Félix Rohrlich
80ef1741a7
feat : Added intruder lockout login delay
2024-12-10 14:23:11 +01:00
Félix Rohrlich
e1d70ef8cd
feat : Added sms OTP authentication and multi-factor authentication methods chaining
2024-12-10 11:27:18 +01:00
Félix Rohrlich
6d48ce9043
feat: Added email OTP authentication
2024-12-10 11:27:18 +01:00
Félix Rohrlich
c8e774ab46
refactor: moved reset-mfa cli function and added documentation and test cases for it
2024-12-10 11:27:18 +01:00
Félix Rohrlich
b01e8323d8
feat : Added HOTP authentication and CLI Multi-factor authentication reset
2024-12-10 11:27:18 +01:00
Félix Rohrlich
74e0c8d635
feat : Added time one-time password (TOTP) authentication
2024-12-10 11:27:18 +01:00
Stéphane
83ab381b13
fix: doc: add a missing dot
2024-12-08 20:04:37 +01:00
Éloi Rivard
723e39d268
Translated using Weblate (French)
...
Currently translated at 100.0% (401 of 401 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-12-08 12:22:49 +01:00
Éloi Rivard
13a98fda2c
doc: ACL permissions wording
2024-12-08 12:22:41 +01:00
Hosted Weblate
bfffd8a05d
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-12-08 10:58:33 +00:00
Éloi Rivard
bdb61a5b38
doc: password length configuration wording
2024-12-08 11:58:21 +01:00
Hosted Weblate
940f2ea078
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-12-08 11:36:47 +01:00
Éloi Rivard
e576a51554
doc: avoid ending sentences with ::
2024-12-08 11:36:38 +01:00
Hosted Weblate
648567be65
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-12-08 11:28:09 +01:00
Éloi Rivard
f06053b87e
doc: Fix logging configuration wording
2024-12-08 11:27:56 +01:00
Éloi Rivard
cee7401e1d
feat: show expired tokens on the token view page
2024-12-07 16:06:21 +01:00
Stéphane
9172a4adab
doc: fix: spellcheck some words
2024-12-07 15:56:17 +01:00
sebastien yaal
094cde81ca
Translated using Weblate (French)
...
Currently translated at 99.7% (398 of 399 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-12-06 20:37:07 +01:00
Éloi Rivard
bab6fc6504
feat: button to create a new client token
2024-12-06 20:21:14 +01:00
Éloi Rivard
662f60af86
fix: attribute types detection
2024-12-06 17:55:22 +01:00
Éloi Rivard
1bf196b5a2
refactor: User.subject type
2024-12-06 17:41:57 +01:00
Éloi Rivard
aa57daf7ce
chore: bump to zxcvbn-py-rs 0.2.0
2024-12-06 15:22:40 +01:00
Hosted Weblate
fa51155938
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-12-06 15:12:23 +01:00
sblondon
14620f40a2
Translated using Weblate (French)
...
Currently translated at 100.0% (398 of 398 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-12-06 15:12:22 +01:00
Éloi Rivard
5bc438d21d
feat: implement OIDC client_credentials flow
2024-12-06 15:09:25 +01:00
Éloi Rivard
21464e952a
fix: do not automatically load .env files
2024-12-05 15:14:12 +01:00
Hosted Weblate
e89c10934a
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-12-05 13:24:15 +01:00
Éloi Rivard
e58aea9a23
Translated using Weblate (French)
...
Currently translated at 100.0% (400 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-12-05 13:24:15 +01:00
Éloi Rivard
4181614364
chore: fix first login text mail message
2024-12-05 13:24:03 +01:00
Éloi Rivard
6d8799d052
refactor: use the Features class to know if a feature is available
...
instead of simply looking at the configuration
2024-12-05 12:20:30 +01:00
Éloi Rivard
c2101f91da
doc: fix documentation compilation warnings
2024-12-05 10:47:41 +01:00
ButterflyOfFire
e965c629b4
Translated using Weblate (Kabyle)
...
Currently translated at 18.5% (74 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/kab/
2024-12-05 10:36:37 +01:00
ButterflyOfFire
d72c3daf12
Translated using Weblate (Kabyle)
...
Currently translated at 13.7% (55 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/kab/
2024-12-03 22:00:32 +01:00
ButterflyOfFire
73bf51e89e
Added translation using Weblate (Kabyle)
2024-12-02 21:32:18 +01:00
Éloi Rivard
eb955ad5dc
chore: make converters work with model ids
2024-12-02 17:45:28 +01:00
Kamborio
c93989323b
Translated using Weblate (Spanish)
...
Currently translated at 100.0% (400 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-11-27 19:01:02 +00:00
sebastien yaal
aecb49c8ac
Translated using Weblate (French)
...
Currently translated at 100.0% (400 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-11-26 18:43:15 +01:00
Hosted Weblate
505986bc72
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-11-26 13:52:30 +01:00
sebastien yaal
015d173d22
Translated using Weblate (French)
...
Currently translated at 97.7% (391 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-11-26 13:52:30 +01:00
sebastien
354ffc4b94
replaces http://127.0.0.1:5000 by {{ site_url }}
2024-11-26 13:37:28 +01:00
Éloi Rivard
91c82dad4d
fix: do not attempt to configure email_validator if absent
2024-11-22 15:21:18 +01:00
Éloi Rivard
3ecda0ceab
doc: password compromission details
2024-11-21 10:43:31 +01:00
gallegonovato
12d7bfd24c
Translated using Weblate (Spanish)
...
Currently translated at 95.0% (380 of 400 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-11-21 01:08:36 +01:00
Hosted Weblate
6c463ce856
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-11-20 23:43:23 +01:00
Éloi Rivard
19159c5a80
refactor: use @example.com for email placeholders
2024-11-20 23:42:58 +01:00
Éloi Rivard
77667c6f52
refactor: all domains used in the unit test suite are now .test
...
this ensures they will never be valid, and will never generate real
world requests
2024-11-20 23:30:48 +01:00
Éloi Rivard
6fa86cb5b2
refactor: PEP20 flat is better than nested
2024-11-20 14:27:18 +01:00
Éloi Rivard
b0e38b6f71
refactor: PEP20 flat is better than nested
2024-11-20 14:26:05 +01:00
Éloi Rivard
cd398ffa0a
chore: use the .example domain in placeholders
2024-11-20 14:19:25 +01:00
Hosted Weblate
edbebdc209
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-11-20 14:01:42 +01:00
sebastien
0fc5afb0bd
changes flash message category to info because, informing the admin is not a success but an information for the user
2024-11-19 16:11:23 +01:00
sebastien
3725ab2ea5
updates config.sample.toml correct display style
2024-11-19 15:54:52 +01:00
sebastien
e16d7394a9
updates pybabel translation
2024-11-19 15:44:02 +01:00
sebastien
033fd423e5
Merge branch '179-check-passwords-on-compromised-password-databases' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases
2024-11-19 15:43:08 +01:00
sebastien
bcacef8414
updates pybabel translation
2024-11-19 15:40:52 +01:00
sebastien yaal
734f2a85ac
Merge branch 'main' into '179-check-passwords-on-compromised-password-databases'
...
# Conflicts:
# canaille/translations/messages.pot
2024-11-19 14:38:12 +00:00
sebastien
aaa17c2545
hotfix update previous commit
2024-11-19 14:48:56 +01:00
sebastien
bfff1bcdc1
refacto form test: separating htmx request and form submit
2024-11-19 14:46:38 +01:00
sebastien
d9f01fef6e
hotfix
2024-11-19 13:56:07 +01:00
sebastien
b49f1df395
Adds configuration variable for hibp api url
2024-11-19 11:20:25 +01:00
sebastien
d18b555204
adds new log when HIBP API call fails
2024-11-19 09:11:02 +01:00
gallegonovato
b7f4d93159
Translated using Weblate (Spanish)
...
Currently translated at 100.0% (381 of 381 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-11-16 14:00:35 +01:00
sebastien
4487f66e9a
updates pybabel translations
2024-11-15 16:28:52 +01:00
sebastien
9b8f8e9cd4
updates configuration and config.sample and demo config files toinclude new parameters. adds new tests for configuration condition.
2024-11-15 16:28:21 +01:00
Hosted Weblate
e0a390bf0a
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-11-15 12:51:26 +01:00
sebastien
d10497d3d2
updates pybabel translation
2024-11-15 12:34:42 +01:00
sebastien
d6dfd439f3
adds tests for ENABLE_PASSWORD_COMPROMISSION_CHECK config
2024-11-14 16:10:43 +01:00
sebastien
ec43d9157f
avoids api call from tests
2024-11-14 15:32:31 +01:00
sebastien
2787252d81
the only receiver of mail when the request on HIBP api have failed is current_app.config[CANAILLE][ADMIN_EMAIL] defined in config.
2024-11-13 16:24:35 +01:00
sebastien
738ea3a5ac
adds description on ENABLE_PASSWORD_COMPROMISSION_CHECK config setting
2024-11-13 16:22:50 +01:00
sebastien
4c146cc970
changes flash message when the password is compromised.
2024-11-13 16:21:52 +01:00
sebastien
ae9c1309b9
adds pre-visualization mail buttons when api request on HIBP have failed in canaille/core/templates/mails/admin.html
2024-11-13 16:20:30 +01:00
sebastien
2a57a05155
adds configuration option set by default False to check password compromise
2024-11-13 16:12:50 +01:00
Éloi Rivard
08e0dd47bd
fix: disable the mail sending test when no SMTP server is configured
2024-11-13 10:58:11 +01:00
sebastien
1522f05348
updates pybabel translation
2024-11-12 16:53:11 +01:00
sebastien
ea24f96e85
adds new config variable in case there is no default admin group in ACL/ADMIN/FILTER
2024-11-12 16:50:00 +01:00
sebastien
62ceadb64f
refacto : isolate function to avoid import loops and clarify the role of the function (not in core because 'utils', not in mail to ovaid loop, not in form because not form)
2024-11-12 16:48:15 +01:00
sebastien
d41a4d1063
updates after merge main in branch
2024-11-12 09:41:03 +01:00
sebastien yaal
7b7ec74b9f
Merge branch 'main' into '179-check-passwords-on-compromised-password-databases'
...
# Conflicts:
# CHANGES.rst
2024-11-12 08:34:10 +00:00
sebastien
88986147d3
updates pybabel translations
2024-11-12 09:19:38 +01:00
sebastien
8284a41234
refacto for tests
2024-11-12 09:17:22 +01:00
sebastien
8104bbf03e
adds new condition to help with tests and inform correctly the user with sending mail to admins if compromise password check failed
2024-11-08 15:19:11 +01:00
sebastien
f173a66793
adds new tests for compromised_password_check_failure situation.
2024-11-07 15:51:21 +01:00
Éloi Rivard
a012814eca
chore: enable flake8-bugbear ruff rules
2024-11-07 11:44:29 +01:00
sebastien
9844818280
Merge branch '179-check-passwords-on-compromised-password-databases' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases
2024-11-07 10:34:12 +01:00
sebastien
e6a9f2dcc6
Merge branch 'main' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases
2024-11-07 09:15:29 +01:00
Éloi Rivard
6c4ef023cb
fix: disable zxcvbn for Python 3.13
...
https://github.com/fief-dev/zxcvbn-rs-py/issues/2
2024-11-06 19:23:43 +01:00
sebastien
289176a086
replaces 'pwned' by 'compromised'
2024-11-06 15:57:51 +01:00
Éloi Rivard
6a6350e368
fix: with LDAP backend, edition the admin group would fail
...
The `match_filter` method evaluate filters, and queries objects from their ids.
The value was stored in the `filter` arg, but being a dict it was
re-used during the following calls of `match_filter`.
After editing the `admin` group (by adding or removing an user), a new page is displayed, and as always it checks the user permissions.
The user permission check would call `match_filter` then compare an
updated version of the admin group (with one less or one new user) with
an unfortunate *cached* version in the `match_filter` `filter` arg.
With the SQL or the memory backend the comparision would be successful,
but it is not with the LDAP backend.
This resulted in permission loss for users after editing the `admin`
group. Being a method default value edited, it would remain until the
Canaille service was reloaded.
Related to https://stackoverflow.com/questions/1132941/least-astonishment-and-the-mutable-default-argument
2024-11-06 15:00:57 +01:00
sebastien
56f0c9b51b
hotfix api url following manual failed request tests
2024-11-06 13:51:50 +01:00
sebastien
025da08fd3
adds flash message for user when password compromise investigation failed.
2024-11-06 13:05:32 +01:00
sebastien
fa3a5f6616
gets the emails of each admin to send them the compromised_password_check_failure_mail
2024-11-06 12:56:35 +01:00
Éloi Rivard
fe8e1160ab
refactor: move session related methods in a dedicated file
2024-11-06 09:10:43 +01:00
sebastien
9708809714
updates file names, variable names to be clearer.
2024-11-05 16:18:45 +01:00
sebastien
ca7f718353
adds mail sending to admin if failure of api HIBP request to check if password is compromised
2024-11-05 15:43:15 +01:00
sebastien
093397256b
fix url typo
2024-11-04 11:15:32 +01:00
sebastien
0acbb40ecd
consumes haveibeenpwned API directly
2024-11-04 08:55:55 +01:00
sebastien yaal
f4e222a24c
Translated using Weblate (French)
...
Currently translated at 100.0% (380 of 380 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-11-01 10:00:27 +01:00
gallegonovato
8af6263b2f
Translated using Weblate (Spanish)
...
Currently translated at 100.0% (380 of 380 strings)
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-10-29 23:11:51 +01:00
Hosted Weblate
161293bf53
Update translation files
...
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-10-28 22:17:56 +01:00