- remove obviously dead code (reported by flake8)
- fix PEP8 violations
- rename variable using stdlib builtin names
- use get_version() from combo's setup.py
- simplify and reorganize login templates,
- URL are not built inside templates anymore,
- we have now 3 different templates:
- login.html for the login page
- registration.html for the registration page
- linking.html for the account page
- using feature from #25623, authentication_method is kept by the
registration view.
- the service slug is correctly threaded between every views.
- explanations about FranceConnect are now done in a common template
"explanation.html".
- restore popup mode, use it through setting A2_FC_POPUP=True, it works
for:
- login and login with registration (workflow for login with
registration is a bit complicated),
- registration,
- and linking (linking your existing to FC through the "My account"
page)
unlinking is not handled with a popup.
context_instance is not passed anymore by authentic2, and giving
context_instance=None to render() prevent the request object to be feed
in the context of the template, breaking some templates.
It returns True if an user is linked to an FC account, it allows any
FC user to login to its account as long as it still has control of the
FC email even if he has lost its FC credentials.
- verify new users have a password set
- verify old users keep their password on linking and are not
asked for a new password if they used their password for logging in.
The following field is added to user's attributes if FC plugin is
enabled and the "full" parameter is given to the user's API:
"franceconnect": {
"linked": true,
"link_url": "https://idp/accounts/fc/callback/",
"unlink_url": "https://idp/accounts/fc/unlink/"
}
Retry is applied to access token request and user info requests (through
OAuth2Session). There is a small exponential backoff of 0.5 and 1s.
Also decrease log level of message for failure of retrieval of the
access token or the user info to the level WARNING, that's never been a
problem for the user, as he was correctly redirected to its origin
(usually and IdP endpoint).