Paul Marillonnet
041a27c0e6
auth_oidc: prompt login on passive requests for buggy providers ( #734123 )
2023-01-17 09:48:07 +01:00
Paul Marillonnet
74e6f1f248
auth_oidc: add passive authn deactivation flag ( #73412 )
2023-01-17 09:36:37 +01:00
Paul Marillonnet
86fc21ed42
manager: disable globally-overriden options on OU edition page ( #72384 )
2023-01-16 12:00:11 +01:00
Paul Marillonnet
043c7abf6d
forms: provide stricter PhoneField validation ( #73345 )
2023-01-16 11:50:51 +01:00
Paul Marillonnet
789c1714d3
auth_oidc: exclude last_sync_time from authn editable fields ( #73227 )
2023-01-10 15:58:50 +01:00
Paul Marillonnet
1da9c9b3fb
manager: display ldap information even when erroneous ( #73018 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2023-01-05 11:17:37 +01:00
Paul Marillonnet
c5b67aaae1
idp_oidc: get user profile selection or consent even when prompt=none ( #72507 )
2022-12-20 11:52:12 +01:00
Paul Marillonnet
0443245e1e
registration: provide a more user-friendly input code form ( #72604 )
2022-12-20 11:02:28 +01:00
Paul Marillonnet
38e12e840c
views: fix sms-registration phone-number ratelimit key ( #72597 )
2022-12-19 16:13:45 +01:00
Frédéric Péters
c9d6ce0ffd
misc: move configuration URLs to new lines in idp configuration infos ( #72553 )
2022-12-17 08:57:13 +01:00
Frédéric Péters
9846a2e515
api client: fix casing of labels in detail view ( #72562 )
2022-12-17 08:54:21 +01:00
Paul Marillonnet
86f919e306
forms/authn: define explicit fields order ( #72430 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2022-12-14 17:12:55 +01:00
Paul Marillonnet
73ac9f079a
auth_oidc: add an oidc-sync-provider command ( #62710 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2022-12-14 15:31:47 +01:00
Benjamin Dauvergne
0848d1cb3b
auth_fc: add flag to disable link by email ( #68360 )
2022-12-14 14:38:02 +01:00
Benjamin Dauvergne
e524c5f94d
misc: proxy passive SSO from SAML2 services to OIDC idps ( #27135 )
...
Behaviour of the SAML2 when receiving a Passive AuthnRequest and not
user is logged is modified. Before an immediate response with StatusCode
no-passive was returned. Now if one authenticator with the method
passive_login is found, the request is transferred to this authentication
source.
2022-12-14 12:34:33 +01:00
Benjamin Dauvergne
9d0d83b0e5
auth_oidc: make autorun go directly to the OP ( #27135 )
2022-12-14 12:31:04 +01:00
Benjamin Dauvergne
f34b2af379
misc: add next_url parameter to Authenticator.autorun() ( #27135 )
2022-12-14 12:31:04 +01:00
Benjamin Dauvergne
9e7e6dcfba
auth_fc: provision user's informations on registration ( #72358 )
2022-12-13 16:44:23 +01:00
Benjamin Dauvergne
5dddd1c674
auth_fc: set the created user in the registration mail template context ( #72358 )
2022-12-13 16:40:58 +01:00
Paul Marillonnet
4240f989ae
api_views: handle ou-wise api-client checks ( #71275 )
gitea/authentic/pipeline/head Build queued...
Details
2022-12-13 14:39:33 +01:00
Paul Marillonnet
a7ffb583f8
models: add ou field to api clients ( #71275 )
2022-12-13 14:39:00 +01:00
Paul Marillonnet
d542d33af8
api: make sync endpoint adapt to permissions by OU ( #71506 )
gitea/authentic/pipeline/head Build queued...
Details
2022-12-13 14:05:04 +01:00
Paul Marillonnet
68fec48b39
idp_oidc: display BO custom client config to superusers only ( #71905 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2022-12-13 12:29:50 +01:00
Paul Marillonnet
2f7d0618e4
authn: make phone field optional ( #72337 )
2022-12-13 10:53:56 +01:00
Paul Marillonnet
5fd1c9d2f4
manager: test user free search for local and e164 phones ( #69907 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2022-12-13 10:14:02 +01:00
Paul Marillonnet
3e53e2ecf8
api: let free text search accept local phone numbers ( #69906 )
gitea/authentic/pipeline/head Something is wrong with the build of this commit
Details
2022-12-13 09:56:17 +01:00
Paul Marillonnet
8ee074f6ed
api: test user phone number basic authz ( #69314 )
gitea/authentic/pipeline/head Build started...
Details
2022-12-13 09:29:55 +01:00
Paul Marillonnet
b3036b4cc0
api: update phone drf field to handle E164 format ( #69430 )
gitea/authentic/pipeline/head Build started...
Details
2022-12-12 17:44:19 +01:00
Paul Marillonnet
3582bad6b3
views: make sms code trigger a standard registration finalization ( #69223 )
2022-12-12 16:10:15 +01:00
Paul Marillonnet
57da31b3f7
registration: display phone number in form ( #69223 )
2022-12-12 15:11:47 +01:00
Valentin Deniaud
728e9a410a
authenticators: add idp configuration info for saml and oidc ( #67987 )
2022-12-12 12:24:43 +01:00
Paul Marillonnet
dad0a9193d
authn: make username required when it is the only identifier ( #72269 )
2022-12-12 12:00:30 +01:00
Valentin Deniaud
a8f3390de8
data_transfer: export new role attributes ( #71844 )
2022-12-12 10:29:58 +01:00
Paul Marillonnet
43ccdfea68
custom_user: set email verification sources ( #66054 )
2022-12-12 09:45:45 +01:00
Paul Marillonnet
8f17030eab
api_views: set api as verification source for custom attributes ( #65612 )
2022-12-12 09:18:34 +01:00
Paul Marillonnet
5cd75e69e5
auth_fc: set fc as verification source for custom attributes ( #65612 )
2022-12-12 09:18:34 +01:00
Paul Marillonnet
9c340c8a5f
manage custom attribute's verification sources ( #65612 )
2022-12-12 09:18:34 +01:00
Paul Marillonnet
f7d6895b94
authentication/forms: add user phone as identifier ( #69221 )
2022-12-12 08:42:45 +01:00
Paul Marillonnet
3086948b0e
csv_import adapt user csv logic to new phone_number kind ( #69365 )
2022-12-09 12:02:52 +01:00
Paul Marillonnet
2c0443d1bf
attribute_kinds: use custom PhoneField for phone_number type ( #69365 )
2022-12-09 11:31:26 +01:00
Benjamin Dauvergne
2480687f3f
auth_oidc: show a warning message if target user is already linked to another provider ( #65692 )
2022-12-01 13:00:20 +01:00
Benjamin Dauvergne
d8d29e2daa
settings: set secure flag on cookies ( #71880 )
...
Tests fixes :
* force https scheme in webtest HTTP client
* add secure=True to call with the django HTTP client
* replace http scheme by https in URLs assertions,
* properly use response.form in tests directly using app.post, as CSRF checks on secure connection also test the Referrer
* manually add Referer header in other cases,
2022-12-01 10:00:07 +01:00
Paul Marillonnet
97a5ebf63a
Revert "idp_oidc: add api access and profile […] ( #71820 )" ( #71890 )
...
This reverts commit 9141583b58
.
The (erroneously added) parameters are for Publik's out-of-spec
synchronization purposes, they shouldn't appear on the vanilla OIDC
client configuration interface.
2022-12-01 09:22:55 +01:00
Paul Marillonnet
d62d23203f
auth_fc: discard deprecated scopes ( #71868 )
2022-11-30 12:10:11 +01:00
Valentin Deniaud
8e6a95b6ce
attributes_ng: restore setting superuser flag ( #71855 )
2022-11-29 18:55:27 +01:00
Valentin Deniaud
5f0c03e32f
a2_rbac: move role attributes to real model fields ( #69895 )
2022-11-29 14:05:38 +01:00
Paul Marillonnet
9141583b58
idp_oidc: add api access and profile management to BO config ( #71820 )
2022-11-29 11:26:43 +01:00
Paul Marillonnet
0c5da1c832
idp_oidc: remove client config through django's admin pages ( #71700 )
...
This removal ensures that OIDC configuration happens through
/manage/ pages as part of Publik's backoffice interface.
2022-11-29 11:09:16 +01:00
Benjamin Dauvergne
d19ac19469
auth_fc: close FranceConnect session when linking fails ( #71607 )
2022-11-28 15:05:46 +01:00
Benjamin Dauvergne
cfefbd553c
tests: do not follow redirects in login_with_fc ( #71607 )
...
Because it will break when we introduce a redirection to FranceConnect
to close the FranceConnect session on failure to link.
2022-11-28 15:05:46 +01:00