Benjamin Dauvergne
244ca2abcd
misc: do not read not_on_or_after if session is not loaded ( #86451 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-02-01 16:17:22 +01:00
Benjamin Dauvergne
51ee9d8cac
views: show message when logout is refused ( #85904 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-22 10:41:23 +01:00
Benjamin Dauvergne
af81da4954
adapters: do not log errors on cold cache ( #84933 )
...
gitea/django-mellon/pipeline/head This commit looks good
Details
Only log errors if the cache is older than 24 hours.
2024-01-16 12:41:25 +01:00
Benjamin Dauvergne
200e009b1e
middleware: use sec-fetch-dest=document to identify page requests ( #84104 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2024-01-16 12:22:24 +01:00
Benjamin Dauvergne
c98d4629ec
middleware: check ajax request with sec-fetch-mode header header ( #81211 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2023-09-14 16:41:22 +02:00
Benjamin Dauvergne
170e728d3a
misc: allow login_hint parameter in login url ( #76712 )
gitea/django-mellon/pipeline/head This commit looks good
Details
2023-04-17 15:27:37 +02:00
Benjamin Dauvergne
0f7044e7a0
adapters: do not exclude already linked users ( #76083 )
...
gitea/django-mellon/pipeline/head This commit looks good
Details
When two IdP are used with common directory accounts of if we migrate
from a test IdP to a production IdP, it can be useful to relink existing
users to the new source.
2023-04-01 17:32:39 +02:00
Valentin Deniaud
7beeffed2a
misc: change django-upgrade target version to 3.2 ( #75442 )
2023-03-16 17:18:53 +01:00
Benjamin Dauvergne
45c987584c
tests: remove useless import of py.io ( #70797 )
2022-10-28 09:47:09 +02:00
Benjamin Dauvergne
cce77e82e5
adapters: update new UserSAMLIdentifier fields on each SSO ( #69955 )
...
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
2022-10-06 16:21:17 +02:00
Benjamin Dauvergne
45f81514bc
misc: clean SessionIndex during logout ( #69740 )
...
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
2022-10-05 19:53:07 +02:00
Benjamin Dauvergne
f335a403c1
views: implement a sessionless logout endpoint ( #69740 )
...
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
218afde9cd
misc: make logout work with transient NameID ( #69740 )
...
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
None.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
7f9602c528
utils: add method to build a session dump from models ( #69740 )
...
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
e98308d45c
views: allow overriding the default return url after logout ( #69740 )
2022-10-05 17:23:50 +02:00
Benjamin Dauvergne
86d3cad3b8
views: improve handling of next_url for sp initiated logout ( #69740 )
2022-10-05 17:23:20 +02:00
Valentin Deniaud
865b285828
misc: apply django-upgrade ( #69798 )
2022-10-03 14:27:01 +02:00
Valentin Deniaud
d20066dc44
misc: apply djhtml ( #69422 )
2022-09-29 12:20:38 +02:00
Valentin Deniaud
a7a3582c97
views: show debug login view on lasso exception ( #68962 )
2022-09-14 13:53:49 +02:00
Benjamin Dauvergne
437d1a3063
middleware: clear PASSIVE_TRIED_COOKIE when logged in ( #67084 )
2022-07-06 16:11:39 +02:00
Paul Marillonnet
1fa1541c02
views: use MELLON_OPENED_SESSION to anchor local session to the global session ( #66747 )
...
If the MELLON_OPENED_SESSION cookie change or disappear during an opened
session, the user is automatically logged out. If it changes after a
previous passive login try, passive login is allowed again.
2022-06-29 11:14:05 +02:00
Paul Marillonnet
e27bafd8cb
handle long attribute truncate variations between django2 & 3 ( #64309 )
2022-04-20 15:01:59 +02:00
Paul Marillonnet
dedd924f99
use force_str only when necessary ( #64309 )
2022-04-20 09:54:54 +02:00
Paul Marillonnet
b4704b16c9
use django3.2-compatible re_path urls util ( #64309 )
2022-04-20 09:54:05 +02:00
Benjamin Dauvergne
7c9ca09de7
misc: remove six module usage ( #63688 )
2022-04-08 10:14:54 +02:00
Benjamin Dauvergne
947c355baf
views: keep next_url trough sp logout ( #61431 )
...
* first, create relaystate before build logout.msgUrl
* second, retrieve it in sp_logout_response
2022-02-04 13:00:55 +01:00
Benjamin Dauvergne
be1e50e826
views: log SAML response and assertion in debug view ( #58915 )
2021-11-23 19:21:23 +01:00
Benjamin Dauvergne
4941fd7281
show an error page when create_server fails ( #57176 )
2021-09-23 10:39:04 +02:00
Benjamin Dauvergne
73bfa476ef
drop and rename issuer field ( #56819 )
2021-09-15 16:55:59 +02:00
Benjamin Dauvergne
a851b5b2ca
migrate issuer data ( #56819 )
2021-09-15 16:55:59 +02:00
Benjamin Dauvergne
2d1510aae1
adapters: truncate username to the field's max_length ( #56482 )
2021-08-30 15:29:37 +02:00
Benjamin Dauvergne
fbc3588f1b
add MELLON_ASSERTION_CONSUMER_BINDINGS ( #52063 )
...
The default value is ['post', 'artifact'].
2021-08-05 15:57:39 +02:00
Benjamin Dauvergne
4729ef9a3b
apply isort and pyupgrade ( #55990 )
2021-08-05 11:13:19 +02:00
Benjamin Dauvergne
2704f4feaa
views: keep a nonce during a forceAuthn request ( #55953 )
...
Nonce value and forceAuthn is linked to the request id which is randomly
generated by lasso and returned by IdPs as part of a SAML SSO.
2021-08-03 17:20:49 +02:00
Valentin Deniaud
dbdd6fd70b
views: add debug login view ( #55557 )
2021-08-03 11:59:17 +02:00
Benjamin Dauvergne
74e6f5a93d
middleware: disable automatic passive authentication if ?no-passive-auth ( #55854 )
...
You can add ?no-passive-auth to an URL do disable passive authentication based on
an IdP set common domain cookie.
2021-07-27 12:04:24 +02:00
Benjamin Dauvergne
472ce61844
adapters: improve log messages ( #55544 )
...
- add mellon: prefix to all messages
- log all failures at the warning or error level instead of debug
2021-07-13 12:09:12 +02:00
Benjamin Dauvergne
5b9bc1ff57
trivial: apply black ( #51575 )
2021-03-02 14:52:10 +01:00
Benjamin Dauvergne
672cfb90a4
adapters: report warning about TRANSIENT_FEDERATION_ATTRIBUTE to user ( #51568 )
2021-03-02 14:47:56 +01:00
Lauréline Guérin
7cd78e96ab
views: fix logout is user is already logged out ( #50155 )
2021-01-15 10:51:51 +01:00
Valentin Deniaud
bdbc251291
views: handle empty session at authentication ( #45461 )
2020-07-28 09:33:12 +02:00
Benjamin Dauvergne
e1deb96f8c
tests: clear caplog between sessions ( #41949 )
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
482aa09f92
misc: add support for SOAP SLO ( #41949 )
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
65cbdcefc3
misc: support asynchronous logout ( #41949 )
...
It means that will lookup for other Django sessions linked to the
received logout request; logout request can specify session indexes or
ask for logout of all sessions of the user targeted by the NameID.
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
c05f4a3129
views: ignore XML content in SAML attributes ( #43193 )
2020-05-21 21:04:51 +02:00
Frédéric Péters
d67297c7aa
misc: return bad request messages as plain text ( #41602 )
2020-04-10 16:45:29 +02:00
Frédéric Péters
74230b51ec
general: remove compatibility with django < 1.11 ( #38616 )
2020-01-29 20:33:02 +01:00
Frédéric Péters
7802e85d52
misc: allow all views to receive template_base/context_hook kwargs ( #38610 )
2019-12-18 09:39:48 +01:00
Frédéric Péters
b1b85cf0d2
add possibility to define a hook to alter login template context ( #38533 )
2019-12-16 14:22:18 +01:00
Benjamin Dauvergne
09c32c83d5
misc: make login_hint works without next parameter ( #38163 )
2019-12-03 19:53:37 +01:00