Jens Langhammer
cba78b4de7
providers/*: fix launch_url not working
2020-09-17 21:53:57 +02:00
Jens Langhammer
4b39c71de0
providers/oauth2: accept token as post param
2020-09-16 23:38:55 +02:00
Jens Langhammer
818f417fd8
providers/oauth2: only send id_token as access_token if ADFS compat mode is enabled
2020-09-16 23:31:03 +02:00
Jens Langhammer
1e97af772f
providers/oauth2: add workaround for vcenter
2020-09-15 20:54:54 +02:00
Jens Langhammer
5c622cd4d2
providers/oauth2: make sub configurable based on hash, username, email and upn
2020-09-15 20:54:42 +02:00
Jens Langhammer
3cf558d594
providers/*: pass policy result objects when access denied
2020-09-14 21:52:25 +02:00
Jens Langhammer
e21ed92848
providers/oauth2: ensure flow is cleaned up on error
2020-09-14 18:40:44 +02:00
Jens Langhammer
2c07859b68
core: add automatic launch_url detection based on provider
2020-09-14 18:12:42 +02:00
Jens Langhammer
ae6304c05e
providers/proxy: fix provider requiring a certificate to be selected
2020-09-14 17:37:06 +02:00
Jens Langhammer
810f10edfe
providers/oauth2: fix several small implicit flow errors
2020-09-14 00:11:11 +02:00
Jens Langhammer
1c57128f11
providers/oauth2: fix token to code_token
2020-09-13 23:42:45 +02:00
Jens Langhammer
7fe9b8f0b4
providers/proxy: add domainless URL Validator
2020-09-13 21:52:34 +02:00
Jens Langhammer
ca0ba85023
providers/saml: disallow idp-initiated SSO by default and validate Request ID
2020-09-12 00:53:44 +02:00
Jens L
23cccebb96
pytest ( #209 )
2020-09-11 23:21:11 +02:00
Jens Langhammer
b3468bc265
providers/oauth2: fix comparison to undefined ResponseTypes
2020-09-10 16:26:55 +02:00
Jens L
268de20872
Proxy v2 ( #189 )
2020-09-03 00:04:12 +02:00
Jens L
ff810c689f
Replace Elastic APM with Sentry APM ( #183 )
2020-08-20 20:39:21 +02:00
Jens Langhammer
0eb94df1f7
providers/oauth2: fix redirect_uri not being checked correctly if multiple redirect_uris are configured
2020-08-20 16:41:00 +02:00
Jens L
c7a2410b1d
OAuth Provider Rewrite ( #182 )
2020-08-19 10:32:44 +02:00
Jens Langhammer
de2b67b111
providers/app_gw: improve templates
2020-08-01 22:13:12 +02:00
Jens Langhammer
e1bbbe6671
providers/app_gw: disable client authz to use passbook
2020-08-01 20:53:55 +02:00
Jens Langhammer
8b3839343c
providers/oidc: remove static lookup for OIDCProvider, get related object for app_gw
2020-08-01 20:53:33 +02:00
Jens Langhammer
7897ca4744
providers/app_gw: fix Client scopes and URLs
2020-08-01 20:33:38 +02:00
Jens Langhammer
1a21012911
providers/app_gw: fix URL Validation not working for internal and external host
2020-08-01 20:02:43 +02:00
Jens Langhammer
d4a5269bf1
*: Adjust forms to only show respective types of Flows and PropertyMappings
2020-08-01 20:02:23 +02:00
Jens Langhammer
fcf70a3cd4
providers/app_gw: Fix K8s template labels, add missing ISSUER_URL
2020-08-01 19:47:40 +02:00
Jens Langhammer
1a6dd00681
providers/saml: fix X509Data container linebreaks
2020-08-01 19:38:59 +02:00
Jens Langhammer
330bd0932b
providers/saml: fix NotOnOrAfter using incorrect timestamp
2020-08-01 19:38:41 +02:00
Jens Langhammer
ddb0fdee98
providers/app_gw: generate docker-compose in code
2020-07-26 22:01:37 +02:00
Jens Langhammer
83205f1b49
providers/app_gw: use full URL with protocol for internal/external_host
2020-07-26 22:01:20 +02:00
Jens Langhammer
ae629d1159
providers/oauth: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
2020-07-25 21:36:50 +02:00
Jens Langhammer
72a6f9cbe0
providers/saml: remove LoginRequired from SAMLSSOView as user is redirected within
2020-07-25 21:36:28 +02:00
Jens Langhammer
9793b7461b
providers/oidc: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
2020-07-25 21:35:38 +02:00
Jens Langhammer
9c1a824dc4
providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret
2020-07-25 21:34:14 +02:00
Jens Langhammer
37a432267d
Squashed commit of the following:
...
commit 88029a4335
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 16:55:55 2020 +0200
admin: update to work with new form
commit 4040eb9619
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 16:43:30 2020 +0200
*: remove path-based import from all PropertyMappings
commit c9663a08da
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 16:33:34 2020 +0200
flows: update work with new stages
commit a3d92ebc0a
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 16:23:30 2020 +0200
stages/*: remove path-based import from all stages
commit 6fa825e372
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 16:03:55 2020 +0200
providers/*: remove path-based import from all providers
commit 6aefd072c8
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 15:58:48 2020 +0200
policies/*: remove path-based import from all policies
commit ac2dd3611f
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 15:11:27 2020 +0200
sources/*: remove path-based import from all sources
commit 74e628ce9c
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 14:43:38 2020 +0200
ui: allow overriding of verbose_name
commit d4ee18ee32
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon Jul 20 14:08:27 2020 +0200
sources/oauth: migrate from discordapp.com to discord.com
2020-07-20 18:17:14 +02:00
Jens Langhammer
37b2400cdb
lib: move SAML timestring utils into lib
2020-07-20 11:35:16 +02:00
Jens Langhammer
b452e751ea
flows: add SESSION_KEY_APPLICATION_PRE
...
whenever a user tries to access an application without being authenticated to passbook, we now show notice which application they are going to continue to.
2020-07-12 22:47:46 +02:00
Jens Langhammer
f7b9de1261
*/saml: fix MetadataProcessor having generic namespace prefixes
2020-07-12 18:40:43 +02:00
Jens Langhammer
1675dab314
providers/saml: fix encoding for POST bindings
2020-07-12 17:58:38 +02:00
Jens Langhammer
be6f342e58
providers/saml: fix RelayState being included when None given
2020-07-12 17:22:14 +02:00
Jens Langhammer
464b558a02
*/saml: fix typo
2020-07-12 17:20:41 +02:00
Jens Langhammer
d1151091cd
providers/saml: Generate NameID Value based on NameID Policy received
2020-07-12 17:06:35 +02:00
Jens Langhammer
f8e5383ba2
providers/saml: parse NameID Policy from AuthnRequest
2020-07-12 17:05:48 +02:00
Jens Langhammer
0ff4545bab
providers/saml: fix AuthnRequest Signature validation, add unittests
2020-07-12 16:17:53 +02:00
Jens Langhammer
a393097504
*/saml: start implementing unittests, fix signing
2020-07-12 01:44:34 +02:00
Jens Langhammer
2056b86ce7
providers/saml: rewrite SAML AuthNRequest Parser and Response Processor
2020-07-11 14:06:42 +02:00
Jens Langhammer
1b0c013d8e
providers/saml: remove processor_path field
2020-07-11 13:28:10 +02:00
Jens Langhammer
92a09be8c0
sources/saml: rewrite Processors and Views to directly build XML without templates
2020-07-11 01:02:55 +02:00
Jens Langhammer
d831599608
core: make autosubmit_form generic template
2020-07-08 14:27:58 +02:00
Jens Langhammer
1524880eec
core: add generic login/base_full template for static login views
2020-07-08 14:17:29 +02:00
Jens Langhammer
0bfb623f97
providers/saml: fix autosubmit_form using wrong template
2020-07-08 14:12:44 +02:00
Jens Langhammer
2dc1b65718
ui: fix modal layout
2020-07-06 20:50:14 +02:00
Jens Langhammer
2402cfe29d
providers/* use name for __str__
2020-07-05 23:00:40 +02:00
Jens Langhammer
bead19c64c
flows: cleanup denied view, use everywhere
2020-07-02 13:48:42 +02:00
Jens Langhammer
ae83ee6d31
providers/saml: fix access result not being checked properly
2020-07-02 00:23:52 +02:00
Jens Langhammer
bd40585247
providers/samlv2: remove SAMLv2 from master
2020-07-01 23:21:58 +02:00
Jens Langhammer
cc0b8164b0
providers/*: use PolicyAccessMixin to simplify
2020-07-01 23:18:10 +02:00
Jens Langhammer
3b70d12a5f
*: rephrase strings
2020-07-01 18:40:52 +02:00
Jens Langhammer
d33f632203
flows: add CancelView to cancel current flow execution
2020-06-30 00:11:01 +02:00
Jens Langhammer
c0d8aa2303
sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings
2020-06-24 13:12:34 +02:00
Jens Langhammer
4d81172a48
providers/oauth: add support for consent stage, cleanup
2020-06-20 23:30:53 +02:00
Jens Langhammer
c97b946a00
providers/saml: make SAML provider compatible with consent
2020-06-20 22:30:45 +02:00
Jens Langhammer
3753275453
providers/saml: make metadata accessible without authentication
2020-06-20 21:51:52 +02:00
Jens Langhammer
e4cb9b7ff9
providers/saml: fix provider has no attribute sp_binding
2020-06-20 21:49:48 +02:00
Jens Langhammer
a0f05caf8e
providers/saml: move templates into correct folder
2020-06-20 21:49:16 +02:00
Jens Langhammer
42e9ce4f72
providers/*: fix plan stages not being injected properly
2020-06-20 19:40:25 +02:00
Jens Langhammer
331faa53bc
providers/saml: fix metadata template using wrong templates
2020-06-20 19:35:48 +02:00
Jens Langhammer
03b1a67b44
flows: change wording of consent on flows
2020-06-19 20:33:41 +02:00
Jens Langhammer
3a40e50fa0
providers/oidc: add template for consent
2020-06-19 20:19:31 +02:00
Jens Langhammer
73e7158178
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes
2020-06-19 19:45:27 +02:00
Jens Langhammer
8c6a4a4968
e2e: test against standalone chrome instance, start implementing oidc provider test
2020-06-19 18:19:20 +02:00
Jens Langhammer
bdf0e74af3
docs: add supported scopes of oauth provider
2020-06-18 19:39:58 +02:00
Jens Langhammer
5e8a1e3c0d
*: make email naming consistent
2020-06-18 19:35:59 +02:00
Jens Langhammer
6f0e292c43
root: add lgtm
2020-06-15 11:56:20 +02:00
Jens Langhammer
bd312b60fc
gatekeeper: update upstream docker image
2020-06-09 09:26:03 +02:00
Jens Langhammer
ee8313142f
Merge branch 'docs-flows'
...
# Conflicts:
# passbook/core/templates/partials/form_horizontal.html
2020-06-08 15:43:46 +02:00
Jens L
4915205678
WIP Use Flows for Sources and Providers ( #32 )
...
* core: start migrating to flows for authorisation
* sources/oauth: start type-hinting
* core: create default user
* core: only show user delete button if an unenrollment flow exists
* flows: Correctly check initial policies on flow with context
* policies: add more verbosity to engine
* sources/oauth: migrate to flows
* sources/oauth: fix typing errors
* flows: add more tests
* sources/oauth: start implementing unittests
* sources/ldap: add option to disable user sync, move connection init to model
* sources/ldap: re-add default PropertyMappings
* providers/saml: re-add default PropertyMappings
* admin: fix missing stage count
* stages/identification: fix sources not being shown
* crypto: fix being unable to save with private key
* crypto: re-add default self-signed keypair
* policies: rewrite cache_key to prevent wrong cache
* sources/saml: migrate to flows for auth and enrollment
* stages/consent: add new stage
* admin: fix PropertyMapping widget not rendering properly
* core: provider.authorization_flow is mandatory
* flows: add support for "autosubmit" attribute on form
* flows: add InMemoryStage for dynamic stages
* flows: optionally allow empty flows from FlowPlanner
* providers/saml: update to authorization_flow
* sources/*: fix flow executor URL
* flows: fix pylint error
* flows: wrap responses in JSON object to easily handle redirects
* flow: dont cache plan's context
* providers/oauth: rewrite OAuth2 Provider to use flows
* providers/*: update docstrings of models
* core: fix forms not passing help_text through safe
* flows: fix HttpResponses not being converted to JSON
* providers/oidc: rewrite to use flows
* flows: fix linting
2020-06-07 16:35:08 +02:00
Jens Langhammer
7664b428e7
sources/ldap: fix expression field not being CodeMirror
2020-06-05 20:18:45 +02:00
Jens Langhammer
30ca926b38
docs: remove last occurrences to jinja2
2020-06-05 20:18:11 +02:00
Jens L
73116b9d1a
policies/expression: migrate to raw python instead of jinja2 ( #49 )
...
* policies/expression: migrate to raw python instead of jinja2
* lib/expression: create base evaluator, custom subclass for policies
* core: rewrite propertymappings to use python
* providers/saml: update to new PropertyMappings
* sources/ldap: update to new PropertyMappings
* docs: update docs for new propertymappings
* root: remove jinja2
* root: re-add jinja to lock file as its implicitly required
2020-06-05 12:00:27 +02:00
Jens Langhammer
8080b0380e
providers/saml: re-add default PropertyMappings
2020-06-02 17:00:03 +02:00
Jens L
df8995deed
policies/*: remove Policy.negate, order, timeout ( #39 )
...
policies: rewrite engine to use PolicyBinding for order/negate/timeout
policies: rewrite engine to use PolicyResult instead of tuple
2020-05-28 21:45:54 +02:00
Jens Langhammer
e2804b9755
root: fix linting errors
2020-05-27 11:26:48 +02:00
Jens L
beabba2890
flows: Load Stages without refreshing the whole page ( #33 )
...
* flows: initial implementation of FlowExecutorShell
* flows: load messages dynamically upon card refresh
2020-05-24 00:57:25 +02:00
Jens L
24a3e787dd
migrate to per-model UUID Primary key, remove UUIDModel ( #26 )
...
* *: migrate to per-model UUID Primary key, remove UUIDModel
* *: fix import order, fix unittests
2020-05-20 09:17:06 +02:00
Jens Langhammer
c903c81bd5
root: update pylint ignore list
2020-05-18 18:15:39 +02:00
Jens Langhammer
7bd65120b9
*: migrate from PolicyModel to PolicyBindingModel, move Policy to passbook_policies
2020-05-16 18:07:00 +02:00
Jens Langhammer
406f69080b
Revert "*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through"
...
This reverts commit 7ed3ceb960
.
2020-05-16 16:02:42 +02:00
Jens Langhammer
7ed3ceb960
*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through
2020-05-16 14:03:57 +02:00
Jens Langhammer
a5319fc2fe
*: rename templatetags to clearly identify
2020-05-15 10:54:31 +02:00
Jens Langhammer
80c3246333
policies/expression: add pb_flow_plan variable
2020-05-13 18:44:36 +02:00
Jens Langhammer
e12780f78f
flows: add invalidation designation, use as default logout action
2020-05-11 01:12:57 +02:00
Jens Langhammer
3456527f10
providers/saml: fix minor typing issue
2020-05-09 20:54:11 +02:00
Jens Langhammer
114bb1b0bd
flows: implement planner, start new executor
2020-05-08 14:33:14 +02:00
Jens Langhammer
97b5d120f8
providers/oauth: fix default cors settings
2020-05-08 11:26:26 +02:00
Jens Langhammer
179f0097c0
provider/samlv2: more samlv2 progres
2020-05-07 19:25:15 +02:00
Jens Langhammer
b40bffdf38
providers/samlv2: start implementing new SAML Provider
2020-05-07 01:20:08 +02:00
Jens Langhammer
813dd2894f
*: add pyright type checking
2020-05-07 00:32:03 +02:00
Jens Langhammer
80d90b91e8
core: add general admin.py loader, remove individual files
2020-05-07 00:05:10 +02:00
Jens Langhammer
fff05e35ac
providers/saml: optionally verify SAML Signature
2020-05-06 18:03:12 +02:00