entrouvert
/
django-mellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity
250 Commits 7 Branches 99 Tags 793 KiB
Commit Graph

80 Commits

Author SHA1 Message Date
Frédéric Péters 99a60c1d88 update sso_failure call to new method signature (#31690) 2019-03-25 14:03:04 +01:00
Benjamin Dauvergne ca6ce92781 views: fix discovery URL building (#31581) 2019-03-20 14:28:05 +01:00
Benjamin Dauvergne d0e6f46f9b views: keep next URL on disco requests (fixes #31043) 2019-03-19 23:43:37 +01:00
Benjamin Dauvergne b3e1b9c533 views: add new setting LOGIN_HINTS (fixes #30966) 
You can set MELLON_LOGIN_HINTS = ['backoffice'] to get a node
eo:login-hint set to "backoffice" in AuthnRequest when next_url for the
login view is among /manage/, /admin/ or /manager/.

Another value is 'always_backoffice' which always set the 'backoffice'
login_hint.
 2019-03-07 23:12:56 +01:00
Benjamin Dauvergne b7712516ee views: PEP8ness (#30966) 2019-03-07 23:12:07 +01:00
Benjamin Dauvergne f2e05b84ae prevent redirection loop on artifact resolution errors (fixes #14810) 
Signature of method sso_failure() is changed to match the name name of
the context variable in template mellon/authentication_failed.html
(idp_message => reason).
 2019-03-02 16:42:46 +01:00
Frédéric Péters d026ce40e1 don't use RelayState as continuation URL in case of errors (#25522) 2018-07-29 23:12:10 +02:00
Benjamin Dauvergne d4d0b85944 use good API from lasso to set Extensions node content (#23003) 
- use extensions.any tuple to set the content of the Extensions node
- add tests for the presence of the eo:next_url node when
  ADD_AUTHNREQUEST_NEXT_URL_EXTENSION is used
- add tests for next_url propagation through the RelayState value
 2018-06-06 11:05:59 +02:00
Frédéric Péters edb09ed8fd use force_text for python2/3 compatibility (#24139) 2018-05-29 12:21:13 +02:00
Frédéric Péters 163639501c python3: always use %s to get user representation in logs 2018-04-05 14:31:45 +02:00
Frédéric Péters 24e85adc5a python3: handle differences in lasso/py2/py3 encodings 2018-04-05 14:31:45 +02:00
Frédéric Péters 239f39c097 python3: add detection of xml encoding 2018-04-05 14:25:54 +02:00
Thomas NOËL ac75dce84f misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229) 2018-03-07 15:59:10 +01:00
Benjamin Dauvergne 6c528dd2c3 Revert "support federation file loading (#19396)" 
This reverts commit 63993e360c.
 2018-01-09 21:43:25 +01:00
Paul Marillonnet 63993e360c support federation file loading (#19396) 2018-01-09 17:50:25 +01:00
Frédéric Péters 343be40b6f misc: update exception handling for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Benjamin Dauvergne cb3e18c8ba tests: fix discovery service tests (#19018 #19016) 2017-09-27 21:59:15 +02:00
Benjamin Dauvergne 1703cc5da2 views: send entityID to discovery service (fixes #19016) 2017-09-27 14:28:44 +02:00
Benjamin Dauvergne afe3d4a83f views: add nodisco=1 to discovery service return url (fixes #19018) 2017-09-27 14:28:43 +02:00
Benjamin Dauvergne 850a192bcb add a timeout to artifact resolve HTTP calls (fixes #18098) 2017-09-27 14:28:43 +02:00
Frédéric Péters 646132c661 misc: include target URL in AuthnRequest Extensions node (#18452) 2017-09-06 11:02:12 +02:00
Frédéric Péters d89ecdfbce allow an adapter to adapt auth.login() (#14476) 2017-01-02 13:41:41 +01:00
Frédéric Péters dada4e8242 add logging of IdP SAML responses and looked up users (#14056) 2016-11-23 13:09:01 +01:00
Benjamin Dauvergne 09ff054f57 retry login when artifact resolution return an empty message (fixes #12795) 
This commit also add a test of artifact login.
 2016-07-29 11:53:36 +02:00
Benjamin Dauvergne aaedfde786 views: gracefully handle logout errors (fixes #11449) 2016-06-22 11:06:46 +02:00
Frédéric Péters 80c748820a misc: force another auth.logout() after coming back from the IdP (#11394) 2016-06-16 16:13:04 +02:00
Frédéric Péters 6a6405d75f misc: allow unicode strings as authn classref (#10666) 2016-04-15 10:28:31 +02:00
Frédéric Péters 5eacaa2d22 misc: handle lasso.LoginStatusNotSuccessError (#10633) 2016-04-12 18:54:44 +02:00
Benjamin Dauvergne d732f6ccb7 when status is not 200, report a fragment of the response (fixes #10270) 2016-04-11 17:07:38 +02:00
Benjamin Dauvergne 8a2558c2da views: wrap login view in non_atomic_requests to allow fine control of transactions' commit (fixes #10604) 2016-04-10 15:40:29 +02:00
Frédéric Péters ba6c092911 add support for artifact POST (#10596) 2016-04-08 15:10:31 +02:00
Benjamin Dauvergne 9c28f53c52 log partial logout error as a warning (fixes #10408) 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 7db1d7d7ed pep8ness 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 66d1811e2f refactor next_url and RelayState use (fixes #10372) 
The next_url parameter is  no more stored directly in the RelayState, as it
RelayState should only contain strings of no more thant 80 bytes, instead
generate an uuid as the relaystate and store the next_url value in session using
a key based on this uuid.

The implementation is generic enough to accomodate storing any other kind of
data during an SSO or SLO workflow.
 2016-03-22 15:20:29 +01:00
Benjamin Dauvergne 2aec7a3294 views: handle ProfileInvalidMsgError when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Benjamin Dauvergne dba3f32c3a views: handle ProfileInvalidArtifactError exception when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Frédéric Péters a3bc087890 misc: fix passing of RequestedAuthnContext (#10243) 2016-03-09 09:14:38 +01:00
Benjamin Dauvergne fe53dab9ca trivial: move utils import 2016-02-26 21:36:08 +01:00
Benjamin Dauvergne 3d91d40cb2 django 1.9 adaptations 
- django.utils.same_origin was removed
- HttpRequest.REQUEST was removed
- settings.USE_TZ is True by default
- get_default_timezone() is now wrapped by an lrucache(), when modifying
  settings.TIME_ZONE we must also clear the cache.
 2016-02-26 21:35:21 +01:00
Benjamin Dauvergne 40cc598904 views: change HTTP 400 message when no idp is found 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne c1d2fb1a32 trivial: move lasso import 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne 6af1ebfc55 views: do not traceback in get_idp() when no idp is declared 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne bb9451e6ba add discovery service support (fixes #10111) 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne 4f77ee0e24 do not pass strings contening null characters to Lasso, return 400 or ignore (fixes #8939) 2016-02-26 18:09:17 +01:00
Benjamin Dauvergne 2289b8350e implement session_not_on_or_after using new session engines (fixes #9640) 2016-01-15 12:29:31 +01:00
Benjamin Dauvergne dc1e4e56ea do not flatten attributes inplace, and convert expiry to seconds (fixes #9359) 
Original datetime must be kept for setting the expiry, but expiry using datetime
is not supported when using JSON sessions, so we convert it to seconds expiry
before setting it.

We also make iso8601 parsed datetime timezone aware, to match with other
datetimes in Django.
 2015-12-16 18:06:07 +01:00
Benjamin Dauvergne 7f70dbcb9f Revert "views: add an iframe mode to the login view" 
This reverts commit 0e57f99312.
 2015-09-25 15:38:13 +02:00
Benjamin Dauvergne 0e57f99312 views: add an iframe mode to the login view 
Use it by putting a tag:

  <iframe height="0" width="0" src="{% url "mellon_login" %}?{{ request.GET.urlencode }}&passive&iframe"></iframe>

in your page. It will do a passive authentication inside the iframe and
will use JS to reload the top frame if authentication is successfull.
 2015-08-27 14:37:44 +02:00
Benjamin Dauvergne 7ff1969bf5 views: add missing exception for case of status is not success (fixes #7878) 2015-07-21 14:06:54 +02:00
Benjamin Dauvergne 06f3380eb4 Use the lasso thin-sessions feature 2015-06-25 11:26:50 +02:00