astakos: remove unwanted logging
astakos: Fix twitter access token request failure
The oauth_verifier received from the executed callback has to be passedto the access_token request (it is no more optional)https://dev.twitter.com/discussions/16443#comment-36666
Updated twitter oath service urls
Merge branch 'tmp-common-email-recipients' into develop
Astakos email notification improvements
- Use project setting SERVER_EMAIL as sender to all email notifications.- Remove astakos specific DEFAULT_CONTAC_EMAIL in favor of snf-common's CONTACT_EMAIL setting.- Remove DEFAULT_CONTACT_EMAIL and ADMINS astakos specific settings in favor of...
Authentication providers improvements
Major authentication provider refactoring to support
- Modular and easily configurable messages with common context- Fine grained provider policies to support appling specific policies to users and/or groups
Key points:...
Auth providers improvements
- Improved logging- Messages changes- Fixes in local module login/add policies handling
Avoid logout of unauthenticated users
Fix shibboleth logging
Include auth providers basic logging support
Add logging statements on some important auth providers operations.
Complete auth providers logging support will be merged from thefeature-astakos-authpolicies branch which also includes additional authproviders improvements.
Reverse view typo
astakos.im.views.home does not exist
Notify user for pending registrations
astakos allows users to replace pending created accounts (user thathave not yet passed the activation process) by re-submiting the signupform. A message is now displayed in such cases to remind the user of thepending account.
Fix shibboleth logout message
Override logout message for shibboleth auth provider. Suggest user to close allbrowser windows until we find a better way to logout from Shibbolet.
Auth providers fixes
- Respect CAN_REMOVE provider setting- Verbal differences in create password form (based on if user requests to add local password method or just tries to change the password)
Fix third party login next_url handling
Auth providers add/remove messages
- Include provider method display- Add remove message
Several auth providers fixes/improvements
- Allow third party signup if existing account with the same third party identifier is not yet verified. Subsequent registrations will replace previous ones (pending/unverified accounts will be removed).- Merge common third party code in target/__init__.py...
Remove debug shibboleth statement
Revert signup button labels
Bug fixes
Success messages on profile form submit
display messages based on action request after uses submitted theprofile form successfully
Proper next parameter handling in third party logins
Excluding shibboleth all auth modules require two additional redirectscausing `next` parameter to be absent on the final url.
Auth providers login/logout messages update
- Enrich login/logout messages.- Clear unverified accounts when user adds the same third party account to an existing account.- Other minor improvements.
Do not allow automatic third party assignment using login
Provide commands for importing/exporting existing user resource policies
Merge branch 'latest-quota' into feature-astakos-tables
Conflicts: snf-astakos-app/astakos/im/models.py snf-astakos-app/astakos/im/views.py
Default redirects
instead of raising a missing `next` parameter error.
Configurable login method one per user limit
Conflicts: snf-astakos-app/astakos/im/templates/im/projects/project_list.html snf-astakos-app/astakos/im/views.py
Update Astakos API to provider calls for retrieving uuid from the username and vice versa, extend astakos client library (snf-common) and update pithos to use uuids instead of email for account identification
Initial use django-tables2
improves table view development by spliting table data access and presentationonto separate layers.
Various auth providers fixes/improvements
- Handle invalid login after auth method add request- Fix auth method add for unauthenticated users- Third party auth providers helper methods in astakos.im.target module- Provider login url template tag that handles code,key,next url params
Show message after login with third party provider
Proper missing eppn message
Remove debug statements
Merge remote-tracking branch 'origin/devel-0.13' into latest-quota
Conflicts: snf-astakos-app/astakos/im/target/twitter.py snf-astakos-app/astakos/im/views.py
Required auth providers functionality
if one of auth providers is set to be required, user with no suchprovider can only view his profile page and is prompted to add anew login method.
Merge branch 'devel-0.13' of https://code.grnet.gr/git/astakos into latest-quota
Conflicts: snf-astakos-app/astakos/im/messages.py snf-astakos-app/astakos/im/notifications.py snf-astakos-app/astakos/im/urls.py snf-astakos-app/astakos/im/views.py
Merge branch 'devel-0.13' of https://code.grnet.gr/git/astakos into devel-0.13
New style for table sorting
handle is_available_for_{create, add}
Remove dummy debug statement
Handle invalid google auth response
Force login when adding third party auth providers
use proper oauth parameters to force user to login and confirm his thirdparty account every time he adds a new login method
Remember last login method
when multiple login methods are enabled in settings only the primary oneis visible by default in the login page. Keeping last successful loginmethod in a cookie allows us to override that behaviour and improve userexperience for users that login using secondary login methods.
Improve third party login methods messages
Twitter client improvements
- handle denied auth response- configurable force_login param
Google and LinkedIn oauth support
Conflicts: snf-astakos-app/astakos/im/forms.py snf-astakos-app/astakos/im/management/commands/service-add.py snf-astakos-app/astakos/im/messages.py snf-astakos-app/astakos/im/models.py...
Single model for ProjectApplication & Definition - Membership sync
Third party providers fixes
- Proper third party user getter. Do not include info in queryset.- Fix signup_url. key param only needed for login
Additional messages in third party registration/login process
Configurable shibboleth provider strict mode
shibboleth provider can now be configured whether or not to requireadditional provider information.
Updated auth methods messages/redirects
- Redirect to index on password reset views (no need for intermediate views)- Show login success message
Shibboleth fixes
- Do not require name (some providers don't provide it)- Proper can_add_auth_provider use
Configurable auth providers messages
Store additional provider info
store useful account details for third party authentication providersthat provide such info.
Third party login providers fixes/improvements
- Store additional provider info in PendingThirdPartyUser entries- Include third party registration logic in main signup view. Additional per provider signup views removed.- Unique email validation for all activation backend forms...
Automatic local auth provider assignment
when a valid user with empty authentication providers list tries tolog in
Dynamic third party signup url
Twitter authentication backend
Additional multiple auth methods fixes and tests
Merge branch 'devel-0.13' into multipleauthmethods
Conflicts: snf-astakos-app/astakos/im/context_processors.py snf-astakos-app/astakos/im/forms.py snf-astakos-app/astakos/im/models.py snf-astakos-app/astakos/im/target/local.py snf-astakos-app/astakos/im/target/shibboleth.py...
Allow multiple login methods per account
Merge remote-tracking branch 'origin/0.12' into devel-0.13
Conflicts: snf-astakos-app/astakos/im/activation_backends.py snf-astakos-app/astakos/im/api/admin.py snf-astakos-app/astakos/im/auth_backends.py snf-astakos-app/astakos/im/forms.py snf-astakos-app/astakos/im/functions.py...
Flush other user sessions during password/token change
Refs: #3007
Force astakos cookie to follow session state.
Enable inactive shibboleth users to change email
Refs: #3041
Updated shibboleth workflow (enable user change email before activation)
Special handling for login failure messages
Return BadResponse if shibboleth returns empty SHIB_EPPN
Restrict next url parameter
Refs: #3008
Customize third party signup form fields
Refine shibboleth signup mechanism
Back up file
Merged demo
Remove obsolete import
Explicitly allow only POST and GET requests
Fix code formatting to conform to the PEP 8 style guide
AstakosUser signed_terms property instead of function
remove unused imports & code refinement
remove obsolete import
use status specific wrappers for adding messages
named reverse urls
remove oauth2 files
fix "None" next value in local login form
fix local login from cms
register email returned by shibboleth (either as a primary or additional email)
Refs: #2416
Log main astakos functions
Refs: #2448
remove get_or_create_user
handle AstakosUser model validation error
remove has_signed_terms utility, introduce AstakosUser signed_terms function instead
ask acknowledgment for switching local account to shibboleth one
Ratelimit login attempts
Refs: #2267
support shibboleth with invitations & enable modifyuser command to remove a user group
Refs: #2167
add support for groups
change authentication methods: progress I
check in /login (redirect) whether user has signed the terms and if not redirect to approval terms
Refs: #2019
merge with master
Fallback on HTTP_X_REAL_IP meta to retrieve client ip
thats where nginx sets the client ip