entrouvert
/
django-mellon
16
0
Fork 0
Code Issues Pull Requests Releases Activity
340 Commits 7 Branches 101 Tags 867 KiB
Commit Graph

84 Commits

Author SHA1 Message Date
Benjamin Dauvergne 73bfa476ef drop and rename issuer field (#56819) 2021-09-15 16:55:59 +02:00
Benjamin Dauvergne a851b5b2ca migrate issuer data (#56819) 2021-09-15 16:55:59 +02:00
Benjamin Dauvergne 2d1510aae1 adapters: truncate username to the field's max_length (#56482) 2021-08-30 15:29:37 +02:00
Benjamin Dauvergne fbc3588f1b add MELLON_ASSERTION_CONSUMER_BINDINGS (#52063) 
The default value is ['post', 'artifact'].
 2021-08-05 15:57:39 +02:00
Benjamin Dauvergne 4729ef9a3b apply isort and pyupgrade (#55990) 2021-08-05 11:13:19 +02:00
Benjamin Dauvergne 2704f4feaa views: keep a nonce during a forceAuthn request (#55953) 
Nonce value and forceAuthn is linked to the request id which is randomly
generated by lasso and returned by IdPs as part of a SAML SSO.
 2021-08-03 17:20:49 +02:00
Valentin Deniaud dbdd6fd70b views: add debug login view (#55557) 2021-08-03 11:59:17 +02:00
Benjamin Dauvergne 74e6f5a93d middleware: disable automatic passive authentication if ?no-passive-auth (#55854) 
You can add ?no-passive-auth to an URL do disable passive authentication based on
an IdP set common domain cookie.
 2021-07-27 12:04:24 +02:00
Benjamin Dauvergne 472ce61844 adapters: improve log messages (#55544) 
- add mellon: prefix to all messages
- log all failures at the warning or error level instead of debug
 2021-07-13 12:09:12 +02:00
Benjamin Dauvergne 5b9bc1ff57 trivial: apply black (#51575) 2021-03-02 14:52:10 +01:00
Benjamin Dauvergne 672cfb90a4 adapters: report warning about TRANSIENT_FEDERATION_ATTRIBUTE to user (#51568) 2021-03-02 14:47:56 +01:00
Lauréline Guérin 7cd78e96ab
views: fix logout is user is already logged out (#50155) 2021-01-15 10:51:51 +01:00
Valentin Deniaud bdbc251291 views: handle empty session at authentication (#45461) 2020-07-28 09:33:12 +02:00
Benjamin Dauvergne e1deb96f8c tests: clear caplog between sessions (#41949) 2020-06-21 13:13:57 +02:00
Benjamin Dauvergne 482aa09f92 misc: add support for SOAP SLO (#41949) 2020-06-21 13:13:57 +02:00
Benjamin Dauvergne 65cbdcefc3 misc: support asynchronous logout (#41949) 
It means that will lookup for other Django sessions linked to the
received logout request; logout request can specify session indexes or
ask for logout of all sessions of the user targeted by the NameID.
 2020-06-21 13:13:57 +02:00
Benjamin Dauvergne c05f4a3129 views: ignore XML content in SAML attributes (#43193) 2020-05-21 21:04:51 +02:00
Frédéric Péters d67297c7aa misc: return bad request messages as plain text (#41602) 2020-04-10 16:45:29 +02:00
Frédéric Péters 74230b51ec general: remove compatibility with django < 1.11 (#38616) 2020-01-29 20:33:02 +01:00
Frédéric Péters 7802e85d52 misc: allow all views to receive template_base/context_hook kwargs (#38610) 2019-12-18 09:39:48 +01:00
Frédéric Péters b1b85cf0d2 add possibility to define a hook to alter login template context (#38533) 2019-12-16 14:22:18 +01:00
Benjamin Dauvergne 09c32c83d5 misc: make login_hint works without next parameter (#38163) 2019-12-03 19:53:37 +01:00
Benjamin Dauvergne 63c7cdc151 tests: fix passive authentication tests (#30497) 
Passive authentication only works for text/html requests by browsers
now.
 2019-12-03 19:11:04 +01:00
Benjamin Dauvergne d5e5701899 add kwargs template_base to LoginView (#35083) 2019-12-02 17:47:13 +01:00
Benjamin Dauvergne 7095b1368b use MiddlewareMixin on middleware (#36509) 
Remove OPENED_SESSION_COOKIE_DOMAIN which has no use.
 2019-10-04 17:45:25 +02:00
Benjamin Dauvergne 83abc78605 factorize compatibility layer (#36509) 2019-10-04 17:45:25 +02:00
Benjamin Dauvergne a4a659d04e make DiscoveryResponse optional in metadata (#15260) 2019-10-01 12:31:52 +02:00
Frédéric Péters 389e6d790b tests: update for compatibility with django 2.2 (#36330) 2019-09-22 10:10:15 +02:00
Benjamin Dauvergne ab92ca9a07 use unicode_literals (#34008) 2019-07-02 17:44:03 +02:00
Benjamin Dauvergne 39e2e7e5ac update and cache metadata from URL and path (#10196) 2019-06-18 00:53:01 +02:00
Benjamin Dauvergne 83a09d874e code style (#10196) 2019-06-18 00:53:01 +02:00
Benjamin Dauvergne 968aa07faf really retrieve XML encoding (#10196) 2019-06-18 00:53:01 +02:00
Benjamin Dauvergne 31015e6580 add user lookup by attributes (#33739) 2019-06-11 16:46:02 +02:00
Benjamin Dauvergne e1fa70d28d add setting MELLON_SIGNATURE_METHOD (#32008) 
It defaults to RSA-SHA256 as RSA-SHA1 which is the default in Lasso is
deprecated.
 2019-04-19 11:09:11 +02:00
Benjamin Dauvergne c5da4db69c tests: use RSA-SHA256 certificates (fixes #31963) 2019-04-03 12:41:32 +02:00
Benjamin Dauvergne b640f5b334 tests: test failed request path with artifact (#31690) 2019-03-25 15:24:13 +01:00
Benjamin Dauvergne ca6ce92781 views: fix discovery URL building (#31581) 2019-03-20 14:28:05 +01:00
Benjamin Dauvergne b3e1b9c533 views: add new setting LOGIN_HINTS (fixes #30966) 
You can set MELLON_LOGIN_HINTS = ['backoffice'] to get a node
eo:login-hint set to "backoffice" in AuthnRequest when next_url for the
login view is among /manage/, /admin/ or /manager/.

Another value is 'always_backoffice' which always set the 'backoffice'
login_hint.
 2019-03-07 23:12:56 +01:00
Benjamin Dauvergne f2e05b84ae prevent redirection loop on artifact resolution errors (fixes #14810) 
Signature of method sso_failure() is changed to match the name name of
the context variable in template mellon/authentication_failed.html
(idp_message => reason).
 2019-03-02 16:42:46 +01:00
Frédéric Péters a1fa7d36df don't cache local metadata anymore (#13881) 2018-09-05 17:09:31 +02:00
Paul Marillonnet 349a4ec3bc skip test if number of concurrent connections above default pg limit (#25252) 2018-07-18 18:07:24 +02:00
Paul Marillonnet c5fddd13cd tests: adapt to lasso PEM-formatting deprecation (#24531) 2018-07-18 18:06:18 +02:00
Benjamin Dauvergne d4d0b85944 use good API from lasso to set Extensions node content (#23003) 
- use extensions.any tuple to set the content of the Extensions node
- add tests for the presence of the eo:next_url node when
  ADD_AUTHNREQUEST_NEXT_URL_EXTENSION is used
- add tests for next_url propagation through the RelayState value
 2018-06-06 11:05:59 +02:00
Frédéric Péters edb09ed8fd use force_text for python2/3 compatibility (#24139) 2018-05-29 12:21:13 +02:00
Frédéric Péters 8252e948e7 tests: adapt to python 3 2018-04-05 14:38:49 +02:00
Frédéric Péters ffadd1a618 python3: use urlparse compatibility module in tests 2018-04-05 14:31:45 +02:00
Frédéric Péters d342971a45 python3: use open() to open files 2018-04-05 14:25:54 +02:00
Frédéric Péters 7ac7c48f67 tests: don't use a leading 0 in numbers 2018-03-27 09:05:39 +02:00
Benjamin Dauvergne f1af12e6a1 tests: prevent "Database is locked" error during concurrency test (fixes #19678) 
SQLite has a default timeout of 5 seconds, we augment it to 400 seconds. We also
replace our custom thread pool by the one provided by multiprocessing.
 2018-03-12 14:27:27 +01:00
Benjamin Dauvergne be791d54a8 set a default value for IDENTITY_PROVIDERS ((fixes #20221) 2018-03-07 18:09:44 +01:00