Benjamin Dauvergne
09d8a676f9
api: do not clobber HTTP verb methods in viewsets ( #50919 )
2021-02-08 16:12:07 +01:00
Benjamin Dauvergne
7514632fe6
auth_oidc: enforce SameSite=Lax on the state cookie ( #48347 )
...
SameSite=Lax is needed for the cookie to be sent by the browser during
redirection chain from the provider. We could just depend on the fact
that cookie without SameSite are Lax by default, but it's better to be
explicit.
2021-02-08 16:00:04 +01:00
Benjamin Dauvergne
69254370cb
ldap: transition to lowercase dn from case mixed in sessions ( #50908 )
2021-02-05 18:48:42 +01:00
Benjamin Dauvergne
19a8dfc2bd
ldap: ignore case of group distinguished names ( #50908 )
2021-02-05 18:48:42 +01:00
Benjamin Dauvergne
e45f693512
custom_user: search email by subtring or trigram in FTS search ( #50732 )
2021-02-02 10:47:09 +01:00
Benjamin Dauvergne
9cec4cfef9
manager: remove default ordering for user's table ( #50534 )
2021-01-27 11:40:37 +01:00
Benjamin Dauvergne
1ff8790da0
settings: decrease A2_DUPLICATES_THRESHOLD to 0.2 ( #50445 )
...
The original limit of 0.7 is kept for the find-duplicates web-service API.
2021-01-25 12:04:33 +01:00
Benjamin Dauvergne
961403a666
use honeypot field to detect robots on registration form ( #50108 )
2021-01-22 11:10:03 +01:00
Benjamin Dauvergne
ab66385315
custom_user: specialize free_text_search for common search terms ( #49957 )
2021-01-19 15:21:07 +01:00
Benjamin Dauvergne
f4908a01f4
tests: use pytest style ( #49957 )
2021-01-19 15:21:07 +01:00
Benjamin Dauvergne
c98b0f2347
authentic2: add full text search to AttributeValue ( #49957 )
2021-01-19 15:21:07 +01:00
Valentin Deniaud
511d1d222e
api_views: prevent crash with statistics and old DRF ( #49447 )
2021-01-19 14:39:23 +01:00
Serghei Mihai
230cec28eb
idp_oidc: fix MissingParameter initialization ( #50217 )
2021-01-18 10:59:48 +01:00
Valentin Deniaud
09c68bddc3
manager: check permissions before showing add user button ( #49893 )
2021-01-12 14:10:49 +01:00
Valentin Deniaud
1d09697079
manager: do without disabled add user button on users page ( #45338 )
2021-01-04 11:44:31 +01:00
Benjamin Renard
fd248ebb89
Allow users to provide their email or username for password reset process ( #49131 )
2020-12-18 07:45:55 +01:00
Valentin Deniaud
d098a6fcf4
api_views: allow dates in statistics datetime filters ( #49485 )
2020-12-15 14:20:00 +01:00
Benjamin Dauvergne
12fd246aeb
django_rbac: replace Operation.name by a registry ( #49142 )
...
There is no need to store the operation label in the database.
2020-12-15 12:13:07 +01:00
Valentin Deniaud
32de734b5a
csv_import: use absolute URL for password reset ( #49479 )
2020-12-15 11:30:26 +01:00
Benjamin Dauvergne
ea62c3f8ca
tests: update test_check_and_repair_managers_of_roles ( #48372 )
2020-12-15 11:08:02 +01:00
Benjamin Dauvergne
95b4528228
misc: remove update_roles_admins post_migrate ( #48372 )
2020-12-15 11:08:02 +01:00
Benjamin Dauvergne
00d2f2584a
misc: does not check global email uniqueness ( #48372 )
2020-12-15 11:08:02 +01:00
Valentin Deniaud
4a36966b55
api: small adjustements to statistics endpoints ( #49174 )
2020-12-14 10:17:43 +01:00
Benjamin Dauvergne
1687d1a7a4
idp_oidc: make access_token validity depends on expiration or session existence ( #48889 )
2020-12-04 11:56:31 +01:00
Benjamin Dauvergne
4b9be7a3cb
idp_oidc: simplify oidc_client fixture ( #47900 )
...
* new test test_admin will test the admin view for creating OIDCClient
* default mapping are extracted in an app setting
* OIDC_CLIENT_PARAMS is now only used on the main test SSO, creatint
less redundant tests
2020-12-04 11:21:49 +01:00
Benjamin Dauvergne
380215ff0d
idp_oidc: implement correct error reporting in user_info ( #47900 )
...
* error and error_description are reported in a status 401 HTTP response,
inside the WWW-Authenticate and inside the JSON body of the response.
2020-12-04 11:21:49 +01:00
Benjamin Dauvergne
21363956de
idp_oidc: add a simple oidc client fixture ( #47900 )
2020-12-04 11:21:49 +01:00
Benjamin Dauvergne
a8214192a8
idp_oidc: improve error reporting in token endpoint ( #47900 )
2020-12-04 11:21:48 +01:00
Valentin Deniaud
2cc198dd70
api: add statistics endpoints ( #48845 )
2020-12-03 09:17:48 +01:00
Benjamin Dauvergne
206fec2122
tests: fix indentation ( #47943 )
2020-12-02 19:16:44 +01:00
Benjamin Dauvergne
550e5d1bf6
manage: ensure created users have a password ( #47943 )
2020-12-02 19:16:44 +01:00
Benjamin Dauvergne
4a2305459f
misc: add User.set_random_password() ( #47943 )
2020-12-02 19:16:44 +01:00
Paul Marillonnet
8c3902b2c2
misc: do not modify email when marking users as deleted ( #48264 )
2020-12-02 09:56:08 +01:00
Valentin Deniaud
c1345a3356
journal: add event type statistics ( #47467 )
2020-12-01 17:36:22 +01:00
Serghei Mihai
ed055e0892
authentic2_idp_oidc: verify next url againts clients redirect_uris ( #48739 )
2020-11-27 10:07:39 +01:00
Benjamin Dauvergne
08827ac552
api: check and normalize phone numbers ( #48350 )
2020-11-23 10:34:09 +01:00
Benjamin Dauvergne
b2f926388b
auth_oidc: handle case of multiple users with same email but email should be unique ( #48339 )
2020-11-20 12:34:54 +01:00
Benjamin Dauvergne
0153163669
misc: remove check on sync-metadata --source option ( #48500 )
2020-11-13 21:41:15 +01:00
Benjamin Dauvergne
f89842ffab
misc: add more checks on email address localpart ( #48133 )
2020-11-05 20:39:19 +01:00
Benjamin Dauvergne
9dea38f1b4
misc: clean LDAP accounts of deleted users ( #48168 )
2020-11-03 19:56:35 +01:00
Benjamin Dauvergne
5ece3924bf
auth_saml: clean accounts of deleted users ( #48168 )
2020-11-03 19:56:11 +01:00
Benjamin Dauvergne
0e24a314f4
auth_fc: clean accounts of deleted users ( #48168 )
2020-11-03 19:55:43 +01:00
Benjamin Dauvergne
c56e4d684a
auth_oidc: clean accounts of deleted users ( #48168 )
2020-11-03 19:55:11 +01:00
Benjamin Dauvergne
7e013975f7
misc: set unusable password on federated users ( #48136 )
2020-11-03 17:31:33 +01:00
Benjamin Dauvergne
5d28c9034c
auth_oidc: make account unique on (provider, user) and (provider, sub) ( #48174 )
2020-11-03 11:12:17 +01:00
Benjamin Dauvergne
8d6b4653e3
auth_saml: reorganize and fix tests ( #48117 )
2020-10-29 16:32:01 +01:00
Benjamin Dauvergne
7b002f861f
auth_oidc: use a signed state ( #47825 )
...
State is no more stored in the session, it's made using signing.dumps()
instead, to be more resilient. It's associated to a cookie scoped to the
callback path and the nonce created from the state id using an HMAC
construction with settings.SECRET_KEY.
2020-10-29 00:34:41 +01:00
Benjamin Dauvergne
6cd84ac407
auth_saml: always add mapping as MappingError details ( #47760 )
2020-10-29 00:18:25 +01:00
Benjamin Dauvergne
d47bc8e1ad
misc: prevent internal URL leak in browser history ( #47302 )
2020-10-29 00:17:58 +01:00
Benjamin Dauvergne
d3c962e095
misc: check null characters in query-string and form data ( #46625 )
2020-10-28 23:33:36 +01:00