9793b7461b
providers/oidc: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
2020-07-25 21:35:38 +02:00
9c1a824dc4
providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret
2020-07-25 21:34:14 +02:00
37a432267d
Squashed commit of the following:
...
commit 88029a43354040eb9619c9663a08daa3d92ebc0a6fa825e3726aefd072c8ac2dd3611f74e628ce9cd4ee18ee32
2020-07-20 18:17:14 +02:00
37b2400cdb
lib: move SAML timestring utils into lib
2020-07-20 11:35:16 +02:00
b452e751ea
flows: add SESSION_KEY_APPLICATION_PRE
...
whenever a user tries to access an application without being authenticated to passbook, we now show notice which application they are going to continue to.
2020-07-12 22:47:46 +02:00
f7b9de1261
*/saml: fix MetadataProcessor having generic namespace prefixes
2020-07-12 18:40:43 +02:00
1675dab314
providers/saml: fix encoding for POST bindings
2020-07-12 17:58:38 +02:00
be6f342e58
providers/saml: fix RelayState being included when None given
2020-07-12 17:22:14 +02:00
464b558a02
*/saml: fix typo
2020-07-12 17:20:41 +02:00
d1151091cd
providers/saml: Generate NameID Value based on NameID Policy received
2020-07-12 17:06:35 +02:00
f8e5383ba2
providers/saml: parse NameID Policy from AuthnRequest
2020-07-12 17:05:48 +02:00
0ff4545bab
providers/saml: fix AuthnRequest Signature validation, add unittests
2020-07-12 16:17:53 +02:00
a393097504
*/saml: start implementing unittests, fix signing
2020-07-12 01:44:34 +02:00
2056b86ce7
providers/saml: rewrite SAML AuthNRequest Parser and Response Processor
2020-07-11 14:06:42 +02:00
1b0c013d8e
providers/saml: remove processor_path field
2020-07-11 13:28:10 +02:00
92a09be8c0
sources/saml: rewrite Processors and Views to directly build XML without templates
2020-07-11 01:02:55 +02:00
d831599608
core: make autosubmit_form generic template
2020-07-08 14:27:58 +02:00
1524880eec
core: add generic login/base_full template for static login views
2020-07-08 14:17:29 +02:00
0bfb623f97
providers/saml: fix autosubmit_form using wrong template
2020-07-08 14:12:44 +02:00
2dc1b65718
ui: fix modal layout
2020-07-06 20:50:14 +02:00
2402cfe29d
providers/* use name for __str__
2020-07-05 23:00:40 +02:00
bead19c64c
flows: cleanup denied view, use everywhere
2020-07-02 13:48:42 +02:00
ae83ee6d31
providers/saml: fix access result not being checked properly
2020-07-02 00:23:52 +02:00
bd40585247
providers/samlv2: remove SAMLv2 from master
2020-07-01 23:21:58 +02:00
cc0b8164b0
providers/*: use PolicyAccessMixin to simplify
2020-07-01 23:18:10 +02:00
3b70d12a5f
*: rephrase strings
2020-07-01 18:40:52 +02:00
d33f632203
flows: add CancelView to cancel current flow execution
2020-06-30 00:11:01 +02:00
c0d8aa2303
sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings
2020-06-24 13:12:34 +02:00
4d81172a48
providers/oauth: add support for consent stage, cleanup
2020-06-20 23:30:53 +02:00
c97b946a00
providers/saml: make SAML provider compatible with consent
2020-06-20 22:30:45 +02:00
3753275453
providers/saml: make metadata accessible without authentication
2020-06-20 21:51:52 +02:00
e4cb9b7ff9
providers/saml: fix provider has no attribute sp_binding
2020-06-20 21:49:48 +02:00
a0f05caf8e
providers/saml: move templates into correct folder
2020-06-20 21:49:16 +02:00
42e9ce4f72
providers/*: fix plan stages not being injected properly
2020-06-20 19:40:25 +02:00
331faa53bc
providers/saml: fix metadata template using wrong templates
2020-06-20 19:35:48 +02:00
03b1a67b44
flows: change wording of consent on flows
2020-06-19 20:33:41 +02:00
3a40e50fa0
providers/oidc: add template for consent
2020-06-19 20:19:31 +02:00
73e7158178
e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes
2020-06-19 19:45:27 +02:00
8c6a4a4968
e2e: test against standalone chrome instance, start implementing oidc provider test
2020-06-19 18:19:20 +02:00
bdf0e74af3
docs: add supported scopes of oauth provider
2020-06-18 19:39:58 +02:00
5e8a1e3c0d
*: make email naming consistent
2020-06-18 19:35:59 +02:00
6f0e292c43
root: add lgtm
2020-06-15 11:56:20 +02:00
bd312b60fc
gatekeeper: update upstream docker image
2020-06-09 09:26:03 +02:00
ee8313142f
Merge branch 'docs-flows'
...
# Conflicts:
# passbook/core/templates/partials/form_horizontal.html
2020-06-08 15:43:46 +02:00
4915205678
WIP Use Flows for Sources and Providers ( #32 )
...
* core: start migrating to flows for authorisation
* sources/oauth: start type-hinting
* core: create default user
* core: only show user delete button if an unenrollment flow exists
* flows: Correctly check initial policies on flow with context
* policies: add more verbosity to engine
* sources/oauth: migrate to flows
* sources/oauth: fix typing errors
* flows: add more tests
* sources/oauth: start implementing unittests
* sources/ldap: add option to disable user sync, move connection init to model
* sources/ldap: re-add default PropertyMappings
* providers/saml: re-add default PropertyMappings
* admin: fix missing stage count
* stages/identification: fix sources not being shown
* crypto: fix being unable to save with private key
* crypto: re-add default self-signed keypair
* policies: rewrite cache_key to prevent wrong cache
* sources/saml: migrate to flows for auth and enrollment
* stages/consent: add new stage
* admin: fix PropertyMapping widget not rendering properly
* core: provider.authorization_flow is mandatory
* flows: add support for "autosubmit" attribute on form
* flows: add InMemoryStage for dynamic stages
* flows: optionally allow empty flows from FlowPlanner
* providers/saml: update to authorization_flow
* sources/*: fix flow executor URL
* flows: fix pylint error
* flows: wrap responses in JSON object to easily handle redirects
* flow: dont cache plan's context
* providers/oauth: rewrite OAuth2 Provider to use flows
* providers/*: update docstrings of models
* core: fix forms not passing help_text through safe
* flows: fix HttpResponses not being converted to JSON
* providers/oidc: rewrite to use flows
* flows: fix linting
2020-06-07 16:35:08 +02:00
7664b428e7
sources/ldap: fix expression field not being CodeMirror
2020-06-05 20:18:45 +02:00
30ca926b38
docs: remove last occurrences to jinja2
2020-06-05 20:18:11 +02:00
73116b9d1a
policies/expression: migrate to raw python instead of jinja2 ( #49 )
...
* policies/expression: migrate to raw python instead of jinja2
* lib/expression: create base evaluator, custom subclass for policies
* core: rewrite propertymappings to use python
* providers/saml: update to new PropertyMappings
* sources/ldap: update to new PropertyMappings
* docs: update docs for new propertymappings
* root: remove jinja2
* root: re-add jinja to lock file as its implicitly required
2020-06-05 12:00:27 +02:00
8080b0380e
providers/saml: re-add default PropertyMappings
2020-06-02 17:00:03 +02:00
df8995deed
policies/*: remove Policy.negate, order, timeout ( #39 )
...
policies: rewrite engine to use PolicyBinding for order/negate/timeout
policies: rewrite engine to use PolicyResult instead of tuple
2020-05-28 21:45:54 +02:00
e2804b9755
root: fix linting errors
2020-05-27 11:26:48 +02:00
beabba2890
flows: Load Stages without refreshing the whole page ( #33 )
...
* flows: initial implementation of FlowExecutorShell
* flows: load messages dynamically upon card refresh
2020-05-24 00:57:25 +02:00
24a3e787dd
migrate to per-model UUID Primary key, remove UUIDModel ( #26 )
...
* *: migrate to per-model UUID Primary key, remove UUIDModel
* *: fix import order, fix unittests
2020-05-20 09:17:06 +02:00
c903c81bd5
root: update pylint ignore list
2020-05-18 18:15:39 +02:00
7bd65120b9
*: migrate from PolicyModel to PolicyBindingModel, move Policy to passbook_policies
2020-05-16 18:07:00 +02:00
406f69080b
Revert "*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through"
...
This reverts commit 7ed3ceb960
2020-05-16 16:02:42 +02:00
7ed3ceb960
*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through
2020-05-16 14:03:57 +02:00
a5319fc2fe
*: rename templatetags to clearly identify
2020-05-15 10:54:31 +02:00
80c3246333
policies/expression: add pb_flow_plan variable
2020-05-13 18:44:36 +02:00
e12780f78f
flows: add invalidation designation, use as default logout action
2020-05-11 01:12:57 +02:00
3456527f10
providers/saml: fix minor typing issue
2020-05-09 20:54:11 +02:00
114bb1b0bd
flows: implement planner, start new executor
2020-05-08 14:33:14 +02:00
97b5d120f8
providers/oauth: fix default cors settings
2020-05-08 11:26:26 +02:00
179f0097c0
provider/samlv2: more samlv2 progres
2020-05-07 19:25:15 +02:00
b40bffdf38
providers/samlv2: start implementing new SAML Provider
2020-05-07 01:20:08 +02:00
813dd2894f
*: add pyright type checking
2020-05-07 00:32:03 +02:00
80d90b91e8
core: add general admin.py loader, remove individual files
2020-05-07 00:05:10 +02:00
fff05e35ac
providers/saml: optionally verify SAML Signature
2020-05-06 18:03:12 +02:00
5f4452470b
providers/saml: fix metadata rendering when no singing keypair is selected
...
closes PASSBOOK-44
2020-04-10 21:54:23 +02:00
9a1270c693
providers/saml: fix wrong signing property being checked
...
closes PASSBOOK-45
2020-04-10 21:52:03 +02:00
f2119ce567
providers/saml: fix signing_kp typo
2020-03-05 17:09:08 +01:00
80a50f9bdb
providers/saml: switch to new crypto
2020-03-03 23:35:50 +01:00
f6c322be27
providers/oidc: fix skip_authorization not being synced to oidc_client
2020-03-02 17:40:38 +01:00
a144552059
providers/oidc: fill claims with userinfo
2020-03-01 22:55:56 +01:00
45bd63c720
api: update old field names
2020-02-28 11:48:55 +01:00
64f15eadbd
providers/saml: fix CSRF errors with POST binding
2020-02-28 10:50:16 +01:00
81b66ecdcd
core: remove some more dead code, add more help texts for factors
2020-02-27 16:39:30 +01:00
9b72c604dd
docs: fix some typos
2020-02-27 13:00:55 +01:00
b8daab4377
providers/saml: fix AccessRequiredView.dispatch not being called
2020-02-25 11:38:26 +01:00
c5b91bdae8
providers/saml: fix CannotHandleAssertion Error still being sent to sentry
2020-02-24 19:14:43 +01:00
39a208c55f
providers/saml: fix wrong key being used for params
2020-02-24 17:48:03 +01:00
a5bfef9b6b
providers/saml: fix leftover data in session, fix IdP initiated login
...
move can_handle calls to binding endpoints (/login/ and /login/initiate/), so that /login/authorize/ works either way, can clean up the session and audit
2020-02-24 17:34:52 +01:00
22838e66fe
providers/saml: fix users being able to authenticate without audit logs being created
2020-02-24 14:40:12 +01:00
484dd6de09
providers/oidc: add error template
2020-02-24 14:19:02 +01:00
4daa70c894
core: fix saving of policy not correctly clearing it's cache
2020-02-24 13:15:52 +01:00
f8599438df
ui: fix lists not being rendered correctly
2020-02-24 13:13:42 +01:00
155c9a4c3f
ui: update remaining forms, completely remove jQuery
2020-02-24 13:13:28 +01:00
521a8b5356
ui: update more remaining templates
2020-02-23 22:49:56 +01:00
8dbbe9102b
ui: fix application grid icons, fix SAML Authorize
2020-02-21 22:16:58 +01:00
a3ae827839
ui: centrally load CodeMirror and init via data tag
2020-02-21 21:02:03 +01:00
88c1ad4c1c
providers/saml: fix 500 when SAML Provider not assigned to application
2020-02-21 20:54:00 +01:00
1147c4901b
ui: clean up some more remaining templates
2020-02-21 20:40:40 +01:00
a09a1793ec
ui: update templates for jinja2-related fields
2020-02-21 15:36:37 +01:00
9440d24358
static: use codemirror from npm
2020-02-21 15:18:13 +01:00
b6326f399c
ui: clean up more generic forms, remove is_login everywhere
2020-02-21 15:00:45 +01:00
ea6a1422f7
ui: rewrite admin templates to pf4, add some helper scripts
2020-02-21 14:20:16 +01:00
d988f37afc
lib: add SentryIgnoredException, to easily ignore exceptions from sentry
2020-02-20 21:38:53 +01:00
38a22ddf13
providers/saml: cleanup encoding
2020-02-20 21:33:10 +01:00
d06f1abb89
providers/saml: add POST binding support to Metadata
2020-02-20 17:38:42 +01:00
027a64fad2
providers/saml: change default NameID Format to emailAddress
2020-02-20 17:37:09 +01:00
Jens Langhammer
Jens L