NEWS ==== 2.1.13 - Match 23th 2015 ------------------------ Never say never, another Django 1.5 release. It fixes slowdown in homepage when a lot of service providers are registered. Commits ~~~~~~~ 6 files changed, 267 insertions(+), 91 deletions(-) - prepare 2.1.13 - ldap: update block saved in LDAP users objects with default values (#6784) (2d8fbdc) - Optimize queries in SamlBackend.service_list() (22d382e) - In get_sp_options_policy() and get_idp_options_policy() cache query for default and all queries (96ab51e) - Add decorator to cache function results in request (d69eec9) 2.1.12 - March 13th 2015 ------------------------ It's the last release supporting Django 1.5 & 1.6, the next will be Django 1.7 only. You will need to update to this release before updating to the next one for migrations to work. Notables changes: - new CAS 1.0 & 2.0 idp with support for proxy tickets and authorization between services - expiration of SamlKeyValue objects - worked around problem of CSRF cookie change when navigating in different tabs - email authentication is now activated by default - password change over LDAP works - LDAP now support STARTTLS - log a warning when user fails to log in more than a certain times - add an exponential retry timeout before authentication failures - add a flag to force user to change their password at next login - add the possibility to validate passwords by using regular expression Commits ~~~~~~~ 855 files changed, 55961 insertions(+), 51943 deletions(-) - Reorder migrations of the saml application (e30917e) - ldap: fix logging call (3648e4a) - Do not pass homepage url through settings, use variables set in the template context by a template context processor (refs #6690) (7a9423e) - login label updated when email authentication enabled (6669) (f41a12b) - Support variable MANAGER_HOMEPAGE_URL and MANAGER_HOMEPAGE_TILE for the first element of the manager breadcrumb (fixes #6690) (6b9606a) - Add created filed to SamlKeyValue to permit expiration of stored values (fixes #5639) (c38ee5e) - Add an ExpireManager to share common code around expiration of models (refs #5639) (d5675f2) - Remove LibertyFederation model (refs #5639) (1d6a4d9) - Add missing newline in translations that broke msgfmt (4df0d05) - Deactivate custom csrf view for tests (6f4c045) - update French translation (5907b85) - Use new CSRF cookie validation on login view (refs #5617) (f257370) - Update french translation (fixes #5617) (8fd5446) - Use new mixin on registration view to show a form error on CSRF token validation error instead of a redirect (refs #5617) (0baa91c) - Allow validation of CSRF cookie to be done in view using a CBV mixin or an helper function (refs #5617) (31c743d) - Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF failure, instead redirect them to the same page and display a warning (refs #5617) (25ef99f) - registration tests updated to new settings (#6661) (28a1581) - email authentication enabled by default (7de4f82) - locale: french translation for registration backend (4b74662) - typo fix on login choices page (#6634) (8a97ddd) - first and last names mandatory on registration (#6653) (a025418) - user fullname prefixed by account number on login choices page (#6634) (433737b) - auth model backend path fix (#6635) (1051624) - limit username to 30 chars (#6636) (e9d6739) - Only remove the opened session cookie when the feature is activated (#6265) (a838d08) - Use a valid python identifier for lable of SAML 2.0 IdP AppConfig (#6518) (ab50dce) - Fix OpenID 2.0 IdP migrations since the application was renamed (6b48ab8) - Fix use of the logout view by SAML 2.0 IdP (5f018c7) - Remove Ticket.identifier from the admin, the field has been removed (976ab8e) - Add a CAS IdP module (9b958d3) - Makes make_url() accepts a fragment in the base url (b8716b9) - Makes registration tests pass without network (e927faf) - Add helper methods to normalize attributes values (69df370) - Move to_list() and to_iter() in utils.py (a73adab) - Add a helper method to retrieve the user from a session given the session key (ab3dd57) - Make compile_translations target of setup.py compatible with Django 1.7 (8dd988a) - Add helper method check_session_key() to verify that session is still valid (4d15508) - Refactor SAML 2.0 SP initiated slo to use the refactored logout view (e0db633) - Rename idp/logout.html template to authentic2/logout.html (15d87d5) - Refactor the logout view (ef59354) - Add check_referer() helper method to check that referer match the current domain (581f34d) - Create a ModelAdmin mixin for adding a default cleanup action to any model admin (0bee142) - Add test method to check XML contents for some properties (9f796c0) - Create a base class for tests providing 2 new helper methods (09e8a66) - With Django >= 1.7 activate ATOMIC_REQUESTS on the default db (e2d3f04) - Add new helper method redirect_to_logout (cfac918) - Adapt SAML 2.0 IdP to new authentication events recording (15d4dde) - Refactor testing for fresh authentication by storing the nonce in the session (45da549) - password change view restored (3d81025) - misc: add a settings option to disable https ssl checks (#6539) (783977b) - misc: raise an urllib2.HTTPError if get_url returns a non 200 response (#6539) (f8543c9) - style: add non-prefixed css properties (#6510) (c0c0706) - At least install tox and pylnt (d6156bc) - Just use tox (358a8e7) - jenkins.sh: just install authentic2 using pip (4d62374) - [django-1.7] SortedDict.insert() method was removed (c687a87) - Rename README.rst to README to supress a warning (fe4f447) - Fix typo in setup.py (4a3c9b6) - [django-1.7] Rename all migrations/ directories to south_migrations/ (5ac3c8a) - [django-1.7] tox: adapt settings and commands (40850ef) - [django-1.7] Monkey patch default Django user model for Django 1.7 (f328f6f) - [django-1.7] Prevent Django 1.7 showing a warning about test suites initialized before Django 1.6 (db95cc2) - [django-1.7] Natural primary key support have been added to Django 1.7, we only need natural generic foreign key support now (252476d) - [django-1.6] Not settings Meta.fields or Meta.exclude has been deprecated (cbdcf5d) - [django-1.6] Add missing default value to AttributePolicy.enabled field (0a4acfb) - [django-1.7] Use allow lazy to apply string tranformation to translatable string in models definitions (db8dc58) - [django-1.7] Use application configuration to rename the SAML 2.0 idp application and prevent name collision (af4ea67) - [django-1.7] Use new application config ready() method to fix user models (6000feb) - [django-1.7] User profiles were deprecated in django 1.5, partially remove the functionnality from our copy of AbstractUser (3d24f74) - [django-1.7] Declare authentic2 compatible with django 1.7 (32d1c6f) - Simplify default logging settings (f7bdd57) - OpenID IdP: raise ImproperlyConfigured if it is enabled but python-openid is not installed (fcae7f2) - Update local_settings.py.example (8837014) - Rename environment variable DJANGO_CONFIG_FILE to AUTHENTIC2_CONFIG (c43721b) - Move test_settings in the tests/ subdirectory (31927d1) - Make a plugin from the OpenID 2.0 IdP (4be3b68) - tests: Add templates (4fbcbeb) - Remove include of gadjo files (72c3242) - Move authentic2 into src/ (2949cfe) - Remove init scripts not used anymore (e2f03ef) - test fix (4e01add) - registration: custom save method added (809f8bd) - removed modules import fixed (ec69ab2) - Merge branch 'wip/registration' (a8fd23b) - remove cache on metadata view (#6487) (3a83a64) - boolean attributes convertered to unicode and lower-cased and the other converted to unicode (262a8a1) - middleware: allow other view restrictions from plugins (6a168d2) - ldap_backend: add a new backend LDAPBAckendPasswordLost for use by lost passwords views (6ba68b5) - ldap_backend: move all initialization of the password in LDAPUser.ldap_init() (98ddc4b) - ldap_backend: ignore `user_basedn` if it's empty or None (8aebe1e) - ldap_backend: remove the uri parameter to the return*user class of functions (7c3ef42) - ldap_password: if no password is stored, LDAPUser.get_connection() should return the default connection (6359ac9) - ldap_backend: do not raise if LDAPUser.get_password() fails, returns None (70aaa6b) - ldap_backend: reimplement password change (5c07c39) - models_backend: abandon if username if empty or None (954de2e) - manager: add missing template user_edit.html (dd03347) - auth_frontends: add an exponential retry timeout after authentication (6adba07) - implement an object to compute exponential retry timeout (39a9d42) - utils: add form_add_error an helper method to set a global error on a form (9a6224b) - backends: signal if login with an account failed more than n times (984f98f) - middleware: permit logout event a view restriction is applied (9014877) - locale: update french translation (d98d55c) - manager: add buttons to force user to reset its password on next login (c516cad) - middleware: implement restriction to the password change view when password reset is requested (6cf91d2) - registration: add a next URL parameter to the password change view (d8ffeaa) - forms: new form mixin to store next URL parameter in forms (a6d7e9e) - utils: new helper method redirect_and_come_back to redirect to a view passing it the current URL as the next parameter (3dd3106) - admin: register PasswordReset in the admin application (597d763) - models: add __unicode__ method to PasswordReset (91a1f08) - fix_user_model: dispatch monkey patching of user related models and forms in their respective files (59f3e12) - tests: add tests on the password validator (3c61e02) - validators: make possible to validate password using a regular expression (62de751) - validators: add digits as a character class when validating passwords (43d9d45) - ctl: do not consider --help as an invalid option (b0b5bce) - Fix error in call to parent implementation (5d74ae7) - handling metadata from the web (81ca01d) - In the admin allow filtering provider by their policy, remove protocol conformance column from the listing (a89df5f) - Set on_delete attribute on foreign keys of the saml application's models (1823cb1) - Fix missing import (7b066c2) - ldap: remove reference to undefined variable (ba4d5e3) - ldap: do not retrieve attributes in the base search for users (d2a356a) - LDAP attribute can be multivalued, any reference to a mono-valued attribute must be suffixed with [0] (c7ab420) - Fix app_settings of SAML and OpenID IdP, they forced their prefix on all access to the settings module (eafe34f) - Come back to explicit path for LOGIN_URL and LOGOUT_URL and it break compatibility with Django 1.5 (ed4be3d) - Replace use of authentic2.idp.saml.common.redirect_to_login by authentic2.utils.login_require (f30c356) - Add a next_url parameter to login_require to come back to another URL than the current one (53c23d9) - Do not change the type of INSTALLED_APPS keep it as a tuple (7ee6f4b) - Remove unused imported symbols (1a3440c) - Change default external_id_tuple to use uid as the primary key with the LDAP server (6b96d6e) - user's account history information display updated (2e939d5) - username is uuid, not viewable or editable by user (461c3e4) - user full name and account creation, last login date displayed on login choices (33e7c80) - login page text fix (14ca8a7) - account creation and login urls refactored (3027128) - on user multiple accounts propose to log in with one of them or create a new account (c6a9960) - Registration refactored: email validation done first and registration process finished on profile completion. (efa4305) - ldap to database users synchronization command. ldap backend's methods refactored (717c7ee) - ldap_backend: username computed from uid by default (c984435) - Set DJANGO_CONFIG_FILE only if local_settings.py exists (0ab6736) - Adapt tox tests to cleaned settings (e3082f8) - Make authentic2-ctl default to load the local_settings.py file in the current directory (50c4737) - Improve test on the login_require helper function (e4c9362) - Fix assertEqualsURL, query string is index 3 in a splitted URL (1f979f8) - Add new --config flag to authentic2-ctl (fixes #5960) (7ae6ffd) - Simplify settings, remove all extraction from environment (refs #5960) (b47b151) - Remove caching of server object in SAML 2.0 IdP, it's incompatible with multi-tenant (refs #5960) (3addece) - Remove the PUSH_PROFILE_UPDATES feature (refs #5960) (97d4e14) - Use app_settings to set default value for TEMPLATE_VARS settings (refs #5960) (155f895) - Remove loading of debug toolbar in urls.py (refs #5960) (1892fef) - Refactor default settings for the SAML 2.0 IdP (refs #5960) (6556776) - Do not cache settings in disco_responder use late binding (refs #5960) (e7535f0) - Remove IDP_OPENID setting, rename it A2_IDP_OPENID_ENABLE and store default in an app_settings.py file (refs #5960) (f3481b3) - Convert urls.py in OpenID IdP for direct import of views (refs #5960) (54d03aa) - Add a feature to force users to change before using the IdP (f3e884a) - Add helper function to compare URLs in tests (7f8aef2) - In utils.make_url if the target URL contains a query string, extract it and use it as a base for building the new query string (fixes #6314) (8d8cb91) - Add a default value for the user_basedn setting (7766d65) - Do not traceback when request is too old during SAML login or logout request handling (fixes #6306) (3830935) - Add missing start_tls_s() in the LDAP authentication code (76dff5f) - Try to not overflow the limit on SQL statement length by doing filtering client side instead of using a NOT IN clause (6ffa1a1) - Remove SSL registration view as it's not working anymore, must be redone using new registration views (f1a41e2) - Update idp_openid with new redirect helpers (62e351c) - Remove legacy redirect_to_login helper method (8412402) - Use new helper methods in decorators (d58ddf2) - Use new helper methods in default login/password authentication frontend (822ab9a) - Use new helper method in auth2_ssl (e86916d) - Add helper method to require a login (6c72edf) - Add helper method for logging in an user doing all needed bookkeeping (67e2c2d) - Add helper method to record an authentication event (b9f5b1b) - Add helper method to redirect user to next URL (072df70) - Add helper method to request a login, copying nonce and next parameters (c1dd770) - Add new utilities to help building URLs with parameters (2676e6f) - Make the logout set a cookie to let other views know that a logout occured recently (e57015b) - Distribute locale for SAML 2.0 IdP (65058be) - Default to use starttls on ldap:// connections, also allow to set python-ldap options locally or globally (fixes #6097) (3ea847e) - Fix error logging when an exception occur during admin bind in LDAP backend (fixes #6036) (0b2e5c1) - Use a second field for confirmation of emails, not a special widget (7a7870c) - idp/saml: use get_sp_options_policy() to get the policy in get_attribute_definitions (542c806) - trivial: fix typo in error message (#6203) (7ba9603) - Always show the login page (b564e15) - Validate email domain containing non ASCII characters (72f6433) - Add Django 1.7 environment to tox configuration (58d827d) - Run tox as part of the continuous integration script, stop the script on any error (bf4754d) - Add default value to test_setting to accomodate needs of Django tests (0c36445) - Add setting A2_VALIDATE_EMAIL_DOMAIN to completely disable email domain checking (c498ab7) - Create a base_no_sekizai.html base template for 404 and 500 templates as they are used by Django tests which do not install django-sekizai (956a520) - changed mimetype to content_type as per django1.5 deprecation rules. (a17812b) - changed .raw_post_data to .body as per django1.4 deprecation rules. (8cb6fa6) - Added tox as a test-runner. (e2213b9) - [django-1.6] add default value to all BooleanField missing it (242815a) - [django-1.6] LDAPUser application cannot be deduced without a Meta.app_label (266e6ed) - [django-1.6] authentication backends import path must match the canonical __module__.__class__ (f72155c) - [django-1.6] use ATOMIC_REQUESTS setting instead of TransactionMiddleware (010b922) - [django-1.6] middleware: do not store set() object in sessions only lists (b3def63) - [django-1.6] adapt to API change on EmailValidator (e031cab) - [django-1.6] fix import path of FieldDoesNotExist exception (c2e98e1) - documentation: fix block of code displays in quick ldap backend file. (9f37735) - misc: minor change to French translation (#6124) (92edfa2) - Fix bug introduced in commit 52f380d (95d9e48) - documentation: update mapping subject of attribute management. (6e3622d) - Prevent circular imports of settings (92af1ff) - NEw experimental attribute source computed_targeted_id to create eduPersonTargetedId like values from existing attributes (ed8bab6) - Do not block on failure of the topological sort of attribute sources by their dependencies (7467d3d) - Refactor SAML 2.0 IdP and attributes engine interface (52f380d) 2.1.11 - Decembre 5th 2014 -------------------------- 16 commits, 12 files changed, 705 insertions, 79 deletions - refactor LDAP password storage, check and modifications - fix some french translations - enlarge AuthenticationEvent.how column to accomodate currently used value 'password-on-https' - remove model LibertyProviderPolicy only use SPOptionsIdPPolicy now - fix bug in login view introduced in last release 2.1.10 - December 3rd 2014 -------------------------- - set LDAP backend default to create Django users (transien=False) - do not fail when lasso is uninstalled, instead show a warning in a 404 error page - set root logger level to WARNING and only activate DEBUG level on authentic2 logger when DEBUG is True - DEBUG=True is now the default - removed the default cache stored on filesystem - documentation refactoring - use django-sekizai to load stylesheet and javascript files - make the logout URL used for simple logout uncacheable by adding a varying parameter, - add new way for authentication frontend to render their login block by implementing a simple view named login(), this view can use django-sekizai to add CSS or JS assets and receive the a share rendering context in the `context_instance` keyword argument, - store URL of metadata file in provider objects, separated from entity_id as in somes cases it does not match. A migration was created to initialize the field in existing providers with the entity_id. A new method update_metadata() was created on LibertyProvider, the admin action was rewritten around it. - user creation form's username field maximum length was fixed (finally) - french translations were added for the SAML 2.0 IdP - refactored the login view, new frontend API is supported where frontend only implement a login() view 2.1.9 - November 14th 2014 -------------------------- - better interoperability with LDAP directories, all attribute names are lowercased on input to limit problem with case - you can now use username multiple times in the LDAP user filter (you can put many %s patterns) - new support a limited range of Shibboleth attribute filter policies that you can load when synchronizing with a SAML 2.0 education&research federation. - users can now delete their federation on their account page. 2.1.8 - Movember 6th 2014 ------------------------- 101 commits, 114 files changed, 1778 insertions(+), 2110 deletions(-) - full support for natural keys to SAML models - new setting key to disable profile edit, password change and email change views - new decorator setting_enabled to deactivate a view based on a setting - new urlpatterns decorator required to wrapp all view in an urlpatterns with a decorator - validation of LDAP setting keys: it stops when an unknown key is used - validate DNS in email fields, for profile edit and registration - removed auth2_openid idp backend - lot of improvements to error management in SAML idp - default logging configuration now log the function names - add CSV export feature to new manager - LDAP user passwords are now stored in the session, no need for a shared cache anymore - authentic2 version is now available in templates in the variable AUTHENTIC2_VERSION - tracebacks during cleaning of models are now logged - idp sso can be initiated using a GET 2.1.7 - August 21th 2014 ------------------------ 21 commits, 50 files changed, 3153 insertions(+), 233 deletions(-) - new manager for users and groups on /manage - simple password policy validation on registration and profile update - password authentication can be disabled 2.1.6 - August 5th 2014 ----------------------- 29 commits, 23 files changed, 473 insertions(+), 166 deletions(-) 69b4da5 settings: do not produce duplicate log when using DEBUG_LOG setting 599073c settings: uniformize use of to_boolean for boolean settings bcc592a settings: add support for y, yes, n, no values to the to_boolean() parser 8fcbcda backends/ldap_backend: do not fail when LDAP_AUTH_SETTINGS is not defined fed533c backends/ldap_backend: convert attributes name to str 7aa5332 attributes_ng/sources: add an ldap source 6f2fc98 models: fix AttributeError in UserExternalId.__repr__ 4930227 compat: add work-around for Django < 1.8 and commit_on_success e8a1f0a auth2_auth/migrations: protect data modifying code with "if not db.dry_run" bdcf55b backends/ldap_backend: add legacy field mapping to attributes to import 6cb5602 settings: don't print "Debugging mode is active" adda44a settings: allow to override field names in A2_PROFILE_FIELDS and A2_REGISTRATION_FIELDS e3135d4 settings: set LOCALE_PATHS b056b26 views: if A2_PROFILE_FIELDS is empty, use A2_REGISTRATION_FIELDS completed with extra attributes c48796b views: in profile view filter out empty attribute values 9ae7590 backends/models_backend: filter user email case-insensitively d2ccb7e views: refactor profile view, use CBV, and honor A2_PROFILE_FIELDS e8c49e5 views: return to profile page after validating an email change c3fa0ac views: return to profile after requesting an email change 8673268 saml: SAMLAttribute.attribute_name must not be constrained at the model level 3a25ebc saml/models: add natural key to LibertyFederation eeec701 saml/models: add natural keys to LibertyServiceProvider and LibertyIdentityProvider 1c3c922 settings: import A2_ACCEPT_EMAIL_AUTHENTICATION from environment 45135ff settings: load all custom password hashers 8f0db6e hashers: always convert OpenLDAP hash algo to uppercase ce67ec4 commands: add new command load-ldif 34778e3 saml/admin: fix missing blank value for SAMLAttribute.attribute_name e025d56 l10n: change translation of "Account activation failed" (#5144) 93ab270 views: do not use django.contrib.sites in the email change view 2.1.5 - skipped --------------- 2.1.4 - July 15th 2014 ---------------------- 1 commit, 2 files changed, 93 insertions(+), 2 deletions(-) Changes: - new hashers for loading OpenLDAP passwords 2.1.3 - July 15th 2014 ---------------------- 249 commits, 252 files changed, 11140 insertions, 11139 deletions Changes: - a2c2ade registration_backend/views: fix registration of new users - aedcb83 management: add missing __init__.py files - 720e2d4 middleware: fixes OpenedSessionCookieMiddleware middleware - df80753 saml: do not configure choice for attribute names at the model level as it breaks model validation before running migrations - ed76842 management: add new command clean-unused-accounts - 02f3a2b forms: allow ordering of fields on profile page - 56592e6 middleware: do not reset root logger to level 0 - 69514f9 run.sh: do not make DEBUG=1 a default - ad4d83e settings: do not disable existing loggers, it's clear now that it is wrong - 6c20a1a ldap_backend: replace dn lookup by an external_id lookup - 2383d81 ldap_backend: fail cleanly when attribute retrieval fails and log an error - a5172a5 ldap_backend: add dn to the attribute dict - 7dcd2ad ldap_backend: remove redefinition of LDAPBackendError - a535158 models: add string cast to UserExternalId - 79e6f3d registration_backend/forms: use A2_REGISTRATION_FIELDS to reorder fields in the registration form - 383b776 idp/locale: update french translations - d655013 locale: grammar correction - c1a4f93 admin: show attribute name in listing of attribute definitions - 33f533f attribute_kinds: remove siret attribute which is too specific - d870b23 attribute_kinds: pick attribute kinds from settings - c863427 compat: add settings to add user model fields to the registration form - 4c2ca1e settings: load /etc/authentic2/config.py if available - 95e407a context_processors: add settings.TEMPLATE_VARS in template context - 83a0d42 fix_user_model: fix username length check also in overriden forms - fcd2259 fix_user_model: fix widget maxlength attribute - b50e22f fix_user_model: fix also username length in user change and creation forms - 85c24a5 middleware: add a middleware to install a cookie when the user has an open session - 9b878e5 templates: fix back link closing tag - f4fdc4e saml: use GET binding when the HTTP method is HEAD - 5d3b800 fix_user_model: patch directly the user model - fa53721 fix_user_model: importing django.contrib.auth.forms inside a function does not work - a26d3ae fix_user_model: also fix admin forms when changing validation regex for username - 1fcee43 views: add a logged-in jsonp web service - b0af1b6 idp/saml/saml2_endpoints: fix typo - 74765bb idp/saml/saml2_endpoints: in add_attributes add debug log of attribute values - 080f5bd idp/saml/saml2_endpoints: in add_attributes() fix query for SAML2Attribute objects - 0ecad21 attributes_ng/source/django_user: add missing attribute django_user_identifier - a4dbd4d saml/admin: explicitely list fields to show on change form - df00c9d idp/saml: add attribute to assertions based on new attribute definitions - 20362c3 saml/admin: add inline admin forms for SAML attribute definitions - 0fb3681 saml: add attribute definition model - 0965fbd start new attributes-ng subproject - 97b819f attribute_aggregator/user_profile: only set attributes from user model fields if get_attributes() did not return an equivalent value - 203e7af fix_user_model: allow overriding django User model username regex validator and help text - e48714a makes sure msg is defined before asserting on it - 5008e25 registration/views: fix n-th misuse by me of get_or_create() - e23a700 add setting A2_REGISTRATION_GROUPS to affect default groups to self-registered users - f189317 models: change UserExternalId definition - 1b7148a decorators: add to_iter() decorator to transform any generator into an iterable object - eba089c models: make LogoutUrlAbstract.get_logout_url() take a request object - d84a21c models: fix typo in LogoutUrlAbstract.get_logout_url() - 1a822a8 settings: set special formatter for syslog - 64b53f9 attribute_aggregator/user_profile: fix initialization of a variable - c8a75ae attribute_aggregator/user_profile: if user has a get_attributes() method, ignore legacy mapping - a0f4816 settings: fix typo - 6cd91ca settings: extract PASSWORD_HASHERS setting from environment - cd883ff settings: fix typo - 3a6f01f settings: add A2_HOMEPAGE_URL - 0d83d64 ldap_backend: do not convert to string before testing for nullity - 2be7bdf jenkins.sh: restrict pylint to version 1.1.0 which raised less warnings - a605052 validators: accept email when greylisting is used - 74507b2 ldap_backend: escape the user DN before interpolating it into the group filter - 706342d ldap_backend: force the username template to be unicode as the result must be - 391e597 ldap_backend: escape string used to build the user DN when using a DN template - bd68fe2 setup.py: remove dependency link to fork of django-registration - 00a896a models_backend: use a dynamic proxy user model - 2a3a165 idp/saml: improve handling of lasso errors on processing of AuthnRequest - f542916 saml,idp/saml: if NameQualifier or SPNameQualifier is missing, use implicit knowledge of the IdP or SP identities - a9aa567 attribute_aggregator/user_profile: add support for relations use it to fix the role attribute - 562aee0 idp/saml: when a provider is missing, propose to add it directly - 5c5222d ldap_backend: if LDAP is configured but the ldap module is missing, raise ImproperlyConfigured - 89feb7c ldap_backend: if no LDAP config exists, returns None - 233fd6e ldap_backend: do not break if an attribute is not UTF-8 (jpegPhoto ?) - 6dbfbd9 templates: add a default registration/registration_closed.html template - 49c13f0 fix_user_model: add validation of email domains to user model - e8ae079 rename fix_username_length module to fix_user_model - da64050 add validators module with a first email validator - 1c9f0a4 backends/ldap: when mapping attribute names, convert original name to string first - 4845d63 backends/ldap: convert attributes to unicode on input - 15479b4 settings: user ldap backend before model backend - 8c860e1 backends/ldap: add option to pass all realms to an LDAP backend (bis) - 1ba9df2 backends/ldap: add option to pass all realms to an LDAP backend - a92e80c admin: add email to user editable fields - 6357356 backends/ldap: when creating the UserExternalId, verify that the user exists in the database - 6bfbaf5 backends/ldap: remove dead import - e78854c idp/saml/saml2_endpoints: request failure because the requested NameID format is not supported are not an error but a warning - bc95b39 update french translation - 500ef9f admin: add a clear expired sessions action - 4765b64 admin: fix SessionAdmin.user method, does not assume there is always a user set in a session - aefccd1 settings: use Django specific raven/sentry configuration - dc360f3 backends/ldap: fix missing definition of the User model - 8305292 admin,dashboard: show see technical models admin pages even if DEBUG is False - 361c135 dashboard: show session admin in debug panel - e4790ae admin: in the Session admin, show user and ips - da52fe7 add a new middleware to collect ips in the session - 510c396 backends/ldap: add lookup by username, make password change work with Django models - e8ec5a8 backends/ldap: add an option to update username on all login - 83cc9f2 backends/ldap: improve log - ef9fe77 backends/ldap: improve logs - e1ae3b7 backends: in LDAPBackend allow the user query to return multiple records - 890717e settings: add loading from YAML files - 995aacf update french translation - d0497f4 settings: if LOG_DEBUG is present, do not set level to DEBUG on root logger - 4ddd6cc admin: customize admin for technical models - 370e727 admin: activate Session model admin also when the engine is cached_db - c143ffc admin: add filter on whether an use has an external identifier or not - dbfafc7 dashboard: expose DeletedUser model - 372b45e models: complete verbose_name attributes - 9f41f0e remove dead application auth2_user - 6202e4b backends/ldap: fix lookup of UserExternalId missing in commit 6fde3843bdfa - 6b1761c idp: fix renamed authentication backend reference (bis) - 45b450b idp: fix renamed authentication backend reference - 8437ad4 update french translation - d627a4b forms: fix user edition on group admin form - 692a195 authentic2-ctl: do not set DEBUG=1 in the environment - 8f9ae8e settings: set syslog log level to DEBUG, and reset handlers on django.db logger - b6cd5dc settings: display a message when DEBUG is on - 5685b31 settings: add a DEBUG_LOG setting to limit debugging log to certain domains - e71728e settings: remove useless LANGUAGES setting - 4531ced settings: improve naming of path related settings - 08ca448 run.sh: run with debugging on - 8a4fd00 settings: remove redefinition of VAR_DIR - 7a7318e templates: fix typo in password_reset_email.html - fb9b1d4 style.css: make help text display under form fields - 9e1518b admin: register the Session model if the db session engine is used - e1657ca backends/ldap: populate the user.attributes dictionary for transient users - 640b6a0 backends/ldap: remove remaining catchall except blocks - 8cc48f4 admin: in user list view add filter on realms - a3cde8f app_settings,backends/model: add REALMS setting to aggregate realm from all sources - b352b07 backends/ldap: move configuration check in get_config() - f5a9d7e backends: rename module models to models_backend to prevent collision in imports - ab20bee backends/models: if the login form pass a realm use it - 6fde384 backends/ldap: add setting username_template for building usernames - dfd51e4 backend/ldap: add a realm attribute defaulting to ldap - f106505 backends: in the model backend try to lookup user also by appending known realms - 1eb2e11 registration_backend: allow a default realm for self-registrated accounts - db1b762 settings: unique email for accounts should not be the default - a7d4b9e settings: django.contrib.sites is not necessary - d4df5f6 idp/saml: remove wrong backend class - b68320c idp/saml2: add decorator never_cache to all views - c7771d4 idp/saml/saml2_endpoints: add new model backend to supported backends - cefa5d5 backends: add new ModelBackend handling multiple matching users and email as username - 0159f71 backends/ldap_backend: fix import path - 2509410 backends: rename ldap backend module to fix collision with global namespace - b2783e2 serializers: fix missing import and not handled case of new models - c179273 add a backends directory, mv LDAP backend into backends/ldap.py - 31a7b00 add serializer supporting natural primary keys - 64c1bc3 move User.username length fix outside of __init__.py as it breaks loading of wsgi application - edb77e3 managers: extract GetBySlugQuerySet/Manager from saml.managers - 6cb51c1 app_settings: fix typo - f6ebdc9 models,managers: add a custom manager to AttributeValue model - 12ce6cd admin: only use authentic user admin if the classic user model is used - 846fac3 migrations: add migration to add Attribute and AttributeValue - 9823957 admin: unregister the user model only if it's already registered - 0e18014 admin,dashboard: add support for custom user model - 5750fe7 models: add natural key support to model Attribute - e2086b0 commit missing file from the custom attribute support commit - 06a9e33 authentic2: only patch User.username if this field exists - d4fd5b2 dashboard: show internal models when DEBUG is True - 7c4b9b1 update french locale - b9c0f7e add custom attributes support to Django user model - 7de5f17 decorators: add decorator to_list() to make a list returning function from a generator - a09abf3 managers: fix filter in with_federation() and without_federation() - 6ef54cd idp/saml2: fix path for the redirect_to_logout view - 98f7d2f authentic2/idp/static was move into authentic2/static - bb413cd models: patch Django user-model username max_length to be 255 characters - 856bb9a move static files at root of python packages - 4710346 ignore ./static not all static directories - cdd695b settings: apply new standard layout for system static and template directories - 31059e6 app_settings: add key AUTH_FRONTENDS - 37c7617 use getattr for getting AUHT_OPENID, DISCO_SERVICE and AUTH_SSL settings - b72dc3a app_settings,utils: move IDP_BACENDS default value into app_settings - 5594936 app_settings: fix capitalisation of username field on registration page - 75422cb settings.py: add option USE_MEMCACHE - c1fd142 models: initialize plugins there - 4c21a7b saml/managers: add method to convert LibertySession queryset to LassoSession dump - d408895 saml/models: LibertySession.federation and assertion can be blank (=NULL) - 4a31b11 settings: load authentication backends, auth frontends and idp backends from plugins - fb669c6 plugins: define a DEFAULT_GROUP_NAME and use it in as default group name in functions - 41f02e8 remove AUTH_OATH setting description - 386bb66 auth2_ssl/backend: do not clutter saml2_endpoints with authncontext declaration, use authentication backend hook - 4789396 settings.py: add a default configuration for a file based cache - 466d1b8 saml/common.py: use assertion for checking if a message is a SOAP one - d38dc84 saml/models: set LibertyProvider manager to LibertyProviderManager - 21dc8ce saml/managers.py: remove dead import - 3529ec7 saml/managers.py: add helper method to LibertyProviderQuerySet - dc346d7 remove the CAS idp, as it is now out of tree - 94d52b8 models: FederationId, a generic model to store federation identifiers - 8653edb models: LogoutUrl, new generic model to store logout urls of providers - 0fa8329 utils: in accumulate_from_backends, ask also to plugins - 9cc17bd middleware: add a new LogCollector middleware - 8781ebd saml/models: move all managers to their own module - e90a4a7 saml/common: in soap_call return the original exception through SOAPException - 770ef7f saml/common: SOAPException does not need any specialization - 8c84456 saml/common: add assertion on presence of a name_id in parameters of add_federation - 0f980ea saml/common: add more debugging log - 9564cc1 saml/common: change provider_id to entity_id in load_provider to uniformize vocabulary - 0214e2b saml/common: add assertion and debug logging in SAML2 message extraction functions - c38112a saml/saml2utils: simplify log messages in authnresponse_checking - 6623566 saml/common: simplify debug log in soap_call - f049de7 saml/common: add debug log to return_saml2 - 9745156 saml/common: add a logger - ecc5601 views: simplify server_error view - 2e0e3e6 remove authsaml2, it's reborn as plugin authentic2-auth-saml2 - 833191a auth2_ssl: simplify and adapt for nginx - dc16ce9 frontends: remove the next parameter to the profile view, - f29db4a urls: if DEBUG is True, serve static files - 5ae30ce auth2_ssl: refactoring [module reorg] - dbab288 move all content of the auth2_auth module into authentic2 module [module reorg]~ - 9dd8a60 remove dead import - 2f7eebd auth2_auth: remove dead admin module - 92e53bc fix import error on NONCE_FIELD_NAME - 21b4e11 auth2_ssl: refactoring [module reorg] - e0e065d auth2_ssl: consolidat urls in an urls module [module reorg] - c651f68 move constant NONCE_FIELD_NAME in module authentic.constants [module reorg] - 2aa09a6 idp/urls: do not assume IDP_CAS or IDP_SAML are defined - 82544a8 idp: refactoring [module reorg] - 9ee9d1c remove dead view error_ssl - c79b2af move login view from auth2_auth to idp [module reorg] - 9fa3537 auth2_auth/views: remove unused view password_change - 1ee99e2 idp/urls: refer to interaction views by name, attribute global name [module reorg] - 1a68a68 registration_backend/forms.py: validate that username is not already taken - 9c6e238 registration_backend/views.py: call the user model clean() method when creating temporary user on registration - 34ad76d registration_backend/forms.py: validate that passwords match on registration - d02d903 registration_backend/forms.py: copy validators from user model to form - 4a950fb settings: extract any environment var named SETTING_ - ed5ba7f settings: load middleware from plugins - 0f8942d dashboard: load admin modules from plugins - fdf03e8 utils: add IterableFactory to make fresh iterable from generators - 8f9df53 settings: add environment setting SECURE_PROXY_SSL_HEADER - dde3007 plugins: set a default group_name for plugins - 51cf993 admin: allow editing group's users from the group change form - 835759f urls: import django.contrib.admin directly - 43d6cef settings: restore normal order of applications in INSTALLED_APPS - 44e9581 backends: in LDAPBackend fix missing variable reference in string template - a31e6d3 backends: remove referral results from results before counting found user records - 2e17383 backends: remove 1s default timeout for LDAP requests - 7c8bbba backends: in LDAPBackend do not follow LDAP referrals by default - 9cddce0 add a plugin system - 3c1ce8f auth2_auth: fix bug in auth_ssl urls - 20ebabd backends: do not force flags on LDAP users - 478dadd attribute_aggregator/core: simplify load_or_create_user_profile() using Model.get_or_create() to remove a race condition - f256267 setup.py: adapt to change in Django compilemessages - 5605186 auth2_auth/views: allow staff to see the login page even when logged - dfbbe03 auth2_auth/urls: use the auth_login name for the login view - e5567b3 setup.py: force version of django-admin-tools to >= 0.5 - dd7794d fix wrong commit count in NEWS - c552e9e idp/saml/saml2_endpoints: use the new SPOptionsIdPPolicy.http_method_for_slo_request field when initializing a new SLO request - 7883fa0 saml/models: add field SPOptionsIdPPolicy.http_method_for_slo_request 2.1.2 - January 8th 2014 ------------------------ 20 commits, 25 files changed, 683 insertions, 3308 deletions Changes: - we abandonned our fork of django-registration to use the upstream 1.0 release - fixed bug in sync-metadata in the building of the slug when two providers share the same name - added support of new mdui: namespace for building provider names in sync-metadata - you can now choose to send logout request using iframe or img on a provider basis 2.1.1 - January 8th 2014 ------------------------ - Fix missing dependency upon django-admin-tools in setup.py - Raise dependency on south to 0.8.4 2.1.0 - December 15th 2013 -------------------------- 506 commits, 370 files changed, 18136 insertions, 10906 deletions Changes: - New discovery service - Improved OpendID idp - OpenID trusted root whitelist - New internal LDAP authentication backend (no more depend upon django-auth-ldap), with support for AD and password change - New LDAP only user mode, allow to work with a read-only DB - Many settings can be extracted from process environment variables - No homepage mode, for a technical IdP - Single logout improvements in proxy settings - Improved translations - Federation deletion can be propagated and inercepted using a signal - Adaptation for Django 1.5 custom user models - Email change form with token-by-mail validation - Improvement in sync-metadata for loading federation metadata files - Improvement of the user_profile source of attribute aggregator - Using attribute as federation id in the service provider - Added signals to modify attribute loading - Attribute mapping module is customizable through a setting - Improvements for supporting legacy CAS clients - Remove of auth2_oath authentication backend for copyright reasons - Support for Drupal 7 hashed passwords - Support for attributes in CAS tickets Bugs: - Too much to be listed 2.0.2 - May 11th 2012 --------------------- 7 commits, 15 files changed, 920 insertions, 163 deletions Changes: * The setup script is based on setuptools and handle dependencies. * Prefer using pycurl instead of M2Crypto to retrieve HTTPs URLS as it supports server name indication Bugs: * Fix data files not installed with the setup Other: * Documentation updated. 2.0.1 - April 27th 2012 -------------------------- 48 commits, 97 files changed, 1456 insertions, 1112 deletions Changes: * Authentic2 now runs with Django1.4. Deprecated functions removal is still in progress. * CsrfMiddleware is not used anymore. * Debug is the default mode. * Limit dependency of attribute aggregator on python-ldap. * Modification of the attribute aggregator mapping file. * The private key from Lasso dumps is not logged anymore. Features: * As a SAML2 IdP, the user consent for federation when a transient nameID is served is not asked anymore. * As a SAML2 SP, it is now possible to ask another authentication when a transient nameID is received. Bugs: * Fix in cache_and_validate. * Fix service provider list on homepage. * Fix in attribute aggregator profile creation. Other: * Beginning of a pep8 review. * Documentation updated. * Translation updated. 2.0.0 - December 22nd 2011 -------------------------- Main Features: * SAML 2.0 Identity provider * ID-FF 1.2 Identity provider * OpenID provider * CAS server * SAML 2.0 Service provider * ID-FF 1.2 Service provider * OpenID relying party * Protocol proxying * Authentication by simple password * Authentication by one-time password OATH and google-authenticator * Authentication by self-signed X509 certificates avoer SSL/TLS * Authentication on LDAP * Authentication on PAM * Attribute management for attributes in SAML2 authentication requests * Attribute namespace mapping