summaryrefslogtreecommitdiffstats
path: root/Changelog
blob: b6285d3d638894ff4661245792528cdcd6c714a5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
1.2.24
------

- fix bug in DefaultAdapter.provision_superuser when user has already
  is_superuser and is_staff set to True

1.2.23
------

- silence Django 1.10 deprecration warnings
- adapters: factorize user creation in lookup_user() (fixes #10164)
- trivial: move utils import
- django 1.9 adaptations
- tests: add test on SP initiated login
- views: change HTTP 400 message when no idp is found
- trivial: move lasso import
- tests: add tests on mellon.utils
- views: do not traceback in get_idp() when no idp is declared
- tests: remove unused variable
- add discovery service support (fixes #10111)
- move idp settings building in adapters
- adapters: improve logging during provisionning
- templates: fix default_assertion_consumer_binding check, use of = instead of ==
- app_settings: fix import of ImproperlyConfigured exception
- add support for Organization and ContactPerson elements in metadata (fixes #6656)
- templates: fix public key representation in metadata
- tests: add helper to check XML documents
- utils: fix iso8601_to_datetime, make_naive amd make_aware need a timezone parameter
- utils: fix flatten_datetime, isoformat() already add a timezone if needed
- store cached metadata in settings
- do not pass strings contening null characters to Lasso, return 400 or ignore (fixes #8939)
- add tox.ini to test on django 1.7, 1.8, 1.9 and with sqlite and pg
- report lasso error at debug level
- log errors when loading IdP metadata instead of throwing a traceback (fixes #9745)
- fix concurrency error when creating new users (fixes #9965)

1.2.22
------

- reset is_staff when superuser mapping fails (fixes #9736)
- implement session_not_on_or_after using new session engines (fixes #9640)
- use dateutil to parse datetime strings (#9640)
- utils: return naive datetime if USE_TZ=False (fixes #9521)

1.2.21
------

- setup.py: hide DJANGO_SETTINGS_MODULE value when calling compilemessages
- do not flatten attributes inplace, and convert expiry to seconds (fixes #9359)
- adapters: prevent collision in provision_groups() (fixes #9327)

1.2.20
------

- middleware: handle process_view (#9131)

1.2.19
------

- middleware: do not apply autologin to mellon views (fixes #9131)

1.2.18
------

- middleware: disallow passive authentication when no IdP is found (fixes #8123)
- Revert "views: add an iframe mode to the login view"
- add PassiveAuthenticationMiddleware using a common domain cookie (fixes #8123)
- views: add an iframe mode to the login view

1.2.17
-----

- truncate attribute when setting user fields
- handle status is not success errors
- use requests for HTTP retrieval of metadata
- use lasso thin-sessions
- add setting MELLON_VERIFY_SSL_CERTIFICATE
- improve logs in SAML artifact error paths
- improve logout logs
- handle artifact response as a byte string
- do not store a name_id_name_qualifier or name_id_sp_name_qualifier when they are absent

1.2.16
------

- Add south migrations for pre Django 1.7 support

1.2.15
------

- authentication_failed.html: show the StatusMessage to the user if there is
  one
- add a Changelog
- app_settings,views: make the default assertion consumer binding customizable
  (#7406)
- setup.py,MANIFEST.in: include the VERSION file in distribution
- setup.py: requests is an install_requires not a setup_requires
- templates: make HTTP-Artifact the default binding for SSO
- add support for artifact GET protocol binding (#7267)
- adapters: fix DefaultAdapter.get_idp(), idp['ENTITY_ID'] is a string not a list
- Revert "templates: make HTTP-Artifact the default binding for SSO"
- views: in sso_failure() the call to self.get_id() could never work, replace
  by utils.get_idp()
- utils: add a default return value to utils.get_idp()
- templates: make HTTP-Artifact the default binding for SSO
- views: fix setting of isPassive and forceAuthn (fixes #7100)
- tests: adapt to usernames cut at 30 characters
- Limit username to 30 characters for now (#7085)
- tests: initial adapter tests
- doc: fix title level for some configuration variables
- add a model to store user<->NameID mapping (#7085)
- Prepare for adding tests
- Support encryption
- login view refactored (#6801)

1.2.14
------

- Fix include of base.html in mellon/base.html

1.2.13
------

- Add missing mellon/base.html
- save provisioned users (#6667)

1.2.12
------

- Set version only from git tags
- set login.msgRelayState to the value from POST (#6384)
- Allow getting metadata of IdP by doing an HTTP GET
- Always use adapters to get to IdP settings

1.2.11
------

- mellon/views.py: store and load the liberty session dump for slo
- adapters: force template string to be unicode as attributes are values
- README: fix patterns when including urls
- urls: fix error in pattern, includable patterns must not start with a

1.2.10
------

- Add a mellon/base.html template to make an indirection between mellon
  templates and the project base.html template (#6301)

1.2.9
-----

- bug fixed on Lasso session data generation
- AuthnRequest now contains the AllowCreate flag