Commit Graph

234 Commits

Author SHA1 Message Date
Jens Langhammer cba78b4de7 providers/*: fix launch_url not working 2020-09-17 21:53:57 +02:00
Jens Langhammer 4b39c71de0 providers/oauth2: accept token as post param 2020-09-16 23:38:55 +02:00
Jens Langhammer 818f417fd8 providers/oauth2: only send id_token as access_token if ADFS compat mode is enabled 2020-09-16 23:31:03 +02:00
Jens Langhammer 1e97af772f providers/oauth2: add workaround for vcenter 2020-09-15 20:54:54 +02:00
Jens Langhammer 5c622cd4d2 providers/oauth2: make sub configurable based on hash, username, email and upn 2020-09-15 20:54:42 +02:00
Jens Langhammer 3cf558d594 providers/*: pass policy result objects when access denied 2020-09-14 21:52:25 +02:00
Jens Langhammer e21ed92848 providers/oauth2: ensure flow is cleaned up on error 2020-09-14 18:40:44 +02:00
Jens Langhammer 2c07859b68 core: add automatic launch_url detection based on provider 2020-09-14 18:12:42 +02:00
Jens Langhammer ae6304c05e providers/proxy: fix provider requiring a certificate to be selected 2020-09-14 17:37:06 +02:00
Jens Langhammer 810f10edfe providers/oauth2: fix several small implicit flow errors 2020-09-14 00:11:11 +02:00
Jens Langhammer 1c57128f11 providers/oauth2: fix token to code_token 2020-09-13 23:42:45 +02:00
Jens Langhammer 7fe9b8f0b4 providers/proxy: add domainless URL Validator 2020-09-13 21:52:34 +02:00
Jens Langhammer ca0ba85023 providers/saml: disallow idp-initiated SSO by default and validate Request ID 2020-09-12 00:53:44 +02:00
Jens L 23cccebb96
pytest (#209) 2020-09-11 23:21:11 +02:00
Jens Langhammer b3468bc265 providers/oauth2: fix comparison to undefined ResponseTypes 2020-09-10 16:26:55 +02:00
Jens L 268de20872
Proxy v2 (#189) 2020-09-03 00:04:12 +02:00
Jens L ff810c689f
Replace Elastic APM with Sentry APM (#183) 2020-08-20 20:39:21 +02:00
Jens Langhammer 0eb94df1f7 providers/oauth2: fix redirect_uri not being checked correctly if multiple redirect_uris are configured 2020-08-20 16:41:00 +02:00
Jens L c7a2410b1d
OAuth Provider Rewrite (#182) 2020-08-19 10:32:44 +02:00
Jens Langhammer de2b67b111 providers/app_gw: improve templates 2020-08-01 22:13:12 +02:00
Jens Langhammer e1bbbe6671 providers/app_gw: disable client authz to use passbook 2020-08-01 20:53:55 +02:00
Jens Langhammer 8b3839343c providers/oidc: remove static lookup for OIDCProvider, get related object for app_gw 2020-08-01 20:53:33 +02:00
Jens Langhammer 7897ca4744 providers/app_gw: fix Client scopes and URLs 2020-08-01 20:33:38 +02:00
Jens Langhammer 1a21012911 providers/app_gw: fix URL Validation not working for internal and external host 2020-08-01 20:02:43 +02:00
Jens Langhammer d4a5269bf1 *: Adjust forms to only show respective types of Flows and PropertyMappings 2020-08-01 20:02:23 +02:00
Jens Langhammer fcf70a3cd4 providers/app_gw: Fix K8s template labels, add missing ISSUER_URL 2020-08-01 19:47:40 +02:00
Jens Langhammer 1a6dd00681 providers/saml: fix X509Data container linebreaks 2020-08-01 19:38:59 +02:00
Jens Langhammer 330bd0932b providers/saml: fix NotOnOrAfter using incorrect timestamp 2020-08-01 19:38:41 +02:00
Jens Langhammer ddb0fdee98 providers/app_gw: generate docker-compose in code 2020-07-26 22:01:37 +02:00
Jens Langhammer 83205f1b49 providers/app_gw: use full URL with protocol for internal/external_host 2020-07-26 22:01:20 +02:00
Jens Langhammer ae629d1159 providers/oauth: remove LoginRequired from AuthorizationFlowInitView as user is redirected within 2020-07-25 21:36:50 +02:00
Jens Langhammer 72a6f9cbe0 providers/saml: remove LoginRequired from SAMLSSOView as user is redirected within 2020-07-25 21:36:28 +02:00
Jens Langhammer 9793b7461b providers/oidc: remove LoginRequired from AuthorizationFlowInitView as user is redirected within 2020-07-25 21:35:38 +02:00
Jens Langhammer 9c1a824dc4 providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret 2020-07-25 21:34:14 +02:00
Jens Langhammer 37a432267d Squashed commit of the following:
commit 88029a4335
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 16:55:55 2020 +0200

    admin: update to work with new form

commit 4040eb9619
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 16:43:30 2020 +0200

    *: remove path-based import from all PropertyMappings

commit c9663a08da
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 16:33:34 2020 +0200

    flows: update work with new stages

commit a3d92ebc0a
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 16:23:30 2020 +0200

    stages/*: remove path-based import from all stages

commit 6fa825e372
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 16:03:55 2020 +0200

    providers/*: remove path-based import from all providers

commit 6aefd072c8
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 15:58:48 2020 +0200

    policies/*: remove path-based import from all policies

commit ac2dd3611f
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 15:11:27 2020 +0200

    sources/*: remove path-based import from all sources

commit 74e628ce9c
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 14:43:38 2020 +0200

    ui: allow overriding of verbose_name

commit d4ee18ee32
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Mon Jul 20 14:08:27 2020 +0200

    sources/oauth: migrate from discordapp.com to discord.com
2020-07-20 18:17:14 +02:00
Jens Langhammer 37b2400cdb lib: move SAML timestring utils into lib 2020-07-20 11:35:16 +02:00
Jens Langhammer b452e751ea flows: add SESSION_KEY_APPLICATION_PRE
whenever a user tries to access an application without being authenticated to passbook, we now show notice which application they are going to continue to.
2020-07-12 22:47:46 +02:00
Jens Langhammer f7b9de1261 */saml: fix MetadataProcessor having generic namespace prefixes 2020-07-12 18:40:43 +02:00
Jens Langhammer 1675dab314 providers/saml: fix encoding for POST bindings 2020-07-12 17:58:38 +02:00
Jens Langhammer be6f342e58 providers/saml: fix RelayState being included when None given 2020-07-12 17:22:14 +02:00
Jens Langhammer 464b558a02 */saml: fix typo 2020-07-12 17:20:41 +02:00
Jens Langhammer d1151091cd providers/saml: Generate NameID Value based on NameID Policy received 2020-07-12 17:06:35 +02:00
Jens Langhammer f8e5383ba2 providers/saml: parse NameID Policy from AuthnRequest 2020-07-12 17:05:48 +02:00
Jens Langhammer 0ff4545bab providers/saml: fix AuthnRequest Signature validation, add unittests 2020-07-12 16:17:53 +02:00
Jens Langhammer a393097504 */saml: start implementing unittests, fix signing 2020-07-12 01:44:34 +02:00
Jens Langhammer 2056b86ce7 providers/saml: rewrite SAML AuthNRequest Parser and Response Processor 2020-07-11 14:06:42 +02:00
Jens Langhammer 1b0c013d8e providers/saml: remove processor_path field 2020-07-11 13:28:10 +02:00
Jens Langhammer 92a09be8c0 sources/saml: rewrite Processors and Views to directly build XML without templates 2020-07-11 01:02:55 +02:00
Jens Langhammer d831599608 core: make autosubmit_form generic template 2020-07-08 14:27:58 +02:00
Jens Langhammer 1524880eec core: add generic login/base_full template for static login views 2020-07-08 14:17:29 +02:00
Jens Langhammer 0bfb623f97 providers/saml: fix autosubmit_form using wrong template 2020-07-08 14:12:44 +02:00
Jens Langhammer 2dc1b65718 ui: fix modal layout 2020-07-06 20:50:14 +02:00
Jens Langhammer 2402cfe29d providers/* use name for __str__ 2020-07-05 23:00:40 +02:00
Jens Langhammer bead19c64c flows: cleanup denied view, use everywhere 2020-07-02 13:48:42 +02:00
Jens Langhammer ae83ee6d31 providers/saml: fix access result not being checked properly 2020-07-02 00:23:52 +02:00
Jens Langhammer bd40585247 providers/samlv2: remove SAMLv2 from master 2020-07-01 23:21:58 +02:00
Jens Langhammer cc0b8164b0 providers/*: use PolicyAccessMixin to simplify 2020-07-01 23:18:10 +02:00
Jens Langhammer 3b70d12a5f *: rephrase strings 2020-07-01 18:40:52 +02:00
Jens Langhammer d33f632203 flows: add CancelView to cancel current flow execution 2020-06-30 00:11:01 +02:00
Jens Langhammer c0d8aa2303 sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings 2020-06-24 13:12:34 +02:00
Jens Langhammer 4d81172a48 providers/oauth: add support for consent stage, cleanup 2020-06-20 23:30:53 +02:00
Jens Langhammer c97b946a00 providers/saml: make SAML provider compatible with consent 2020-06-20 22:30:45 +02:00
Jens Langhammer 3753275453 providers/saml: make metadata accessible without authentication 2020-06-20 21:51:52 +02:00
Jens Langhammer e4cb9b7ff9 providers/saml: fix provider has no attribute sp_binding 2020-06-20 21:49:48 +02:00
Jens Langhammer a0f05caf8e providers/saml: move templates into correct folder 2020-06-20 21:49:16 +02:00
Jens Langhammer 42e9ce4f72 providers/*: fix plan stages not being injected properly 2020-06-20 19:40:25 +02:00
Jens Langhammer 331faa53bc providers/saml: fix metadata template using wrong templates 2020-06-20 19:35:48 +02:00
Jens Langhammer 03b1a67b44 flows: change wording of consent on flows 2020-06-19 20:33:41 +02:00
Jens Langhammer 3a40e50fa0 providers/oidc: add template for consent 2020-06-19 20:19:31 +02:00
Jens Langhammer 73e7158178 e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes 2020-06-19 19:45:27 +02:00
Jens Langhammer 8c6a4a4968 e2e: test against standalone chrome instance, start implementing oidc provider test 2020-06-19 18:19:20 +02:00
Jens Langhammer bdf0e74af3 docs: add supported scopes of oauth provider 2020-06-18 19:39:58 +02:00
Jens Langhammer 5e8a1e3c0d *: make email naming consistent 2020-06-18 19:35:59 +02:00
Jens Langhammer 6f0e292c43 root: add lgtm 2020-06-15 11:56:20 +02:00
Jens Langhammer bd312b60fc gatekeeper: update upstream docker image 2020-06-09 09:26:03 +02:00
Jens Langhammer ee8313142f Merge branch 'docs-flows'
# Conflicts:
#	passbook/core/templates/partials/form_horizontal.html
2020-06-08 15:43:46 +02:00
Jens L 4915205678
WIP Use Flows for Sources and Providers (#32)
* core: start migrating to flows for authorisation

* sources/oauth: start type-hinting

* core: create default user

* core: only show user delete button if an unenrollment flow exists

* flows: Correctly check initial policies on flow with context

* policies: add more verbosity to engine

* sources/oauth: migrate to flows

* sources/oauth: fix typing errors

* flows: add more tests

* sources/oauth: start implementing unittests

* sources/ldap: add option to disable user sync, move connection init to model

* sources/ldap: re-add default PropertyMappings

* providers/saml: re-add default PropertyMappings

* admin: fix missing stage count

* stages/identification: fix sources not being shown

* crypto: fix being unable to save with private key

* crypto: re-add default self-signed keypair

* policies: rewrite cache_key to prevent wrong cache

* sources/saml: migrate to flows for auth and enrollment

* stages/consent: add new stage

* admin: fix PropertyMapping widget not rendering properly

* core: provider.authorization_flow is mandatory

* flows: add support for "autosubmit" attribute on form

* flows: add InMemoryStage for dynamic stages

* flows: optionally allow empty flows from FlowPlanner

* providers/saml: update to authorization_flow

* sources/*: fix flow executor URL

* flows: fix pylint error

* flows: wrap responses in JSON object to easily handle redirects

* flow: dont cache plan's context

* providers/oauth: rewrite OAuth2 Provider to use flows

* providers/*: update docstrings of models

* core: fix forms not passing help_text through safe

* flows: fix HttpResponses not being converted to JSON

* providers/oidc: rewrite to use flows

* flows: fix linting
2020-06-07 16:35:08 +02:00
Jens Langhammer 7664b428e7 sources/ldap: fix expression field not being CodeMirror 2020-06-05 20:18:45 +02:00
Jens Langhammer 30ca926b38 docs: remove last occurrences to jinja2 2020-06-05 20:18:11 +02:00
Jens L 73116b9d1a
policies/expression: migrate to raw python instead of jinja2 (#49)
* policies/expression: migrate to raw python instead of jinja2

* lib/expression: create base evaluator, custom subclass for policies

* core: rewrite propertymappings to use python

* providers/saml: update to new PropertyMappings

* sources/ldap: update to new PropertyMappings

* docs: update docs for new propertymappings

* root: remove jinja2

* root: re-add jinja to lock file as its implicitly required
2020-06-05 12:00:27 +02:00
Jens Langhammer 8080b0380e providers/saml: re-add default PropertyMappings 2020-06-02 17:00:03 +02:00
Jens L df8995deed
policies/*: remove Policy.negate, order, timeout (#39)
policies: rewrite engine to use PolicyBinding for order/negate/timeout
policies: rewrite engine to use PolicyResult instead of tuple
2020-05-28 21:45:54 +02:00
Jens Langhammer e2804b9755 root: fix linting errors 2020-05-27 11:26:48 +02:00
Jens L beabba2890
flows: Load Stages without refreshing the whole page (#33)
* flows: initial implementation of FlowExecutorShell

* flows: load messages dynamically upon card refresh
2020-05-24 00:57:25 +02:00
Jens L 24a3e787dd
migrate to per-model UUID Primary key, remove UUIDModel (#26)
* *: migrate to per-model UUID Primary key, remove UUIDModel

* *: fix import order, fix unittests
2020-05-20 09:17:06 +02:00
Jens Langhammer c903c81bd5 root: update pylint ignore list 2020-05-18 18:15:39 +02:00
Jens Langhammer 7bd65120b9 *: migrate from PolicyModel to PolicyBindingModel, move Policy to passbook_policies 2020-05-16 18:07:00 +02:00
Jens Langhammer 406f69080b Revert "*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through"
This reverts commit 7ed3ceb960.
2020-05-16 16:02:42 +02:00
Jens Langhammer 7ed3ceb960 *: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through 2020-05-16 14:03:57 +02:00
Jens Langhammer a5319fc2fe *: rename templatetags to clearly identify 2020-05-15 10:54:31 +02:00
Jens Langhammer 80c3246333 policies/expression: add pb_flow_plan variable 2020-05-13 18:44:36 +02:00
Jens Langhammer e12780f78f flows: add invalidation designation, use as default logout action 2020-05-11 01:12:57 +02:00
Jens Langhammer 3456527f10 providers/saml: fix minor typing issue 2020-05-09 20:54:11 +02:00
Jens Langhammer 114bb1b0bd flows: implement planner, start new executor 2020-05-08 14:33:14 +02:00
Jens Langhammer 97b5d120f8 providers/oauth: fix default cors settings 2020-05-08 11:26:26 +02:00
Jens Langhammer 179f0097c0 provider/samlv2: more samlv2 progres 2020-05-07 19:25:15 +02:00
Jens Langhammer b40bffdf38 providers/samlv2: start implementing new SAML Provider 2020-05-07 01:20:08 +02:00
Jens Langhammer 813dd2894f *: add pyright type checking 2020-05-07 00:32:03 +02:00
Jens Langhammer 80d90b91e8 core: add general admin.py loader, remove individual files 2020-05-07 00:05:10 +02:00
Jens Langhammer fff05e35ac providers/saml: optionally verify SAML Signature 2020-05-06 18:03:12 +02:00