Benjamin Dauvergne
cbd43d4f4c
auth fc: make fc_display_name more resilient ( #47566 )
2020-10-28 23:33:08 +01:00
Benjamin Dauvergne
41b97f0bb2
misc: validate and use a real identifier for services ( #45672 )
2020-09-03 11:55:13 +02:00
Benjamin Dauvergne
442dc74bab
misc: use long duration cookie to check for cookie support in browser ( #44055 )
2020-06-26 12:02:38 +02:00
Benjamin Dauvergne
cc3b90eab9
auth_fc: check current user is authenticated ( #43970 )
...
Uniqueness can fail on linking of current account but also on creation
of a new account *if* FC sub is already linked to an inactive account.
2020-06-12 15:32:09 +02:00
Benjamin Dauvergne
eb83cad1f5
auth_fc: do not resolve next url ( #42822 )
2020-05-15 15:35:48 +02:00
Benjamin Dauvergne
a5e372707e
misc: test cookies are working in login view ( #42280 )
...
It's also tested in auth-fc login view.
2020-05-07 18:36:53 +02:00
Benjamin Dauvergne
b439593203
auth_fc: make user and sub relatively unique ( #19959 )
...
As we are not sure they are unique in all deployments, we make them
unique relative to a new order integer field. New federations with
FranceConnect with be forced to have the column order to be 0, making
them unique.
2020-04-27 18:09:03 +02:00
Paul Marillonnet
6ac5e1646a
auth_fc: http util signature variation ( #41238 )
2020-04-27 14:34:56 +02:00
Paul Marillonnet
1da5389209
dj2.2: user.is_authenticated is not a callable anymore ( #41238 )
2020-04-27 14:34:56 +02:00
Paul Marillonnet
8804de70b7
dj2:2: fix 'reverse' import ( #41238 )
2020-04-27 14:34:24 +02:00
Benjamin Dauvergne
79134e00fb
auth_fc: log transport format/errors as errors ( #40862 )
2020-03-27 17:24:35 +01:00
Benjamin Dauvergne
77cda88658
auth_fc: set session to expire at browser close on login ( #40479 )
2020-03-16 11:36:48 +01:00
Paul Marillonnet
dc58feac77
python3: use url-parsing utilities from django ( #28276 )
2020-03-03 22:34:17 +01:00
Benjamin Dauvergne
27f4e2b13e
auth2_fc: set default scopes to profile and email ( #39231 )
...
And move default value to app_settings file. Support for FC data
provider had to be modified.
2020-01-27 17:58:31 +01:00
Benjamin Dauvergne
c561651d4f
auth2_fc: display an error message on misc error code ( #38748 )
...
An error message is displayed after receiving an error code from FC
different from access_denied. The same error code is logged at level
ERROR instead of DEBUG.
2020-01-03 11:55:32 +01:00
Benjamin Dauvergne
00aae04963
auth_fc: force acr_values to eidas1 ( #34448 )
2019-07-03 19:56:25 +02:00
Benjamin Dauvergne
27702e72c7
add request as first argument to all backends ( #33992 )
2019-07-02 12:49:28 +02:00
Benjamin Dauvergne
30dc69eeb5
views: do not set password on unlink for LDAP users ( #24710 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
95d59c86d0
views: clean FranceConnect session variable on unlink ( #32953 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
1c40ec3f41
adapts to spring cleaning in authentic ( #32866 )
...
See #32934 .
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
338b02cd99
py3ize obviously non-compatible code ( #32866 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
72d48a8326
add copyright headers ( #32866 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
0525533f85
views: search email case insensitively ( fixes #29007 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
1b8ee0a38a
launch tests with Django 1.11 ( fixes #27095 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
929b58d989
views: pass service field to fc login post registration ( fixes #21908 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
a041be4668
keep authentication context ( fixes #21908 )
...
- simplify and reorganize login templates,
- URL are not built inside templates anymore,
- we have now 3 different templates:
- login.html for the login page
- registration.html for the registration page
- linking.html for the account page
- using feature from #25623 , authentication_method is kept by the
registration view.
- the service slug is correctly threaded between every views.
- explanations about FranceConnect are now done in a common template
"explanation.html".
- restore popup mode, use it through setting A2_FC_POPUP=True, it works
for:
- login and login with registration (workflow for login with
registration is a bit complicated),
- registration,
- and linking (linking your existing to FC through the "My account"
page)
unlinking is not handled with a popup.
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
1995891e5f
views: ask for new passord on unlink only if logged using FC ( #24835 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
e688ba4076
views: prevent None success URL in unlink view ( fixes #24708 )
...
Logout URL to FC can be None if the current session was not opened
through an FC authentication.
2019-05-31 14:51:55 +02:00
Frédéric Péters
21b4f96e8d
do not allow unauthenticated access to unlink page ( fixes #22405 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
10337ad952
locale: update french translations for release 0.10 ( fixes #21874 )
...
email was replaced by « adresse de courriel » everywhere.
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
c0f2d4d940
views: show warning to users with a mail linked to another FC account ( fixes #21292 )
...
The warning will help them connect their FC account to normally
registered account.
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
a8cc9cc6ac
retry HTTP requests 3 times ( fixes #21783 )
...
Retry is applied to access token request and user info requests (through
OAuth2Session). There is a small exponential backoff of 0.5 and 1s.
Also decrease log level of message for failure of retrieval of the
access token or the user info to the level WARNING, that's never been a
problem for the user, as he was correctly redirected to its origin
(usually and IdP endpoint).
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
e4a6e58b06
add support for service slugs on login
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
7fb822048e
fix login with a non-unique email where an account linked to another FC account already exists
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
b5b1749dd8
augment timeout on POST to FC to 10 seconds ( fixes #21596 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
7a76b9e951
add request to fc-link hook ( fixes #20288 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
6bce73ec97
call a2 hooks for linking and unlinking events ( fixes #20228 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
3594460be5
views: change messages levels ( #20078 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
8c3387c459
views: do not permit linking if the user has already a link to FC ( #20078 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
387252a3d0
views: forbid automatic linking based on email if multiples users are found or if target user has already a link ( fixes #20078 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
ccb4db5a21
always unlink from all FC accounts ( fixes #19947 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
4894bb1f57
views: force fc-register to always redirect post registration to fc-login-or-link ( fixes #19270 )
...
Without it linking to FC does not happen
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
a55a6f5b45
views: block DisplayMessageBeforeRedirectMiddleware on redirect to FC ( fixes #19247 )
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
2b333eb18c
django 1.9 compatibility
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
20de25fe0e
views: automatically link user with existing email if email is unique ( fixes #18763 )
...
Email must be unique if settings.A2_EMAIL_IS_UNIQUE is True or
get_default_ou().email_is_unique is True.
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
219e0ce884
views: remove dead code
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
c05bb4804f
views: add setting for FC scopes
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
be4a827dce
indicate registration URL is coming from france connect module
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
e11e14605c
redirect to auth_logout if no post logout redirect URI is found
2019-05-31 14:51:55 +02:00
Benjamin Dauvergne
fecfd38f9e
do not logout from local session on unlink (bis #17331 )
...
Fix bug introduced in previous commit.
2019-05-31 14:51:55 +02:00