Nigel Kukard
fc14e9189d
feat(authentication): check password policy during registration of new users
2023-03-17 03:45:09 +00:00
Nigel Kukard
1cea4b7ce3
feat(authentication): added password policy checker function
2023-03-17 03:44:08 +00:00
Ymage
63db17ec21
Add missing OIDC env vars
...
Set SAML_ENABLED default to false
2023-02-23 22:13:19 +01:00
Matt Scott
516bc52c2f
Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade""
...
This reverts commit e2ad3e2001
.
2023-02-18 11:04:14 -05:00
Matt Scott
e2ad3e2001
Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"
...
This reverts commit 929cb6302d
, reversing
changes made to 0418edddd9
.
2023-02-18 09:04:37 -05:00
Matt Scott
2ff01fbfe9
Merge branch 'master' into AdminLTE-Upgrade
2023-02-17 18:17:32 -05:00
Matt Scott
f1b6bef1ab
Merge pull request #1248 from unilogicbv/routes_index_otp_force_oauth
...
routes/index.py: otp_force shouldn't apply to OAuth
2023-02-17 12:14:15 -05:00
Tyler Todd
48f80b37ed
potential regex code fix for email validation
2023-02-13 15:38:33 +00:00
Tyler Todd
c00ddea2fc
More page formatting
...
Added server-side logic for register.html validation
Keep form firelds on register.html in the event of wrong input fields to save users from retyping info
More button rounding
2023-02-13 03:57:21 +00:00
Tyler Todd
e411bc9f19
Enable CAPTCHA
2023-01-30 22:46:59 +00:00
Bernward Sanchez
18bc336d7a
Potential fix
2023-01-11 18:21:40 +08:00
Matt Scott
89f3d4d01a
Revert "enhancement(routes/index.py): OIDC supports HTTP Scheme now"
2022-12-14 20:37:30 -05:00
Bernward Sanchez
f6c49c379d
Update index.py
2022-12-15 06:13:27 +08:00
Pascal de Bruijn
41a3995865
routes/index.py: otp_force shouldn't apply to OAuth
...
as 2FA policies are typically enforced on the OAuth proviers end
Relates to #1051
2022-09-06 16:28:45 +02:00
corubba
3e462dab17
Fix csrf configuration
...
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method
2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option
2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name
2022-06-18 14:28:32 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
...
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For ( #1214 )
...
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
Josh Matthews
715c6b76cd
added code to raise user to operator on SAML auth if in the right group
2022-05-23 14:38:16 +10:00
jbe-dw
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error
...
Json load error
2022-04-26 17:54:08 +02:00
AdvanticGmbH
26c60f175d
Remove unnecessary call to str()
...
* json.dumps() already returns a str
2022-04-26 09:11:05 +02:00
AdvanticGmbH
44c9aff5db
Use json.dumps for every detail in history
...
This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
2022-04-25 10:43:46 +02:00
KostasMparmparousis
4d6c6224b4
Login requirement removal for /ping endpoint
2022-04-20 13:31:23 +03:00
Veovis
bd92c5946c
Fix broken SAML login from 9c00e48f
2022-04-12 17:14:54 +02:00
jbe-dw
8cf2985335
Merge pull request #979 from mirko/make-onelogin-pkg-optional
...
routes/index.py: Make package 'onelogin.saml2.utils' optional
2022-04-07 13:37:00 +02:00
vmarkop
36cee8cddc
Fixed 'LOCAL' Authenticator Type showing for LDAP auth
2022-02-17 17:34:54 +02:00
Vasileios Markopoulos
94a923a965
Add 'otp_force' basic setting ( #1051 )
...
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.
Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
benshalev849
b3f9b4a2b0
OIDC list accounts ( #994 )
...
Added the function to use lists instead of a single string in account autoprovision.
2021-11-19 17:53:17 +02:00
zoeller-freinet
20b866a784
strip() whitespace from new local user master data ( #1019 )
...
When creating a new local user, there is a chance that, due to a copy &
paste or typing error, whitespace will be introduced at the start or end
of the username. This can lead to issues when trying to log in using the
affected username, as such a condition can easily be overlooked - no
user will be found in the database if entering the username without the
aforementioned whitespace. This commit therefore strip()s the username
string within routes/{admin,index}.py.
The firstname, lastname and email strings within
routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 17:04:35 +02:00
Kostas Mparmparousis
6e04d0419b
Provision PDA user privileges based On LDAP Attributes ( #980 )
2021-08-05 19:37:48 +02:00
Mirko Vogt
9c00e48f0f
routes/index.py: Make package 'onelogin.saml2.utils' optional
...
The onelogin package is not part of all saml packages for whatever
reason (e.g. Debian) and not easily installable from pypi (requires
CC toolchain).
As the onelogin functionality is already guarded by whether
SAML_ENABLED is set in other places (services/saml.py), also do so
in routes/index.py.
2021-07-23 06:56:09 +00:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker ( #929 )
...
* Fix typo in managing user account membership with SAML assertion
* Support more config options from Docker env.
* Improve support for SAML key and cert from Docker secrets
Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
98db953820
Allow user role to view history ( #890 )
2021-03-27 19:33:11 +01:00
jodygilbert
4c19f95928
Improve account creation/permission handling based on Azure oAuth group membership ( #877 )
2021-01-31 11:31:56 +01:00
Khanh Ngo
55ad73d92e
Merge pull request #800 from cyso/pr/oidc-account
...
OIDC User and Account management during login
2020-10-10 14:32:14 +02:00
Khanh Ngo
a679073928
Merge pull request #773 from terbolous/azure-oauth
...
Add Account creation/permission handling based on Azure oAuth group membership
2020-10-10 14:20:26 +02:00
Nick Douma
f9f966df75
Allow for configuration of logout url
2020-08-06 15:29:02 +02:00
Nick Douma
27f5c89f70
Manage Account membership on oidc login
2020-08-06 15:28:54 +02:00
Nick Douma
ab6480a4b4
Update user with info from oidc during login
2020-08-06 15:28:27 +02:00
Erik Weber
22eabef06a
Use the correct matching group
2020-07-03 11:01:17 +02:00
Erik Weber
e993422106
Add regex matching for group/account description
2020-07-03 10:55:06 +02:00
Erik Weber
25db119d02
Add Account creation/permission handling based on Azure oAuth group membership
2020-07-03 08:55:31 +02:00
Ymage
4e39d5a461
Fix session clearing
2020-05-29 17:41:20 +02:00
Nicolás Fantone
52298f8289
Support login in through REMOTE_USER environment variable
...
Support redirecting remote users to logout URL and clearing remote login cookies
2020-05-22 15:31:24 +01:00
Khanh Ngo
78245d339f
Merge pull request #717 from RoeiGanor/master
...
OIDC custom claims
2020-05-17 13:44:52 +07:00
root
2044ce4737
oidc custom claims
2020-05-04 07:12:48 +00:00
Erik Weber
b03cbdea65
Azure oauth: Graph api calls it mail, not email
2020-04-30 12:15:19 +02:00
Erik Weber
b8442c4c5c
Azure oauth: remove preferredName from query
2020-04-30 12:14:32 +02:00