Compare commits
18 Commits
version/0.
...
version/0.
| Author | SHA1 | Date | |
|---|---|---|---|
| 804ae15c2e | |||
| b35a9fad86 | |||
| a4f83bd28a | |||
| 796f83c3d0 | |||
| 2099bbb713 | |||
| 67beba8f78 | |||
| a798412e17 | |||
| 3b2c2d781f | |||
| 98c844f3d6 | |||
| 2645bd0132 | |||
| 2c4fc56b49 | |||
| 0ec1468058 | |||
| 5d1a3043b2 | |||
| b46958d1f9 | |||
| 5daa8d5fe3 | |||
| 31846f1d05 | |||
| 1fac964b8b | |||
| dfa6ed8ac2 |
@ -1,5 +1,5 @@
|
||||
[bumpversion]
|
||||
current_version = 0.1.37-beta
|
||||
current_version = 0.2.2-beta
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
||||
|
||||
@ -22,7 +22,7 @@ create-build-image:
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.beryju.org/passbook/build-base:latest --destination docker.beryju.org/passbook/build-base:0.1.37-beta
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.build-base --destination docker.beryju.org/passbook/build-base:latest --destination docker.beryju.org/passbook/build-base:0.2.2-beta
|
||||
stage: build-buildimage
|
||||
only:
|
||||
refs:
|
||||
@ -63,7 +63,7 @@ package-docker:
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.1.37-beta
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.2.2-beta
|
||||
stage: build
|
||||
only:
|
||||
- tags
|
||||
|
||||
@ -3,7 +3,7 @@ from setuptools import setup
|
||||
|
||||
setup(
|
||||
name='django-allauth-passbook',
|
||||
version='0.1.37-beta',
|
||||
version='0.2.2-beta',
|
||||
description='passbook support for django-allauth',
|
||||
# long_description='\n'.join(read_simple('docs/index.md')[2:]),
|
||||
long_description_content_type='text/markdown',
|
||||
|
||||
@ -18,7 +18,7 @@ tests_require = [
|
||||
|
||||
setup(
|
||||
name='sentry-auth-passbook',
|
||||
version='0.1.37-beta',
|
||||
version='0.2.2-beta',
|
||||
author='BeryJu.org',
|
||||
author_email='support@beryju.org',
|
||||
url='https://passbook.beryju.org',
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
apiVersion: v1
|
||||
appVersion: "0.1.37-beta"
|
||||
appVersion: "0.2.2-beta"
|
||||
description: A Helm chart for passbook.
|
||||
name: passbook
|
||||
version: "0.1.37-beta"
|
||||
version: "0.2.2-beta"
|
||||
icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
tag: 0.1.37-beta
|
||||
tag: 0.2.2-beta
|
||||
|
||||
nameOverride: ""
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ import os
|
||||
import sys
|
||||
|
||||
if __name__ == '__main__':
|
||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.core.settings')
|
||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')
|
||||
try:
|
||||
from django.core.management import execute_from_command_line
|
||||
except ImportError as exc:
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook admin"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
<tr>
|
||||
<td>{{ source.name }}</td>
|
||||
<td>{{ source|fieldtype }}</td>
|
||||
<td>{{ source.additional_info }}</td>
|
||||
<td>{{ source.additional_info|safe }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
|
||||
@ -5,9 +5,9 @@ from django.views.generic import TemplateView
|
||||
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core import __version__
|
||||
from passbook.core.celery import CELERY_APP
|
||||
from passbook.core.models import (Application, Factor, Invitation, Policy,
|
||||
Provider, Source, User)
|
||||
from passbook.root.celery import CELERY_APP
|
||||
|
||||
|
||||
class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook api"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook Application Security Gateway Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook audit Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -22,7 +22,7 @@ class AuditEntry(UUIDModel):
|
||||
ACTION_AUTHORIZE_APPLICATION = 'authorize_application'
|
||||
ACTION_SUSPICIOUS_REQUEST = 'suspicious_request'
|
||||
ACTION_SIGN_UP = 'sign_up'
|
||||
ACTION_PASSWORD_RESET = 'password_reset' # noqa
|
||||
ACTION_PASSWORD_RESET = 'password_reset' # noqa # nosec
|
||||
ACTION_INVITE_CREATED = 'invitation_created'
|
||||
ACTION_INVITE_USED = 'invitation_used'
|
||||
ACTIONS = (
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook captcha_factor Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook core"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -14,6 +14,7 @@ class PassbookCoreConfig(AppConfig):
|
||||
name = 'passbook.core'
|
||||
label = 'passbook_core'
|
||||
verbose_name = 'passbook Core'
|
||||
mountpoint = ''
|
||||
|
||||
def ready(self):
|
||||
import_module('passbook.core.policies')
|
||||
|
||||
@ -29,6 +29,7 @@ class AuthenticationView(UserPassesTestMixin, View):
|
||||
SESSION_PENDING_FACTORS = 'passbook_pending_factors'
|
||||
SESSION_PENDING_USER = 'passbook_pending_user'
|
||||
SESSION_USER_BACKEND = 'passbook_user_backend'
|
||||
SESSION_IS_SSO_LOGIN = 'passbook_sso_login'
|
||||
|
||||
pending_user = None
|
||||
pending_factors = []
|
||||
@ -79,6 +80,10 @@ class AuthenticationView(UserPassesTestMixin, View):
|
||||
if AuthenticationView.SESSION_FACTOR not in request.session:
|
||||
# Case when no factors apply to user, return error denied
|
||||
if not self.pending_factors:
|
||||
# Case when user logged in from SSO provider and no more factors apply
|
||||
if AuthenticationView.SESSION_IS_SSO_LOGIN in request.session:
|
||||
LOGGER.debug("User authenticated with SSO, logging in...")
|
||||
return self._user_passed()
|
||||
return self.user_invalid()
|
||||
factor_uuid, factor_class = self.pending_factors[0]
|
||||
else:
|
||||
|
||||
@ -27,7 +27,8 @@ class PasswordFactorForm(forms.ModelForm):
|
||||
'order': forms.NumberInput(),
|
||||
'policies': FilteredSelectMultiple(_('policies'), False),
|
||||
'backends': FilteredSelectMultiple(_('backends'), False,
|
||||
choices=get_authentication_backends())
|
||||
choices=get_authentication_backends()),
|
||||
'password_policies': FilteredSelectMultiple(_('password policies'), False),
|
||||
}
|
||||
|
||||
class DummyFactorForm(forms.ModelForm):
|
||||
|
||||
@ -5,7 +5,7 @@ from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
|
||||
GroupMembershipPolicy, PasswordPolicy,
|
||||
WebhookPolicy)
|
||||
SSOLoginPolicy, WebhookPolicy)
|
||||
|
||||
GENERAL_FIELDS = ['name', 'action', 'negate', 'order', 'timeout']
|
||||
|
||||
@ -63,6 +63,19 @@ class GroupMembershipPolicyForm(forms.ModelForm):
|
||||
fields = GENERAL_FIELDS + ['group', ]
|
||||
widgets = {
|
||||
'name': forms.TextInput(),
|
||||
'order': forms.NumberInput(),
|
||||
}
|
||||
|
||||
class SSOLoginPolicyForm(forms.ModelForm):
|
||||
"""Edit SSOLoginPolicy instances"""
|
||||
|
||||
class Meta:
|
||||
|
||||
model = SSOLoginPolicy
|
||||
fields = GENERAL_FIELDS
|
||||
widgets = {
|
||||
'name': forms.TextInput(),
|
||||
'order': forms.NumberInput(),
|
||||
}
|
||||
|
||||
class PasswordPolicyForm(forms.ModelForm):
|
||||
|
||||
@ -25,5 +25,6 @@ class Command(BaseCommand):
|
||||
'-p', str(CONFIG.y('web.port', 8000)),
|
||||
'-b', CONFIG.y('web.listen', '0.0.0.0'), # nosec
|
||||
'--access-log', '/dev/null',
|
||||
'passbook.core.asgi:application'
|
||||
'--application-close-timeout', '500',
|
||||
'passbook.root.asgi:application'
|
||||
])
|
||||
|
||||
@ -5,7 +5,7 @@ from logging import getLogger
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.utils import autoreload
|
||||
|
||||
from passbook.core.celery import CELERY_APP
|
||||
from passbook.root.celery import CELERY_APP
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
||||
25
passbook/core/migrations/0024_ssologinpolicy.py
Normal file
25
passbook/core/migrations/0024_ssologinpolicy.py
Normal file
@ -0,0 +1,25 @@
|
||||
# Generated by Django 2.2 on 2019-04-29 21:14
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('passbook_core', '0023_remove_user_applications'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name='SSOLoginPolicy',
|
||||
fields=[
|
||||
('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'SSO Login Policy',
|
||||
'verbose_name_plural': 'SSO Login Policies',
|
||||
},
|
||||
bases=('passbook_core.policy',),
|
||||
),
|
||||
]
|
||||
@ -165,9 +165,10 @@ class Source(PolicyModel):
|
||||
|
||||
name = models.TextField()
|
||||
slug = models.SlugField()
|
||||
form = '' # ModelForm-based class ued to create/edit instance
|
||||
enabled = models.BooleanField(default=True)
|
||||
|
||||
form = '' # ModelForm-based class ued to create/edit instance
|
||||
|
||||
objects = InheritanceManager()
|
||||
|
||||
@property
|
||||
@ -409,6 +410,21 @@ class GroupMembershipPolicy(Policy):
|
||||
verbose_name = _('Group Membership Policy')
|
||||
verbose_name_plural = _('Group Membership Policies')
|
||||
|
||||
class SSOLoginPolicy(Policy):
|
||||
"""Policy that applies to users that have authenticated themselves through SSO"""
|
||||
|
||||
form = 'passbook.core.forms.policies.SSOLoginPolicyForm'
|
||||
|
||||
def passes(self, user):
|
||||
"""Check if user instance passes this policy"""
|
||||
from passbook.core.auth.view import AuthenticationView
|
||||
return user.session.get(AuthenticationView.SESSION_IS_SSO_LOGIN, False), ""
|
||||
|
||||
class Meta:
|
||||
|
||||
verbose_name = _('SSO Login Policy')
|
||||
verbose_name_plural = _('SSO Login Policies')
|
||||
|
||||
class Invitation(UUIDModel):
|
||||
"""Single-use invitation link"""
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ from celery.exceptions import TimeoutError as CeleryTimeoutError
|
||||
from django.core.cache import cache
|
||||
from ipware import get_client_ip
|
||||
|
||||
from passbook.core.celery import CELERY_APP
|
||||
from passbook.core.models import Policy, User
|
||||
from passbook.root.celery import CELERY_APP
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
@ -74,6 +74,7 @@ class PolicyEngine:
|
||||
cached_policies = []
|
||||
kwargs = {
|
||||
'__password__': getattr(self.__user, '__password__', None),
|
||||
'session': dict(getattr(self.__request, 'session', {}).items()),
|
||||
}
|
||||
if self.__request:
|
||||
kwargs['remote_ip'], _ = get_client_ip(self.__request)
|
||||
|
||||
@ -6,9 +6,9 @@ from django.core.mail import EmailMultiAlternatives
|
||||
from django.template.loader import render_to_string
|
||||
from django.utils.html import strip_tags
|
||||
|
||||
from passbook.core.celery import CELERY_APP
|
||||
from passbook.core.models import Nonce
|
||||
from passbook.lib.config import CONFIG
|
||||
from passbook.root.celery import CELERY_APP
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
||||
@ -1,25 +1,14 @@
|
||||
"""passbook URL Configuration"""
|
||||
from logging import getLogger
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import admin
|
||||
from django.urls import include, path
|
||||
from django.views.generic import RedirectView
|
||||
from django.urls import path
|
||||
|
||||
from passbook.core.auth import view
|
||||
from passbook.core.views import authentication, error, overview, user
|
||||
from passbook.lib.utils.reflection import get_apps
|
||||
from passbook.core.views import authentication, overview, user
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
admin.autodiscover()
|
||||
admin.site.login = RedirectView.as_view(pattern_name='passbook_core:auth-login')
|
||||
|
||||
handler400 = error.BadRequestView.as_view()
|
||||
handler403 = error.ForbiddenView.as_view()
|
||||
handler404 = error.NotFoundView.as_view()
|
||||
handler500 = error.ServerErrorView.as_view()
|
||||
|
||||
core_urls = [
|
||||
urlpatterns = [
|
||||
# Authentication views
|
||||
path('auth/login/', authentication.LoginView.as_view(), name='auth-login'),
|
||||
path('auth/logout/', authentication.LogoutView.as_view(), name='auth-logout'),
|
||||
@ -39,27 +28,3 @@ core_urls = [
|
||||
# Overview
|
||||
path('', overview.OverviewView.as_view(), name='overview'),
|
||||
]
|
||||
|
||||
urlpatterns = [
|
||||
# Core (include our own URLs so namespaces are used everywhere)
|
||||
path('', include((core_urls, 'passbook_core'), namespace='passbook_core')),
|
||||
]
|
||||
|
||||
for _passbook_app in get_apps():
|
||||
if hasattr(_passbook_app, 'mountpoint'):
|
||||
_path = path(_passbook_app.mountpoint, include((_passbook_app.name+'.urls',
|
||||
_passbook_app.label),
|
||||
namespace=_passbook_app.label))
|
||||
urlpatterns.append(_path)
|
||||
LOGGER.debug("Loaded %s's URLs", _passbook_app.name)
|
||||
|
||||
urlpatterns += [
|
||||
# Administration
|
||||
path('administration/django/', admin.site.urls),
|
||||
]
|
||||
|
||||
if settings.DEBUG:
|
||||
import debug_toolbar
|
||||
urlpatterns = [
|
||||
path('__debug__/', include(debug_toolbar.urls)),
|
||||
] + urlpatterns
|
||||
|
||||
@ -71,7 +71,7 @@ class LoginView(UserPassesTestMixin, FormView):
|
||||
if not pre_user:
|
||||
# No user found
|
||||
return self.invalid_login(self.request)
|
||||
self.request.session.flush()
|
||||
# self.request.session.flush()
|
||||
self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk
|
||||
return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook hibp_policy"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""Passbook ldap app Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook lib"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -137,4 +137,6 @@ def signal_handler(sender, **kwargs):
|
||||
"""Add all loaded config files to autoreload watcher"""
|
||||
for path in CONFIG.loaded_file:
|
||||
sender.watch_file(path)
|
||||
|
||||
|
||||
autoreload_started.connect(signal_handler)
|
||||
|
||||
@ -1,17 +1,29 @@
|
||||
"""passbook sentry integration"""
|
||||
from logging import getLogger
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
||||
def before_send(event, hint):
|
||||
"""Check if error is database error, and ignore if so"""
|
||||
from django.db import OperationalError
|
||||
from django_redis.exceptions import ConnectionInterrupted
|
||||
|
||||
ignored_classes = [
|
||||
from django.db import OperationalError, InternalError
|
||||
from rest_framework.exceptions import APIException
|
||||
from billiard.exceptions import WorkerLostError
|
||||
from django.core.exceptions import DisallowedHost
|
||||
ignored_classes = (
|
||||
OperationalError,
|
||||
ConnectionInterrupted,
|
||||
]
|
||||
APIException,
|
||||
InternalError,
|
||||
ConnectionResetError,
|
||||
WorkerLostError,
|
||||
DisallowedHost,
|
||||
ConnectionResetError,
|
||||
)
|
||||
if 'exc_info' in hint:
|
||||
_exc_type, exc_value, _ = hint['exc_info']
|
||||
if isinstance(exc_value, ignored_classes):
|
||||
LOGGER.info("Supressing error %r", exc_value)
|
||||
return None
|
||||
return event
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook oauth_client Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -29,14 +29,13 @@ class OAuthSource(Source):
|
||||
def get_login_button(self):
|
||||
url = reverse_lazy('passbook_oauth_client:oauth-client-login',
|
||||
kwargs={'source_slug': self.slug})
|
||||
# if self.provider_type == 'github':
|
||||
# return url, 'github-logo', _('GitHub')
|
||||
return url, self.provider_type, self.name
|
||||
|
||||
@property
|
||||
def additional_info(self):
|
||||
return "Callback URL: '%s'" % reverse_lazy('passbook_oauth_client:oauth-client-callback',
|
||||
kwargs={'source_slug': self.slug})
|
||||
return "Callback URL: <pre>%s</pre>" % \
|
||||
reverse_lazy('passbook_oauth_client:oauth-client-callback',
|
||||
kwargs={'source_slug': self.slug})
|
||||
|
||||
def has_user_settings(self):
|
||||
"""Entrypoint to integrate with User settings. Can either return False if no
|
||||
|
||||
@ -4,7 +4,7 @@ from logging import getLogger
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import authenticate, login
|
||||
from django.contrib.auth import authenticate
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.http import Http404
|
||||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
@ -12,6 +12,7 @@ from django.urls import reverse
|
||||
from django.utils.translation import ugettext as _
|
||||
from django.views.generic import RedirectView, View
|
||||
|
||||
from passbook.core.auth.view import AuthenticationView, _redirect_with_qs
|
||||
from passbook.lib.utils.reflection import app
|
||||
from passbook.oauth_client.clients import get_client
|
||||
from passbook.oauth_client.models import OAuthSource, UserOAuthSourceConnection
|
||||
@ -128,11 +129,6 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||
"Return url to redirect on login failure."
|
||||
return settings.LOGIN_URL
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
def get_login_redirect(self, source, user, access, new=False):
|
||||
"Return url to redirect authenticated users."
|
||||
return 'passbook_core:overview'
|
||||
|
||||
def get_or_create_user(self, source, access, info):
|
||||
"Create a shell auth.User."
|
||||
raise NotImplementedError()
|
||||
@ -149,14 +145,22 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||
except KeyError:
|
||||
return None
|
||||
|
||||
def handle_login(self, user, source, access):
|
||||
"""Prepare AuthenticationView, redirect users to remaining Factors"""
|
||||
user = authenticate(source=access.source,
|
||||
identifier=access.identifier, request=self.request)
|
||||
self.request.session[AuthenticationView.SESSION_PENDING_USER] = user.pk
|
||||
self.request.session[AuthenticationView.SESSION_USER_BACKEND] = user.backend
|
||||
self.request.session[AuthenticationView.SESSION_IS_SSO_LOGIN] = True
|
||||
return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
def handle_existing_user(self, source, user, access, info):
|
||||
"Login user and redirect."
|
||||
login(self.request, user)
|
||||
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
||||
'source': self.source.name
|
||||
}))
|
||||
return redirect(self.get_login_redirect(source, user, access))
|
||||
return self.handle_login(user, source, access)
|
||||
|
||||
def handle_login_failure(self, source, reason):
|
||||
"Message user and redirect on error."
|
||||
@ -176,12 +180,9 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||
access.user = user
|
||||
access.save()
|
||||
UserOAuthSourceConnection.objects.filter(pk=access.pk).update(user=user)
|
||||
if not was_authenticated:
|
||||
user = authenticate(source=access.source,
|
||||
identifier=access.identifier, request=self.request)
|
||||
login(self.request, user)
|
||||
if app('passbook_audit'):
|
||||
pass
|
||||
# TODO: Create audit entry
|
||||
# from passbook.audit.models import something
|
||||
# something.event(user=user,)
|
||||
# Event.create(
|
||||
@ -197,10 +198,13 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||
return redirect(reverse('passbook_oauth_client:oauth-client-user', kwargs={
|
||||
'source_slug': self.source.slug
|
||||
}))
|
||||
# User was not authenticated, new user has been created
|
||||
user = authenticate(source=access.source,
|
||||
identifier=access.identifier, request=self.request)
|
||||
messages.success(self.request, _("Successfully authenticated with %(source)s!" % {
|
||||
'source': self.source.name
|
||||
}))
|
||||
return redirect(self.get_login_redirect(source, user, access, True))
|
||||
return self.handle_login(user, source, access)
|
||||
|
||||
|
||||
class DisconnectView(LoginRequiredMixin, View):
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook oauth_provider Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -20,6 +20,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'passbook_oauth_provider.OAuth2Provider'
|
||||
OAUTH2_PROVIDER = {
|
||||
# this is the list of available scopes
|
||||
'SCOPES': {
|
||||
'openid': 'Access OpenID Userinfo',
|
||||
'openid:userinfo': 'Access OpenID Userinfo',
|
||||
# 'write': 'Write scope',
|
||||
# 'groups': 'Access to your groups',
|
||||
|
||||
@ -8,16 +8,21 @@ from django.views.generic import View
|
||||
class OpenIDConfigurationView(View):
|
||||
"""Return OpenID Configuration"""
|
||||
|
||||
def get_issuer_url(self, request):
|
||||
"""Get correct issuer URL"""
|
||||
full_url = request.build_absolute_uri(reverse('passbook_oauth_provider:openid-discovery'))
|
||||
return full_url.replace(".well-known/openid-configuration", "")
|
||||
|
||||
def get(self, request: HttpRequest):
|
||||
"""Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html"""
|
||||
return JsonResponse({
|
||||
'issuer': request.build_absolute_uri(reverse('passbook_core:overview')),
|
||||
'issuer': self.get_issuer_url(request),
|
||||
'authorization_endpoint': request.build_absolute_uri(
|
||||
reverse('passbook_oauth_provider:oauth2-authorize')),
|
||||
'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')),
|
||||
"jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')),
|
||||
"scopes_supported": [
|
||||
"openid:userinfo",
|
||||
"openid",
|
||||
],
|
||||
})
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook otp Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook password_expiry"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
0
passbook/root/__init__.py
Normal file
0
passbook/root/__init__.py
Normal file
@ -8,6 +8,6 @@ import os
|
||||
import django
|
||||
from channels.routing import get_default_application
|
||||
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.core.settings")
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.root.settings")
|
||||
django.setup()
|
||||
application = get_default_application()
|
||||
@ -7,7 +7,7 @@ from celery import Celery, signals
|
||||
from django.conf import settings
|
||||
|
||||
# set the default Django settings module for the 'celery' program.
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.core.settings")
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.root.settings")
|
||||
|
||||
LOGGER = logging.getLogger(__name__)
|
||||
|
||||
@ -132,7 +132,7 @@ MIDDLEWARE = [
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
]
|
||||
|
||||
ROOT_URLCONF = 'passbook.core.urls'
|
||||
ROOT_URLCONF = 'passbook.root.urls'
|
||||
|
||||
TEMPLATES = [
|
||||
{
|
||||
41
passbook/root/urls.py
Normal file
41
passbook/root/urls.py
Normal file
@ -0,0 +1,41 @@
|
||||
"""passbook URL Configuration"""
|
||||
from logging import getLogger
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import admin
|
||||
from django.urls import include, path
|
||||
from django.views.generic import RedirectView
|
||||
|
||||
from passbook.core.views import error
|
||||
from passbook.lib.utils.reflection import get_apps
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
admin.autodiscover()
|
||||
admin.site.login = RedirectView.as_view(pattern_name='passbook_core:auth-login')
|
||||
|
||||
handler400 = error.BadRequestView.as_view()
|
||||
handler403 = error.ForbiddenView.as_view()
|
||||
handler404 = error.NotFoundView.as_view()
|
||||
handler500 = error.ServerErrorView.as_view()
|
||||
|
||||
urlpatterns = [
|
||||
]
|
||||
|
||||
for _passbook_app in get_apps():
|
||||
if hasattr(_passbook_app, 'mountpoint'):
|
||||
_path = path(_passbook_app.mountpoint, include((_passbook_app.name+'.urls',
|
||||
_passbook_app.label),
|
||||
namespace=_passbook_app.label))
|
||||
urlpatterns.append(_path)
|
||||
LOGGER.debug("Loaded %s's URLs", _passbook_app.name)
|
||||
|
||||
urlpatterns += [
|
||||
# Administration
|
||||
path('administration/django/', admin.site.urls),
|
||||
]
|
||||
|
||||
if settings.DEBUG:
|
||||
import debug_toolbar
|
||||
urlpatterns = [
|
||||
path('__debug__/', include(debug_toolbar.urls)),
|
||||
] + urlpatterns
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook saml_idp Header"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -54,3 +54,6 @@ class SAMLPropertyMappingForm(forms.ModelForm):
|
||||
field_classes = {
|
||||
'values': DynamicArrayField
|
||||
}
|
||||
help_texts = {
|
||||
'values': 'String substitution uses a syntax like "{variable} test}".'
|
||||
}
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook suspicious_policy"""
|
||||
__version__ = '0.1.37-beta'
|
||||
__version__ = '0.2.2-beta'
|
||||
|
||||
@ -5,7 +5,7 @@ isort
|
||||
astroid==2.0.4
|
||||
pylint==2.1.1
|
||||
pylint-django==2.0.2
|
||||
prospector
|
||||
prospector==1.1.5
|
||||
django-debug-toolbar
|
||||
pycodestyle<2.4.0,>=2.0.0
|
||||
bumpversion
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
-r passbook/core/requirements.txt
|
||||
-r passbook/root/requirements.txt
|
||||
-r passbook/oauth_client/requirements.txt
|
||||
-r passbook/ldap/requirements.txt
|
||||
-r passbook/saml_idp/requirements.txt
|
||||
@ -7,4 +7,4 @@
|
||||
-r passbook/captcha_factor/requirements.txt
|
||||
-r passbook/admin/requirements.txt
|
||||
-r passbook/api/requirements.txt
|
||||
-r passbook/app_gw/requirements.txt
|
||||
-r passbook/app_gw/requirements.txt
|
||||
|
||||
Reference in New Issue
Block a user