Commit Graph

64 Commits

Author SHA1 Message Date
Ymage
63db17ec21 Add missing OIDC env vars
Set SAML_ENABLED default to false
2023-02-23 22:13:19 +01:00
Matt Scott
516bc52c2f Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade""
This reverts commit e2ad3e2001.
2023-02-18 11:04:14 -05:00
Matt Scott
e2ad3e2001 Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"
This reverts commit 929cb6302d, reversing
changes made to 0418edddd9.
2023-02-18 09:04:37 -05:00
Matt Scott
2ff01fbfe9
Merge branch 'master' into AdminLTE-Upgrade 2023-02-17 18:17:32 -05:00
Matt Scott
f1b6bef1ab
Merge pull request #1248 from unilogicbv/routes_index_otp_force_oauth
routes/index.py: otp_force shouldn't apply to OAuth
2023-02-17 12:14:15 -05:00
Tyler Todd
48f80b37ed potential regex code fix for email validation 2023-02-13 15:38:33 +00:00
Tyler Todd
c00ddea2fc More page formatting
Added server-side logic for register.html validation
Keep form firelds on register.html in the event of wrong input fields to save users from retyping info
More button rounding
2023-02-13 03:57:21 +00:00
Tyler Todd
e411bc9f19 Enable CAPTCHA 2023-01-30 22:46:59 +00:00
Bernward Sanchez
18bc336d7a
Potential fix 2023-01-11 18:21:40 +08:00
Matt Scott
89f3d4d01a
Revert "enhancement(routes/index.py): OIDC supports HTTP Scheme now" 2022-12-14 20:37:30 -05:00
Bernward Sanchez
f6c49c379d
Update index.py 2022-12-15 06:13:27 +08:00
Pascal de Bruijn
41a3995865 routes/index.py: otp_force shouldn't apply to OAuth
as 2FA policies are typically enforced on the OAuth proviers end

Relates to #1051
2022-09-06 16:28:45 +02:00
corubba
3e462dab17 Fix csrf configuration
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name 2022-06-18 14:28:32 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For (#1214)
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
Josh Matthews
715c6b76cd added code to raise user to operator on SAML auth if in the right group 2022-05-23 14:38:16 +10:00
jbe-dw
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error
Json load error
2022-04-26 17:54:08 +02:00
AdvanticGmbH
26c60f175d Remove unnecessary call to str()
* json.dumps() already returns a str
2022-04-26 09:11:05 +02:00
AdvanticGmbH
44c9aff5db Use json.dumps for every detail in history
This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
2022-04-25 10:43:46 +02:00
KostasMparmparousis
4d6c6224b4 Login requirement removal for /ping endpoint 2022-04-20 13:31:23 +03:00
Veovis
bd92c5946c
Fix broken SAML login from 9c00e48f 2022-04-12 17:14:54 +02:00
jbe-dw
8cf2985335
Merge pull request #979 from mirko/make-onelogin-pkg-optional
routes/index.py: Make package 'onelogin.saml2.utils' optional
2022-04-07 13:37:00 +02:00
vmarkop
36cee8cddc Fixed 'LOCAL' Authenticator Type showing for LDAP auth 2022-02-17 17:34:54 +02:00
Vasileios Markopoulos
94a923a965
Add 'otp_force' basic setting (#1051)
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.

Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
benshalev849
b3f9b4a2b0
OIDC list accounts (#994)
Added the function to use lists instead of a single string in account autoprovision.
2021-11-19 17:53:17 +02:00
zoeller-freinet
20b866a784
strip() whitespace from new local user master data (#1019)
When creating a new local user, there is a chance that, due to a copy &
paste or typing error, whitespace will be introduced at the start or end
of the username. This can lead to issues when trying to log in using the
affected username, as such a condition can easily be overlooked - no
user will be found in the database if entering the username without the
aforementioned whitespace. This commit therefore strip()s the username
string within routes/{admin,index}.py.

The firstname, lastname and email strings within
routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 17:04:35 +02:00
Kostas Mparmparousis
6e04d0419b
Provision PDA user privileges based On LDAP Attributes (#980) 2021-08-05 19:37:48 +02:00
Mirko Vogt
9c00e48f0f routes/index.py: Make package 'onelogin.saml2.utils' optional
The onelogin package is not part of all saml packages for whatever
reason (e.g. Debian) and not easily installable from pypi (requires
CC toolchain).

As the onelogin functionality is already guarded by whether
SAML_ENABLED is set in other places (services/saml.py), also do so
in routes/index.py.
2021-07-23 06:56:09 +00:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
98db953820
Allow user role to view history (#890) 2021-03-27 19:33:11 +01:00
jodygilbert
4c19f95928
Improve account creation/permission handling based on Azure oAuth group membership (#877) 2021-01-31 11:31:56 +01:00
Khanh Ngo
55ad73d92e
Merge pull request #800 from cyso/pr/oidc-account
OIDC User and Account management during login
2020-10-10 14:32:14 +02:00
Khanh Ngo
a679073928
Merge pull request #773 from terbolous/azure-oauth
Add Account creation/permission handling based on Azure oAuth group membership
2020-10-10 14:20:26 +02:00
Nick Douma
f9f966df75 Allow for configuration of logout url 2020-08-06 15:29:02 +02:00
Nick Douma
27f5c89f70 Manage Account membership on oidc login 2020-08-06 15:28:54 +02:00
Nick Douma
ab6480a4b4 Update user with info from oidc during login 2020-08-06 15:28:27 +02:00
Erik Weber
22eabef06a
Use the correct matching group 2020-07-03 11:01:17 +02:00
Erik Weber
e993422106
Add regex matching for group/account description 2020-07-03 10:55:06 +02:00
Erik Weber
25db119d02
Add Account creation/permission handling based on Azure oAuth group membership 2020-07-03 08:55:31 +02:00
Ymage
4e39d5a461 Fix session clearing 2020-05-29 17:41:20 +02:00
Nicolás Fantone
52298f8289 Support login in through REMOTE_USER environment variable
Support redirecting remote users to logout URL and clearing remote login cookies
2020-05-22 15:31:24 +01:00
Khanh Ngo
78245d339f
Merge pull request #717 from RoeiGanor/master
OIDC custom claims
2020-05-17 13:44:52 +07:00
root
2044ce4737 oidc custom claims 2020-05-04 07:12:48 +00:00
Erik Weber
b03cbdea65
Azure oauth: Graph api calls it mail, not email 2020-04-30 12:15:19 +02:00
Erik Weber
b8442c4c5c
Azure oauth: remove preferredName from query 2020-04-30 12:14:32 +02:00
Marcus Knight
0e093d4eec Support only having one auth method enabled (which isn't ldap/local) 2020-04-16 16:04:10 +08:00
Attila DEBRECZENI
e550b0a109 SAML debug attributes 2020-03-25 21:05:30 +00:00