entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity
215 Commits 188 Branches 448 Tags 29 MiB
Commit Graph

215 Commits

Author SHA1 Message Date
Benjamin Dauvergne 2ee9cc3a7d setup.py: distribute insee files 2017-07-18 00:44:30 +02:00
Benjamin Dauvergne e32a2acd58 indicate registration URL is coming from france connect module 2017-07-11 16:45:51 +02:00
Benjamin Dauvergne fb59436835 redirect to auth_logout if no post logout redirect URI is found 2017-07-11 16:45:25 +02:00
Benjamin Dauvergne 4e09a681ce fix typo introduced in commit a7677f4bc0 (#17331) 2017-07-11 16:24:03 +02:00
Serghei 6bf6ff6c8c templates: use different ids for link and its container (#17421) 2017-07-06 18:59:08 +02:00
Josue Kouka ffdf6047dc allow fc unlinking through api (#15297) 2017-07-05 15:33:05 +02:00
Benjamin Dauvergne a7677f4bc0 do not logout from local session on unlink (bis #17331) 
Fix bug introduced in previous commit.
 2017-07-05 09:59:39 +02:00
Benjamin Dauvergne 212d41fdbe do not logout from local session on unlink (fixes #17331) 2017-07-04 12:06:26 +02:00
Benjamin Dauvergne 9587e13780 fix issuer check 2017-06-22 13:41:22 +02:00
Benjamin Dauvergne 68fdf61c9a use only underscores in session variables to allow access from templates 2017-06-21 11:16:51 +02:00
Benjamin Dauvergne 6461daab81 setup.py: change compile_translations to work with tox 2017-06-15 18:46:27 +02:00
Benjamin Dauvergne c91411d8be improve reporting of error on access token requests 2017-06-15 18:46:27 +02:00
Benjamin Dauvergne 9ee35f8e19 validate id_token 
Signature is validated, exp, aud and iis fields are checked.

Also add tests using tox and py.test. Proper validation of signature is verified
using jwcrypto.
 2017-06-15 18:46:27 +02:00
Benjamin Dauvergne 690fde2f6b use state as nonce and check nonce returned in id_token 2017-06-14 09:43:41 +02:00
Benjamin Dauvergne 6a57e1f0ec add missing data files insee-communes.json and insee-countries.json 2017-06-14 09:36:54 +02:00
Benjamin Dauvergne ecd2af964f pep8ness 2017-06-14 09:35:53 +02:00
Benjamin Dauvergne 27642283cc generate a random state linked to the session 
Instead of encoding the redirect_uri in the state we:
* generate a random state with 128 bits of entropy
* store the state and the redirect_uri in the session
* verify that the state exist when receivng the callback
* retrieving the redirect_uri linked to this state from the session
 2017-06-14 09:35:41 +02:00
Benjamin Dauvergne d888f1f8ac set confirm_data="required" when auto_register is used (fixes #16771) 
When auto_register is used, users should not see the registration page at all,
even if optionnal attribute fields are unfilled.
 2017-06-08 17:12:48 +02:00
Benjamin Dauvergne 7b0517e1dd redirect to logout on unlink 2017-03-21 17:02:59 +01:00
Benjamin Dauvergne 321651c6b2 do not log an error for normal oauth2 errors 
Such error happens when authorization code is out of date or already used.
 2017-03-21 11:02:26 +01:00
Benjamin Dauvergne f0a7266451 improve mapping of FC attributes to A2 attributes (#10062) 2017-03-21 11:02:26 +01:00
Benjamin Dauvergne 74aadc0508 pep8ness 2017-03-07 11:32:12 +01:00
Benjamin Dauvergne 5d422c2296 always return to /logout/ after FC logout (fixes #15223) 2017-03-07 11:32:12 +01:00
Benjamin Dauvergne a141b520a7 update french translation 2017-02-02 21:24:26 +01:00
Benjamin Dauvergne c486ec1050 use authentic2.utils.login instead of django.contrib.auth.login (fixes #14338) 2016-12-16 18:43:28 +01:00
Benjamin Dauvergne ae6ddcc35e fix deprecation warning about get_cache() 
Since Django 1.8 get_cache() is deprecated in favor of caches[].
 2016-10-21 20:54:28 +02:00
Frédéric Péters c64df77a6e style: don't let button oversize its container (#13216) 2016-09-19 08:45:08 +02:00
Frédéric Péters 166c31a161 add a brief explanation after "what is franceconnect?" (#13174) 2016-09-14 09:35:45 +02:00
Frédéric Péters bd894374cd add initial migration (#13077) 2016-09-06 14:32:26 +02:00
Mikaël Ates c97337a125 Update official about link. 2016-06-20 16:18:09 +02:00
Mikaël Ates 277c428778 Fix bad version number in last commit. 2016-06-16 15:28:28 +02:00
Mikaël Ates 7a3e9983e1 Update dependency to authentic2. 2016-06-16 15:15:57 +02:00
Mikaël Ates c2af4c9770 Move registration frontend method to the Frontend (fixes #11351). 
Needs authentic2 >= v2.1.20-1010.
 2016-06-16 14:36:31 +02:00
Mikaël Ates 40ff5afd57 Hide linking button on profile frontend if the user is already linked (fixes #11328). 2016-06-16 09:23:54 +02:00
Mikaël Ates b4f0b51777 Add email in linking message (fixes #10912). 2016-05-13 17:06:00 +02:00
Mikaël Ates bea99539f5 Improve wording on unlinking page. 2016-05-12 17:34:40 +02:00
Mikaël Ates 8becabe272 Fix bad translation. 2016-05-04 13:10:23 +02:00
Mikaël Ates 2ed8588583 Prevent to add a link with an FC account already linked with another user (fixes #10791). 2016-05-04 11:42:50 +02:00
Mikaël Ates ca29f7564a Remove obsolete setting. 2016-04-29 18:24:11 +02:00
Mikaël Ates ff30392ddc Hide unlinking link if the user has no password and can't set it (fixes #10775). 2016-04-29 18:24:11 +02:00
Mikaël Ates 121e62a9e8 Prevent unlinking if the user has no password and can't set it (fixes #10775). 
Unlinking is now prevented if the user has no usable password and can't
    change it because A2_REGISTRATION_CAN_CHANGE_PASSWORD is False.
    For now it is thus assumed that the password is the unique other mean of
    authentication and unlinking would make the account unreachable.

    Also use A2_REGISTRATION_SET_PASSWORD_FORM_CLASS setting instead of
    importing the form.
 2016-04-29 18:24:11 +02:00
Mikaël Ates 922d075236 Update login or create account message. 2016-04-15 15:38:14 +02:00
Mikaël Ates d3d9aab919 Ask password at unlinking when the user has no usable password (fixes #10524) (ter). 2016-04-14 10:44:13 +02:00
Mikaël Ates 5704e98495 Ask password at unlinking when the user has no usable password (fixes #10524) (bis). 2016-04-14 10:21:08 +02:00
Mikaël Ates f1b2ced61b Ask password at unlinking when the user has no usable password (fixes #10524). 2016-04-13 23:03:31 +02:00
Mikaël Ates b9899c719a Define a registration frontend and manage account creation with FC data (fixes #10621). 
The registration frontend is used when the user is not logged locally
    not with FC. The login template provide a link to the FC login view and
    then to the plugin registration view.

    If the user is already logged with FC, the login template provide a link
    to the plugin registration view.
 2016-04-13 23:03:31 +02:00
Mikaël Ates 07a621c291 Add a registration view (fixes #10621). 
The view is called to create an account using the data provided by FC
    at account creation.

    The data provided is put in a protected token and sent to the next url.

    If FC provides an email, the view redirects to the activation view.

    If an email is not provided, the view redirects to the email registration
    view.

    The confirm_data parameter of the activation view is a plugin setting.

    Account creation with FC means no password.
 2016-04-13 23:03:31 +02:00
Mikaël Ates 95c13c3064 Display on the login page a button for quick account creation (fixes #10510). 
After a successful sso and no user is authenticated the user is redirected
    on the login page. On the login page, the user may be asked to login with a
    password or to create a new account. The plugin login button is hidden to avoid
    an unecessary loop.

    The patch add an option to display an other button that the login button.
    This button reference the registration page and is filled with data from
    the sso. If skip resgitration with prefilling data options are set on authentic
    the button leads to a direct account creation.
 2016-04-13 23:03:31 +02:00
Mikaël Ates c72eaa893c Add new scopes at login (fixes #10510). 2016-04-13 23:02:51 +02:00
Mikaël Ates 7bdc2fce5f Remove deprecated idp info form the unicode of an FCAccount (fixes #10628). 2016-04-13 22:52:33 +02:00