Benjamin Dauvergne
73bfa476ef
drop and rename issuer field ( #56819 )
2021-09-15 16:55:59 +02:00
Benjamin Dauvergne
a851b5b2ca
migrate issuer data ( #56819 )
2021-09-15 16:55:59 +02:00
Benjamin Dauvergne
2d1510aae1
adapters: truncate username to the field's max_length ( #56482 )
2021-08-30 15:29:37 +02:00
Benjamin Dauvergne
fbc3588f1b
add MELLON_ASSERTION_CONSUMER_BINDINGS ( #52063 )
...
The default value is ['post', 'artifact'].
2021-08-05 15:57:39 +02:00
Benjamin Dauvergne
4729ef9a3b
apply isort and pyupgrade ( #55990 )
2021-08-05 11:13:19 +02:00
Benjamin Dauvergne
2704f4feaa
views: keep a nonce during a forceAuthn request ( #55953 )
...
Nonce value and forceAuthn is linked to the request id which is randomly
generated by lasso and returned by IdPs as part of a SAML SSO.
2021-08-03 17:20:49 +02:00
Valentin Deniaud
dbdd6fd70b
views: add debug login view ( #55557 )
2021-08-03 11:59:17 +02:00
Benjamin Dauvergne
74e6f5a93d
middleware: disable automatic passive authentication if ?no-passive-auth ( #55854 )
...
You can add ?no-passive-auth to an URL do disable passive authentication based on
an IdP set common domain cookie.
2021-07-27 12:04:24 +02:00
Benjamin Dauvergne
472ce61844
adapters: improve log messages ( #55544 )
...
- add mellon: prefix to all messages
- log all failures at the warning or error level instead of debug
2021-07-13 12:09:12 +02:00
Benjamin Dauvergne
5b9bc1ff57
trivial: apply black ( #51575 )
2021-03-02 14:52:10 +01:00
Benjamin Dauvergne
672cfb90a4
adapters: report warning about TRANSIENT_FEDERATION_ATTRIBUTE to user ( #51568 )
2021-03-02 14:47:56 +01:00
Lauréline Guérin
7cd78e96ab
views: fix logout is user is already logged out ( #50155 )
2021-01-15 10:51:51 +01:00
Valentin Deniaud
bdbc251291
views: handle empty session at authentication ( #45461 )
2020-07-28 09:33:12 +02:00
Benjamin Dauvergne
e1deb96f8c
tests: clear caplog between sessions ( #41949 )
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
482aa09f92
misc: add support for SOAP SLO ( #41949 )
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
65cbdcefc3
misc: support asynchronous logout ( #41949 )
...
It means that will lookup for other Django sessions linked to the
received logout request; logout request can specify session indexes or
ask for logout of all sessions of the user targeted by the NameID.
2020-06-21 13:13:57 +02:00
Benjamin Dauvergne
c05f4a3129
views: ignore XML content in SAML attributes ( #43193 )
2020-05-21 21:04:51 +02:00
Frédéric Péters
d67297c7aa
misc: return bad request messages as plain text ( #41602 )
2020-04-10 16:45:29 +02:00
Frédéric Péters
74230b51ec
general: remove compatibility with django < 1.11 ( #38616 )
2020-01-29 20:33:02 +01:00
Frédéric Péters
7802e85d52
misc: allow all views to receive template_base/context_hook kwargs ( #38610 )
2019-12-18 09:39:48 +01:00
Frédéric Péters
b1b85cf0d2
add possibility to define a hook to alter login template context ( #38533 )
2019-12-16 14:22:18 +01:00
Benjamin Dauvergne
09c32c83d5
misc: make login_hint works without next parameter ( #38163 )
2019-12-03 19:53:37 +01:00
Benjamin Dauvergne
63c7cdc151
tests: fix passive authentication tests ( #30497 )
...
Passive authentication only works for text/html requests by browsers
now.
2019-12-03 19:11:04 +01:00
Benjamin Dauvergne
d5e5701899
add kwargs template_base to LoginView ( #35083 )
2019-12-02 17:47:13 +01:00
Benjamin Dauvergne
7095b1368b
use MiddlewareMixin on middleware ( #36509 )
...
Remove OPENED_SESSION_COOKIE_DOMAIN which has no use.
2019-10-04 17:45:25 +02:00
Benjamin Dauvergne
83abc78605
factorize compatibility layer ( #36509 )
2019-10-04 17:45:25 +02:00
Benjamin Dauvergne
a4a659d04e
make DiscoveryResponse optional in metadata ( #15260 )
2019-10-01 12:31:52 +02:00
Frédéric Péters
389e6d790b
tests: update for compatibility with django 2.2 ( #36330 )
2019-09-22 10:10:15 +02:00
Benjamin Dauvergne
ab92ca9a07
use unicode_literals ( #34008 )
2019-07-02 17:44:03 +02:00
Benjamin Dauvergne
39e2e7e5ac
update and cache metadata from URL and path ( #10196 )
2019-06-18 00:53:01 +02:00
Benjamin Dauvergne
83a09d874e
code style ( #10196 )
2019-06-18 00:53:01 +02:00
Benjamin Dauvergne
968aa07faf
really retrieve XML encoding ( #10196 )
2019-06-18 00:53:01 +02:00
Benjamin Dauvergne
31015e6580
add user lookup by attributes ( #33739 )
2019-06-11 16:46:02 +02:00
Benjamin Dauvergne
e1fa70d28d
add setting MELLON_SIGNATURE_METHOD ( #32008 )
...
It defaults to RSA-SHA256 as RSA-SHA1 which is the default in Lasso is
deprecated.
2019-04-19 11:09:11 +02:00
Benjamin Dauvergne
c5da4db69c
tests: use RSA-SHA256 certificates ( fixes #31963 )
2019-04-03 12:41:32 +02:00
Benjamin Dauvergne
b640f5b334
tests: test failed request path with artifact ( #31690 )
2019-03-25 15:24:13 +01:00
Benjamin Dauvergne
ca6ce92781
views: fix discovery URL building ( #31581 )
2019-03-20 14:28:05 +01:00
Benjamin Dauvergne
b3e1b9c533
views: add new setting LOGIN_HINTS ( fixes #30966 )
...
You can set MELLON_LOGIN_HINTS = ['backoffice'] to get a node
eo:login-hint set to "backoffice" in AuthnRequest when next_url for the
login view is among /manage/, /admin/ or /manager/.
Another value is 'always_backoffice' which always set the 'backoffice'
login_hint.
2019-03-07 23:12:56 +01:00
Benjamin Dauvergne
f2e05b84ae
prevent redirection loop on artifact resolution errors ( fixes #14810 )
...
Signature of method sso_failure() is changed to match the name name of
the context variable in template mellon/authentication_failed.html
(idp_message => reason).
2019-03-02 16:42:46 +01:00
Frédéric Péters
a1fa7d36df
don't cache local metadata anymore ( #13881 )
2018-09-05 17:09:31 +02:00
Paul Marillonnet
349a4ec3bc
skip test if number of concurrent connections above default pg limit ( #25252 )
2018-07-18 18:07:24 +02:00
Paul Marillonnet
c5fddd13cd
tests: adapt to lasso PEM-formatting deprecation ( #24531 )
2018-07-18 18:06:18 +02:00
Benjamin Dauvergne
d4d0b85944
use good API from lasso to set Extensions node content ( #23003 )
...
- use extensions.any tuple to set the content of the Extensions node
- add tests for the presence of the eo:next_url node when
ADD_AUTHNREQUEST_NEXT_URL_EXTENSION is used
- add tests for next_url propagation through the RelayState value
2018-06-06 11:05:59 +02:00
Frédéric Péters
edb09ed8fd
use force_text for python2/3 compatibility ( #24139 )
2018-05-29 12:21:13 +02:00
Frédéric Péters
8252e948e7
tests: adapt to python 3
2018-04-05 14:38:49 +02:00
Frédéric Péters
ffadd1a618
python3: use urlparse compatibility module in tests
2018-04-05 14:31:45 +02:00
Frédéric Péters
d342971a45
python3: use open() to open files
2018-04-05 14:25:54 +02:00
Frédéric Péters
7ac7c48f67
tests: don't use a leading 0 in numbers
2018-03-27 09:05:39 +02:00
Benjamin Dauvergne
f1af12e6a1
tests: prevent "Database is locked" error during concurrency test ( fixes #19678 )
...
SQLite has a default timeout of 5 seconds, we augment it to 400 seconds. We also
replace our custom thread pool by the one provided by multiprocessing.
2018-03-12 14:27:27 +01:00
Benjamin Dauvergne
be791d54a8
set a default value for IDENTITY_PROVIDERS (( fixes #20221 )
2018-03-07 18:09:44 +01:00