entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

misc: squash all migrations (#40685) 

The process was:
* unset settings.AUTH_USER_MODEL to prevent dependency from
  django.contrib.auth toward authentic2.custom_user,
* run "makemigrations --replace-all --name replace",
* remove old migrations,
* reset settings.AUTH_USER_MODEL.
This commit is contained in:
Benjamin Dauvergne 2023-12-14 22:23:29 +01:00
parent a69db02eec
commit 56eea91946
17 changed files with 3649 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
src/authentic2/a2_rbac/migrations/0038_replace.py Normal file
View File

@ -0,0 +1,286 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.contrib.postgres.fields
import django.core.validators
import django.db.models.deletion
from django.db import migrations, models
import authentic2.a2_rbac.fields
import authentic2.a2_rbac.utils
import authentic2.validators
class Migration(migrations.Migration):
replaces = [
('a2_rbac', '0001_initial'),
('a2_rbac', '0002_role_external_id'),
('a2_rbac', '0003_partial_unique_index_on_name_and_slug'),
('a2_rbac', '0004_auto_20150523_0028'),
('a2_rbac', '0005_auto_20150526_1406'),
('a2_rbac', '0006_auto_20150619_1056'),
('a2_rbac', '0007_auto_20150708_1337'),
('a2_rbac', '0008_auto_20150810_1953'),
('a2_rbac', '0009_partial_unique_index_on_permission'),
('a2_rbac', '0010_auto_20160209_1417'),
('a2_rbac', '0011_auto_20160209_1511'),
('a2_rbac', '0013_auto_20170629_0007'),
('a2_rbac', '0014_auto_20170711_1024'),
('a2_rbac', '0015_organizationalunit_validate_emails'),
('a2_rbac', '0016_auto_20171208_1429'),
('a2_rbac', '0017_organizationalunit_user_can_reset_password'),
('a2_rbac', '0018_organizationalunit_user_add_password_policy'),
('a2_rbac', '0019_organizationalunit_show_username'),
('a2_rbac', '0020_partial_unique_index_on_name'),
('a2_rbac', '0021_auto_20200317_1514'),
('a2_rbac', '0022_auto_20200402_1101'),
('a2_rbac', '0023_role_can_manage_members'),
('a2_rbac', '0024_fix_self_admin_perm'),
('a2_rbac', '0025_auto_20210622_1132'),
('a2_rbac', '0026_add_roleparenting_soft_delete'),
('a2_rbac', '0026_organizationalunit_check_required_on_login_attributes'),
('a2_rbac', '0027_auto_20211213_0949'),
('a2_rbac', '0027_auto_20220331_1521'),
('a2_rbac', '0028_ou_home_url'),
('a2_rbac', '0029_use_unique_constraints'),
('a2_rbac', '0030_organizationalunit_min_password_strength'),
('a2_rbac', '0031_new_operation_model'),
('a2_rbac', '0032_copy_operations_data'),
('a2_rbac', '0033_remove_old_operation_fk'),
('a2_rbac', '0034_new_role_fields'),
('a2_rbac', '0035_populate_role_fields'),
('a2_rbac', '0036_delete_roleattribute'),
('a2_rbac', '0037_remove_organizationalunit_min_password_strength'),
]
initial = True
dependencies = [
('contenttypes', '0002_remove_content_type_name'),
]
operations = [
migrations.CreateModel(
name='Operation',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('slug', models.CharField(max_length=32, unique=True, verbose_name='slug')),
],
),
migrations.CreateModel(
name='OrganizationalUnit',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'uuid',
models.CharField(
default=authentic2.a2_rbac.utils.get_hex_uuid,
max_length=32,
unique=True,
verbose_name='uuid',
),
),
('name', models.CharField(max_length=256, verbose_name='name')),
('slug', models.SlugField(max_length=256, verbose_name='slug')),
('description', models.TextField(blank=True, verbose_name='description')),
(
'username_is_unique',
models.BooleanField(blank=True, default=False, verbose_name='Username is unique'),
),
(
'email_is_unique',
models.BooleanField(blank=True, default=False, verbose_name='Email is unique'),
),
(
'default',
authentic2.a2_rbac.fields.UniqueBooleanField(verbose_name='Default organizational unit'),
),
(
'validate_emails',
models.BooleanField(blank=True, default=False, verbose_name='Validate emails'),
),
(
'show_username',
models.BooleanField(blank=True, default=True, verbose_name='Show username'),
),
(
'check_required_on_login_attributes',
models.BooleanField(
blank=True, default=True, verbose_name='Check required on login attributes'
),
),
(
'user_can_reset_password',
models.BooleanField(
blank=True,
choices=[(None, 'System default'), (True, 'Yes'), (False, 'No')],
default=None,
null=True,
verbose_name='Users can reset password',
),
),
(
'user_add_password_policy',
models.IntegerField(
choices=[(0, 'Send reset link'), (1, 'Manual password definition')],
default=0,
verbose_name='User creation password policy',
),
),
(
'clean_unused_accounts_alert',
models.PositiveIntegerField(
blank=True,
default=730,
null=True,
validators=[
django.core.validators.MinValueValidator(
30,
'Ensure that this value is greater than 30 days, or leave blank for deactivating.',
)
],
verbose_name='Days after which the user receives an account deletion alert',
),
),
(
'clean_unused_accounts_deletion',
models.PositiveIntegerField(
blank=True,
default=760,
null=True,
validators=[
django.core.validators.MinValueValidator(
30,
'Ensure that this value is greater than 30 days, or leave blank for deactivating.',
)
],
verbose_name='Delay in days before cleaning unused accounts',
),
),
('home_url', models.URLField(blank=True, max_length=256, null=True, verbose_name='Home URL')),
('logo', models.ImageField(blank=True, upload_to='services/logos', verbose_name='Logo')),
(
'colour',
models.CharField(
blank=True,
max_length=32,
null=True,
validators=[authentic2.validators.HexaColourValidator()],
verbose_name='Colour',
),
),
],
options={
'verbose_name': 'organizational unit',
'verbose_name_plural': 'organizational units',
'ordering': ('name',),
},
),
migrations.CreateModel(
name='Permission',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('target_id', models.PositiveIntegerField()),
],
options={
'verbose_name': 'permission',
'verbose_name_plural': 'permissions',
},
),
migrations.CreateModel(
name='Role',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'uuid',
models.CharField(
default=authentic2.a2_rbac.utils.get_hex_uuid,
max_length=32,
unique=True,
verbose_name='uuid',
),
),
('slug', models.SlugField(max_length=256, verbose_name='slug')),
('description', models.TextField(blank=True, verbose_name='description')),
('name', models.TextField(verbose_name='name')),
('details', models.TextField(blank=True, verbose_name='Role details (frontoffice)')),
(
'emails',
django.contrib.postgres.fields.ArrayField(
base_field=models.EmailField(max_length=254), default=list, size=None
),
),
('emails_to_members', models.BooleanField(default=True, verbose_name='Emails to members')),
('is_superuser', models.BooleanField(default=False)),
(
'admin_scope_id',
models.PositiveIntegerField(
blank=True, null=True, verbose_name='administrative scope id'
),
),
('external_id', models.TextField(blank=True, db_index=True, verbose_name='external id')),
(
'can_manage_members',
models.BooleanField(default=True, verbose_name='Allow adding or deleting role members'),
),
(
'admin_scope_ct',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='contenttypes.contenttype',
verbose_name='administrative scope content type',
),
),
],
options={
'verbose_name': 'role',
'verbose_name_plural': 'roles',
'ordering': ('ou', 'service', 'name'),
},
),
migrations.CreateModel(
name='RoleParenting',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('direct', models.BooleanField(blank=True, default=True)),
('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
('deleted', models.DateTimeField(null=True, verbose_name='Deletion date')),
(
'child',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='parent_relation',
to='a2_rbac.role',
),
),
(
'parent',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='child_relation',
to='a2_rbac.role',
),
),
],
options={
'verbose_name': 'role parenting relation',
'verbose_name_plural': 'role parenting relations',
},
),
]

209
src/authentic2/a2_rbac/migrations/0039_replace.py Normal file
View File

@ -0,0 +1,209 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [
('a2_rbac', '0001_initial'),
('a2_rbac', '0002_role_external_id'),
('a2_rbac', '0003_partial_unique_index_on_name_and_slug'),
('a2_rbac', '0004_auto_20150523_0028'),
('a2_rbac', '0005_auto_20150526_1406'),
('a2_rbac', '0006_auto_20150619_1056'),
('a2_rbac', '0007_auto_20150708_1337'),
('a2_rbac', '0008_auto_20150810_1953'),
('a2_rbac', '0009_partial_unique_index_on_permission'),
('a2_rbac', '0010_auto_20160209_1417'),
('a2_rbac', '0011_auto_20160209_1511'),
('a2_rbac', '0013_auto_20170629_0007'),
('a2_rbac', '0014_auto_20170711_1024'),
('a2_rbac', '0015_organizationalunit_validate_emails'),
('a2_rbac', '0016_auto_20171208_1429'),
('a2_rbac', '0017_organizationalunit_user_can_reset_password'),
('a2_rbac', '0018_organizationalunit_user_add_password_policy'),
('a2_rbac', '0019_organizationalunit_show_username'),
('a2_rbac', '0020_partial_unique_index_on_name'),
('a2_rbac', '0021_auto_20200317_1514'),
('a2_rbac', '0022_auto_20200402_1101'),
('a2_rbac', '0023_role_can_manage_members'),
('a2_rbac', '0024_fix_self_admin_perm'),
('a2_rbac', '0025_auto_20210622_1132'),
('a2_rbac', '0026_add_roleparenting_soft_delete'),
('a2_rbac', '0026_organizationalunit_check_required_on_login_attributes'),
('a2_rbac', '0027_auto_20211213_0949'),
('a2_rbac', '0027_auto_20220331_1521'),
('a2_rbac', '0028_ou_home_url'),
('a2_rbac', '0029_use_unique_constraints'),
('a2_rbac', '0030_organizationalunit_min_password_strength'),
('a2_rbac', '0031_new_operation_model'),
('a2_rbac', '0032_copy_operations_data'),
('a2_rbac', '0033_remove_old_operation_fk'),
('a2_rbac', '0034_new_role_fields'),
('a2_rbac', '0035_populate_role_fields'),
('a2_rbac', '0036_delete_roleattribute'),
('a2_rbac', '0037_remove_organizationalunit_min_password_strength'),
]
initial = True
dependencies = [
('a2_rbac', '0038_replace'),
('custom_user', '0037_replace'),
('contenttypes', '0002_remove_content_type_name'),
('authentic2', '0051_replace'),
]
operations = [
migrations.AddField(
model_name='role',
name='members',
field=models.ManyToManyField(blank=True, related_name='roles', to='custom_user.User'),
),
migrations.AddField(
model_name='role',
name='ou',
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
migrations.AddField(
model_name='role',
name='permissions',
field=models.ManyToManyField(blank=True, related_name='roles', to='a2_rbac.Permission'),
),
migrations.AddField(
model_name='role',
name='service',
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name='roles',
to='authentic2.service',
verbose_name='service',
),
),
migrations.AddField(
model_name='permission',
name='operation',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='a2_rbac.operation', verbose_name='operation'
),
),
migrations.AddField(
model_name='permission',
name='ou',
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name='scoped_permission',
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
migrations.AddField(
model_name='permission',
name='target_ct',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, related_name='+', to='contenttypes.contenttype'
),
),
migrations.AlterUniqueTogether(
name='organizationalunit',
unique_together={('name',), ('slug',)},
),
migrations.AlterUniqueTogether(
name='roleparenting',
unique_together={('parent', 'child', 'direct')},
),
migrations.AlterIndexTogether(
name='roleparenting',
index_together={('child', 'parent', 'direct')},
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True)),
fields=('ou', 'service', 'slug'),
name='slug_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True)),
fields=('ou', 'service', 'name'),
name='name_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True), ('service__isnull', True)),
fields=('ou', 'slug'),
name='null_service_slug_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True), ('ou__isnull', True)),
fields=('service', 'slug'),
name='null_ou_slug_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(
('admin_scope_ct__isnull', True), ('ou__isnull', True), ('service__isnull', True)
),
fields=('slug',),
name='null_ou_service_slug_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True), ('service__isnull', True)),
fields=('ou', 'name'),
name='null_service_name_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(('admin_scope_ct__isnull', True), ('ou__isnull', True)),
fields=('service', 'name'),
name='null_ou_name_uniq_idx',
),
),
migrations.AddConstraint(
model_name='role',
constraint=models.UniqueConstraint(
condition=models.Q(
('admin_scope_ct__isnull', True), ('ou__isnull', True), ('service__isnull', True)
),
fields=('name',),
name='null_ou_service_name_uniq_idx',
),
),
migrations.AlterUniqueTogether(
name='role',
unique_together={('admin_scope_ct', 'admin_scope_id')},
),
migrations.AddConstraint(
model_name='permission',
constraint=models.UniqueConstraint(
condition=models.Q(('ou__isnull', True)),
fields=('operation', 'target_ct', 'target_id'),
name='null_ou_uniq_idx',
),
),
]

317
src/authentic2/apps/authenticators/migrations/0020_replace.py Normal file
View File

@ -0,0 +1,317 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import uuid
import django.db.models.deletion
from django.db import migrations, models
import authentic2.utils.evaluate
import authentic2.utils.template
class Migration(migrations.Migration):
replaces = [
('authenticators', '0001_initial'),
('authenticators', '0002_loginpasswordauthenticator'),
('authenticators', '0003_auto_20220413_1504'),
('authenticators', '0004_auto_20220726_1708'),
('authenticators', '0005_addroleaction'),
('authenticators', '0006_loginpasswordauthenticator_registration_open'),
('authenticators', '0007_migrate_registration_open'),
('authenticators', '0008_new_password_settings_fields'),
('authenticators', '0009_migrate_new_password_settings'),
('authenticators', '0010_auto_20230614_1017'),
('authenticators', '0011_migrate_a2_accept_authentication_settings'),
('authenticators', '0012_loginpasswordauthenticator_min_password_strength'),
('authenticators', '0013_migrate_min_password_strength'),
('authenticators', '0014_auto_20230801_1517'),
('authenticators', '0015_alter_baseauthenticator_button_label'),
('authenticators', '0016_alter_addroleaction_condition'),
('authenticators', '0017_auto_20230927_1517'),
('authenticators', '0018_auto_20230927_1519'),
('authenticators', '0019_fix_addroleaction_condition'),
]
initial = True
dependencies = [
('a2_rbac', '0038_replace'),
('authentic2', '0051_replace'),
]
operations = [
migrations.CreateModel(
name='BaseAuthenticator',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('uuid', models.CharField(default=uuid.uuid4, editable=False, max_length=255, unique=True)),
('name', models.CharField(blank=True, max_length=128, verbose_name='Name')),
('slug', models.SlugField(unique=True)),
('order', models.IntegerField(default=0, editable=False, verbose_name='Order')),
('enabled', models.BooleanField(default=False, editable=False)),
(
'show_condition',
models.CharField(
blank=True,
default='',
help_text='Django template controlling authenticator display. For example, "\'backoffice\' in login_hint or '
'remote_addr == \'1.2.3.4\'" would hide the authenticator from normal users except if they come from the specified IP '
'address. Available variables include service_ou_slug, service_slug, remote_addr, login_hint and headers.',
max_length=1024,
validators=[authentic2.utils.evaluate.condition_validator],
verbose_name='Show condition',
),
),
(
'button_description',
models.CharField(
blank=True,
help_text='Description will be shown at the top of login block (unless already set by theme).',
max_length=256,
verbose_name='Login block description',
),
),
(
'button_label',
models.CharField(default='Login', max_length=256, verbose_name='Login button label'),
),
(
'ou',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
],
options={
'ordering': ('-enabled', 'order', 'name', 'slug', 'ou'),
},
),
migrations.CreateModel(
name='AddRoleAction',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'mandatory',
models.BooleanField(default=False, editable=False, verbose_name='Mandatory (unused)'),
),
(
'condition',
models.CharField(
blank=True,
default='',
help_text='Django template controlling role attribution. For example, "\'Admin\' in attributes.groups" will '
'attribute the role if attributes has "groups" attribute containing the value "Admin". Variable "attributes" contains '
'the attributes received from the identity provider.If condition is not satisfied the role will be removed.',
max_length=1024,
validators=[authentic2.utils.template.validate_condition_template],
verbose_name='Condition',
),
),
(
'authenticator',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='add_role_actions',
to='authenticators.baseauthenticator',
),
),
(
'role',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='add_role_actions',
to='a2_rbac.role',
verbose_name='Role',
),
),
],
options={
'verbose_name': 'Add a role',
'verbose_name_plural': 'Add roles',
'default_related_name': 'add_role_actions',
},
),
migrations.CreateModel(
name='LoginPasswordAuthenticator',
fields=[
(
'baseauthenticator_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authenticators.baseauthenticator',
),
),
(
'registration_open',
models.BooleanField(
default=True,
help_text='Allow users to create accounts.',
verbose_name='Registration open',
),
),
(
'remember_me',
models.PositiveIntegerField(
blank=True,
help_text='Session duration as seconds when using the remember me checkbox. Leave blank to hide the checkbox.',
null=True,
verbose_name='Remember me duration',
),
),
(
'include_ou_selector',
models.BooleanField(default=False, verbose_name='Include OU selector in login form'),
),
(
'accept_email_authentication',
models.BooleanField(
default=True, verbose_name='Let the users identify with their email address'
),
),
(
'accept_phone_authentication',
models.BooleanField(
default=False, verbose_name='Let the users identify with their phone number'
),
),
(
'min_password_strength',
models.IntegerField(
blank=True,
choices=[
(None, 'Follow static checks'),
(0, 'Very Weak'),
(1, 'Weak'),
(2, 'Fair'),
(3, 'Good'),
(4, 'Strong'),
],
default=3,
help_text='Password strength, using dynamic indicators such as common names, dates and other popular patterns. Selecting '
'"static checks" will instead validate that a password contains enough different kind of caracters. Password indicator on '
'registration form will reflect the chosen policy.',
null=True,
verbose_name='Minimum password strength',
),
),
(
'password_min_length',
models.PositiveIntegerField(default=8, null=True, verbose_name='Password minimum length'),
),
(
'password_regex',
models.CharField(
blank=True,
default='',
max_length=512,
verbose_name='Regular expression for validating passwords',
),
),
(
'password_regex_error_msg',
models.CharField(
blank=True,
default='',
max_length=1024,
verbose_name='Error message to show when the password do not validate the regular expression',
),
),
(
'login_exponential_retry_timeout_duration',
models.FloatField(
default=1,
help_text='Exponential backoff base factor duration as seconds until next try after a login failure.',
verbose_name='Retry timeout duration',
),
),
(
'login_exponential_retry_timeout_factor',
models.FloatField(
default=1.8,
help_text='Exponential backoff factor duration as seconds until next try after a login failure.',
verbose_name='Retry timeout factor',
),
),
(
'login_exponential_retry_timeout_max_duration',
models.PositiveIntegerField(
default=3600,
help_text='Maximum exponential backoff maximum duration as seconds until next try after a login failure.',
verbose_name='Retry timeout max duration',
),
),
(
'login_exponential_retry_timeout_min_duration',
models.PositiveIntegerField(
default=10,
help_text='Minimum exponential backoff maximum duration as seconds until next try after a login failure.',
verbose_name='Retry timeout min duration',
),
),
(
'emails_ip_ratelimit',
models.CharField(
default='10/h',
help_text='Maximum rate of email sendings triggered by the same IP address.',
max_length=32,
verbose_name='Emails IP ratelimit',
),
),
(
'sms_ip_ratelimit',
models.CharField(
default='10/h',
help_text='Maximum rate of SMSs triggered by the same IP address.',
max_length=32,
verbose_name='SMS IP ratelimit',
),
),
(
'emails_address_ratelimit',
models.CharField(
default='3/d',
help_text='Maximum rate of emails sent to the same email address.',
max_length=32,
verbose_name='Emails address ratelimit',
),
),
(
'sms_number_ratelimit',
models.CharField(
default='10/h',
help_text='Maximum rate of SMSs sent to the same phone number.',
max_length=32,
verbose_name='SMS number ratelimit',
),
),
(
'phone_identifier_field',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.PROTECT,
to='authentic2.attribute',
verbose_name='Phone field used as user identifier',
),
),
],
options={
'verbose_name': 'Password',
},
bases=('authenticators.baseauthenticator',),
),
]

108
src/authentic2/apps/journal/migrations/0003_replace.py Normal file
View File

@ -0,0 +1,108 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.contrib.postgres.fields
import django.db.models.deletion
import django.utils.timezone
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [('journal', '0001_initial'), ('journal', '0002_event_api')]
initial = True
dependencies = [
('sessions', '0001_initial'),
('custom_user', '0037_replace'),
]
operations = [
migrations.CreateModel(
name='EventType',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('name', models.SlugField(max_length=256, unique=True, verbose_name='name')),
],
options={
'verbose_name': 'event type',
'verbose_name_plural': 'event types',
'ordering': ('name',),
},
),
migrations.CreateModel(
name='Event',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'timestamp',
models.DateTimeField(
blank=True,
default=django.utils.timezone.now,
editable=False,
verbose_name='timestamp',
),
),
(
'reference_ids',
django.contrib.postgres.fields.ArrayField(
base_field=models.BigIntegerField(),
null=True,
size=None,
verbose_name='reference ids',
),
),
(
'reference_ct_ids',
django.contrib.postgres.fields.ArrayField(
base_field=models.IntegerField(),
null=True,
size=None,
verbose_name='reference ct ids',
),
),
('data', models.JSONField(null=True, verbose_name='data')),
('api', models.BooleanField(default=False, verbose_name='API')),
(
'session',
models.ForeignKey(
blank=True,
db_constraint=False,
null=True,
on_delete=django.db.models.deletion.DO_NOTHING,
to='sessions.session',
verbose_name='session',
),
),
(
'type',
models.ForeignKey(
on_delete=django.db.models.deletion.PROTECT,
to='journal.eventtype',
verbose_name='type',
),
),
(
'user',
models.ForeignKey(
blank=True,
db_constraint=False,
null=True,
on_delete=django.db.models.deletion.DO_NOTHING,
to='custom_user.user',
verbose_name='user',
),
),
],
options={
'verbose_name': 'event',
'verbose_name_plural': 'events',
'ordering': ('timestamp', 'id'),
},
),
]

342
src/authentic2/custom_user/migrations/0037_replace.py Normal file
View File

@ -0,0 +1,342 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import uuid
import django.contrib.postgres.fields
import django.db.models.deletion
import django.utils.timezone
from django.db import migrations, models
import authentic2.utils.misc
import authentic2.validators
class Migration(migrations.Migration):
replaces = [
('custom_user', '0001_initial'),
('custom_user', '0002_auto_20150410_1823'),
('custom_user', '0003_auto_20150504_1410'),
('custom_user', '0004_user_ou'),
('custom_user', '0005_auto_20150522_1527'),
('custom_user', '0006_auto_20150527_1212'),
('custom_user', '0007_auto_20150610_1527'),
('custom_user', '0008_auto_20150617_1606'),
('custom_user', '0009_auto_20150810_1953'),
('custom_user', '0010_auto_20160307_1418'),
('custom_user', '0011_manual_attribute_values_for_name_fields'),
('custom_user', '0012_user_modified'),
('custom_user', '0013_user_email_verified'),
('custom_user', '0014_set_email_verified'),
('custom_user', '0015_auto_20170707_1653'),
('custom_user', '0016_auto_20180925_1107'),
('custom_user', '0017_auto_20200305_1645'),
('custom_user', '0018_user_last_account_deletion_alert'),
('custom_user', '0019_add_user_deleted'),
('custom_user', '0020_deleteduser'),
('custom_user', '0021_set_unusable_password'),
('custom_user', '0022_index_email'),
('custom_user', '0023_index_username'),
('custom_user', '0024_index_email_by_trigrams'),
('custom_user', '0025_user_deactivation'),
('custom_user', '0026_remove_user_deleted'),
('custom_user', '0027_user_deactivation_reason'),
('custom_user', '0028_user_email_verified_date'),
('custom_user', '0029_profile_profiletype'),
('custom_user', '0030_auto_20220304_1136'),
('custom_user', '0031_profile_email'),
('custom_user', '0032_auto_20220919_1230'),
('custom_user', '0032_index_deleteduser_old_email'),
('custom_user', '0032_index_deleteduser_old_uuid'),
('custom_user', '0033_user_keepalive'),
('custom_user', '0034_user_email_verified_sources'),
('custom_user', '0035_alter_user_username'),
('custom_user', '0036_remove_user_constraint_at_least_one_identifier'),
]
initial = True
dependencies = [
('auth', '0012_alter_user_first_name_max_length'),
('a2_rbac', '0038_replace'),
('authentic2', '0051_replace'),
]
operations = [
migrations.CreateModel(
name='DeletedUser',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('deleted', models.DateTimeField(auto_now_add=True, verbose_name='Deletion date')),
('old_uuid', models.TextField(blank=True, db_index=True, null=True, verbose_name='Old UUID')),
(
'old_user_id',
models.PositiveIntegerField(blank=True, null=True, verbose_name='Old user id'),
),
(
'old_email',
models.EmailField(
blank=True, db_index=True, max_length=254, null=True, verbose_name='Old email adress'
),
),
(
'old_phone',
models.CharField(blank=True, max_length=64, null=True, verbose_name='Old phone number'),
),
('old_data', models.JSONField(blank=True, null=True, verbose_name='Old data')),
],
options={
'verbose_name': 'deleted user',
'verbose_name_plural': 'deleted users',
'ordering': ('deleted', 'id'),
},
),
migrations.CreateModel(
name='ProfileType',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'uuid',
models.UUIDField(default=uuid.uuid4, editable=False, unique=True, verbose_name='UUID'),
),
('name', models.CharField(max_length=64, verbose_name='name')),
('slug', models.SlugField(max_length=64, unique=True, verbose_name='slug')),
],
options={
'verbose_name': 'profile type',
'verbose_name_plural': 'profile types',
'ordering': ('name', 'slug'),
},
),
migrations.CreateModel(
name='User',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('password', models.CharField(max_length=128, verbose_name='password')),
('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
(
'uuid',
models.CharField(
default=authentic2.utils.misc.get_hex_uuid,
editable=False,
max_length=32,
unique=True,
verbose_name='uuid',
),
),
(
'username',
models.CharField(
blank=True, db_index=True, max_length=256, null=True, verbose_name='username'
),
),
('first_name', models.CharField(blank=True, max_length=128, verbose_name='first name')),
('last_name', models.CharField(blank=True, max_length=128, verbose_name='last name')),
(
'email',
models.EmailField(
blank=True,
max_length=254,
validators=[authentic2.validators.EmailValidator()],
verbose_name='email address',
),
),
('email_verified', models.BooleanField(default=False, verbose_name='email verified')),
(
'email_verified_date',
models.DateTimeField(
blank=True, default=None, null=True, verbose_name='email verified date'
),
),
(
'email_verified_sources',
django.contrib.postgres.fields.ArrayField(
base_field=models.CharField(max_length=63),
blank=True,
default=list,
null=True,
size=None,
verbose_name='email verification sources',
),
),
(
'is_superuser',
models.BooleanField(
default=False,
help_text='Designates that this user has all permissions without explicitly assigning them.',
verbose_name='superuser status',
),
),
(
'phone',
models.CharField(
blank=True,
max_length=64,
null=True,
validators=[authentic2.validators.PhoneNumberValidator],
verbose_name='phone number',
),
),
(
'phone_verified_on',
models.DateTimeField(
blank=True, default=None, null=True, verbose_name='phone verification date'
),
),
(
'is_staff',
models.BooleanField(
default=False,
help_text='Designates whether the user can log into this admin site.',
verbose_name='staff status',
),
),
(
'is_active',
models.BooleanField(
default=True,
help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.',
verbose_name='active',
),
),
(
'date_joined',
models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined'),
),
(
'modified',
models.DateTimeField(auto_now=True, db_index=True, verbose_name='Last modification time'),
),
(
'last_account_deletion_alert',
models.DateTimeField(blank=True, null=True, verbose_name='Last account deletion alert'),
),
(
'deactivation',
models.DateTimeField(blank=True, null=True, verbose_name='Deactivation datetime'),
),
(
'deactivation_reason',
models.TextField(blank=True, null=True, verbose_name='Deactivation reason'),
),
(
'keepalive',
models.DateTimeField(blank=True, null=True, verbose_name='Keepalive timestamp'),
),
(
'groups',
models.ManyToManyField(
blank=True,
help_text='The groups this user belongs to. A user will get all permissions granted to each of his/her group.',
related_name='user_set',
related_query_name='user',
to='auth.Group',
verbose_name='groups',
),
),
(
'ou',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
(
'user_permissions',
models.ManyToManyField(
blank=True,
help_text='Specific permissions for this user.',
related_name='user_set',
related_query_name='user',
to='auth.Permission',
verbose_name='user permissions',
),
),
],
options={
'verbose_name': 'user',
'verbose_name_plural': 'users',
'ordering': ('last_name', 'first_name', 'email', 'username'),
},
),
migrations.CreateModel(
name='ServiceProfileType',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'profile_type',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.profiletype'
),
),
(
'service',
models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='authentic2.service'),
),
],
options={
'unique_together': {('service', 'profile_type')},
},
),
migrations.CreateModel(
name='Profile',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('identifier', models.CharField(default='', max_length=256, verbose_name='identifier')),
('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
('data', models.JSONField(blank=True, null=True, verbose_name='data')),
(
'profile_type',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='profiles',
to='custom_user.profiletype',
verbose_name='profile type',
),
),
(
'user',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='profiles',
to='custom_user.user',
verbose_name='user',
),
),
],
options={
'verbose_name': 'profile',
'verbose_name_plural': 'profiles',
'ordering': ('user', 'profile_type'),
'unique_together': {('user', 'profile_type', 'identifier')},
},
),
migrations.AddField(
model_name='profiletype',
name='services',
field=models.ManyToManyField(
blank=True,
related_name='_custom_user_profiletype_services_+',
through='custom_user.ServiceProfileType',
to='authentic2.Service',
verbose_name='allowed services for this profile type',
),
),
]

393
src/authentic2/migrations/0051_replace.py Normal file
View File

@ -0,0 +1,393 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import uuid
import django.contrib.postgres.fields
import django.contrib.postgres.search
import django.db.models.manager
from django.db import migrations, models
import authentic2.utils.sms
import authentic2.validators
class Migration(migrations.Migration):
replaces = [
('authentic2', '0001_initial'),
('authentic2', '0002_auto_20150320_1418'),
('authentic2', '0003_auto_20150409_1840'),
('authentic2', '0004_service'),
('authentic2', '0005_service_ou'),
('authentic2', '0006_conditional_slug_index'),
('authentic2', '0007_auto_20150523_0028'),
('authentic2', '0008_auto_20160204_1415'),
('authentic2', '0009_auto_20160211_2247'),
('authentic2', '0010_attributevalue_multiple'),
('authentic2', '0011_auto_20160211_2253'),
('authentic2', '0012_auto_20160211_2255'),
('authentic2', '0013_auto_20160211_2258'),
('authentic2', '0014_attributevalue_verified'),
('authentic2', '0015_auto_20160621_1711'),
('authentic2', '0016_attribute_disabled'),
('authentic2', '0017_modify_attribute_serialization'),
('authentic2', '0018_auto_20170524_0842'),
('authentic2', '0019_auto_20170309_1529'),
('authentic2', '0020_delete_federatedid'),
('authentic2', '0021_attribute_order'),
('authentic2', '0022_attribute_scopes'),
('authentic2', '0023_auto_20181031_0900'),
('authentic2', '0024_auto_20190617_1113'),
('authentic2', '0025_auto_20191009_1047'),
('authentic2', '0026_token'),
('authentic2', '0027_remove_deleteduser'),
('authentic2', '0028_trigram_unaccent_index'),
('authentic2', '0029_auto_20201013_1614'),
('authentic2', '0030_clean_admin_tools_tables'),
('authentic2', '0031_add_search_vector_to_attributes'),
('authentic2', '0032_initialize_search_vectors'),
('authentic2', '0033_recreate_immutable_unaccent'),
('authentic2', '0034_attribute_required_on_login'),
('authentic2', '0035_service_home_url'),
('authentic2', '0036_service_profile_types'),
('authentic2', '0037_auto_20220331_1513'),
('authentic2', '0038_make_service_ou_non_null'),
('authentic2', '0039_add_unique_attribute_constraint'),
('authentic2', '0040_add_external_guid'),
('authentic2', '0041_lock'),
('authentic2', '0042_api_client'),
('authentic2', '0043_api_client_description'),
('authentic2', '0044_apiclient_ou'),
('authentic2', '0044_auto_20220530_1426'),
('authentic2', '0045_auto_20221222_1013'),
('authentic2', '0045_auto_20230117_1513'),
('authentic2', '0045_smscode'),
('authentic2', '0046_runtimesetting'),
('authentic2', '0047_initialize_services_runtime_settings'),
('authentic2', '0048_rename_services_runtime_settings'),
('authentic2', '0049_apiclient_allowed_user_attributes'),
('authentic2', '0050_initialize_users_advanced_configuration'),
]
initial = True
dependencies = []
operations = [
migrations.CreateModel(
name='APIClient',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('name', models.CharField(max_length=128, verbose_name='Name')),
('description', models.TextField(blank=True, verbose_name='Description')),
('identifier', models.CharField(max_length=256, verbose_name='Identifier')),
('password', models.CharField(max_length=256, verbose_name='Password')),
(
'restrict_to_anonymised_data',
models.BooleanField(default=False, verbose_name='Restrict to anonymised data'),
),
],
options={
'verbose_name': 'APIClient',
'verbose_name_plural': 'APIClient',
},
),
migrations.CreateModel(
name='Attribute',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('label', models.CharField(max_length=63, unique=True, verbose_name='label')),
('description', models.TextField(blank=True, verbose_name='description')),
('name', models.SlugField(max_length=256, unique=True, verbose_name='name')),
('required', models.BooleanField(blank=True, default=False, verbose_name='required')),
(
'asked_on_registration',
models.BooleanField(blank=True, default=False, verbose_name='asked on registration'),
),
(
'user_editable',
models.BooleanField(blank=True, default=False, verbose_name='user editable'),
),
('user_visible', models.BooleanField(blank=True, default=False, verbose_name='user visible')),
('multiple', models.BooleanField(blank=True, default=False, verbose_name='multiple')),
('kind', models.CharField(max_length=16, verbose_name='kind')),
('disabled', models.BooleanField(blank=True, default=False, verbose_name='disabled')),
('searchable', models.BooleanField(blank=True, default=False, verbose_name='searchable')),
(
'required_on_login',
models.BooleanField(blank=True, default=False, verbose_name='required on login'),
),
(
'scopes',
models.CharField(
blank=True,
default='',
help_text='scopes separated by spaces',
max_length=256,
verbose_name='scopes',
),
),
('order', models.PositiveIntegerField(default=0, verbose_name='order')),
],
options={
'verbose_name': 'attribute definition',
'verbose_name_plural': 'attribute definitions',
'ordering': ('order', 'id'),
'base_manager_name': 'all_objects',
},
managers=[
('all_objects', django.db.models.manager.Manager()),
],
),
migrations.CreateModel(
name='AttributeValue',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('object_id', models.PositiveIntegerField(db_index=True, verbose_name='object identifier')),
('multiple', models.BooleanField(default=False, null=True)),
('content', models.TextField(db_index=True, verbose_name='content')),
(
'search_vector',
django.contrib.postgres.search.SearchVectorField(editable=False, null=True),
),
('verified', models.BooleanField(default=False)),
(
'verification_sources',
django.contrib.postgres.fields.ArrayField(
base_field=models.CharField(max_length=63),
null=True,
size=None,
verbose_name='verification sources',
),
),
(
'last_verified_on',
models.DateTimeField(null=True, verbose_name='last verification timestamp'),
),
],
options={
'verbose_name': 'attribute value',
'verbose_name_plural': 'attribute values',
'ordering': ('attribute__order', 'id'),
},
managers=[
('all_objects', django.db.models.manager.Manager()),
],
),
migrations.CreateModel(
name='AuthenticationEvent',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('when', models.DateTimeField(auto_now=True, verbose_name='when')),
('who', models.CharField(max_length=80, verbose_name='who')),
('how', models.CharField(max_length=32, verbose_name='how')),
('nonce', models.CharField(max_length=255, verbose_name='nonce')),
],
options={
'verbose_name': 'authentication log',
'verbose_name_plural': 'authentication logs',
},
),
migrations.CreateModel(
name='AuthorizedRole',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
],
),
migrations.CreateModel(
name='Lock',
fields=[
('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
('name', models.TextField(primary_key=True, serialize=False, verbose_name='Name')),
],
options={
'verbose_name': 'Lock',
'verbose_name_plural': 'Lock',
},
),
migrations.CreateModel(
name='LogoutUrl',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'logout_url',
models.URLField(
blank=True,
help_text='you can use a {} to pass the URL of the success icon, ex.: http://example.com/logout?next={}',
max_length=255,
null=True,
verbose_name='url',
),
),
(
'logout_use_iframe',
models.BooleanField(
default=False, verbose_name='use an iframe instead of an img tag for logout'
),
),
(
'logout_use_iframe_timeout',
models.PositiveIntegerField(
default=300,
help_text="if iframe logout is used, it's the time between the onload event for this iframe and the moment we "
'consider its loading to be really finished',
verbose_name='iframe logout timeout (ms)',
),
),
('object_id', models.PositiveIntegerField(verbose_name='object identifier')),
],
options={
'verbose_name': 'logout URL',
'verbose_name_plural': 'logout URL',
},
),
migrations.CreateModel(
name='PasswordReset',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
],
options={
'verbose_name': 'password reset',
'verbose_name_plural': 'password reset',
},
),
migrations.CreateModel(
name='Service',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('name', models.CharField(max_length=128, verbose_name='name')),
('slug', models.SlugField(max_length=128, verbose_name='slug')),
(
'unauthorized_url',
models.URLField(
blank=True, max_length=256, null=True, verbose_name='callback url when unauthorized'
),
),
('home_url', models.URLField(blank=True, max_length=256, null=True, verbose_name='Home URL')),
('logo', models.ImageField(blank=True, upload_to='services/logos', verbose_name='Logo')),
(
'colour',
models.CharField(
blank=True,
max_length=32,
null=True,
validators=[authentic2.validators.HexaColourValidator()],
verbose_name='Colour',
),
),
],
options={
'verbose_name': 'base service model',
'verbose_name_plural': 'base service models',
'base_manager_name': 'objects',
},
),
migrations.CreateModel(
name='Setting',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('key', models.CharField(max_length=128, unique=True, verbose_name='key')),
('value', models.JSONField(blank=True, verbose_name='value')),
],
),
migrations.CreateModel(
name='SMSCode',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'value',
models.CharField(
default=authentic2.utils.sms.create_sms_code,
editable=False,
max_length=32,
verbose_name='Identifier',
),
),
('kind', models.CharField(max_length=32, verbose_name='Kind')),
(
'phone',
models.CharField(
blank=True,
max_length=64,
null=True,
validators=[authentic2.validators.PhoneNumberValidator],
verbose_name='phone number',
),
),
('url_token', models.UUIDField(default=uuid.uuid4, verbose_name='URL token')),
('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
('expires', models.DateTimeField(verbose_name='Expires')),
('sent', models.BooleanField(default=False, verbose_name='SMS code sent')),
('fake', models.BooleanField(default=False, verbose_name='Is a fake code')),
],
),
migrations.CreateModel(
name='Token',
fields=[
(
'uuid',
models.UUIDField(
default=uuid.uuid4,
editable=False,
primary_key=True,
serialize=False,
verbose_name='Identifier',
),
),
('kind', models.CharField(max_length=32, verbose_name='Kind')),
('content', models.JSONField(blank=True, verbose_name='Content')),
('created', models.DateTimeField(auto_now_add=True, verbose_name='Creation date')),
('expires', models.DateTimeField(verbose_name='Expires')),
],
options={
'ordering': ('-expires', 'kind', 'uuid'),
},
),
migrations.CreateModel(
name='UserExternalId',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('source', models.CharField(max_length=256, verbose_name='source')),
('external_id', models.CharField(max_length=256, null=True, verbose_name='external id')),
('external_guid', models.UUIDField(null=True, verbose_name='External GUID')),
('created', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),
('updated', models.DateTimeField(auto_now=True, verbose_name='last update date')),
],
options={
'verbose_name': 'user external id',
'verbose_name_plural': 'user external ids',
},
),
]

244
src/authentic2/migrations/0052_replace.py Normal file
View File

@ -0,0 +1,244 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.contrib.postgres.indexes
import django.db.models.deletion
from django.db import migrations, models
import authentic2.a2_rbac.utils
class Migration(migrations.Migration):
replaces = [
('authentic2', '0001_initial'),
('authentic2', '0002_auto_20150320_1418'),
('authentic2', '0003_auto_20150409_1840'),
('authentic2', '0004_service'),
('authentic2', '0005_service_ou'),
('authentic2', '0006_conditional_slug_index'),
('authentic2', '0007_auto_20150523_0028'),
('authentic2', '0008_auto_20160204_1415'),
('authentic2', '0009_auto_20160211_2247'),
('authentic2', '0010_attributevalue_multiple'),
('authentic2', '0011_auto_20160211_2253'),
('authentic2', '0012_auto_20160211_2255'),
('authentic2', '0013_auto_20160211_2258'),
('authentic2', '0014_attributevalue_verified'),
('authentic2', '0015_auto_20160621_1711'),
('authentic2', '0016_attribute_disabled'),
('authentic2', '0017_modify_attribute_serialization'),
('authentic2', '0018_auto_20170524_0842'),
('authentic2', '0019_auto_20170309_1529'),
('authentic2', '0020_delete_federatedid'),
('authentic2', '0021_attribute_order'),
('authentic2', '0022_attribute_scopes'),
('authentic2', '0023_auto_20181031_0900'),
('authentic2', '0024_auto_20190617_1113'),
('authentic2', '0025_auto_20191009_1047'),
('authentic2', '0026_token'),
('authentic2', '0027_remove_deleteduser'),
('authentic2', '0028_trigram_unaccent_index'),
('authentic2', '0029_auto_20201013_1614'),
('authentic2', '0030_clean_admin_tools_tables'),
('authentic2', '0031_add_search_vector_to_attributes'),
('authentic2', '0032_initialize_search_vectors'),
('authentic2', '0033_recreate_immutable_unaccent'),
('authentic2', '0034_attribute_required_on_login'),
('authentic2', '0035_service_home_url'),
('authentic2', '0036_service_profile_types'),
('authentic2', '0037_auto_20220331_1513'),
('authentic2', '0038_make_service_ou_non_null'),
('authentic2', '0039_add_unique_attribute_constraint'),
('authentic2', '0040_add_external_guid'),
('authentic2', '0041_lock'),
('authentic2', '0042_api_client'),
('authentic2', '0043_api_client_description'),
('authentic2', '0044_apiclient_ou'),
('authentic2', '0044_auto_20220530_1426'),
('authentic2', '0045_auto_20221222_1013'),
('authentic2', '0045_auto_20230117_1513'),
('authentic2', '0045_smscode'),
('authentic2', '0046_runtimesetting'),
('authentic2', '0047_initialize_services_runtime_settings'),
('authentic2', '0048_rename_services_runtime_settings'),
('authentic2', '0049_apiclient_allowed_user_attributes'),
('authentic2', '0050_initialize_users_advanced_configuration'),
]
initial = True
dependencies = [
('a2_rbac', '0039_replace'),
('custom_user', '0037_replace'),
('contenttypes', '0002_remove_content_type_name'),
('authentic2', '0051_replace'),
]
operations = [
migrations.CreateModel(
name='LDAPUser',
fields=[],
options={
'proxy': True,
'indexes': [],
'constraints': [],
},
bases=('custom_user.user',),
),
migrations.AddField(
model_name='userexternalid',
name='user',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.user', verbose_name='user'
),
),
migrations.AddField(
model_name='smscode',
name='user',
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='custom_user.user',
verbose_name='user',
),
),
migrations.AddField(
model_name='service',
name='authorized_roles',
field=models.ManyToManyField(
blank=True,
related_name='allowed_services',
through='authentic2.AuthorizedRole',
to='a2_rbac.Role',
verbose_name='authorized services',
),
),
migrations.AddField(
model_name='service',
name='ou',
field=models.ForeignKey(
default=authentic2.a2_rbac.utils.get_default_ou_pk,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
migrations.AddField(
model_name='service',
name='profile_types',
field=models.ManyToManyField(
blank=True,
related_name='_authentic2_service_profile_types_+',
through='custom_user.ServiceProfileType',
to='custom_user.ProfileType',
verbose_name='allowed services for this profile type',
),
),
migrations.AddField(
model_name='passwordreset',
name='user',
field=models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.user', verbose_name='user'
),
),
migrations.AddField(
model_name='logouturl',
name='content_type',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='contenttypes.contenttype',
verbose_name='content type',
),
),
migrations.AddField(
model_name='authorizedrole',
name='role',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='a2_rbac.role'),
),
migrations.AddField(
model_name='authorizedrole',
name='service',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='authentic2.service'),
),
migrations.AddField(
model_name='attributevalue',
name='attribute',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2.attribute',
verbose_name='attribute',
),
),
migrations.AddField(
model_name='attributevalue',
name='content_type',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='contenttypes.contenttype',
verbose_name='content type',
),
),
migrations.AddField(
model_name='apiclient',
name='allowed_user_attributes',
field=models.ManyToManyField(
blank=True,
related_name='apiclients',
to='authentic2.Attribute',
verbose_name='allowed user attributes',
),
),
migrations.AddField(
model_name='apiclient',
name='apiclient_roles',
field=models.ManyToManyField(
blank=True, related_name='apiclients', to='a2_rbac.Role', verbose_name='roles'
),
),
migrations.AddField(
model_name='apiclient',
name='ou',
field=models.ForeignKey(
blank=True,
default=authentic2.a2_rbac.utils.get_default_ou_pk,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.organizationalunit',
verbose_name='organizational unit',
),
),
migrations.AddConstraint(
model_name='userexternalid',
constraint=models.CheckConstraint(
check=models.Q(
('external_id__isnull', False), ('external_guid__isnull', False), _connector='OR'
),
name='at_least_one_id',
),
),
migrations.AlterUniqueTogether(
name='userexternalid',
unique_together={('source', 'external_id'), ('source', 'external_guid')},
),
migrations.AlterUniqueTogether(
name='service',
unique_together={('slug', 'ou')},
),
migrations.AddIndex(
model_name='attributevalue',
index=django.contrib.postgres.indexes.GinIndex(
fields=['search_vector'], name='authentic2_atv_tsvector_idx'
),
),
migrations.AddConstraint(
model_name='attributevalue',
constraint=models.UniqueConstraint(
condition=models.Q(('multiple', False)),
fields=('content_type', 'object_id', 'attribute'),
name='unique_attribute_idx',
),
),
migrations.AlterUniqueTogether(
name='attributevalue',
unique_together={('content_type', 'object_id', 'attribute', 'multiple', 'content')},
),
]

417
src/authentic2/saml/migrations/0021_replace.py Normal file
View File

@ -0,0 +1,417 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
import authentic2.saml.fields
import authentic2.saml.models
class Migration(migrations.Migration):
replaces = [
('saml', '0001_initial'),
('saml', '0002_auto_20150320_1245'),
('saml', '0002_ease_federation_migration'),
('saml', '0003_merge'),
('saml', '0004_auto_20150410_1438'),
('saml', '0005_make_liberty_provider_inherit_from_service'),
('saml', '0006_restore_foreign_keys'),
('saml', '0007_copy_service_ptr_id_to_old_id'),
('saml', '0008_alter_foreign_keys'),
('saml', '0009_auto'),
('saml', '0010_auto'),
('saml', '0011_auto'),
('saml', '0012_auto_20150526_2239'),
('saml', '0013_auto_20150617_1004'),
('saml', '0014_auto_20150617_1216'),
('saml', '0015_auto_20150915_2032'),
('saml', '0016_auto_20150915_2041'),
('saml', '0017_auto_20170710_1738'),
('saml', '0018_truncate_saml_keyvalue'),
('saml', '0019_auto_20200621_1558'),
('saml', '0020_libertysession_saml_libert_provide_39bb6c_idx'),
]
initial = True
dependencies = [
('authentic2', '0052_replace'),
('custom_user', '0037_replace'),
('contenttypes', '0002_remove_content_type_name'),
]
operations = [
migrations.CreateModel(
name='KeyValue',
fields=[
('key', models.CharField(max_length=128, primary_key=True, serialize=False)),
('value', authentic2.saml.fields.PickledObjectField()),
('created', models.DateTimeField(auto_now_add=True)),
],
options={
'verbose_name': 'key value association',
'verbose_name_plural': 'key value associations',
},
),
migrations.CreateModel(
name='LibertyArtifact',
fields=[
('creation', models.DateTimeField(auto_now_add=True)),
('artifact', models.CharField(max_length=128, primary_key=True, serialize=False)),
('content', models.TextField()),
('provider_id', models.CharField(max_length=256)),
],
options={
'verbose_name': 'SAML artifact',
'verbose_name_plural': 'SAML artifacts',
},
),
migrations.CreateModel(
name='LibertyFederation',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'name_id_format',
models.CharField(blank=True, max_length=100, null=True, verbose_name='NameIDFormat'),
),
('name_id_content', models.CharField(max_length=100, verbose_name='NameID')),
(
'name_id_qualifier',
models.CharField(blank=True, max_length=256, null=True, verbose_name='NameQualifier'),
),
(
'name_id_sp_name_qualifier',
models.CharField(blank=True, max_length=256, null=True, verbose_name='SPNameQualifier'),
),
('termination_notified', models.BooleanField(blank=True, default=False)),
('creation', models.DateTimeField(auto_now_add=True)),
('last_modification', models.DateTimeField(auto_now=True)),
(
'user',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
to='custom_user.user',
),
),
],
options={
'verbose_name': 'SAML federation',
'verbose_name_plural': 'SAML federations',
},
),
migrations.CreateModel(
name='LibertyProvider',
fields=[
(
'service_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authentic2.service',
),
),
('entity_id', models.URLField(max_length=256, unique=True, verbose_name='Entity ID')),
(
'entity_id_sha1',
models.CharField(blank=True, max_length=40, verbose_name='Entity ID SHA1'),
),
('metadata_url', models.URLField(blank=True, max_length=256, verbose_name='Metadata URL')),
(
'protocol_conformance',
models.IntegerField(choices=[(3, 'SAML 2.0')], verbose_name='Protocol conformance'),
),
('metadata', models.TextField(validators=[authentic2.saml.models.metadata_validator])),
(
'federation_source',
models.CharField(blank=True, max_length=64, null=True, verbose_name='Federation source'),
),
],
options={
'verbose_name': 'SAML provider',
'verbose_name_plural': 'SAML providers',
'ordering': ('service_ptr__name',),
},
bases=('authentic2.service',),
),
migrations.CreateModel(
name='SPOptionsIdPPolicy',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('name', models.CharField(max_length=80, unique=True, verbose_name='name')),
('enabled', models.BooleanField(db_index=True, default=False, verbose_name='Enabled')),
(
'prefered_assertion_consumer_binding',
models.CharField(
choices=[
('meta', 'Use the default from the metadata file'),
('art', 'Artifact binding'),
('post', 'POST binding'),
],
default='meta',
max_length=4,
verbose_name='Prefered assertion consumer binding',
),
),
('encrypt_nameid', models.BooleanField(default=False, verbose_name='Encrypt NameID')),
('encrypt_assertion', models.BooleanField(default=False, verbose_name='Encrypt Assertion')),
(
'authn_request_signed',
models.BooleanField(default=False, verbose_name='Authentication request signed'),
),
(
'idp_initiated_sso',
models.BooleanField(db_index=True, default=False, verbose_name='Allow IdP initiated SSO'),
),
(
'default_name_id_format',
models.CharField(
choices=[
('none', 'None'),
('persistent', 'Persistent'),
('transient', 'Transient'),
('email', 'Email'),
('username', 'Username (use with Google Apps)'),
('uuid', 'UUID'),
('edupersontargetedid', 'Use eduPersonTargetedID attribute'),
],
default='none',
max_length=256,
),
),
(
'accepted_name_id_format',
authentic2.saml.fields.MultiSelectField(
blank=True,
choices=[
('none', 'None'),
('persistent', 'Persistent'),
('transient', 'Transient'),
('email', 'Email'),
('username', 'Username (use with Google Apps)'),
('uuid', 'UUID'),
('edupersontargetedid', 'Use eduPersonTargetedID attribute'),
],
max_length=1024,
verbose_name='NameID formats accepted',
),
),
(
'ask_user_consent',
models.BooleanField(
default=False, verbose_name='Ask user for consent when creating a federation'
),
),
(
'accept_slo',
models.BooleanField(
db_index=True, default=True, verbose_name='Accept to receive Single Logout requests'
),
),
(
'forward_slo',
models.BooleanField(default=True, verbose_name='Forward Single Logout requests'),
),
(
'needs_iframe_logout',
models.BooleanField(
default=False,
help_text='logout URL are normally loaded inside an <img> HTML tag, some service provider need to use an iframe',
verbose_name='needs iframe logout',
),
),
(
'iframe_logout_timeout',
models.PositiveIntegerField(
default=300,
help_text="if iframe logout is used, it's the time between the onload event for this iframe and the moment we "
'consider its loading to be really finished',
verbose_name='iframe logout timeout',
),
),
(
'http_method_for_slo_request',
models.IntegerField(
choices=[(4, 'Redirect binding'), (5, 'SOAP binding')],
default=4,
verbose_name='HTTP binding for the SLO requests',
),
),
(
'federation_mode',
models.PositiveIntegerField(
choices=[(0, 'explicit'), (1, 'implicit')], default=0, verbose_name='federation mode'
),
),
],
options={
'verbose_name': 'service provider options policy',
'verbose_name_plural': 'service provider options policies',
},
),
migrations.CreateModel(
name='LibertyServiceProvider',
fields=[
(
'liberty_provider',
models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
related_name='service_provider',
serialize=False,
to='saml.libertyprovider',
),
),
('enabled', models.BooleanField(db_index=True, default=False, verbose_name='Enabled')),
(
'enable_following_sp_options_policy',
models.BooleanField(
default=False,
verbose_name='The following options policy will apply except if a policy for all service provider is defined.',
),
),
(
'users_can_manage_federations',
models.BooleanField(
blank=True, db_index=True, default=True, verbose_name='users can manage federation'
),
),
],
options={
'verbose_name': 'SAML service provider',
'verbose_name_plural': 'SAML service providers',
},
),
migrations.CreateModel(
name='LibertySessionDump',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('django_session_key', models.CharField(max_length=128)),
('session_dump', models.TextField(blank=True)),
('kind', models.IntegerField(choices=[(0, 'sp'), (1, 'idp')])),
],
options={
'verbose_name': 'SAML session dump',
'verbose_name_plural': 'SAML session dumps',
'unique_together': {('django_session_key', 'kind')},
},
),
migrations.CreateModel(
name='LibertySession',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('django_session_key', models.CharField(max_length=128)),
('session_index', models.CharField(max_length=80)),
('provider_id', models.CharField(max_length=256)),
('name_id_qualifier', models.CharField(max_length=256, null=True, verbose_name='Qualifier')),
('name_id_format', models.CharField(max_length=100, null=True, verbose_name='NameIDFormat')),
('name_id_content', models.CharField(max_length=100, verbose_name='NameID')),
(
'name_id_sp_name_qualifier',
models.CharField(max_length=256, null=True, verbose_name='SPNameQualifier'),
),
('creation', models.DateTimeField(auto_now_add=True)),
(
'federation',
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='saml.libertyfederation',
),
),
],
options={
'verbose_name': 'SAML session',
'verbose_name_plural': 'SAML sessions',
},
),
migrations.CreateModel(
name='SAMLAttribute',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('object_id', models.PositiveIntegerField(verbose_name='object identifier')),
(
'name_format',
models.CharField(
choices=[('basic', 'Basic'), ('uri', 'URI'), ('unspecified', 'Unspecified')],
default='basic',
max_length=64,
verbose_name='name format',
),
),
(
'name',
models.CharField(
blank=True,
help_text='the local attribute name is used if left blank',
max_length=128,
verbose_name='name',
),
),
('friendly_name', models.CharField(blank=True, max_length=64, verbose_name='friendly name')),
('attribute_name', models.CharField(max_length=64, verbose_name='attribute name')),
('enabled', models.BooleanField(blank=True, default=True, verbose_name='enabled')),
(
'content_type',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='contenttypes.contenttype',
verbose_name='content type',
),
),
],
options={
'unique_together': {
('content_type', 'object_id', 'name_format', 'name', 'friendly_name', 'attribute_name')
},
},
),
migrations.AddIndex(
model_name='libertysession',
index=models.Index(
fields=['provider_id', 'django_session_key'], name='saml_libert_provide_39bb6c_idx'
),
),
migrations.AddField(
model_name='libertyserviceprovider',
name='sp_options_policy',
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name='sp_options_policy',
to='saml.spoptionsidppolicy',
verbose_name='service provider options policy',
),
),
migrations.AddField(
model_name='libertyfederation',
name='sp',
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='saml.libertyserviceprovider',
),
),
]

108
src/authentic2_auth_fc/migrations/0009_replace.py Normal file
View File

@ -0,0 +1,108 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.contrib.postgres.fields
import django.db.models.deletion
from django.db import migrations, models
import authentic2_auth_fc.models
class Migration(migrations.Migration):
replaces = [
('authentic2_auth_fc', '0001_initial'),
('authentic2_auth_fc', '0002_auto_20200416_1439'),
('authentic2_auth_fc', '0003_fcaccount_order1'),
('authentic2_auth_fc', '0004_fcaccount_order2'),
('authentic2_auth_fc', '0005_fcauthenticator'),
('authentic2_auth_fc', '0006_auto_20220525_1409'),
('authentic2_auth_fc', '0007_auto_20220615_1002'),
('authentic2_auth_fc', '0008_fcauthenticator_link_by_email'),
]
initial = True
dependencies = [
('authenticators', '0020_replace'),
]
operations = [
migrations.CreateModel(
name='FcAccount',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
('sub', models.TextField(db_index=True, verbose_name='sub')),
('order', models.PositiveIntegerField(default=0, verbose_name='order')),
('token', models.TextField(default='{}', verbose_name='access token')),
('user_info', models.TextField(default='{}', null=True, verbose_name='access token')),
],
),
migrations.CreateModel(
name='FcAuthenticator',
fields=[
(
'baseauthenticator_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authenticators.baseauthenticator',
),
),
(
'platform',
models.CharField(
choices=[('prod', 'Production'), ('test', 'Integration')],
default='test',
max_length=4,
verbose_name='Platform',
),
),
(
'client_id',
models.CharField(
help_text='See <a href="https://partenaires.franceconnect.gouv.fr/fcp/fournisseur-service">FranceConnect partners site</a> '
'for getting client ID and secret.',
max_length=256,
verbose_name='Client ID',
),
),
('client_secret', models.CharField(max_length=256, verbose_name='Client Secret')),
(
'scopes',
django.contrib.postgres.fields.ArrayField(
base_field=models.CharField(
choices=[
('given_name', 'given name (given_name)'),
('gender', 'gender (gender)'),
('birthdate', 'birthdate (birthdate)'),
('birthcountry', 'birthcountry (birthcountry)'),
('birthplace', 'birthplace (birthplace)'),
('family_name', 'family name (family_name)'),
('email', 'email (email)'),
('preferred_username', 'usual family name (preferred_username)'),
('identite_pivot', 'core id (identite_pivot)'),
('profile', 'profile (profile)'),
('birth', 'birth profile (birth)'),
],
max_length=32,
),
default=authentic2_auth_fc.models.get_default_scopes,
size=None,
verbose_name='Scopes',
),
),
('link_by_email', models.BooleanField(default=True, verbose_name='Link by email address')),
],
options={
'verbose_name': 'FranceConnect',
},
bases=('authenticators.baseauthenticator',),
),
]

41
src/authentic2_auth_fc/migrations/0010_replace.py Normal file
View File

@ -0,0 +1,41 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [
('authentic2_auth_fc', '0001_initial'),
('authentic2_auth_fc', '0002_auto_20200416_1439'),
('authentic2_auth_fc', '0003_fcaccount_order1'),
('authentic2_auth_fc', '0004_fcaccount_order2'),
('authentic2_auth_fc', '0005_fcauthenticator'),
('authentic2_auth_fc', '0006_auto_20220525_1409'),
('authentic2_auth_fc', '0007_auto_20220615_1002'),
('authentic2_auth_fc', '0008_fcauthenticator_link_by_email'),
]
initial = True
dependencies = [
('authentic2_auth_fc', '0009_replace'),
('custom_user', '0037_replace'),
]
operations = [
migrations.AddField(
model_name='fcaccount',
name='user',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='fc_accounts',
to='custom_user.user',
verbose_name='user',
),
),
migrations.AlterUniqueTogether(
name='fcaccount',
unique_together={('sub', 'order'), ('user', 'order')},
),
]

220
src/authentic2_auth_oidc/migrations/0015_replace.py Normal file
View File

@ -0,0 +1,220 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
import authentic2.utils.template
import authentic2_auth_oidc.models
class Migration(migrations.Migration):
replaces = [
('authentic2_auth_oidc', '0001_initial'),
('authentic2_auth_oidc', '0002_oidcprovider_token_revocation_endpoint'),
('authentic2_auth_oidc', '0003_oidcprovider_show'),
('authentic2_auth_oidc', '0004_auto_20171017_1522'),
('authentic2_auth_oidc', '0005_oidcprovider_slug'),
('authentic2_auth_oidc', '0006_oidcprovider_claims_parameter_supported'),
('authentic2_auth_oidc', '0007_auto_20200317_1732'),
('authentic2_auth_oidc', '0008_auto_20201102_1142'),
('authentic2_auth_oidc', '0009_oidcprovider_baseauthenticator_ptr'),
('authentic2_auth_oidc', '0010_auto_20220413_1622'),
('authentic2_auth_oidc', '0011_auto_20220413_1632'),
('authentic2_auth_oidc', '0012_auto_20220524_1147'),
('authentic2_auth_oidc', '0013_auto_20220726_1714'),
('authentic2_auth_oidc', '0013_synchronization_fields'),
('authentic2_auth_oidc', '0014_auto_20220920_1614'),
('authentic2_auth_oidc', '0014_oidcprovider_passive_authn_supported'),
('authentic2_auth_oidc', '0015_auto_20220922_1152'),
('authentic2_auth_oidc', '0016_auto_20221019_1148'),
]
initial = True
dependencies = [
('authenticators', '0020_replace'),
]
operations = [
migrations.CreateModel(
name='OIDCAccount',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),
('modified', models.DateTimeField(auto_now=True, verbose_name='last modification date')),
('sub', models.CharField(max_length=256, verbose_name='sub')),
],
),
migrations.CreateModel(
name='OIDCClaimMapping',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'claim',
models.CharField(
max_length=128,
validators=[authentic2.utils.template.validate_template],
verbose_name='claim',
),
),
('attribute', models.CharField(max_length=64, verbose_name='attribute')),
(
'verified',
models.PositiveIntegerField(
choices=[(0, 'not verified'), (1, 'verified claim'), (2, 'always verified')],
default=0,
verbose_name='verified',
),
),
('required', models.BooleanField(blank=True, default=False, verbose_name='required')),
(
'idtoken_claim',
models.BooleanField(blank=True, default=False, verbose_name='idtoken claim'),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),
('modified', models.DateTimeField(auto_now=True, verbose_name='last modification date')),
],
options={
'verbose_name': 'Claim',
'verbose_name_plural': 'Claims',
'default_related_name': 'claim_mappings',
},
),
migrations.CreateModel(
name='OIDCProvider',
fields=[
(
'baseauthenticator_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authenticators.baseauthenticator',
),
),
('issuer', models.CharField(db_index=True, max_length=256, verbose_name='issuer')),
('client_id', models.CharField(max_length=128, verbose_name='client id')),
('client_secret', models.CharField(max_length=128, verbose_name='client secret')),
(
'authorization_endpoint',
models.URLField(max_length=128, verbose_name='authorization endpoint'),
),
('token_endpoint', models.URLField(max_length=128, verbose_name='token endpoint')),
('userinfo_endpoint', models.URLField(max_length=128, verbose_name='userinfo endpoint')),
(
'end_session_endpoint',
models.URLField(
blank=True, max_length=128, null=True, verbose_name='end session endpoint'
),
),
(
'token_revocation_endpoint',
models.URLField(
blank=True, max_length=128, null=True, verbose_name='token revocation endpoint'
),
),
('scopes', models.CharField(blank=True, max_length=128, verbose_name='scopes')),
(
'jwkset_json',
models.JSONField(
blank=True,
null=True,
validators=[authentic2_auth_oidc.models.validate_jwkset],
verbose_name='JSON WebKey set',
),
),
(
'idtoken_algo',
models.PositiveIntegerField(
choices=[(0, 'none'), (1, 'RSA'), (2, 'HMAC'), (3, 'EC')],
default=1,
verbose_name='IDToken signature algorithm',
),
),
(
'claims_parameter_supported',
models.BooleanField(default=False, verbose_name='Claims parameter supported'),
),
(
'strategy',
models.CharField(
choices=[
(
'create',
'create if account matching on email address failed (matching '
"will fail if global and provider's ou-wise email uniqueness is deactivated)",
),
('find-uuid', 'use sub to find existing user through UUID'),
('find-username', 'use sub to find existing user through username'),
(
'find-email',
'use email claim (or sub if claim is absent) to find existing user through email',
),
('none', 'none'),
],
max_length=32,
verbose_name='strategy',
),
),
(
'max_auth_age',
models.PositiveIntegerField(blank=True, null=True, verbose_name='max authentication age'),
),
(
'a2_synchronization_supported',
models.BooleanField(default=False, verbose_name='Authentic2 synchronization supported'),
),
(
'last_sync_time',
models.DateTimeField(
blank=True, editable=False, null=True, verbose_name='Last synchronization time'
),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='creation date')),
('modified', models.DateTimeField(auto_now=True, verbose_name='last modification date')),
(
'passive_authn_supported',
models.BooleanField(default=True, verbose_name='Supports passive authentication'),
),
],
options={
'verbose_name': 'OpenID Connect',
},
bases=('authenticators.baseauthenticator',),
),
migrations.AddConstraint(
model_name='oidcprovider',
constraint=models.UniqueConstraint(
condition=models.Q(('issuer', ''), _negated=True),
fields=('issuer',),
name='unique_issuer_if_not_empty',
),
),
migrations.AddField(
model_name='oidcclaimmapping',
name='authenticator',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='claim_mappings',
to='authenticators.baseauthenticator',
),
),
migrations.AddField(
model_name='oidcaccount',
name='provider',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='accounts',
to='authentic2_auth_oidc.oidcprovider',
verbose_name='provider',
),
),
]

51
src/authentic2_auth_oidc/migrations/0016_replace.py Normal file
View File

@ -0,0 +1,51 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [
('authentic2_auth_oidc', '0001_initial'),
('authentic2_auth_oidc', '0002_oidcprovider_token_revocation_endpoint'),
('authentic2_auth_oidc', '0003_oidcprovider_show'),
('authentic2_auth_oidc', '0004_auto_20171017_1522'),
('authentic2_auth_oidc', '0005_oidcprovider_slug'),
('authentic2_auth_oidc', '0006_oidcprovider_claims_parameter_supported'),
('authentic2_auth_oidc', '0007_auto_20200317_1732'),
('authentic2_auth_oidc', '0008_auto_20201102_1142'),
('authentic2_auth_oidc', '0009_oidcprovider_baseauthenticator_ptr'),
('authentic2_auth_oidc', '0010_auto_20220413_1622'),
('authentic2_auth_oidc', '0011_auto_20220413_1632'),
('authentic2_auth_oidc', '0012_auto_20220524_1147'),
('authentic2_auth_oidc', '0013_auto_20220726_1714'),
('authentic2_auth_oidc', '0013_synchronization_fields'),
('authentic2_auth_oidc', '0014_auto_20220920_1614'),
('authentic2_auth_oidc', '0014_oidcprovider_passive_authn_supported'),
('authentic2_auth_oidc', '0015_auto_20220922_1152'),
('authentic2_auth_oidc', '0016_auto_20221019_1148'),
]
initial = True
dependencies = [
('authentic2_auth_oidc', '0015_replace'),
('custom_user', '0037_replace'),
]
operations = [
migrations.AddField(
model_name='oidcaccount',
name='user',
field=models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
related_name='oidc_account',
to='custom_user.user',
verbose_name='user',
),
),
migrations.AlterUniqueTogether(
name='oidcaccount',
unique_together={('provider', 'sub')},
),
]

284
src/authentic2_auth_saml/migrations/0015_replace.py Normal file
View File

@ -0,0 +1,284 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
import authentic2_auth_saml.models
class Migration(migrations.Migration):
replaces = [
('authentic2_auth_saml', '0001_initial'),
('authentic2_auth_saml', '0002_auto_20220608_1559'),
('authentic2_auth_saml', '0003_auto_20220726_1713'),
('authentic2_auth_saml', '0004_remove_samlauthenticator_login_hints'),
(
'authentic2_auth_saml',
'0005_addroleaction_renameattributeaction_samlattributelookup_setattributeaction',
),
('authentic2_auth_saml', '0006_migrate_jsonfields'),
('authentic2_auth_saml', '0007_remove_jsonfields'),
('authentic2_auth_saml', '0008_auto_20220913_1105'),
('authentic2_auth_saml', '0009_statically_rename_attributes'),
('authentic2_auth_saml', '0010_delete_renameattributeaction'),
('authentic2_auth_saml', '0011_alter_authenticator_foreign_key'),
('authentic2_auth_saml', '0012_move_add_role_action'),
('authentic2_auth_saml', '0013_metadata_file_to_db'),
('authentic2_auth_saml', '0014_remove_samlauthenticator_metadata_path'),
]
initial = True
dependencies = [
('authenticators', '0020_replace'),
]
operations = [
migrations.CreateModel(
name='SAMLAuthenticator',
fields=[
(
'baseauthenticator_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authenticators.baseauthenticator',
),
),
('metadata_url', models.URLField(blank=True, max_length=300, verbose_name='Metadata URL')),
(
'metadata_cache_time',
models.PositiveSmallIntegerField(default=3600, verbose_name='Metadata cache time'),
),
(
'metadata_http_timeout',
models.PositiveSmallIntegerField(default=10, verbose_name='Metadata HTTP timeout'),
),
(
'metadata',
models.TextField(
blank=True,
validators=[authentic2_auth_saml.models.validate_metadata],
verbose_name='Metadata (XML)',
),
),
(
'provision',
models.BooleanField(
default=True, verbose_name='Create user if their username does not already exists'
),
),
(
'verify_ssl_certificate',
models.BooleanField(
default=True,
help_text='Verify SSL certificate when doing HTTP requests, used when resolving artifacts.',
verbose_name='Verify SSL certificate',
),
),
(
'transient_federation_attribute',
models.CharField(
blank=True,
help_text='Name of an attribute to use in replacement of the NameID content when the NameID format is transient.',
max_length=64,
verbose_name='Transient federation attribute',
),
),
(
'realm',
models.CharField(
default='saml',
help_text='The default realm to associate to user, can be used in username template.',
max_length=32,
verbose_name='Realm (realm)',
),
),
(
'username_template',
models.CharField(
default='{attributes[name_id_content]}@{realm}',
help_text='The template to build and/or retrieve a user from its username based on received attributes, the syntax is '
'the one from the str.format() method of Python. Available variables are realm, idp (current settings for the idp issuing '
'the assertion), attributes. The default value is {attributes[name_id_content]}@{realm}. Another example could be '
'{atttributes[uid][0]} to set the passed username as the username of the newly created user.',
max_length=128,
verbose_name='Username template',
),
),
(
'name_id_policy_format',
models.CharField(
blank=True,
choices=[
('', 'None'),
(
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'Persistent (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)',
),
(
'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
'Transient (urn:oasis:names:tc:SAML:2.0:nameid-format:transient)',
),
(
'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'Email (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)',
),
(
'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'Unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified)',
),
],
help_text='The NameID format to request.',
max_length=64,
verbose_name='NameID policy format',
),
),
(
'name_id_policy_allow_create',
models.BooleanField(default=True, verbose_name='NameID policy allow create'),
),
(
'force_authn',
models.BooleanField(
default=False,
help_text='Force authentication on each authentication request.',
verbose_name='Force authn',
),
),
(
'add_authnrequest_next_url_extension',
models.BooleanField(default=False, verbose_name='Add authnrequest next url extension'),
),
(
'group_attribute',
models.CharField(
blank=True,
help_text='Name of the SAML attribute to map to Django group names (for example "role").',
max_length=32,
verbose_name='Group attribute',
),
),
(
'create_group',
models.BooleanField(
default=True,
help_text='Create group or only assign existing groups.',
verbose_name='Create group',
),
),
(
'error_url',
models.URLField(
blank=True,
help_text='URL for the continue link when authentication fails. If not set, the RelayState is used. If there is no '
'RelayState, application default login redirect URL is used.',
verbose_name='Error URL',
),
),
(
'error_redirect_after_timeout',
models.PositiveSmallIntegerField(
default=120,
help_text='Timeout in seconds before automatically redirecting the user to the continue URL when authentication has failed.',
verbose_name='Error redirect after timeout',
),
),
(
'authn_classref',
models.CharField(
blank=True,
help_text='Authorized authentication class references, separated by commas. Empty value means everything is authorized. '
'Authentication class reference must be obtained from the identity provider but should come from the SAML 2.0 '
'specification.',
max_length=512,
verbose_name='Authn classref',
),
),
(
'attribute_mapping',
models.JSONField(
blank=True,
default=dict,
help_text='Maps templates based on SAML attributes to field of the user model, for '
'example {"email": "attributes[mail][0]"}.',
verbose_name='Attribute mapping (deprecated)',
),
),
(
'superuser_mapping',
models.JSONField(
blank=True,
default=dict,
editable=False,
help_text='Gives superuser flags to user if a SAML attribute contains a given value, for example {"roles": "Admin"}.',
verbose_name='Superuser mapping',
),
),
],
options={
'verbose_name': 'SAML',
},
bases=('authenticators.baseauthenticator',),
),
migrations.CreateModel(
name='SetAttributeAction',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('user_field', models.CharField(max_length=256, verbose_name='User field')),
('saml_attribute', models.CharField(max_length=1024, verbose_name='SAML attribute name')),
(
'mandatory',
models.BooleanField(
default=False,
help_text='Login will also be denied if attribute has more than one value.',
verbose_name='Deny login if attribute is missing',
),
),
(
'authenticator',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='set_attribute_actions',
to='authenticators.baseauthenticator',
),
),
],
options={
'verbose_name': 'Set an attribute',
'verbose_name_plural': 'Set attributes',
'default_related_name': 'set_attribute_actions',
},
),
migrations.CreateModel(
name='SAMLAttributeLookup',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('user_field', models.CharField(max_length=256, verbose_name='User field')),
('saml_attribute', models.CharField(max_length=1024, verbose_name='SAML attribute')),
('ignore_case', models.BooleanField(default=False, verbose_name='Ignore case')),
(
'authenticator',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name='attribute_lookups',
to='authenticators.baseauthenticator',
),
),
],
options={
'verbose_name': 'Attribute lookup',
'verbose_name_plural': 'Lookup by attributes',
'default_related_name': 'attribute_lookups',
},
),
]

141
src/authentic2_idp_cas/migrations/0016_replace.py Normal file
View File

@ -0,0 +1,141 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
import authentic2_idp_cas.models
class Migration(migrations.Migration):
replaces = [
('authentic2_idp_cas', '0001_initial'),
('authentic2_idp_cas', '0002_auto_20150410_1438'),
('authentic2_idp_cas', '0003_auto_20150415_2223'),
('authentic2_idp_cas', '0004_create_services'),
('authentic2_idp_cas', '0005_alter_field_service_ptr'),
('authentic2_idp_cas', '0006_copy_proxy_m2m'),
('authentic2_idp_cas', '0007_alter_service'),
('authentic2_idp_cas', '0008_alter_foreign_keys'),
('authentic2_idp_cas', '0009_alter_related_models'),
('authentic2_idp_cas', '0010_copy_service_ptr_id_to_old_id'),
('authentic2_idp_cas', '0011_remove_old_id_restore_proxy'),
('authentic2_idp_cas', '0012_copy_service_proxy_to_m2m'),
('authentic2_idp_cas', '0013_delete_model_service_proxy2'),
('authentic2_idp_cas', '0014_auto_20151204_1606'),
('authentic2_idp_cas', '0015_auto_20170406_1825'),
]
initial = True
dependencies = [
('authentic2', '0051_replace'),
]
operations = [
migrations.CreateModel(
name='Attribute',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('slug', models.SlugField(verbose_name='slug')),
('attribute_name', models.CharField(max_length=64, verbose_name='attribute name')),
('enabled', models.BooleanField(default=True, verbose_name='enabled')),
],
options={
'verbose_name': 'CAS attribute',
'verbose_name_plural': 'CAS attributes',
},
),
migrations.CreateModel(
name='Service',
fields=[
(
'service_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authentic2.service',
),
),
(
'logout_url',
models.URLField(
blank=True,
help_text='you can use a {} to pass the URL of the success icon, ex.: http://example.com/logout?next={}',
max_length=255,
null=True,
verbose_name='url',
),
),
(
'logout_use_iframe',
models.BooleanField(
default=False, verbose_name='use an iframe instead of an img tag for logout'
),
),
(
'logout_use_iframe_timeout',
models.PositiveIntegerField(
default=300,
help_text="if iframe logout is used, it's the time between the onload event "
'for this iframe and the moment we consider its loading to be really finished',
verbose_name='iframe logout timeout (ms)',
),
),
('urls', models.TextField(verbose_name='urls')),
('identifier_attribute', models.CharField(max_length=64, verbose_name='attribute name')),
],
options={
'verbose_name': 'service',
'verbose_name_plural': 'services',
},
bases=('authentic2.service', models.Model),
),
migrations.CreateModel(
name='Ticket',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'ticket_id',
models.CharField(
default=authentic2_idp_cas.models.make_uuid,
max_length=64,
unique=True,
verbose_name='ticket id',
),
),
('renew', models.BooleanField(default=False, verbose_name='fresh authentication')),
('validity', models.BooleanField(default=False, verbose_name='valid')),
('service_url', models.TextField(blank=True, default='', verbose_name='service URL')),
('creation', models.DateTimeField(auto_now_add=True, verbose_name='creation')),
('expire', models.DateTimeField(blank=True, null=True, verbose_name='expire')),
(
'session_key',
models.CharField(
blank=True,
db_index=True,
default='',
max_length=64,
verbose_name='django session key',
),
),
('proxies', models.TextField(blank=True, default='', verbose_name='proxies')),
(
'service',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2_idp_cas.service',
verbose_name='service',
),
),
],
),
]

70
src/authentic2_idp_cas/migrations/0017_replace.py Normal file
View File

@ -0,0 +1,70 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [
('authentic2_idp_cas', '0001_initial'),
('authentic2_idp_cas', '0002_auto_20150410_1438'),
('authentic2_idp_cas', '0003_auto_20150415_2223'),
('authentic2_idp_cas', '0004_create_services'),
('authentic2_idp_cas', '0005_alter_field_service_ptr'),
('authentic2_idp_cas', '0006_copy_proxy_m2m'),
('authentic2_idp_cas', '0007_alter_service'),
('authentic2_idp_cas', '0008_alter_foreign_keys'),
('authentic2_idp_cas', '0009_alter_related_models'),
('authentic2_idp_cas', '0010_copy_service_ptr_id_to_old_id'),
('authentic2_idp_cas', '0011_remove_old_id_restore_proxy'),
('authentic2_idp_cas', '0012_copy_service_proxy_to_m2m'),
('authentic2_idp_cas', '0013_delete_model_service_proxy2'),
('authentic2_idp_cas', '0014_auto_20151204_1606'),
('authentic2_idp_cas', '0015_auto_20170406_1825'),
]
initial = True
dependencies = [
('authentic2_idp_cas', '0016_replace'),
('custom_user', '0037_replace'),
]
operations = [
migrations.AddField(
model_name='ticket',
name='user',
field=models.ForeignKey(
blank=True,
max_length=128,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='custom_user.user',
verbose_name='user',
),
),
migrations.AddField(
model_name='service',
name='proxy',
field=models.ManyToManyField(
blank=True,
help_text='services who can request proxy tickets for this service',
related_name='_authentic2_idp_cas_service_proxy_+',
to='authentic2_idp_cas.Service',
verbose_name='proxy',
),
),
migrations.AddField(
model_name='attribute',
name='service',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2_idp_cas.service',
verbose_name='service',
),
),
migrations.AlterUniqueTogether(
name='attribute',
unique_together={('service', 'slug', 'attribute_name')},
),
]

299
src/authentic2_idp_oidc/migrations/0022_replace.py Normal file
View File

@ -0,0 +1,299 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.core.validators
import django.db.models.deletion
from django.db import migrations, models
import authentic2_idp_oidc.models
class Migration(migrations.Migration):
replaces = [
('authentic2_idp_oidc', '0001_initial'),
('authentic2_idp_oidc', '0002_auto_20170121_2346'),
('authentic2_idp_oidc', '0003_auto_20170329_1259'),
('authentic2_idp_oidc', '0004_auto_20170324_1426'),
('authentic2_idp_oidc', '0005_authorization_mode'),
('authentic2_idp_oidc', '0006_auto_20170720_1054'),
('authentic2_idp_oidc', '0007_oidcclient_has_api_access'),
('authentic2_idp_oidc', '0008_oidcclient_idtoken_duration'),
('authentic2_idp_oidc', '0009_auto_20180313_1156'),
('authentic2_idp_oidc', '0010_oidcclaim'),
('authentic2_idp_oidc', '0011_auto_20180808_1546'),
('authentic2_idp_oidc', '0012_auto_20200122_2258'),
('authentic2_idp_oidc', '0013_auto_20200630_1007'),
('authentic2_idp_oidc', '0014_auto_20201126_1812'),
('authentic2_idp_oidc', '0015_auto_20220304_0738'),
('authentic2_idp_oidc', '0016_remove_oidcclient_perform_sub_profile_substitution'),
('authentic2_idp_oidc', '0017_oidcaccesstoken_profile'),
('authentic2_idp_oidc', '0018_alter_oidcaccesstoken_uuid'),
('authentic2_idp_oidc', '0019_always_save_authorization'),
('authentic2_idp_oidc', '0020_add_pkce_fields'),
('authentic2_idp_oidc', '0021_oidcclient_pkce_code_challenge'),
]
initial = True
dependencies = [
('authentic2', '0051_replace'),
]
operations = [
migrations.CreateModel(
name='OIDCAccessToken',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'uuid',
models.CharField(
db_index=True,
default=authentic2_idp_oidc.models.generate_uuid,
max_length=128,
verbose_name='uuid',
),
),
('scopes', models.TextField(verbose_name='scopes')),
('session_key', models.CharField(blank=True, max_length=128, verbose_name='session key')),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('expired', models.DateTimeField(null=True, verbose_name='expire')),
],
bases=(authentic2_idp_oidc.models.SessionMixin, models.Model),
),
migrations.CreateModel(
name='OIDCAuthorization',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('client_id', models.PositiveIntegerField(verbose_name='client id')),
('scopes', models.TextField(verbose_name='scopes')),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('expired', models.DateTimeField(verbose_name='expire')),
],
),
migrations.CreateModel(
name='OIDCClaim',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
('name', models.CharField(blank=True, max_length=128, verbose_name='attribute name')),
('value', models.CharField(blank=True, max_length=128, verbose_name='value of attribute')),
('scopes', models.CharField(blank=True, max_length=128, verbose_name='attribute scopes')),
],
),
migrations.CreateModel(
name='OIDCClient',
fields=[
(
'service_ptr',
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to='authentic2.service',
),
),
(
'client_id',
models.CharField(
default=authentic2_idp_oidc.models.generate_uuid,
max_length=255,
unique=True,
verbose_name='client id',
),
),
(
'client_secret',
models.CharField(
default=authentic2_idp_oidc.models.generate_uuid,
max_length=255,
verbose_name='client secret',
),
),
(
'idtoken_duration',
models.DurationField(
blank=True,
default=None,
null=True,
verbose_name='time during which the token is valid',
),
),
(
'access_token_duration',
models.DurationField(
blank=True,
default=None,
null=True,
verbose_name='time during which the access token is valid',
),
),
(
'authorization_mode',
models.PositiveIntegerField(
choices=[(1, 'authorization by service'), (2, 'authorization by ou'), (3, 'none')],
default=1,
verbose_name='authorization mode',
),
),
(
'authorization_flow',
models.PositiveIntegerField(
choices=[
(1, 'authorization code'),
(2, 'implicit/native'),
(3, 'resource owner password credentials'),
],
default=1,
verbose_name='authorization flow',
),
),
(
'always_save_authorization',
models.BooleanField(
default=False,
help_text='do not display the “do not ask again” choice',
verbose_name='always save authorization',
),
),
(
'authorization_default_duration',
models.PositiveIntegerField(
default=0,
help_text='0 for default value (one year)',
verbose_name='duration of saved authorization (in days)',
),
),
(
'redirect_uris',
models.TextField(
validators=[authentic2_idp_oidc.models.validate_https_url],
verbose_name='redirect URIs',
),
),
(
'post_logout_redirect_uris',
models.TextField(
blank=True,
default='',
validators=[authentic2_idp_oidc.models.validate_https_url],
verbose_name='post logout redirect URIs',
),
),
('sector_identifier_uri', models.URLField(blank=True, verbose_name='sector identifier URI')),
(
'identifier_policy',
models.PositiveIntegerField(
choices=[
(1, 'uuid'),
(2, 'pairwise unreversible'),
(4, 'pairwise reversible'),
(3, 'email'),
],
default=2,
verbose_name='identifier policy',
),
),
(
'scope',
models.TextField(
blank=True,
default='',
help_text='Permitted or default scopes (for credentials grant)',
verbose_name='resource owner credentials grant scope',
),
),
(
'idtoken_algo',
models.PositiveIntegerField(
choices=[(2, 'HMAC'), (1, 'RSA'), (3, 'EC')],
default=2,
verbose_name='IDToken signature algorithm',
),
),
('has_api_access', models.BooleanField(default=False, verbose_name='has API access')),
(
'activate_user_profiles',
models.BooleanField(
blank=True,
default=False,
verbose_name="activate users' juridical entity profiles management",
),
),
(
'frontchannel_logout_uri',
models.URLField(blank=True, verbose_name='frontchannel logout URI'),
),
(
'frontchannel_timeout',
models.PositiveIntegerField(blank=True, null=True, verbose_name='frontchannel timeout'),
),
(
'pkce_code_challenge',
models.BooleanField(
default=False,
help_text='If PKCE is mandatory, the only method accepted will be S256.',
verbose_name='Client MUST provide a PKCE code_challenge',
),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
],
bases=('authentic2.service',),
),
migrations.CreateModel(
name='OIDCCode',
fields=[
(
'id',
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
(
'uuid',
models.CharField(
default=authentic2_idp_oidc.models.generate_uuid, max_length=128, verbose_name='uuid'
),
),
('scopes', models.TextField(verbose_name='scopes')),
('state', models.TextField(null=True, verbose_name='state')),
('nonce', models.TextField(null=True, verbose_name='nonce')),
(
'redirect_uri',
models.TextField(
validators=[django.core.validators.URLValidator()], verbose_name='redirect URI'
),
),
('session_key', models.CharField(max_length=128, verbose_name='session key')),
('auth_time', models.DateTimeField(verbose_name='auth time')),
('code_challenge', models.TextField(null=True, verbose_name='Code challenge')),
(
'code_challenge_method',
models.IntegerField(
choices=[(1, 'plain'), (2, 'S256')],
default=1,
null=True,
verbose_name='Code challenge method',
),
),
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
('expired', models.DateTimeField(verbose_name='expire')),
(
'client',
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2_idp_oidc.oidcclient',
verbose_name='client',
),
),
],
bases=(authentic2_idp_oidc.models.SessionMixin, models.Model),
),
]

119
src/authentic2_idp_oidc/migrations/0023_replace.py Normal file
View File

@ -0,0 +1,119 @@
# Generated by Django 3.2.23 on 2023-12-14 21:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
replaces = [
('authentic2_idp_oidc', '0001_initial'),
('authentic2_idp_oidc', '0002_auto_20170121_2346'),
('authentic2_idp_oidc', '0003_auto_20170329_1259'),
('authentic2_idp_oidc', '0004_auto_20170324_1426'),
('authentic2_idp_oidc', '0005_authorization_mode'),
('authentic2_idp_oidc', '0006_auto_20170720_1054'),
('authentic2_idp_oidc', '0007_oidcclient_has_api_access'),
('authentic2_idp_oidc', '0008_oidcclient_idtoken_duration'),
('authentic2_idp_oidc', '0009_auto_20180313_1156'),
('authentic2_idp_oidc', '0010_oidcclaim'),
('authentic2_idp_oidc', '0011_auto_20180808_1546'),
('authentic2_idp_oidc', '0012_auto_20200122_2258'),
('authentic2_idp_oidc', '0013_auto_20200630_1007'),
('authentic2_idp_oidc', '0014_auto_20201126_1812'),
('authentic2_idp_oidc', '0015_auto_20220304_0738'),
('authentic2_idp_oidc', '0016_remove_oidcclient_perform_sub_profile_substitution'),
('authentic2_idp_oidc', '0017_oidcaccesstoken_profile'),
('authentic2_idp_oidc', '0018_alter_oidcaccesstoken_uuid'),
('authentic2_idp_oidc', '0019_always_save_authorization'),
('authentic2_idp_oidc', '0020_add_pkce_fields'),
('authentic2_idp_oidc', '0021_oidcclient_pkce_code_challenge'),
]
initial = True
dependencies = [
('authentic2_idp_oidc', '0022_replace'),
('custom_user', '0037_replace'),
('contenttypes', '0002_remove_content_type_name'),
]
operations = [
migrations.AddField(
model_name='oidccode',
name='profile',
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='custom_user.profile',
verbose_name='user selected profile',
),
),
migrations.AddField(
model_name='oidccode',
name='user',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.user', verbose_name='user'
),
),
migrations.AddField(
model_name='oidcclaim',
name='client',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2_idp_oidc.oidcclient',
verbose_name='client',
),
),
migrations.AddField(
model_name='oidcauthorization',
name='client_ct',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='contenttypes.contenttype',
verbose_name='client ct',
),
),
migrations.AddField(
model_name='oidcauthorization',
name='profile',
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='custom_user.profile',
verbose_name='profile',
),
),
migrations.AddField(
model_name='oidcauthorization',
name='user',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.user', verbose_name='user'
),
),
migrations.AddField(
model_name='oidcaccesstoken',
name='client',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to='authentic2_idp_oidc.oidcclient',
verbose_name='client',
),
),
migrations.AddField(
model_name='oidcaccesstoken',
name='profile',
field=models.ForeignKey(
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='custom_user.profile',
verbose_name='profile',
),
),
migrations.AddField(
model_name='oidcaccesstoken',
name='user',
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to='custom_user.user', verbose_name='user'
),
),
]