415 Commits (main)

All Branches

Search

Author	SHA1	Message	Date
Benjamin Dauvergne	c98d4629ec	middleware: check ajax request with sec-fetch-mode header header (#81211)	2023-09-14 16:41:22 +02:00
Benjamin Dauvergne	f4ad730ea1	Do not use a subquery to clean dead sessions (#80626)	2023-08-29 10:02:39 +02:00
Valentin Deniaud	3c4a96ba05	misc: update git-blame-ignore-revs to ignore quote changes (#79788)	2023-08-16 10:31:30 +02:00
Valentin Deniaud	8776825bdb	misc: apply double-quote-string-fixer (#79788)	2023-08-16 10:31:30 +02:00
Valentin Deniaud	d33d19190a	misc: add pre commit hook to force single quotes (#79788)	2023-08-16 10:31:29 +02:00
Frédéric Péters	5e2c83267d	ci: build deb package for bookworm (#78968)	2023-06-23 17:28:33 +02:00
Benjamin Dauvergne	170e728d3a	misc: allow login_hint parameter in login url (#76712)	2023-04-17 15:27:37 +02:00
Benjamin Dauvergne	0f7044e7a0	adapters: do not exclude already linked users (#76083) ... When two IdP are used with common directory accounts of if we migrate from a test IdP to a production IdP, it can be useful to relink existing users to the new source.	2023-04-01 17:32:39 +02:00
Valentin Deniaud	ada3eda21e	misc: bump djhtml version (#75442)	2023-03-16 17:19:06 +01:00
Valentin Deniaud	e54f100fdf	misc: bump black version (#75442)	2023-03-16 17:19:05 +01:00
Valentin Deniaud	942b5e86d2	misc: change pyupgrade target version to 3.9 (#75442)	2023-03-16 17:19:05 +01:00
Valentin Deniaud	7beeffed2a	misc: change django-upgrade target version to 3.2 (#75442)	2023-03-16 17:18:53 +01:00
Valentin Deniaud	a5dac4e9a6	misc: require django 3.2 (#75442)	2023-03-16 17:15:06 +01:00
Benjamin Dauvergne	c5888d9cf9	tests: use default list of middewares	2023-03-05 17:17:12 +01:00
Benjamin Dauvergne	aa42c126a1	tox.ini: restrict psycopg2 version only for testing on django 2.2	2023-03-05 17:17:12 +01:00
Paul Marillonnet	aebcba5431	readme: add a note on django admin's catch-all option (#74988)	2023-03-01 16:53:44 +01:00
Agate	b3aa64e5e1	Prepare Jenkinsfile for Gitea migration (#74572)	2023-02-20 15:03:28 +01:00
Frédéric Péters	abe71654ca	ci: upgrade isort (#74044)	2023-02-01 09:46:28 +01:00
Frédéric Péters	e4c2bd7ca7	ci: add timeout to build	2022-12-23 08:09:59 +01:00
Frédéric Péters	f7f3cf7768	ci: only build package for bullseye (#72729)	2022-12-22 17:21:26 +01:00
Benjamin Dauvergne	750f869e5f	misc: do not send logout requests if SingleLogout profile is not supported (#71041)	2022-11-09 08:16:02 +01:00
Benjamin Dauvergne	45c987584c	tests: remove useless import of py.io (#70797)	2022-10-28 09:47:09 +02:00
Frédéric Péters	531d1948f0	ci: update pyupgrade to 3.1.0 (#70693)	2022-10-26 19:22:42 +02:00
Frédéric Péters	667078b0ae	translation update	2022-10-10 09:37:34 +02:00
Benjamin Dauvergne	e1e50c2797	misc: replace use of distutils.sysconfig by sysconfig in getlasso3.sh	2022-10-07 12:45:52 +02:00
Benjamin Dauvergne	817314b8ee	views: send all related SessionIndex in LogoutRequest (#69955) ... As we do not known which one the IdP remember, we must send them all.	2022-10-06 16:21:25 +02:00
Benjamin Dauvergne	cce77e82e5	adapters: update new UserSAMLIdentifier fields on each SSO (#69955) ... On existing UserSAMLIdentifier missing values for nid_format especially, will break the SLO code as the emitted LogoutRequest will have an unknown NameID when analyzed by the identity provider (NameID content and attributes must match exactly).	2022-10-06 16:21:17 +02:00
Benjamin Dauvergne	45f81514bc	misc: clean SessionIndex during logout (#69740) ... SessionIndex are deleted when the linked session does not exist anymore and 5 minutes after the creation of the logout request.	2022-10-05 19:53:07 +02:00
Benjamin Dauvergne	f335a403c1	views: implement a sessionless logout endpoint (#69740) ... To implement SAML single logout in authentic we need a logout endpoint which works event after the user session has been killed, to do that we store the needed information in Django signed token, and use it to initiate the logout request. Afterward the next_url is stored in short-lived session cookie instead of the session.	2022-10-05 17:23:51 +02:00
Benjamin Dauvergne	218afde9cd	misc: make logout work with transient NameID (#69740) ... Implementation of transient NameID is special, the transient NameID is ignored and an attribut value is used as the federation key. But in order to producre a proper NameID for the logout request we need the transient NameID value. To work around this problem we add a transient_name_id attribute to the SessionIndex model representing the current SSO session, and we modify the session dump template to use this value instead of UserSAMLIdentifier.name_id if transient_name_id is not None.	2022-10-05 17:23:51 +02:00
Benjamin Dauvergne	7f9602c528	utils: add method to build a session dump from models (#69740) ... Storing the LassoSession dump in the Django session is no longer needed, we can rebuild it from the information in the models.	2022-10-05 17:23:51 +02:00
Benjamin Dauvergne	600c8cfbc0	misc: keep nameid attributes to rebuild it (#69740) ... Logout requests need a properly built NameID element, but we did not store enough information in models to do that, we uses the LassoSession dump from the session as a work-around. In order to have a session-less logout endpoint, we need to store those informations in the UserSAMLIdentifier model.	2022-10-05 17:23:51 +02:00
Benjamin Dauvergne	e98308d45c	views: allow overriding the default return url after logout (#69740)	2022-10-05 17:23:50 +02:00
Benjamin Dauvergne	86d3cad3b8	views: improve handling of next_url for sp initiated logout (#69740)	2022-10-05 17:23:20 +02:00
Benjamin Dauvergne	43ce1d8141	utils: use same_origin() from authentic2 (#69740)	2022-10-05 12:29:13 +02:00
Benjamin Dauvergne	e9008debf5	setup.py: use a PEP440 compatible get_version() (#69795)	2022-10-04 12:26:16 +02:00
Valentin Deniaud	df20bfc36c	misc: add django-upgrade files/notes (#69798)	2022-10-03 14:27:01 +02:00
Valentin Deniaud	865b285828	misc: apply django-upgrade (#69798)	2022-10-03 14:27:01 +02:00
Valentin Deniaud	9f406a321b	misc: fix incorrect pre-commit info in readme	2022-09-29 18:28:50 +02:00
Valentin Deniaud	e7a1aa5646	translation update	2022-09-29 14:57:26 +02:00
Valentin Deniaud	591344d21f	templates: add blocktrans trimmed where useful (#69422)	2022-09-29 14:56:48 +02:00
Valentin Deniaud	bd45e64b48	misc: add djhtml files/notes (#69422)	2022-09-29 12:21:08 +02:00
Valentin Deniaud	d20066dc44	misc: apply djhtml (#69422)	2022-09-29 12:20:38 +02:00
Valentin Deniaud	a7a3582c97	views: show debug login view on lasso exception (#68962)	2022-09-14 13:53:49 +02:00
Agate Berriot	98783c8574	django4: access request headers through request.headers instead of request.META (#68571)	2022-08-31 09:13:37 +02:00
Agate Berriot	7050da2320	django4: replaced urls.url with url.path equivalent (#68571)	2022-08-31 09:13:14 +02:00
Agate Berriot	1740cd7483	django4: replaced deprecated request.is_ajax() call (#68571)	2022-08-31 09:12:39 +02:00
Frédéric Péters	366758a54d	misc: log when login is refused because of authn_classref mismatch (#68236)	2022-08-18 15:09:20 +02:00
Benjamin Dauvergne	437d1a3063	middleware: clear PASSIVE_TRIED_COOKIE when logged in (#67084)	2022-07-06 16:11:39 +02:00
Paul Marillonnet	1fa1541c02	views: use MELLON_OPENED_SESSION to anchor local session to the global session (#66747) ... If the MELLON_OPENED_SESSION cookie change or disappear during an opened session, the user is automatically logged out. If it changes after a previous passive login try, passive login is allowed again.	2022-06-29 11:14:05 +02:00