entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity
6,459 Commits 190 Branches 448 Tags 29 MiB
Commit Graph

66 Commits

Author SHA1 Message Date
Valentin Deniaud 8e6a95b6ce attributes_ng: restore setting superuser flag (#71855) 2022-11-29 18:55:27 +01:00
Valentin Deniaud 5f0c03e32f a2_rbac: move role attributes to real model fields (#69895) 2022-11-29 14:05:38 +01:00
Paul Marillonnet 34215788c5 custom_user: add phone and phone verification fields (#65173) 2022-10-19 15:50:11 +02:00
Corentin Sechet 8e15762cd5 misc: validate password strength (#63830) 2022-08-31 14:39:47 +02:00
Valentin Deniaud bf400ae52b misc: remove dead authenticators code (#66853) 2022-08-16 11:28:22 +02:00
Valentin Deniaud 8b09b2c820 authenticators: remove orphan settings with login password migration (#65707) 2022-07-18 11:04:45 +02:00
Paul Marillonnet 2c58c32a1a discard deprecated unicode-aware i18n utils (#64305) 2022-05-13 09:49:23 +02:00
Paul Marillonnet a3d438d37f settings: remove profile management feature flag (#62486) 2022-04-01 10:35:55 +02:00
Paul Marillonnet a5cf47ecfb idp_oidc: make user info depend on profile choice during authz (#58556) 2022-03-04 13:43:42 +01:00
Valentin Deniaud f24096f8b8 misc: concatenate strings when possible (#56007) 2021-08-10 11:02:45 +02:00
Valentin Deniaud 7bc0fcadff misc: apply pyupgrade (#55519) 2021-07-12 12:03:44 +02:00
Benjamin Dauvergne 40eeaa9581 clean-unused-accounts: run every hour, but limit the number of notifications sent (#52644) 2021-04-09 15:18:34 +02:00
Benjamin Dauvergne 13cd493740 forms: specialize form for password reset by username (#52013) 2021-03-31 19:19:24 +02:00
Valentin Deniaud 4751846fed misc: remove six module usage (#52503) 2021-03-30 15:06:49 +02:00
Valentin Deniaud 86d946adcd misc: apply isort (#52457) 2021-03-30 13:59:53 +02:00
Valentin Deniaud 4bb33d3d3c misc: apply black (#52457) 2021-03-30 11:32:55 +02:00
Valentin Deniaud 961af9538e utils: add setting to choose email sending format (#50745) 2021-03-15 09:57:46 +01:00
Valentin Deniaud 2f42606265 app_settings: enable login rate limiting by default (#50771) 2021-03-02 15:19:27 +01:00
Benjamin Dauvergne e5f368bec9 misc: control similarity threshold for fts (#50781) 2021-02-04 11:44:05 +01:00
Frédéric Péters ab6ee43978 settings: mark laposte.net as well-known domain, not laposte.fr (#50765) 2021-02-02 14:51:32 +01:00
Benjamin Renard 1f2ea15580 Add A2_RESET_PASSWORD_ID_LABEL parameter (#49131) 2020-12-18 07:45:55 +01:00
Paul Marillonnet 8c3902b2c2 misc: do not modify email when marking users as deleted (#48264) 2020-12-02 09:56:08 +01:00
Valentin Deniaud e6b2e5dbf4 api: add find duplicate users endpoint (#46424) 2020-10-01 13:29:24 +02:00
Nicolas Roche 1e6831256b login: add an option to hide cancel button (#41122) 2020-09-18 09:57:56 +02:00
Valentin Deniaud 4f831fe4d8 views: warn user before generating new token (#41792) 2020-08-20 09:57:17 +02:00
Frédéric Péters 5d32b8db52 misc: add setting to set secure flag on opened session cookie (#45938) 2020-08-18 10:19:30 +02:00
Nicolas Roche 1a3bd4bb05 profile_views: add a profil page to manage authorized oauth services (#45200) 2020-07-29 09:45:46 +02:00
Serghei Mihai dc7bce7c05 misc: allow email domains suggestions (#40166) 2020-06-15 17:15:01 +02:00
Benjamin Dauvergne bda672d59e misc: add a DeletedUser model to keep metadata about deleted users (#41933) 2020-05-18 16:21:59 +02:00
Benjamin Dauvergne 63a9e9f8cc misc: remove computed_targeted_id attribute source (#42020) 2020-05-07 16:53:06 +02:00
Valentin Deniaud afcec6c514 views: ratelimit email form views (#41489) 2020-04-24 11:07:43 +02:00
Paul Marillonnet 62441e2340 accounts: send validation email before self-triggered account deletion (#27823) 2019-10-02 11:33:20 +02:00
Benjamin Dauvergne 9fbbf0519a spring cleaning (#32934) 
* reorganize views and forms
* add copyright headers to all .py files
* fix all style errors reported by flake8
 2019-05-14 16:19:25 +02:00
Benjamin Dauvergne fdc2959104 forms: add ou selector to login form (#30252) 2019-03-01 17:30:00 +01:00
Frédéric Péters 90ff2d46ab misc: automatically resize profile image (#27644) 2018-10-30 10:23:11 +01:00
Paul Marillonnet a5d652ce81 support avatar picture in user profile (#26022) 2018-10-30 10:23:11 +01:00
Benjamin Dauvergne 99a7b14bf0 add a remember me button (fixes #25579) 
It simply use session.set_expiry() to augment the session duration.
 2018-08-03 18:52:22 +02:00
Benjamin Dauvergne d7a2af17c3 allow overriding User.can_reset_password by hooks (fixes #25534) 
This commit introduce the concept of an user flag, this flag can be
defined in many places:
* globally trough a setting named A2_USER_<FLAG>
* on the user object itself if there is a property user.<flag> which is
  not None
* by any hook returning a not None result and named a2_hook_user_<flag>
* for all users of an OU if the ou.<flag> is not None
 2018-07-30 17:22:03 +02:00
Benjamin Dauvergne f36b480419 add new widget and fields for passwords (#24439) 2018-07-20 17:07:18 +02:00
Benjamin Dauvergne 35b3136ef4 add new API to validate passwords (fixes #24833) 
POST /api/validate-password/ HTTP/1.1
Conten-Type: application/json

{"password": "whatever"}
200 Ok
Content-Type: application/json

{
  "result": 1,
  "ok": false,
  "checks": [
    {"label": "at least 1 digit", "result": false}
  ]
}

This API is public.
 2018-07-18 10:54:22 +02:00
Benjamin Dauvergne b140cb2612 app_settings: rename ACCEPT_EMAIL_AUTHENTICATION to A2_ACCEPT_EMAIL_AUTHENTICATION (fixes #23514) 2018-05-01 10:39:44 +02:00
Benjamin Dauvergne 20b829b1ee allow a post registration landing page (fixes #22378) 
- add a new setting A2_REGISTRATION_REDIRECT, it can be an URL or a
tuple (URL, field_name). If a next URL was given to /accounts/register/
it's appended to the A2_REGISTRATION_REDIRECT URL as
?field_name=<next_URL> whose field_name default to "next".
 2018-03-13 15:36:57 +01:00
Benjamin Dauvergne 22a885edfd tests: disable cache decorators by default (fixes #22227) 
It makes behavior of tests erratic as it incurs side effects between
tests and even inside of tests. For example, caching of the OU count for
short periods is not harmful for day to day use as creating new OUs are
rare events but during tests it makes reasoning about code behavior
really difficult.
 2018-03-02 12:05:09 +01:00
Benjamin Dauvergne 666d016b91 allow redirect /accounts/ to an external page (fixes #21770) 
New setting is A2_ACCOUNTS_URL.
 2018-02-23 19:26:16 +01:00
Benjamin Dauvergne b7e525cb07 profile_forms: add setting for random reset of password on reset password requests (fixes #20127) 2017-11-29 08:56:40 +01:00
Benjamin Dauvergne 84e2ec679e rework use of exponential_retry_timeout by login form (fixes #20323) 
- full behaviour is moved in a subclass of
  django.contrib.auth.forms.AuthenticationForm in authentic2.forms
- keys is now built using REMOTE_ADDR and username
- behaviour changed as the countdown is only shown on a POST not just by
  displaying the form (on a GET)
 2017-11-28 16:46:27 +01:00
Benjamin Dauvergne 8d8dcd00e4 views: add setting to redirect authenticated users to homepage on access to login page (fixes #20257) 2017-11-27 00:07:01 +01:00
Benjamin Dauvergne 4aec4f62cb add settings to filter user authorized to authenticate (fixes #19597) 
Added:
- A2_USER_FILTER and A2_USER_EXCLUDE settings, contains kwargs for
  User.filter() and User.exclude(),
- two helper methods for backends: authentic2.backend.get_user_queryset() and
  authentic2.backend.is_user_authenticable(),
- all backends modified to use those.
 2017-11-16 16:29:13 +01:00
Benjamin Dauvergne 7890fc62e1 registration: block registration of email patterns (fixes #18886) 2017-10-10 15:51:28 +02:00
Benjamin Dauvergne 4e8142acc2 registration: add prefilling form pre-registration form (fixes #18671) 
It allows asking for first_name and last_name with email.
 2017-09-21 16:29:16 +02:00