globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
1212 commits 5 branches 57 tags 18 MiB
Commit graph

389 commits

Author SHA1 Message Date
Éloi Rivard
4f729caf2e Implemented dynamic client registration 2022-10-24 10:00:32 +02:00
Éloi Rivard
659efaf7ef Variable renaming 2022-10-21 17:03:38 +02:00
Éloi Rivard
da5f288e4f Use a different json metadata file for unit testing 2022-10-21 17:03:38 +02:00
Éloi Rivard
77aff593d4 Refactoring: file renaming 2022-10-06 13:32:41 +02:00
Éloi Rivard
e45ad6e21c Implemented a basic WebFinger endpoint. 2022-10-03 18:42:08 +02:00
Éloi Rivard
db0fd2d8ba Fixed end-session when user are already disconnected 2022-07-07 16:28:28 +02:00
Éloi Rivard
21a2c306ac Client only return the asked scopes 2022-07-07 16:11:25 +02:00
Éloi Rivard
c8281969d8 Added support for a postalAddress field 2022-07-07 14:46:02 +02:00
Éloi Rivard
95ec09fe54 Implemented RP-initiated logout 2022-06-02 17:56:10 +02:00
Éloi Rivard
1759c6cdf2 Get rid of autouse fixtures 2022-05-20 09:24:24 +02:00
Éloi Rivard
759c19d3a8 Avoid slapd_connection fixture in tests 2022-05-19 12:36:39 +02:00
Éloi Rivard
11a750d238 Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-18 16:55:37 +02:00
Éloi Rivard
d976d47b1a Test refactoring 2022-05-18 11:31:26 +02:00
emillumine
083b101df2 add tests to clarify when nonce is required 2022-05-13 15:56:31 +02:00
Éloi Rivard
a1c4f7a278 Bumped to authlib 1 2022-04-10 17:04:38 +02:00
Éloi Rivard
8217d423ad Added an option to disable self edition 2022-04-06 17:54:39 +02:00
Éloi Rivard
f496617f81 Fixed documentation about HIDE_INVALID_LOGINS 2022-04-06 17:34:30 +02:00
Éloi Rivard
b7b6040a3e Added an option to disable password recovery 2022-04-05 09:56:38 +02:00
emillumine
f95bffadd6 remove 'available_groups' Group classmethod (replaced by already existing 'all' LDAPObject method) 2022-03-14 10:14:02 +01:00
emillumine
8d804616fd add a 'all' utility class method to LDAPObject to retrieve all class instances 2022-03-14 10:03:05 +01:00
emillumine
3c9f618564 fix automatic cleaning of consents in tests 2022-03-14 10:03:05 +01:00
emillumine
87d2fa8641 fix tests by automatically cleaning up users and groups in test teardown 2022-03-14 10:03:05 +01:00
emillumine
653e79d7a8 fix dn in case of leading space or special char in id attribute 
according to openldap doc, the default is to silently  eliminate  spaces  around  AVA  separators, RDN component separators and RDN separators
https://www.openldap.org/software/man.cgi?query=ldap_str2dn
 2022-03-14 10:03:05 +01:00
emillumine
cd1d106248 set cn without leading space when user is created without given name 2022-03-14 10:03:05 +01:00
Éloi Rivard
07d1826905 Fixed some packaging issues 2022-03-08 19:22:52 +01:00
Éloi Rivard
d15a8cdc74 Improved refresh token tests, again 2022-03-04 19:58:00 +01:00
Éloi Rivard
db2e11c16e Improved refresh token tests 2022-03-04 19:07:52 +01:00
Camille
0db07fa36f fix: groups are saved even when invited user does not have read permission on groups 2022-03-04 18:13:57 +01:00
Camille
a3c4db7a53 fix: handle token not found in token view 2022-03-03 10:05:14 +01:00
Éloi Rivard
a36dfb21fb Removed an useless test 2022-02-23 10:49:49 +01:00
Éloi Rivard
3411e27c85 Improved admin token list and code list templates 2022-02-19 17:53:05 +01:00
Éloi Rivard
a74d68aee1 AuthorizationCode and Token have a new id parameter 2022-02-16 18:00:30 +01:00
Éloi Rivard
7851e8e31f improved token admin page template 2022-02-03 09:51:04 +01:00
Éloi Rivard
1d0f1e2f24 LdapObject an have attribute name different than the schema 2022-01-18 18:04:25 +01:00
Éloi Rivard
52e802b34f split oidc code from the rest 2022-01-11 20:31:55 +01:00
Éloi Rivard
16d2d71194 split oidc tests from the rest 2022-01-11 19:42:26 +01:00
Éloi Rivard
3d69e5cdb4 restore data after unit tests 2022-01-11 19:32:55 +01:00
Éloi Rivard
aef552e9aa removed an avoidable clean fixture 2022-01-11 18:32:53 +01:00
Stéphane Blondon
4d24962544 surname is required when the user is created or updated 2022-01-07 15:19:05 +01:00
Éloi Rivard
5a99a48831 Invited users can choose their uid 2022-01-01 18:41:04 +01:00
Camille
db1d011a3b invitations expire after 48h 2022-01-01 10:56:48 +00:00
Éloi Rivard
39e1725438 Fixed fixtures 2021-12-31 17:41:05 +01:00
Éloi Rivard
d839dd763d admin: email debugging form 2021-12-23 19:21:29 +01:00
emillumine
05d4800f94 fix bug: groups were not saved on user creation 2021-12-22 16:09:03 +01:00
Éloi Rivard
50af2e3e72 pre-commit tox test 2021-12-20 23:57:27 +01:00
Éloi Rivard
f4c04d9666 Default configuration and test client use user avatars 2021-12-13 22:50:53 +01:00
Éloi Rivard
951fce2725 JWT mapping use jinja 2021-12-12 16:17:13 +01:00
Éloi Rivard
18e4b0c42c Documentation improvements 2021-12-12 15:38:32 +01:00
Éloi Rivard
14480020cb Group description 2021-12-10 17:16:33 +01:00
Camille
cefeac4e5b customize jwt claims with format string in config file 2021-12-10 14:56:43 +00:00
Éloi Rivard
0053369604 jpegPhoto profile form 2021-12-09 18:26:11 +01:00
Éloi Rivard
65dd61c524 python to ldap two-ways serialization 2021-12-08 15:53:20 +01:00
Éloi Rivard
015d410fb6 ldaputils variable renaming 2021-12-08 15:06:57 +01:00
Éloi Rivard
adda4832f0 Login placeholder depends on the USER_FILTER configuration attribute 2021-12-07 20:16:46 +01:00
Éloi Rivard
788fa4cf7c invitation: users can just generate a link without sending a mail 2021-12-07 18:50:53 +01:00
Éloi Rivard
720459d162 Disabled invitation and password reset when no smtp server has been configured 2021-12-07 17:12:46 +01:00
Éloi Rivard
d789a9b71c Groups can be read-only instead of disabled 2021-12-07 15:09:55 +01:00
Éloi Rivard
3645171dd8 Option to not use OIDC 2021-12-07 00:16:42 +01:00
Éloi Rivard
65f4af31d5 Redirecting login page to profile page when user is already connected 2021-12-06 23:17:08 +01:00
Éloi Rivard
6d0ca15521 Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 21:49:38 +01:00
Éloi Rivard
cad1b6c274 Escape filters 2021-12-06 15:48:30 +01:00
Éloi Rivard
57e4830c82 lazy group loading 2021-12-06 14:52:10 +01:00
Éloi Rivard
02c626129d Fixed unit tests 2021-12-06 14:24:47 +01:00
Éloi Rivard
d2611abadb Permissions overhaul 2021-12-03 14:37:24 +01:00
Éloi Rivard
d8a3696b41 fixed user password on account creation 2021-12-01 13:22:21 +01:00
Éloi Rivard
3ac4ddb490 invitation links 2021-12-01 12:19:28 +01:00
Éloi Rivard
4f82b9eca4 profile hashes take the user email in account 2021-11-30 14:56:39 +01:00
Éloi Rivard
ee72f03786 Installation command 2021-11-24 14:14:04 +01:00
Éloi Rivard
1586bb5a55 install command creates jwt keypair 2021-11-24 13:15:35 +01:00
Éloi Rivard
f10bc616f8 install command tests 2021-11-24 13:15:35 +01:00
Éloi Rivard
12bc13afd3 Moved command tests 2021-11-24 13:15:35 +01:00
Éloi Rivard
daa82bcff5 basic installation command 2021-11-24 13:15:35 +01:00
Éloi Rivard
8bffd645d1 password flow: allow other token endpoint authentication methods 2021-11-21 13:23:08 +01:00
Éloi Rivard
033639a955 Logging is configurable 2021-10-31 14:40:12 +01:00
Éloi Rivard
7e5dccd7eb Merge branch 'issue-50-theming' into 'master' 
use flask-themer to allow theme customization

Closes #50

See merge request yaal/canaille!15
 2021-10-29 15:11:14 +00:00
Camille
4e816180f4 Merge branch 'issue-72-group-bug' into 'master' 
Fix bug on groups with non-existent members

Closes #72

See merge request yaal/canaille!14
 2021-10-29 15:07:16 +00:00
Eloi Rivard
c0f53c8e6e use flask-themer to allow theme customization 2021-10-29 17:05:32 +02:00
Éloi Rivard
7b7edc81cb black 2021-10-29 14:20:06 +02:00
Camille
402a16f9f3 Fix bug on groups with non-existent members 2021-10-29 14:19:46 +02:00
Eloi Rivard
c9df8fb5b3 Updated consents when a larger scope is required 2021-10-27 09:31:24 +02:00
Éloi Rivard
334aec35d9 'check' command check ldap permissions 2021-10-26 22:49:36 +02:00
Éloi Rivard
0e6dd4f7ed Implemented client pre-authorization 2021-10-20 12:15:55 +02:00
Éloi Rivard
582ac90dab tokens can have multiple audiences 2021-10-13 11:52:02 +02:00
Éloi Rivard
d95bde7b22 check command 2021-10-13 10:17:13 +02:00
Éloi Rivard
68c091da62 'canaille' command 2021-10-13 09:50:09 +02:00
Éloi Rivard
d0b4121945 implemented a function that checks some parts of the configuration 2021-10-12 21:21:16 +02:00
Éloi Rivard
2b307e275a Fixed introspection sub claim. Fix #64 2021-10-03 20:26:47 +02:00
Eloi Rivard
0b7def73a3 black 2021-09-28 09:30:41 +02:00
Camille Daniel
08879a059d Valid group name at creation and redirect to newly created group if valid 2021-07-29 16:00:21 +02:00
Camille Daniel
9780fc9eed Enable group deletion 2021-07-29 11:37:02 +02:00
Camille Daniel
aed6b18aa8 Show groups and enable group creation 2021-07-01 18:21:20 +02:00
Camille Daniel
5c62987c27 Merge master 2021-06-04 12:22:57 +02:00
Camille Daniel
f1ac9e140a Add groups claim and scope 2021-06-03 17:24:36 +02:00
Camille
54ff7050f3 Issue 12 groups 2021-06-03 13:00:11 +00:00
Camille Daniel
294b86a698 Only moderators and admin can edit user groups 2021-06-03 14:47:19 +02:00
Camille Daniel
b6ef56ad20 Improve things 2021-06-03 12:28:45 +02:00
Camille Daniel
f05e8094cb Set user groups 2021-06-03 12:00:04 +02:00
Camille Daniel
e07eb0eb50 Save user groups (WIP) 2021-06-03 09:11:38 +02:00
Camille Daniel
95329b3969 WIP 2021-06-03 09:11:38 +02:00
Camille Daniel
8d7bb821e7 Groups field options are available groups 2021-06-03 09:11:38 +02:00
Camille Daniel
75df94216a Add groups field on user profile (WIP) 2021-06-03 09:11:38 +02:00
Éloi Rivard
22b702c065 Fixed flask 2 compatibility 2021-05-24 17:43:15 +02:00
Camille Daniel
5ae459f6e1 Test depends on slapd 2021-05-06 17:25:42 +02:00
Éloi Rivard
8279631070 Moved the 'clean' command in a subdirectory 2021-04-04 18:30:39 +02:00
Éloi Rivard
b9376512cd wip 2021-02-01 11:07:57 +01:00
Éloi Rivard
cf8c015019 Two-steps signin. Fixes #49 2021-01-23 22:30:43 +01:00
Éloi Rivard
d5c8806949 Password reset button. Fixes #53 2021-01-22 18:26:53 +01:00
Éloi Rivard
929eedc6f0 Password initialization mail button. Fixes #51 2021-01-06 17:19:44 +01:00
Éloi Rivard
cbe06cc128 Users can delete their own accounts. #35 2021-01-01 16:42:13 +01:00
Éloi Rivard
8d9a11a2e4 UI improvement on forgotten password page. Fixes #43 2021-01-01 15:30:26 +01:00
Éloi Rivard
58158b902d Refactored tests 2021-01-01 15:20:26 +01:00
Éloi Rivard
c01b587759 Customizable error message for invalid login in forgotten login page. #48 2021-01-01 13:55:20 +01:00
Éloi Rivard
9cf81b6be6 Customizable error message for invalid login. Fixes #48 2020-12-31 19:55:30 +01:00
Éloi Rivard
d2aab4d118 jpegPhoto may be better than photo 2020-12-31 18:11:23 +01:00
Éloi Rivard
ce6c9febd1 Admins can impersonate users. Fixes #39 2020-12-11 12:04:32 +01:00
Éloi Rivard
c63d53f0ed Profile editable fields are configurable 2020-11-26 15:29:14 +01:00
Éloi Rivard
ac0d6db214 Fixed a bug happening when a user is deleted during his session 2020-11-25 17:41:03 +01:00
Éloi Rivard
c4fdeb4f8c Fixed flash messages display on profile edition page 2020-11-25 16:58:01 +01:00
Éloi Rivard
50cefddf98 Password are not needed anymore at user creation 2020-11-25 16:04:32 +01:00
Éloi Rivard
bd35093518 Admins can remove clients. Fixes #45 2020-11-23 17:32:40 +01:00
Éloi Rivard
88bdfed443 Password setup for new users. Fixes #37 2020-11-16 15:39:58 +01:00
Éloi Rivard
19c1e26bfb About page. Fixes #31 2020-11-13 10:45:01 +01:00
Éloi Rivard
0b668f50ef Moderators group. #12 2020-11-02 12:13:03 +01:00
Éloi Rivard
4a20fb3b55 User admin page. Fixes #8 2020-11-01 12:39:34 +01:00
Éloi Rivard
cc779c85cd User variable in profile route 2020-10-31 17:41:24 +01:00
Éloi Rivard
9e845933b9 Slightly improved coverage 2020-10-30 23:55:11 +01:00
Éloi Rivard
78dae611c0 Minor test refactoring 2020-10-30 23:52:05 +01:00
Éloi Rivard
252bbffd80 Correctly use webtest 2020-10-30 23:41:02 +01:00
Éloi Rivard
8c0e691aac Minor test refactoring 2020-10-30 19:19:34 +01:00
Éloi Rivard
dfa98cb656 Base64 logo in emails. Fixes #26 2020-10-29 13:03:37 +01:00
Éloi Rivard
552728a04e HTML password recovery email. Fixes #14 2020-10-29 12:00:19 +01:00
Éloi Rivard
b7f6f46ca3 Removed 'my tokens' page. Fixes #22 2020-10-29 09:11:48 +01:00
Éloi Rivard
3d2200d19a Consent page UX minor enhancement. #20 2020-10-28 19:12:08 +01:00
Éloi Rivard
663070ee54 Fixed consents given automatically 2020-10-28 17:57:27 +01:00
Éloi Rivard
bd6b88bc9e Test authorization with a wrong client 2020-10-26 19:15:53 +01:00
Éloi Rivard
a24214519b 400 page 2020-10-26 19:09:38 +01:00
Éloi Rivard
d020cee00e Added a command to clean tokens and codes. Fixes #17 2020-10-23 11:33:27 +02:00
Éloi Rivard
2fc6af0fc9 Password mechanism recovery. Fixes #3 2020-10-22 17:37:01 +02:00
Éloi Rivard
e9e3368a33 Renamed the project 'canaille' 2020-10-21 14:04:40 +02:00
Éloi Rivard
acdea35028 Password edition in user profile 2020-10-21 10:26:31 +02:00
Éloi Rivard
6f91893cb1 Email check on user profile form 2020-10-21 09:52:02 +02:00
Éloi Rivard
3e962471cb Simple profile edition form 2020-10-20 11:44:45 +02:00
Éloi Rivard
7f9929539b Use inetOrgPerson for unit tests users 2020-10-20 11:36:58 +02:00
Éloi Rivard
b530eac90e Use additional schemas in unit tests 2020-10-20 09:55:05 +02:00
Éloi Rivard
a8445d164a Minor testfix 2020-09-28 09:47:00 +02:00
Éloi Rivard
1398831713 Userinfo endpoint 2020-09-25 11:26:41 +02:00
Éloi Rivard
7877998818 Renamed LDAPObjectHelper into LDAPObject 2020-09-24 15:16:25 +02:00
Éloi Rivard
e9070c305e 'objectClass' attribute definition is not mandatory in object classes 2020-09-24 15:14:25 +02:00
Éloi Rivard
09ae01a5df Consents page 2020-09-17 12:01:21 +02:00
Éloi Rivard
6cb668c64a Remember revokation dates 2020-09-17 11:10:12 +02:00
Éloi Rivard
00a0557f2e Remember consents 2020-09-17 10:00:39 +02:00
Éloi Rivard
65d85b3ddf Schema use client dn instead of client id 2020-09-07 15:39:51 +02:00
Éloi Rivard
c12eaac5e5 oauthSubject use full DN in tests 2020-09-07 11:28:29 +02:00
Éloi Rivard
f5b05a4924 Avoid to initialize users 2020-09-03 17:49:08 +02:00
Éloi Rivard
2e84228031 Automatic LDAP tree creation 2020-09-03 17:28:52 +02:00
Éloi Rivard
dc138a7dde USER_BASE configuration parameter 2020-09-01 17:11:30 +02:00
Éloi Rivard
2eba625c39 Packaging 2020-08-31 11:23:50 +02:00
Éloi Rivard
0ae8a5a0f5 Use private/public keys to sign JWTs 2020-08-28 16:07:39 +02:00
Éloi Rivard
c3f1bdce78 Serve server metadata files 2020-08-27 16:17:08 +02:00
Éloi Rivard
955de489db User token list view 2020-08-27 10:50:50 +02:00
Éloi Rivard
5ab64429de Draft for a 'my accesses' page 2020-08-26 17:23:53 +02:00
Éloi Rivard
f2da1e87db Token list and auth code list views 2020-08-26 16:27:08 +02:00
Éloi Rivard
d94f7a4988 Client unit tests 2020-08-26 15:37:15 +02:00
Éloi Rivard
665700e814 Better code challenge unit tests 2020-08-25 15:51:49 +02:00
Éloi Rivard
2777013ad0 Code challenge unit tests 2020-08-25 15:28:13 +02:00
Éloi Rivard
56448cbf19 Unit tests for token revocation 2020-08-25 11:39:06 +02:00
Éloi Rivard
c664259b52 Token revocation endpoint 2020-08-24 15:56:30 +02:00
Éloi Rivard
a364b7ef1b Tokens and codes can be revoked 2020-08-24 15:38:11 +02:00
Éloi Rivard
863a073eb2 Token introspection unit test 2020-08-24 14:47:55 +02:00
Éloi Rivard
b3abe210a5 Token introspection testfile 2020-08-24 14:44:41 +02:00
Éloi Rivard
8880c92226 Token introspection 2020-08-24 14:44:32 +02:00
Éloi Rivard
538d5682d7 Better test coverage 2020-08-24 10:54:50 +02:00
Éloi Rivard
ee23c5ec32 Implemented refresh grant 2020-08-24 10:52:21 +02:00
Éloi Rivard
60d30e258b Claims are configurable 2020-08-24 10:03:48 +02:00
Éloi Rivard
eedb578ab0 wip 2020-08-23 23:38:32 +02:00
Éloi Rivard
3e453810ec oidc implicit flow test 2020-08-23 19:56:37 +02:00
Éloi Rivard
e5bd075f8f Minor test improvement 2020-08-23 19:42:06 +02:00
Éloi Rivard
889797cbbd wip 2020-08-21 11:11:39 +02:00
Éloi Rivard
7cd6cef5be Fixed hybrid grant 2020-08-21 10:06:53 +02:00
Éloi Rivard
4a22f19b44 wip 2020-08-20 16:02:14 +02:00
Éloi Rivard
d845498832 Implicit flow test 2020-08-20 14:30:42 +02:00
Éloi Rivard
de1d0a232d Alternate login filters 2020-08-20 10:47:42 +02:00
Éloi Rivard
9199ad8499 Login tests 2020-08-20 10:31:36 +02:00
Éloi Rivard
787b8bcf25 Better user objectClasses 2020-08-19 16:56:04 +02:00
Éloi Rivard
6595b16e28 Admin login 2020-08-19 16:20:57 +02:00
Éloi Rivard
ccbe66de94 Actually authentify against LDAP password 2020-08-19 13:49:38 +02:00
Éloi Rivard
61f941c319 Authorization code flow unit tests 2020-08-19 10:28:28 +02:00
Éloi Rivard
ff8bd12aaf Password flow unit test 2020-08-19 09:09:22 +02:00
Éloi Rivard
531c34a689 tests workflow 2020-08-18 17:39:34 +02:00