Benjamin Dauvergne
f257370779
Use new CSRF cookie validation on login view (refs #5617 )
2015-03-10 12:47:35 +01:00
Benjamin Dauvergne
8fd5446dc0
Update french translation ( fixes #5617 )
2015-03-10 12:47:20 +01:00
Benjamin Dauvergne
0baa91cf25
Use new mixin on registration view to show a form error on CSRF token validation error instead of a redirect (refs #5617 )
2015-03-10 12:47:15 +01:00
Benjamin Dauvergne
31c743d879
Allow validation of CSRF cookie to be done in view using a CBV mixin or an helper function (refs #5617 )
...
Use the CBV for a do-nothing use or on a function based view you must
apply the decorators @csrf_exempt and @ensure_csrf_cookie on your view
(in this order) and use utils.csrf_token_check(request, form) to check
for the cookie before validating your form.
2015-03-10 12:47:15 +01:00
Benjamin Dauvergne
25ef99ffae
Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF failure, instead redirect them to the same page and display a warning (refs #5617 )
2015-03-10 12:47:15 +01:00
Serghei Mihai
28a158144a
registration tests updated to new settings ( #6661 )
2015-03-10 11:07:10 +01:00
Serghei Mihai
7de4f82778
email authentication enabled by default
...
Closes #6658
2015-03-10 09:26:16 +01:00
Serghei Mihai
4b746622f8
locale: french translation for registration backend
2015-03-09 18:20:44 +01:00
Serghei Mihai
8a97dddf1e
typo fix on login choices page ( #6634 )
2015-03-09 18:16:46 +01:00
Serghei Mihai
a025418232
first and last names mandatory on registration ( #6653 )
2015-03-09 17:08:34 +01:00
Serghei Mihai
433737b162
user fullname prefixed by account number on login choices page ( #6634 )
...
Accounts ordered by join date in order to have coherent indexes
2015-03-09 15:36:36 +01:00
Serghei Mihai
1051624fd7
auth model backend path fix ( #6635 )
2015-03-09 15:36:36 +01:00
Serghei Mihai
e9d6739020
limit username to 30 chars ( #6636 )
2015-03-09 15:36:36 +01:00
Benjamin Dauvergne
a838d08d1d
Only remove the opened session cookie when the feature is activated ( #6265 )
2015-03-09 11:48:43 +01:00
Benjamin Dauvergne
ab50dcee8b
Use a valid python identifier for lable of SAML 2.0 IdP AppConfig ( #6518 )
2015-03-06 16:01:20 +01:00
Benjamin Dauvergne
6b48ab8744
Fix OpenID 2.0 IdP migrations since the application was renamed
2015-03-02 14:59:51 +01:00
Benjamin Dauvergne
5f018c79ce
Fix use of the logout view by SAML 2.0 IdP
2015-03-02 13:56:53 +01:00
Benjamin Dauvergne
976ab8e2e4
Remove Ticket.identifier from the admin, the field has been removed
2015-03-02 12:28:11 +01:00
Benjamin Dauvergne
9b958d3133
Add a CAS IdP module
...
fixes #6396
2015-03-01 23:11:16 +01:00
Benjamin Dauvergne
b8716b93c9
Makes make_url() accepts a fragment in the base url
2015-03-01 22:28:44 +01:00
Benjamin Dauvergne
e927faf05b
Makes registration tests pass without network
2015-03-01 22:28:44 +01:00
Benjamin Dauvergne
69df3702fc
Add helper methods to normalize attributes values
...
- normalize_attribute_values() take a list of value, stringify them and
remove duplicate values.
- attribute_values_to_identifier() verifies that value list is valid for
building and identifier.
2015-03-01 22:28:43 +01:00
Benjamin Dauvergne
a73adab5ad
Move to_list() and to_iter() in utils.py
2015-03-01 22:28:43 +01:00
Benjamin Dauvergne
ab3dd57e14
Add a helper method to retrieve the user from a session given the session key
2015-03-01 22:28:43 +01:00
bdauvergne
8dd988ac11
Make compile_translations target of setup.py compatible with Django 1.7
2015-03-01 22:28:43 +01:00
bdauvergne
4d15508a9a
Add helper method check_session_key() to verify that session is still valid
2015-03-01 22:28:43 +01:00
Benjamin Dauvergne
e0db633001
Refactor SAML 2.0 SP initiated slo to use the refactored logout view
2015-03-01 22:28:43 +01:00
Benjamin Dauvergne
15d87d5a0b
Rename idp/logout.html template to authentic2/logout.html
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
ef59354e04
Refactor the logout view
...
Now a request for logout coming from an unknown site, i.e. not the same
origin will show a form for confirmation by user.
IdP module must re-use the view and not redirect to it if they want to
skip the confirmation when requests are checked.
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
581f34dd23
Add check_referer() helper method to check that referer match the current domain
...
This function must be used when a GET can accomplish some action, for
example a logout view.
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
0bee142df0
Create a ModelAdmin mixin for adding a default cleanup action to any model admin
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
9f796c076c
Add test method to check XML contents for some properties
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
09e8a66f10
Create a base class for tests providing 2 new helper methods
...
new methods are:
- assertEqualsURL
- assertRedirectsComplex
2015-03-01 22:28:42 +01:00
Benjamin Dauvergne
e2d3f048cb
With Django >= 1.7 activate ATOMIC_REQUESTS on the default db
2015-03-01 22:28:41 +01:00
Benjamin Dauvergne
cfac918e0d
Add new helper method redirect_to_logout
2015-03-01 22:28:41 +01:00
Benjamin Dauvergne
15d4dde36f
Adapt SAML 2.0 IdP to new authentication events recording
2015-03-01 22:28:41 +01:00
Benjamin Dauvergne
45da549220
Refactor testing for fresh authentication by storing the nonce in the session
2015-03-01 22:28:41 +01:00
Serghei Mihai
3d81025500
password change view restored
2015-02-18 14:31:50 +01:00
Frédéric Péters
783977b678
misc: add a settings option to disable https ssl checks ( #6539 )
2015-02-17 12:03:17 +01:00
Frédéric Péters
f8543c96cd
misc: raise an urllib2.HTTPError if get_url returns a non 200 response ( #6539 )
2015-02-17 12:03:14 +01:00
Frédéric Péters
c0c0706e86
style: add non-prefixed css properties ( #6510 )
2015-02-17 10:44:36 +01:00
Benjamin Dauvergne
d6156bcf87
At least install tox and pylnt
2015-02-16 01:34:41 +01:00
Benjamin Dauvergne
358a8e7a7e
Just use tox
2015-02-16 01:24:11 +01:00
Benjamin Dauvergne
4d6237404b
jenkins.sh: just install authentic2 using pip
2015-02-16 01:22:39 +01:00
Benjamin Dauvergne
c687a87ab5
[django-1.7] SortedDict.insert() method was removed
2015-02-16 00:39:36 +01:00
Benjamin Dauvergne
fe4f447440
Rename README.rst to README to supress a warning
2015-02-15 23:52:27 +01:00
Benjamin Dauvergne
4a3c9b668a
Fix typo in setup.py
2015-02-15 23:52:27 +01:00
Benjamin Dauvergne
5ac3c8aca8
[django-1.7] Rename all migrations/ directories to south_migrations/
2015-02-15 23:52:27 +01:00
Benjamin Dauvergne
40850ef3a8
[django-1.7] tox: adapt settings and commands
2015-02-15 23:52:26 +01:00
Benjamin Dauvergne
f328f6fe8e
[django-1.7] Monkey patch default Django user model for Django 1.7
2015-02-15 23:52:26 +01:00