Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,409 Commits 4 Branches 45 Tags
Commit Graph

51 Commits

Author SHA1 Message Date
David Stipp
5c2a2f8ff2 OAUTH2 fixes 
* Use OAUTH2 variable instead of PING while using OAUTH
* Some IDPs require a POST instead of a GET to user data
 2020-04-04 11:32:23 -04:00
Curtis Castrapel
68fd1556b2 Black lint all the things 2019-05-16 07:57:02 -07:00
Curtis
317c84800c
Merge branch 'master' into jwks_validation_error_control 2019-05-08 06:50:56 -07:00
Curtis Castrapel
0eacbd42d7 Converting userinfo authorization to a config var 2019-05-07 15:31:42 -07:00
Jose Plana
4e6e7edf27 Rename return variable for better readability 2019-05-07 22:53:01 +02:00
Hossein Shafagh
b7ce9ab901
Merge branch 'master' into jwks_validation_error_control 2019-05-07 13:09:02 -07:00
Hossein Shafagh
ff583981b1
Merge branch 'master' into aid_openid_roles_provider_integration 2019-05-07 09:06:02 -07:00
Hossein Shafagh
e58ff476c9
Merge branch 'master' into jwks_validation_error_control 2019-05-07 09:05:41 -07:00
Jose Plana
deed1b9685 Don't fail if googleGroups is not found in user profile 2019-05-06 12:30:25 +02:00
Jose Plana
6c99e76c9a Better error management in jwks token validation 2019-05-06 12:27:43 +02:00
Jose Plana
2063baefc9 Fixes userinfo using Bearer token 2019-05-06 12:23:24 +02:00
Curtis
1b77dfa47a
Revert "Precommit - Fix linty things" 2018-08-22 13:21:35 -07:00
Curtis Castrapel
3e9726d9db Precommit work 2018-08-22 10:38:09 -07:00
Marti Raudsepp
0398c6e723 Clean up module imports 
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
 2018-07-07 23:56:23 +03:00
Curtis Castrapel
544a02ca3f Addressing comments. Updating copyrights. Added function to determine authorative name server 2018-05-29 10:23:01 -07:00
Curtis Castrapel
844202f36b check if user active properly 2018-03-26 13:14:22 -07:00
iTitou
08f66df860 [fix] No internal server error when trying to Google Auth an unregistered user (#1109) 2018-03-21 08:14:54 -07:00
kevgliss
eea413a90f
Modifying the way we report metrics. Relying on metric tags instead of the the metric name for additional dimensions. (#1036) 2018-01-02 15:26:31 -08:00
kevgliss
9a0ada75fa
Upgrading satellizer library. (#1031) 2018-01-02 09:12:06 -08:00
kevgliss
848ce8c978
Refactoring authentincation to support GET and POST requests. Closes #990. (#1030) 2018-01-01 19:11:29 -08:00
Eric
6edc5180c7 fix roles assigned in the ui for sso (#1017) 
This commit fixes the ability to assign roles to people in the ui
when the user is SSO. The idea is if a role is ever assigned via
SSO it becomes a "SSO Role" or a "Third Party" Role. by setting
third_party to true on the role object.

Once a role is marked as third party it can no longer be controlled
through the ui for SSO Users. (for ui users this poses no functional
change). It must be controlled via SSO.
 2017-12-11 13:51:45 -08:00
Johannes Langer
041f3a22fa Added ability to set custom roles for users logging in via oauth provider (#985) 2017-11-10 08:38:33 -08:00
Johannes Langer
9319dda0ec Added ability to ignore cert for oauth2 provider (#971) 
* Added ability to ignore cert for oauth2 provider

This is useful for development environments where the OAuth provider
doesn't have a valid cert!

* Setting default for OAUTH2_VERIFY_CERT to true
 2017-10-20 16:36:14 -07:00
kevgliss
e0d9443141 Ensuring existing users are also given the default role. (#960) 2017-10-05 16:47:52 -07:00
Marti Raudsepp
97d83890e0 Various minor cleanups and fixes (#938) 
* Documentation fixes

* Various docstring and help string fixes

* Minor code cleanups

* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
 2017-09-25 15:33:42 -07:00
Ian Stahnke
79d12578c7 basic ldap support (#842) 2017-09-03 20:41:43 -07:00
Michael LoSapio
3141b47fba Catch OAuth providers that want the params sent as data (#800) 2017-05-25 10:21:29 -07:00
kevgliss
11bd42af82 Correct status code for basic-auth (#813) 
* ensuring those using basic auth recieve a correct status code when their password is incorrect

* Fixing oauth status codes
 2017-05-23 09:48:31 -07:00
kevgliss
307a73c752 Fixing some confusion between 401 vs 403 error code. 401 indicates that the user should attempt to authenticate again. Where as 403 indicates the user is authenticated but not allowed to complete an action. (#804) 
Closes #767
 2017-05-18 13:20:17 -07:00
Nevins
0326e1031f adding generic OAuth2 provider (#685) 
* adding support for Okta Oauth2

* renaming to OAuth2

* adding documentation of options

* fixing flake8 problems
 2017-02-03 10:36:49 -08:00
kevgliss
2f5f82d797 Ensures that in-active users are not allowed to login. (#618) 2016-12-19 22:58:57 -08:00
Marti Raudsepp
71ddbb409c Minor documentation fixes/tweaks (#597) 
Mostly typos, grammar errors and inconsistent indentation in code
examples.

Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
 2016-12-14 09:29:04 -08:00
kevgliss
8e5323e2d7 migrating flask imports (#525) 2016-11-22 21:11:20 -08:00
kevgliss
dd6d332166 Removing python2 compatibility. (#518) 2016-11-21 14:03:04 -08:00
kevgliss
a60e372c5a Ensuring that password hashes are compared correctly under python3 2016-09-07 13:25:51 -07:00
kevgliss
53d0636574 Python3 (#417) 
* Fixing tests.

* Fixing issue where decrypted credentials were not returning valid strings.

* Fixing issues with python3 authentication.
 2016-08-29 08:58:53 -07:00
kevgliss
e34de921b6 Target Individuals for Certificates (#384) 
* Allowing individual users to be targeted for a role.

* Ensuring that even new users get a per user-role
 2016-07-01 09:04:39 -07:00
kevgliss
daea8f6ae4 Bug fixes (#355) 
* we should not require password to update users

* Fixing an issue were roles would not be added.
 2016-06-13 17:22:45 -07:00
kevgliss
62d03b0d41 Closes #216 2016-04-01 16:54:33 -07:00
Mike Grima
ba666ddbfa Removed deprecated auth api endpoint. 2016-02-16 15:04:53 -08:00
kevgliss
685e2c8b6d fixing typo 2016-01-05 09:40:53 -08:00
kevgliss
a7decc1948 Fixing some issues with dynamically supporting multiple SSO providers 2015-12-27 17:54:11 -05:00
Robert Picard
60856cb7b9 Add an endpoint to return active authentication providers 
This endpoint can be used by Angular to figure out what authentication
options to display to the user. It returns a dictionary of configuration
details that the front-end needs for each provider.
 2015-12-22 18:03:56 -05:00
Robert Picard
350d013043 Add Google SSO 
This pull request adds Google SSO support. There are two main changes:

1. Add the Google auth view resource
2. Make passwords optional when creating a new user. This allows an admin
to create a user without a password so that they can only login via Google.
 2015-12-22 13:44:30 -05:00
Robert Picard
2fc6d4cd21 Fix a handful of typos in documentation 
As I was reading through the docs I made note of grammar issues and
typos I saw. Not a huge deal but might as well fix what I noticed.
 2015-10-06 15:05:05 -07:00
kevgliss
ef72de89b3 Minor fixes 2015-09-18 15:50:59 -07:00
kevgliss
70ccd137e1 removing netflix specific code from auth flow 2015-08-27 13:09:02 -07:00
kevgliss
a4ed83cb62 Refactoring out challenge 2015-07-23 08:52:30 -07:00
kevgliss
c75e20a1ea Pleasing the PEP8 gods 2015-07-21 13:06:13 -07:00
kevgliss
95bab9331d Enabling CSR generation and reducing complexity of encryption/decrypting the 'key' dir. 2015-07-03 10:30:17 -07:00