entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity
3,933 Commits 187 Branches 448 Tags 29 MiB
Commit Graph

3933 Commits

Author SHA1 Message Date
Paul Marillonnet 3d2117ad1b French translation update (#20102) 2017-11-17 10:27:33 +01:00
Paul Marillonnet 5e2d4d2b84 improve password creation help message (#20102) 2017-11-17 10:25:48 +01:00
Frédéric Péters 8605f8a3cb settings: get select2 from local xstatic copy (#16814) 2017-11-17 09:25:09 +04:00
Benjamin Dauvergne 7a53f3ff43 do not apply user filters to delegated authentications (fixes #19597) 2017-11-16 23:49:18 +01:00
Benjamin Dauvergne 05a778b717 auth_ssl: clean code (#19597) 2017-11-16 16:29:13 +01:00
Benjamin Dauvergne 4aec4f62cb add settings to filter user authorized to authenticate (fixes #19597) 
Added:
- A2_USER_FILTER and A2_USER_EXCLUDE settings, contains kwargs for
  User.filter() and User.exclude(),
- two helper methods for backends: authentic2.backend.get_user_queryset() and
  authentic2.backend.is_user_authenticable(),
- all backends modified to use those.
 2017-11-16 16:29:13 +01:00
Benjamin Dauvergne 1c68e6730b idp_oidc: change french translation (#20107) 2017-11-16 16:26:23 +01:00
Benjamin Dauvergne 2df5e4644c add a service field to login and registration view (fixes #20100) 
It should contain the slug of the service from which the user was coming before
requiring login or registration. It's passed to the 'login' and 'registration'
event hooks.
 2017-11-16 16:26:23 +01:00
Benjamin Dauvergne 704432d412 tests: add fixture to test hooks (#20100) 2017-11-16 16:26:23 +01:00
Benjamin Dauvergne 71f3af72aa auth_frontends: apply exponential retry timeout only if it's more than 2 seconds (fixes #19921) 2017-11-16 16:26:23 +01:00
Frédéric Péters c489931a45 saml: fix return of soap faults (#20088) 2017-11-15 17:41:43 +04:00
Benjamin Dauvergne 94edd32e8c add global event hook (fixes #20066) 
It's called like this:

  hooks.call_hooks('event', name='event-name', **kwargs)

The hook handler must have the following open signature as you can't be sure of
the event parameters:

  def a2_hook_event(self, name, **kwargs)
    pass

The list of current event names and their kwargs:
* login: user, how
* sso-request: idp, service
* sso-success: idp, service, user

* edit-profile: user, form
* password-reset: email, users
* password-reset-confirm: user, token, form
* change-email: user, email
* change-email-confirm: user, email

* registration: user, view, form, token
* delete-account: user

* manager-add-user: user, instance, form
* manager-edit-user: user, instance, form
* manager-delete-user: user, instance, form
* manager-action: user, action, instance
* manager-change-password: user, instance, form
* manager-add-role: user, instance, form
* manager-edit-role: user, instance, form
* manager-delete-role: user, role
* manager-add-role-member: user, role, member
* manager-remove-role-member: user, role, member
* manager-add-child-role: user, parent, child
* manager-remove-child-role: user, parent, child
* manager-add-permission: user, role, permission
* manager-remove-permission: user, role, permission
* manager-add-admin-role: user, role, admin_role
* manager-remove-admin-role: user, role, admin_role
* manager-add-admin-role-user: user, role, admin
* manager-remove-admin-role-user: user, role, admin
 2017-11-14 16:09:56 +01:00
Benjamin Dauvergne a7d3752784 tests: clear has_providers.cache in auth_oidc tests 2017-11-14 11:52:55 +01:00
Frédéric Péters 305cbfe27b views: add allow_password_change setting to account view context (#19986) 2017-11-13 14:25:47 +04:00
Benjamin Dauvergne 0317112625 manager: fix ou search for administrators with visibility only on OUs (fixes #19992) 2017-11-10 17:23:24 +01:00
Benjamin Dauvergne d1f4035c6b manager: catch TypeError when checking ou field in OUSearchForm (fixes #19992) 2017-11-09 12:21:38 +01:00
Benjamin Dauvergne 49aebd97b0 auth_oidc: allow hiding a provider from the login page (bis) (fixes #19449) 
I missed the has_providers() helper.
 2017-11-08 17:41:02 +01:00
Benjamin Dauvergne 43e5a907e3 idp_oidc: handle interaction betwen A2_EMAIL_IS_UNIQUE and STRATEGY_CREATE (fixes #19974) 
It should limit the possibity of duplicate accounts BUT as the email field is
not really unique at the database level, we cannot really garantee it.

To improve on the current state we should dynamically create unique constraints
on the mail field based on OU.email_is_unique or A2_EMAIL_IS_UNIQUE parameters.
That's not in the current scope.
 2017-11-08 16:44:48 +01:00
Benjamin Dauvergne 0d54ed1d81 set content_type=text/plain on all HttpResponse returning simple text (fixes #19976) 
To prevent XSS attacks.
 2017-11-08 15:03:52 +01:00
Benjamin Dauvergne eef12bc564 manager: add all and none OU filters to the user search form (fixes #19228) 
Also show the search form on role members page (fixes #19645, #19627).
 2017-11-08 10:51:37 +01:00
Benjamin Dauvergne 40b8aa8553 manager: disable add user link (fixes #19646) 2017-11-08 10:51:37 +01:00
Benjamin Dauvergne 5f1d5adc81 manager: update french translation (#19228, #19644) 2017-11-08 10:51:37 +01:00
Benjamin Dauvergne 1d08509a46 manager: show users' count when search is mandatory (fixes #19644) 2017-11-08 10:51:37 +01:00
Frédéric Péters 4711da2b0e manager: add by uuid URL for user detail view (#19873) 2017-11-05 12:41:31 +01:00
Benjamin Dauvergne b5117f3902 idp_oidc: fix UnicodeDecodeError in OIDCClient.__repr__ 2017-10-25 09:47:04 +02:00
Benjamin Dauvergne 22d588ae17 tests: clear OU cache in test_auth_oidc (#18486) 2017-10-22 19:15:53 +02:00
Benjamin Dauvergne 4ff2d7da89 auth_oidc: set user.ou based on a claim (fixes #18486) 2017-10-22 11:15:08 +02:00
Benjamin Dauvergne eea1fe240f a2_rbac: add a global cache of organizational units (#18486) 2017-10-22 11:15:04 +02:00
Benjamin Dauvergne 9e8771cb8b remove unused module authentic2.cache (#18486) 2017-10-22 11:14:38 +02:00
Benjamin Dauvergne f3078a74d7 allow reset password for LDAP users (fixes #13384) 2017-10-20 22:56:49 +02:00
Benjamin Dauvergne 421d7d5c02 ldap: add a can_reset_password setting (#13384) 2017-10-20 22:54:31 +02:00
Benjamin Dauvergne ebe5924048 ldap: fix set_password when old_password is missing on the user object (#13384) 2017-10-20 22:54:07 +02:00
Benjamin Dauvergne b306146466 templates: set max-width instead of width in activation mail (fixes #19572) 2017-10-20 22:43:18 +02:00
Benjamin Dauvergne 1c6594711d auth_oidc: add strategy to find user by UUID (fixes #19434) 2017-10-20 16:00:44 +02:00
Benjamin Dauvergne 8e12af0978 auth_oidc: pep8ness (#19434) 2017-10-20 16:00:44 +02:00
Benjamin Dauvergne 2404b4c38c ldap_backend: add setting connect_with_user_credentials 
The default is True, if False we never try to query the LDAP server with the
user credentials apart from checking the password.
 2017-10-20 10:15:49 +02:00
Benjamin Dauvergne 397b8e6461 ldap_backend: detect failure to create a username (#19482) 2017-10-20 10:15:49 +02:00
Benjamin Dauvergne 527ff020e6 ldap_backend: fail login if attribute retrieval fails (#19482) 2017-10-20 10:15:49 +02:00
Frédéric Péters 6021136f14 oidc: fix and update translation of error message (#19507) 2017-10-19 10:08:03 +02:00
Benjamin Dauvergne 7e9d1a0523 auth_oidc: allow hiding a provider from the login page (fixes #19449) 2017-10-16 11:19:21 +02:00
Benjamin Dauvergne 1a3f55e95d decorators: fix CacheDecoratorBase.key() (#19449) 
self.kwargs handling was broken, it's just show that it was not used until now
:(
 2017-10-16 11:18:21 +02:00
Benjamin Dauvergne 4303b94cab idp_oidc: add authorization mode NONE (fixes #16855) 
- An OIDC RP configured with this mode does not need an authorization by users to
  be accessed.
- It can be overriden explicitely by the RP if prompt authorization parameter
  contains "consent".
 2017-10-13 17:18:08 +02:00
Benjamin Dauvergne 2a409c6a30 manager: remove Search caption from users listing sidebar (fixes #19259) 2017-10-13 16:54:15 +02:00
Benjamin Dauvergne fd88322a3f manager: set a /manage/ specific login url (fixes #19429) 
- a a2.utils.get_manager_login_url() helper function is defined,
- a manager_login_required() decorator is defined and used calling
  get_manager_login_url() with the lazy functional wrapper from Django,
- SiteAdmin.login() is modified to use get_manager_login_url() to find its login
  page.
 2017-10-13 16:21:59 +02:00
Benjamin Dauvergne 937456200b tox.ini: force use of pip > 9 
It's needed for python-cryptography.
 2017-10-13 12:47:18 +02:00
Benjamin Dauvergne a5560daeaf registration: fix revalidation of email during registration (fixes #19421) 2017-10-13 11:49:26 +02:00
Benjamin Dauvergne 3525b83897 tests: move registrations tests from test_all.py to test_registation.py (#19421) 
Also convert them to the py.test/webtest framework.
 2017-10-13 11:49:23 +02:00
Benjamin Dauvergne d78b6e1e71 manager: rename column "Member count" to "Direct member count" (fixes #16948) 2017-10-12 18:37:04 +02:00
Benjamin Dauvergne a36e6b9dd1 update french translation (fixes #18626) 2017-10-12 18:32:46 +02:00
Benjamin Dauvergne c1a706f535 update french translations about registration (fixes #19355) 2017-10-12 18:08:48 +02:00