entrouvert
/
django-mellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity
250 Commits 7 Branches 99 Tags 793 KiB
Commit Graph

182 Commits

Author SHA1 Message Date
Valentin Deniaud b95ea4d6ce wip add auth_levels 2019-03-29 16:30:39 +01:00
Valentin Deniaud 90c7daaa8a add auth levels 2019-03-28 17:52:46 +01:00
Frédéric Péters 99a60c1d88 update sso_failure call to new method signature (#31690) 2019-03-25 14:03:04 +01:00
Benjamin Dauvergne ca6ce92781 views: fix discovery URL building (#31581) 2019-03-20 14:28:05 +01:00
Benjamin Dauvergne d0e6f46f9b views: keep next URL on disco requests (fixes #31043) 2019-03-19 23:43:37 +01:00
Benjamin Dauvergne b3e1b9c533 views: add new setting LOGIN_HINTS (fixes #30966) 
You can set MELLON_LOGIN_HINTS = ['backoffice'] to get a node
eo:login-hint set to "backoffice" in AuthnRequest when next_url for the
login view is among /manage/, /admin/ or /manager/.

Another value is 'always_backoffice' which always set the 'backoffice'
login_hint.
 2019-03-07 23:12:56 +01:00
Benjamin Dauvergne b7712516ee views: PEP8ness (#30966) 2019-03-07 23:12:07 +01:00
Benjamin Dauvergne f2e05b84ae prevent redirection loop on artifact resolution errors (fixes #14810) 
Signature of method sso_failure() is changed to match the name name of
the context variable in template mellon/authentication_failed.html
(idp_message => reason).
 2019-03-02 16:42:46 +01:00
Benjamin Dauvergne 3d449b7928 backends: add request argument to authenticate (fixes #30541) 
For Django 1.11 compatibility.
 2019-02-12 09:45:53 +01:00
Benjamin Dauvergne b0ddc85486 backends: PEP8ness, copyright (#30451) 2019-02-12 09:45:53 +01:00
Frédéric Péters a1fa7d36df don't cache local metadata anymore (#13881) 2018-09-05 17:09:31 +02:00
Frédéric Péters d026ce40e1 don't use RelayState as continuation URL in case of errors (#25522) 2018-07-29 23:12:10 +02:00
Benjamin Dauvergne d4d0b85944 use good API from lasso to set Extensions node content (#23003) 
- use extensions.any tuple to set the content of the Extensions node
- add tests for the presence of the eo:next_url node when
  ADD_AUTHNREQUEST_NEXT_URL_EXTENSION is used
- add tests for next_url propagation through the RelayState value
 2018-06-06 11:05:59 +02:00
Frédéric Péters edb09ed8fd use force_text for python2/3 compatibility (#24139) 2018-05-29 12:21:13 +02:00
Frédéric Péters 1e02302fd9 python3: get metadata from URL as a string 2018-04-05 14:38:36 +02:00
Frédéric Péters 163639501c python3: always use %s to get user representation in logs 2018-04-05 14:31:45 +02:00
Frédéric Péters 24e85adc5a python3: handle differences in lasso/py2/py3 encodings 2018-04-05 14:31:45 +02:00
Frédéric Péters 401b65f8b3 python3: adjust unicode usage 2018-04-05 14:29:55 +02:00
Frédéric Péters 239f39c097 python3: add detection of xml encoding 2018-04-05 14:25:54 +02:00
Frédéric Péters 7df3a6f5e0 python3: don't use iteritems 2018-04-05 14:25:54 +02:00
Frédéric Péters d342971a45 python3: use open() to open files 2018-04-05 14:25:54 +02:00
Benjamin Dauvergne be791d54a8 set a default value for IDENTITY_PROVIDERS ((fixes #20221) 2018-03-07 18:09:44 +01:00
Benjamin Dauvergne b66a974922 do not raise ImproperlyConfigured on acces to app_settings.IDENTITY_PROVIDERS (fixes #20221) 2018-03-07 16:54:19 +01:00
Thomas NOËL ac75dce84f misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229) 2018-03-07 15:59:10 +01:00
Benjamin Dauvergne a0d3e209c1 move tag Extensions in metadata template (fixes #21923) 
Current template does not validate the SAML 2.0 metadata schema.
 2018-02-16 09:54:22 +01:00
Benjamin Dauvergne 6c528dd2c3 Revert "support federation file loading (#19396)" 
This reverts commit 63993e360c.
 2018-01-09 21:43:25 +01:00
Paul Marillonnet 63993e360c support federation file loading (#19396) 2018-01-09 17:50:25 +01:00
Frédéric Péters 343be40b6f misc: update exception handling for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Frédéric Péters 078fcbd058 misc: update missing-django message for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Benjamin Dauvergne 688067f270 middleware: improve condition to automatically determine a common domain (fixes #15548) 
It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not pass
  this test, they lack dots),
- domain contains at least three components.
 2017-09-27 21:59:48 +02:00
Benjamin Dauvergne cb3e18c8ba tests: fix discovery service tests (#19018 #19016) 2017-09-27 21:59:15 +02:00
Benjamin Dauvergne 1703cc5da2 views: send entityID to discovery service (fixes #19016) 2017-09-27 14:28:44 +02:00
Benjamin Dauvergne afe3d4a83f views: add nodisco=1 to discovery service return url (fixes #19018) 2017-09-27 14:28:43 +02:00
Benjamin Dauvergne 850a192bcb add a timeout to artifact resolve HTTP calls (fixes #18098) 2017-09-27 14:28:43 +02:00
Frédéric Péters 646132c661 misc: include target URL in AuthnRequest Extensions node (#18452) 2017-09-06 11:02:12 +02:00
Frédéric Péters 7767bc6740 use django facilities to get hostname from request (#16525) 
This is required as SERVER_NAME may not be used in some uwsgi
configuration, and HTTP_HOST should be used instead.

| Nginx maps the $server_name variable to the first server_name you define.
| In your case you have two solutions: read HTTP_HOST instead of SERVER_NAME
| in your app or set SERVER_NAME to $http_host in uwsgi_params
  -- http://lists.unbit.it/pipermail/uwsgi/2010-August/000571.html

The HttpRequest.get_host method handles those cases and more.
 2017-08-10 11:35:21 +02:00
Frédéric Péters 4201b41cdb misc: remove usage of urls.patterns for django 1.8 and later (#15959) 2017-04-23 21:08:15 +02:00
Frédéric Péters d89ecdfbce allow an adapter to adapt auth.login() (#14476) 2017-01-02 13:41:41 +01:00
Frédéric Péters a838336442 misc: remove south migrations (#14064) 2016-11-23 18:01:30 +01:00
Frédéric Péters dada4e8242 add logging of IdP SAML responses and looked up users (#14056) 2016-11-23 13:09:01 +01:00
Frédéric Péters db578bddcf translation update 2016-10-23 17:47:53 +02:00
Benjamin Dauvergne 4a52cfee3e allow views to refuse passive login (fixes #13627) 2016-10-18 10:03:41 +02:00
Benjamin Dauvergne 09ff054f57 retry login when artifact resolution return an empty message (fixes #12795) 
This commit also add a test of artifact login.
 2016-07-29 11:53:36 +02:00
Benjamin Dauvergne aaedfde786 views: gracefully handle logout errors (fixes #11449) 2016-06-22 11:06:46 +02:00
Benjamin Dauvergne 69a18d7272 utils: fix handling of multiple private keys (fixes #11475) 2016-06-22 11:06:33 +02:00
Frédéric Péters 80c748820a misc: force another auth.logout() after coming back from the IdP (#11394) 2016-06-16 16:13:04 +02:00
Frédéric Péters 33dded157a middleware: don't fail on unnamed URLs (#11319) 2016-06-13 13:43:06 +02:00
Frédéric Péters 0b141113d7 make login/logout URL names into settings (#10867) 2016-05-10 09:07:02 +02:00
Benjamin Dauvergne 49a5254363 allow federating transient NameID using an attribute (fixes #10619) 2016-04-27 09:22:05 +02:00
Frédéric Péters 6a6405d75f misc: allow unicode strings as authn classref (#10666) 2016-04-15 10:28:31 +02:00