Valentin Deniaud
cb9df4fbb2
a2_rbac: migrate existing operations to new model ( #69902 )
2022-10-19 14:53:34 +02:00
Valentin Deniaud
3dab8ff21a
a2_rbac: move signal handlers from django_rbac ( #69902 )
2022-10-19 14:53:34 +02:00
Benjamin Dauvergne
079853b04b
translation update
2022-10-19 13:09:02 +02:00
Benjamin Dauvergne
008acea8b8
tests: add auth_saml logout test ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
3fb3193755
auth_saml: after logout response return to the logout view ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
3af47026a1
auth_saml: use token url for logout ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
307a061a80
misc: use hooks to accumulate redirect logout urls ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
7005127a5b
views: refactor the logout view ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
adc13b92e2
misc: split auth_saml tests ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
342b855d7f
misc: move auth_saml test in directory ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
8f3ca8e41d
misc: move hooks module in utils package ( #69720 )
2022-10-19 13:05:24 +02:00
Benjamin Dauvergne
e520e186a3
tests: target the password form in login() ( #69720 )
...
When testing multiple authentication backends, the current code for
login() cannot find the login/password form.
2022-10-19 13:05:24 +02:00
Valentin Deniaud
ebe0380d25
auth_oidc: allow multiple oidc providers with empty issuers ( #68656 )
2022-10-19 11:58:14 +02:00
Benjamin Dauvergne
282f5f2a79
misc: remove deprecated providing_args argument of Signal ( #69992 )
2022-10-19 11:03:29 +02:00
Benjamin Dauvergne
20ded95630
misc: remove dead code for avoid_consent signal ( #69992 )
2022-10-19 11:03:29 +02:00
Benjamin Dauvergne
ce964830ef
misc: remove dead code for authorize_service signal ( #69992 )
2022-10-19 11:03:29 +02:00
Benjamin Dauvergne
351c2b50c2
idp_oidc: authorize claim settings with the authentic2.admin_service permission ( #70412 )
...
Permission is checked on the OIDCClient model.
2022-10-19 10:22:02 +02:00
Benjamin Dauvergne
d3c35e43ea
tests: use admin user for idp_oidc manager's tests ( #70412 )
2022-10-19 10:21:59 +02:00
Benjamin Dauvergne
3035fed85e
tests: move idp_oidc manager tests in idp_oidc directory ( #70412 )
2022-10-19 10:21:43 +02:00
Benjamin Dauvergne
8b9b1a6086
manager: augment PermissionMixin to check permission on a parent of the target object ( #70412 )
...
Configuration objects can have child objects on which authorization should
be computed from the permission of the parent object, ex.: claim mapping
of an oidc provider.
2022-10-19 10:21:34 +02:00
Benjamin Dauvergne
cecec5b79d
misc: replace use of HttpRequest.is_ajax() ( #70432 )
...
is_ajax() is deprecated since Django 3.1 and will be removed in Django
4.0.
2022-10-19 10:04:53 +02:00
Paul Marillonnet
b34c2e3cac
manager: restore button appearance of sidebar entries ( #70427 )
2022-10-18 15:36:05 +02:00
Benjamin Dauvergne
5b6216f18f
misc: make getlasso3.sh non verbose
2022-10-18 15:13:13 +02:00
Frédéric Péters
f0ef849890
translation update
2022-10-18 14:33:51 +02:00
Frédéric Péters
c3f94e8823
translation fix (duplicated strings)
2022-10-18 14:29:36 +02:00
Frédéric Péters
2813a2238c
translation update
2022-10-18 14:15:00 +02:00
Benjamin Dauvergne
772a3f6f6d
rbac: handle inheritance between model in get_all_permissions ( #70152 )
...
For global and ou scoped permissions, equivalent permissions on the child
classes are added, i.e. if you have authentic2.admin_service
permission then you also have authentic2_idp_oidc.admin_oidcclient
permission (globally or scoped by an organizational unit).
For instance scoped permissions, equivalent permissions on the parent
classes are added, i.e. if you have permission
authentic2_idp_oidc.admin_oidcclient on OIDCClient(pk=1), you also have
authentic2.admin_service on the same object.
2022-10-18 11:45:56 +02:00
Benjamin Dauvergne
626ab8aab7
a2_rbac: add helper method to build permissions ( #70152 )
2022-10-18 11:45:56 +02:00
Valentin Deniaud
475ef76fd7
authenticators: require name on creation ( #68802 )
2022-10-18 10:47:51 +02:00
Valentin Deniaud
a17806d181
authenticators: display slug if there is no name ( #68802 )
2022-10-18 10:47:51 +02:00
Paul Marillonnet
ca57ab02e8
auth_fc: let explanation text appear within login block ( #70386 )
2022-10-18 09:54:42 +02:00
Valentin Deniaud
eea033aaf7
authenticators: add import/export ( #65360 )
2022-10-17 17:09:40 +02:00
Benjamin Dauvergne
c63b3ef3f4
manager: use same name for permissions in homepage and permission mixin ( #70041 )
2022-10-17 16:53:16 +02:00
Benjamin Dauvergne
4f489234ab
manager: share code to display main and sidebar entries on homepage ( #70041 )
2022-10-17 16:53:16 +02:00
Benjamin Dauvergne
64e67aaea6
misc: rename authentic2-ctl to manage.py ( #70162 )
2022-10-17 16:51:20 +02:00
Benjamin Dauvergne
bca86355cb
models: add an index on DeletedUser.old_email ( #69591 )
2022-10-17 16:22:38 +02:00
Benjamin Dauvergne
1a127bc26d
models: add an index on DeletedUser.old_uuid ( #69591 )
2022-10-17 16:22:38 +02:00
Benjamin Dauvergne
d2e3943e5b
manager: search journal by uuid of deleted accounts ( #69591 )
...
Search by a queryset of DeletedUser is extracted
from search_by_email() to be shared with search_by_uuid().
2022-10-17 16:22:38 +02:00
Benjamin Dauvergne
f4979a4f5e
manager: add a permission denied view ( #70042 )
2022-10-17 16:21:35 +02:00
Benjamin Dauvergne
4984ef33ef
idp_oidc: adapt error message for expired codes ( #67277 )
2022-10-17 14:31:03 +02:00
Valentin Deniaud
ed42495611
custom_user: move permission mixin code from django_rbac ( #70135 )
2022-10-17 10:26:17 +02:00
Valentin Deniaud
df45b0bd4b
custom_user: remove old import compatibility code ( #70135 )
2022-10-17 10:26:05 +02:00
Paul Marillonnet
6711b1fb6a
idp_oidc: include set of user's profile types in consent page ( #70175 )
2022-10-17 10:03:50 +02:00
Frédéric Péters
bb88e23601
manager: do not combine section and tabs style in authentication forms ( #70203 )
2022-10-14 16:12:41 +02:00
Benjamin Dauvergne
01f852c770
idp_oidc: use invalid_grant error in token endpoint ( #66544 )
2022-10-14 11:54:10 +02:00
Benjamin Dauvergne
d5df01e1c0
manager: restrict apiclient views to the superuser ( #70047 )
2022-10-14 11:47:55 +02:00
Benjamin Dauvergne
7440787ee7
manager: if permissions are global, do not check on model instance ( #70047 )
2022-10-14 11:47:55 +02:00
Benjamin Dauvergne
f0c10e1367
manager: move apiclient views in a module ( #70047 )
2022-10-14 11:47:55 +02:00
Serghei Mihai
cbb0c37eae
authentic: display only service home link only if defined ( #64649 )
2022-10-14 10:42:37 +02:00
Benjamin Dauvergne
8025072491
tox.ini: remove mandatory --sw pytest option ( #70155 )
2022-10-12 14:01:08 +02:00