Benjamin Dauvergne
e57fea6e5c
misc: add Secure flag to cookies ( #90240 )
...
gitea/django-mellon/pipeline/head This commit looks good
Details
It is required by the SameSite=None flag.
https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
2024-05-02 10:29:44 +02:00
Frédéric Péters
6742f25d77
misc: use samesite=None for passive cookies ( #90193 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-04-30 14:43:33 +02:00
Benjamin Dauvergne
7f58bf9c66
misc: do not update Issuer uselessly ( #86976 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-02-15 09:59:47 +01:00
Benjamin Dauvergne
b372884c2d
adapters: update cache file ctime on refresh ( #86977 )
gitea/django-mellon/pipeline/head Build queued...
Details
2024-02-14 18:37:43 +01:00
Benjamin Dauvergne
244ca2abcd
misc: do not read not_on_or_after if session is not loaded ( #86451 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-02-01 16:17:22 +01:00
Benjamin Dauvergne
a17efc6f1b
ci: fix pylint warnings ( #86402 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-31 22:07:21 +01:00
Benjamin Dauvergne
c200edb746
translation update
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-30 09:40:38 +01:00
Benjamin Dauvergne
51ee9d8cac
views: show message when logout is refused ( #85904 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-22 10:41:23 +01:00
Benjamin Dauvergne
af81da4954
adapters: do not log errors on cold cache ( #84933 )
...
gitea/django-mellon/pipeline/head This commit looks good
Details
Only log errors if the cache is older than 24 hours.
2024-01-16 12:41:25 +01:00
Benjamin Dauvergne
200e009b1e
middleware: use sec-fetch-dest=document to identify page requests ( #84104 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-16 12:22:24 +01:00
Benjamin Dauvergne
c98d4629ec
middleware: check ajax request with sec-fetch-mode header header ( #81211 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2023-09-14 16:41:22 +02:00
Benjamin Dauvergne
f4ad730ea1
Do not use a subquery to clean dead sessions ( #80626 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2023-08-29 10:02:39 +02:00
Benjamin Dauvergne
170e728d3a
misc: allow login_hint parameter in login url ( #76712 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2023-04-17 15:27:37 +02:00
Benjamin Dauvergne
0f7044e7a0
adapters: do not exclude already linked users ( #76083 )
...
gitea/django-mellon/pipeline/head This commit looks good
Details
When two IdP are used with common directory accounts of if we migrate
from a test IdP to a production IdP, it can be useful to relink existing
users to the new source.
2023-04-01 17:32:39 +02:00
Valentin Deniaud
e54f100fdf
misc: bump black version ( #75442 )
2023-03-16 17:19:05 +01:00
Benjamin Dauvergne
750f869e5f
misc: do not send logout requests if SingleLogout profile is not supported ( #71041 )
2022-11-09 08:16:02 +01:00
Frédéric Péters
667078b0ae
translation update
2022-10-10 09:37:34 +02:00
Benjamin Dauvergne
817314b8ee
views: send all related SessionIndex in LogoutRequest ( #69955 )
...
As we do not known which one the IdP remember, we must send them all.
2022-10-06 16:21:25 +02:00
Benjamin Dauvergne
cce77e82e5
adapters: update new UserSAMLIdentifier fields on each SSO ( #69955 )
...
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
2022-10-06 16:21:17 +02:00
Benjamin Dauvergne
45f81514bc
misc: clean SessionIndex during logout ( #69740 )
...
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
2022-10-05 19:53:07 +02:00
Benjamin Dauvergne
f335a403c1
views: implement a sessionless logout endpoint ( #69740 )
...
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
218afde9cd
misc: make logout work with transient NameID ( #69740 )
...
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
None.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
7f9602c528
utils: add method to build a session dump from models ( #69740 )
...
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
600c8cfbc0
misc: keep nameid attributes to rebuild it ( #69740 )
...
Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
e98308d45c
views: allow overriding the default return url after logout ( #69740 )
2022-10-05 17:23:50 +02:00
Benjamin Dauvergne
86d3cad3b8
views: improve handling of next_url for sp initiated logout ( #69740 )
2022-10-05 17:23:20 +02:00
Benjamin Dauvergne
43ce1d8141
utils: use same_origin() from authentic2 ( #69740 )
2022-10-05 12:29:13 +02:00
Valentin Deniaud
e7a1aa5646
translation update
2022-09-29 14:57:26 +02:00
Valentin Deniaud
591344d21f
templates: add blocktrans trimmed where useful ( #69422 )
2022-09-29 14:56:48 +02:00
Valentin Deniaud
d20066dc44
misc: apply djhtml ( #69422 )
2022-09-29 12:20:38 +02:00
Valentin Deniaud
a7a3582c97
views: show debug login view on lasso exception ( #68962 )
2022-09-14 13:53:49 +02:00
Agate
98783c8574
django4: access request headers through request.headers instead of request.META ( #68571 )
2022-08-31 09:13:37 +02:00
Agate
7050da2320
django4: replaced urls.url with url.path equivalent ( #68571 )
2022-08-31 09:13:14 +02:00
Agate
1740cd7483
django4: replaced deprecated request.is_ajax() call ( #68571 )
2022-08-31 09:12:39 +02:00
Frédéric Péters
366758a54d
misc: log when login is refused because of authn_classref mismatch ( #68236 )
2022-08-18 15:09:20 +02:00
Benjamin Dauvergne
437d1a3063
middleware: clear PASSIVE_TRIED_COOKIE when logged in ( #67084 )
2022-07-06 16:11:39 +02:00
Paul Marillonnet
1fa1541c02
views: use MELLON_OPENED_SESSION to anchor local session to the global session ( #66747 )
...
If the MELLON_OPENED_SESSION cookie change or disappear during an opened
session, the user is automatically logged out. If it changes after a
previous passive login try, passive login is allowed again.
2022-06-29 11:14:05 +02:00
Paul Marillonnet
dedd924f99
use force_str only when necessary ( #64309 )
2022-04-20 09:54:54 +02:00
Paul Marillonnet
b4704b16c9
use django3.2-compatible re_path urls util ( #64309 )
2022-04-20 09:54:05 +02:00
Paul Marillonnet
509beeb6c4
discard deprecated ugettext* i18n utils ( #64309 )
2022-04-20 09:52:47 +02:00
Benjamin Dauvergne
7c9ca09de7
misc: remove six module usage ( #63688 )
2022-04-08 10:14:54 +02:00
Frédéric Péters
8f49eb59b5
translation update
2022-03-25 09:02:58 +01:00
Frédéric Péters
ff98a87158
translations: close quotes around username ( #63178 )
2022-03-25 09:02:43 +01:00
Benjamin Dauvergne
fc4f78c039
translation update
2022-02-04 13:25:52 +01:00
Benjamin Dauvergne
104d57f753
views: do not logout in sp_response_logout ( #61431 )
...
It's already done in the initialization view, if a new session
has been open since we must keep it open.
2022-02-04 13:02:12 +01:00
Benjamin Dauvergne
947c355baf
views: keep next_url trough sp logout ( #61431 )
...
* first, create relaystate before build logout.msgUrl
* second, retrieve it in sp_logout_response
2022-02-04 13:00:55 +01:00
Frédéric Péters
a2019a930c
properly close meta refresh tag ( #61020 )
2022-01-24 16:57:02 +01:00
Benjamin Dauvergne
be1e50e826
views: log SAML response and assertion in debug view ( #58915 )
2021-11-23 19:21:23 +01:00
Valentin Deniaud
50cb52b160
views: render debug login template at the last moment ( #58906 )
2021-11-23 14:41:34 +01:00
Frédéric Péters
090a133d85
translation update
2021-10-05 22:11:08 +02:00