entrouvert
/
authentic-old
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
1,360 Commits 1 Branch 0 Tags 4.9 MiB
Commit Graph

194 Commits

Author SHA1 Message Date
Benjamin Dauvergne ba7609030e [root] mail to simple users should be synchronous 2011-05-06 14:32:01 +00:00
Benjamin Dauvergne 5e731089ee [lost_password] when a new password is generated state it in the lost password view 2011-02-01 12:58:34 +00:00
Benjamin Dauvergne 8c65f982d0 [root] redirect user to homepage when trying to access the login page 
To see the login page, one of theses conditions must be met:
 - no user logged
 - a LoginToken is present in the URL and the corresponding object
   exists
 2011-01-28 13:46:36 +00:00
Benjamin Dauvergne 3f29e2430b [root] expire session when logging in 
This prevent session fixation attacks. To make it work we had to move
the call to the method init_session() from the identity store backend.
 2011-01-27 13:40:57 +00:00
Benjamin Dauvergne 9385fd3d3d [root] add service to the field passed to email templates 
Now you can personnalize email notifications with respect to the
requesting service.
 2011-01-27 13:40:51 +00:00
Benjamin Dauvergne 3b26ca2b0b [ssl] fix error message in the login_ssl view 2011-01-14 21:46:28 +00:00
Benjamin Dauvergne b52f66596f Fix double password generation 2011-01-01 09:25:28 +00:00
Benjamin Dauvergne 32d7bb41fd [root] verify that the password is not hashed before sending it 2010-12-17 09:18:41 +00:00
Benjamin Dauvergne 8b39224664 [authentic root] log email errors as errors not warnings 2010-12-06 10:35:32 +00:00
Benjamin Dauvergne 244cacd32e [authentic root] change_password form does not need multipart/form-data encoding 2010-12-06 10:35:15 +00:00
Benjamin Dauvergne 97a639f2b2 Restore URL parameters in request.form for login,update_info and change_password pages 2010-12-01 17:02:41 +00:00
Benjamin Dauvergne 6bbb84bce4 Add the possibility to redirect to another URL when accessing the homepage 2010-12-01 15:45:20 +00:00
Benjamin Dauvergne 4dae7ad504 Add a setting to remove the federations management user page 2010-12-01 15:45:06 +00:00
Benjamin Dauvergne 2a09ef6694 [root] change the forgot-password default email text for also sending the login name for the targetted account 2010-11-30 15:29:22 +00:00
Benjamin Dauvergne 97eb3b4a6d [root] update the password-email mail content text hint about accessible variables 2010-11-30 15:29:19 +00:00
Benjamin Dauvergne d36caacff8 [root] add logging for use of the lost identifiers form, log the given email 2010-11-30 15:29:16 +00:00
Benjamin Dauvergne 7b8d83980e [root] add the identity id to the logging message for the user profile update page 2010-11-30 15:29:13 +00:00
Benjamin Dauvergne 75ef0c6abd [root] add logging when the lost password procedure fails 2010-11-30 15:29:10 +00:00
Benjamin Dauvergne 01e3632607 [root] remove logging of access to the lost password page 2010-11-30 15:29:07 +00:00
Benjamin Dauvergne 90887bccd3 [root&identitities] add regexp validation to username input box in the registration page 
The validation regexp defaults to [a-zA-Z0-0]+, it can be overloaded by identity
store classes.
 2010-11-30 15:28:59 +00:00
Benjamin Dauvergne dda651e393 [identities&root] delegate to the store class the effective generation of the password 
It allows subclasses to change the password generation algoritm.
This commit also add a new password configuration flag to force regeneration
of the password when reminding an user of its password even if it is stored
clear.
 2010-11-30 15:28:56 +00:00
Benjamin Dauvergne 8328c8f489 Make change_password handle returnURL and referer 2010-11-26 23:08:50 +00:00
Benjamin Dauvergne f1dbfa1b6c [root] hash also passwords set by the user 2010-11-23 12:46:55 +00:00
Benjamin Dauvergne a94506a4a0 [root] log new password when user asks for their password and a new one is generated 2010-11-23 12:46:52 +00:00
Benjamin Dauvergne 79763a3592 Report when an identifier match more thant one account in the forgot_password view 2010-11-19 11:52:24 +00:00
Benjamin Dauvergne 677d51eec8 add email to logging message for lost password mail 2010-11-18 16:45:53 +00:00
Benjamin Dauvergne 742640abab remove debug print 2010-11-16 15:10:54 +00:00
Benjamin Dauvergne 53808b966c [root] add a forgot_identifier page, to get back you identifiers from your email 2010-11-16 15:10:47 +00:00
Benjamin Dauvergne c465f8a740 Preserve the query in the LoginToken to reduce length of URL 
Also make the cancel button rework.
 2010-11-09 14:59:41 +00:00
Benjamin Dauvergne 49603dc411 Add proper error message when unable to send a new password 2010-11-02 16:48:33 +00:00
Benjamin Dauvergne 21565f2797 [root] move call to pre_registration_callback before the call to add the new identity 2010-10-08 16:00:33 +00:00
Benjamin Dauvergne 81f9ed31a8 Support multivalued field for the LDAP backend 
This commit contains simplification for:
- filling of assertions with attributes
- creating human readable string for value of attribute to show in IHM
- building form widget for multivalued fields
- saving and retrieving multivalued fields from LDAP directories
 2010-09-16 15:11:24 +00:00
Benjamin Dauvergne 16485da333 [Root] in registration allows store.add() to fail 
To permit add() to make uniqueness checking without breaking the
registration process, we moved it before sending the confirmation email,
it also try to use the AlreadExists() exception to put error message on
field names.
 2010-08-26 17:46:05 +00:00
Benjamin Dauvergne 340301e076 [Root] when asking for a lost password, signal unknown identities 2010-07-29 11:25:23 +00:00
Benjamin Dauvergne e284dcd35c [Root] in login_ssl fix bad type for string argument 2010-07-28 15:27:52 +00:00
Benjamin Dauvergne 34b8fff9b7 [Root] restore required status for login and username field on login page 
To work around problem of validtion of the login when URL parameters are
present, we reset the request.form field when current HTTP method is
GET.
 2010-07-28 15:27:49 +00:00
Benjamin Dauvergne 529a9470d2 [Forms] remove copy/pasted form module code, use most of qommon instead 
All the code of authentic.form is copy-pasted from qommon, so it is
better to use the qommon code. The major difference is the
implementation of _get_default_action which I prefer to keep from
quixote, as it helps with form URLs containing parameters.
 2010-07-19 12:11:41 +00:00
Benjamin Dauvergne 53eaee2093 [Identities] move fields definition inside Identity store class 2010-06-18 12:44:48 +00:00
Benjamin Dauvergne 8fe398f125 Fix bad markup in UI strings 2010-06-07 11:41:29 +00:00
Benjamin Dauvergne 57c96ec176 Identities: add an administrators() method to the store class 2010-05-20 12:46:39 +00:00
Benjamin Dauvergne 841553a5f5 RootDirectory: add a password parameter to email_password 
* When the password is hashed we must send the original unhashed password
   so we pass it as a parameter to email_password.
 2010-05-20 00:24:38 +00:00
Benjamin Dauvergne 3f5cd43763 Add support for hashed passwords 
* We no support password stored as a hash following the RFC 2307
   standard (as LDAP), i.e. like this:

     {hash-scheme}hash

 * When a user asks for his password and the password is hashed, we
   regenerate it (there is no other way).
 2010-05-20 00:24:15 +00:00
Benjamin Dauvergne 6486f91bef RootDirectory: add a link to the admin section on the home page 2010-05-20 00:24:07 +00:00
Benjamin Dauvergne 14436bce4e RootDirectory: in login_success() move redirect_to_after_url after redirect_to_return_url 2010-05-20 00:24:03 +00:00
Benjamin Dauvergne c48c22b2b2 RootDirectory: add an admin flag to the text for the home page 2010-05-20 00:23:58 +00:00
Benjamin Dauvergne 4dda19d662 Add paragraph on simple email reminder, fix configuration tree about it 2010-05-20 00:23:40 +00:00
Benjamin Dauvergne 4e4a5a4f12 RootDirectory login: show proxying combo box when IdP is configured 
* It's useless to show an empty combo box.
 2010-05-20 00:23:29 +00:00
Benjamin Dauvergne 548c214673 RootDirectory associateCertifiate: do not explicitely save the session 2010-05-20 00:23:09 +00:00
Benjamin Dauvergne 5b00815d27 Remove commented code 2010-05-20 00:23:05 +00:00
Benjamin Dauvergne c4f66109bd RootDirectory login: add LoginToken initialization 
* When a login success we add authentication method and user id to the
   LoginToken.
   When a login fails or is cancelled we mark the authentication flag as
   False in the login token.
 2010-05-20 00:23:01 +00:00