Commit graph

160 commits

Author SHA1 Message Date
Éloi Rivard
371f806695 Renamed User.email in User.emails 2023-06-22 15:15:46 +02:00
Éloi Rivard
ec02aa0ad9 Force OIDC Clients contact field to be a valid email. 2023-06-22 11:39:50 +02:00
Éloi Rivard
17c2f7a5cd Implemented LDAP ppolicy support. 2023-05-26 15:23:43 +02:00
Éloi Rivard
a92542cd81 Moved models specificities in the backend module 2023-05-20 21:24:14 +02:00
Éloi Rivard
033d436878 Moved LDAP schema installation in the ldap backend module 2023-05-20 20:04:23 +02:00
Éloi Rivard
c1d1706007 Moved every model import to canaille.models 2023-05-20 20:02:00 +02:00
Éloi Rivard
be78b50e97 Removed User.authenticate method 2023-05-17 12:48:14 +02:00
Éloi Rivard
2f924c4b7e Fixes calls to the Consent.oauthClient and Consent.oauthSubject attributes 2023-05-17 12:07:52 +02:00
Éloi Rivard
d66619a01c OIDC lifetimes are not casted to string anymore 2023-05-17 09:29:32 +02:00
Éloi Rivard
b4014cfd73 Use explicit attributes in Consent.get 2023-05-17 09:19:15 +02:00
Éloi Rivard
b346b0db8a Use generic Consent.consent_id instead of LDAP Consent.cn attribute 2023-05-17 08:54:13 +02:00
Éloi Rivard
a7013f2360 Explicited OIDC authorization admin variable 2023-05-16 22:28:34 +02:00
Éloi Rivard
8998fe9b62 Explicit arguments when using Model.get 2023-05-16 11:29:40 +02:00
Éloi Rivard
9480e43ad9 Removed LDAPObject __getitem__ and __setitem__ methods 2023-05-11 23:08:39 +02:00
Éloi Rivard
df60821e29 Rename LDAPObject.attribute_table to attributes 2023-05-11 16:55:33 +02:00
Éloi Rivard
9e6a1b85f1 Avoid setting 'None' in claims when they are empty 2023-05-05 13:28:02 +02:00
Éloi Rivard
fa62c16768 Moved canaille.ldap_backend to canaille.backends.ldap 2023-04-18 20:22:55 +02:00
Éloi Rivard
cc45ed4be9 OIDC.JWT.MAPPING configuration option is really optional 2023-04-10 20:09:47 +02:00
Éloi Rivard
7cd078bf81 Correctly read OIDC dynamic registration config entries 2023-04-10 19:28:26 +02:00
Éloi Rivard
61f5d25f2f Creates a OIDC configuration section for all the OIDC related entries 2023-04-10 16:24:43 +02:00
Éloi Rivard
65efece01e Renamed LDAPObject.initialize in LDAPObject.install 2023-04-09 23:17:24 +02:00
Éloi Rivard
83f67331d3 Split commands in their dedicated modules 2023-04-09 21:58:11 +02:00
Éloi Rivard
79f12b1d0a 'app' submodule 2023-04-09 15:52:55 +02:00
Éloi Rivard
08f8bfbfdb Moved user and group management in the core submodule 2023-04-09 13:34:38 +02:00
Éloi Rivard
e0256db017 Moved oidc blueprints in a dedicated file 2023-04-09 11:31:23 +02:00
Éloi Rivard
4c454f6de4 Removed unused imports 2023-04-09 02:13:34 +02:00
Éloi Rivard
52f7276527 Explicitly use User.formatted_name instead of User.name 2023-04-07 22:45:42 +02:00
Éloi Rivard
db3a4a74ff Renamed user attributes to match SCIM naming convention 2023-04-07 20:12:24 +02:00
Éloi Rivard
d53fdde986 Refactored utils 2023-04-02 00:32:27 +02:00
Éloi Rivard
1f1bb353e0 Dynamic form validation with htmx 2023-03-30 23:22:58 +02:00
Éloi Rivard
2fb0085d7b OIDC client form renaming 2023-03-30 00:40:25 +02:00
Éloi Rivard
78a129d494 Forms validate URIs 2023-03-29 21:33:47 +02:00
Éloi Rivard
40c36cdf64 Use the form_render macro when possible 2023-03-28 23:31:35 +02:00
Éloi Rivard
f97dc3b2c6 CSRF protection everywhere 2023-03-28 20:30:29 +02:00
Éloi Rivard
61940844e6 Properly handle LDAP date timezones 2023-03-18 00:39:32 +01:00
Éloi Rivard
0f93029d2a Split the consent page in two 2023-03-16 18:45:35 +01:00
Éloi Rivard
94af1744ba pre-commit update 2023-03-14 12:08:37 +01:00
Éloi Rivard
822988536d LDAPObject can have several objectClass 2023-03-11 19:46:12 +01:00
Éloi Rivard
3406428f13 Renamed group attributes to match SCIM naming convention 2023-03-11 12:54:27 +01:00
Éloi Rivard
971cf317c9 Used 'id' instead of 'dn' 2023-03-10 18:14:15 +01:00
Éloi Rivard
e802e3d5e2 Consent cn alias 2023-03-10 00:38:16 +01:00
Éloi Rivard
cf9b5c11a3 Dynamic tables with htmx
- Search is triggered with user inputs
- Page changes are triggered with clicks
2023-03-09 19:31:59 +01:00
Éloi Rivard
e5d968d4f5 Every list of items is paginated server-side. 2023-03-09 19:31:59 +01:00
Éloi Rivard
53581404ab LDAPObject dn attributes are automatically initialized 2023-03-08 23:53:53 +01:00
Éloi Rivard
7e42467bfc Renamed LDAPObject.rdn in LDAPObject.rdn_attribute 2023-03-08 18:50:33 +01:00
Éloi Rivard
c5b11d2fb3 Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 17:58:27 +01:00
Éloi Rivard
8b4d5eb247 This is too soon for the walrus operator 2023-02-14 22:06:03 +01:00
Éloi Rivard
7458868f77 Pre-consented clients are displayed in the user consent list, and their consents can be revoked. 2023-02-14 21:56:47 +01:00
Éloi Rivard
d551b1ab35 Revoked consents can be restored 2023-02-14 19:05:43 +01:00
Éloi Rivard
3359b51d9b Implements admin token deletion 2023-02-04 18:41:49 +01:00
Éloi Rivard
3ac7a8013f Punctuation uniformization 2023-02-03 18:49:44 +01:00
Éloi Rivard
75bca52050 Merge branch 'kingu-main-patch-85823' into 'main'
Shortened profile strings

See merge request yaal/canaille!99
2023-01-31 08:25:23 +00:00
Allan Nordhøy
21d8c1b2bf Shortened profile strings 2023-01-31 01:06:06 +00:00
Éloi Rivard
b059e6e719 Client deletion also delete related objects 2023-01-30 19:58:25 +01:00
Éloi Rivard
3be937c286 Fix coverage 2023-01-28 18:35:39 +01:00
Éloi Rivard
63f927830a Fixed dynamic client registration scope management 2023-01-28 14:04:04 +01:00
Éloi Rivard
e145a7acc8 Renamed LDAPObject 'id' attribute in 'rdn' 2023-01-24 18:32:44 +01:00
Éloi Rivard
c470e7f134 Explicitely set Consent cn 2023-01-23 18:55:27 +01:00
Éloi Rivard
d8bcb0bdf0 Ensures the token expires_in claim and the access_token exp claim have the same value. 2023-01-14 14:59:13 +01:00
Éloi Rivard
7cb2da3ca3 refactoring: start to split the canaille installation between submodules 2022-12-29 02:11:56 +01:00
Éloi Rivard
ab517f4fc0 refactoring: use Group.name when possible 2022-12-29 01:27:22 +01:00
Éloi Rivard
cae49fcec9 avoid ldap related session variable names 2022-12-29 01:10:07 +01:00
Éloi Rivard
cd1d0a30d5 added 'autoflake' to the precommit tool list 2022-12-29 00:41:32 +01:00
Éloi Rivard
7274f9cc02 fixed the consent list and authorization pages translations 2022-12-28 01:46:05 +01:00
Éloi Rivard
64ac2af981 Merge branch 'endsession-bugfix' into 'main'
OIDC end_session was not returning the `state` parameter in the `post_logout_redirect_uri`

See merge request yaal/canaille!82
2022-12-27 21:16:52 +00:00
Éloi Rivard
70f0941278 refactoring: removed a guard to increase coverage 2022-12-27 22:02:06 +01:00
Éloi Rivard
5793a73801 OIDC end_session was not returning the state parameter in the post_logout_redirect_uri 2022-12-27 21:48:44 +01:00
Éloi Rivard
6ec2f183fd removed unused import 2022-12-24 02:03:37 +01:00
Éloi Rivard
19793fe8aa unit tests: userinfo 2022-12-24 01:44:16 +01:00
Éloi Rivard
41642f68c6 prevent lazy_gettext execution in unwanted contexts 2022-12-16 19:28:13 +01:00
Camille Daniel
7e71789fad fix post requests in oidc clients views
flash and lazygettext were causing an unexpected bug on post (not get) requests
2022-12-16 19:15:50 +01:00
Éloi Rivard
f086bcd7da Stop caching server metadata 2022-12-15 23:00:58 +01:00
Éloi Rivard
7c6fd25524 Add nonce to the claims_supported server metadata list 2022-12-15 11:59:00 +01:00
Éloi Rivard
e478034b81 unit tests: client admin deletion 2022-12-13 19:14:25 +01:00
Éloi Rivard
9a3363a17f unit tests: improved flaskutils coverage 2022-12-11 22:49:32 +01:00
Éloi Rivard
118af82409 Fixes an authlib jwk warning 2022-12-11 22:27:54 +01:00
Éloi Rivard
c02ea791be removed unused method in the oauth authorization class 2022-12-10 21:18:17 +01:00
Éloi Rivard
449231abbe unit tests: improved token introspection coverage 2022-12-10 21:10:18 +01:00
Éloi Rivard
812d04a571 unit tests: improved token revokation coverage 2022-12-10 21:02:51 +01:00
Éloi Rivard
8932b390ba test consent removal with arleady revoked tokens 2022-12-10 11:24:53 +01:00
Éloi Rivard
fa3d51e32b removed unused method in the client model 2022-12-10 11:00:16 +01:00
Éloi Rivard
a3418de239 Implemented RFC7592 OAuth Client Registration Management 2022-12-10 00:22:25 +01:00
Éloi Rivard
bb0daf34d7 LDAP 'preferredLanguage' attribute support 2022-11-20 22:52:47 +01:00
Éloi Rivard
77ae9df2a9 Issuer 'ISS' configuration option is not mandatory anymore 2022-11-17 18:10:40 +01:00
Éloi Rivard
be4a51d72a client admin: redirect after form submission to avoid double submissions 2022-11-16 17:50:38 +01:00
Éloi Rivard
e3028f375c Dynamically generate the server metadata.
OAUTH2 and OIDC server metadata are now dynamically generated.
2022-11-16 10:20:32 +01:00
Éloi Rivard
ba88f8e44a rfc7591: fixed software statement support 2022-11-15 19:04:42 +01:00
Éloi Rivard
fdb8714094 Fixed a bug happening during RP initiated logout on clients without post_logout_redirect_uri defined 2022-10-26 18:09:02 +02:00
Éloi Rivard
6facd248a9 Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12 2022-10-26 17:44:50 +02:00
Éloi Rivard
4f729caf2e Implemented dynamic client registration 2022-10-24 10:00:32 +02:00
Éloi Rivard
659efaf7ef Variable renaming 2022-10-21 17:03:38 +02:00
Éloi Rivard
77aff593d4 Refactoring: file renaming 2022-10-06 13:32:41 +02:00
Éloi Rivard
0584cad0f5 Fixed well_known URLs 2022-10-03 19:32:39 +02:00
Éloi Rivard
e45ad6e21c Implemented a basic WebFinger endpoint. 2022-10-03 18:42:08 +02:00
Éloi Rivard
d0962a9a8d Removed a debug print 2022-07-27 17:56:16 +02:00
Éloi Rivard
db0fd2d8ba Fixed end-session when user are already disconnected 2022-07-07 16:28:28 +02:00
Éloi Rivard
21a2c306ac Client only return the asked scopes 2022-07-07 16:11:25 +02:00
Éloi Rivard
95ec09fe54 Implemented RP-initiated logout 2022-06-02 17:56:10 +02:00
Éloi Rivard
a1c4f7a278 Bumped to authlib 1 2022-04-10 17:04:38 +02:00
Éloi Rivard
d597baa415 for better readability, set the flask aborts in their own conditionnal block 2022-04-04 17:52:05 +02:00