;{{ person.last_name }}</td>
+  <td>{{ person.email }}</td>
+  <td>{{ person.vlan_id|default:"" }}</td>
+  <td>
+    {% if person.vlan_id %}
+      <a hx-post="{% url "dgsi:dgn-user_deassign_vlan" person.pk %}"
+         hx-target="#user-{{ person.pk }}"
+         class="button is-fullwidth is-light is-warning">{% trans "Désallouer" %}</a>
+    {% else %}
+      <a hx-post="{% url "dgsi:dgn-user_assign_vlan" person.pk %}"
+         hx-target="#user-{{ person.pk }}"
+         class="button is-fullwidth is-light is-primary">{% trans "Allouer" %}</a>
+    {% endif %}
+  </td>
+</tr>
diff --git a/src/dgsi/templates/dgsi/user_list.html b/src/dgsi/templates/dgsi/user_list.html
new file mode 100644
index 0000000..2ffa96a
--- /dev/null
+++ b/src/dgsi/templates/dgsi/user_list.html
@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  {% include "_subtitle.html" with subtitle="Comptes DG·SI" %}
+
+  <table class="table is-fullwidth is-striped">
+    <thead>
+      <tr>
+        <th>{% trans "Nom d'utilisateur" %}</th>
+        <th>{% trans "Nom d'usage" %}</th>
+        <th>{% trans "Adresse e-mail" %}</th>
+        <th>{% trans "VLAN attribué" %}</th>
+        <th>{% trans "Gestion du VLAN" %}</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for person in user_list %}
+        {% include "dgsi/partials/user_list-user.html" %}
+      {% endfor %}
+    </tbody>
+  </table>
+
+{% endblock content %}
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 9f45a80..600ec50 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -53,6 +53,21 @@ urlpatterns = [
         views.CreateKanidmAccountView.as_view(),
         name="dgn-create_kanidm_user",
     ),
+    path(
+        "accounts/list/",
+        views.UserListView.as_view(),
+        name="dgn-user_list",
+    ),
+    path(
+        "accounts/assign-vlan/<int:pk>",
+        views.AssignVlanView.as_view(),
+        name="dgn-user_assign_vlan",
+    ),
+    path(
+        "accounts/deassign-vlan/<int:pk>",
+        views.DeassignVlanView.as_view(),
+        name="dgn-user_deassign_vlan",
+    ),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 7950dba..a62ee3c 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -17,7 +17,7 @@ from django.views.generic import FormView, ListView, RedirectView, TemplateView,
 from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.forms import CreateKanidmAccountForm, CreateSelfAccountForm
-from dgsi.mixins import StaffRequiredMixin
+from dgsi.mixins import HtmxPostObjectMixin, StaffRequiredMixin
 from dgsi.models import Archive, Bylaws, Service, Statutes, User
 from shared.kanidm import klient
 
@@ -51,6 +51,7 @@ ADMIN_LINKS: list[Link] = [
         _("Créer un compte Kanidm"),
         "user-plus",
     ),
+    Link("is-primary", "dgsi:dgn-user_list", _("Liste des comptes"), "users"),
     Link(
         "is-warning", "admin:index", _("Interface d'administration"), "settings-filled"
     ),
@@ -371,3 +372,25 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
         ).send()
 
         return super().form_valid(form)
+
+
+class UserListView(StaffRequiredMixin, ListView):
+    model = User
+
+
+class AssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
+    model = User
+    template_name = "dgsi/partials/user_list-user.html"
+    context_object_name = "person"
+
+    def execute_action(self, *args, **kwargs) -> None:
+        self.object.register_unique_vlan()
+
+
+class DeassignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
+    model = User
+    template_name = "dgsi/partials/user_list-user.html"
+    context_object_name = "person"
+
+    def execute_action(self, *args, **kwargs) -> None:
+        self.object.reclaim_vlan()
diff --git a/src/shared/static/js/dgsi.js b/src/shared/static/js/dgsi.js
index 89f9185..cf0848b 100644
--- a/src/shared/static/js/dgsi.js
+++ b/src/shared/static/js/dgsi.js
@@ -1,15 +1,15 @@
-document.addEventListener("DOMContentLoaded", () => {
-  (document.querySelectorAll(".notification .delete") || []).forEach(
-    ($delete) => {
-      const $notification = $delete.parentNode;
-      const dismiss = () => $notification.parentNode.removeChild($notification);
+const init = ($node) => {
+  const q = (query, f) => ($node.querySelectorAll(query) || []).forEach(f);
 
-      $delete.addEventListener("click", dismiss);
-      setTimeout(dismiss, 15000);
-    },
-  );
+  q(".notification .delete", ($delete) => {
+    const $notification = $delete.parentNode;
+    const dismiss = () => $notification.parentNode.removeChild($notification);
 
-  (document.querySelectorAll("[data-toggle]") || []).forEach(($toggle) => {
+    $delete.addEventListener("click", dismiss);
+    setTimeout(dismiss, 15000);
+  });
+
+  q("[data-toggle]", ($toggle) => {
     const target = document.querySelector($toggle.dataset.target);
 
     $toggle.addEventListener("click", () => {
@@ -25,9 +25,17 @@ document.addEventListener("DOMContentLoaded", () => {
     });
   });
 
-  (document.querySelectorAll("[data-select]") || []).forEach(($input) => {
+  q("[data-select]", ($input) => {
     $input.addEventListener("click", () => {
       $input.select();
     });
   });
+};
+
+document.addEventListener("DOMContentLoaded", () => {
+  init(document);
+
+  document.body.addEventListener("htmx:load", (e) => {
+    init(e.detail.elt);
+  });
 });

From 750b85d792ad306d28a121aab05b9e8defc9bc0a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 11:08:27 +0100
Subject: [PATCH 144/172] chore(dgsi/urls): Harmonize

---
 src/dgsi/urls.py | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 600ec50..0a7997e 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -7,14 +7,22 @@ app_name = "dgsi"
 
 urlpatterns = [
     # Misc views
-    path("", views.IndexView.as_view(), name="dgn-index"),
+    path(
+        "",
+        views.IndexView.as_view(),
+        name="dgn-index",
+    ),
     path(
         "mentions-legales",
         TemplateView.as_view(template_name="dgsi/mentions-legales.html"),
         name="dgn-mentions-legales",
     ),
     # Archives
-    path("archives/", views.ArchiveListView.as_view(), name="dgn-archives"),
+    path(
+        "archives/",
+        views.ArchiveListView.as_view(),
+        name="dgn-archives",
+    ),
     path(
         "archives/<int:pk>/",
         views.ProtectedArchiveView.as_view(),
@@ -32,7 +40,11 @@ urlpatterns = [
         name="dgn-accept_legal_document",
     ),
     # Account views
-    path("accounts/profile/", views.ProfileView.as_view(), name="dgn-profile"),
+    path(
+        "accounts/profile/",
+        views.ProfileView.as_view(),
+        name="dgn-profile",
+    ),
     path(
         "accounts/profile/apple-config/",
         views.AppleProfileView.as_view(),
@@ -74,7 +86,11 @@ urlpatterns = [
         name="dgn-forbidden_account",
     ),
     # Services views
-    path("services/", views.ServiceListView.as_view(), name="dgn-services"),
+    path(
+        "services/",
+        views.ServiceListView.as_view(),
+        name="dgn-services",
+    ),
     path(
         "services/redirect/<int:pk>/",
         views.ServiceRedirectView.as_view(),

From 8187c13db62163beb9c036f4a746b1bc2c2c0695 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 11:20:24 +0100
Subject: [PATCH 145/172] fix(dgsi/user): Flatten the values_list instead of
 iterating over it

---
 src/dgsi/models.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 4598301..0dabdac 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -235,7 +235,11 @@ class User(AbstractUser):
 
         self.vlan_id = min(
             set(range(settings.VLAN_ID_MIN, settings.VLAN_ID_MAX))
-            - set(*User.objects.exclude(vlan_id__isnull=True).values_list("vlan_id"))
+            - set(
+                User.objects.exclude(vlan_id__isnull=True).values_list(
+                    "vlan_id", flat=True
+                )
+            )
         )
 
         # Preempt the vlan attribution

From 61e8398fb4abe56e9dcbccb1a79389425a138532 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 11:27:17 +0100
Subject: [PATCH 146/172] fix(dgsi/user_list): Sort the users

---
 src/dgsi/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index a62ee3c..5ce1e5e 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -376,6 +376,7 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
 
 class UserListView(StaffRequiredMixin, ListView):
     model = User
+    ordering = ["username"]
 
 
 class AssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):

From 54d1bd2b7b5c3cd6a08df47ae2999421a78f3ff4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 17:36:17 +0100
Subject: [PATCH 147/172] fix(dgsi/js): Don't add two listeners, it fails

---
 src/shared/static/js/dgsi.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/shared/static/js/dgsi.js b/src/shared/static/js/dgsi.js
index cf0848b..f2b421c 100644
--- a/src/shared/static/js/dgsi.js
+++ b/src/shared/static/js/dgsi.js
@@ -3,14 +3,14 @@ const init = ($node) => {
 
   q(".notification .delete", ($delete) => {
     const $notification = $delete.parentNode;
-    const dismiss = () => $notification.parentNode.removeChild($notification);
+    const dismiss = () => $notification.remove();
 
     $delete.addEventListener("click", dismiss);
     setTimeout(dismiss, 15000);
   });
 
   q("[data-toggle]", ($toggle) => {
-    const target = document.querySelector($toggle.dataset.target);
+    const target = $node.querySelector($toggle.dataset.target);
 
     $toggle.addEventListener("click", () => {
       if ($toggle.dataset.toggle === "on") {
@@ -33,8 +33,6 @@ const init = ($node) => {
 };
 
 document.addEventListener("DOMContentLoaded", () => {
-  init(document);
-
   document.body.addEventListener("htmx:load", (e) => {
     init(e.detail.elt);
   });

From e278b44d0c6a7e2bdb0b0f3c95aa95618ffd09ae Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 17:58:23 +0100
Subject: [PATCH 148/172] feat(dgsi/mixins): Add KanidmAccountRequiredMixin

---
 src/dgsi/mixins.py | 43 +++++++++++++++++++++++++++++++++++++++++--
 src/dgsi/views.py  | 36 +++++++-----------------------------
 2 files changed, 48 insertions(+), 31 deletions(-)

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index 63b796c..0a74c14 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -1,11 +1,50 @@
-from django.contrib.auth.mixins import UserPassesTestMixin
-from django.http import HttpRequest
+from typing import Any
+
+from django.contrib import messages
+from django.contrib.auth.mixins import AccessMixin, UserPassesTestMixin
+from django.http import HttpRequest, HttpResponseBase, HttpResponseRedirect
+from django.urls import reverse_lazy
+from django.utils.translation import gettext_lazy as _
 from django.views.generic.base import ContextMixin, TemplateResponseMixin
 from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.models import User
 
 
+class KanidmAccountRequiredMixin(AccessMixin):
+    """
+    Mixin used to require the existence of a kanidm account.
+    """
+
+    require_radius_secret: bool = False
+
+    def dispatch(
+        self, request: HttpRequest, *args: Any, **kwargs: Any
+    ) -> HttpResponseBase:
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        self._user = User.from_request(request)
+
+        if self._user.kanidm is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez créer un compte DGNum.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-create_self_account"))
+
+        if self.require_radius_secret and self._user.kanidm.radius_secret is None:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("<b>Veuillez générer un mot de passe Wi-Fi.</b>"),
+            )
+            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+
+        return super().dispatch(request, *args, **kwargs)  # type: ignore
+
+
 class StaffRequiredMixin(UserPassesTestMixin):
     request: HttpRequest
 
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 5ce1e5e..205216b 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -17,7 +17,11 @@ from django.views.generic import FormView, ListView, RedirectView, TemplateView,
 from django.views.generic.detail import SingleObjectMixin
 
 from dgsi.forms import CreateKanidmAccountForm, CreateSelfAccountForm
-from dgsi.mixins import HtmxPostObjectMixin, StaffRequiredMixin
+from dgsi.mixins import (
+    HtmxPostObjectMixin,
+    KanidmAccountRequiredMixin,
+    StaffRequiredMixin,
+)
 from dgsi.models import Archive, Bylaws, Service, Statutes, User
 from shared.kanidm import klient
 
@@ -72,37 +76,11 @@ class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = "dgsi/profile.html"
 
 
-class AppleProfileView(AccessMixin, TemplateView):
+class AppleProfileView(KanidmAccountRequiredMixin, TemplateView):
     content_type = "application/x-apple-aspen-config"
     template_name = "dgnum_profile.mobileconfig"
     extra_context = {"dgnum_ssid": "DGNum 2G (N)"}
-
-    def dispatch(
-        self, request: HttpRequest, *args: Any, **kwargs: Any
-    ) -> HttpResponseBase:
-        if not request.user.is_authenticated:
-            return self.handle_no_permission()
-
-        u = User.from_request(request)
-
-        # Check that the user does not already exist
-        if u.kanidm is None:
-            messages.add_message(
-                request,
-                messages.WARNING,
-                _("<b>Veuillez créer un compte DGNum.</b>"),
-            )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-create_self_account"))
-
-        if u.kanidm.radius_secret is None:
-            messages.add_message(
-                request,
-                messages.WARNING,
-                _("<b>Veuillez générer un mot de passe Wi-Fi.</b>"),
-            )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
-
-        return super().dispatch(request, *args, **kwargs)
+    require_radius_secret = True
 
     def render_to_response(
         self, context: dict[str, Any], **response_kwargs: Any

From 45321b98df086dc3e1774a87a14be286981cc66a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 17:59:05 +0100
Subject: [PATCH 149/172] feat(dgsi/profile): Switch to htmx for
 generating/reseting the WiFi password

---
 .../dgsi/partials/profile-radius_secret.html  |  9 +++---
 src/dgsi/views.py                             | 30 ++++++++-----------
 2 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/src/dgsi/templates/dgsi/partials/profile-radius_secret.html b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
index fddee59..12dbc62 100644
--- a/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
+++ b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
@@ -4,10 +4,9 @@
   <h3 class="has-text-weight-bold mb-3">
     <span>{% trans "Mot de passe WiFi :" %}</span>
     {% if user.kanidm.radius_secret %}
-      {% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" as confirm_wifi_reset %}
-      <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
-         class="button is-small is-danger is-pulled-right"
-         onclick="return confirm('{{ confirm_wifi_reset }}')">
+      <a class="button is-small is-danger is-pulled-right"
+         hx-post="{% url "dgsi:dgn-generate_wifi_password" %}"
+         hx-confirm="{% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" %}">
         <span class="icon"><i class="ti ti-refresh"></i></span>
         <span class="has-text-weight-normal">{% trans "Réinitialiser le mot de passe WiFi" %}</span>
       </a>
@@ -25,7 +24,7 @@
       <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
     </div>
   {% else %}
-    <a href="{% url "dgsi:dgn-generate_wifi_password" %}"
+    <a hx-post="{% url "dgsi:dgn-generate_wifi_password" %}"
        class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
   {% endif %}
 {% endif %}
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 205216b..b1b0063 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -23,7 +23,7 @@ from dgsi.mixins import (
     StaffRequiredMixin,
 )
 from dgsi.models import Archive, Bylaws, Service, Statutes, User
-from shared.kanidm import klient
+from shared.kanidm import klient, sync_call
 
 
 class Link(NamedTuple):
@@ -90,27 +90,23 @@ class AppleProfileView(KanidmAccountRequiredMixin, TemplateView):
         return super().render_to_response(context, headers=headers, **response_kwargs)
 
 
-class GenerateWiFiPasswordView(LoginRequiredMixin, RedirectView):
+class GenerateWiFiPasswordView(KanidmAccountRequiredMixin, View):
     url = reverse_lazy("dgsi:dgn-profile")
+    http_method_names = ["post"]
 
-    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
-        user = User.from_request(self.request)
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
+        assert self._user.kanidm is not None
 
-        if user.kanidm is None:
-            messages.error(self.request, _("Compte DGNum inexistant."))
+        # Give access to the wifi network when the user creates its first password
+        if not self._user.kanidm.radius_secret:
+            message = _("Mot de passe Wi-Fi généré avec succès.")
+            sync_call("group_add_members", "radius_access", [self._user.username])
         else:
-            # Give access to the wifi network when the user creates its first password
-            if not user.kanidm.radius_secret:
-                message = _("Mot de passe Wi-Fi généré avec succès.")
-                async_to_sync(klient.group_add_members)(
-                    "radius_access", [user.username]
-                )
-            else:
-                message = _("Mot de passe Wi-Fi reinitialisé avec succès.")
-            async_to_sync(klient.call_post)(f"/v1/person/{user.username}/_radius")
-            messages.add_message(request, messages.SUCCESS, message)
+            message = _("Mot de passe Wi-Fi reinitialisé avec succès.")
+        sync_call("call_post", f"/v1/person/{self._user.username}/_radius")
+        messages.add_message(request, messages.SUCCESS, message)
 
-        return super().get(request, *args, **kwargs)
+        return HttpResponse(*args, headers={"HX-Redirect": self.url}, **kwargs)
 
 
 # INFO: We subclass AccessMixin and not LoginRequiredMixin because the way we want to

From d34e500ea6696f9be27343ab9737399f9c7a21e4 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 21:20:30 +0100
Subject: [PATCH 150/172] chore(dgsi/urls): Drop the dgn- prefix

---
 src/dgsi/mixins.py                            |   4 +-
 src/dgsi/templates/_legal_document.html       |   2 +-
 src/dgsi/templates/_subtitle.html             |   2 +-
 src/dgsi/templates/dgsi/archive_list.html     |   2 +-
 src/dgsi/templates/dgsi/legal_documents.html  |   2 +-
 ...ons-legales.html => mentions_legales.html} |   0
 .../dgsi/partials/profile-radius_secret.html  |   4 +-
 .../dgsi/partials/user_list-user.html         |   4 +-
 src/dgsi/templates/dgsi/profile.html          |   4 +-
 src/dgsi/templates/dgsi/service_list.html     |   2 +-
 src/dgsi/urls.py                              | 149 +++++++++---------
 src/dgsi/views.py                             |  30 ++--
 src/shared/account.py                         |   4 +-
 src/shared/templates/_footer.html             |   2 +-
 src/shared/templates/_hero.html               |   2 +-
 15 files changed, 110 insertions(+), 103 deletions(-)
 rename src/dgsi/templates/dgsi/{mentions-legales.html => mentions_legales.html} (100%)

diff --git a/src/dgsi/mixins.py b/src/dgsi/mixins.py
index 0a74c14..82c1e21 100644
--- a/src/dgsi/mixins.py
+++ b/src/dgsi/mixins.py
@@ -32,7 +32,7 @@ class KanidmAccountRequiredMixin(AccessMixin):
                 messages.WARNING,
                 _("<b>Veuillez créer un compte DGNum.</b>"),
             )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-create_self_account"))
+            return HttpResponseRedirect(reverse_lazy("dgsi:create_self_account"))
 
         if self.require_radius_secret and self._user.kanidm.radius_secret is None:
             messages.add_message(
@@ -40,7 +40,7 @@ class KanidmAccountRequiredMixin(AccessMixin):
                 messages.WARNING,
                 _("<b>Veuillez générer un mot de passe Wi-Fi.</b>"),
             )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+            return HttpResponseRedirect(reverse_lazy("dgsi:profile"))
 
         return super().dispatch(request, *args, **kwargs)  # type: ignore
 
diff --git a/src/dgsi/templates/_legal_document.html b/src/dgsi/templates/_legal_document.html
index a69159e..bcde23a 100644
--- a/src/dgsi/templates/_legal_document.html
+++ b/src/dgsi/templates/_legal_document.html
@@ -5,7 +5,7 @@
   <span class="tags is-pulled-right">
     {% if user_document != document %}
       <a class="tag is-warning"
-         href="{% url "dgsi:dgn-accept_legal_document" document.kind %}"
+         href="{% url "dgsi:accept_legal_document" document.kind %}"
          onclick="return confirm(('{% trans " En acceptant, vous assurez avoir lu ce document et en approuver le contenu." %}'))">
         <span>{{ accept_question }}</span>
         <span class="icon is-size-6"><i class="ti ti-alert-circle"></i></span>
diff --git a/src/dgsi/templates/_subtitle.html b/src/dgsi/templates/_subtitle.html
index e69f188..0f1cdf1 100644
--- a/src/dgsi/templates/_subtitle.html
+++ b/src/dgsi/templates/_subtitle.html
@@ -2,7 +2,7 @@
 
 <h2 class="subtitle">
   {% trans subtitle %}
-  <a class="button is-small is-pulled-right is-primary" href="{% url backlink|default:'dgsi:dgn-index' %}">
+  <a class="button is-small is-pulled-right is-primary" href="{% url backlink|default:'dgsi:index' %}">
     <span class="icon">
       <i class="ti ti-arrow-big-left-filled"></i>
     </span>
diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index 02cf566..cd2afb4 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -8,7 +8,7 @@
 
   {% for file in document_list %}
     <a class="button bt-archive"
-       {% if file.kind == "statutes" or file.kind == "bylaws" %} href="{{ file.file.url }}" {% else %} href="{% url "dgsi:dgn-protected-archive" file.pk %}" {% endif %}>
+       {% if file.kind == "statutes" or file.kind == "bylaws" %} href="{{ file.file.url }}" {% else %} href="{% url "dgsi:protected-archive" file.pk %}" {% endif %}>
       <span class="tag is-{{ file.color }} is-pulled-left">
         <span class="icon"><i class="ti ti-{{ file.icon }}"></i></span>
       </span>
diff --git a/src/dgsi/templates/dgsi/legal_documents.html b/src/dgsi/templates/dgsi/legal_documents.html
index b9abc97..f3ca729 100644
--- a/src/dgsi/templates/dgsi/legal_documents.html
+++ b/src/dgsi/templates/dgsi/legal_documents.html
@@ -16,7 +16,7 @@
         <b>{% trans "Vous n'avez pas encore de compte DGNum, mais vous pouvez désormais en créer un." %}</b>
         <br>
         <a class="button mt-5 is-light"
-           href="{% url "dgsi:dgn-create_self_account" %}">{% trans "Poursuivre la création d'un compte DGNum" %}</a>
+           href="{% url "dgsi:create_self_account" %}">{% trans "Poursuivre la création d'un compte DGNum" %}</a>
       </div>
     {% endif %}
   {% endif %}
diff --git a/src/dgsi/templates/dgsi/mentions-legales.html b/src/dgsi/templates/dgsi/mentions_legales.html
similarity index 100%
rename from src/dgsi/templates/dgsi/mentions-legales.html
rename to src/dgsi/templates/dgsi/mentions_legales.html
diff --git a/src/dgsi/templates/dgsi/partials/profile-radius_secret.html b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
index 12dbc62..5769cb3 100644
--- a/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
+++ b/src/dgsi/templates/dgsi/partials/profile-radius_secret.html
@@ -5,7 +5,7 @@
     <span>{% trans "Mot de passe WiFi :" %}</span>
     {% if user.kanidm.radius_secret %}
       <a class="button is-small is-danger is-pulled-right"
-         hx-post="{% url "dgsi:dgn-generate_wifi_password" %}"
+         hx-post="{% url "dgsi:generate_wifi_password" %}"
          hx-confirm="{% trans "Êtes-vous sûr·e de vouloir réinitialiser votre mot de passe WiFi ?" %}">
         <span class="icon"><i class="ti ti-refresh"></i></span>
         <span class="has-text-weight-normal">{% trans "Réinitialiser le mot de passe WiFi" %}</span>
@@ -24,7 +24,7 @@
       <a id="secret-toggle" class="button is-size-4 is-warning is-light"><span class="icon"><i class="ti ti-eye"></i></span></a>
     </div>
   {% else %}
-    <a hx-post="{% url "dgsi:dgn-generate_wifi_password" %}"
+    <a hx-post="{% url "dgsi:generate_wifi_password" %}"
        class="button is-fullwidth is-primary is-light is-size-4 block">{% trans "Générer un mot de passe WiFi" %}</a>
   {% endif %}
 {% endif %}
diff --git a/src/dgsi/templates/dgsi/partials/user_list-user.html b/src/dgsi/templates/dgsi/partials/user_list-user.html
index 600d78e..dbc9b5b 100644
--- a/src/dgsi/templates/dgsi/partials/user_list-user.html
+++ b/src/dgsi/templates/dgsi/partials/user_list-user.html
@@ -7,11 +7,11 @@
   <td>{{ person.vlan_id|default:"" }}</td>
   <td>
     {% if person.vlan_id %}
-      <a hx-post="{% url "dgsi:dgn-user_deassign_vlan" person.pk %}"
+      <a hx-post="{% url "dgsi:user_deassign_vlan" person.pk %}"
          hx-target="#user-{{ person.pk }}"
          class="button is-fullwidth is-light is-warning">{% trans "Désallouer" %}</a>
     {% else %}
-      <a hx-post="{% url "dgsi:dgn-user_assign_vlan" person.pk %}"
+      <a hx-post="{% url "dgsi:user_assign_vlan" person.pk %}"
          hx-target="#user-{{ person.pk }}"
          class="button is-fullwidth is-light is-primary">{% trans "Allouer" %}</a>
     {% endif %}
diff --git a/src/dgsi/templates/dgsi/profile.html b/src/dgsi/templates/dgsi/profile.html
index a48ae1b..02e8784 100644
--- a/src/dgsi/templates/dgsi/profile.html
+++ b/src/dgsi/templates/dgsi/profile.html
@@ -50,7 +50,7 @@
 
   {% if user.kanidm and user.kanidm.radius_secret %}
     <div class="buttons">
-      <a href="{% url "dgsi:dgn-apple_profile" %}" class="button is-light">
+      <a href="{% url "dgsi:apple_profile" %}" class="button is-light">
         <span class="icon"><i class="ti ti-brand-apple-filled"></i></span>
         <span>{% trans "Télécharger le profil Wi-Fi DGNum pour iOS, iPadOS et macOS" %}</span>
       </a>
@@ -106,7 +106,7 @@
       <b>{% trans "Pas de compte DGNum répertorié." %}</b>
       <br>
       <a class="button mt-5 is-light"
-         href="{% url "dgsi:dgn-create_self_account" %}">{% trans "Créer un compte DGNum" %}</a>
+         href="{% url "dgsi:create_self_account" %}">{% trans "Créer un compte DGNum" %}</a>
     </div>
   {% endif %}
 {% endblock content %}
diff --git a/src/dgsi/templates/dgsi/service_list.html b/src/dgsi/templates/dgsi/service_list.html
index 5dfe92b..ba06bb3 100644
--- a/src/dgsi/templates/dgsi/service_list.html
+++ b/src/dgsi/templates/dgsi/service_list.html
@@ -9,7 +9,7 @@
   <div class="buttons bt-links">
     {% for service in service_list %}
       <a class="button is-medium"
-         href="{% url "dgsi:dgn-services_redirect" service.pk %}">
+         href="{% url "dgsi:services_redirect" service.pk %}">
         <span class="icon"><i class="ti ti-{{ service.icon }}"></i></span>
         <span>{{ service.name }}</span>
       </a>
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index 0a7997e..e60f6f6 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -6,94 +6,101 @@ from . import views
 app_name = "dgsi"
 
 urlpatterns = [
-    # Misc views
+    ###
+    # Miscelleanous views
     path(
         "",
         views.IndexView.as_view(),
-        name="dgn-index",
+        name="index",
     ),
     path(
-        "mentions-legales",
-        TemplateView.as_view(template_name="dgsi/mentions-legales.html"),
-        name="dgn-mentions-legales",
-    ),
-    # Archives
-    path(
-        "archives/",
-        views.ArchiveListView.as_view(),
-        name="dgn-archives",
-    ),
-    path(
-        "archives/<int:pk>/",
-        views.ProtectedArchiveView.as_view(),
-        name="dgn-protected-archive",
-    ),
-    # Legal documents
-    path(
-        "legal-documents/",
-        views.LegalDocumentsView.as_view(),
-        name="dgn-legal_documents",
-    ),
-    path(
-        "legal-documents/accept/<slug:kind>/",
-        views.AcceptLegalDocumentView.as_view(),
-        name="dgn-accept_legal_document",
-    ),
-    # Account views
-    path(
-        "accounts/profile/",
-        views.ProfileView.as_view(),
-        name="dgn-profile",
-    ),
-    path(
-        "accounts/profile/apple-config/",
-        views.AppleProfileView.as_view(),
-        name="dgn-apple_profile",
-    ),
-    path(
-        "accounts/generate-wifi-password/",
-        views.GenerateWiFiPasswordView.as_view(),
-        name="dgn-generate_wifi_password",
-    ),
-    path(
-        "accounts/create/",
-        views.CreateSelfAccountView.as_view(),
-        name="dgn-create_self_account",
-    ),
-    path(
-        "accounts/create-kanidm/",
-        views.CreateKanidmAccountView.as_view(),
-        name="dgn-create_kanidm_user",
-    ),
-    path(
-        "accounts/list/",
-        views.UserListView.as_view(),
-        name="dgn-user_list",
-    ),
-    path(
-        "accounts/assign-vlan/<int:pk>",
-        views.AssignVlanView.as_view(),
-        name="dgn-user_assign_vlan",
-    ),
-    path(
-        "accounts/deassign-vlan/<int:pk>",
-        views.DeassignVlanView.as_view(),
-        name="dgn-user_deassign_vlan",
+        "mentions-legales/",
+        TemplateView.as_view(template_name="dgsi/mentions_legales.html"),
+        name="mentions_legales",
     ),
     path(
         "accounts/forbidden/",
         views.TemplateView.as_view(template_name="accounts/forbidden_category.html"),
-        name="dgn-forbidden_account",
+        name="forbidden_account",
     ),
+    ###
+    # Archives views
+    path(
+        "archives/",
+        views.ArchiveListView.as_view(),
+        name="archives",
+    ),
+    path(
+        "archives/<int:pk>/",
+        views.ProtectedArchiveView.as_view(),
+        name="protected-archive",
+    ),
+    ###
+    # Legal documents
+    path(
+        "legal-documents/",
+        views.LegalDocumentsView.as_view(),
+        name="legal_documents",
+    ),
+    path(
+        "legal-documents/accept/<slug:kind>/",
+        views.AcceptLegalDocumentView.as_view(),
+        name="accept_legal_document",
+    ),
+    ###
     # Services views
     path(
         "services/",
         views.ServiceListView.as_view(),
-        name="dgn-services",
+        name="services",
     ),
     path(
         "services/redirect/<int:pk>/",
         views.ServiceRedirectView.as_view(),
-        name="dgn-services_redirect",
+        name="services_redirect",
+    ),
+    ###
+    # Profile views
+    path(
+        "accounts/profile/",
+        views.ProfileView.as_view(),
+        name="profile",
+    ),
+    path(
+        "accounts/profile/apple-config/",
+        views.AppleProfileView.as_view(),
+        name="apple_profile",
+    ),
+    path(
+        "accounts/generate-wifi-password/",
+        views.GenerateWiFiPasswordView.as_view(),
+        name="generate_wifi_password",
+    ),
+    path(
+        "accounts/create/",
+        views.CreateSelfAccountView.as_view(),
+        name="create_self_account",
+    ),
+    ###
+    # Accounts admin views
+    path(
+        "accounts/create-kanidm/",
+        views.CreateKanidmAccountView.as_view(),
+        name="create_kanidm_user",
+    ),
+    path(
+        "accounts/list/",
+        views.UserListView.as_view(),
+        name="user_list",
+    ),
+    path(
+        "accounts/assign-vlan/<int:pk>",
+        views.AssignVlanView.as_view(),
+        name="user_assign_vlan",
+    ),
+    path(
+        "accounts/deassign-vlan/<int:pk>",
+        views.DeassignVlanView.as_view(),
+        name="user_deassign_vlan",
     ),
 ]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index b1b0063..9cf7ced 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -34,8 +34,8 @@ class Link(NamedTuple):
     absolute: bool = False
 
 
-AUTHENTICATED_LINKS: list[Link] = [
-    Link("is-primary", "dgsi:dgn-profile", _("Mon profil"), "user-filled"),
+AUTHENTICATED_LINKS = [
+    Link("is-primary", "dgsi:profile", _("Mon profil"), "user-filled"),
     Link(
         "is-success",
         "https://docs.dgnum.eu/s/doc-publique",
@@ -43,19 +43,19 @@ AUTHENTICATED_LINKS: list[Link] = [
         "help",
         True,
     ),
-    Link("is-primary", "dgsi:dgn-legal_documents", _("Documents Légaux"), "script"),
-    Link("is-info", "dgsi:dgn-services", _("Services proposés"), "apps-filled"),
-    Link("is-success", "dgsi:dgn-archives", _("Archives"), "archive"),
+    Link("is-primary", "dgsi:legal_documents", _("Documents Légaux"), "script"),
+    Link("is-info", "dgsi:services", _("Services proposés"), "apps-filled"),
+    Link("is-success", "dgsi:archives", _("Archives"), "archive"),
 ]
 
-ADMIN_LINKS: list[Link] = [
+ADMIN_LINKS = [
     Link(
         "is-danger",
-        "dgsi:dgn-create_kanidm_user",
+        "dgsi:create_kanidm_user",
         _("Créer un compte Kanidm"),
         "user-plus",
     ),
-    Link("is-primary", "dgsi:dgn-user_list", _("Liste des comptes"), "users"),
+    Link("is-primary", "dgsi:user_list", _("Liste des comptes"), "users"),
     Link(
         "is-warning", "admin:index", _("Interface d'administration"), "settings-filled"
     ),
@@ -91,7 +91,7 @@ class AppleProfileView(KanidmAccountRequiredMixin, TemplateView):
 
 
 class GenerateWiFiPasswordView(KanidmAccountRequiredMixin, View):
-    url = reverse_lazy("dgsi:dgn-profile")
+    url = reverse_lazy("dgsi:profile")
     http_method_names = ["post"]
 
     def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
@@ -115,8 +115,8 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
     template_name = "dgsi/create_self_account.html"
     form_class = CreateSelfAccountForm
     success_message = _("Compte DGNum créé avec succès")
-    success_url = reverse_lazy("dgsi:dgn-profile")
-    extra_context = {"backlink": "dgsi:dgn-profile"}
+    success_url = reverse_lazy("dgsi:profile")
+    extra_context = {"backlink": "dgsi:profile"}
 
     def dispatch(
         self, request: HttpRequest, *args: Any, **kwargs: Any
@@ -133,7 +133,7 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
                 messages.WARNING,
                 _("<b>Vous possédez déjà un compte DGNum !</b>"),
             )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-profile"))
+            return HttpResponseRedirect(reverse_lazy("dgsi:profile"))
 
         # Check that the Statutes and Bylaws have been accepted
         if (
@@ -145,7 +145,7 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
                 messages.WARNING,
                 _("Vous devez accepter les Statuts et le Règlement Intérieur."),
             )
-            return HttpResponseRedirect(reverse_lazy("dgsi:dgn-legal_documents"))
+            return HttpResponseRedirect(reverse_lazy("dgsi:legal_documents"))
 
         return super().dispatch(request, *args, **kwargs)
 
@@ -258,7 +258,7 @@ class LegalDocumentsView(LoginRequiredMixin, TemplateView):
 
 
 class AcceptLegalDocumentView(LoginRequiredMixin, RedirectView):
-    url = reverse_lazy("dgsi:dgn-legal_documents")
+    url = reverse_lazy("dgsi:legal_documents")
 
     def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponseBase:
         u = User.from_request(self.request)
@@ -306,7 +306,7 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
     template_name = "dgsi/create_kanidm_account.html"
     success_message = _("Compte DGNum pour %(displayname)s [%(name)s] créé.")
 
-    success_url = reverse_lazy("dgsi:dgn-create_kanidm_user")
+    success_url = reverse_lazy("dgsi:create_kanidm_user")
 
     @async_to_sync
     async def form_valid(self, form):
diff --git a/src/shared/account.py b/src/shared/account.py
index 956fe5b..5c2a2f8 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -40,7 +40,7 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
                 ):
                     messages.error(request, _("Catégorie de compte ENS interdite."))
                     raise ImmediateHttpResponse(
-                        HttpResponseRedirect(reverse("dgsi:dgn-forbidden_account"))
+                        HttpResponseRedirect(reverse("dgsi:forbidden_account"))
                     )
 
                 # Continue with the login flow
@@ -57,7 +57,7 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
                 # INFO: This should never happen
                 messages.error(request, _("Méthode de connexion invalide."))
                 raise ImmediateHttpResponse(
-                    HttpResponseRedirect(reverse("dgsi:dgn-forbidden_account"))
+                    HttpResponseRedirect(reverse("dgsi:forbidden_account"))
                 )
 
     def _get_user(
diff --git a/src/shared/templates/_footer.html b/src/shared/templates/_footer.html
index 58e27ea..f6696c8 100644
--- a/src/shared/templates/_footer.html
+++ b/src/shared/templates/_footer.html
@@ -3,6 +3,6 @@
 <footer class="footer has-text-centered">
   <b>{% blocktrans %}Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.{% endblocktrans %}</b>
   <hr class="my-2">
-  <a class="tag is-medium" href="{% url "dgsi:dgn-mentions-legales" %}">Mentions Légales</a>
+  <a class="tag is-medium" href="{% url "dgsi:mentions_legales" %}">Mentions Légales</a>
   {% django_browser_reload_script %}
 </footer>
diff --git a/src/shared/templates/_hero.html b/src/shared/templates/_hero.html
index 9efcf35..ca4abab 100644
--- a/src/shared/templates/_hero.html
+++ b/src/shared/templates/_hero.html
@@ -5,7 +5,7 @@
     <div class="columns mx-6">
       <div class="column is-three-quarters">
         <h1 class="title">
-          <a href="{% url 'dgsi:dgn-index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
+          <a href="{% url 'dgsi:index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
         </h1>
         <h2 class="subtitle mt-2">Système d'information de la DGNum</h2>
       </div>

From 79172f4ec07bb37638f7e716fb67f281c752ab39 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 21:20:58 +0100
Subject: [PATCH 151/172] fix(dgsi/user_list): Improve the mobile view

---
 src/dgsi/templates/dgsi/user_list.html | 34 ++++++++++++++------------
 src/shared/static/bulma/bulma.scss     |  9 +++++++
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/src/dgsi/templates/dgsi/user_list.html b/src/dgsi/templates/dgsi/user_list.html
index 2ffa96a..a3f2ea6 100644
--- a/src/dgsi/templates/dgsi/user_list.html
+++ b/src/dgsi/templates/dgsi/user_list.html
@@ -5,21 +5,23 @@
 {% block content %}
   {% include "_subtitle.html" with subtitle="Comptes DG·SI" %}
 
-  <table class="table is-fullwidth is-striped">
-    <thead>
-      <tr>
-        <th>{% trans "Nom d'utilisateur" %}</th>
-        <th>{% trans "Nom d'usage" %}</th>
-        <th>{% trans "Adresse e-mail" %}</th>
-        <th>{% trans "VLAN attribué" %}</th>
-        <th>{% trans "Gestion du VLAN" %}</th>
-      </tr>
-    </thead>
-    <tbody>
-      {% for person in user_list %}
-        {% include "dgsi/partials/user_list-user.html" %}
-      {% endfor %}
-    </tbody>
-  </table>
+  <div class="table-container">
+    <table class="table is-fullwidth is-striped is-narrow">
+      <thead>
+        <tr>
+          <th>{% trans "Nom d'utilisateur" %}</th>
+          <th>{% trans "Nom d'usage" %}</th>
+          <th>{% trans "Adresse e-mail" %}</th>
+          <th>{% trans "VLAN attribué" %}</th>
+          <th>{% trans "Gestion du VLAN" %}</th>
+        </tr>
+      </thead>
+      <tbody class="is-centered">
+        {% for person in user_list %}
+          {% include "dgsi/partials/user_list-user.html" %}
+        {% endfor %}
+      </tbody>
+    </table>
+  </div>
 
 {% endblock content %}
diff --git a/src/shared/static/bulma/bulma.scss b/src/shared/static/bulma/bulma.scss
index 8f95fe5..f487936 100644
--- a/src/shared/static/bulma/bulma.scss
+++ b/src/shared/static/bulma/bulma.scss
@@ -13,6 +13,15 @@ $dark: rgb(46, 46, 46);
 @use "./sass/utilities/mixins" as mx;
 @use "./sass/utilities/initial-variables.scss" as iv;
 
+tbody {
+  &.is-centered {
+    th,
+    td {
+      vertical-align: middle !important;
+    }
+  }
+}
+
 body {
   min-height: 100vh;
   display: flex;

From 31c414918b04232d9038235cefcc9f7cef5f2e86 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sun, 2 Feb 2025 21:32:30 +0100
Subject: [PATCH 152/172] chore(dgsi): Uniformize

---
 src/dgsi/templates/dgsi/archive_list.html |  2 +-
 src/dgsi/templates/dgsi/service_list.html |  2 +-
 src/dgsi/urls.py                          | 16 ++++++++--------
 src/dgsi/views.py                         | 10 +++++-----
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/dgsi/templates/dgsi/archive_list.html b/src/dgsi/templates/dgsi/archive_list.html
index cd2afb4..a7bf26e 100644
--- a/src/dgsi/templates/dgsi/archive_list.html
+++ b/src/dgsi/templates/dgsi/archive_list.html
@@ -8,7 +8,7 @@
 
   {% for file in document_list %}
     <a class="button bt-archive"
-       {% if file.kind == "statutes" or file.kind == "bylaws" %} href="{{ file.file.url }}" {% else %} href="{% url "dgsi:protected-archive" file.pk %}" {% endif %}>
+       {% if file.kind == "statutes" or file.kind == "bylaws" %} href="{{ file.file.url }}" {% else %} href="{% url "dgsi:protected_archive" file.pk %}" {% endif %}>
       <span class="tag is-{{ file.color }} is-pulled-left">
         <span class="icon"><i class="ti ti-{{ file.icon }}"></i></span>
       </span>
diff --git a/src/dgsi/templates/dgsi/service_list.html b/src/dgsi/templates/dgsi/service_list.html
index ba06bb3..7a933d6 100644
--- a/src/dgsi/templates/dgsi/service_list.html
+++ b/src/dgsi/templates/dgsi/service_list.html
@@ -9,7 +9,7 @@
   <div class="buttons bt-links">
     {% for service in service_list %}
       <a class="button is-medium"
-         href="{% url "dgsi:services_redirect" service.pk %}">
+         href="{% url "dgsi:service_redirect" service.pk %}">
         <span class="icon"><i class="ti ti-{{ service.icon }}"></i></span>
         <span>{{ service.name }}</span>
       </a>
diff --git a/src/dgsi/urls.py b/src/dgsi/urls.py
index e60f6f6..9fe1616 100644
--- a/src/dgsi/urls.py
+++ b/src/dgsi/urls.py
@@ -28,12 +28,12 @@ urlpatterns = [
     path(
         "archives/",
         views.ArchiveListView.as_view(),
-        name="archives",
+        name="archive_list",
     ),
     path(
         "archives/<int:pk>/",
         views.ProtectedArchiveView.as_view(),
-        name="protected-archive",
+        name="protected_archive",
     ),
     ###
     # Legal documents
@@ -52,12 +52,12 @@ urlpatterns = [
     path(
         "services/",
         views.ServiceListView.as_view(),
-        name="services",
+        name="service_list",
     ),
     path(
         "services/redirect/<int:pk>/",
         views.ServiceRedirectView.as_view(),
-        name="services_redirect",
+        name="service_redirect",
     ),
     ###
     # Profile views
@@ -67,7 +67,7 @@ urlpatterns = [
         name="profile",
     ),
     path(
-        "accounts/profile/apple-config/",
+        "accounts/profile/apple/",
         views.AppleProfileView.as_view(),
         name="apple_profile",
     ),
@@ -86,7 +86,7 @@ urlpatterns = [
     path(
         "accounts/create-kanidm/",
         views.CreateKanidmAccountView.as_view(),
-        name="create_kanidm_user",
+        name="create_kanidm_account",
     ),
     path(
         "accounts/list/",
@@ -95,12 +95,12 @@ urlpatterns = [
     ),
     path(
         "accounts/assign-vlan/<int:pk>",
-        views.AssignVlanView.as_view(),
+        views.UserAssignVlanView.as_view(),
         name="user_assign_vlan",
     ),
     path(
         "accounts/deassign-vlan/<int:pk>",
-        views.DeassignVlanView.as_view(),
+        views.UserDeassignVlanView.as_view(),
         name="user_deassign_vlan",
     ),
 ]
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 9cf7ced..33735ec 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -44,14 +44,14 @@ AUTHENTICATED_LINKS = [
         True,
     ),
     Link("is-primary", "dgsi:legal_documents", _("Documents Légaux"), "script"),
-    Link("is-info", "dgsi:services", _("Services proposés"), "apps-filled"),
-    Link("is-success", "dgsi:archives", _("Archives"), "archive"),
+    Link("is-info", "dgsi:service_list", _("Services proposés"), "apps-filled"),
+    Link("is-success", "dgsi:archive_list", _("Archives"), "archive"),
 ]
 
 ADMIN_LINKS = [
     Link(
         "is-danger",
-        "dgsi:create_kanidm_user",
+        "dgsi:create_kanidm_account",
         _("Créer un compte Kanidm"),
         "user-plus",
     ),
@@ -353,7 +353,7 @@ class UserListView(StaffRequiredMixin, ListView):
     ordering = ["username"]
 
 
-class AssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
+class UserAssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
     model = User
     template_name = "dgsi/partials/user_list-user.html"
     context_object_name = "person"
@@ -362,7 +362,7 @@ class AssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
         self.object.register_unique_vlan()
 
 
-class DeassignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
+class UserDeassignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):
     model = User
     template_name = "dgsi/partials/user_list-user.html"
     context_object_name = "person"

From b810fa8a674538d48a5f7d223040c4ca97628b9e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 4 Feb 2025 13:29:06 +0100
Subject: [PATCH 153/172] fix(dgsi/apple-profile): Use correct SSID

---
 src/dgsi/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 33735ec..0db480a 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -79,7 +79,7 @@ class ProfileView(LoginRequiredMixin, TemplateView):
 class AppleProfileView(KanidmAccountRequiredMixin, TemplateView):
     content_type = "application/x-apple-aspen-config"
     template_name = "dgnum_profile.mobileconfig"
-    extra_context = {"dgnum_ssid": "DGNum 2G (N)"}
+    extra_context = {"dgnum_ssid": "DGNum"}
     require_radius_secret = True
 
     def render_to_response(

From dd3e62e30a60d5d1a74680325ae428b6d0414fc5 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 6 Feb 2025 11:24:04 +0100
Subject: [PATCH 154/172] fix(dgsi/user-list): Disable VLAN allocation when no
 kanidm account exists

---
 src/dgsi/templates/dgsi/partials/user_list-user.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/dgsi/templates/dgsi/partials/user_list-user.html b/src/dgsi/templates/dgsi/partials/user_list-user.html
index dbc9b5b..7ae747e 100644
--- a/src/dgsi/templates/dgsi/partials/user_list-user.html
+++ b/src/dgsi/templates/dgsi/partials/user_list-user.html
@@ -10,10 +10,12 @@
       <a hx-post="{% url "dgsi:user_deassign_vlan" person.pk %}"
          hx-target="#user-{{ person.pk }}"
          class="button is-fullwidth is-light is-warning">{% trans "Désallouer" %}</a>
-    {% else %}
+    {% elif person.kanidm %}
       <a hx-post="{% url "dgsi:user_assign_vlan" person.pk %}"
          hx-target="#user-{{ person.pk }}"
          class="button is-fullwidth is-light is-primary">{% trans "Allouer" %}</a>
+    {% else %}
+      <button class="button is-fullwidth is-static">{% trans "Pas de compte" %}</button>
     {% endif %}
   </td>
 </tr>

From cf1e8abf6dddd8c3ec2d6bacbc9bdd42faade02d Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 8 Feb 2025 12:31:55 +0100
Subject: [PATCH 155/172] chore(dgsi/user_list): Sort by newest arrival instead
 of username

---
 src/dgsi/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 0db480a..08bbeff 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -350,7 +350,7 @@ class CreateKanidmAccountView(StaffRequiredMixin, SuccessMessageMixin, FormView)
 
 class UserListView(StaffRequiredMixin, ListView):
     model = User
-    ordering = ["username"]
+    ordering = ["-date_joined"]
 
 
 class UserAssignVlanView(StaffRequiredMixin, HtmxPostObjectMixin, View):

From 522e2eb7c7e5ebcfeb93db6e1de6066c99effd86 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 8 Feb 2025 14:29:39 +0100
Subject: [PATCH 156/172] fix(dgsi): Switch to focus event for selecting

This should fix the issue where iOS devices cannot select the text.

Fixes #11
---
 src/shared/static/js/dgsi.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/static/js/dgsi.js b/src/shared/static/js/dgsi.js
index f2b421c..7676418 100644
--- a/src/shared/static/js/dgsi.js
+++ b/src/shared/static/js/dgsi.js
@@ -26,7 +26,7 @@ const init = ($node) => {
   });
 
   q("[data-select]", ($input) => {
-    $input.addEventListener("click", () => {
+    $input.addEventListener("focus", () => {
       $input.select();
     });
   });

From 1763b60ed5823c5600d66181e25b5cb4cb0d59ae Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 11 Feb 2025 15:06:40 +0100
Subject: [PATCH 157/172] feat(dgsi/models): We assume that the vlan groups are
 present on kanidm

---
 src/dgsi/models.py | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 0dabdac..12bd468 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -251,27 +251,18 @@ class User(AbstractUser):
 
         group_name = f"vlan_{self.vlan_id}"
 
-        res = sync_call("group_create", group_name)
-
-        if res.data is not None:
-            if (
-                res.data.get("plugin", {}).get("attrunique")
-                == "duplicate value detected"
-            ):
-                logger.info(f"The {group_name} group already exists")
-                group = sync_call("group_get", group_name)
-
-                if group.member != []:
-                    raise ValueError(
-                        _("Le VLAN {} est déjà attribué.").format(self.vlan_id)
-                    )
-
-        # The group is created and should be empty, so we can add the user to it
+        # Add the user to the group requested group
         sync_call("group_add_members", group_name, [self.username])
 
         # Check that we succeeded in setting a VLAN that is unique to the current user
         group = sync_call("group_get", group_name)
 
+        if group.member == []:
+            # Something went wrong
+            self.vlan_id = None
+            self.save(update_fields=["vlan_id"])
+            raise RuntimeError("VLAN attribution failed")
+
         if group.member != [f"{self.username}@sso.dgnum.eu"]:
             # Remove the user from the group
             sync_call("group_delete_members", group_name, [self.username])

From 1ad35c7033d8af1e8fe2ab0bac85d1bdccc1c74a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 11 Feb 2025 15:32:43 +0100
Subject: [PATCH 158/172] feat(dgsi/account): Update the e-mail address at
 login

---
 src/shared/account.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/shared/account.py b/src/shared/account.py
index 5c2a2f8..fe89444 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -12,6 +12,7 @@ from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 
 from dgsi.models import Translation, User
+from shared.kanidm import sync_call
 
 logger = logging.getLogger(__name__)
 
@@ -95,6 +96,12 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
         u.is_superuser = u.part_of(settings.DGSI_SUPERUSER_GROUP)
         u.is_staff = u.is_superuser or u.part_of(settings.DGSI_STAFF_GROUP)
 
+        # Update the e-mail address if possible
+        if u.kanidm is not None:
+            emails = sync_call("call_get", f"/v1/person/{u.username}/_attr/mail")
+            if emails != []:
+                u.email = emails[0]
+
         # Save the updated user if needed
         if sociallogin.is_existing:
             u.save()

From 9f978ae6a509c52fbd0822ec2c5abb0883ceea74 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 11 Feb 2025 15:35:23 +0100
Subject: [PATCH 159/172] fix(dgsi/account): Use the correct field

---
 src/shared/account.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/account.py b/src/shared/account.py
index fe89444..42ff5ee 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -98,7 +98,7 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
 
         # Update the e-mail address if possible
         if u.kanidm is not None:
-            emails = sync_call("call_get", f"/v1/person/{u.username}/_attr/mail")
+            emails = sync_call("call_get", f"/v1/person/{u.username}/_attr/mail").data
             if emails != []:
                 u.email = emails[0]
 

From 07192b14f72ef85a7d25bfab4b4b86418f2a8f14 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 19 Feb 2025 12:00:37 +0100
Subject: [PATCH 160/172] fix(footer): Update translation

---
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 9093 -> 9089 bytes
 src/shared/locale/en/LC_MESSAGES/django.po |   4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index 292fbef32acc1516a29e3a37ae2037aa6ef20bcb..a7e974f4f00e1d2953e6e37964ef52f68e468b68 100644
GIT binary patch
delta 363
zcmXZXJxfAi6u|Mb_=2U~K(ZvSdIew5K_d`d3<EC?(HH0wL@natAR^-Crr;!QB1jP2
z*`d8g7eNr*TU`YGA8PtN&*8lG?XLZK@9Nkh@*NTJW6%_dqJ=)JViKRw!X^fAjA5MN
z8Ghk8{-77vsP#M4zQ1^j2fV}^hJ-L1m5!u&JQ6VQ4L#UKH}?M>pcV`<gA3HW6~=Lc
zT7SeI8nM4cMo35|Si&Xh!F$w&Dsg_g;R{{#vR9mA3!l;A>>M`m0jF5QE$ZM@LZpaw
dr{&HW-a;u>xGU%L&c{{VGn`(S&b9gOIsu(jD~|vG

delta 382
zcmXZXJxfAy6vy!cp<c?wKrAGm5-x_)%@jhXAn+0r(K~2JYEc9=auAhhXmitO3KtQi
z;JyNfwwA`0APL-CUHTqq`uv~H`TtJOzPDd<u1-lr-oqm6xD^qJqKT_mL=(?(2XE1b
zPZ+`puHhSc@dFL~Lakq*_Wi|e)aDxy#!a-M(vc(!n*%@A(1Sg6<HNsw)Pe!-;tT4#
zPmJR?YW+$~<PHO<L59ecJYybbXyXz!&~codCcL1FPFBS+w($&2#!ll69^nX!_=Ea!
zDj{-+r%ubA_8a?|*g>X{%R1BGi6=Pk4zC-HTD@RdmsizhWv|?vcOM-i(sKO)6xA}x

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 7df508e..5472a2b 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2025-02-01 21:40+0100\n"
-"PO-Revision-Date: 2025-02-01 21:43+0100\n"
+"PO-Revision-Date: 2025-02-19 12:00+0100\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -304,7 +304,7 @@ msgstr "Invalid connection method."
 msgid ""
 "Logiciel développé pour et par la <a href=\"https://dgnum.eu\">DGNum</a>."
 msgstr ""
-"Software developed for and by the <a href=‘https://dgnum.eu’>DGNum</a>."
+"Software developed for and by the <a href=\"https://dgnum.eu\">DGNum</a>."
 
 msgid "Déconnexion"
 msgstr "Logout"

From 5e356f73020cc6d4eb2d2f2ae9fc3db6cc76ad7e Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 22 Feb 2025 18:59:03 +0100
Subject: [PATCH 161/172] feat(account): Use a setting to register VLANs
 automatically on registration

---
 src/app/settings.py | 1 +
 src/dgsi/views.py   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/app/settings.py b/src/app/settings.py
index 890a5ad..89a86f0 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -242,6 +242,7 @@ DGSI_SUPERUSER_GROUP = credentials.get("SUPERUSER_GROUP", "dgnum_admins@sso.dgnu
 
 VLAN_ID_MAX = 4094
 VLAN_ID_MIN = (VLAN_ID_MAX - 850) + 1
+VLAN_AUTOCONNECT = credentials.get("VLAN_AUTOCONNECT", False)
 
 
 ###
diff --git a/src/dgsi/views.py b/src/dgsi/views.py
index 08bbeff..e956282 100644
--- a/src/dgsi/views.py
+++ b/src/dgsi/views.py
@@ -184,6 +184,9 @@ class CreateSelfAccountView(AccessMixin, SuccessMessageMixin, FormView):
             headers={"Reply-To": "contact@dgnum.eu"},
         ).send()
 
+        if settings.VLAN_AUTOCONNECT:
+            u.register_unique_vlan()
+
         return super().form_valid(form)
 
 

From d646cbd421813e567c75623a0d166925ecc52bfb Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 31 Mar 2025 00:36:04 +0200
Subject: [PATCH 162/172] feat(api): Init

This initializes an API app, which is accessible through dedicated
service accounts, using token authentication. The first view is simply
to get details about a user, which will be useful for vlan attribution
---
 default.nix                        |   1 +
 src/api/__init__.py                |   0
 src/api/admin.py                   |  54 ++++++++++++
 src/api/apps.py                    |   6 ++
 src/api/authentication.py          |  66 ++++++++++++++
 src/api/migrations/0001_initial.py | 134 +++++++++++++++++++++++++++++
 src/api/migrations/__init__.py     |   0
 src/api/models.py                  |  65 ++++++++++++++
 src/api/permissions.py             |  13 +++
 src/api/serializers.py             |   9 ++
 src/api/urls.py                    |   9 ++
 src/api/views.py                   |  21 +++++
 src/app/settings.py                |  17 ++++
 src/app/urls.py                    |   1 +
 14 files changed, 396 insertions(+)
 create mode 100644 src/api/__init__.py
 create mode 100644 src/api/admin.py
 create mode 100644 src/api/apps.py
 create mode 100644 src/api/authentication.py
 create mode 100644 src/api/migrations/0001_initial.py
 create mode 100644 src/api/migrations/__init__.py
 create mode 100644 src/api/models.py
 create mode 100644 src/api/permissions.py
 create mode 100644 src/api/serializers.py
 create mode 100644 src/api/urls.py
 create mode 100644 src/api/views.py

diff --git a/default.nix b/default.nix
index afd1e90..0d3433b 100644
--- a/default.nix
+++ b/default.nix
@@ -74,6 +74,7 @@ in
           ps.django-sass-processor-dart-sass
           ps.django-stubs
           ps.django-unfold
+          ps.djangorestframework
           ps.ipython
           ps.loadcredential
           ps.pykanidm
diff --git a/src/api/__init__.py b/src/api/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/api/admin.py b/src/api/admin.py
new file mode 100644
index 0000000..c7e0013
--- /dev/null
+++ b/src/api/admin.py
@@ -0,0 +1,54 @@
+from django.contrib import admin
+from django.utils.translation import gettext_lazy as _
+from import_export.admin import (
+    ImportExportMixin,
+    ImportForm,
+    SelectableFieldsExportForm,
+)
+from import_export.forms import ExportForm
+from unfold.admin import ModelAdmin
+
+from api.models import ServiceUser, Token
+
+
+@admin.register(ServiceUser)
+class UserAdmin(ImportExportMixin, ModelAdmin):
+    import_form_class = ImportForm
+    export_form_class = ExportForm
+    export_form_class = SelectableFieldsExportForm
+
+    fieldsets = (
+        (
+            None,
+            {
+                "fields": (
+                    "username",
+                    "email",
+                )
+            },
+        ),
+        (_("Permissions"), {"fields": ("groups", "user_permissions")}),
+    )
+
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("username",),
+            },
+        ),
+    )
+
+    filter_horizontal = (
+        "groups",
+        "user_permissions",
+    )
+
+
+@admin.register(Token)
+class AdminClass(ImportExportMixin, ModelAdmin):
+    compressed_fields = True
+    import_form_class = ImportForm
+    export_form_class = ExportForm
+    export_form_class = SelectableFieldsExportForm
diff --git a/src/api/apps.py b/src/api/apps.py
new file mode 100644
index 0000000..878e7d5
--- /dev/null
+++ b/src/api/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "api"
diff --git a/src/api/authentication.py b/src/api/authentication.py
new file mode 100644
index 0000000..15036c3
--- /dev/null
+++ b/src/api/authentication.py
@@ -0,0 +1,66 @@
+from django.contrib.auth.backends import BaseBackend
+from django.contrib.auth.models import Permission
+from rest_framework.authentication import TokenAuthentication as Authentication
+
+from api.models import ServiceUser, Token
+
+
+class TokenAuthentication(Authentication):
+    model = Token
+
+
+class ServiceUserBackend(BaseBackend):
+    """
+    This backend is only used to fetch permissions of a ServiceUser.
+    For this reason, the authenticate part is left out.
+    """
+
+    def _get_user_permissions(self, user_obj):
+        return user_obj.user_permissions.all()
+
+    def _get_group_permissions(self, user_obj):
+        return Permission.objects.filter(group__serviceuser=user_obj)
+
+    def _get_permissions(self, user_obj, obj, from_name):
+        """
+        Return the permissions of `user_obj` from `from_name`. `from_name` can
+        be either "group" or "user" to return permissions from
+        `_get_group_permissions` or `_get_user_permissions` respectively.
+        """
+        if not user_obj.is_active or user_obj.is_anonymous or obj is not None:
+            return set()
+
+        perm_cache_name = "_%s_perm_cache" % from_name
+        if not hasattr(user_obj, perm_cache_name):
+            if user_obj.is_superuser:
+                perms = Permission.objects.all()
+            else:
+                perms = getattr(self, "_get_%s_permissions" % from_name)(user_obj)
+            perms = perms.values_list("content_type__app_label", "codename").order_by()
+            setattr(
+                user_obj, perm_cache_name, {"%s.%s" % (ct, name) for ct, name in perms}
+            )
+        return getattr(user_obj, perm_cache_name)
+
+    def get_user_permissions(self, user_obj, obj=None):
+        """
+        Return a set of permission strings the user `user_obj` has from their
+        `user_permissions`.
+        """
+        return self._get_permissions(user_obj, obj, "user")
+
+    def get_group_permissions(self, user_obj, obj=None):
+        """
+        Return a set of permission strings the user `user_obj` has from the
+        groups they belong.
+        """
+        return self._get_permissions(user_obj, obj, "group")
+
+    def get_all_permissions(self, user_obj, obj=None):
+        if not isinstance(user_obj, ServiceUser) or obj is not None:
+            return set()
+        if not hasattr(user_obj, "_perm_cache"):
+            setattr(user_obj, "_perm_cache", super().get_all_permissions(user_obj))
+
+        # NOTE: We just set the perm cache, so it has to exist, no matter what the typing system tells us
+        return user_obj._perm_cache  # type: ignore
diff --git a/src/api/migrations/0001_initial.py b/src/api/migrations/0001_initial.py
new file mode 100644
index 0000000..572b529
--- /dev/null
+++ b/src/api/migrations/0001_initial.py
@@ -0,0 +1,134 @@
+# Generated by Django 4.2.17 on 2025-03-30 21:29
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+import django.db.models.deletion
+import django.utils.timezone
+import rest_framework.authtoken.models
+from django.db import migrations, models
+
+import api.models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ServiceUser",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "last_login",
+                    models.DateTimeField(
+                        blank=True, null=True, verbose_name="last login"
+                    ),
+                ),
+                (
+                    "username",
+                    models.CharField(
+                        error_messages={
+                            "unique": "A user with that username already exists."
+                        },
+                        help_text="Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.",
+                        max_length=150,
+                        unique=True,
+                        validators=[
+                            django.contrib.auth.validators.UnicodeUsernameValidator()
+                        ],
+                        verbose_name="username",
+                    ),
+                ),
+                (
+                    "email",
+                    models.EmailField(
+                        blank=True, max_length=254, verbose_name="email address"
+                    ),
+                ),
+                (
+                    "date_joined",
+                    models.DateTimeField(
+                        default=django.utils.timezone.now, verbose_name="date joined"
+                    ),
+                ),
+                (
+                    "password",
+                    models.CharField(
+                        default=api.models.unusable_password,
+                        editable=False,
+                        max_length=128,
+                        verbose_name="password",
+                    ),
+                ),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
+                        to="auth.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "user_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this user.",
+                        to="auth.permission",
+                        verbose_name="user permissions",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Service user",
+                "verbose_name_plural": "Service users",
+            },
+            managers=[
+                ("objects", django.contrib.auth.models.UserManager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name="Token",
+            fields=[
+                (
+                    "created",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Created"),
+                ),
+                (
+                    "key",
+                    models.CharField(
+                        default=rest_framework.authtoken.models.Token.generate_key,
+                        max_length=40,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="Key",
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="api.serviceuser",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Token",
+                "verbose_name_plural": "Tokens",
+                "abstract": False,
+            },
+        ),
+    ]
diff --git a/src/api/migrations/__init__.py b/src/api/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/api/models.py b/src/api/models.py
new file mode 100644
index 0000000..b9f7f3e
--- /dev/null
+++ b/src/api/models.py
@@ -0,0 +1,65 @@
+from django.contrib.auth.hashers import make_password
+from django.contrib.auth.models import AbstractUser, Group, Permission
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+from rest_framework.authtoken.models import Token as BaseToken
+
+
+def unusable_password() -> str:
+    return make_password(None)
+
+
+###
+# NOTE: We subclass the classic User model to create scoped authentication
+#       that is limited to the API usage.
+class ServiceUser(AbstractUser):
+    """
+    Service Users
+    """
+
+    is_superuser = False
+    is_staff = False
+    is_active = True
+
+    password = models.CharField(
+        max_length=128,
+        verbose_name="password",
+        default=unusable_password,
+        editable=False,
+    )
+
+    @property
+    def first_name(self):
+        return self.username
+
+    last_name = "[service]"
+
+    groups = models.ManyToManyField(
+        Group,
+        verbose_name=_("groups"),
+        blank=True,
+        help_text=_(
+            "The groups this user belongs to. A user will get all permissions "
+            "granted to each of their groups."
+        ),
+    )
+    user_permissions = models.ManyToManyField(
+        Permission,
+        verbose_name=_("user permissions"),
+        blank=True,
+        help_text=_("Specific permissions for this user."),
+    )
+
+    class Meta:
+        verbose_name = _("Service user")
+        verbose_name_plural = _("Service users")
+
+
+class Token(BaseToken):
+    user = models.ForeignKey(ServiceUser, on_delete=models.CASCADE)
+    key = models.CharField(
+        _("Key"),
+        max_length=40,
+        primary_key=True,
+        default=BaseToken.generate_key,
+    )
diff --git a/src/api/permissions.py b/src/api/permissions.py
new file mode 100644
index 0000000..29875d7
--- /dev/null
+++ b/src/api/permissions.py
@@ -0,0 +1,13 @@
+from rest_framework.permissions import DjangoModelPermissions
+
+
+class DgsiModelPermissions(DjangoModelPermissions):
+    perms_map = {
+        "GET": ["%(app_label)s.view_%(model_name)s"],
+        "OPTIONS": [],
+        "HEAD": [],
+        "POST": ["%(app_label)s.add_%(model_name)s"],
+        "PUT": ["%(app_label)s.change_%(model_name)s"],
+        "PATCH": ["%(app_label)s.change_%(model_name)s"],
+        "DELETE": ["%(app_label)s.delete_%(model_name)s"],
+    }
diff --git a/src/api/serializers.py b/src/api/serializers.py
new file mode 100644
index 0000000..8a645d4
--- /dev/null
+++ b/src/api/serializers.py
@@ -0,0 +1,9 @@
+from rest_framework import serializers
+
+from dgsi.models import User
+
+
+class DgsiUserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ["username", "email", "vlan_id"]
diff --git a/src/api/urls.py b/src/api/urls.py
new file mode 100644
index 0000000..64d3cef
--- /dev/null
+++ b/src/api/urls.py
@@ -0,0 +1,9 @@
+from django.urls import path
+
+from . import views
+
+app_name = "api"
+
+urlpatterns = [
+    path("user/<str:username>/", views.UserView.as_view()),
+]
diff --git a/src/api/views.py b/src/api/views.py
new file mode 100644
index 0000000..838e3d6
--- /dev/null
+++ b/src/api/views.py
@@ -0,0 +1,21 @@
+from django.http import HttpResponse, JsonResponse
+from rest_framework.views import APIView
+
+from api.permissions import DgsiModelPermissions
+from api.serializers import DgsiUserSerializer
+from dgsi.models import User
+
+
+class UserView(APIView):
+    permission_classes = [DgsiModelPermissions]
+
+    def get_queryset(self):
+        return User.objects.all()
+
+    def get(self, request, username, format=None):
+        try:
+            user = self.get_queryset().get(username=username)
+        except User.DoesNotExist:
+            return HttpResponse(status=404)
+
+        return JsonResponse(DgsiUserSerializer(user).data)
diff --git a/src/app/settings.py b/src/app/settings.py
index 89a86f0..e189d26 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -54,6 +54,9 @@ INSTALLED_APPS = [
     "shared.cas",
     # Main app
     "dgsi",
+    # API
+    "rest_framework",
+    "api",
 ]
 
 ###
@@ -155,6 +158,10 @@ DATABASES = credentials.get_json(
 # Disable password validation, no authentication should use local passwords
 
 AUTHENTICATION_BACKENDS = [
+    # NOTE: The ServiceUserBackend has to be first because of crimes committed:
+    #       We create a second model of Users, unrelated to the auth_user_model,
+    #       this goes against all assumptions made in Django's code
+    "api.authentication.ServiceUserBackend",
     "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
@@ -245,6 +252,16 @@ VLAN_ID_MIN = (VLAN_ID_MAX - 850) + 1
 VLAN_AUTOCONNECT = credentials.get("VLAN_AUTOCONNECT", False)
 
 
+###
+# Rest Framework configuration
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "api.authentication.TokenAuthentication",
+    ]
+}
+
+
 ###
 # Internationalization configuration
 #   -> https://docs.djangoproject.com/en/4.2/topics/i18n/
diff --git a/src/app/urls.py b/src/app/urls.py
index 4907912..74af7f7 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -22,6 +22,7 @@ from django.urls import include, path
 
 urlpatterns = [
     path("", include("dgsi.urls")),
+    path("api/", include("api.urls")),
     path("accounts/", include("allauth.urls")),
     path("admin/", admin.site.urls),
     path("i18n/", include("django.conf.urls.i18n")),

From 9593eac5e2be22aa9a78bd3204b1c144396288fd Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 31 Mar 2025 00:39:08 +0200
Subject: [PATCH 163/172] chore(pkgs): Drop django-allauth override

---
 pkgs/django-allauth/default.nix | 96 ---------------------------------
 1 file changed, 96 deletions(-)
 delete mode 100644 pkgs/django-allauth/default.nix

diff --git a/pkgs/django-allauth/default.nix b/pkgs/django-allauth/default.nix
deleted file mode 100644
index 509c3b1..0000000
--- a/pkgs/django-allauth/default.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{
-  lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  pythonOlder,
-  # build-system
-  setuptools,
-  # dependencies
-  django,
-  python3-openid,
-  requests,
-  requests-oauthlib,
-  pyjwt,
-  # optional-dependencies
-  python3-saml,
-  qrcode,
-  fido2,
-  # tests
-  pillow,
-  pytestCheckHook,
-  pytest-django,
-  # passthru tests
-  dj-rest-auth,
-}:
-
-buildPythonPackage rec {
-  pname = "django-allauth";
-  version = "64.2.1";
-  pyproject = true;
-
-  disabled = pythonOlder "3.7";
-
-  src = fetchFromGitHub {
-    owner = "pennersr";
-    repo = "django-allauth";
-    rev = "refs/tags/${version}";
-    hash = "sha256-JKjM+zqrXidxpbi+fo6wbvdXlw2oDYH51EsvQ5yp3R8=";
-  };
-
-  nativeBuildInputs = [
-    setuptools
-  ];
-
-  propagatedBuildInputs = [
-    django
-  ];
-
-  passthru.optional-dependencies = {
-    mfa = [
-      qrcode
-      fido2
-    ];
-    openid = [
-      python3-openid
-    ];
-    saml = [
-      python3-saml
-    ];
-    socialaccount = [
-      pyjwt
-      requests
-      requests-oauthlib
-    ] ++ pyjwt.optional-dependencies.crypto;
-    steam = [
-      python3-openid
-    ];
-  };
-
-  pythonImportsCheck = [
-    "allauth"
-  ];
-
-  nativeCheckInputs = [
-    pillow
-    pytestCheckHook
-    pytest-django
-  ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);
-
-  disabledTests = [
-    # Tests require network access
-    "test_login"
-  ];
-
-  passthru.tests = {
-    inherit dj-rest-auth;
-  };
-
-  meta = with lib; {
-    changelog = "https://github.com/pennersr/django-allauth/blob/${version}/ChangeLog.rst";
-    description = "Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication";
-    downloadPage = "https://github.com/pennersr/django-allauth";
-    homepage = "https://www.intenct.nl/projects/django-allauth";
-    license = licenses.mit;
-    maintainers = with maintainers; [ derdennisop ];
-  };
-}

From d2270b7866137c4d95c7aa49c14baa8900a55161 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 31 Mar 2025 00:40:39 +0200
Subject: [PATCH 164/172] chore(npins): Update nixpkgs

---
 default.nix        | 1 +
 npins/sources.json | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/default.nix b/default.nix
index 0d3433b..0e98920 100644
--- a/default.nix
+++ b/default.nix
@@ -84,6 +84,7 @@ in
           ps.pyopenssl
         ]
         ++ ps.django-allauth.optional-dependencies.saml
+        ++ ps.django-allauth.optional-dependencies.socialaccount
       ))
     ] ++ check.enabledPackages;
 
diff --git a/npins/sources.json b/npins/sources.json
index b342725..6b75fc3 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -15,8 +15,8 @@
     "nixpkgs": {
       "type": "Channel",
       "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre745387.762a39889257/nixexprs.tar.xz",
-      "hash": "1pyr54allmvlxd5q4nhflmbdmma41nv2cib3i1qbrhaqm65vf97x"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre776128.eb0e0f21f15c/nixexprs.tar.xz",
+      "hash": "0l04lkdi3slwwlgwyr8x0argzxcxm16a4hkijfxbjhlj44y1bkif"
     }
   },
   "version": 3

From eecfdc8c1d9db107c483d1e4396c4e4ba2a6260b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 31 Mar 2025 00:55:07 +0200
Subject: [PATCH 165/172] feat(api): Add drf-spectacular

---
 default.nix         |  2 ++
 src/api/urls.py     |  8 ++++++++
 src/app/settings.py | 14 +++++++++++++-
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index 0e98920..0907427 100644
--- a/default.nix
+++ b/default.nix
@@ -75,6 +75,7 @@ in
           ps.django-stubs
           ps.django-unfold
           ps.djangorestframework
+          ps.drf-spectacular
           ps.ipython
           ps.loadcredential
           ps.pykanidm
@@ -85,6 +86,7 @@ in
         ]
         ++ ps.django-allauth.optional-dependencies.saml
         ++ ps.django-allauth.optional-dependencies.socialaccount
+        ++ ps.drf-spectacular.optional-dependencies.sidecar
       ))
     ] ++ check.enabledPackages;
 
diff --git a/src/api/urls.py b/src/api/urls.py
index 64d3cef..b9fb8c8 100644
--- a/src/api/urls.py
+++ b/src/api/urls.py
@@ -1,4 +1,5 @@
 from django.urls import path
+from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView
 
 from . import views
 
@@ -6,4 +7,11 @@ app_name = "api"
 
 urlpatterns = [
     path("user/<str:username>/", views.UserView.as_view()),
+    # Schema views
+    path("schema/", SpectacularAPIView.as_view(), name="schema"),
+    path(
+        "schema/swagger-ui/",
+        SpectacularSwaggerView.as_view(url_name="api:schema"),
+        name="swagger-ui",
+    ),
 ]
diff --git a/src/app/settings.py b/src/app/settings.py
index e189d26..c1557b0 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -57,6 +57,8 @@ INSTALLED_APPS = [
     # API
     "rest_framework",
     "api",
+    "drf_spectacular",
+    "drf_spectacular_sidecar",
 ]
 
 ###
@@ -258,7 +260,17 @@ VLAN_AUTOCONNECT = credentials.get("VLAN_AUTOCONNECT", False)
 REST_FRAMEWORK = {
     "DEFAULT_AUTHENTICATION_CLASSES": [
         "api.authentication.TokenAuthentication",
-    ]
+    ],
+    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+}
+
+
+SPECTACULAR_SETTINGS = {
+    "TITLE": "DG·SI API",
+    "VERSION": "0.1.0",
+    "SWAGGER_UI_DIST": "SIDECAR",  # shorthand to use the sidecar instead
+    "SWAGGER_UI_FAVICON_HREF": "SIDECAR",
+    "REDOC_DIST": "SIDECAR",
 }
 
 

From 0630a8251c484583a6e91ea10cd820e3150bcec8 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 31 Mar 2025 10:23:14 +0200
Subject: [PATCH 166/172] chore(admin): Harmonize ModelAdmin classes

---
 src/api/admin.py    | 31 ++++++++++++++-----------------
 src/dgsi/admin.py   | 41 ++++++++++++++++++++++-------------------
 src/shared/admin.py | 14 ++++++++++++++
 3 files changed, 50 insertions(+), 36 deletions(-)
 create mode 100644 src/shared/admin.py

diff --git a/src/api/admin.py b/src/api/admin.py
index c7e0013..3a7376f 100644
--- a/src/api/admin.py
+++ b/src/api/admin.py
@@ -1,22 +1,12 @@
 from django.contrib import admin
 from django.utils.translation import gettext_lazy as _
-from import_export.admin import (
-    ImportExportMixin,
-    ImportForm,
-    SelectableFieldsExportForm,
-)
-from import_export.forms import ExportForm
-from unfold.admin import ModelAdmin
 
 from api.models import ServiceUser, Token
+from shared.admin import BaseModelAdmin
 
 
 @admin.register(ServiceUser)
-class UserAdmin(ImportExportMixin, ModelAdmin):
-    import_form_class = ImportForm
-    export_form_class = ExportForm
-    export_form_class = SelectableFieldsExportForm
-
+class UserAdmin(BaseModelAdmin):
     fieldsets = (
         (
             None,
@@ -47,8 +37,15 @@ class UserAdmin(ImportExportMixin, ModelAdmin):
 
 
 @admin.register(Token)
-class AdminClass(ImportExportMixin, ModelAdmin):
-    compressed_fields = True
-    import_form_class = ImportForm
-    export_form_class = ExportForm
-    export_form_class = SelectableFieldsExportForm
+class AdminClass(BaseModelAdmin):
+    readonly_fields = ("key",)
+
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("user",),
+            },
+        ),
+    )
diff --git a/src/dgsi/admin.py b/src/dgsi/admin.py
index 6347f0c..db00872 100644
--- a/src/dgsi/admin.py
+++ b/src/dgsi/admin.py
@@ -1,21 +1,16 @@
 from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
 from django.contrib import admin
+from django.contrib.auth.admin import GroupAdmin as DjangoGroupAdmin
 from django.contrib.auth.admin import UserAdmin as DjangoUserAdmin
+from django.contrib.auth.models import Group
 from django.utils.translation import gettext_lazy as _
-from import_export.admin import ImportExportMixin
-from unfold.admin import ModelAdmin
-from unfold.contrib.import_export.forms import (
-    ExportForm,
-    ImportForm,
-    SelectableFieldsExportForm,
-)
 
 from dgsi.models import Archive, Bylaws, Service, Statutes, Translation, User
+from shared.admin import BaseModelAdmin
 
 assert DjangoUserAdmin.fieldsets is not None
 
 
-# Unregister allauth models
 def unregister(*models, site=None):
     """
     Unregister the given model(s) classes.
@@ -35,15 +30,20 @@ def unregister(*models, site=None):
     admin_site.unregister(models)
 
 
+# Unregister allauth models
 unregister(SocialAccount, SocialApp, SocialToken)
 
+# Unregister django models
+unregister(Group)
+
+
+@admin.register(Group)
+class GroupAdmin(DjangoGroupAdmin, BaseModelAdmin):
+    pass
+
 
 @admin.register(User)
-class UserAdmin(DjangoUserAdmin, ImportExportMixin, ModelAdmin):
-    import_form_class = ImportForm
-    export_form_class = ExportForm
-    export_form_class = SelectableFieldsExportForm
-
+class UserAdmin(DjangoUserAdmin, BaseModelAdmin):
     readonly_fields = ("vlan_id",)
 
     # Add the local fields
@@ -60,9 +60,12 @@ class UserAdmin(DjangoUserAdmin, ImportExportMixin, ModelAdmin):
     )
 
 
-@admin.register(Archive, Bylaws, Service, SocialAccount, Statutes, Translation)
-class AdminClass(ImportExportMixin, ModelAdmin):
-    compressed_fields = True
-    import_form_class = ImportForm
-    export_form_class = ExportForm
-    export_form_class = SelectableFieldsExportForm
+for model in [
+    Archive,
+    Bylaws,
+    Service,
+    SocialAccount,
+    Statutes,
+    Translation,
+]:
+    admin.site.register(model, BaseModelAdmin)
diff --git a/src/shared/admin.py b/src/shared/admin.py
new file mode 100644
index 0000000..c0d0cdd
--- /dev/null
+++ b/src/shared/admin.py
@@ -0,0 +1,14 @@
+from import_export.admin import (
+    ImportExportMixin,
+    ImportForm,
+    SelectableFieldsExportForm,
+)
+from import_export.forms import ExportForm
+from unfold.admin import ModelAdmin
+
+
+class BaseModelAdmin(ImportExportMixin, ModelAdmin):
+    compressed_fields = True
+    import_form_class = ImportForm
+    export_form_class = ExportForm
+    export_form_class = SelectableFieldsExportForm

From cfc74054cf82dfe25acab9fc1a496379bdd07a3b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 3 May 2025 15:45:46 +0200
Subject: [PATCH 167/172] chore(pkgs): Redo django-sesame packaging

---
 pkgs/django-sesame/default.nix | 54 ++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 pkgs/django-sesame/default.nix

diff --git a/pkgs/django-sesame/default.nix b/pkgs/django-sesame/default.nix
new file mode 100644
index 0000000..7cac5bb
--- /dev/null
+++ b/pkgs/django-sesame/default.nix
@@ -0,0 +1,54 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  python,
+  poetry-core,
+  django,
+  ua-parser,
+}:
+
+buildPythonPackage rec {
+  pname = "django-sesame";
+  version = "3.2.3";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "aaugustin";
+    repo = "django-sesame";
+    rev = version;
+    hash = "sha256-JpbmcV5hAZkW15cizsAJhmTda4xtML0EY/PJdVSInUs=";
+  };
+
+  build-system = [
+    poetry-core
+  ];
+
+  dependencies = [
+    django
+  ];
+
+  optional-dependencies = {
+    ua = [
+      ua-parser
+    ];
+  };
+
+  pythonImportsCheck = [
+    "sesame"
+  ];
+
+  checkPhase = ''
+    runHook preCheck
+
+    ${python.interpreter} -m django test --settings=tests.settings
+
+    runHook postCheck
+  '';
+
+  meta = {
+    description = "URLs with authentication tokens for one-click login";
+    homepage = "https://github.com/aaugustin/django-sesame";
+    license = lib.licenses.bsd3;
+  };
+}

From b6b31ab6bd128cf93dac68899dd4c6aa3d933163 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 3 May 2025 15:52:49 +0200
Subject: [PATCH 168/172] feat(account): Move permissions update to a signal
 handler

---
 src/dgsi/apps.py                      |  4 ++++
 src/shared/account.py                 | 26 +++++++++++---------------
 src/shared/authentication/__init__.py |  0
 src/shared/authentication/signals.py  | 26 ++++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 15 deletions(-)
 create mode 100644 src/shared/authentication/__init__.py
 create mode 100644 src/shared/authentication/signals.py

diff --git a/src/dgsi/apps.py b/src/dgsi/apps.py
index 71e9306..3b00072 100644
--- a/src/dgsi/apps.py
+++ b/src/dgsi/apps.py
@@ -4,3 +4,7 @@ from django.apps import AppConfig
 class DgsiConfig(AppConfig):
     default_auto_field = "django.db.models.BigAutoField"
     name = "dgsi"
+
+    def ready(self):
+        # Implicitely connect signal handlers
+        from shared.authentication import signals
diff --git a/src/shared/account.py b/src/shared/account.py
index 42ff5ee..6877029 100644
--- a/src/shared/account.py
+++ b/src/shared/account.py
@@ -5,14 +5,12 @@ from typing import Optional
 from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
-from django.conf import settings
 from django.contrib import messages
 from django.http import HttpRequest, HttpResponseRedirect
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 
 from dgsi.models import Translation, User
-from shared.kanidm import sync_call
 
 logger = logging.getLogger(__name__)
 
@@ -80,9 +78,17 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
 
     def _update_user(self, request: HttpRequest, sociallogin: SocialLogin):
         """
-        Updates the required attributes of the user:
-        - username
-        - permissions
+        Updates the username of the user.
+
+        There are two usecases for this:
+
+        - Choosing the correct username at the first login:
+          + Get the `preferred_username` for the DGNum login
+          + Get the `cas_login` for the CAS login
+
+        - Updating the username when it is changed remotely
+          + kanidm allows updating the `preferred_username`
+          + a translation can be added for CAS logins
         """
 
         u = sociallogin.user
@@ -92,16 +98,6 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
         # Update the username first, so that calls to kanidm return the correct information
         u.username = self._get_username(request, sociallogin)
 
-        # Update the global permissions
-        u.is_superuser = u.part_of(settings.DGSI_SUPERUSER_GROUP)
-        u.is_staff = u.is_superuser or u.part_of(settings.DGSI_STAFF_GROUP)
-
-        # Update the e-mail address if possible
-        if u.kanidm is not None:
-            emails = sync_call("call_get", f"/v1/person/{u.username}/_attr/mail").data
-            if emails != []:
-                u.email = emails[0]
-
         # Save the updated user if needed
         if sociallogin.is_existing:
             u.save()
diff --git a/src/shared/authentication/__init__.py b/src/shared/authentication/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/shared/authentication/signals.py b/src/shared/authentication/signals.py
new file mode 100644
index 0000000..8b3d7a7
--- /dev/null
+++ b/src/shared/authentication/signals.py
@@ -0,0 +1,26 @@
+from django.contrib.auth import user_logged_in
+from django.dispatch.dispatcher import receiver
+
+from app import settings
+from dgsi.models import User
+from shared.kanidm import sync_call
+
+
+# NOTE: We use a signal to update permissions so that using magic links
+#       Two kind of users exist, regular `User`s and `ServiceUser`s.
+#       Updating permissions should only be done for regular ones.
+@receiver(user_logged_in, sender=User)
+def update_userinfo(**kwargs):
+    u = kwargs["user"]
+
+    # Update the global permissions
+    u.is_superuser = u.part_of(settings.DGSI_SUPERUSER_GROUP)
+    u.is_staff = u.is_superuser or u.part_of(settings.DGSI_STAFF_GROUP)
+
+    # Update the e-mail address if possible
+    if u.kanidm is not None:
+        emails = sync_call("call_get", f"/v1/person/{u.username}/_attr/mail").data
+        if emails != []:
+            u.email = emails[0]
+
+    u.save()

From 60b9e41b1bd42093ae58891875820290da50c793 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 3 May 2025 15:56:14 +0200
Subject: [PATCH 169/172] feat(account): Add magic-link login

---
 default.nix                                 |   2 +
 src/app/settings.py                         |   6 ++
 src/app/urls.py                             |   1 +
 src/dgsi/apps.py                            |   2 +-
 src/shared/authentication/forms.py          |  11 ++
 src/shared/authentication/urls.py           |  10 ++
 src/shared/authentication/views.py          | 109 ++++++++++++++++++++
 src/shared/templates/account/link_form.html |  18 ++++
 src/shared/templates/account/login.html     |   8 +-
 src/shared/templates/mail/magic_link.txt    |  21 ++++
 10 files changed, 186 insertions(+), 2 deletions(-)
 create mode 100644 src/shared/authentication/forms.py
 create mode 100644 src/shared/authentication/urls.py
 create mode 100644 src/shared/authentication/views.py
 create mode 100644 src/shared/templates/account/link_form.html
 create mode 100644 src/shared/templates/mail/magic_link.txt

diff --git a/default.nix b/default.nix
index 0907427..c78fb0f 100644
--- a/default.nix
+++ b/default.nix
@@ -72,6 +72,7 @@ in
           ps.django-import-export
           ps.django-sass-processor
           ps.django-sass-processor-dart-sass
+          ps.django-sesame
           ps.django-stubs
           ps.django-unfold
           ps.djangorestframework
@@ -86,6 +87,7 @@ in
         ]
         ++ ps.django-allauth.optional-dependencies.saml
         ++ ps.django-allauth.optional-dependencies.socialaccount
+        ++ ps.django-sesame.optional-dependencies.ua
         ++ ps.drf-spectacular.optional-dependencies.sidecar
       ))
     ] ++ check.enabledPackages;
diff --git a/src/app/settings.py b/src/app/settings.py
index c1557b0..1aada1c 100644
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -165,6 +165,7 @@ AUTHENTICATION_BACKENDS = [
     #       this goes against all assumptions made in Django's code
     "api.authentication.ServiceUserBackend",
     "allauth.account.auth_backends.AuthenticationBackend",
+    "sesame.backends.ModelBackend",
 ]
 
 SOCIALACCOUNT_PROVIDERS = {
@@ -253,6 +254,11 @@ VLAN_ID_MAX = 4094
 VLAN_ID_MIN = (VLAN_ID_MAX - 850) + 1
 VLAN_AUTOCONNECT = credentials.get("VLAN_AUTOCONNECT", False)
 
+SESAME_MAX_AGE = 900
+SESAME_ONE_TIME = True
+SESAME_SIGNATURE_SIZE = 24
+SESAME_TOKENS = ["sesame.tokens_v2"]
+
 
 ###
 # Rest Framework configuration
diff --git a/src/app/urls.py b/src/app/urls.py
index 74af7f7..22e6d39 100644
--- a/src/app/urls.py
+++ b/src/app/urls.py
@@ -23,6 +23,7 @@ from django.urls import include, path
 urlpatterns = [
     path("", include("dgsi.urls")),
     path("api/", include("api.urls")),
+    path("accounts/login/link/", include("shared.authentication.urls")),
     path("accounts/", include("allauth.urls")),
     path("admin/", admin.site.urls),
     path("i18n/", include("django.conf.urls.i18n")),
diff --git a/src/dgsi/apps.py b/src/dgsi/apps.py
index 3b00072..1c5783c 100644
--- a/src/dgsi/apps.py
+++ b/src/dgsi/apps.py
@@ -7,4 +7,4 @@ class DgsiConfig(AppConfig):
 
     def ready(self):
         # Implicitely connect signal handlers
-        from shared.authentication import signals
+        from shared.authentication import signals  # noqa: F401
diff --git a/src/shared/authentication/forms.py b/src/shared/authentication/forms.py
new file mode 100644
index 0000000..65109ec
--- /dev/null
+++ b/src/shared/authentication/forms.py
@@ -0,0 +1,11 @@
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+
+class LinkLoginForm(forms.Form):
+    email = forms.EmailField(
+        label=_("Adresse e-mail"),
+        help_text=_(
+            "Si un compte correspondant à cette adresse e-mail est trouvée, un lien de connexion y sera envoyé."
+        ),
+    )
diff --git a/src/shared/authentication/urls.py b/src/shared/authentication/urls.py
new file mode 100644
index 0000000..5f91190
--- /dev/null
+++ b/src/shared/authentication/urls.py
@@ -0,0 +1,10 @@
+from django.urls import path
+
+from . import views
+
+app_name = "authentication"
+
+urlpatterns = [
+    path("", views.LoginFormView.as_view(), name="link_login_form"),
+    path("<str:token>/", views.LoginView.as_view(), name="link_login"),
+]
diff --git a/src/shared/authentication/views.py b/src/shared/authentication/views.py
new file mode 100644
index 0000000..b935c6a
--- /dev/null
+++ b/src/shared/authentication/views.py
@@ -0,0 +1,109 @@
+from http import HTTPStatus
+
+from django.conf import settings
+from django.contrib import messages
+from django.contrib.auth import authenticate, login
+from django.contrib.auth.views import RedirectURLMixin
+from django.core.mail import EmailMessage
+from django.http import Http404
+from django.http.response import HttpResponse, HttpResponseRedirect
+from django.template.loader import render_to_string
+from django.urls import reverse, reverse_lazy
+from django.utils.translation import gettext_lazy as _
+from django.views import View
+from django.views.generic import FormView
+from sesame.utils import get_token
+
+from dgsi.models import User
+from shared.authentication.forms import LinkLoginForm
+
+
+class LoginFormView(FormView):
+    template_name = "account/link_form.html"
+    form_class = LinkLoginForm
+    success_url = reverse_lazy("account_login")
+    extra_context = {"backlink": "account_login"}
+
+    def form_valid(self, form) -> HttpResponse:
+        u = User.objects.filter(email=form.cleaned_data["email"]).first()
+
+        if u is not None:
+            # Send an e-mail containing the token
+            link = self.request.build_absolute_uri(
+                reverse("authentication:link_login", kwargs={"token": get_token(u)})
+            )
+
+            EmailMessage(
+                subject="Connexion au profil DGNum -- DGNum profile login",
+                body=render_to_string(
+                    "mail/magic_link.txt",
+                    context={"link": link},
+                ),
+                from_email="To Be Determined <dgsi@infra.dgnum.eu>",
+                to=[u.email],
+                headers={"Reply-To": "contact@dgnum.eu"},
+            ).send()
+
+        messages.add_message(
+            self.request,
+            messages.INFO,
+            _(
+                "Un e-mail a été envoyé à l'adresse renseignée si un compte y étant associé a été trouvé."
+            ),
+        )
+
+        return super().form_valid(form)
+
+
+class LoginView(RedirectURLMixin, View):
+    """
+    Look for a signed token in the URL of a GET request and log a user in.
+
+    If a valid token is found, the user is redirected to the URL specified in
+    the ``next`` query string parameter or the ``next_page`` attribute of the
+    view. ``next_page`` defaults to :setting:`LOGIN_REDIRECT_URL`.
+
+    If a ``scope`` attribute is set, a :ref:`scoped token <Scoped tokens>` is
+    expected.
+
+    If a ``max_age`` attribute is set, override the :data:`SESAME_MAX_AGE`
+    setting.
+
+    In addition to ``next_page``, :class:`LoginView` also supports
+    ``redirect_field_name``, ``success_url_allowed_hosts``, and
+    ``get_default_redirect_url()``. These APIs behave like their counterparts
+    in Django's built-in :class:`~django.contrib.auth.views.LoginView`.
+
+    """
+
+    scope = ""
+    max_age = None
+    next_page = settings.LOGIN_REDIRECT_URL
+
+    def get(self, request, **kwargs):
+        token = kwargs.get("token")
+
+        if token is None:
+            return self.login_failed()
+
+        user = authenticate(
+            request,
+            sesame=token,
+            scope=self.scope,
+            max_age=self.max_age,
+        )
+        if user is None:
+            return self.login_failed()
+
+        login(request, user)  # updates the last login date
+
+        return self.login_success()
+
+    def login_failed(self):
+        raise Http404
+
+    def login_success(self):
+        if self.next_page is None:
+            return HttpResponse(status=HTTPStatus.NO_CONTENT)
+        else:
+            return HttpResponseRedirect(self.get_success_url())
diff --git a/src/shared/templates/account/link_form.html b/src/shared/templates/account/link_form.html
new file mode 100644
index 0000000..bcce732
--- /dev/null
+++ b/src/shared/templates/account/link_form.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+  {% trans "Connexion par e-mail" as subtitle %}
+  {% include "_subtitle.html" %}
+
+  <form method="post">
+    {% csrf_token %}
+    {% include "bulma/form.html" with form=form %}
+
+    <button class="button is-fullwidth mt-6">
+      <span class="icon"><i class="ti ti-mail-share"></i></span>
+      <span>{% trans "Envoyer un lien" %}</span>
+    </button>
+  </form>
+{% endblock content %}
diff --git a/src/shared/templates/account/login.html b/src/shared/templates/account/login.html
index 87eb4cb..411f9ca 100644
--- a/src/shared/templates/account/login.html
+++ b/src/shared/templates/account/login.html
@@ -4,6 +4,13 @@
 {% load allauth account %}
 
 {% block content %}
+  <div class="grid mt-5">
+    <a class="cell button is-primary py-5 is-size-5 has-text-dark"
+       href="{% url "authentication:link_login_form" %}">{% trans "Connexion par e-mail" %}</a>
+  </div>
+
+  <br>
+
   <h2 class="subtitle">{% trans "Connexion via un compte tiers" %}</h2>
   <hr>
 
@@ -20,7 +27,6 @@
       {% endif %}
 
       <a class="cell button is-{{ provider.app.settings.color }} is-light py-5 is-size-5"
-         title="{{ provider.id }}"
          href="{% provider_login_url provider process="login" scope=scope auth_params=auth_params %}">{{ provider.name }}</a>
     {% endfor %}
   </div>
diff --git a/src/shared/templates/mail/magic_link.txt b/src/shared/templates/mail/magic_link.txt
new file mode 100644
index 0000000..5b2cf3e
--- /dev/null
+++ b/src/shared/templates/mail/magic_link.txt
@@ -0,0 +1,21 @@
+Bonjour,
+
+Une demande de connexion par e-mail vient d'être effectué pour votre compte.
+
+Pour vous connecter à DG·SI, cliquez sur le lien suivant : {{ link }}
+
+Ce-dernier est à usage unique et valable 15 minutes.
+
+-- 
+
+Hello,
+
+An e-mail connection request has just been made for your account.
+
+To connect to DG-SI, click on the following link: {{ link }}
+
+It is single-use and valid for 15 minutes.
+
+
+Bien cordialement,
+La Délégation Générale Numérique

From 904eb7058b9a61250fbfcb0b0bfa71e214bf1067 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 3 May 2025 16:06:18 +0200
Subject: [PATCH 170/172] chore(locale): Update translations

---
 src/shared/locale/en/LC_MESSAGES/django.mo | Bin 9089 -> 10045 bytes
 src/shared/locale/en/LC_MESSAGES/django.po | 107 +++++++++++++++------
 2 files changed, 80 insertions(+), 27 deletions(-)

diff --git a/src/shared/locale/en/LC_MESSAGES/django.mo b/src/shared/locale/en/LC_MESSAGES/django.mo
index a7e974f4f00e1d2953e6e37964ef52f68e468b68..4af5f836917baaea7b81c3366adb766f283b4496 100644
GIT binary patch
delta 3404
zcmciDeQXs~8prX|76e-;lxwLX*drh>3YP+cE+{XeAcCw=ROCgO-h0{(+|Iq;nO18w
zSE9R7V}kL<O*ZUCO?;uo7-C6qHH&7u+4zoc7>%r1L!v<?8g<<mBKrN!o$~U>?w>p1
zna`QIGv_?#IcLg_6@Oh*`gF{YM+`@S7*G7E#u(igKa3Mc;Y?#z<E=Oq_hSowj%jSF
zHRgO=j%Q&f4#&H2EdCzH;GeM`_uy!J8F{W`-l37=#>c2Jk5+y#|3-Cq9M8a1oiUSe
zT;d{B$8Bh_8!yH`Ai0@0Q12g1{1PW{{Y&!ugb^gq_+~1Nv-x2$o{JlB97d=a?8GK~
z3YGbO99m_}0bI)U!I729G%>v?TrWnw-;SEt4jhG#U;{phN^GC58Q;7~gTBnCNOI<@
z#Q&gPtl^}@QmEf&q3$o_bRMokb-WGr`<*xs@54sij~eg;)I^S;60Bl2C6?Qar=bok
zuEaU0gziL@?0#ew%+q)wK96bqCu)Wxc)1xZDuE?PQOs)OpV`Ps&*hM@&E2R(9%`We
zD)DY^XcN7R>fke+jz^I(OcM*OJunS5qgkj9u0rjJEvSTcpa$53n!qclMBYO6{|WNX
z{LJYA9G#;6j>az1Q%6<QNt^Hj^l&Cl#+`UM?!`9z4%gxJWTQlOBdcXzK_z?u-^YL9
zHr&fBFT-XYUW=P?Gd@?Mp_$dO1NGt<ycj3pa@>HMs*HIQZ{+&eIV6XzETBHeUYv%H
zBgHbWqe^`U^%;JfT>pfs^hh?65}k~yRB0}aAvBhu9=IBn&@HGA+L1|^JnFgMp(^zN
zYKfjhmGmQ=h+pA6tmlu(P`nbA*fppLZbntK3*+zqVH#SaU8v0ZP>H;N6vrG$uD?jG
zkE5O+%g+1|C*vYKhN{E@J_)^_L5gPXKn+|*&G?DLy{P?X{+`_U5H<79Q8Pb^n(>dQ
zO?eD8(_w6N{XP!W;Ur{L%v@CIuT6gUP@8TWvR%xBs0lreO7Jguc8SJ2H1ruBL1lUr
zSKx8fOqbir=d~X78Adn-OQ@1Rg{s_Z$TFLcPzisJ`U-wQB|L&`^nN3%UyCKGY0@;b
zMypU6Zb5a>jni-kDzRs97`}w6)Ij3vsQ2DQ?TI6(=Tc;+fzCxGI34-PT#D*%<3#Fz
z4~^~IXv1$%n`<2>W!!@vmXKnY&+s=`#SXd!7vc)sg__7=)PVX#G+;gM#tHaa{0Gj!
zv6OEKE}K%Sd}jA@Lo<2<mDzi!Ob_EFICLt5;?=}LBAx}Z+2g;M5GT@tbBIN{!7;x=
ze4fc!RaRwM<2&@r_+|^Snowrf5n3Z{q%(<S#I=NWazNZnEFs9}v|}k(vk8?yLnvt-
zs=|$gs=JA}kT{RfvaTUCzUk75BS++kS;Uou)>KC|LFG>zLuje|oy7L!uF9)FTyqIa
z=u6RYc?GipJwjEUNEC<#8h;~=8wefRbUH4o5Px1;&l+Mm(VX00oGA3iW;n5)xQx*9
z`NUO(j%<bayq5DiVl$!r!hhD4Z?l7@Bd*as4t<{^h;~97Ztz$|L!X$wcmCd(o5~Ht
zQq#B5x`JT$ojB68*gWQXVk@DevHy?57gU$Ou3cMO@QT*W?DG6v|D3urYU+cYe6K6o
z?!e}J7xd4sudS+C<$C+KjvA<{b;T|}4E=l%md|haBxSopS2V4z*yCqhd=Zv^X!u*n
z*Xx;lS0QpxEV{6e53*hm*@4Gw#zoxrvfK?_GPHGJWTRrfyJw)!%@`cqX7zdyxZ4@g
z_F4w>tW$ymeQDELa2dbd&)CArtZaL}Xrof6AI916P~=73QE1k8I@>}2h0sQWzuGpJ
z%Lg6Y$*1ko_yv2LpUc?}7g-Na?YN^z`Yy|})_Ivun{THh=NFS+(`J2d!71TvK2v^m
z%*L&QGxO{~Uo_A+n71mBn>slAq6<RjcLdDZhNo7oS8u6cUKr*xKJO3qlT<0)-<;Z4
z-Bg*A(K?)(Zuwy2+au@AY?*6k&tK3o@1mAD<vnA6s<|}X(*JBzV|Dq^Icr9*&Ug5M
z?eQsTW%;L%+gV-L>Vhm|<@{iKdEfZM@zTFI;r^<+>rPg=d`0sUsZ*D}QthyOsQHD`
z%697o*2`q_-K2kV_5Gkj#fz(78IU~?Zvx9|wexg#1_Q_Ior$#I%Av9#ZB)n68}Iwk
z|62J@zjXS_yZ^`1uMB#;oS)UwcbEI@x=nFCZKoHq#awVAcQ(w4IWrwsWIy?*m8-Ja
do;KQTe$>fqPxca*DBb^~o&DdJeafUwzXHsLI8^`u

delta 2455
zcmZA2drXye9LMn=2QLtkcmx4OcmRO{JOOGbiGrA<a*<17g3%EUc9_EA99mTDjJ5tS
zi8h~HjaJgArg{12q;om87+YHx{%Dp>*M+cJx6xKBb9Q@w4u{qJZC_r`bI$Ypp6~Db
ze1C_rnt{r|7tVRd45NccA*v#cIgC#(;16RYiqG&>%)uEfz-7_KxUdq_@llM&7m-WM
z8C-_v(TS6IJ5FI7{)}7~Fy=O6mhwR~F2t3n39?WVx=^`PU?%Pe+l89=C|dYBCgHod
z7QaNEVd7(E=SjttoUcKBUWbW#elrKU(T6K=5SQZ#)Cwjr5wD^${{`nq7!$e3m~zge
zV`nR~6SFz@q3$0>E$kdF#`kauUO_GFN1gNhP+geIIH?bFo3yZbsDz5c=MAWdS}_&7
zQ4<b@zaPPMoS()7oJKw957Yu;xmk&2p@n4_&;)J{wxbV~$QY_r?;}+--(fEPiY`p0
z3|d(=rlA{^_yDpf^DJuKmr&Q8L2fnUs6;+ORrdQh>YvVmuD%m8knc<t>YeXHt)v}w
z<Kw6vIEqT-JZj=^Q1kqT>WM`DJcGHYo;ruCa12Xv8tc(oO8qslk2I;0If6=H7%$-|
z?8E?d+=xG59p;c#3-;k!yo}p0hGjKJFgZ4HewN9zZ~+ab-II@ZU?Y;N=?`$gGt6_S
zt{)AbpGKAF9aLhUqE`AX&cols-`_-4%9%WSe=@3K8K~>lqbgR4s<0bbyg7my7<h#P
zHN`lt!_RO&I{8o;CZS4~i%PH-^^W(T66-)E+KZ~>VEFvC@cBj5^_TE6eubOx0-a4I
z0_Hjgn!w`MhsBs;)GOG9TCqFqBdCN1!sj+><)f&?-bAf9h+5%=@aG?(=J^;|oB0}5
z@xMdg^ZuQ*x|(MNYP*!8R#J~jtP_>k09rVVO7J39;)kde#<M528!}M4W(#IxHLBEp
zRK;FEieTQr7@lv&IncJ7M6Kj1YJzL1iD!^x&7Y_WB=Zy{n1__mRG<<%i0bx!RArtH
zJBYg8M)klc)ODX=Kr8>815NM`K811CY$DGiADNeN1CF6qd>xh0W^Pu3EvS`s;tA}-
zTFhYC`PhSHcpSIk6mp5l$>jYPbFiHjjX(``uZO51G^titN2rT6nuvYGCSo<QlTea#
zBZq@V!bR*LN(oi-)}dxs|C#-ua_rSPqlLJKxKAgy4DIC(Vk@D<RTWi2zX2NBDRV==
zs9LQ?H1PnT*HTWXK^;UH&kr@1ww#;L&!|chNod?psFeCY&`PL-cM%$E2=#+TF40Wf
zrIY^+b-G3sLDfT}fWIZgdLob=`pB5OF^bqoR1h?E=v_aA8rm5Rgx)887<%sy;@nV2
zYiuS832ntaghn1wM6?lVz;;4AYm4$$<7reAy9srw_NztI6B^nb_XfSuC5{+xm*+9B
z&+qQ?yX<2zt-<I;Hyy$F#ZeJfmB-p$RbFE~(QkQteye@rWaq?)<@Wn~y!(46PP&3=
zaT5{t%#thiwDau+ez(8Z@3V*EJAzFKZ#nGDq{-N#)rA|Z!lIIbg1mx4`>&)Mk;SgU
z;Em)2$MTwPEA(7%*8yv5WlirP%iY%2-K#8OQ)+{UQidG%!nA3t@!|in@cJzG!5)vh
vz0Y#{eBJ|Ho_1I8r?kTn_CWfmU7m3^sv(qx$7fGvwg!){%6Hh;viJTAKU4=V

diff --git a/src/shared/locale/en/LC_MESSAGES/django.po b/src/shared/locale/en/LC_MESSAGES/django.po
index 5472a2b..eb06951 100644
--- a/src/shared/locale/en/LC_MESSAGES/django.po
+++ b/src/shared/locale/en/LC_MESSAGES/django.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: dgsi.dgnum.eu\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-02-01 21:40+0100\n"
-"PO-Revision-Date: 2025-02-19 12:00+0100\n"
+"POT-Creation-Date: 2025-05-03 16:02+0200\n"
+"PO-Revision-Date: 2025-05-03 16:05+0200\n"
 "Last-Translator: Tom Hubrecht <tom.hubrecht@dgnum.eu>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -16,7 +16,35 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1)\n"
-"X-Generator: Gtranslator 47.1\n"
+"X-Generator: Gtranslator 48.0\n"
+
+msgid "Permissions"
+msgstr "Permissions"
+
+msgid "groups"
+msgstr "groups"
+
+msgid ""
+"The groups this user belongs to. A user will get all permissions granted to "
+"each of their groups."
+msgstr ""
+"The groups this user belongs to. A user will get all permissions granted to "
+"each of their groups."
+
+msgid "user permissions"
+msgstr "user permissions"
+
+msgid "Specific permissions for this user."
+msgstr "Specific permissions for this user."
+
+msgid "Service user"
+msgstr "Services user"
+
+msgid "Service users"
+msgstr "Services users"
+
+msgid "Key"
+msgstr "Key"
 
 msgid "Administration de DGSI"
 msgstr "DGSI Administration"
@@ -65,6 +93,12 @@ msgstr ""
 msgid "De préférence l'adresse '@ens.psl.eu'"
 msgstr "Preferably the ‘@ens.psl.eu’ address"
 
+msgid "<b>Veuillez créer un compte DGNum.</b>"
+msgstr "<b>Please create a DGNum account.</b>"
+
+msgid "<b>Veuillez générer un mot de passe Wi-Fi.</b>"
+msgstr "<b>Please generate a WiFi password.</b>"
+
 msgid "Nom du service proposé"
 msgstr "Name of the proposed service"
 
@@ -116,9 +150,6 @@ msgstr "VLAN assigned to the account"
 msgid "Ce compte a déjà un VLAN associé"
 msgstr "This account already has an assigned VLAN"
 
-msgid "Le VLAN {} est déjà attribué."
-msgstr "The VLAN {} is already assigned."
-
 msgid ""
 " En acceptant, vous assurez avoir lu ce document et en approuver le contenu."
 msgstr ""
@@ -167,12 +198,6 @@ msgstr "Accept the statutes"
 msgid "Accepter le règlement intérieur"
 msgstr "Accept the bylaws"
 
-msgid "Profil personnel"
-msgstr "Personal profile"
-
-msgid "Nom d'utilisateur :"
-msgstr "Username :"
-
 msgid "Mot de passe WiFi :"
 msgstr "WiFi password:"
 
@@ -185,6 +210,23 @@ msgstr "Reset the WiFi password"
 msgid "Générer un mot de passe WiFi"
 msgstr "Generate a WiFi password:"
 
+msgid "Désallouer"
+msgstr "Deassign"
+
+msgid "Allouer"
+msgstr "Assign"
+
+#, fuzzy
+#| msgid "Liste des comptes"
+msgid "Pas de compte"
+msgstr "List of accounts"
+
+msgid "Profil personnel"
+msgstr "Personal profile"
+
+msgid "Nom d'utilisateur :"
+msgstr "Username :"
+
 msgid "Nom d'usage :"
 msgstr "Name in use:"
 
@@ -233,12 +275,6 @@ msgstr "Assigned VLAN"
 msgid "Gestion du VLAN"
 msgstr "VLAN management"
 
-msgid "Désallouer"
-msgstr "Deassign"
-
-msgid "Allouer"
-msgstr "Assign"
-
 msgid "Mon profil"
 msgstr "My profile"
 
@@ -263,15 +299,6 @@ msgstr "List of accounts"
 msgid "Interface d'administration"
 msgstr "Administration interface"
 
-msgid "<b>Veuillez créer un compte DGNum.</b>"
-msgstr "<b>Please create a DGNum account.</b>"
-
-msgid "<b>Veuillez générer un mot de passe Wi-Fi.</b>"
-msgstr "<b>Please generate a WiFi password.</b>"
-
-msgid "Compte DGNum inexistant."
-msgstr "No existing DGNum account."
-
 msgid "Mot de passe Wi-Fi généré avec succès."
 msgstr "Wi-Fi password generated successfully."
 
@@ -301,6 +328,20 @@ msgstr "ENS account category not permitted."
 msgid "Méthode de connexion invalide."
 msgstr "Invalid connection method."
 
+msgid ""
+"Si un compte correspondant à cette adresse e-mail est trouvée, un lien de "
+"connexion y sera envoyé."
+msgstr ""
+"If an account corresponding to this e-mail address is found, a connection "
+"link will be sent to it."
+
+msgid ""
+"Un e-mail a été envoyé à l'adresse renseignée si un compte y étant associé a "
+"été trouvé."
+msgstr ""
+"An e-mail has been sent to the address entered if an account associated with "
+"it has been found."
+
 msgid ""
 "Logiciel développé pour et par la <a href=\"https://dgnum.eu\">DGNum</a>."
 msgstr ""
@@ -315,6 +356,12 @@ msgstr "Login"
 msgid "Choix de la langue"
 msgstr "Language selection"
 
+msgid "Connexion par e-mail"
+msgstr "Login via e-mail"
+
+msgid "Envoyer un lien"
+msgstr "Send a link"
+
 msgid "Connexion via un compte tiers"
 msgstr "Connection via a third-party account"
 
@@ -358,6 +405,12 @@ msgstr "You are about to log in using a third-party account from %(provider)s."
 msgid "Continuer"
 msgstr "Continue"
 
+#~ msgid "Le VLAN {} est déjà attribué."
+#~ msgstr "The VLAN {} is already assigned."
+
+#~ msgid "Compte DGNum inexistant."
+#~ msgstr "No existing DGNum account."
+
 #, python-format
 #~ msgid "Profil de %(displayname)s"
 #~ msgstr "Profile of %(displayname)s"

From 9d52ce5bdf5fd36b404766ba1e354576937ecad8 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 2 Jun 2025 21:32:01 +0200
Subject: [PATCH 171/172] chore(link_form): Drop form=form

---
 src/shared/templates/account/link_form.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/templates/account/link_form.html b/src/shared/templates/account/link_form.html
index bcce732..50c988c 100644
--- a/src/shared/templates/account/link_form.html
+++ b/src/shared/templates/account/link_form.html
@@ -8,7 +8,7 @@
 
   <form method="post">
     {% csrf_token %}
-    {% include "bulma/form.html" with form=form %}
+    {% include "bulma/form.html" %}
 
     <button class="button is-fullwidth mt-6">
       <span class="icon"><i class="ti ti-mail-share"></i></span>

From fbf6385e65400802a3f9f75f7cd91d5c01373d1b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 2 Jun 2025 22:03:26 +0200
Subject: [PATCH 172/172] chore(vlan): Simplify management

We no longer rely on kanidm groups for attributing vlans
---
 src/dgsi/models.py | 58 ++++------------------------------------------
 1 file changed, 4 insertions(+), 54 deletions(-)

diff --git a/src/dgsi/models.py b/src/dgsi/models.py
index 12bd468..1d3da0f 100644
--- a/src/dgsi/models.py
+++ b/src/dgsi/models.py
@@ -17,7 +17,7 @@ from django.utils.translation import gettext_lazy as _
 from kanidm.exceptions import NoMatchingEntries
 from kanidm.models.person import Person
 
-from shared.kanidm import klient, sync_call
+from shared.kanidm import klient
 
 logger = logging.getLogger(__name__)
 
@@ -221,15 +221,9 @@ class User(AbstractUser):
 
     ###
     # VLAN attribution machinery
-    #
-    # NOTE: It is a bit cumbersome because we need to store the vlan_id
-    # information both in DG·SI and in Kanidm
-    # Now the question will be « Which is the source of truth ? »
-    # For now, I believe it has to be DG·SI, so a sync script will
-    # have to be run regularly.
 
     @transaction.atomic
-    def set_unique_vlan_id(self):
+    def register_unique_vlan(self):
         if self.vlan_id is not None:
             raise ValueError(_("Ce compte a déjà un VLAN associé"))
 
@@ -242,34 +236,8 @@ class User(AbstractUser):
             )
         )
 
-        # Preempt the vlan attribution
         self.save(update_fields=["vlan_id"])
 
-    @transaction.atomic
-    def register_unique_vlan(self) -> None:
-        self.set_unique_vlan_id()
-
-        group_name = f"vlan_{self.vlan_id}"
-
-        # Add the user to the group requested group
-        sync_call("group_add_members", group_name, [self.username])
-
-        # Check that we succeeded in setting a VLAN that is unique to the current user
-        group = sync_call("group_get", group_name)
-
-        if group.member == []:
-            # Something went wrong
-            self.vlan_id = None
-            self.save(update_fields=["vlan_id"])
-            raise RuntimeError("VLAN attribution failed")
-
-        if group.member != [f"{self.username}@sso.dgnum.eu"]:
-            # Remove the user from the group
-            sync_call("group_delete_members", group_name, [self.username])
-            self.vlan_id = None
-            self.save(update_fields=["vlan_id"])
-            raise RuntimeError("Duplicate VLAN attribution detected")
-
     def reclaim_vlan(self):
         if self.vlan_id is None:
             # Nothing to do, just return
@@ -278,26 +246,8 @@ class User(AbstractUser):
             )
             return
 
-        group_name = f"vlan_{self.vlan_id}"
-
-        sync_call("group_delete_members", group_name, [self.username])
-
-        # Check that the call succeeded
-        try:
-            group = sync_call("group_get", group_name)
-
-            if "{self.username}@sso.dgnum.eu" in group.member:
-                raise RuntimeError(
-                    f"Something went wrong in trying to reclaim vlan {self.vlan_id}"
-                )
-        except ValueError:
-            # The group does not exist apparently, keep going
-            logger.warning(
-                f"Reclaiming VLAN {self.vlan_id}, but the associated group does not exist."
-            )
-        finally:
-            self.vlan_id = None
-            self.save(update_fields=["vlan_id"])
+        self.vlan_id = None
+        self.save(update_fields=["vlan_id"])
 
     class Meta:
         constraints = [