globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
2385 commits 5 branches 57 tags 18 MiB
Commit graph

184 commits

Author SHA1 Message Date
Éloi Rivard
0569950c47
tests: fix end session error message test 2023-11-16 17:49:33 +01:00
Éloi Rivard
40b868cfee
tests: multiple emails and phone_numbers 2023-10-02 21:58:46 +02:00
Éloi Rivard
88dcf94750
Revert "tests: domain is localhost.local" 
This reverts commit 44aed27719.
 2023-10-01 15:42:16 +02:00
Éloi Rivard
44aed27719
tests: domain is localhost.local 2023-09-20 09:54:17 +02:00
Éloi Rivard
a2fb88fb05
tests: fix CI 2023-09-15 18:01:17 +02:00
Éloi Rivard
46c795b3b5
refactor: only load oidc module if OIDC is configured 2023-09-15 17:56:23 +02:00
Éloi Rivard
a7b3d4be88
feat: user login redirections 
if users login during the authorization phase, they
get redirected to the authorization page afterwards
 2023-09-01 09:12:40 +02:00
Éloi Rivard
8be771e41d
tests: fix CI 2023-08-31 22:44:06 +02:00
Éloi Rivard
21ea0238b5
OIDC jwks endpoint do not return empty kid claim 2023-08-26 19:59:44 +02:00
Éloi Rivard
c895366684
refactor: store user profile in g.user 2023-08-13 22:08:28 +02:00
Éloi Rivard
b4908d5e57
modals are HTML pages instead of JS elements 
This will help providing the very same user experience for users with
and without javascript. We will still be able to re-enable javascript
modals in the future, but this should be done from the ground up, HTML
first and javascript after.
 2023-07-18 18:34:10 +02:00
Éloi Rivard
4f42798e39 Refactored keypair management 2023-07-01 19:06:26 +02:00
Éloi Rivard
021c1b3d11 Pagination pluralization 2023-06-30 18:12:13 +02:00
Éloi Rivard
57af18d557 Use a unique identifier to indentify users in URLS 
Previously we used the uid since we supposed this value was always
valid, but some users user the mail attribute as the User RDN in their
OpenLDAP installation, and do not have a uuid.
 2023-06-29 15:55:39 +02:00
Éloi Rivard
8617fc0f2b Implement multiple fields 2023-06-22 16:56:44 +02:00
Éloi Rivard
371f806695 Renamed User.email in User.emails 2023-06-22 15:15:46 +02:00
Éloi Rivard
8061042e46 client admin test refactoring 2023-06-20 09:32:43 +02:00
Éloi Rivard
14ccb69762 backend fixture is parametrizable 2023-06-03 23:39:38 +02:00
Éloi Rivard
17c2f7a5cd Implemented LDAP ppolicy support. 2023-05-26 15:23:43 +02:00
Éloi Rivard
d8158d6a72 Use ruff linter 2023-05-25 13:37:58 +02:00
Éloi Rivard
033d436878 Moved LDAP schema installation in the ldap backend module 2023-05-20 20:04:23 +02:00
Éloi Rivard
c1d1706007 Moved every model import to canaille.models 2023-05-20 20:02:00 +02:00
Éloi Rivard
6f637b8129 Refactored the unit test backend fixtures 2023-05-20 17:17:46 +02:00
Éloi Rivard
d66619a01c OIDC lifetimes are not casted to string anymore 2023-05-17 09:29:32 +02:00
Éloi Rivard
b346b0db8a Use generic Consent.consent_id instead of LDAP Consent.cn attribute 2023-05-17 08:54:13 +02:00
Éloi Rivard
00b5997a61 Avoid calls to LDAPUser.may and LDAPUser.must 2023-05-16 22:18:38 +02:00
Éloi Rivard
8998fe9b62 Explicit arguments when using Model.get 2023-05-16 11:29:40 +02:00
Éloi Rivard
88179b23b8 fix non-generic model attribute calls 2023-05-11 16:02:32 +02:00
Éloi Rivard
abf9a23ac8 unit tests: only use user_name to authenticate users 2023-05-11 15:33:34 +02:00
Éloi Rivard
fa62c16768 Moved canaille.ldap_backend to canaille.backends.ldap 2023-04-18 20:22:55 +02:00
Éloi Rivard
0376a3bab8 Cleartext password in unit tests 2023-04-10 21:42:14 +02:00
Éloi Rivard
e2b96af1ee Moved LDAP configuration entry to BACKENDS.LDAP 2023-04-10 20:31:54 +02:00
Éloi Rivard
cc45ed4be9 OIDC.JWT.MAPPING configuration option is really optional 2023-04-10 20:09:47 +02:00
Éloi Rivard
7cd078bf81 Correctly read OIDC dynamic registration config entries 2023-04-10 19:28:26 +02:00
Éloi Rivard
61f5d25f2f Creates a OIDC configuration section for all the OIDC related entries 2023-04-10 16:24:43 +02:00
Éloi Rivard
83f67331d3 Split commands in their dedicated modules 2023-04-09 21:58:11 +02:00
Éloi Rivard
79f12b1d0a 'app' submodule 2023-04-09 15:52:55 +02:00
Éloi Rivard
855747a79f Ensure command return codes are tested 2023-04-09 15:47:47 +02:00
Éloi Rivard
a38ef06356 Re-organized commands tests 2023-04-09 14:35:58 +02:00
Éloi Rivard
08f8bfbfdb Moved user and group management in the core submodule 2023-04-09 13:34:38 +02:00
Éloi Rivard
4c454f6de4 Removed unused imports 2023-04-09 02:13:34 +02:00
Éloi Rivard
c8b76dc845 Use LDAPObject.reload in tests instead of LDAPObject.get 2023-04-08 21:36:21 +02:00
Éloi Rivard
52f7276527 Explicitly use User.formatted_name instead of User.name 2023-04-07 22:45:42 +02:00
Éloi Rivard
087ec1ef58 Fixed remaining ldap attribute calls 2023-04-07 22:38:01 +02:00
Éloi Rivard
db3a4a74ff Renamed user attributes to match SCIM naming convention 2023-04-07 20:12:24 +02:00
Éloi Rivard
2fb0085d7b OIDC client form renaming 2023-03-30 00:40:25 +02:00
Éloi Rivard
78a129d494 Forms validate URIs 2023-03-29 21:33:47 +02:00
Éloi Rivard
f97dc3b2c6 CSRF protection everywhere 2023-03-28 20:30:29 +02:00
Éloi Rivard
61940844e6 Properly handle LDAP date timezones 2023-03-18 00:39:32 +01:00
Éloi Rivard
0f93029d2a Split the consent page in two 2023-03-16 18:45:35 +01:00
Éloi Rivard
5aad527454 Unit tests use WebTest .mustcontain method when possible 2023-03-16 16:25:14 +01:00
Éloi Rivard
6474d39fac Removes useless tests initializations 2023-03-12 20:18:49 +01:00
Éloi Rivard
971cf317c9 Used 'id' instead of 'dn' 2023-03-10 18:14:15 +01:00
Éloi Rivard
e802e3d5e2 Consent cn alias 2023-03-10 00:38:16 +01:00
Éloi Rivard
3d37073f18 Fixed unit tests 2023-03-09 20:58:45 +01:00
Éloi Rivard
46a346a0d0 Table search implementation 2023-03-09 19:31:59 +01:00
Éloi Rivard
e5d968d4f5 Every list of items is paginated server-side. 2023-03-09 19:31:59 +01:00
Éloi Rivard
53581404ab LDAPObject dn attributes are automatically initialized 2023-03-08 23:53:53 +01:00
Éloi Rivard
5d9a41f18b Delayed LDAPObject may and must initialization 2023-03-08 00:53:27 +01:00
Éloi Rivard
c5b11d2fb3 Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 17:58:27 +01:00
Éloi Rivard
7458868f77 Pre-consented clients are displayed in the user consent list, and their consents can be revoked. 2023-02-14 21:56:47 +01:00
Éloi Rivard
d551b1ab35 Revoked consents can be restored 2023-02-14 19:05:43 +01:00
Éloi Rivard
ea9f6ebe00 Use full ldap 'givenName' instead of 'gn' 2023-02-04 22:23:58 +01:00
Éloi Rivard
3359b51d9b Implements admin token deletion 2023-02-04 18:41:49 +01:00
Éloi Rivard
0cdbcbc2fa Removed debug prints 2023-01-30 20:01:22 +01:00
Éloi Rivard
b059e6e719 Client deletion also delete related objects 2023-01-30 19:58:25 +01:00
Éloi Rivard
08827d3714 Checks flask flashed messages with flask_webtest Response.flashes 2023-01-28 19:02:00 +01:00
Éloi Rivard
63f927830a Fixed dynamic client registration scope management 2023-01-28 14:04:04 +01:00
Éloi Rivard
7b684aed4a preferredLanguage is a single value 2023-01-24 18:15:26 +01:00
Éloi Rivard
c470e7f134 Explicitely set Consent cn 2023-01-23 18:55:27 +01:00
Éloi Rivard
d8bcb0bdf0 Ensures the token expires_in claim and the access_token exp claim have the same value. 2023-01-14 14:59:13 +01:00
Éloi Rivard
7cb2da3ca3 refactoring: start to split the canaille installation between submodules 2022-12-29 02:11:56 +01:00
Éloi Rivard
a66ac32689 refactoring: moved the authlib related test configuration in the oidc module 2022-12-29 02:06:54 +01:00
Éloi Rivard
cae49fcec9 avoid ldap related session variable names 2022-12-29 01:10:07 +01:00
Éloi Rivard
32f6595c02 objectClass is not mandatory for User and Group creation 2022-12-29 00:29:26 +01:00
Éloi Rivard
5793a73801 OIDC end_session was not returning the state parameter in the post_logout_redirect_uri 2022-12-27 21:48:44 +01:00
Éloi Rivard
9c29abb269 unit tests: refresh token with invalid user 2022-12-27 18:32:53 +01:00
Éloi Rivard
a08e6c4acd unit tests: password flow with invalid credentials 2022-12-27 18:12:19 +01:00
Éloi Rivard
746c09a3bb unit tests: authorization code flow with invalid users and expired codes 2022-12-27 18:07:24 +01:00
Éloi Rivard
e9731e7e67 unit tests: end_session with invalid client ids 2022-12-26 22:03:43 +01:00
Éloi Rivard
619c828780 unit tests: test logout when not logged in 2022-12-24 02:40:50 +01:00
Éloi Rivard
ca2d3de83b Moved the OIDC configuration in the oidc test subdir conftest.py 2022-12-24 02:06:28 +01:00
Éloi Rivard
19793fe8aa unit tests: userinfo 2022-12-24 01:44:16 +01:00
Éloi Rivard
7c6fd25524 Add nonce to the claims_supported server metadata list 2022-12-15 11:59:00 +01:00
Éloi Rivard
0e0b561868 unit tests: invalid client admin deletion 2022-12-14 21:03:35 +01:00
Éloi Rivard
db2127f9ef unit tests: client admin validation failures 2022-12-14 19:29:59 +01:00
Éloi Rivard
1dea7edba3 unit tests: client admin invalid request 2022-12-13 19:15:54 +01:00
Éloi Rivard
e478034b81 unit tests: client admin deletion 2022-12-13 19:14:25 +01:00
Éloi Rivard
118af82409 Fixes an authlib jwk warning 2022-12-11 22:27:54 +01:00
Éloi Rivard
13a6a984cb unit tests: improved jkws endpoint coverage 2022-12-11 14:57:26 +01:00
Éloi Rivard
12a93870fc unit tests: authorization denial 2022-12-11 14:43:21 +01:00
Éloi Rivard
5a959ef10e unit tests: improved authorization flow coverage 2022-12-11 13:16:24 +01:00
Éloi Rivard
449231abbe unit tests: improved token introspection coverage 2022-12-10 21:10:18 +01:00
Éloi Rivard
812d04a571 unit tests: improved token revokation coverage 2022-12-10 21:02:51 +01:00
Éloi Rivard
8932b390ba test consent removal with arleady revoked tokens 2022-12-10 11:24:53 +01:00
Éloi Rivard
18b05854f3 unit tests: improved authorization code flow coverage 2022-12-10 10:58:22 +01:00
Éloi Rivard
a3418de239 Implemented RFC7592 OAuth Client Registration Management 2022-12-10 00:22:25 +01:00
Éloi Rivard
b230e40e23 unit tests: improved token revokation coverage 2022-12-06 18:52:35 +01:00
Éloi Rivard
a4afcc61dd unit tests: added consent deletion tests 2022-12-04 13:57:56 +01:00
Éloi Rivard
56fb83d44d unit tests: increased well-known coverage 2022-12-04 13:43:29 +01:00