entrouvert
/
authentic-old
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
1,391 Commits 1 Branch 0 Tags 4.9 MiB
Commit Graph

1391 Commits

Author SHA1 Message Date
Benjamin Dauvergne 81f9ed31a8 Support multivalued field for the LDAP backend 
This commit contains simplification for:
- filling of assertions with attributes
- creating human readable string for value of attribute to show in IHM
- building form widget for multivalued fields
- saving and retrieving multivalued fields from LDAP directories
 2010-09-16 15:11:24 +00:00
Benjamin Dauvergne c04fa01e48 [SAMLv2&ID-FF] add a generic function to add attributes to assertions 
This function should be used by SAMLv2 and ID-FFv1.2 to fill assertions.
 2010-09-16 15:11:21 +00:00
Benjamin Dauvergne 0593eada1b [Identities] make WidgetList encapsulate its content inside a div with class widget 
The WidgetList class from common overloaded render() forgetting the
container div that is normally around all form widgets, breaking simple
CSS rules.
 2010-09-16 15:11:18 +00:00
Benjamin Dauvergne 36c46048ba [Identities] fix bad reference to Ldap specific widgets 
Those widget are defined inside the LDAP store class, we need to refer
to them through self.
 2010-09-15 12:34:16 +00:00
Benjamin Dauvergne 061ddf4ca9 [Identities] add the dn to the attribute list for the user 
For LDAP authenticated user, we put the distinguished name inside an
attribute named dn.
 2010-09-15 12:34:12 +00:00
Benjamin Dauvergne dd3588b16c [Session] respect expectation of qommon toward get_user_object 
It must return None if no user is present, but not throw an exception
like KeyError.
 2010-08-26 17:46:15 +00:00
Benjamin Dauvergne c8d894984d [Identities] add constraint on the value of LDAP identity source parameters 
Those new constraint allows to be sure that string passed can really be
LDAP field names.
 2010-08-26 17:46:12 +00:00
Benjamin Dauvergne 4ccdbdf836 [Identities] add missing ldap.filter.escape_filter_chars 
All strings passed as field values must be escaped before being passed
to the LDAP server.
 2010-08-26 17:46:10 +00:00
Benjamin Dauvergne da54be18a7 [Identities] add uniqueness checking to LDAP store 
Fields wich must be unique are checked against other identities in the
LDAP database.

If existing values are found, all fields with a uniqueness constraint
are reported in the AlreadyExists() exception.
 2010-08-26 17:46:07 +00:00
Benjamin Dauvergne 16485da333 [Root] in registration allows store.add() to fail 
To permit add() to make uniqueness checking without breaking the
registration process, we moved it before sending the confirmation email,
it also try to use the AlreadExists() exception to put error message on
field names.
 2010-08-26 17:46:05 +00:00
Benjamin Dauvergne 50783dc7d5 [Identities] make init code of LDAP store more readable 2010-08-26 17:46:02 +00:00
Benjamin Dauvergne 3d85440bd1 [Identities] add multiple and unique flag to Field class 
- if a field is multiple it can handle multiple values, a WidgetList
  should be used to manipulate it.
- if a field is unique, at identity record creation, it must be checked
  for uniqueness.
 2010-08-26 17:45:59 +00:00
Benjamin Dauvergne 1142147ed6 [Schemas] add regexp validated string 2010-08-26 17:45:56 +00:00
Benjamin Dauvergne 15debdb3b2 [Translation] update 2010-08-26 17:45:53 +00:00
Benjamin Dauvergne 5164815a0e [Data] add list of top level domains from Mozilla (copied from w.c.s) 2010-08-26 17:45:49 +00:00
Benjamin Dauvergne 340301e076 [Root] when asking for a lost password, signal unknown identities 2010-07-29 11:25:23 +00:00
Benjamin Dauvergne 97abce25d2 [Identities LDAP] make identity checks works when unlogged 
get_identity_for_username and has_identity_with_username where not
working when unlogged because they did not use the administrative bind
parameters.
 2010-07-29 11:25:17 +00:00
Benjamin Dauvergne 20b82abc59 [Ctl] add options to limit number of child process and number of request per process 
- new option --max-children allows to define the maximum number of
   child process handling request (default is 5).
 - new option --max-request allows to define the maximum number of
   requests per child before they exit (default is infinite).
 2010-07-29 11:25:11 +00:00
Benjamin Dauvergne e284dcd35c [Root] in login_ssl fix bad type for string argument 2010-07-28 15:27:52 +00:00
Benjamin Dauvergne 34b8fff9b7 [Root] restore required status for login and username field on login page 
To work around problem of validtion of the login when URL parameters are
present, we reset the request.form field when current HTTP method is
GET.
 2010-07-28 15:27:49 +00:00
Benjamin Dauvergne 267015e4a0 [Identities] give a larger text input field for ldap_published_attributes 
This setting can be quite long.
 2010-07-28 15:27:45 +00:00
Benjamin Dauvergne 7bebff1c0c [Identities] do not overwirte Field.required when not in admin page 
admin_required apply only for the identity admin form.
 2010-07-28 15:27:42 +00:00
Benjamin Dauvergne fce2324d51 [Misc] use the imported parse_qsl (works with python 2.5 and 2.6) 
Do not acces it directly through the urlparse module.
 2010-07-28 12:12:16 +00:00
Benjamin Dauvergne 93f8696559 [Settings] fix exported_attributes field in new liberty provider form 
- When creating a new provider there is no pre-existing configuration,
  so default content for the field is the empty string.
- the field name is exported_attributes not 'Exported Attributes'
 2010-07-27 14:34:02 +00:00
Benjamin Dauvergne a8edfe97ea [Identities] add a LDAP implementation of the count method 
We try to be light by using the attrsOnly flag for the request.
 2010-07-23 14:11:59 +00:00
Benjamin Dauvergne c0635ac02b [Admin] add a pagination header 
It's a copy of the pagination footer.
 2010-07-23 14:11:56 +00:00
Benjamin Dauvergne 86c9ff7df3 [SAMLv2][ID-FFv12] reset relay_state to empty string if absent 2010-07-23 12:42:49 +00:00
Benjamin Dauvergne 95fa658586 [SAMLv2][ID-FFv12] fix wrong relaystate 
None is not a good value for the relaystate :(
 2010-07-23 12:39:22 +00:00
Benjamin Dauvergne 218a37c92b [SAMLv2] work around None values in the configuration for provider exported_attributes 2010-07-23 11:48:52 +00:00
Benjamin Dauvergne 68209be82b [Setup] remove data/liberty from directories to install 2010-07-23 11:48:48 +00:00
Benjamin Dauvergne 438a24dbab [Misc] only load provider of the other kind, and do not stop on error for one provider, log it 2010-07-20 13:37:51 +00:00
Benjamin Dauvergne ac2c999988 [Core] add work-around for module whose path changed 2010-07-20 08:52:15 +00:00
Benjamin Dauvergne 529a9470d2 [Forms] remove copy/pasted form module code, use most of qommon instead 
All the code of authentic.form is copy-pasted from qommon, so it is
better to use the qommon code. The major difference is the
implementation of _get_default_action which I prefer to keep from
quixote, as it helps with form URLs containing parameters.
 2010-07-19 12:11:41 +00:00
Benjamin Dauvergne 51a66f2d4f [Settings] add an exported attributes settings for each provider 2010-07-19 08:29:06 +00:00
Benjamin Dauvergne 9283b5a319 [LoginToken] verify if login token exists before checking its validity 2010-07-19 08:29:03 +00:00
Benjamin Dauvergne 18c0428e05 [LoginToken] move validation check into the get method, enfoce ignore_errors 
The raise KeyError() in the migrate method was going around expectation
of the StorableObject.get method toward migrate() methods producing
spurious runtime errors.
 2010-07-09 12:42:57 +00:00
Benjamin Dauvergne ba9be10a6f Fix double session writing when logging out from the current session 2010-07-05 21:21:17 +00:00
Benjamin Dauvergne e3199b67a4 [Cleaning] remove debugging print 2010-06-25 16:50:04 +00:00
Benjamin Dauvergne d760b9c7b3 [ID-FFv12&SAMLv2] set an authentication_instant in the session for proxied authentication 
Without it assertion building is broken.
 2010-06-25 16:50:01 +00:00
Benjamin Dauvergne 59ffac71f5 [Settings] fix bad handling of idff_proxy 2010-06-25 16:49:57 +00:00
Benjamin Dauvergne b82b0f782a [CAS] add method to create user id for CAS 2010-06-25 16:49:54 +00:00
Benjamin Dauvergne 6bc7446025 [CAS] add an uid_source setting 
Useful for LDAP storage, you can chooser whether to export the uid or
the dn.
 2010-06-25 16:49:51 +00:00
Benjamin Dauvergne 36cac4006e [Identities] fix get_identity_for_name_identifier around identity loading 2010-06-25 15:39:58 +00:00
Benjamin Dauvergne 662db7bc0e [Identities/LDAP] fix alpha_request_str when ldap_object_name is not simple 
ldap_object_name can be many attributes concatenated, only the first one
is used to build the prefix matching filter.
 2010-06-20 19:34:34 +00:00
Benjamin Dauvergne da912e5804 [CAS] report ticket id in ticket creation informative log 2010-06-20 19:10:17 +00:00
Benjamin Dauvergne ad8388f4a8 [CAS] add more logging 
Log login, validation, proxying, and proxy checks with parameters
recevied and failure reasons.
 2010-06-20 19:10:13 +00:00
Benjamin Dauvergne df5ca6beb2 [CAS] works with python-2.5 
The ssl module is missing with python-2.5 so no real certificate check
is possible. But better than nothing we can use urllib.URLopener which
supports HTTP urls.
 2010-06-20 19:10:10 +00:00
Benjamin Dauvergne a61249689e [Misc] do not skip same when building the server object 
That's the only thing forbidding us to use the same session for IdP and
SP mode.
 2010-06-20 19:10:06 +00:00
Benjamin Dauvergne 81259829e2 [Identities] Permit to concatenate fields to build the UI name 
In the field LDAP Object name attribute you can put a string like
'cn+sn' which would take the value of those two field and join them with
a space.
 2010-06-18 13:47:53 +00:00
Benjamin Dauvergne 53eaee2093 [Identities] move fields definition inside Identity store class 2010-06-18 12:44:48 +00:00