Frédéric Péters
667078b0ae
translation update
2022-10-10 09:37:34 +02:00
Benjamin Dauvergne
e1e50c2797
misc: replace use of distutils.sysconfig by sysconfig in getlasso3.sh
2022-10-07 12:45:52 +02:00
Benjamin Dauvergne
817314b8ee
views: send all related SessionIndex in LogoutRequest ( #69955 )
...
As we do not known which one the IdP remember, we must send them all.
2022-10-06 16:21:25 +02:00
Benjamin Dauvergne
cce77e82e5
adapters: update new UserSAMLIdentifier fields on each SSO ( #69955 )
...
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
2022-10-06 16:21:17 +02:00
Benjamin Dauvergne
45f81514bc
misc: clean SessionIndex during logout ( #69740 )
...
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
2022-10-05 19:53:07 +02:00
Benjamin Dauvergne
f335a403c1
views: implement a sessionless logout endpoint ( #69740 )
...
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
218afde9cd
misc: make logout work with transient NameID ( #69740 )
...
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
None.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
7f9602c528
utils: add method to build a session dump from models ( #69740 )
...
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
600c8cfbc0
misc: keep nameid attributes to rebuild it ( #69740 )
...
Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.
2022-10-05 17:23:51 +02:00
Benjamin Dauvergne
e98308d45c
views: allow overriding the default return url after logout ( #69740 )
2022-10-05 17:23:50 +02:00
Benjamin Dauvergne
86d3cad3b8
views: improve handling of next_url for sp initiated logout ( #69740 )
2022-10-05 17:23:20 +02:00
Benjamin Dauvergne
43ce1d8141
utils: use same_origin() from authentic2 ( #69740 )
2022-10-05 12:29:13 +02:00
Benjamin Dauvergne
e9008debf5
setup.py: use a PEP440 compatible get_version() ( #69795 )
2022-10-04 12:26:16 +02:00
Valentin Deniaud
df20bfc36c
misc: add django-upgrade files/notes ( #69798 )
gitea/django-mellon/pipeline/head Build started...
Details
2022-10-03 14:27:01 +02:00
Valentin Deniaud
865b285828
misc: apply django-upgrade ( #69798 )
2022-10-03 14:27:01 +02:00
Valentin Deniaud
9f406a321b
misc: fix incorrect pre-commit info in readme
2022-09-29 18:28:50 +02:00
Valentin Deniaud
e7a1aa5646
translation update
2022-09-29 14:57:26 +02:00
Valentin Deniaud
591344d21f
templates: add blocktrans trimmed where useful ( #69422 )
2022-09-29 14:56:48 +02:00
Valentin Deniaud
bd45e64b48
misc: add djhtml files/notes ( #69422 )
2022-09-29 12:21:08 +02:00
Valentin Deniaud
d20066dc44
misc: apply djhtml ( #69422 )
2022-09-29 12:20:38 +02:00
Valentin Deniaud
a7a3582c97
views: show debug login view on lasso exception ( #68962 )
2022-09-14 13:53:49 +02:00
Agate
98783c8574
django4: access request headers through request.headers instead of request.META ( #68571 )
2022-08-31 09:13:37 +02:00
Agate
7050da2320
django4: replaced urls.url with url.path equivalent ( #68571 )
2022-08-31 09:13:14 +02:00
Agate
1740cd7483
django4: replaced deprecated request.is_ajax() call ( #68571 )
2022-08-31 09:12:39 +02:00
Frédéric Péters
366758a54d
misc: log when login is refused because of authn_classref mismatch ( #68236 )
2022-08-18 15:09:20 +02:00
Benjamin Dauvergne
437d1a3063
middleware: clear PASSIVE_TRIED_COOKIE when logged in ( #67084 )
2022-07-06 16:11:39 +02:00
Paul Marillonnet
1fa1541c02
views: use MELLON_OPENED_SESSION to anchor local session to the global session ( #66747 )
...
If the MELLON_OPENED_SESSION cookie change or disappear during an opened
session, the user is automatically logged out. If it changes after a
previous passive login try, passive login is allowed again.
2022-06-29 11:14:05 +02:00
Paul Marillonnet
025cda4293
tox: test with (bullseye-backports') django3.2 ( #64309 )
2022-04-20 15:01:59 +02:00
Paul Marillonnet
088dc5eeef
setup: allow for (bullseye-backports') django3.2 version ( #64309 )
2022-04-20 15:01:59 +02:00
Paul Marillonnet
e27bafd8cb
handle long attribute truncate variations between django2 & 3 ( #64309 )
2022-04-20 15:01:59 +02:00
Paul Marillonnet
dedd924f99
use force_str only when necessary ( #64309 )
2022-04-20 09:54:54 +02:00
Paul Marillonnet
b4704b16c9
use django3.2-compatible re_path urls util ( #64309 )
2022-04-20 09:54:05 +02:00
Paul Marillonnet
509beeb6c4
discard deprecated ugettext* i18n utils ( #64309 )
2022-04-20 09:52:47 +02:00
Benjamin Dauvergne
7c9ca09de7
misc: remove six module usage ( #63688 )
2022-04-08 10:14:54 +02:00
Thomas NOËL
29c3d7aeb0
trivial: bump black version to 22.3.0
2022-03-31 12:17:43 +02:00
Frédéric Péters
8f49eb59b5
translation update
2022-03-25 09:02:58 +01:00
Frédéric Péters
ff98a87158
translations: close quotes around username ( #63178 )
2022-03-25 09:02:43 +01:00
Frédéric Péters
6b3537d083
trivial: bump black version to 22.1.0 ( #62312 )
2022-03-01 19:30:33 +01:00
Frédéric Péters
12b92b1a9f
debian: update django dependency to 2.2
2022-02-18 10:08:04 +01:00
Benjamin Dauvergne
fc4f78c039
translation update
2022-02-04 13:25:52 +01:00
Benjamin Dauvergne
104d57f753
views: do not logout in sp_response_logout ( #61431 )
...
It's already done in the initialization view, if a new session
has been open since we must keep it open.
2022-02-04 13:02:12 +01:00
Benjamin Dauvergne
947c355baf
views: keep next_url trough sp logout ( #61431 )
...
* first, create relaystate before build logout.msgUrl
* second, retrieve it in sp_logout_response
2022-02-04 13:00:55 +01:00
Frédéric Péters
a2019a930c
properly close meta refresh tag ( #61020 )
2022-01-24 16:57:02 +01:00
Emmanuel Cazenave
8ec0ea8ff6
jenkins: show execution context in coverage reports ( #60446 )
2022-01-11 16:03:08 +01:00
Frédéric Péters
8ed4373cca
build: update setup.py to require at least django 2.2
2021-12-19 16:38:42 +01:00
Frédéric Péters
70586ce95d
jenkins: build packages for buster & bullseye
2021-12-12 11:23:53 +01:00
Benjamin Dauvergne
be1e50e826
views: log SAML response and assertion in debug view ( #58915 )
2021-11-23 19:21:23 +01:00
Valentin Deniaud
50cb52b160
views: render debug login template at the last moment ( #58906 )
2021-11-23 14:41:34 +01:00
Frédéric Péters
b80bc26d73
build: bump black version
2021-11-22 22:07:54 +01:00
Frédéric Péters
d5579dc095
debian: switch to debhelper-compat 12 ( #57538 )
2021-10-10 12:11:46 +02:00