entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity
2,244 Commits 188 Branches 447 Tags 29 MiB
Commit Graph

2244 Commits

Author SHA1 Message Date
Benjamin Dauvergne f257370779 Use new CSRF cookie validation on login view (refs #5617) 2015-03-10 12:47:35 +01:00
Benjamin Dauvergne 8fd5446dc0 Update french translation (fixes #5617) 2015-03-10 12:47:20 +01:00
Benjamin Dauvergne 0baa91cf25 Use new mixin on registration view to show a form error on CSRF token validation error instead of a redirect (refs #5617) 2015-03-10 12:47:15 +01:00
Benjamin Dauvergne 31c743d879 Allow validation of CSRF cookie to be done in view using a CBV mixin or an helper function (refs #5617) 
Use the CBV for a do-nothing use or on a function based view you must
apply the decorators @csrf_exempt and @ensure_csrf_cookie on your view
(in this order) and use utils.csrf_token_check(request, form) to check
for the cookie before validating your form.
 2015-03-10 12:47:15 +01:00
Benjamin Dauvergne 25ef99ffae Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF failure, instead redirect them to the same page and display a warning (refs #5617) 2015-03-10 12:47:15 +01:00
Serghei Mihai 28a158144a registration tests updated to new settings (#6661) 2015-03-10 11:07:10 +01:00
Serghei Mihai 7de4f82778 email authentication enabled by default 
Closes #6658
 2015-03-10 09:26:16 +01:00
Serghei Mihai 4b746622f8 locale: french translation for registration backend 2015-03-09 18:20:44 +01:00
Serghei Mihai 8a97dddf1e typo fix on login choices page (#6634) 2015-03-09 18:16:46 +01:00
Serghei Mihai a025418232 first and last names mandatory on registration (#6653) 2015-03-09 17:08:34 +01:00
Serghei Mihai 433737b162 user fullname prefixed by account number on login choices page (#6634) 
Accounts ordered by join date in order to have coherent indexes
 2015-03-09 15:36:36 +01:00
Serghei Mihai 1051624fd7 auth model backend path fix (#6635) 2015-03-09 15:36:36 +01:00
Serghei Mihai e9d6739020 limit username to 30 chars (#6636) 2015-03-09 15:36:36 +01:00
Benjamin Dauvergne a838d08d1d Only remove the opened session cookie when the feature is activated (#6265) 2015-03-09 11:48:43 +01:00
Benjamin Dauvergne ab50dcee8b Use a valid python identifier for lable of SAML 2.0 IdP AppConfig (#6518) 2015-03-06 16:01:20 +01:00
Benjamin Dauvergne 6b48ab8744 Fix OpenID 2.0 IdP migrations since the application was renamed 2015-03-02 14:59:51 +01:00
Benjamin Dauvergne 5f018c79ce Fix use of the logout view by SAML 2.0 IdP 2015-03-02 13:56:53 +01:00
Benjamin Dauvergne 976ab8e2e4 Remove Ticket.identifier from the admin, the field has been removed 2015-03-02 12:28:11 +01:00
Benjamin Dauvergne 9b958d3133 Add a CAS IdP module 
fixes #6396
 2015-03-01 23:11:16 +01:00
Benjamin Dauvergne b8716b93c9 Makes make_url() accepts a fragment in the base url 2015-03-01 22:28:44 +01:00
Benjamin Dauvergne e927faf05b Makes registration tests pass without network 2015-03-01 22:28:44 +01:00
Benjamin Dauvergne 69df3702fc Add helper methods to normalize attributes values 
- normalize_attribute_values() take a list of value, stringify them and
  remove duplicate values.
- attribute_values_to_identifier() verifies that value list is valid for
  building and identifier.
 2015-03-01 22:28:43 +01:00
Benjamin Dauvergne a73adab5ad Move to_list() and to_iter() in utils.py 2015-03-01 22:28:43 +01:00
Benjamin Dauvergne ab3dd57e14 Add a helper method to retrieve the user from a session given the session key 2015-03-01 22:28:43 +01:00
bdauvergne 8dd988ac11 Make compile_translations target of setup.py compatible with Django 1.7 2015-03-01 22:28:43 +01:00
bdauvergne 4d15508a9a Add helper method check_session_key() to verify that session is still valid 2015-03-01 22:28:43 +01:00
Benjamin Dauvergne e0db633001 Refactor SAML 2.0 SP initiated slo to use the refactored logout view 2015-03-01 22:28:43 +01:00
Benjamin Dauvergne 15d87d5a0b Rename idp/logout.html template to authentic2/logout.html 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne ef59354e04 Refactor the logout view 
Now a request for logout coming from an unknown site, i.e. not the same
origin will show a form for confirmation by user.

IdP module must re-use the view and not redirect to it if they want to
skip the confirmation when requests are checked.
 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne 581f34dd23 Add check_referer() helper method to check that referer match the current domain 
This function must be used when a GET can accomplish some action, for
example a logout view.
 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne 0bee142df0 Create a ModelAdmin mixin for adding a default cleanup action to any model admin 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne 9f796c076c Add test method to check XML contents for some properties 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne 09e8a66f10 Create a base class for tests providing 2 new helper methods 
new methods are:
- assertEqualsURL
- assertRedirectsComplex
 2015-03-01 22:28:42 +01:00
Benjamin Dauvergne e2d3f048cb With Django >= 1.7 activate ATOMIC_REQUESTS on the default db 2015-03-01 22:28:41 +01:00
Benjamin Dauvergne cfac918e0d Add new helper method redirect_to_logout 2015-03-01 22:28:41 +01:00
Benjamin Dauvergne 15d4dde36f Adapt SAML 2.0 IdP to new authentication events recording 2015-03-01 22:28:41 +01:00
Benjamin Dauvergne 45da549220 Refactor testing for fresh authentication by storing the nonce in the session 2015-03-01 22:28:41 +01:00
Serghei Mihai 3d81025500 password change view restored 2015-02-18 14:31:50 +01:00
Frédéric Péters 783977b678 misc: add a settings option to disable https ssl checks (#6539) 2015-02-17 12:03:17 +01:00
Frédéric Péters f8543c96cd misc: raise an urllib2.HTTPError if get_url returns a non 200 response (#6539) 2015-02-17 12:03:14 +01:00
Frédéric Péters c0c0706e86 style: add non-prefixed css properties (#6510) 2015-02-17 10:44:36 +01:00
Benjamin Dauvergne d6156bcf87 At least install tox and pylnt 2015-02-16 01:34:41 +01:00
Benjamin Dauvergne 358a8e7a7e Just use tox 2015-02-16 01:24:11 +01:00
Benjamin Dauvergne 4d6237404b jenkins.sh: just install authentic2 using pip 2015-02-16 01:22:39 +01:00
Benjamin Dauvergne c687a87ab5 [django-1.7] SortedDict.insert() method was removed 2015-02-16 00:39:36 +01:00
Benjamin Dauvergne fe4f447440 Rename README.rst to README to supress a warning 2015-02-15 23:52:27 +01:00
Benjamin Dauvergne 4a3c9b668a Fix typo in setup.py 2015-02-15 23:52:27 +01:00
Benjamin Dauvergne 5ac3c8aca8 [django-1.7] Rename all migrations/ directories to south_migrations/ 2015-02-15 23:52:27 +01:00
Benjamin Dauvergne 40850ef3a8 [django-1.7] tox: adapt settings and commands 2015-02-15 23:52:26 +01:00
Benjamin Dauvergne f328f6fe8e [django-1.7] Monkey patch default Django user model for Django 1.7 2015-02-15 23:52:26 +01:00