Commit graph

54 commits

Author SHA1 Message Date
Jens Langhammer 525d271535 *: apply new black styling 2020-09-30 19:34:22 +02:00
Jens Langhammer 3cf558d594 providers/*: pass policy result objects when access denied 2020-09-14 21:52:25 +02:00
Jens Langhammer 72a6f9cbe0 providers/saml: remove LoginRequired from SAMLSSOView as user is redirected within 2020-07-25 21:36:28 +02:00
Jens Langhammer b452e751ea flows: add SESSION_KEY_APPLICATION_PRE
whenever a user tries to access an application without being authenticated to passbook, we now show notice which application they are going to continue to.
2020-07-12 22:47:46 +02:00
Jens Langhammer 1675dab314 providers/saml: fix encoding for POST bindings 2020-07-12 17:58:38 +02:00
Jens Langhammer be6f342e58 providers/saml: fix RelayState being included when None given 2020-07-12 17:22:14 +02:00
Jens Langhammer d1151091cd providers/saml: Generate NameID Value based on NameID Policy received 2020-07-12 17:06:35 +02:00
Jens Langhammer 0ff4545bab providers/saml: fix AuthnRequest Signature validation, add unittests 2020-07-12 16:17:53 +02:00
Jens Langhammer 2056b86ce7 providers/saml: rewrite SAML AuthNRequest Parser and Response Processor 2020-07-11 14:06:42 +02:00
Jens Langhammer d831599608 core: make autosubmit_form generic template 2020-07-08 14:27:58 +02:00
Jens Langhammer bead19c64c flows: cleanup denied view, use everywhere 2020-07-02 13:48:42 +02:00
Jens Langhammer ae83ee6d31 providers/saml: fix access result not being checked properly 2020-07-02 00:23:52 +02:00
Jens Langhammer cc0b8164b0 providers/*: use PolicyAccessMixin to simplify 2020-07-01 23:18:10 +02:00
Jens Langhammer c97b946a00 providers/saml: make SAML provider compatible with consent 2020-06-20 22:30:45 +02:00
Jens Langhammer 3753275453 providers/saml: make metadata accessible without authentication 2020-06-20 21:51:52 +02:00
Jens Langhammer e4cb9b7ff9 providers/saml: fix provider has no attribute sp_binding 2020-06-20 21:49:48 +02:00
Jens Langhammer a0f05caf8e providers/saml: move templates into correct folder 2020-06-20 21:49:16 +02:00
Jens Langhammer 42e9ce4f72 providers/*: fix plan stages not being injected properly 2020-06-20 19:40:25 +02:00
Jens Langhammer 6f0e292c43 root: add lgtm 2020-06-15 11:56:20 +02:00
Jens L 4915205678
WIP Use Flows for Sources and Providers (#32)
* core: start migrating to flows for authorisation

* sources/oauth: start type-hinting

* core: create default user

* core: only show user delete button if an unenrollment flow exists

* flows: Correctly check initial policies on flow with context

* policies: add more verbosity to engine

* sources/oauth: migrate to flows

* sources/oauth: fix typing errors

* flows: add more tests

* sources/oauth: start implementing unittests

* sources/ldap: add option to disable user sync, move connection init to model

* sources/ldap: re-add default PropertyMappings

* providers/saml: re-add default PropertyMappings

* admin: fix missing stage count

* stages/identification: fix sources not being shown

* crypto: fix being unable to save with private key

* crypto: re-add default self-signed keypair

* policies: rewrite cache_key to prevent wrong cache

* sources/saml: migrate to flows for auth and enrollment

* stages/consent: add new stage

* admin: fix PropertyMapping widget not rendering properly

* core: provider.authorization_flow is mandatory

* flows: add support for "autosubmit" attribute on form

* flows: add InMemoryStage for dynamic stages

* flows: optionally allow empty flows from FlowPlanner

* providers/saml: update to authorization_flow

* sources/*: fix flow executor URL

* flows: fix pylint error

* flows: wrap responses in JSON object to easily handle redirects

* flow: dont cache plan's context

* providers/oauth: rewrite OAuth2 Provider to use flows

* providers/*: update docstrings of models

* core: fix forms not passing help_text through safe

* flows: fix HttpResponses not being converted to JSON

* providers/oidc: rewrite to use flows

* flows: fix linting
2020-06-07 16:35:08 +02:00
Jens Langhammer e2804b9755 root: fix linting errors 2020-05-27 11:26:48 +02:00
Jens Langhammer 5f4452470b providers/saml: fix metadata rendering when no singing keypair is selected
closes PASSBOOK-44
2020-04-10 21:54:23 +02:00
Jens Langhammer f2119ce567 providers/saml: fix signing_kp typo 2020-03-05 17:09:08 +01:00
Jens Langhammer 80a50f9bdb providers/saml: switch to new crypto 2020-03-03 23:35:50 +01:00
Jens Langhammer 64f15eadbd providers/saml: fix CSRF errors with POST binding 2020-02-28 10:50:16 +01:00
Jens Langhammer b8daab4377 providers/saml: fix AccessRequiredView.dispatch not being called 2020-02-25 11:38:26 +01:00
Jens Langhammer c5b91bdae8 providers/saml: fix CannotHandleAssertion Error still being sent to sentry 2020-02-24 19:14:43 +01:00
Jens Langhammer 39a208c55f providers/saml: fix wrong key being used for params 2020-02-24 17:48:03 +01:00
Jens Langhammer a5bfef9b6b providers/saml: fix leftover data in session, fix IdP initiated login
move can_handle calls to binding endpoints (/login/ and /login/initiate/), so that /login/authorize/ works either way, can clean up the session and audit
2020-02-24 17:34:52 +01:00
Jens Langhammer 22838e66fe providers/saml: fix users being able to authenticate without audit logs being created 2020-02-24 14:40:12 +01:00
Jens Langhammer 8dbbe9102b ui: fix application grid icons, fix SAML Authorize 2020-02-21 22:16:58 +01:00
Jens Langhammer b6326f399c ui: clean up more generic forms, remove is_login everywhere 2020-02-21 15:00:45 +01:00
Jens Langhammer d06f1abb89 providers/saml: add POST binding support to Metadata 2020-02-20 17:38:42 +01:00
Jens Langhammer 027a64fad2 providers/saml: change default NameID Format to emailAddress 2020-02-20 17:37:09 +01:00
Jens Langhammer e0272a6422 providers/saml: Show error message when trying to get metadata without assigning application 2020-02-20 17:04:20 +01:00
Jens Langhammer d68c72f1fa lib: remove method_decorator Mixins 2020-02-18 22:28:47 +01:00
Jens Langhammer 9267d0c1dd all: general maintenance, prepare for pyright 2020-02-18 22:12:51 +01:00
Jens Langhammer 0c2dc309e7 providers/saml: fix metadata URLs using incorrect params 2020-02-18 20:14:28 +01:00
Jens Langhammer 1c1afca31f providers/saml: fix linting error 2020-02-18 11:34:04 +01:00
Jens Langhammer fbd4bdef33 providers/saml: add modal to show metadata without download 2020-02-18 10:57:43 +01:00
Jens Langhammer 5b22f9b6c3 providers/saml: transition to dataclass from dict, cleanup unused templates, add missing autosubmit_form 2020-02-18 10:57:30 +01:00
Jens Langhammer 32a48fa07a providers/saml: more typehints 2020-02-17 15:40:49 +01:00
Jens Langhammer bdd1863177 providers/saml: move field labels from Form into models 2020-02-16 12:30:26 +01:00
Jens Langhammer 571373866e providers/saml: some more cleanup, fix get_time_string when called without argument 2020-02-14 15:34:24 +01:00
Jens Langhammer e36d7928e4 providers/saml: big cleanup, simplify base processor
add New fields for
 - assertion_valid_not_before
 - assertion_valid_not_on_or_after
 - session_valid_not_on_or_after
allow flexible time durations for these fields
fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00
Jens Langhammer 766518ee0e audit: sanitize kwargs when creating audit event 2019-12-31 13:33:07 +01:00
Jens Langhammer 3bd1eadd51 all: implement black as code formatter 2019-12-31 12:51:16 +01:00
Jens Langhammer 8eb3f0f708 ci: upgrade pylint to latest version
core: also upgrade kombu as https://github.com/celery/kombu/issues/1101 is fixed now
2019-12-31 12:45:29 +01:00
Jens Langhammer 31ea2e7139 audit: fix internal server error from passing models 2019-12-31 11:40:03 +01:00
Jens Langhammer 807cbbeaaf audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 16:14:08 +01:00