| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
There's no point in having a special device that checks if TOTP secret
is set. Let's just do that in TOTPDevice.
|
|
|
|
| |
This should prevent replay attacks on TOTP and SOTP.
|
| |
|
|
|
|
|
| |
A dedicated database model is used to store the secrets. If user does
not have a secret, it is assumed that he disabled OTP.
|
|
|
|
|
|
|
| |
This commit adds a simple NoOTPDevice model that currently serves
the purpose of responding successfully to any request. The login view
has been extended with proper OTP device setup and initial verification
support.
|
|
|
|
|
|
| |
Keeping them split into all those samples is not really beneficial,
and makes bisecting painful. Instead, keep the common middleware & apps
common, and override as necessary in devel/prod.
|
| |
|
|
|
|
|
|
|
| |
Whenever external authentication doesn't really fit the simple auth
model django has, ExternalBackend can be used to inject successful
authentication. This is done through the additional 'ext_authed'
argument which determines the result of the authentication.
|
|
|
|
| |
formatter
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
django-ldapdb is a library that uses LDAP server as Database backend.
This way we will be able to use ORM by mapping LDAP users to python objects
|
|
|
|
| |
Add more values to USER_OBJECTCLASS, introduce DEV_OBJECTCLASS for future use
|
|\
| |
| |
| |
| |
| | |
Conflicts:
okupy/accounts/urls.py
okupy/accounts/views.py
|
| |
| |
| |
| | |
The code from it will be moved into accounts app.
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
The variable is meant to be constructed always from
AUTH_LDAP_USER_ATTR and AUTH_LDAP_USER_BASE_DN,
and never be touched
|
| | |
| | |
| | |
| | | |
Use it in more places as well
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
Conflicts:
okupy/settings/__init__.py
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The name local_settings was used when there was settings/ directory,
so I needed a way to separate settings.py from local_settings.py
The _settings suffix is useless though, we can refer this file
as settings/local
|
| | | |
|
|/ /
| |
| |
| | |
It obviously was supposed to be 'sw=4', not 'tw=4'.
|
| |
| |
| |
| |
| | |
Modelines enforce project-specific indent, help vim recognize django
templates and provide encoding information for Python.
|
| | |
|
| | |
|
|/
|
|
|
|
| |
In development.py users need to get the static files from this link
https://github.com/dastergon/gentoo-identity-bootstrap
and adjust the path accordingly in STATICFILES_DIRS.
|
|
|
|
|
|
|
|
| |
Enabling it does not affect the authentication, users that are in DB but
not in LDAP (or if connection to LDAP is impossible) can still not
authenticate.
Also, remove useless debug symbols
|
|
|
|
|
|
|
|
|
|
|
| |
- Also add the needed models and forms
- Print the error messages properly in the signup and index templates
- Add their tests and a fixture
- Enable signup and activate views in the urls.py and INSTALLED_APPS
- This commit also introduces depedency to passlib. We use
passlib.hash.ldap_md5_crypt to create the hash and verify the password.
We use the same lib in the tests, thus the passwords in
example_directory in tests.py have been converted from plaintext to md5 hash.
|
|
|
|
|
|
|
|
|
|
|
| |
- Introduce AUTH_LDAP_ADMIN_BIND_{DN_PASSWORD} for the admin account
It will be used for new user creation
- Introduce AUTH_LDAP_USER_OBJECTCLASS with the objectClasses that the
new user should belong to
- Construct AUTH_LDAP_USER_DN_TEMPLATE from AUTH_LDAP_USER_{ATTR,BASE_DN}
so that the two other vars can be reused later for the signup
- Add SERVER_EMAIL in tests/settings
- Typos
|
| |
|
| |
|
| |
|
|
|