Commit Graph

428 Commits

Author SHA1 Message Date
Benjamin Dauvergne 7f58bf9c66 misc: do not update Issuer uselessly (#86976)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-02-15 09:59:47 +01:00
Benjamin Dauvergne b372884c2d adapters: update cache file ctime on refresh (#86977)
gitea/django-mellon/pipeline/head Build queued... Details
2024-02-14 18:37:43 +01:00
Benjamin Dauvergne 244ca2abcd misc: do not read not_on_or_after if session is not loaded (#86451)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-02-01 16:17:22 +01:00
Benjamin Dauvergne 3509a47603 ci: use pytest-freezer to mute warnings (#86402)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-01-31 22:08:16 +01:00
Benjamin Dauvergne a17efc6f1b ci: fix pylint warnings (#86402)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-01-31 22:07:21 +01:00
Benjamin Dauvergne aa9bdc9cbe ci: remove django 2.2 targets (#86402) 2024-01-31 22:07:21 +01:00
Benjamin Dauvergne c200edb746 translation update
gitea/django-mellon/pipeline/head This commit looks good Details
2024-01-30 09:40:38 +01:00
Benjamin Dauvergne 51ee9d8cac views: show message when logout is refused (#85904)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-01-22 10:41:23 +01:00
Benjamin Dauvergne af81da4954 adapters: do not log errors on cold cache (#84933)
gitea/django-mellon/pipeline/head This commit looks good Details
Only log errors if the cache is older than 24 hours.
2024-01-16 12:41:25 +01:00
Benjamin Dauvergne 200e009b1e middleware: use sec-fetch-dest=document to identify page requests (#84104)
gitea/django-mellon/pipeline/head This commit looks good Details
2024-01-16 12:22:24 +01:00
Benjamin Dauvergne 410cb6cc92 tests: vary dbname on each test run (#84947)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-12-19 18:42:16 +01:00
Benjamin Dauvergne b1c105c400 tox.ini: add allowlist_externals (#84933)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-12-19 18:00:52 +01:00
Frédéric Péters bddd120f17 ci: keep on using pylint 2 while pylint-django is not ready (#81905)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-10-03 06:23:46 +02:00
Benjamin Dauvergne c98d4629ec middleware: check ajax request with sec-fetch-mode header header (#81211)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-09-14 16:41:22 +02:00
Benjamin Dauvergne f4ad730ea1 Do not use a subquery to clean dead sessions (#80626)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-08-29 10:02:39 +02:00
Valentin Deniaud 3c4a96ba05 misc: update git-blame-ignore-revs to ignore quote changes (#79788)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-08-16 10:31:30 +02:00
Valentin Deniaud 8776825bdb misc: apply double-quote-string-fixer (#79788) 2023-08-16 10:31:30 +02:00
Valentin Deniaud d33d19190a misc: add pre commit hook to force single quotes (#79788) 2023-08-16 10:31:29 +02:00
Frédéric Péters 5e2c83267d ci: build deb package for bookworm (#78968)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-06-23 17:28:33 +02:00
Benjamin Dauvergne 170e728d3a misc: allow login_hint parameter in login url (#76712)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-04-17 15:27:37 +02:00
Benjamin Dauvergne 0f7044e7a0 adapters: do not exclude already linked users (#76083)
gitea/django-mellon/pipeline/head This commit looks good Details
When two IdP are used with common directory accounts of if we migrate
from a test IdP to a production IdP, it can be useful to relink existing
users to the new source.
2023-04-01 17:32:39 +02:00
Valentin Deniaud ada3eda21e misc: bump djhtml version (#75442)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-16 17:19:06 +01:00
Valentin Deniaud e54f100fdf misc: bump black version (#75442) 2023-03-16 17:19:05 +01:00
Valentin Deniaud 942b5e86d2 misc: change pyupgrade target version to 3.9 (#75442) 2023-03-16 17:19:05 +01:00
Valentin Deniaud 7beeffed2a misc: change django-upgrade target version to 3.2 (#75442) 2023-03-16 17:18:53 +01:00
Valentin Deniaud a5dac4e9a6 misc: require django 3.2 (#75442) 2023-03-16 17:15:06 +01:00
Benjamin Dauvergne c5888d9cf9 tests: use default list of middewares
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-05 17:17:12 +01:00
Benjamin Dauvergne aa42c126a1 tox.ini: restrict psycopg2 version only for testing on django 2.2 2023-03-05 17:17:12 +01:00
Paul Marillonnet aebcba5431 readme: add a note on django admin's catch-all option (#74988)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-01 16:53:44 +01:00
Agate b3aa64e5e1 Prepare Jenkinsfile for Gitea migration (#74572)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-02-20 15:03:28 +01:00
Frédéric Péters abe71654ca ci: upgrade isort (#74044) 2023-02-01 09:46:28 +01:00
Frédéric Péters e4c2bd7ca7 ci: add timeout to build 2022-12-23 08:09:59 +01:00
Frédéric Péters f7f3cf7768 ci: only build package for bullseye (#72729) 2022-12-22 17:21:26 +01:00
Benjamin Dauvergne 750f869e5f misc: do not send logout requests if SingleLogout profile is not supported (#71041) 2022-11-09 08:16:02 +01:00
Benjamin Dauvergne 45c987584c tests: remove useless import of py.io (#70797) 2022-10-28 09:47:09 +02:00
Frédéric Péters 531d1948f0 ci: update pyupgrade to 3.1.0 (#70693) 2022-10-26 19:22:42 +02:00
Frédéric Péters 667078b0ae translation update 2022-10-10 09:37:34 +02:00
Benjamin Dauvergne e1e50c2797 misc: replace use of distutils.sysconfig by sysconfig in getlasso3.sh 2022-10-07 12:45:52 +02:00
Benjamin Dauvergne 817314b8ee views: send all related SessionIndex in LogoutRequest (#69955)
As we do not known which one the IdP remember, we must send them all.
2022-10-06 16:21:25 +02:00
Benjamin Dauvergne cce77e82e5 adapters: update new UserSAMLIdentifier fields on each SSO (#69955)
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
2022-10-06 16:21:17 +02:00
Benjamin Dauvergne 45f81514bc misc: clean SessionIndex during logout (#69740)
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
2022-10-05 19:53:07 +02:00
Benjamin Dauvergne f335a403c1 views: implement a sessionless logout endpoint (#69740)
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 218afde9cd misc: make logout work with transient NameID (#69740)
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
None.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 7f9602c528 utils: add method to build a session dump from models (#69740)
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 600c8cfbc0 misc: keep nameid attributes to rebuild it (#69740)
Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne e98308d45c views: allow overriding the default return url after logout (#69740) 2022-10-05 17:23:50 +02:00
Benjamin Dauvergne 86d3cad3b8 views: improve handling of next_url for sp initiated logout (#69740) 2022-10-05 17:23:20 +02:00
Benjamin Dauvergne 43ce1d8141 utils: use same_origin() from authentic2 (#69740) 2022-10-05 12:29:13 +02:00
Benjamin Dauvergne e9008debf5 setup.py: use a PEP440 compatible get_version() (#69795) 2022-10-04 12:26:16 +02:00
Valentin Deniaud df20bfc36c misc: add django-upgrade files/notes (#69798)
gitea/django-mellon/pipeline/head Build started... Details
2022-10-03 14:27:01 +02:00