entrouvert
/
django-mellon
16
0
Fork 0
Code Issues Pull Requests Releases Activity
392 Commits 7 Branches 101 Tags 867 KiB
Commit Graph

392 Commits

Author SHA1 Message Date
Frédéric Péters 667078b0ae translation update 2022-10-10 09:37:34 +02:00
Benjamin Dauvergne e1e50c2797 misc: replace use of distutils.sysconfig by sysconfig in getlasso3.sh 2022-10-07 12:45:52 +02:00
Benjamin Dauvergne 817314b8ee views: send all related SessionIndex in LogoutRequest (#69955) 
As we do not known which one the IdP remember, we must send them all.
 2022-10-06 16:21:25 +02:00
Benjamin Dauvergne cce77e82e5 adapters: update new UserSAMLIdentifier fields on each SSO (#69955) 
On existing UserSAMLIdentifier missing values for nid_format especially,
will break the SLO code as the emitted LogoutRequest will have an
unknown NameID when analyzed by the identity provider (NameID content
and attributes must match exactly).
 2022-10-06 16:21:17 +02:00
Benjamin Dauvergne 45f81514bc misc: clean SessionIndex during logout (#69740) 
SessionIndex are deleted when the linked session does not exist anymore
and 5 minutes after the creation of the logout request.
 2022-10-05 19:53:07 +02:00
Benjamin Dauvergne f335a403c1 views: implement a sessionless logout endpoint (#69740) 
To implement SAML single logout in authentic we need a logout endpoint
which works event after the user session has been killed, to do that we
store the needed information in Django signed token, and use it to
initiate the logout request. Afterward the next_url is stored in
short-lived session cookie instead of the session.
 2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 218afde9cd misc: make logout work with transient NameID (#69740) 
Implementation of transient NameID is special, the transient NameID is
ignored and an attribut value is used as the federation key. But in
order to producre a proper NameID for the logout request we need the
transient NameID value. To work around this problem we add a
transient_name_id attribute to the SessionIndex model representing the
current SSO session, and we modify the session dump template to use this
value instead of UserSAMLIdentifier.name_id if transient_name_id is not
None.
 2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 7f9602c528 utils: add method to build a session dump from models (#69740) 
Storing the LassoSession dump in the Django session is no longer needed,
we can rebuild it from the information in the models.
 2022-10-05 17:23:51 +02:00
Benjamin Dauvergne 600c8cfbc0 misc: keep nameid attributes to rebuild it (#69740) 
Logout requests need a properly built NameID element, but we did not
store enough information in models to do that, we uses the LassoSession
dump from the session as a work-around. In order to have a session-less
logout endpoint, we need to store those informations in the
UserSAMLIdentifier model.
 2022-10-05 17:23:51 +02:00
Benjamin Dauvergne e98308d45c views: allow overriding the default return url after logout (#69740) 2022-10-05 17:23:50 +02:00
Benjamin Dauvergne 86d3cad3b8 views: improve handling of next_url for sp initiated logout (#69740) 2022-10-05 17:23:20 +02:00
Benjamin Dauvergne 43ce1d8141 utils: use same_origin() from authentic2 (#69740) 2022-10-05 12:29:13 +02:00
Benjamin Dauvergne e9008debf5 setup.py: use a PEP440 compatible get_version() (#69795) 2022-10-04 12:26:16 +02:00
Valentin Deniaud df20bfc36c misc: add django-upgrade files/notes (#69798)
gitea/django-mellon/pipeline/head Build started... Details
2022-10-03 14:27:01 +02:00
Valentin Deniaud 865b285828 misc: apply django-upgrade (#69798) 2022-10-03 14:27:01 +02:00
Valentin Deniaud 9f406a321b misc: fix incorrect pre-commit info in readme 2022-09-29 18:28:50 +02:00
Valentin Deniaud e7a1aa5646 translation update 2022-09-29 14:57:26 +02:00
Valentin Deniaud 591344d21f templates: add blocktrans trimmed where useful (#69422) 2022-09-29 14:56:48 +02:00
Valentin Deniaud bd45e64b48 misc: add djhtml files/notes (#69422) 2022-09-29 12:21:08 +02:00
Valentin Deniaud d20066dc44 misc: apply djhtml (#69422) 2022-09-29 12:20:38 +02:00
Valentin Deniaud a7a3582c97 views: show debug login view on lasso exception (#68962) 2022-09-14 13:53:49 +02:00
Agate 98783c8574 django4: access request headers through request.headers instead of request.META (#68571) 2022-08-31 09:13:37 +02:00
Agate 7050da2320 django4: replaced urls.url with url.path equivalent (#68571) 2022-08-31 09:13:14 +02:00
Agate 1740cd7483 django4: replaced deprecated request.is_ajax() call (#68571) 2022-08-31 09:12:39 +02:00
Frédéric Péters 366758a54d misc: log when login is refused because of authn_classref mismatch (#68236) 2022-08-18 15:09:20 +02:00
Benjamin Dauvergne 437d1a3063 middleware: clear PASSIVE_TRIED_COOKIE when logged in (#67084) 2022-07-06 16:11:39 +02:00
Paul Marillonnet 1fa1541c02 views: use MELLON_OPENED_SESSION to anchor local session to the global session (#66747) 
If the MELLON_OPENED_SESSION cookie change or disappear during an opened
session, the user is automatically logged out. If it changes after a
previous passive login try, passive login is allowed again.
 2022-06-29 11:14:05 +02:00
Paul Marillonnet 025cda4293 tox: test with (bullseye-backports') django3.2 (#64309) 2022-04-20 15:01:59 +02:00
Paul Marillonnet 088dc5eeef setup: allow for (bullseye-backports') django3.2 version (#64309) 2022-04-20 15:01:59 +02:00
Paul Marillonnet e27bafd8cb handle long attribute truncate variations between django2 & 3 (#64309) 2022-04-20 15:01:59 +02:00
Paul Marillonnet dedd924f99 use force_str only when necessary (#64309) 2022-04-20 09:54:54 +02:00
Paul Marillonnet b4704b16c9 use django3.2-compatible re_path urls util (#64309) 2022-04-20 09:54:05 +02:00
Paul Marillonnet 509beeb6c4 discard deprecated ugettext* i18n utils (#64309) 2022-04-20 09:52:47 +02:00
Benjamin Dauvergne 7c9ca09de7 misc: remove six module usage (#63688) 2022-04-08 10:14:54 +02:00
Thomas NOËL 29c3d7aeb0 trivial: bump black version to 22.3.0 2022-03-31 12:17:43 +02:00
Frédéric Péters 8f49eb59b5 translation update 2022-03-25 09:02:58 +01:00
Frédéric Péters ff98a87158 translations: close quotes around username (#63178) 2022-03-25 09:02:43 +01:00
Frédéric Péters 6b3537d083 trivial: bump black version to 22.1.0 (#62312) 2022-03-01 19:30:33 +01:00
Frédéric Péters 12b92b1a9f debian: update django dependency to 2.2 2022-02-18 10:08:04 +01:00
Benjamin Dauvergne fc4f78c039 translation update 2022-02-04 13:25:52 +01:00
Benjamin Dauvergne 104d57f753 views: do not logout in sp_response_logout (#61431) 
It's already done in the initialization view, if a new session
has been open since we must keep it open.
 2022-02-04 13:02:12 +01:00
Benjamin Dauvergne 947c355baf views: keep next_url trough sp logout (#61431) 
* first, create relaystate before build logout.msgUrl
* second, retrieve it in sp_logout_response
 2022-02-04 13:00:55 +01:00
Frédéric Péters a2019a930c properly close meta refresh tag (#61020) 2022-01-24 16:57:02 +01:00
Emmanuel Cazenave 8ec0ea8ff6 jenkins: show execution context in coverage reports (#60446) 2022-01-11 16:03:08 +01:00
Frédéric Péters 8ed4373cca build: update setup.py to require at least django 2.2 2021-12-19 16:38:42 +01:00
Frédéric Péters 70586ce95d jenkins: build packages for buster & bullseye 2021-12-12 11:23:53 +01:00
Benjamin Dauvergne be1e50e826 views: log SAML response and assertion in debug view (#58915) 2021-11-23 19:21:23 +01:00
Valentin Deniaud 50cb52b160 views: render debug login template at the last moment (#58906) 2021-11-23 14:41:34 +01:00
Frédéric Péters b80bc26d73 build: bump black version 2021-11-22 22:07:54 +01:00
Frédéric Péters d5579dc095 debian: switch to debhelper-compat 12 (#57538) 2021-10-10 12:11:46 +02:00