entrouvert
/
django-mellon
16
0
Fork 0
Code Issues Pull Requests Releases Activity
231 Commits 7 Branches 101 Tags 867 KiB
Commit Graph

169 Commits

Author SHA1 Message Date
Frédéric Péters edb09ed8fd use force_text for python2/3 compatibility (#24139) 2018-05-29 12:21:13 +02:00
Frédéric Péters 1e02302fd9 python3: get metadata from URL as a string 2018-04-05 14:38:36 +02:00
Frédéric Péters 163639501c python3: always use %s to get user representation in logs 2018-04-05 14:31:45 +02:00
Frédéric Péters 24e85adc5a python3: handle differences in lasso/py2/py3 encodings 2018-04-05 14:31:45 +02:00
Frédéric Péters 401b65f8b3 python3: adjust unicode usage 2018-04-05 14:29:55 +02:00
Frédéric Péters 239f39c097 python3: add detection of xml encoding 2018-04-05 14:25:54 +02:00
Frédéric Péters 7df3a6f5e0 python3: don't use iteritems 2018-04-05 14:25:54 +02:00
Frédéric Péters d342971a45 python3: use open() to open files 2018-04-05 14:25:54 +02:00
Benjamin Dauvergne be791d54a8 set a default value for IDENTITY_PROVIDERS ((fixes #20221) 2018-03-07 18:09:44 +01:00
Benjamin Dauvergne b66a974922 do not raise ImproperlyConfigured on acces to app_settings.IDENTITY_PROVIDERS (fixes #20221) 2018-03-07 16:54:19 +01:00
Thomas NOËL ac75dce84f misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229) 2018-03-07 15:59:10 +01:00
Benjamin Dauvergne a0d3e209c1 move tag Extensions in metadata template (fixes #21923) 
Current template does not validate the SAML 2.0 metadata schema.
 2018-02-16 09:54:22 +01:00
Benjamin Dauvergne 6c528dd2c3 Revert "support federation file loading (#19396)" 
This reverts commit 63993e360c.
 2018-01-09 21:43:25 +01:00
Paul Marillonnet 63993e360c support federation file loading (#19396) 2018-01-09 17:50:25 +01:00
Frédéric Péters 343be40b6f misc: update exception handling for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Frédéric Péters 078fcbd058 misc: update missing-django message for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Benjamin Dauvergne 688067f270 middleware: improve condition to automatically determine a common domain (fixes #15548) 
It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not pass
  this test, they lack dots),
- domain contains at least three components.
 2017-09-27 21:59:48 +02:00
Benjamin Dauvergne cb3e18c8ba tests: fix discovery service tests (#19018 #19016) 2017-09-27 21:59:15 +02:00
Benjamin Dauvergne 1703cc5da2 views: send entityID to discovery service (fixes #19016) 2017-09-27 14:28:44 +02:00
Benjamin Dauvergne afe3d4a83f views: add nodisco=1 to discovery service return url (fixes #19018) 2017-09-27 14:28:43 +02:00
Benjamin Dauvergne 850a192bcb add a timeout to artifact resolve HTTP calls (fixes #18098) 2017-09-27 14:28:43 +02:00
Frédéric Péters 646132c661 misc: include target URL in AuthnRequest Extensions node (#18452) 2017-09-06 11:02:12 +02:00
Frédéric Péters 7767bc6740 use django facilities to get hostname from request (#16525) 
This is required as SERVER_NAME may not be used in some uwsgi
configuration, and HTTP_HOST should be used instead.

| Nginx maps the $server_name variable to the first server_name you define.
| In your case you have two solutions: read HTTP_HOST instead of SERVER_NAME
| in your app or set SERVER_NAME to $http_host in uwsgi_params
  -- http://lists.unbit.it/pipermail/uwsgi/2010-August/000571.html

The HttpRequest.get_host method handles those cases and more.
 2017-08-10 11:35:21 +02:00
Frédéric Péters 4201b41cdb misc: remove usage of urls.patterns for django 1.8 and later (#15959) 2017-04-23 21:08:15 +02:00
Frédéric Péters d89ecdfbce allow an adapter to adapt auth.login() (#14476) 2017-01-02 13:41:41 +01:00
Frédéric Péters a838336442 misc: remove south migrations (#14064) 2016-11-23 18:01:30 +01:00
Frédéric Péters dada4e8242 add logging of IdP SAML responses and looked up users (#14056) 2016-11-23 13:09:01 +01:00
Frédéric Péters db578bddcf translation update 2016-10-23 17:47:53 +02:00
Benjamin Dauvergne 4a52cfee3e allow views to refuse passive login (fixes #13627) 2016-10-18 10:03:41 +02:00
Benjamin Dauvergne 09ff054f57 retry login when artifact resolution return an empty message (fixes #12795) 
This commit also add a test of artifact login.
 2016-07-29 11:53:36 +02:00
Benjamin Dauvergne aaedfde786 views: gracefully handle logout errors (fixes #11449) 2016-06-22 11:06:46 +02:00
Benjamin Dauvergne 69a18d7272 utils: fix handling of multiple private keys (fixes #11475) 2016-06-22 11:06:33 +02:00
Frédéric Péters 80c748820a misc: force another auth.logout() after coming back from the IdP (#11394) 2016-06-16 16:13:04 +02:00
Frédéric Péters 33dded157a middleware: don't fail on unnamed URLs (#11319) 2016-06-13 13:43:06 +02:00
Frédéric Péters 0b141113d7 make login/logout URL names into settings (#10867) 2016-05-10 09:07:02 +02:00
Benjamin Dauvergne 49a5254363 allow federating transient NameID using an attribute (fixes #10619) 2016-04-27 09:22:05 +02:00
Frédéric Péters 6a6405d75f misc: allow unicode strings as authn classref (#10666) 2016-04-15 10:28:31 +02:00
Frédéric Péters 5eacaa2d22 misc: handle lasso.LoginStatusNotSuccessError (#10633) 2016-04-12 18:54:44 +02:00
Benjamin Dauvergne 74b61de641 replace dateutil by isodate (#10196) 
isodate has better support for the full ISO8601 specification.
 2016-04-11 19:14:07 +02:00
Benjamin Dauvergne d732f6ccb7 when status is not 200, report a fragment of the response (fixes #10270) 2016-04-11 17:07:38 +02:00
Benjamin Dauvergne 8a2558c2da views: wrap login view in non_atomic_requests to allow fine control of transactions' commit (fixes #10604) 2016-04-10 15:40:29 +02:00
Frédéric Péters ba6c092911 add support for artifact POST (#10596) 2016-04-08 15:10:31 +02:00
Benjamin Dauvergne 9c28f53c52 log partial logout error as a warning (fixes #10408) 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 7db1d7d7ed pep8ness 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 66d1811e2f refactor next_url and RelayState use (fixes #10372) 
The next_url parameter is  no more stored directly in the RelayState, as it
RelayState should only contain strings of no more thant 80 bytes, instead
generate an uuid as the relaystate and store the next_url value in session using
a key based on this uuid.

The implementation is generic enough to accomodate storing any other kind of
data during an SSO or SLO workflow.
 2016-03-22 15:20:29 +01:00
Benjamin Dauvergne bfa84bb6ba always consider relative URLs as being of the same origin (fixes #10371) 2016-03-22 15:13:48 +01:00
Benjamin Dauvergne 2aec7a3294 views: handle ProfileInvalidMsgError when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Benjamin Dauvergne dba3f32c3a views: handle ProfileInvalidArtifactError exception when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Frédéric Péters a3bc087890 misc: fix passing of RequestedAuthnContext (#10243) 2016-03-09 09:14:38 +01:00
Benjamin Dauvergne eb89a86ef3 add DiscoveryResponse endpoint to metadata (fixes #10197) 2016-03-04 11:05:01 +01:00