globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
1489 commits 5 branches 57 tags 18 MiB
Commit graph

457 commits

Author SHA1 Message Date
Éloi Rivard
990c624c32 Save one LDAP connection when calling save() 2023-03-09 13:00:17 +01:00
Éloi Rivard
d0f6c341f3 LDAPObject refactoring 2023-03-09 01:14:07 +01:00
Éloi Rivard
53581404ab LDAPObject dn attributes are automatically initialized 2023-03-08 23:53:53 +01:00
Éloi Rivard
d201d6f617 Lazy conversion of LDAP to python format for LDAPObject attributes 2023-03-08 18:54:27 +01:00
Éloi Rivard
7e42467bfc Renamed LDAPObject.rdn in LDAPObject.rdn_attribute 2023-03-08 18:50:33 +01:00
Éloi Rivard
5d9a41f18b Delayed LDAPObject may and must initialization 2023-03-08 00:53:27 +01:00
Éloi Rivard
c5b11d2fb3 Merge LDAPObject.all and LDAPObject.filter in LDAPObject.query 2023-03-07 17:58:27 +01:00
Éloi Rivard
cc65d78719 Renames LDAPObject.ldap in LDAPObject.ldap_connection 2023-03-07 17:55:32 +01:00
Éloi Rivard
a368b36d9c Better populate test cleaning 2023-03-07 17:27:31 +01:00
Éloi Rivard
d345218557 Updated to flask-babel 3 2023-03-01 15:32:40 +01:00
Éloi Rivard
a57c86cc2c SMTP SSL fixes 2023-02-28 10:07:08 +01:00
Éloi Rivard
9d3cd71164 Explicit form names in unit tests 2023-02-26 22:23:57 +01:00
Éloi Rivard
2c2797fbad A populate command can be used to fill the database with random users generated with faker. 2023-02-26 19:48:07 +01:00
Éloi Rivard
b850f51ef0 Tests ensures users created during the test are deleted in the end 2023-02-26 19:47:27 +01:00
Éloi Rivard
7458868f77 Pre-consented clients are displayed in the user consent list, and their consents can be revoked. 2023-02-14 21:56:47 +01:00
Éloi Rivard
d551b1ab35 Revoked consents can be restored 2023-02-14 19:05:43 +01:00
Éloi Rivard
ea9f6ebe00 Use full ldap 'givenName' instead of 'gn' 2023-02-04 22:23:58 +01:00
Éloi Rivard
3359b51d9b Implements admin token deletion 2023-02-04 18:41:49 +01:00
Éloi Rivard
b94c5b468c Reworked admin token page 2023-02-03 18:44:09 +01:00
Éloi Rivard
0cdbcbc2fa Removed debug prints 2023-01-30 20:01:22 +01:00
Éloi Rivard
b059e6e719 Client deletion also delete related objects 2023-01-30 19:58:25 +01:00
Éloi Rivard
c1b3a64757 Use pyquery in i18n tests 2023-01-29 23:06:12 +01:00
Éloi Rivard
08827d3714 Checks flask flashed messages with flask_webtest Response.flashes 2023-01-28 19:02:00 +01:00
Éloi Rivard
63f927830a Fixed dynamic client registration scope management 2023-01-28 14:04:04 +01:00
Éloi Rivard
7b684aed4a preferredLanguage is a single value 2023-01-24 18:15:26 +01:00
Éloi Rivard
c470e7f134 Explicitely set Consent cn 2023-01-23 18:55:27 +01:00
Éloi Rivard
acd54e4afb Dedicated connectivity test email 2023-01-22 12:49:15 +01:00
Éloi Rivard
ba83ab0a20 Merge branch 'html-locale' into 'main' 
Set the correct locale in the HTML main tag.

Closes #122

See merge request yaal/canaille!87
 2023-01-18 17:08:24 +00:00
Éloi Rivard
d7c84079e3 Set the correct locale in the HTML main tag. 2023-01-18 18:02:18 +01:00
Éloi Rivard
9d44967cad Wording and punctuation fixes 2023-01-15 09:31:44 +01:00
Éloi Rivard
d8bcb0bdf0 Ensures the token expires_in claim and the access_token exp claim have the same value. 2023-01-14 14:59:13 +01:00
Éloi Rivard
7cb2da3ca3 refactoring: start to split the canaille installation between submodules 2022-12-29 02:11:56 +01:00
Éloi Rivard
a66ac32689 refactoring: moved the authlib related test configuration in the oidc module 2022-12-29 02:06:54 +01:00
Éloi Rivard
adec1acbaa refactoring: removed useless imports 2022-12-29 01:53:08 +01:00
Éloi Rivard
cae49fcec9 avoid ldap related session variable names 2022-12-29 01:10:07 +01:00
Éloi Rivard
cd1d0a30d5 added 'autoflake' to the precommit tool list 2022-12-29 00:41:32 +01:00
Éloi Rivard
32f6595c02 objectClass is not mandatory for User and Group creation 2022-12-29 00:29:26 +01:00
Éloi Rivard
64ac2af981 Merge branch 'endsession-bugfix' into 'main' 
OIDC end_session was not returning the `state` parameter in the `post_logout_redirect_uri`

See merge request yaal/canaille!82
 2022-12-27 21:16:52 +00:00
Éloi Rivard
c1ae5e059c refactoring: edited mail error test to improve coverage 2022-12-27 22:09:53 +01:00
Éloi Rivard
5793a73801 OIDC end_session was not returning the state parameter in the post_logout_redirect_uri 2022-12-27 21:48:44 +01:00
Éloi Rivard
63bb459d16 unit tests: mails configuration without credentials 2022-12-27 21:37:58 +01:00
Éloi Rivard
630d602a7a groups minor refactoring 2022-12-27 21:32:21 +01:00
Éloi Rivard
69da0b83ce unit tests: SMTP connection with bad TLS configuration 2022-12-27 18:48:55 +01:00
Éloi Rivard
9c29abb269 unit tests: refresh token with invalid user 2022-12-27 18:32:53 +01:00
Éloi Rivard
a08e6c4acd unit tests: password flow with invalid credentials 2022-12-27 18:12:19 +01:00
Éloi Rivard
746c09a3bb unit tests: authorization code flow with invalid users and expired codes 2022-12-27 18:07:24 +01:00
Éloi Rivard
e9731e7e67 unit tests: end_session with invalid client ids 2022-12-26 22:03:43 +01:00
Éloi Rivard
1df1c89ea0 unit tests: user creation without password 2022-12-24 02:52:05 +01:00
Éloi Rivard
619c828780 unit tests: test logout when not logged in 2022-12-24 02:40:50 +01:00
Éloi Rivard
ca2d3de83b Moved the OIDC configuration in the oidc test subdir conftest.py 2022-12-24 02:06:28 +01:00
Éloi Rivard
19793fe8aa unit tests: userinfo 2022-12-24 01:44:16 +01:00
Éloi Rivard
fa503b37f9 unit tests: removed useless condition in slapd_connection fixture teardown 2022-12-22 17:17:18 +01:00
Éloi Rivard
f71c3ce2da unit tests: user photo access 2022-12-22 17:12:24 +01:00
Éloi Rivard
87d57ea9c1 unit tests: forgotten mail sending error 2022-12-22 17:02:07 +01:00
Éloi Rivard
3a596deb1f unit tests: impersonate an unexisting user 2022-12-22 16:56:10 +01:00
Éloi Rivard
5578de99a1 unit tests: delete an unexisting user 2022-12-22 16:52:05 +01:00
Éloi Rivard
afa9aa2fba unit tests: password reset mail error 2022-12-22 16:47:19 +01:00
Éloi Rivard
c2db4527ba unit tests: send a password reset mail to an unexisting user 2022-12-22 16:39:24 +01:00
Éloi Rivard
96ddc5ef4e unit tests: password initialization mail error 2022-12-22 16:38:20 +01:00
Éloi Rivard
892d12da8c unit tests: try to send a password initialization mail to an unexisting user 2022-12-22 16:30:26 +01:00
Éloi Rivard
e95bd6c79f unit tests: test photo on profile creation 2022-12-21 23:48:04 +01:00
Éloi Rivard
c03918e4f1 unit tests: user profile creation form error 2022-12-21 22:03:18 +01:00
Éloi Rivard
51ffff2958 unit tests: first login form error 2022-12-21 21:56:31 +01:00
Éloi Rivard
ae87a61f74 unit tests: first login mail success and error 2022-12-21 21:52:01 +01:00
Éloi Rivard
1764b5197c unit tests: first login page visited twice 2022-12-21 00:24:17 +01:00
Éloi Rivard
2f737ef9a7 unit tests: password resetted during login 2022-12-20 22:59:23 +01:00
Éloi Rivard
f18434011d unit tests: password page access without session 2022-12-20 22:50:02 +01:00
Éloi Rivard
20ffc0fb84 unit tests: sending mail with invalid recipients 2022-12-20 21:05:00 +01:00
Éloi Rivard
7fbe544b15 unit tests: check logo presence in mails 2022-12-20 19:45:04 +01:00
Éloi Rivard
8b066c7695 unit tests: test mails domain guessing from SERVER_NAME flask configuration 2022-12-17 00:38:05 +01:00
Éloi Rivard
e59ab27837 unit tests: app configuration paths 2022-12-16 22:33:09 +01:00
Éloi Rivard
6c41c2a196 unit tests: tested logging to a file 2022-12-16 22:14:46 +01:00
Éloi Rivard
482f949c09 Fixed LDAP operational attributes handling 2022-12-15 12:41:31 +01:00
Éloi Rivard
7c6fd25524 Add nonce to the claims_supported server metadata list 2022-12-15 11:59:00 +01:00
Éloi Rivard
2773f1c34c unit tests: ldap filter tests 2022-12-15 00:15:10 +01:00
Éloi Rivard
a621fc1163 unit tests: ldap utils 2022-12-15 00:03:01 +01:00
Éloi Rivard
f9df8300ce unit tests: ldap objects repr 2022-12-14 21:06:59 +01:00
Éloi Rivard
0e0b561868 unit tests: invalid client admin deletion 2022-12-14 21:03:35 +01:00
Éloi Rivard
db2127f9ef unit tests: client admin validation failures 2022-12-14 19:29:59 +01:00
Éloi Rivard
1dea7edba3 unit tests: client admin invalid request 2022-12-13 19:15:54 +01:00
Éloi Rivard
e478034b81 unit tests: client admin deletion 2022-12-13 19:14:25 +01:00
Éloi Rivard
9a3363a17f unit tests: improved flaskutils coverage 2022-12-11 22:49:32 +01:00
Éloi Rivard
118af82409 Fixes an authlib jwk warning 2022-12-11 22:27:54 +01:00
Éloi Rivard
13a6a984cb unit tests: improved jkws endpoint coverage 2022-12-11 14:57:26 +01:00
Éloi Rivard
12a93870fc unit tests: authorization denial 2022-12-11 14:43:21 +01:00
Éloi Rivard
5a959ef10e unit tests: improved authorization flow coverage 2022-12-11 13:16:24 +01:00
Éloi Rivard
449231abbe unit tests: improved token introspection coverage 2022-12-10 21:10:18 +01:00
Éloi Rivard
812d04a571 unit tests: improved token revokation coverage 2022-12-10 21:02:51 +01:00
Éloi Rivard
8932b390ba test consent removal with arleady revoked tokens 2022-12-10 11:24:53 +01:00
Éloi Rivard
18b05854f3 unit tests: improved authorization code flow coverage 2022-12-10 10:58:22 +01:00
Éloi Rivard
a3418de239 Implemented RFC7592 OAuth Client Registration Management 2022-12-10 00:22:25 +01:00
Éloi Rivard
b230e40e23 unit tests: improved token revokation coverage 2022-12-06 18:52:35 +01:00
Éloi Rivard
b34e862e4b unit tests: increased group coverage 2022-12-06 18:36:07 +01:00
Éloi Rivard
5b388400d1 unit tests: test schema installation with missing permissions 2022-12-06 18:18:27 +01:00
Éloi Rivard
c2e93b8773 unit tests: slapd initialization refactoring 2022-12-06 18:18:27 +01:00
Éloi Rivard
edbd98e9d2 unit tests: better admin mail debugger testing 
There was no test that covered the case where there is an issue when
sending the debug email.
 2022-12-04 17:15:54 +01:00
Éloi Rivard
a4afcc61dd unit tests: added consent deletion tests 2022-12-04 13:57:56 +01:00
Éloi Rivard
56fb83d44d unit tests: increased well-known coverage 2022-12-04 13:43:29 +01:00
Éloi Rivard
73d6e055d3 unit tests: removed useless try/except in oidc fixtures 2022-12-04 13:41:09 +01:00
Éloi Rivard
ab905d77e8 unit tests: removed useless ldap server schema initialization methods 2022-12-04 13:06:55 +01:00
Éloi Rivard
4052e0770d unit tests: removed useless cleaning 2022-12-04 13:04:09 +01:00
Éloi Rivard
ecc969e3d5 index page unit tests 2022-12-04 12:57:59 +01:00
Éloi Rivard
9bf9c43677 Demo displays user preferred locale 2022-12-04 11:53:37 +01:00
Éloi Rivard
9e75ef3478 Users can choose their favourite display name 2022-12-02 18:48:21 +01:00
Éloi Rivard
bb0daf34d7 LDAP 'preferredLanguage' attribute support 2022-11-20 22:52:47 +01:00
Éloi Rivard
77ae9df2a9 Issuer 'ISS' configuration option is not mandatory anymore 2022-11-17 18:10:40 +01:00
Éloi Rivard
154ec9fcd2 FROM_ADDR configuration option is not mandatory anymore 2022-11-16 19:26:33 +01:00
Éloi Rivard
c7df0cca32 profile edition: redirect after form submission to avoid double submissions 2022-11-16 18:19:24 +01:00
Éloi Rivard
32a626ee4b group admin: redirect after form submission to avoid double submissions 2022-11-16 17:55:24 +01:00
Éloi Rivard
be4a51d72a client admin: redirect after form submission to avoid double submissions 2022-11-16 17:50:38 +01:00
Éloi Rivard
62b62b684f Fixed client preconsent disabling 2022-11-16 17:36:16 +01:00
Éloi Rivard
e3028f375c Dynamically generate the server metadata. 
OAUTH2 and OIDC server metadata are now dynamically generated.
 2022-11-16 10:20:32 +01:00
Éloi Rivard
ba88f8e44a rfc7591: fixed software statement support 2022-11-15 19:04:42 +01:00
Éloi Rivard
5fa9b6b89c added parameters to the OIDC dynamic registration test cases 2022-11-15 17:16:23 +01:00
Éloi Rivard
9deee91c02 Updated issuer test fixture 2022-11-15 16:00:29 +01:00
Éloi Rivard
d559d8774a Refactored demo instanciation 2022-11-15 12:47:44 +01:00
Éloi Rivard
1f3a29ddeb unit tests: ldap domain is dc=mydomain,dc=tld 2022-11-05 19:52:57 +01:00
Éloi Rivard
5d5b0a411c Removed an unused permission 2022-10-24 10:30:08 +02:00
Éloi Rivard
4f729caf2e Implemented dynamic client registration 2022-10-24 10:00:32 +02:00
Éloi Rivard
659efaf7ef Variable renaming 2022-10-21 17:03:38 +02:00
Éloi Rivard
da5f288e4f Use a different json metadata file for unit testing 2022-10-21 17:03:38 +02:00
Éloi Rivard
77aff593d4 Refactoring: file renaming 2022-10-06 13:32:41 +02:00
Éloi Rivard
e45ad6e21c Implemented a basic WebFinger endpoint. 2022-10-03 18:42:08 +02:00
Éloi Rivard
db0fd2d8ba Fixed end-session when user are already disconnected 2022-07-07 16:28:28 +02:00
Éloi Rivard
21a2c306ac Client only return the asked scopes 2022-07-07 16:11:25 +02:00
Éloi Rivard
c8281969d8 Added support for a postalAddress field 2022-07-07 14:46:02 +02:00
Éloi Rivard
95ec09fe54 Implemented RP-initiated logout 2022-06-02 17:56:10 +02:00
Éloi Rivard
1759c6cdf2 Get rid of autouse fixtures 2022-05-20 09:24:24 +02:00
Éloi Rivard
759c19d3a8 Avoid slapd_connection fixture in tests 2022-05-19 12:36:39 +02:00
Éloi Rivard
11a750d238 Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-18 16:55:37 +02:00
Éloi Rivard
d976d47b1a Test refactoring 2022-05-18 11:31:26 +02:00
emillumine
083b101df2 add tests to clarify when nonce is required 2022-05-13 15:56:31 +02:00
Éloi Rivard
a1c4f7a278 Bumped to authlib 1 2022-04-10 17:04:38 +02:00
Éloi Rivard
8217d423ad Added an option to disable self edition 2022-04-06 17:54:39 +02:00
Éloi Rivard
f496617f81 Fixed documentation about HIDE_INVALID_LOGINS 2022-04-06 17:34:30 +02:00
Éloi Rivard
b7b6040a3e Added an option to disable password recovery 2022-04-05 09:56:38 +02:00
emillumine
f95bffadd6 remove 'available_groups' Group classmethod (replaced by already existing 'all' LDAPObject method) 2022-03-14 10:14:02 +01:00
emillumine
8d804616fd add a 'all' utility class method to LDAPObject to retrieve all class instances 2022-03-14 10:03:05 +01:00
emillumine
3c9f618564 fix automatic cleaning of consents in tests 2022-03-14 10:03:05 +01:00
emillumine
87d2fa8641 fix tests by automatically cleaning up users and groups in test teardown 2022-03-14 10:03:05 +01:00
emillumine
653e79d7a8 fix dn in case of leading space or special char in id attribute 
according to openldap doc, the default is to silently  eliminate  spaces  around  AVA  separators, RDN component separators and RDN separators
https://www.openldap.org/software/man.cgi?query=ldap_str2dn
 2022-03-14 10:03:05 +01:00
emillumine
cd1d106248 set cn without leading space when user is created without given name 2022-03-14 10:03:05 +01:00
Éloi Rivard
07d1826905 Fixed some packaging issues 2022-03-08 19:22:52 +01:00
Éloi Rivard
d15a8cdc74 Improved refresh token tests, again 2022-03-04 19:58:00 +01:00
Éloi Rivard
db2e11c16e Improved refresh token tests 2022-03-04 19:07:52 +01:00
Camille
0db07fa36f fix: groups are saved even when invited user does not have read permission on groups 2022-03-04 18:13:57 +01:00
Camille
a3c4db7a53 fix: handle token not found in token view 2022-03-03 10:05:14 +01:00
Éloi Rivard
a36dfb21fb Removed an useless test 2022-02-23 10:49:49 +01:00
Éloi Rivard
3411e27c85 Improved admin token list and code list templates 2022-02-19 17:53:05 +01:00
Éloi Rivard
a74d68aee1 AuthorizationCode and Token have a new id parameter 2022-02-16 18:00:30 +01:00
Éloi Rivard
7851e8e31f improved token admin page template 2022-02-03 09:51:04 +01:00
Éloi Rivard
1d0f1e2f24 LdapObject an have attribute name different than the schema 2022-01-18 18:04:25 +01:00
Éloi Rivard
52e802b34f split oidc code from the rest 2022-01-11 20:31:55 +01:00
Éloi Rivard
16d2d71194 split oidc tests from the rest 2022-01-11 19:42:26 +01:00
Éloi Rivard
3d69e5cdb4 restore data after unit tests 2022-01-11 19:32:55 +01:00
Éloi Rivard
aef552e9aa removed an avoidable clean fixture 2022-01-11 18:32:53 +01:00
Stéphane Blondon
4d24962544 surname is required when the user is created or updated 2022-01-07 15:19:05 +01:00
Éloi Rivard
5a99a48831 Invited users can choose their uid 2022-01-01 18:41:04 +01:00
Camille
db1d011a3b invitations expire after 48h 2022-01-01 10:56:48 +00:00
Éloi Rivard
39e1725438 Fixed fixtures 2021-12-31 17:41:05 +01:00
Éloi Rivard
d839dd763d admin: email debugging form 2021-12-23 19:21:29 +01:00
emillumine
05d4800f94 fix bug: groups were not saved on user creation 2021-12-22 16:09:03 +01:00
Éloi Rivard
50af2e3e72 pre-commit tox test 2021-12-20 23:57:27 +01:00
Éloi Rivard
f4c04d9666 Default configuration and test client use user avatars 2021-12-13 22:50:53 +01:00
Éloi Rivard
951fce2725 JWT mapping use jinja 2021-12-12 16:17:13 +01:00
Éloi Rivard
18e4b0c42c Documentation improvements 2021-12-12 15:38:32 +01:00
Éloi Rivard
14480020cb Group description 2021-12-10 17:16:33 +01:00
Camille
cefeac4e5b customize jwt claims with format string in config file 2021-12-10 14:56:43 +00:00
Éloi Rivard
0053369604 jpegPhoto profile form 2021-12-09 18:26:11 +01:00
Éloi Rivard
65dd61c524 python to ldap two-ways serialization 2021-12-08 15:53:20 +01:00
Éloi Rivard
015d410fb6 ldaputils variable renaming 2021-12-08 15:06:57 +01:00
Éloi Rivard
adda4832f0 Login placeholder depends on the USER_FILTER configuration attribute 2021-12-07 20:16:46 +01:00
Éloi Rivard
788fa4cf7c invitation: users can just generate a link without sending a mail 2021-12-07 18:50:53 +01:00
Éloi Rivard
720459d162 Disabled invitation and password reset when no smtp server has been configured 2021-12-07 17:12:46 +01:00
Éloi Rivard
d789a9b71c Groups can be read-only instead of disabled 2021-12-07 15:09:55 +01:00
Éloi Rivard
3645171dd8 Option to not use OIDC 2021-12-07 00:16:42 +01:00
Éloi Rivard
65f4af31d5 Redirecting login page to profile page when user is already connected 2021-12-06 23:17:08 +01:00
Éloi Rivard
6d0ca15521 Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 21:49:38 +01:00
Éloi Rivard
cad1b6c274 Escape filters 2021-12-06 15:48:30 +01:00
Éloi Rivard
57e4830c82 lazy group loading 2021-12-06 14:52:10 +01:00
Éloi Rivard
02c626129d Fixed unit tests 2021-12-06 14:24:47 +01:00
Éloi Rivard
d2611abadb Permissions overhaul 2021-12-03 14:37:24 +01:00
Éloi Rivard
d8a3696b41 fixed user password on account creation 2021-12-01 13:22:21 +01:00
Éloi Rivard
3ac4ddb490 invitation links 2021-12-01 12:19:28 +01:00
Éloi Rivard
4f82b9eca4 profile hashes take the user email in account 2021-11-30 14:56:39 +01:00
Éloi Rivard
ee72f03786 Installation command 2021-11-24 14:14:04 +01:00
Éloi Rivard
1586bb5a55 install command creates jwt keypair 2021-11-24 13:15:35 +01:00
Éloi Rivard
f10bc616f8 install command tests 2021-11-24 13:15:35 +01:00
Éloi Rivard
12bc13afd3 Moved command tests 2021-11-24 13:15:35 +01:00
Éloi Rivard
daa82bcff5 basic installation command 2021-11-24 13:15:35 +01:00
Éloi Rivard
8bffd645d1 password flow: allow other token endpoint authentication methods 2021-11-21 13:23:08 +01:00
Éloi Rivard
033639a955 Logging is configurable 2021-10-31 14:40:12 +01:00
Éloi Rivard
7e5dccd7eb Merge branch 'issue-50-theming' into 'master' 
use flask-themer to allow theme customization

Closes #50

See merge request yaal/canaille!15
 2021-10-29 15:11:14 +00:00
Camille
4e816180f4 Merge branch 'issue-72-group-bug' into 'master' 
Fix bug on groups with non-existent members

Closes #72

See merge request yaal/canaille!14
 2021-10-29 15:07:16 +00:00
Eloi Rivard
c0f53c8e6e use flask-themer to allow theme customization 2021-10-29 17:05:32 +02:00
Éloi Rivard
7b7edc81cb black 2021-10-29 14:20:06 +02:00
Camille
402a16f9f3 Fix bug on groups with non-existent members 2021-10-29 14:19:46 +02:00
Eloi Rivard
c9df8fb5b3 Updated consents when a larger scope is required 2021-10-27 09:31:24 +02:00
Éloi Rivard
334aec35d9 'check' command check ldap permissions 2021-10-26 22:49:36 +02:00
Éloi Rivard
0e6dd4f7ed Implemented client pre-authorization 2021-10-20 12:15:55 +02:00