82 lines
2.8 KiB
Markdown
82 lines
2.8 KiB
Markdown
# Setup steps for Production
|
|
|
|
## Shop Product
|
|
|
|
In Django Shop App, create new products (Products model) that should be available in the shop.
|
|
Products:
|
|
|
|
- `vv-de` Price 30000 (300_00 -> 300.00 CHF), name & description can be anything.
|
|
- ONLY if `COURSE_VERSICHERUNGSVERMITTLERIN_ID` exists!
|
|
- `vv-fr` Price 30000 (300_00 -> 300.00 CHF), name & description can be anything.
|
|
- ONLY if `COURSE_VERSICHERUNGSVERMITTLERIN_ID_FR` exists!
|
|
- `vv-it` Price 30000 (300_00 -> 300.00 CHF), name & description can be anything.
|
|
- ONLY if `COURSE_VERSICHERUNGSVERMITTLERIN_ID_IT` exists!
|
|
|
|
## Datatrans
|
|
|
|
- Set `DATATRANS_BASIC_AUTH_KEY`:
|
|
- https://admin.sandbox.datatrans.com/MenuDispatch.jsp?main=1&sub=4
|
|
- `echo -n "{merchantid}:{password}" | base64`
|
|
|
|
- Set `DATATRANS_HMAC_KEY`:
|
|
- https://admin.sandbox.datatrans.com/MerchSecurAdmin.jsp
|
|
|
|
- Ensure that the webhook is set up correctly by Datatrans:
|
|
- Be default transitions from `initialized` to `failed` do not trigger the webhook.
|
|
- Edgecase: When user starts a datatrans payment and then closes the browser, the payment will be
|
|
in `initialized`
|
|
state forever. -> That's why we need the webhook for `initialized` -> `failed` transitions.
|
|
- This can and needs to be enabled by datatrans (according to Mario from datatrans).
|
|
- Livio 21.11.23: Mario promised to enable it,
|
|
- Livio 27.11.23. Not yet enabled for the sandbox. -> Followed up!
|
|
- Livio: TODO still not enabled. Follow up again!
|
|
|
|
### Production / "going live"
|
|
|
|
For Production: We use the proper production datatrans endpoint!
|
|
|
|
1. Coordinate with datatrans to get production account.
|
|
2. Set `DATATRANS_BASIC_AUTH_KEY` and `DATATRANS_HMAC_KEY` to the production values (see above).
|
|
3. Ensure that the webhook is set up correctly by Datatrans (see above).
|
|
|
|
## OAUTH
|
|
|
|
Make sure that the following env vars are set:
|
|
|
|
### Azure B2C
|
|
|
|
- Set `OAUTH_SIGNUP_CLIENT_ID`
|
|
- Set `OAUTH_SIGNUP_CLIENT_SECRET`
|
|
- Set `OAUTH_SIGNUP_SERVER_METADATA_URL` (.well-known/openid-configuration)
|
|
- Set `OAUTH_SIGNUP_TENANT_ID`
|
|
|
|
### Keycloak
|
|
|
|
- Set `OAUTH_SIGNIN_CLIENT_ID`
|
|
- Set `OAUTH_SIGNIN_CLIENT_SECRET`
|
|
- Set `OAUTH_SIGNIN_SERVER_METADATA_URL` (.well-known/openid-configuration)
|
|
|
|
### Redirect URIs
|
|
|
|
- Set `OAUTH_SIGNUP_REDIRECT_URI` (`.../sso/login` e.g. `https://myvbv-stage.iterativ.ch/sso/login`)
|
|
- Set `OAUTH_SIGNIN_REDIRECT_URI` (`.../sso/callback` e.g. `https://myvbv-stage.iterativ.ch/sso/callback`)
|
|
|
|
### Frontend:
|
|
|
|
- Update `VITE_OAUTH_API_BASE_URL` in `caprover_deploy.sh` for production.
|
|
- Should be the SSO Prod one from Lernnetz.
|
|
|
|
### Cleanup
|
|
|
|
After everything runs fine, we should be able to remove the following env vars:
|
|
|
|
1. `IT_OAUTH_TENANT_ID`
|
|
2. `IT_OAUTH_CLIENT_NAME`
|
|
3. `IT_OAUTH_CLIENT_ID`
|
|
4. `IT_OAUTH_CLIENT_SECRET`
|
|
5. `IT_OAUTH_API_BASE_URL`
|
|
6. `IT_OAUTH_LOCAL_REDIRECT_URI`
|
|
7. `IT_OAUTH_SERVER_METADATA_URL`
|
|
8. `IT_OAUTH_SCOPE`
|
|
|