Commit Graph

139 Commits

Author SHA1 Message Date
Jens Langhammer 0a8d4eecae outposts: add docker TLS authentication and verification 2020-11-19 13:10:18 +01:00
Jens Langhammer e5e4824920 */saml: fully migrate to xmlsec, remove signxml dependency 2020-11-15 15:20:56 +01:00
Jens Langhammer 9877ef99c4 */saml: fix creation and validation of detached signatures 2020-11-12 11:59:07 +01:00
Jens Langhammer e99f6e289b outposts: fix kubernetes ApiClient not being used 2020-11-09 10:45:08 +01:00
Jens Langhammer a202679bfb crypto: fix "Could not deserialize key data." with empty private key 2020-11-08 22:43:35 +01:00
Jens Langhammer c04d0a373a admin: add views for outpost service-connections 2020-11-04 13:35:41 +01:00
Jens Langhammer bd74e518a7 outposts: add *ServiceConnection API 2020-11-04 11:05:40 +01:00
dependabot[bot] b775f2788c
build(deps): bump channels from 2.4.0 to 3.0.0 (#309)
* build(deps): bump channels from 2.4.0 to 3.0.0

Bumps [channels](https://github.com/django/channels) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/master/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/2.4.0...3.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for channels 3

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2020-11-02 10:26:26 +01:00
Jens Langhammer e805fb62fb e2e: use docker proxy for test images 2020-10-27 09:50:06 +01:00
Jens Langhammer a9f3118a7d docs: add home-assistant integration docs 2020-10-26 22:14:51 +01:00
Jens Langhammer aeee3ad7f9 e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 18:51:17 +02:00
Jens Langhammer ef021495ef flows: revert evaluate_on_call rename for backwards compatibility 2020-10-20 15:41:50 +02:00
Jens Langhammer 870e01f836 flows: rename re_evaluate_policies to evaluate_on_call, add evaluate_on_plan 2020-10-20 15:06:36 +02:00
Jens Langhammer c698ba37d9 core: add ability for users to create tokens 2020-10-18 15:42:16 +02:00
Jens Langhammer ee670d5e19 core: add key field to token for easier rotation 2020-10-18 14:34:22 +02:00
Jens Langhammer c4a30c50ac stages/consent: add fallback template 2020-10-17 18:18:29 +02:00
Jens Langhammer c5226fd0e8 admin: add API to list tasks and schedule retry 2020-10-16 14:10:11 +02:00
Jens Langhammer 610b6c7f70 policies: add PolicyAccessView, which does complete access checking 2020-10-11 19:26:20 +02:00
Jens Langhammer c1eb8317f7 providers/proxy: update phrasing for basic_auth_* attributes
closes #265
2020-10-07 19:27:06 +02:00
Jens Langhammer 9df00e09a4 root: fix static docker's rollup build 2020-10-06 00:06:53 +02:00
Jens Langhammer da9aaf69df admin: add metrics and charts 2020-10-05 22:10:03 +02:00
Jens Langhammer 189b0ec324 admin: expose info as API 2020-10-04 00:28:58 +02:00
Jens Langhammer c5a6b4961f core: Add Token identifier as sudo-primary key 2020-10-04 00:28:43 +02:00
Jens Langhammer 195d8fe71f core: move name field to base Provider 2020-10-03 20:05:16 +02:00
Jens Langhammer 6cd9edd38a providers/oauth2: add missing token_validity field to Forms and API 2020-10-01 20:01:28 +02:00
Jens Langhammer 8f585eca70 stages/identification: replace buggy FilteredSelectMultiple with ArrayFieldSelectMultiple 2020-09-30 23:58:01 +02:00
Jens Langhammer 9d5dd896f3 providers/proxy: start implementing basic_auth_enabled
see #244
2020-09-30 11:15:22 +02:00
Jens Langhammer 502e43085f lifecycle: update celery command for 5.0 2020-09-26 02:17:39 +02:00
Jens Langhammer 769ce1c642 e2e: add tests for TOTP Setup, static OTP Setup and otp validation 2020-09-25 20:21:49 +02:00
Jens Langhammer 52101007aa e2e: bump chrome version 2020-09-25 17:39:25 +02:00
Jens Langhammer 6458b1dbf8 providers/proxy: make upstream SSL Validation configurable 2020-09-23 12:20:14 +02:00
Jens Langhammer 59e8dca499 sources/ldap: divide connector into password, sync and auth, add unittests for password 2020-09-21 21:40:41 +02:00
Jens Langhammer 74251a8883 audit: update swagger for event 2020-09-21 13:41:53 +02:00
Jens Langhammer f99eaa85ac sources/ldap: implement LDAP password validation and syncing 2020-09-21 11:46:35 +02:00
Jens Langhammer a02fcb0a7a providers/oauth2: use # as separate for code#adfs, check if # exists in response_type and trim 2020-09-19 18:37:50 +02:00
Jens Langhammer 5689f25c39 providers/proxy: add option to skip authentication for paths matching regular expressions 2020-09-19 11:32:04 +02:00
Jens Langhammer a69c494feb stages/password: update swagger 2020-09-19 02:20:38 +02:00
Jens Langhammer fe4a0c3b44 core: add impersonation start/end to audit log
also add impersonated user as context to other logs
2020-09-18 23:39:37 +02:00
Jens Langhammer e0c104ee5c providers/oauth2: remove post_logout_redirect_uris 2020-09-18 23:37:40 +02:00
Jens Langhammer 4b39c71de0 providers/oauth2: accept token as post param 2020-09-16 23:38:55 +02:00
Jens Langhammer 0a5e14a352 core: make is_superuser a group property, remove from user 2020-09-15 23:10:31 +02:00
Jens Langhammer 5c622cd4d2 providers/oauth2: make sub configurable based on hash, username, email and upn 2020-09-15 20:54:42 +02:00
Jens Langhammer ca0ba85023 providers/saml: disallow idp-initiated SSO by default and validate Request ID 2020-09-12 00:53:44 +02:00
Jens Langhammer 430905295d root: automate system migrations, move docker to lifecycle folder 2020-09-10 00:18:39 +02:00
Jens Langhammer 9712be847c policies/api: fix target returning pbm_uuid instead of proper primary key of the object 2020-09-08 18:05:50 +02:00
Jens Langhammer 28893b9695 flows/transfer: fix missing unique fields for PolicyBinding 2020-09-07 11:26:37 +02:00
Jens L 268de20872
Proxy v2 (#189) 2020-09-03 00:04:12 +02:00
Jens Langhammer c39d136383 flows: add title field 2020-08-28 15:23:03 +02:00
Jens L 0e0898c3cf
Flow exporting/importing (#187)
* stages/*: Add SerializerModel as base model, implement serializer property

* flows: add initial flow exporter and importer

* policies/*: implement .serializer for all policies

* root: fix missing dacite requirement
2020-08-22 00:42:15 +02:00
Jens L c7a2410b1d
OAuth Provider Rewrite (#182) 2020-08-19 10:32:44 +02:00
Jens Langhammer 7334599efd *: update JSON fields to django 3.1 2020-08-15 21:04:22 +02:00
Jens Langhammer ffff69ada0 stages/consent: add unittests for new modes 2020-07-20 18:47:52 +02:00
Jens Langhammer 50612991fa stages/consent: start implementing user consent 2020-07-20 13:19:58 +02:00
Jens Langhammer 1b0c013d8e providers/saml: remove processor_path field 2020-07-11 13:28:10 +02:00
Jens Langhammer d74366f413 policies/hibp: update for flows, add unittests 2020-07-10 20:57:15 +02:00
Jens Langhammer 5bcf2aef8c policies/password: Add Password Policy tests, update password policy for flows 2020-07-10 20:53:08 +02:00
Jens Langhammer 0e3e73989d sources/saml: Add NameID Policy field, sent with AuthnRequest 2020-07-08 16:18:09 +02:00
Jens Langhammer d831599608 core: make autosubmit_form generic template 2020-07-08 14:27:58 +02:00
Jens Langhammer 2e2c9f5287 api: add token authentication 2020-07-05 23:37:58 +02:00
Jens Langhammer e5165abf04 stages/user_login: Allow changing of session duration 2020-07-04 15:20:45 +02:00
Jens Langhammer 16b966c16e policies: Show grouped Dropdown for Target 2020-07-04 00:16:16 +02:00
Jens Langhammer d3b0992456 flows: FlowStageBinding: rename .flow to .target to fix select_subclasses() 2020-07-04 00:14:21 +02:00
Jens Langhammer 6634cc2edf root: add group_membership policy 2020-07-01 21:18:05 +02:00
Jens Langhammer d2bf579ff6 stages/otp_static: start implementing static stage 2020-06-30 15:44:34 +02:00
Jens Langhammer 285a69d91f Merge branch 'master' into otp-rework 2020-06-30 11:23:09 +02:00
Jens Langhammer bf297b8593 admin: add info about latest version 2020-06-30 10:23:39 +02:00
Jens Langhammer 920858ff72 Merge branch 'master' into otp-rework
# Conflicts:
#	passbook/flows/models.py
#	passbook/stages/otp/models.py
#	swagger.yaml
2020-06-29 22:54:18 +02:00
Jens Langhammer b8654c06bf flows: remove generic "password change" designation and add setup_stage 2020-06-29 11:12:51 +02:00
Jens Langhammer 8c36ab89e8 stages/otp: start separation into 3 stages, otp_time, otp_static and otp_validate 2020-06-28 10:30:35 +02:00
Jens Langhammer 831e228f80 api: fix SAMLSource missing from API 2020-06-24 22:28:40 +02:00
Jens Langhammer 5e8a1e3c0d *: make email naming consistent 2020-06-18 19:35:59 +02:00
Jens Langhammer feba3e2430 stages/prompt: Add username type field
add autocomplete attributes for username and password
2020-06-15 19:05:18 +02:00
Jens Langhammer ee8313142f Merge branch 'docs-flows'
# Conflicts:
#	passbook/core/templates/partials/form_horizontal.html
2020-06-08 15:43:46 +02:00
Jens L 4915205678
WIP Use Flows for Sources and Providers (#32)
* core: start migrating to flows for authorisation

* sources/oauth: start type-hinting

* core: create default user

* core: only show user delete button if an unenrollment flow exists

* flows: Correctly check initial policies on flow with context

* policies: add more verbosity to engine

* sources/oauth: migrate to flows

* sources/oauth: fix typing errors

* flows: add more tests

* sources/oauth: start implementing unittests

* sources/ldap: add option to disable user sync, move connection init to model

* sources/ldap: re-add default PropertyMappings

* providers/saml: re-add default PropertyMappings

* admin: fix missing stage count

* stages/identification: fix sources not being shown

* crypto: fix being unable to save with private key

* crypto: re-add default self-signed keypair

* policies: rewrite cache_key to prevent wrong cache

* sources/saml: migrate to flows for auth and enrollment

* stages/consent: add new stage

* admin: fix PropertyMapping widget not rendering properly

* core: provider.authorization_flow is mandatory

* flows: add support for "autosubmit" attribute on form

* flows: add InMemoryStage for dynamic stages

* flows: optionally allow empty flows from FlowPlanner

* providers/saml: update to authorization_flow

* sources/*: fix flow executor URL

* flows: fix pylint error

* flows: wrap responses in JSON object to easily handle redirects

* flow: dont cache plan's context

* providers/oauth: rewrite OAuth2 Provider to use flows

* providers/*: update docstrings of models

* core: fix forms not passing help_text through safe

* flows: fix HttpResponses not being converted to JSON

* providers/oidc: rewrite to use flows

* flows: fix linting
2020-06-07 16:35:08 +02:00
Jens Langhammer 0c5aff21bc stages/identification: minor UI fixes 2020-06-05 17:02:50 +02:00
Jens Langhammer ef913abc7a sources/ldap: add option to disable user sync, move connection init to model 2020-06-02 17:15:59 +02:00
Jens Langhammer 4d1658b35e stages/identification: explicitly define enrollment and recovery 2020-05-31 23:01:08 +02:00
Jens Langhammer 80a36a3441 stages/user_write: don't use create_user, create empty object and set attributes 2020-05-28 23:22:15 +02:00
Jens L df8995deed
policies/*: remove Policy.negate, order, timeout (#39)
policies: rewrite engine to use PolicyBinding for order/negate/timeout
policies: rewrite engine to use PolicyResult instead of tuple
2020-05-28 21:45:54 +02:00
Jens L beabba2890
flows: Load Stages without refreshing the whole page (#33)
* flows: initial implementation of FlowExecutorShell

* flows: load messages dynamically upon card refresh
2020-05-24 00:57:25 +02:00
Jens Langhammer cafe2f1e1f admin: fix linting 2020-05-20 13:59:56 +02:00
Jens L 24a3e787dd
migrate to per-model UUID Primary key, remove UUIDModel (#26)
* *: migrate to per-model UUID Primary key, remove UUIDModel

* *: fix import order, fix unittests
2020-05-20 09:17:06 +02:00
Jens Langhammer 7bd65120b9 *: migrate from PolicyModel to PolicyBindingModel, move Policy to passbook_policies 2020-05-16 18:07:00 +02:00
Jens Langhammer 406f69080b Revert "*: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through"
This reverts commit 7ed3ceb960.
2020-05-16 16:02:42 +02:00
Jens Langhammer 7ed3ceb960 *: providers and sources -> channels, PolicyModel to PolicyBindingModel that uses custom M2M through 2020-05-16 14:03:57 +02:00
Jens Langhammer 615cd7870d stages/email: add field to select E-Mail and subject 2020-05-15 14:50:23 +02:00
Jens Langhammer b907105f4a policies/expression: expose python requests via expression, remove webhook policy 2020-05-15 12:02:41 +02:00
Jens Langhammer a7a839a29c stages/prompt: promptstage based on PolicyBindingModel 2020-05-14 13:51:35 +02:00
Jens Langhammer fe503c8de0 root: add swagger to repository 2020-05-14 13:45:46 +02:00