Commit graph

2236 commits

Author SHA1 Message Date
Jens L a81e277cfa
Merge pull request #128 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/fortawesome/fontawesome-free-5.14.0
build(deps): bump @fortawesome/fontawesome-free from 5.13.1 to 5.14.0 in /passbook/static/static
2020-07-16 16:01:42 +02:00
Jens L b4cb78f33f
Merge pull request #129 from BeryJu/dependabot/pip/boto3-1.14.21
build(deps): bump boto3 from 1.14.20 to 1.14.21
2020-07-16 16:01:20 +02:00
dependabot-preview[bot] 35c0a9532f
build(deps): bump boto3 from 1.14.20 to 1.14.21
Bumps [boto3](https://github.com/boto/boto3) from 1.14.20 to 1.14.21.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.20...1.14.21)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-16 05:18:26 +00:00
dependabot-preview[bot] aff074420b
build(deps): bump @fortawesome/fontawesome-free
Bumps [@fortawesome/fontawesome-free](https://github.com/FortAwesome/Font-Awesome) from 5.13.1 to 5.14.0.
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/master/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/Font-Awesome/compare/5.13.1...5.14.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-16 05:15:24 +00:00
Jens Langhammer edbea9ccff audit: fix list not having loginrequired
closes #127
2020-07-15 18:34:53 +02:00
Jens Langhammer 6b26e10ea2 new release: 0.9.0-rc1 2020-07-15 12:00:47 +02:00
Jens Langhammer a737335fdd ci: fix database connections failing 2020-07-14 22:55:30 +02:00
Jens Langhammer e15f7d7f28 flows: fix potential open redirect vuln 2020-07-14 21:57:28 +02:00
Jens Langhammer fbf9554a9e flows: fix SESSION_KEY_GET being deleted too early 2020-07-14 21:42:47 +02:00
Jens Langhammer 5f34b08433 ci: fix failed tests not failing CI pipeline 2020-07-14 21:36:40 +02:00
Jens L f67a03ad66
Merge pull request #126 from BeryJu/dependabot/pip/elastic-apm-5.8.1
build(deps): bump elastic-apm from 5.8.0 to 5.8.1
2020-07-14 09:19:07 +02:00
dependabot-preview[bot] 6095301337
build(deps): bump elastic-apm from 5.8.0 to 5.8.1
Bumps [elastic-apm](https://github.com/elastic/apm-agent-python) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/elastic/apm-agent-python/releases)
- [Changelog](https://github.com/elastic/apm-agent-python/blob/master/CHANGELOG.asciidoc)
- [Commits](https://github.com/elastic/apm-agent-python/compare/v5.8.0...v5.8.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-14 05:20:24 +00:00
Jens L 4a774b5885
Merge pull request #123 from BeryJu/dependabot/pip/pylint-django-2.1.0
build(deps-dev): bump pylint-django from 2.0.15 to 2.1.0
2020-07-13 16:49:33 +02:00
Jens L aa8fac3a06
Merge pull request #124 from BeryJu/dependabot/pip/django-prometheus-2.1.0.dev52
build(deps): bump django-prometheus from 2.1.0.dev46 to 2.1.0.dev52
2020-07-13 16:49:12 +02:00
Jens L b8407f5bf6
Merge pull request #125 from BeryJu/dependabot/pip/sentry-sdk-0.16.1
build(deps): bump sentry-sdk from 0.16.0 to 0.16.1
2020-07-13 16:49:02 +02:00
Jens L 989c426211
Merge branch 'master' into dependabot/pip/pylint-django-2.1.0 2020-07-13 16:16:16 +02:00
Jens L 9a888cfcf1
Merge branch 'master' into dependabot/pip/django-prometheus-2.1.0.dev52 2020-07-13 16:16:08 +02:00
Jens L 72ec871729
Merge branch 'master' into dependabot/pip/sentry-sdk-0.16.1 2020-07-13 16:15:58 +02:00
Jens Langhammer 8d58842c9b e2e: decrease timeouts to fix failed tests 2020-07-13 08:54:56 +02:00
dependabot-preview[bot] a90aa5e069
build(deps): bump sentry-sdk from 0.16.0 to 0.16.1
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGES.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/0.16.0...0.16.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-13 05:20:41 +00:00
dependabot-preview[bot] 639020a2e1
build(deps): bump django-prometheus from 2.1.0.dev46 to 2.1.0.dev52
Bumps [django-prometheus](https://github.com/korfuri/django-prometheus) from 2.1.0.dev46 to 2.1.0.dev52.
- [Release notes](https://github.com/korfuri/django-prometheus/releases)
- [Changelog](https://github.com/korfuri/django-prometheus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/korfuri/django-prometheus/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-13 05:18:58 +00:00
dependabot-preview[bot] 8e6f915ec6
build(deps-dev): bump pylint-django from 2.0.15 to 2.1.0
Bumps [pylint-django](https://github.com/PyCQA/pylint-django) from 2.0.15 to 2.1.0.
- [Release notes](https://github.com/PyCQA/pylint-django/releases)
- [Changelog](https://github.com/PyCQA/pylint-django/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/PyCQA/pylint-django/compare/v2.0.15...v2.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-13 05:17:14 +00:00
Jens Langhammer 6631471566 root: update version in readme 2020-07-12 22:53:25 +02:00
Jens Langhammer b452e751ea flows: add SESSION_KEY_APPLICATION_PRE
whenever a user tries to access an application without being authenticated to passbook, we now show notice which application they are going to continue to.
2020-07-12 22:47:46 +02:00
Jens Langhammer a3baa100d4 sources/saml: remove unused import 2020-07-12 18:55:26 +02:00
Jens Langhammer f7b9de1261 */saml: fix MetadataProcessor having generic namespace prefixes 2020-07-12 18:40:43 +02:00
Jens Langhammer 47ca566d06 sources/saml: fix MetadataProcessor not working, add unittests 2020-07-12 18:40:18 +02:00
Jens Langhammer a943d060d2 core: add separate autosubmit form for use without flows 2020-07-12 18:24:36 +02:00
Jens Langhammer 1675dab314 providers/saml: fix encoding for POST bindings 2020-07-12 17:58:38 +02:00
Jens Langhammer 996aa367d3 core: fix autosubmit_form loading full template 2020-07-12 17:45:03 +02:00
Jens Langhammer be6f342e58 providers/saml: fix RelayState being included when None given 2020-07-12 17:22:14 +02:00
Jens Langhammer 464b558a02 */saml: fix typo 2020-07-12 17:20:41 +02:00
Jens Langhammer d1151091cd providers/saml: Generate NameID Value based on NameID Policy received 2020-07-12 17:06:35 +02:00
Jens Langhammer f8e5383ba2 providers/saml: parse NameID Policy from AuthnRequest 2020-07-12 17:05:48 +02:00
Jens Langhammer 06f73512df lib/evaluator: add support for IP Address comparison 2020-07-12 16:36:49 +02:00
Jens Langhammer 0ff4545bab providers/saml: fix AuthnRequest Signature validation, add unittests 2020-07-12 16:17:53 +02:00
Jens Langhammer ff6e270886 sources/saml: fix AuthnRequest Singing for redirect bindings 2020-07-12 16:17:35 +02:00
Jens Langhammer 8aa0b72b67 e2e: only save screenshots in CI 2020-07-12 16:17:04 +02:00
Jens Langhammer 91766a2162 sources/saml: automatically add RelayState to build_auth_n_detached 2020-07-12 01:46:46 +02:00
Jens Langhammer a393097504 */saml: start implementing unittests, fix signing 2020-07-12 01:44:34 +02:00
Jens Langhammer 2056b86ce7 providers/saml: rewrite SAML AuthNRequest Parser and Response Processor 2020-07-11 14:06:42 +02:00
Jens Langhammer 1b0c013d8e providers/saml: remove processor_path field 2020-07-11 13:28:10 +02:00
Jens Langhammer 92a09be8c0 sources/saml: rewrite Processors and Views to directly build XML without templates 2020-07-11 01:02:55 +02:00
dependabot-preview[bot] 1e31cd03ed
build(deps): bump lxml from 4.5.1 to 4.5.2 (#121)
Bumps [lxml](https://github.com/lxml/lxml) from 4.5.1 to 4.5.2.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](https://github.com/lxml/lxml/compare/lxml-4.5.1...lxml-4.5.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Jens L <jens@beryju.org>
2020-07-10 23:31:13 +02:00
dependabot-preview[bot] dc863a6e87
build(deps): bump boto3 from 1.14.19 to 1.14.20 (#122)
Bumps [boto3](https://github.com/boto/boto3) from 1.14.19 to 1.14.20.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.19...1.14.20)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Jens L <jens@beryju.org>
2020-07-10 22:44:17 +02:00
Jens Langhammer d74366f413 policies/hibp: update for flows, add unittests 2020-07-10 20:57:15 +02:00
Jens Langhammer 5bcf2aef8c policies/password: Add Password Policy tests, update password policy for flows 2020-07-10 20:53:08 +02:00
Jens Langhammer 8de3c4fbd6 sources/ldap: improve unittests 2020-07-10 20:21:51 +02:00
Jens Langhammer c191b62245 ci: attempt to fix Coverage not being registered 2020-07-10 19:35:19 +02:00
Jens Langhammer 0babbde00e ci: fix test results not being merged correctly 2020-07-10 19:11:36 +02:00