Benjamin Dauvergne
81f9ed31a8
Support multivalued field for the LDAP backend
...
This commit contains simplification for:
- filling of assertions with attributes
- creating human readable string for value of attribute to show in IHM
- building form widget for multivalued fields
- saving and retrieving multivalued fields from LDAP directories
2010-09-16 15:11:24 +00:00
Benjamin Dauvergne
c04fa01e48
[SAMLv2&ID-FF] add a generic function to add attributes to assertions
...
This function should be used by SAMLv2 and ID-FFv1.2 to fill assertions.
2010-09-16 15:11:21 +00:00
Benjamin Dauvergne
0593eada1b
[Identities] make WidgetList encapsulate its content inside a div with class widget
...
The WidgetList class from common overloaded render() forgetting the
container div that is normally around all form widgets, breaking simple
CSS rules.
2010-09-16 15:11:18 +00:00
Benjamin Dauvergne
36c46048ba
[Identities] fix bad reference to Ldap specific widgets
...
Those widget are defined inside the LDAP store class, we need to refer
to them through self.
2010-09-15 12:34:16 +00:00
Benjamin Dauvergne
061ddf4ca9
[Identities] add the dn to the attribute list for the user
...
For LDAP authenticated user, we put the distinguished name inside an
attribute named dn.
2010-09-15 12:34:12 +00:00
Benjamin Dauvergne
dd3588b16c
[Session] respect expectation of qommon toward get_user_object
...
It must return None if no user is present, but not throw an exception
like KeyError.
2010-08-26 17:46:15 +00:00
Benjamin Dauvergne
c8d894984d
[Identities] add constraint on the value of LDAP identity source parameters
...
Those new constraint allows to be sure that string passed can really be
LDAP field names.
2010-08-26 17:46:12 +00:00
Benjamin Dauvergne
4ccdbdf836
[Identities] add missing ldap.filter.escape_filter_chars
...
All strings passed as field values must be escaped before being passed
to the LDAP server.
2010-08-26 17:46:10 +00:00
Benjamin Dauvergne
da54be18a7
[Identities] add uniqueness checking to LDAP store
...
Fields wich must be unique are checked against other identities in the
LDAP database.
If existing values are found, all fields with a uniqueness constraint
are reported in the AlreadyExists() exception.
2010-08-26 17:46:07 +00:00
Benjamin Dauvergne
16485da333
[Root] in registration allows store.add() to fail
...
To permit add() to make uniqueness checking without breaking the
registration process, we moved it before sending the confirmation email,
it also try to use the AlreadExists() exception to put error message on
field names.
2010-08-26 17:46:05 +00:00
Benjamin Dauvergne
50783dc7d5
[Identities] make init code of LDAP store more readable
2010-08-26 17:46:02 +00:00
Benjamin Dauvergne
3d85440bd1
[Identities] add multiple and unique flag to Field class
...
- if a field is multiple it can handle multiple values, a WidgetList
should be used to manipulate it.
- if a field is unique, at identity record creation, it must be checked
for uniqueness.
2010-08-26 17:45:59 +00:00
Benjamin Dauvergne
1142147ed6
[Schemas] add regexp validated string
2010-08-26 17:45:56 +00:00
Benjamin Dauvergne
15debdb3b2
[Translation] update
2010-08-26 17:45:53 +00:00
Benjamin Dauvergne
5164815a0e
[Data] add list of top level domains from Mozilla (copied from w.c.s)
2010-08-26 17:45:49 +00:00
Benjamin Dauvergne
340301e076
[Root] when asking for a lost password, signal unknown identities
2010-07-29 11:25:23 +00:00
Benjamin Dauvergne
97abce25d2
[Identities LDAP] make identity checks works when unlogged
...
get_identity_for_username and has_identity_with_username where not
working when unlogged because they did not use the administrative bind
parameters.
2010-07-29 11:25:17 +00:00
Benjamin Dauvergne
20b82abc59
[Ctl] add options to limit number of child process and number of request per process
...
- new option --max-children allows to define the maximum number of
child process handling request (default is 5).
- new option --max-request allows to define the maximum number of
requests per child before they exit (default is infinite).
2010-07-29 11:25:11 +00:00
Benjamin Dauvergne
e284dcd35c
[Root] in login_ssl fix bad type for string argument
2010-07-28 15:27:52 +00:00
Benjamin Dauvergne
34b8fff9b7
[Root] restore required status for login and username field on login page
...
To work around problem of validtion of the login when URL parameters are
present, we reset the request.form field when current HTTP method is
GET.
2010-07-28 15:27:49 +00:00
Benjamin Dauvergne
267015e4a0
[Identities] give a larger text input field for ldap_published_attributes
...
This setting can be quite long.
2010-07-28 15:27:45 +00:00
Benjamin Dauvergne
7bebff1c0c
[Identities] do not overwirte Field.required when not in admin page
...
admin_required apply only for the identity admin form.
2010-07-28 15:27:42 +00:00
Benjamin Dauvergne
fce2324d51
[Misc] use the imported parse_qsl (works with python 2.5 and 2.6)
...
Do not acces it directly through the urlparse module.
2010-07-28 12:12:16 +00:00
Benjamin Dauvergne
93f8696559
[Settings] fix exported_attributes field in new liberty provider form
...
- When creating a new provider there is no pre-existing configuration,
so default content for the field is the empty string.
- the field name is exported_attributes not 'Exported Attributes'
2010-07-27 14:34:02 +00:00
Benjamin Dauvergne
a8edfe97ea
[Identities] add a LDAP implementation of the count method
...
We try to be light by using the attrsOnly flag for the request.
2010-07-23 14:11:59 +00:00
Benjamin Dauvergne
c0635ac02b
[Admin] add a pagination header
...
It's a copy of the pagination footer.
2010-07-23 14:11:56 +00:00
Benjamin Dauvergne
86c9ff7df3
[SAMLv2][ID-FFv12] reset relay_state to empty string if absent
2010-07-23 12:42:49 +00:00
Benjamin Dauvergne
95fa658586
[SAMLv2][ID-FFv12] fix wrong relaystate
...
None is not a good value for the relaystate :(
2010-07-23 12:39:22 +00:00
Benjamin Dauvergne
218a37c92b
[SAMLv2] work around None values in the configuration for provider exported_attributes
2010-07-23 11:48:52 +00:00
Benjamin Dauvergne
68209be82b
[Setup] remove data/liberty from directories to install
2010-07-23 11:48:48 +00:00
Benjamin Dauvergne
438a24dbab
[Misc] only load provider of the other kind, and do not stop on error for one provider, log it
2010-07-20 13:37:51 +00:00
Benjamin Dauvergne
ac2c999988
[Core] add work-around for module whose path changed
2010-07-20 08:52:15 +00:00
Benjamin Dauvergne
529a9470d2
[Forms] remove copy/pasted form module code, use most of qommon instead
...
All the code of authentic.form is copy-pasted from qommon, so it is
better to use the qommon code. The major difference is the
implementation of _get_default_action which I prefer to keep from
quixote, as it helps with form URLs containing parameters.
2010-07-19 12:11:41 +00:00
Benjamin Dauvergne
51a66f2d4f
[Settings] add an exported attributes settings for each provider
2010-07-19 08:29:06 +00:00
Benjamin Dauvergne
9283b5a319
[LoginToken] verify if login token exists before checking its validity
2010-07-19 08:29:03 +00:00
Benjamin Dauvergne
18c0428e05
[LoginToken] move validation check into the get method, enfoce ignore_errors
...
The raise KeyError() in the migrate method was going around expectation
of the StorableObject.get method toward migrate() methods producing
spurious runtime errors.
2010-07-09 12:42:57 +00:00
Benjamin Dauvergne
ba9be10a6f
Fix double session writing when logging out from the current session
2010-07-05 21:21:17 +00:00
Benjamin Dauvergne
e3199b67a4
[Cleaning] remove debugging print
2010-06-25 16:50:04 +00:00
Benjamin Dauvergne
d760b9c7b3
[ID-FFv12&SAMLv2] set an authentication_instant in the session for proxied authentication
...
Without it assertion building is broken.
2010-06-25 16:50:01 +00:00
Benjamin Dauvergne
59ffac71f5
[Settings] fix bad handling of idff_proxy
2010-06-25 16:49:57 +00:00
Benjamin Dauvergne
b82b0f782a
[CAS] add method to create user id for CAS
2010-06-25 16:49:54 +00:00
Benjamin Dauvergne
6bc7446025
[CAS] add an uid_source setting
...
Useful for LDAP storage, you can chooser whether to export the uid or
the dn.
2010-06-25 16:49:51 +00:00
Benjamin Dauvergne
36cac4006e
[Identities] fix get_identity_for_name_identifier around identity loading
2010-06-25 15:39:58 +00:00
Benjamin Dauvergne
662db7bc0e
[Identities/LDAP] fix alpha_request_str when ldap_object_name is not simple
...
ldap_object_name can be many attributes concatenated, only the first one
is used to build the prefix matching filter.
2010-06-20 19:34:34 +00:00
Benjamin Dauvergne
da912e5804
[CAS] report ticket id in ticket creation informative log
2010-06-20 19:10:17 +00:00
Benjamin Dauvergne
ad8388f4a8
[CAS] add more logging
...
Log login, validation, proxying, and proxy checks with parameters
recevied and failure reasons.
2010-06-20 19:10:13 +00:00
Benjamin Dauvergne
df5ca6beb2
[CAS] works with python-2.5
...
The ssl module is missing with python-2.5 so no real certificate check
is possible. But better than nothing we can use urllib.URLopener which
supports HTTP urls.
2010-06-20 19:10:10 +00:00
Benjamin Dauvergne
a61249689e
[Misc] do not skip same when building the server object
...
That's the only thing forbidding us to use the same session for IdP and
SP mode.
2010-06-20 19:10:06 +00:00
Benjamin Dauvergne
81259829e2
[Identities] Permit to concatenate fields to build the UI name
...
In the field LDAP Object name attribute you can put a string like
'cn+sn' which would take the value of those two field and join them with
a space.
2010-06-18 13:47:53 +00:00
Benjamin Dauvergne
53eaee2093
[Identities] move fields definition inside Identity store class
2010-06-18 12:44:48 +00:00