Previous behavior required the specification of all three group security groups before the
"Save Settings" button would be enabled.
This adds a check into users.py which checks that the group is set before searching and
removes the javascript preventing the specification of any combination of groups.
Tested:
- Tested all combinations on AD after MR 1238
- Tested all combinations on OpenLDAP
- Tested enabling the Group Security with no groups set which correctly prevents login
Resolves#1462
It seems when logging in and logging out, then logging back in, setting
the session timeout to 5 minutes, then waiting for expiry can cause
a situation when using SQLA-based sessions which results in a NULL field
in the database and causes a persistent 500 Internal Server Error.
As per issue 1439 here is a fix found by @raunz.
Resolves#1439.
Tested for about 8 hours and tons and tons of expired sessions, could not
reproduce with the fix applied.
Moved the project's code of conduct out of the contributions guide and into the appropriate policy file.
Updated the contribution guide to follow the NetBox project format.
Added various issue templates based on the NetBox project formats but updated for PDA.
Added additional GitHub workflows to handle stale and closed issue and PR management.
Removed legacy stale issue workflow that was not in use.
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split().
Similary passing a `Digest` authentication type would result in an exception as there is no :.
Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424).
I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequence exceptions.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes#1424.
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.
I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequences.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes#1447.
This change fixes the migration on the `user` table, `confirmed` column to be compatible with PostgreSQL and MySQL databases.
Fixes#635 which introduced a breaking change for MySQL databases and resolves#1446.
```
Tested on:
- PostgreSQL:14 - WORKING
- PostgreSQL:15 - WORKING
- MariaDB:10.11 - WORKING
- MariaDB:10.10 - WORKING
- MariaDB:10.9 - WORKING
- MariaDB:10.8 - WORKING
- MariaDB:10.7 - WORKING
- MariaDB:10.6 - WORKING
- MariaDB:10.5 - WORKING
- MariaDB:10.3 - WORKING
```
Fixes Python 3.11 incompatibility using ancient lxml binary PyPI built against old libxml2.
This fixes#1442 and closes#1433.
The issue with python3-saml not working is because the binary lxml wheel is built against a different version of libxml2.
``--no-binary lxml`` can be used to fix this and python3-saml will work.
for references check these:
- https://github.com/onelogin/python3-saml/issues/292
- https://bugs.launchpad.net/lxml/+bug/1960668
- https://github.com/open-formulieren/open-forms/pull/2247
```
Tested on:
- ubuntu:23.04 - WORKING
- ubuntu:22.10 - WORKING
- ubuntu:22.04 - WORKING
- ubuntu:20.04 - WORKING
- ubuntu:18.04 - NOT WORKING - pip usage error with -r requirements.txt
- debian:10 - WORKING
- debian:11 - WORKING
- alpine:edge - WORKING
- alpine:3.17 - WORKING
- alpine:3.16 - WORKING
- alpine:3.15 - WORKING
- alpine:3.14 - WORKING
- rockylinux:9 - WORKING
- rockylinux:8 - NOT WORKING - pip usage error with -r requirements.txt
- almalinux:9 - WORKING
- almalinux:8 - NOT WORKING - pip usage error with -r requirements.txt
- fedora:36 - WORKING
- fedora:37 - WORKING
- fedora:38 - WORKING
- fedora:39 - WORKING
```