Commit Graph

415 Commits (main)

Author SHA1 Message Date
Benjamin Dauvergne c98d4629ec middleware: check ajax request with sec-fetch-mode header header (#81211)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-09-14 16:41:22 +02:00
Benjamin Dauvergne f4ad730ea1 Do not use a subquery to clean dead sessions (#80626)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-08-29 10:02:39 +02:00
Valentin Deniaud 3c4a96ba05 misc: update git-blame-ignore-revs to ignore quote changes (#79788)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-08-16 10:31:30 +02:00
Valentin Deniaud 8776825bdb misc: apply double-quote-string-fixer (#79788) 2023-08-16 10:31:30 +02:00
Valentin Deniaud d33d19190a misc: add pre commit hook to force single quotes (#79788) 2023-08-16 10:31:29 +02:00
Frédéric Péters 5e2c83267d ci: build deb package for bookworm (#78968)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-06-23 17:28:33 +02:00
Benjamin Dauvergne 170e728d3a misc: allow login_hint parameter in login url (#76712)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-04-17 15:27:37 +02:00
Benjamin Dauvergne 0f7044e7a0 adapters: do not exclude already linked users (#76083)
gitea/django-mellon/pipeline/head This commit looks good Details
When two IdP are used with common directory accounts of if we migrate
from a test IdP to a production IdP, it can be useful to relink existing
users to the new source.
2023-04-01 17:32:39 +02:00
Valentin Deniaud ada3eda21e misc: bump djhtml version (#75442)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-16 17:19:06 +01:00
Valentin Deniaud e54f100fdf misc: bump black version (#75442) 2023-03-16 17:19:05 +01:00
Valentin Deniaud 942b5e86d2 misc: change pyupgrade target version to 3.9 (#75442) 2023-03-16 17:19:05 +01:00
Valentin Deniaud 7beeffed2a misc: change django-upgrade target version to 3.2 (#75442) 2023-03-16 17:18:53 +01:00
Valentin Deniaud a5dac4e9a6 misc: require django 3.2 (#75442) 2023-03-16 17:15:06 +01:00
Benjamin Dauvergne c5888d9cf9 tests: use default list of middewares
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-05 17:17:12 +01:00
Benjamin Dauvergne aa42c126a1 tox.ini: restrict psycopg2 version only for testing on django 2.2 2023-03-05 17:17:12 +01:00
Paul Marillonnet aebcba5431 readme: add a note on django admin's catch-all option (#74988)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-03-01 16:53:44 +01:00
Agate b3aa64e5e1 Prepare Jenkinsfile for Gitea migration (#74572)
gitea/django-mellon/pipeline/head This commit looks good Details
2023-02-20 15:03:28 +01:00
Frédéric Péters abe71654ca ci: upgrade isort (#74044) 2023-02-01 09:46:28 +01:00
Frédéric Péters e4c2bd7ca7 ci: add timeout to build 2022-12-23 08:09:59 +01:00
Frédéric Péters f7f3cf7768 ci: only build package for bullseye (#72729) 2022-12-22 17:21:26 +01:00
Benjamin Dauvergne 750f869e5f misc: do not send logout requests if SingleLogout profile is not supported (#71041) 2022-11-09 08:16:02 +01:00
Benjamin Dauvergne 45c987584c tests: remove useless import of (#70797) 2022-10-28 09:47:09 +02:00
Frédéric Péters 531d1948f0 ci: update pyupgrade to 3.1.0 (#70693) 2022-10-26 19:22:42 +02:00
Frédéric Péters 667078b0ae translation update 2022-10-10 09:37:34 +02:00
Benjamin Dauvergne e1e50c2797 misc: replace use of distutils.sysconfig by sysconfig in 2022-10-07 12:45:52 +02:00
Benjamin Dauvergne 817314b8ee views: send all related SessionIndex in LogoutRequest (#69955)
As we do not known which one the IdP remember, we must send them all.
2022-10-06 16:21:25 +02:00
Benjamin Dauvergne cce77e82e5 adapters: update new UserSAMLIdentifier fields on each SSO (#69955)
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
2022-10-06 16:21:17 +02:00
Benjamin Dauvergne 45f81514bc misc: clean SessionIndex during logout (#69740)
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
2022-10-05 19:53:07 +02:00
Benjamin Dauvergne f335a403c1 views: implement a sessionless logout endpoint (#69740)
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 218afde9cd misc: make logout work with transient NameID (#69740)
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 7f9602c528 utils: add method to build a session dump from models (#69740)
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 600c8cfbc0 misc: keep nameid attributes to rebuild it (#69740)
Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne e98308d45c views: allow overriding the default return url after logout (#69740) 2022-10-05 17:23:50 +02:00
Benjamin Dauvergne 86d3cad3b8 views: improve handling of next_url for sp initiated logout (#69740) 2022-10-05 17:23:20 +02:00
Benjamin Dauvergne 43ce1d8141 utils: use same_origin() from authentic2 (#69740) 2022-10-05 12:29:13 +02:00
Benjamin Dauvergne e9008debf5 use a PEP440 compatible get_version() (#69795) 2022-10-04 12:26:16 +02:00
Valentin Deniaud df20bfc36c misc: add django-upgrade files/notes (#69798)
gitea/django-mellon/pipeline/head Build started... Details
2022-10-03 14:27:01 +02:00
Valentin Deniaud 865b285828 misc: apply django-upgrade (#69798) 2022-10-03 14:27:01 +02:00
Valentin Deniaud 9f406a321b misc: fix incorrect pre-commit info in readme 2022-09-29 18:28:50 +02:00
Valentin Deniaud e7a1aa5646 translation update 2022-09-29 14:57:26 +02:00
Valentin Deniaud 591344d21f templates: add blocktrans trimmed where useful (#69422) 2022-09-29 14:56:48 +02:00
Valentin Deniaud bd45e64b48 misc: add djhtml files/notes (#69422) 2022-09-29 12:21:08 +02:00
Valentin Deniaud d20066dc44 misc: apply djhtml (#69422) 2022-09-29 12:20:38 +02:00
Valentin Deniaud a7a3582c97 views: show debug login view on lasso exception (#68962) 2022-09-14 13:53:49 +02:00
Agate Berriot 98783c8574 django4: access request headers through request.headers instead of request.META (#68571) 2022-08-31 09:13:37 +02:00
Agate Berriot 7050da2320 django4: replaced urls.url with url.path equivalent (#68571) 2022-08-31 09:13:14 +02:00
Agate Berriot 1740cd7483 django4: replaced deprecated request.is_ajax() call (#68571) 2022-08-31 09:12:39 +02:00
Frédéric Péters 366758a54d misc: log when login is refused because of authn_classref mismatch (#68236) 2022-08-18 15:09:20 +02:00
Benjamin Dauvergne 437d1a3063 middleware: clear PASSIVE_TRIED_COOKIE when logged in (#67084) 2022-07-06 16:11:39 +02:00
Paul Marillonnet 1fa1541c02 views: use MELLON_OPENED_SESSION to anchor local session to the global session (#66747)
If the MELLON_OPENED_SESSION cookie change or disappear during an opened
session, the user is automatically logged out. If it changes after a
previous passive login try, passive login is allowed again.
2022-06-29 11:14:05 +02:00