entrouvert
/
authentic2-auth-fc
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
258 Commits 1 Branch 36 Tags 1,022 KiB
Commit Graph

79 Commits

Author SHA1 Message Date
Benjamin Dauvergne 0a8628ae54 views: prevent None success URL in unlink view (fixes #24708) 
Logout URL to FC can be None if the current session was not opened
through an FC authentication.
 2018-06-22 15:39:50 +02:00
Frédéric Péters d8f8257987 do not allow unauthenticated access to unlink page (fixes #22405) 2018-03-28 21:49:44 +02:00
Benjamin Dauvergne 4bb9f76c99 locale: update french translations for release 0.10 (fixes #21874) 
email was replaced by « adresse de courriel » everywhere.
 2018-02-15 14:38:55 +01:00
Benjamin Dauvergne 0f877b75a9 views: show warning to users with a mail linked to another FC account (fixes #21292) 
The warning will help them connect their FC account to normally
registered account.
 2018-02-15 13:03:40 +01:00
Benjamin Dauvergne c701e61043 retry HTTP requests 3 times (fixes #21783) 
Retry is applied to access token request and user info requests (through
OAuth2Session). There is a small exponential backoff of 0.5 and 1s.

Also decrease log level of message for failure of retrieval of the
access token or the user info to the level WARNING, that's never been a
problem for the user, as he was correctly redirected to its origin
(usually and IdP endpoint).
 2018-02-11 22:18:21 +01:00
Benjamin Dauvergne 298c7faca7 add support for service slugs on login 2018-02-01 16:46:55 +01:00
Benjamin Dauvergne a0bc944e84 fix login with a non-unique email where an account linked to another FC account already exists 2018-02-01 16:46:55 +01:00
Benjamin Dauvergne 3abded80f6 augment timeout on POST to FC to 10 seconds (fixes #21596) 2018-02-01 16:46:55 +01:00
Benjamin Dauvergne 28402bf314 add request to fc-link hook (fixes #20288) 2017-11-27 09:52:59 +01:00
Benjamin Dauvergne eddf2da475 call a2 hooks for linking and unlinking events (fixes #20228) 2017-11-22 21:16:36 +01:00
Benjamin Dauvergne 89fabbc47f views: change messages levels (#20078) 2017-11-16 10:45:40 +01:00
Benjamin Dauvergne a671f6c97c views: do not permit linking if the user has already a link to FC (#20078) 2017-11-16 10:45:40 +01:00
Benjamin Dauvergne e9b7ed137a views: forbid automatic linking based on email if multiples users are found or if target user has already a link (fixes #20078) 2017-11-16 10:45:40 +01:00
Benjamin Dauvergne 313824142a always unlink from all FC accounts (fixes #19947) 2017-11-08 11:11:12 +01:00
Benjamin Dauvergne b9987366ca views: force fc-register to always redirect post registration to fc-login-or-link (fixes #19270) 
Without it linking to FC does not happen
 2017-10-09 15:15:04 +02:00
Benjamin Dauvergne 5dcdf8ead8 views: block DisplayMessageBeforeRedirectMiddleware on redirect to FC (fixes #19247) 2017-10-06 13:15:15 +02:00
Benjamin Dauvergne 0597b3e27e django 1.9 compatibility 2017-09-19 16:45:30 +02:00
Benjamin Dauvergne 6249926666 views: automatically link user with existing email if email is unique (fixes #18763) 
Email must be unique if settings.A2_EMAIL_IS_UNIQUE is True or
get_default_ou().email_is_unique is True.
 2017-09-19 16:45:30 +02:00
Benjamin Dauvergne 54ba992b15 views: remove dead code 2017-07-28 16:58:04 +02:00
Benjamin Dauvergne d5c76ccee0 views: add setting for FC scopes 2017-07-28 16:57:45 +02:00
Benjamin Dauvergne e32a2acd58 indicate registration URL is coming from france connect module 2017-07-11 16:45:51 +02:00
Benjamin Dauvergne fb59436835 redirect to auth_logout if no post logout redirect URI is found 2017-07-11 16:45:25 +02:00
Benjamin Dauvergne a7677f4bc0 do not logout from local session on unlink (bis #17331) 
Fix bug introduced in previous commit.
 2017-07-05 09:59:39 +02:00
Benjamin Dauvergne 212d41fdbe do not logout from local session on unlink (fixes #17331) 2017-07-04 12:06:26 +02:00
Benjamin Dauvergne 68fdf61c9a use only underscores in session variables to allow access from templates 2017-06-21 11:16:51 +02:00
Benjamin Dauvergne c91411d8be improve reporting of error on access token requests 2017-06-15 18:46:27 +02:00
Benjamin Dauvergne 9ee35f8e19 validate id_token 
Signature is validated, exp, aud and iis fields are checked.

Also add tests using tox and py.test. Proper validation of signature is verified
using jwcrypto.
 2017-06-15 18:46:27 +02:00
Benjamin Dauvergne 690fde2f6b use state as nonce and check nonce returned in id_token 2017-06-14 09:43:41 +02:00
Benjamin Dauvergne ecd2af964f pep8ness 2017-06-14 09:35:53 +02:00
Benjamin Dauvergne 27642283cc generate a random state linked to the session 
Instead of encoding the redirect_uri in the state we:
* generate a random state with 128 bits of entropy
* store the state and the redirect_uri in the session
* verify that the state exist when receivng the callback
* retrieving the redirect_uri linked to this state from the session
 2017-06-14 09:35:41 +02:00
Benjamin Dauvergne d888f1f8ac set confirm_data="required" when auto_register is used (fixes #16771) 
When auto_register is used, users should not see the registration page at all,
even if optionnal attribute fields are unfilled.
 2017-06-08 17:12:48 +02:00
Benjamin Dauvergne 7b0517e1dd redirect to logout on unlink 2017-03-21 17:02:59 +01:00
Benjamin Dauvergne 321651c6b2 do not log an error for normal oauth2 errors 
Such error happens when authorization code is out of date or already used.
 2017-03-21 11:02:26 +01:00
Benjamin Dauvergne f0a7266451 improve mapping of FC attributes to A2 attributes (#10062) 2017-03-21 11:02:26 +01:00
Benjamin Dauvergne 74aadc0508 pep8ness 2017-03-07 11:32:12 +01:00
Benjamin Dauvergne 5d422c2296 always return to /logout/ after FC logout (fixes #15223) 2017-03-07 11:32:12 +01:00
Benjamin Dauvergne c486ec1050 use authentic2.utils.login instead of django.contrib.auth.login (fixes #14338) 2016-12-16 18:43:28 +01:00
Benjamin Dauvergne ae6ddcc35e fix deprecation warning about get_cache() 
Since Django 1.8 get_cache() is deprecated in favor of caches[].
 2016-10-21 20:54:28 +02:00
Mikaël Ates b4f0b51777 Add email in linking message (fixes #10912). 2016-05-13 17:06:00 +02:00
Mikaël Ates 2ed8588583 Prevent to add a link with an FC account already linked with another user (fixes #10791). 2016-05-04 11:42:50 +02:00
Mikaël Ates 121e62a9e8 Prevent unlinking if the user has no password and can't set it (fixes #10775). 
Unlinking is now prevented if the user has no usable password and can't
    change it because A2_REGISTRATION_CAN_CHANGE_PASSWORD is False.
    For now it is thus assumed that the password is the unique other mean of
    authentication and unlinking would make the account unreachable.

    Also use A2_REGISTRATION_SET_PASSWORD_FORM_CLASS setting instead of
    importing the form.
 2016-04-29 18:24:11 +02:00
Mikaël Ates 922d075236 Update login or create account message. 2016-04-15 15:38:14 +02:00
Mikaël Ates d3d9aab919 Ask password at unlinking when the user has no usable password (fixes #10524) (ter). 2016-04-14 10:44:13 +02:00
Mikaël Ates 5704e98495 Ask password at unlinking when the user has no usable password (fixes #10524) (bis). 2016-04-14 10:21:08 +02:00
Mikaël Ates f1b2ced61b Ask password at unlinking when the user has no usable password (fixes #10524). 2016-04-13 23:03:31 +02:00
Mikaël Ates b9899c719a Define a registration frontend and manage account creation with FC data (fixes #10621). 
The registration frontend is used when the user is not logged locally
    not with FC. The login template provide a link to the FC login view and
    then to the plugin registration view.

    If the user is already logged with FC, the login template provide a link
    to the plugin registration view.
 2016-04-13 23:03:31 +02:00
Mikaël Ates 07a621c291 Add a registration view (fixes #10621). 
The view is called to create an account using the data provided by FC
    at account creation.

    The data provided is put in a protected token and sent to the next url.

    If FC provides an email, the view redirects to the activation view.

    If an email is not provided, the view redirects to the email registration
    view.

    The confirm_data parameter of the activation view is a plugin setting.

    Account creation with FC means no password.
 2016-04-13 23:03:31 +02:00
Mikaël Ates 95c13c3064 Display on the login page a button for quick account creation (fixes #10510). 
After a successful sso and no user is authenticated the user is redirected
    on the login page. On the login page, the user may be asked to login with a
    password or to create a new account. The plugin login button is hidden to avoid
    an unecessary loop.

    The patch add an option to display an other button that the login button.
    This button reference the registration page and is filled with data from
    the sso. If skip resgitration with prefilling data options are set on authentic
    the button leads to a direct account creation.
 2016-04-13 23:03:31 +02:00
Mikaël Ates c72eaa893c Add new scopes at login (fixes #10510). 2016-04-13 23:02:51 +02:00
Mikaël Ates 07d6f4111a Return URL at logout from unlink is not a named url anymore. 2016-03-15 12:40:34 +01:00