Unlinking is now prevented if the user has no usable password and can't
change it because A2_REGISTRATION_CAN_CHANGE_PASSWORD is False.
For now it is thus assumed that the password is the unique other mean of
authentication and unlinking would make the account unreachable.
Also use A2_REGISTRATION_SET_PASSWORD_FORM_CLASS setting instead of
importing the form.
The registration frontend is used when the user is not logged locally
not with FC. The login template provide a link to the FC login view and
then to the plugin registration view.
If the user is already logged with FC, the login template provide a link
to the plugin registration view.
The view is called to create an account using the data provided by FC
at account creation.
The data provided is put in a protected token and sent to the next url.
If FC provides an email, the view redirects to the activation view.
If an email is not provided, the view redirects to the email registration
view.
The confirm_data parameter of the activation view is a plugin setting.
Account creation with FC means no password.
After a successful sso and no user is authenticated the user is redirected
on the login page. On the login page, the user may be asked to login with a
password or to create a new account. The plugin login button is hidden to avoid
an unecessary loop.
The patch add an option to display an other button that the login button.
This button reference the registration page and is filled with data from
the sso. If skip resgitration with prefilling data options are set on authentic
the button leads to a direct account creation.
Data is requested using the login or link endpoint view giving
space delimited scopes in the `fd_scopes` get parameter.
Data is stored in a dictionnary of scopes in the session.
Build FD request url using urlencode.
Use urlencode from django rather than from urllib.
Use the official images for the log in button and the linking
button in profile.
Add about page link on frontends.
Add title for the profile frontend.
Add translation statements.
Use new setting to enable logout at unlinking. Some cases need it,
like FranceConnect, but others may not. Disabled by default, enable
with : A2_FC_LOGOUT_WHEN_UNLINK = True.
Use new setting for the return url after logout at unlinking. It is
for now 'account_management' but it could be modified. By default it
is the same as the return url at normal logout. Then it should be set
with A2_FC_LOGOUT_AT_UNLINK_RETURN_URL = 'account_management'.
Use logout url building function in utils.
As specified in the RFC4769 'The client makes a request to the token
endpoint by sending the following parameters using the
"application/x-www-form-urlencoded"'.
A separate Plugin method is now used to return logout profiles
by redirection.
The logout by iframe is removed because it is not officially supported.
Some useless app settings have been remove.
The next field name can now be set in app settings.
Frédéric Péters
Mikaël Ates