Commit graph

168 commits

Author SHA1 Message Date
Jens Langhammer ff6e270886 sources/saml: fix AuthnRequest Singing for redirect bindings 2020-07-12 16:17:35 +02:00
Jens Langhammer 91766a2162 sources/saml: automatically add RelayState to build_auth_n_detached 2020-07-12 01:46:46 +02:00
Jens Langhammer a393097504 */saml: start implementing unittests, fix signing 2020-07-12 01:44:34 +02:00
Jens Langhammer 92a09be8c0 sources/saml: rewrite Processors and Views to directly build XML without templates 2020-07-11 01:02:55 +02:00
Jens Langhammer 8de3c4fbd6 sources/ldap: improve unittests 2020-07-10 20:21:51 +02:00
Jens Langhammer 7ac4242a38 e2e: add test for OAuth Enrollment -> OAuth Authentication 2020-07-10 00:14:48 +02:00
Jens Langhammer 4caa4be476 sources/oauth: fix UserOAuthSourceConnection not being assigned to user after enrollment
sources/oauth: separate handle_new_connection into handle_existing_user_link and handle_enroll
2020-07-10 00:07:59 +02:00
Jens Langhammer c6d8bae147 e2e: generate dex config dynamically 2020-07-09 23:15:22 +02:00
Jens Langhammer c70310730a sources/oauth: split up single large "core" views 2020-07-09 23:09:32 +02:00
Jens Langhammer e58ac7ae90 polices: add helper to remove None-value keys from dict for policies 2020-07-08 23:07:16 +02:00
Jens Langhammer d786fa4b7c sources/oauth: rewrite to not directly create user, pre-seed data into flow 2020-07-08 20:39:20 +02:00
Jens Langhammer 0e3e73989d sources/saml: Add NameID Policy field, sent with AuthnRequest 2020-07-08 16:18:09 +02:00
Jens Langhammer d831599608 core: make autosubmit_form generic template 2020-07-08 14:27:58 +02:00
Jens Langhammer 1e57926603 sources/saml: add POST_AUTO binding which auto redirects to IdP 2020-07-08 14:18:08 +02:00
Jens Langhammer 1524880eec core: add generic login/base_full template for static login views 2020-07-08 14:17:29 +02:00
Jens Langhammer 571cb3d65f sources/oauth: disable twitter source while its broken 2020-07-07 22:25:50 +02:00
Jens Langhammer 5644e57e6a sources/oauth: directly call AuthorizedServiceBackend instead of authenticate() 2020-07-07 22:23:45 +02:00
Jens Langhammer cfc181eed1 sources/oauth: fix wrong comparions
closes #118
2020-07-07 21:46:16 +02:00
Jens Langhammer c00e01626e sources/ldap: adjust task schedule name 2020-07-07 17:04:07 +02:00
Jens Langhammer af22f507f4 sources/oauth: fix template for user settings 2020-07-06 17:48:53 +02:00
Jens Langhammer 3b70d12a5f *: rephrase strings 2020-07-01 18:40:52 +02:00
Jens Langhammer 920858ff72 Merge branch 'master' into otp-rework
# Conflicts:
#	passbook/flows/models.py
#	passbook/stages/otp/models.py
#	swagger.yaml
2020-06-29 22:54:18 +02:00
Jens Langhammer d6a8d8292d core: UIUserSettings: remove icon, rename view_name to URL for complete URL 2020-06-29 16:20:33 +02:00
Jens Langhammer ec823aebed flows: update migrations to use update_or_create 2020-06-29 16:19:39 +02:00
Jens Langhammer 57a7bed99d sources/oauth: fix facebook provider 2020-06-25 10:24:53 +02:00
Jens Langhammer 05778d8065 sources/saml: minor formatting fixes 2020-06-24 22:46:20 +02:00
Jens Langhammer 31e0d74495 sources/saml: correctly cleanup transient users, update forms 2020-06-24 22:27:14 +02:00
Jens Langhammer 05999cb8c7 sources/saml: start implementing transient NameID format 2020-06-24 21:50:30 +02:00
Jens Langhammer c0d8aa2303 sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings 2020-06-24 13:12:34 +02:00
Jens Langhammer 52f138d402 sources/saml: improve error handing of invalid signatures 2020-06-23 21:49:27 +02:00
Jens Langhammer 6f0e292c43 root: add lgtm 2020-06-15 11:56:20 +02:00
Jens Langhammer 26aa7e1fef sources/ldap: fix 'LDAPSource' object has no attribute '_connection' 2020-06-09 01:17:17 +02:00
Jens Langhammer ee8313142f Merge branch 'docs-flows'
# Conflicts:
#	passbook/core/templates/partials/form_horizontal.html
2020-06-08 15:43:46 +02:00
Jens L 4915205678
WIP Use Flows for Sources and Providers (#32)
* core: start migrating to flows for authorisation

* sources/oauth: start type-hinting

* core: create default user

* core: only show user delete button if an unenrollment flow exists

* flows: Correctly check initial policies on flow with context

* policies: add more verbosity to engine

* sources/oauth: migrate to flows

* sources/oauth: fix typing errors

* flows: add more tests

* sources/oauth: start implementing unittests

* sources/ldap: add option to disable user sync, move connection init to model

* sources/ldap: re-add default PropertyMappings

* providers/saml: re-add default PropertyMappings

* admin: fix missing stage count

* stages/identification: fix sources not being shown

* crypto: fix being unable to save with private key

* crypto: re-add default self-signed keypair

* policies: rewrite cache_key to prevent wrong cache

* sources/saml: migrate to flows for auth and enrollment

* stages/consent: add new stage

* admin: fix PropertyMapping widget not rendering properly

* core: provider.authorization_flow is mandatory

* flows: add support for "autosubmit" attribute on form

* flows: add InMemoryStage for dynamic stages

* flows: optionally allow empty flows from FlowPlanner

* providers/saml: update to authorization_flow

* sources/*: fix flow executor URL

* flows: fix pylint error

* flows: wrap responses in JSON object to easily handle redirects

* flow: dont cache plan's context

* providers/oauth: rewrite OAuth2 Provider to use flows

* providers/*: update docstrings of models

* core: fix forms not passing help_text through safe

* flows: fix HttpResponses not being converted to JSON

* providers/oidc: rewrite to use flows

* flows: fix linting
2020-06-07 16:35:08 +02:00
Jens Langhammer 7664b428e7 sources/ldap: fix expression field not being CodeMirror 2020-06-05 20:18:45 +02:00
Jens Langhammer 30ca926b38 docs: remove last occurrences to jinja2 2020-06-05 20:18:11 +02:00
Jens L 73116b9d1a
policies/expression: migrate to raw python instead of jinja2 (#49)
* policies/expression: migrate to raw python instead of jinja2

* lib/expression: create base evaluator, custom subclass for policies

* core: rewrite propertymappings to use python

* providers/saml: update to new PropertyMappings

* sources/ldap: update to new PropertyMappings

* docs: update docs for new propertymappings

* root: remove jinja2

* root: re-add jinja to lock file as its implicitly required
2020-06-05 12:00:27 +02:00
Jens Langhammer ef913abc7a sources/ldap: add option to disable user sync, move connection init to model 2020-06-02 17:15:59 +02:00
Jens Langhammer ddfa2abbaa sources/ldap: re-add default PropertyMappings 2020-06-02 17:00:03 +02:00
Jens Langhammer 5fc5e54f47 sources/oauth: fix typing errors
# Conflicts:
#	passbook/sources/oauth/clients.py
2020-06-02 16:57:38 +02:00
Jens Langhammer e2804b9755 root: fix linting errors 2020-05-27 11:26:48 +02:00
Jens L beabba2890
flows: Load Stages without refreshing the whole page (#33)
* flows: initial implementation of FlowExecutorShell

* flows: load messages dynamically upon card refresh
2020-05-24 00:57:25 +02:00
Jens Langhammer 0664f0b6b2 flows: add support for default_context, etc
default_context can be used to influence policies during the planning. This should be used when the Planner is called from other views to correctly preseed the plan.
This also checks if there is a PENDING_USER set, and uses that user for the cache key instead
2020-05-20 16:15:16 +02:00
Jens Langhammer cafe2f1e1f admin: fix linting 2020-05-20 13:59:56 +02:00
Jens Langhammer 969da05437 admin: show object's docstring on inheritance based lists 2020-05-20 13:47:58 +02:00
Jens L 24a3e787dd
migrate to per-model UUID Primary key, remove UUIDModel (#26)
* *: migrate to per-model UUID Primary key, remove UUIDModel

* *: fix import order, fix unittests
2020-05-20 09:17:06 +02:00
Jens Langhammer 13a20478fd sources/oauth: add OIDC client 2020-05-19 21:53:46 +02:00
Jens Langhammer f58ee7fb52 sources/oauth: fix handling of sources with spaces in their name 2020-05-19 21:53:36 +02:00
Jens Langhammer a5319fc2fe *: rename templatetags to clearly identify 2020-05-15 10:54:31 +02:00
Jens Langhammer 212e966dd4 factors: -> stage 2020-05-08 20:59:51 +02:00
Jens Langhammer 2a85e5ae87 flows: complete migration to FlowExecutorView, fully use context 2020-05-08 16:10:27 +02:00
Jens Langhammer 114bb1b0bd flows: implement planner, start new executor 2020-05-08 14:33:14 +02:00
Jens Langhammer 5400882d78 flows/: more migration progress, consolidate views 2020-05-07 21:30:52 +02:00
Jens Langhammer 80d90b91e8 core: add general admin.py loader, remove individual files 2020-05-07 00:05:10 +02:00
Jens Langhammer dc8b89a6b9 sources/saml: switch to new crypto 2020-03-03 23:35:38 +01:00
Jens Langhammer 81b66ecdcd core: remove some more dead code, add more help texts for factors 2020-02-27 16:39:30 +01:00
Jens Langhammer f8599438df ui: fix lists not being rendered correctly 2020-02-24 13:13:42 +01:00
Jens Langhammer 64d7b009ab sources/oauth: fix invalid headers, fix invalid function signature 2020-02-23 19:42:57 +01:00
Jens Langhammer fa2870afe0 sources: remove policies as they are not used currently 2020-02-23 14:40:06 +01:00
Jens Langhammer f4a676e2fb sources/oauth: slugify provider type instead of just lowercase 2020-02-23 13:53:16 +01:00
Jens Langhammer 88c1ad4c1c providers/saml: fix 500 when SAML Provider not assigned to application 2020-02-21 20:54:00 +01:00
Jens Langhammer 1285ba6fbb ui: include font-awesome 2020-02-21 18:00:09 +01:00
Jens Langhammer a09a1793ec ui: update templates for jinja2-related fields 2020-02-21 15:36:37 +01:00
Jens Langhammer 8fd86a28ff ui: fixup minor issues, add static app 2020-02-21 11:20:55 +01:00
Jens Langhammer 32a15f84c0 root: run bandit as part of pre-commit 2020-02-21 09:03:59 +01:00
Jens Langhammer d988f37afc lib: add SentryIgnoredException, to easily ignore exceptions from sentry 2020-02-20 21:38:53 +01:00
Jens Langhammer 295c0bae3f sources/saml: validate SAMLResponse signature 2020-02-20 21:34:25 +01:00
Jens Langhammer 84fc54ddaa sources/saml: entity_id -> issuer 2020-02-20 17:23:27 +01:00
Jens Langhammer 0b5caa85f5 all: sort imports and cleanup 2020-02-20 17:23:05 +01:00
Jens Langhammer 14e0a17dbc ui: don't remove dashes when auto generating slug 2020-02-20 17:13:50 +01:00
Jens Langhammer 40a2a26904 sources/saml: fix Metadata cert including PEM header 2020-02-20 17:05:11 +01:00
Jens Langhammer c8b3c6e51a sources/saml: fix build_full_url using incorrect URL parameter 2020-02-20 17:04:54 +01:00
Jens Langhammer 6c889eff27 core: fix application icons not loading, fix with_sources being broken 2020-02-20 14:30:06 +01:00
Jens Langhammer 3c2b8e5ee1 all: prefix all UI related methods with ui_, switch to property and return dataclass 2020-02-20 13:51:41 +01:00
Jens Langhammer 07b7951390 sources/ldap: handle user_sync errors better, show warning when user exists already 2020-02-19 16:20:33 +01:00
Jens Langhammer 9267d0c1dd all: general maintenance, prepare for pyright 2020-02-18 22:12:51 +01:00
Jens Langhammer 865abc005a sources/oauth: remove leading spaces in default URLs 2020-02-18 21:49:53 +01:00
Jens Langhammer a2725d5b82 sources/oauth: remove redundant OAuth2Clients 2020-02-18 21:49:40 +01:00
Jens Langhammer 4a05bc6e02 sources/oauth: improve default OAuth2 Client, send access_token as Bearer Authz 2020-02-18 21:49:23 +01:00
Jens Langhammer 4e8238603a all: cleanup logging to be structured 2020-02-18 21:35:58 +01:00
Jens Langhammer 7c353f9297 sources/oauth: remove supervisr 2020-02-18 17:01:08 +01:00
Jens Langhammer 95416623b3 sources/ldap: better handle property mapping evaluation errors 2020-02-18 10:13:05 +01:00
Jens Langhammer 3aa2f1e892 *: propertymapping template -> expression 2020-02-17 20:38:14 +01:00
Jens Langhammer bc4b7ef44d providers/saml: add custom help text for templates, add docs for User Object reference 2020-02-17 20:30:14 +01:00
Jens Langhammer e57da71dcf sources/ldap: update LDAP source to use new property mappings 2020-02-17 17:55:48 +01:00
Jens Langhammer 41689fe3ce sources/* add missing migrations 2020-02-17 16:27:35 +01:00
Jens Langhammer e138076e1d sources/saml: move labels from forms to models 2020-02-16 12:34:46 +01:00
Jens Langhammer 721d133dc3 sources/oauth: move labels from form to models 2020-02-16 12:34:33 +01:00
Jens Langhammer 75b687ecbe sources/ldap: move labels from form to models 2020-02-16 12:30:45 +01:00
Jens Langhammer e36d7928e4 providers/saml: big cleanup, simplify base processor
add New fields for
 - assertion_valid_not_before
 - assertion_valid_not_on_or_after
 - session_valid_not_on_or_after
allow flexible time durations for these fields
fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00
Jens Langhammer 766518ee0e audit: sanitize kwargs when creating audit event 2019-12-31 13:33:07 +01:00
Jens Langhammer 3bd1eadd51 all: implement black as code formatter 2019-12-31 12:51:16 +01:00
Jens Langhammer 8eb3f0f708 ci: upgrade pylint to latest version
core: also upgrade kombu as https://github.com/celery/kombu/issues/1101 is fixed now
2019-12-31 12:45:29 +01:00
Jens Langhammer 31ea2e7139 audit: fix internal server error from passing models 2019-12-31 11:40:03 +01:00
Jens Langhammer 807cbbeaaf audit: rewrite to be independent of django http requests, allow custom actions 2019-12-05 16:14:08 +01:00
Jens Langhammer 74cd0bc08f all(minor): remove old, unused code 2019-12-05 15:07:37 +01:00
Langhammer, Jens 44c0eb37cf sources/saml(minor): fix lint issue 2019-11-07 18:02:59 +01:00
Langhammer, Jens adc3dcc2c4 sources/saml(minor): disallow login if source is not enabled 2019-11-07 17:35:25 +01:00
Langhammer, Jens bac8227371 sources/saml(minor): fix fields not being shown 2019-11-07 17:28:59 +01:00
Langhammer, Jens dabce36667 sources/saml(major): add saml SP 2019-11-07 17:02:56 +01:00