entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity
5,453 Commits 190 Branches 448 Tags 29 MiB
Commit Graph

751 Commits

Author SHA1 Message Date
Benjamin Dauvergne 09d8a676f9 api: do not clobber HTTP verb methods in viewsets (#50919) 2021-02-08 16:12:07 +01:00
Benjamin Dauvergne 7514632fe6 auth_oidc: enforce SameSite=Lax on the state cookie (#48347) 
SameSite=Lax is needed for the cookie to be sent by the browser during
redirection chain from the provider. We could just depend on the fact
that cookie without SameSite are Lax by default, but it's better to be
explicit.
 2021-02-08 16:00:04 +01:00
Benjamin Dauvergne 69254370cb ldap: transition to lowercase dn from case mixed in sessions (#50908) 2021-02-05 18:48:42 +01:00
Benjamin Dauvergne 19a8dfc2bd ldap: ignore case of group distinguished names (#50908) 2021-02-05 18:48:42 +01:00
Benjamin Dauvergne e45f693512 custom_user: search email by subtring or trigram in FTS search (#50732) 2021-02-02 10:47:09 +01:00
Benjamin Dauvergne 9cec4cfef9 manager: remove default ordering for user's table (#50534) 2021-01-27 11:40:37 +01:00
Benjamin Dauvergne 1ff8790da0 settings: decrease A2_DUPLICATES_THRESHOLD to 0.2 (#50445) 
The original limit of 0.7 is kept for the find-duplicates web-service API.
 2021-01-25 12:04:33 +01:00
Benjamin Dauvergne 961403a666 use honeypot field to detect robots on registration form (#50108) 2021-01-22 11:10:03 +01:00
Benjamin Dauvergne ab66385315 custom_user: specialize free_text_search for common search terms (#49957) 2021-01-19 15:21:07 +01:00
Benjamin Dauvergne f4908a01f4 tests: use pytest style (#49957) 2021-01-19 15:21:07 +01:00
Benjamin Dauvergne c98b0f2347 authentic2: add full text search to AttributeValue (#49957) 2021-01-19 15:21:07 +01:00
Valentin Deniaud 511d1d222e api_views: prevent crash with statistics and old DRF (#49447) 2021-01-19 14:39:23 +01:00
Serghei Mihai 230cec28eb idp_oidc: fix MissingParameter initialization (#50217) 2021-01-18 10:59:48 +01:00
Valentin Deniaud 09c68bddc3 manager: check permissions before showing add user button (#49893) 2021-01-12 14:10:49 +01:00
Valentin Deniaud 1d09697079 manager: do without disabled add user button on users page (#45338) 2021-01-04 11:44:31 +01:00
Benjamin Renard fd248ebb89 Allow users to provide their email or username for password reset process (#49131) 2020-12-18 07:45:55 +01:00
Valentin Deniaud d098a6fcf4 api_views: allow dates in statistics datetime filters (#49485) 2020-12-15 14:20:00 +01:00
Benjamin Dauvergne 12fd246aeb django_rbac: replace Operation.name by a registry (#49142) 
There is no need to store the operation label in the database.
 2020-12-15 12:13:07 +01:00
Valentin Deniaud 32de734b5a csv_import: use absolute URL for password reset (#49479) 2020-12-15 11:30:26 +01:00
Benjamin Dauvergne ea62c3f8ca tests: update test_check_and_repair_managers_of_roles (#48372) 2020-12-15 11:08:02 +01:00
Benjamin Dauvergne 95b4528228 misc: remove update_roles_admins post_migrate (#48372) 2020-12-15 11:08:02 +01:00
Benjamin Dauvergne 00d2f2584a misc: does not check global email uniqueness (#48372) 2020-12-15 11:08:02 +01:00
Valentin Deniaud 4a36966b55 api: small adjustements to statistics endpoints (#49174) 2020-12-14 10:17:43 +01:00
Benjamin Dauvergne 1687d1a7a4 idp_oidc: make access_token validity depends on expiration or session existence (#48889) 2020-12-04 11:56:31 +01:00
Benjamin Dauvergne 4b9be7a3cb idp_oidc: simplify oidc_client fixture (#47900) 
* new test test_admin will test the admin view for creating OIDCClient
* default mapping are extracted in an app setting
* OIDC_CLIENT_PARAMS is now only used on the main test SSO, creatint
  less redundant tests
 2020-12-04 11:21:49 +01:00
Benjamin Dauvergne 380215ff0d idp_oidc: implement correct error reporting in user_info (#47900) 
* error and error_description are reported in a status 401 HTTP response,
  inside the WWW-Authenticate and inside the JSON body of the response.
 2020-12-04 11:21:49 +01:00
Benjamin Dauvergne 21363956de idp_oidc: add a simple oidc client fixture (#47900) 2020-12-04 11:21:49 +01:00
Benjamin Dauvergne a8214192a8 idp_oidc: improve error reporting in token endpoint (#47900) 2020-12-04 11:21:48 +01:00
Valentin Deniaud 2cc198dd70 api: add statistics endpoints (#48845) 2020-12-03 09:17:48 +01:00
Benjamin Dauvergne 206fec2122 tests: fix indentation (#47943) 2020-12-02 19:16:44 +01:00
Benjamin Dauvergne 550e5d1bf6 manage: ensure created users have a password (#47943) 2020-12-02 19:16:44 +01:00
Benjamin Dauvergne 4a2305459f misc: add User.set_random_password() (#47943) 2020-12-02 19:16:44 +01:00
Paul Marillonnet 8c3902b2c2 misc: do not modify email when marking users as deleted (#48264) 2020-12-02 09:56:08 +01:00
Valentin Deniaud c1345a3356 journal: add event type statistics (#47467) 2020-12-01 17:36:22 +01:00
Serghei Mihai ed055e0892 authentic2_idp_oidc: verify next url againts clients redirect_uris (#48739) 2020-11-27 10:07:39 +01:00
Benjamin Dauvergne 08827ac552 api: check and normalize phone numbers (#48350) 2020-11-23 10:34:09 +01:00
Benjamin Dauvergne b2f926388b auth_oidc: handle case of multiple users with same email but email should be unique (#48339) 2020-11-20 12:34:54 +01:00
Benjamin Dauvergne 0153163669 misc: remove check on sync-metadata --source option (#48500) 2020-11-13 21:41:15 +01:00
Benjamin Dauvergne f89842ffab misc: add more checks on email address localpart (#48133) 2020-11-05 20:39:19 +01:00
Benjamin Dauvergne 9dea38f1b4 misc: clean LDAP accounts of deleted users (#48168) 2020-11-03 19:56:35 +01:00
Benjamin Dauvergne 5ece3924bf auth_saml: clean accounts of deleted users (#48168) 2020-11-03 19:56:11 +01:00
Benjamin Dauvergne 0e24a314f4 auth_fc: clean accounts of deleted users (#48168) 2020-11-03 19:55:43 +01:00
Benjamin Dauvergne c56e4d684a auth_oidc: clean accounts of deleted users (#48168) 2020-11-03 19:55:11 +01:00
Benjamin Dauvergne 7e013975f7 misc: set unusable password on federated users (#48136) 2020-11-03 17:31:33 +01:00
Benjamin Dauvergne 5d28c9034c auth_oidc: make account unique on (provider, user) and (provider, sub) (#48174) 2020-11-03 11:12:17 +01:00
Benjamin Dauvergne 8d6b4653e3 auth_saml: reorganize and fix tests (#48117) 2020-10-29 16:32:01 +01:00
Benjamin Dauvergne 7b002f861f auth_oidc: use a signed state (#47825) 
State is no more stored in the session, it's made using signing.dumps()
instead, to be more resilient. It's associated to a cookie scoped to the
callback path and the nonce created from the state id using an HMAC
construction with settings.SECRET_KEY.
 2020-10-29 00:34:41 +01:00
Benjamin Dauvergne 6cd84ac407 auth_saml: always add mapping as MappingError details (#47760) 2020-10-29 00:18:25 +01:00
Benjamin Dauvergne d47bc8e1ad misc: prevent internal URL leak in browser history (#47302) 2020-10-29 00:17:58 +01:00
Benjamin Dauvergne d3c962e095 misc: check null characters in query-string and form data (#46625) 2020-10-28 23:33:36 +01:00