Commit graph

319 commits

Author SHA1 Message Date
Yohann D'ANELLO
251cfb9b49
Construct a middleware without a get_response function is deprecated and will not work in a future release.
Signed-off-by: Yohann D'ANELLO <ynerant@¢rans.org>
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2020-12-22 23:07:33 +01:00
Yohann D'ANELLO
d62def6d6b
django.conf.urls is deprecated and will be removed in Django 4.0, use django.urls.re_path instead
Signed-off-by: Yohann D'ANELLO <ynerant@¢rans.org>
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2020-12-22 23:07:33 +01:00
Yohann D'ANELLO
10b389e7be
With Python 3.9, the crypt function raises an OSError
See https://bugs.python.org/issue39289

Signed-off-by: Yohann D'ANELLO <ynerant@¢rans.org>
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2020-12-22 23:07:33 +01:00
Valentin Samir
c3e2fdecfe Update to version 1.2.0 2020-07-05 15:27:15 +02:00
Théophile Bastian
b7c7c0f0ba Service URL: keep blank GET arguments
When a service URL contains GET arguments with no associated value, eg
  http://example.com/?foo=a&bar
only the arguments with value are kept, yielding
  http://example.com/?foo=a&ticket=<TICKET>
losing `bar` in the process
2020-07-05 14:52:01 +02:00
Yohann D'ANELLO
9cd44aa8aa Code quality 2020-07-05 14:52:01 +02:00
Yohann D'ANELLO
4129687e41 Support Django 2.2 and 3.0 2020-07-05 14:52:01 +02:00
Théophile Bastian
f4b4428b94 Fix CRYPT-DES hash method for LDAP
The LDAP-formatted passwords using
[Crypt encoding](https://en.wikipedia.org/wiki/Crypt_(C))
can be hashed in many ways, inlcuding the old and deprecated DES and
BSDi methods.

The usual formatting for Crypt method consists in
  $method$salt$pass_hash
but those two deprecated methods are not encoded this way, and
`get_salt` would fail on those, yielding Error 500.
2020-07-05 14:52:01 +02:00
erdnaxe
aa88bf7a67 Bootstrap 4 templates (#47) 2020-07-05 14:52:01 +02:00
Valentin Samir
bd9aedd1b4 Update to version 1.1.0 2019-03-02 11:37:11 +01:00
Valentin Samir
378f70fac9 Fix deprecation warning for {% load staticfiles %} and django.contrib.staticfiles 2019-03-02 11:31:18 +01:00
Valentin Samir
9ee95f0bec Fix checkbox position on the login page 2019-03-02 11:23:16 +01:00
钟雪松
f4ece7f1f2 set ldap3 client_strategy from sync to sync-restartable; in order to avoid error 32 broken pipe caused by time out 2019-01-25 15:28:07 +08:00
Valentin Samir
edf4871b4a
Update to version 1.0.0 2019-01-12 12:01:48 +01:00
Valentin Samir
a6cf8aaa20
Fix invalid escape sequence \. in regular expression \\. 2019-01-12 12:01:12 +01:00
Valentin Samir
248658b52d Fix squashed migrations, the app name should be 'cas_server' and not b'cas_server' 2018-05-21 13:25:36 +02:00
Valentin Samir
5bd06d47c5 Keep query string then redirecting from / to /login 2018-05-21 13:10:33 +02:00
Valentin Samir
dc5f59ea46 Update PyPi url from https://pypi.python.org to https://pypi.org 2018-04-30 18:31:54 +02:00
Valentin Samir
ca41c067b9 Wrap some long lines 2018-04-29 20:13:51 +02:00
Valentin Samir
290701e07f Changes for Django 2.0 support 2018-04-29 20:10:19 +02:00
Valentin Samir
753e3b5625 Fix #38 calling django.contrib.staticfiles.templatetags.staticfiles.static before collectstatic raise a ValueError.
In debug bug, it actually works and do not raise an exception, but in
non-debug mode, it tries to search the staticfiles manifest for the file.
If there is no manifest because collectstatic has not been run before, this fails.
2018-04-29 19:04:59 +02:00
Valentin Samir
ee69b04b53 Fix code style of previous commit 2018-04-29 19:04:44 +02:00
Valentin Samir
ff8373ee6a Always return authenticationDate, longTermAuthenticationRequestTokenUsed and isFromNewLogin attributes
As specified in the CAS response XML schema (see Appendix A).
Fix #37 as returned attributes are now never empty.
2018-04-29 18:48:41 +02:00
Valentin Samir
4123450e9f Add support for Django 2.0, fix #33 2018-01-27 10:44:34 +01:00
Valentin Samir
5811d6435c Update version to 0.9.0 2017-11-17 15:32:42 +01:00
Valentin Samir
971cde093c Fix XSS js injection 2017-11-17 15:28:12 +01:00
Roberto Morati
f1a47e7766 Added protuguese translation (brazilian variant) 2017-08-29 18:14:00 +02:00
Valentin Samir
253b431194 Merge pull request #26 from JostCrow/master
Added a way to disable the service messages on the login page
2017-04-25 16:21:05 +02:00
Valentin Samir
03a069268a Merge pull request #27 from JostCrow/bigger_usernames
The username was really small
2017-04-25 16:20:50 +02:00
Jorik Kraaikamp
92bba0da49 added the missing migration 2017-03-30 15:25:49 +02:00
Jorik Kraaikamp
13af3ccd1d added the bigger username migration and change 2017-03-29 17:52:12 +02:00
Jorik Kraaikamp
951dc60e99 Fixed some major mistyping and added the default setting. 2017-03-29 16:57:27 +02:00
Jorik Kraaikamp
224202c5c2 Added a setting to turn of the messages about the service 2017-03-29 15:36:12 +02:00
Valentin Samir
1dba4fea95 Support for ldap3 version 2 or more (changes in the API)
All exception are now in ldap3.core.exceptions, methodes for fetching
attritutes and dn are renamed.
2017-03-29 14:34:58 +02:00
Valentin Samir
443c87fa40 Do not try to bind if the user dn was not found with LDAP auth backend
Then using the LDAP auth backend with ``bind`` method for password check, do not try to bind
if the user dn was not found. This was causing the exception
``'NoneType' object has no attribute 'getitem'`` describe in #21
2017-03-29 14:28:36 +02:00
Jorik Kraaikamp
5410aee3d5 Added dutch translations 2017-03-29 13:08:55 +02:00
Valentin Samir
00d47790e4 Update version to 0.8.0 2017-03-08 14:11:26 +01:00
Valentin Samir
64d3901ec4 Remove spaceless in forms, fix css class errors 2016-11-20 16:51:32 +01:00
Valentin Samir
b80947755a Add module tests.auth a docstring 2016-10-07 15:36:11 +02:00
Valentin Samir
f1fed48b21 Add ldap bind auth method and CAS_TGT_VALIDITY parameter. Fix #18 2016-10-07 15:27:43 +02:00
Valentin Samir
e77dbbcd03 Update french translation 2016-09-18 11:40:22 +02:00
Valentin Samir
6185e9c68c Fix more spelling and grammar errors 2016-09-18 11:40:03 +02:00
Allie Micka
816d350548 Fix some spelling and grammar on log messages. 2016-09-18 11:26:09 +02:00
Valentin Samir
37c975eaf7 Allow both unicode and bytes dotted string in utils.import_attr 2016-09-18 11:21:33 +02:00
Valentin Samir
c7171bb386 Add a test for login with missing parameter (username or password or both) 2016-09-10 15:24:30 +02:00
Valentin Samir
0b44ecf5e5 Update version to 0.7.4 2016-09-07 20:19:18 +02:00
Valentin Samir
8a7ffd8172 Update version to 0.7.3 2016-09-07 17:25:28 +02:00
Valentin Samir
216f38db14 Only check for valid username/password if username and password POST fields are posted. 2016-09-07 17:13:42 +02:00
Valentin Samir
868a06ea3f Really pick the last version on Pypi for new version checking.
We were only sorting version string lexicographically and it would have break when
we reach version 0.10.N or 0.N.10
2016-09-06 12:02:43 +02:00
Valentin Samir
990f00fe3c Add autofocus to the username input on the login page 2016-09-06 12:02:36 +02:00