entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity
6,548 Commits 188 Branches 447 Tags 29 MiB
Commit Graph

6548 Commits

Author SHA1 Message Date
Valentin Deniaud cb9df4fbb2 a2_rbac: migrate existing operations to new model (#69902) 2022-10-19 14:53:34 +02:00
Valentin Deniaud 3dab8ff21a a2_rbac: move signal handlers from django_rbac (#69902) 2022-10-19 14:53:34 +02:00
Benjamin Dauvergne 079853b04b translation update 2022-10-19 13:09:02 +02:00
Benjamin Dauvergne 008acea8b8 tests: add auth_saml logout test (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 3fb3193755 auth_saml: after logout response return to the logout view (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 3af47026a1 auth_saml: use token url for logout (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 307a061a80 misc: use hooks to accumulate redirect logout urls (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 7005127a5b views: refactor the logout view (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne adc13b92e2 misc: split auth_saml tests (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 342b855d7f misc: move auth_saml test in directory (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne 8f3ca8e41d misc: move hooks module in utils package (#69720) 2022-10-19 13:05:24 +02:00
Benjamin Dauvergne e520e186a3 tests: target the password form in login() (#69720) 
When testing multiple authentication backends, the current code for
login() cannot find the login/password form.
 2022-10-19 13:05:24 +02:00
Valentin Deniaud ebe0380d25 auth_oidc: allow multiple oidc providers with empty issuers (#68656) 2022-10-19 11:58:14 +02:00
Benjamin Dauvergne 282f5f2a79 misc: remove deprecated providing_args argument of Signal (#69992) 2022-10-19 11:03:29 +02:00
Benjamin Dauvergne 20ded95630 misc: remove dead code for avoid_consent signal (#69992) 2022-10-19 11:03:29 +02:00
Benjamin Dauvergne ce964830ef misc: remove dead code for authorize_service signal (#69992) 2022-10-19 11:03:29 +02:00
Benjamin Dauvergne 351c2b50c2 idp_oidc: authorize claim settings with the authentic2.admin_service permission (#70412) 
Permission is checked on the OIDCClient model.
 2022-10-19 10:22:02 +02:00
Benjamin Dauvergne d3c35e43ea tests: use admin user for idp_oidc manager's tests (#70412) 2022-10-19 10:21:59 +02:00
Benjamin Dauvergne 3035fed85e tests: move idp_oidc manager tests in idp_oidc directory (#70412) 2022-10-19 10:21:43 +02:00
Benjamin Dauvergne 8b9b1a6086 manager: augment PermissionMixin to check permission on a parent of the target object (#70412) 
Configuration objects can have child objects on which authorization should
be computed from the permission of the parent object, ex.: claim mapping
of an oidc provider.
 2022-10-19 10:21:34 +02:00
Benjamin Dauvergne cecec5b79d misc: replace use of HttpRequest.is_ajax() (#70432) 
is_ajax() is deprecated since Django 3.1 and will be removed in Django
4.0.
 2022-10-19 10:04:53 +02:00
Paul Marillonnet b34c2e3cac manager: restore button appearance of sidebar entries (#70427) 2022-10-18 15:36:05 +02:00
Benjamin Dauvergne 5b6216f18f misc: make getlasso3.sh non verbose 2022-10-18 15:13:13 +02:00
Frédéric Péters f0ef849890 translation update 2022-10-18 14:33:51 +02:00
Frédéric Péters c3f94e8823 translation fix (duplicated strings) 2022-10-18 14:29:36 +02:00
Frédéric Péters 2813a2238c translation update 2022-10-18 14:15:00 +02:00
Benjamin Dauvergne 772a3f6f6d rbac: handle inheritance between model in get_all_permissions (#70152) 
For global and ou scoped permissions, equivalent permissions on the child
classes are added, i.e. if you have authentic2.admin_service
permission then you also have authentic2_idp_oidc.admin_oidcclient
permission (globally or scoped by an organizational unit).

For instance scoped permissions, equivalent permissions on the parent
classes are added, i.e. if you have permission
authentic2_idp_oidc.admin_oidcclient on OIDCClient(pk=1), you also have
authentic2.admin_service on the same object.
 2022-10-18 11:45:56 +02:00
Benjamin Dauvergne 626ab8aab7 a2_rbac: add helper method to build permissions (#70152) 2022-10-18 11:45:56 +02:00
Valentin Deniaud 475ef76fd7 authenticators: require name on creation (#68802) 2022-10-18 10:47:51 +02:00
Valentin Deniaud a17806d181 authenticators: display slug if there is no name (#68802) 2022-10-18 10:47:51 +02:00
Paul Marillonnet ca57ab02e8 auth_fc: let explanation text appear within login block (#70386) 2022-10-18 09:54:42 +02:00
Valentin Deniaud eea033aaf7 authenticators: add import/export (#65360) 2022-10-17 17:09:40 +02:00
Benjamin Dauvergne c63b3ef3f4 manager: use same name for permissions in homepage and permission mixin (#70041) 2022-10-17 16:53:16 +02:00
Benjamin Dauvergne 4f489234ab manager: share code to display main and sidebar entries on homepage (#70041) 2022-10-17 16:53:16 +02:00
Benjamin Dauvergne 64e67aaea6 misc: rename authentic2-ctl to manage.py (#70162) 2022-10-17 16:51:20 +02:00
Benjamin Dauvergne bca86355cb models: add an index on DeletedUser.old_email (#69591) 2022-10-17 16:22:38 +02:00
Benjamin Dauvergne 1a127bc26d models: add an index on DeletedUser.old_uuid (#69591) 2022-10-17 16:22:38 +02:00
Benjamin Dauvergne d2e3943e5b manager: search journal by uuid of deleted accounts (#69591) 
Search by a queryset of DeletedUser is extracted
from search_by_email() to be shared with search_by_uuid().
 2022-10-17 16:22:38 +02:00
Benjamin Dauvergne f4979a4f5e manager: add a permission denied view (#70042) 2022-10-17 16:21:35 +02:00
Benjamin Dauvergne 4984ef33ef idp_oidc: adapt error message for expired codes (#67277) 2022-10-17 14:31:03 +02:00
Valentin Deniaud ed42495611 custom_user: move permission mixin code from django_rbac (#70135) 2022-10-17 10:26:17 +02:00
Valentin Deniaud df45b0bd4b custom_user: remove old import compatibility code (#70135) 2022-10-17 10:26:05 +02:00
Paul Marillonnet 6711b1fb6a idp_oidc: include set of user's profile types in consent page (#70175) 2022-10-17 10:03:50 +02:00
Frédéric Péters bb88e23601 manager: do not combine section and tabs style in authentication forms (#70203) 2022-10-14 16:12:41 +02:00
Benjamin Dauvergne 01f852c770 idp_oidc: use invalid_grant error in token endpoint (#66544) 2022-10-14 11:54:10 +02:00
Benjamin Dauvergne d5df01e1c0 manager: restrict apiclient views to the superuser (#70047) 2022-10-14 11:47:55 +02:00
Benjamin Dauvergne 7440787ee7 manager: if permissions are global, do not check on model instance (#70047) 2022-10-14 11:47:55 +02:00
Benjamin Dauvergne f0c10e1367 manager: move apiclient views in a module (#70047) 2022-10-14 11:47:55 +02:00
Serghei Mihai cbb0c37eae authentic: display only service home link only if defined (#64649) 2022-10-14 10:42:37 +02:00
Benjamin Dauvergne 8025072491 tox.ini: remove mandatory --sw pytest option (#70155) 2022-10-12 14:01:08 +02:00