- May 30, 2022
-
- May 20, 2022
-
-
Antoine Lambert authored
Add support for mapping Keycloak groups to Django ones in OIDCUser model by overriding the groups member of Django base User model. It enables to manipulate user groups declared in Keycloak using Django standard User model API.
-
- May 02, 2022
-
-
Pratyush authored
-
- Apr 26, 2022
-
-
vlorentz authored
-
- Apr 21, 2022
-
-
Antoine Lambert authored
That hook can be frustrating as it can discard a long commit message if it finds a typo in it so better removing it.
-
- Apr 14, 2022
-
-
Antoine Lambert authored
When catching KeycloakError exceptions, other exception types will be then raised like ValueError or AuthenticationFailed. Those will be processed by django applications using these auth middlewares so there is no need to duplicate error reports in sentry here.
-
- Apr 08, 2022
-
-
Antoine Lambert authored
-
Antoine Lambert authored
Related to T3922
-
Antoine Lambert authored
black is considered stable since release 22.1.0 and the version we are currently using is quite outdated and not compatible with click 8.1.0, so it is time to bump it to its latest stable release. Please note that E501 pycodestyle warning related to line length is replaced by B950 one from flake8-bugbear as recommended by black. https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html#line-length Related to T3922
-
- Apr 06, 2022
-
-
Antoine Lambert authored
pytest-postgresql 3.1.3 and pytest-redis 2.4.0 added support for pytest >= 7 so we can now drop the pytest pinning.
-
Antoine Lambert authored
This reverts commit 4083f796.
-
- Apr 05, 2022
-
-
Antoine Lambert authored
There is an incompatibility between latest django-stubs release (1.10.0) and current release of djangorestframework-stubs. So temporarily pin django-stubs to < 1.10.0 until the issue is fixed.
-
- Mar 22, 2022
-
-
Antoine Lambert authored
pytest: Exclude build directory for tests discovery\n\nDue to test modules being copied in subdirectories of the\nbuild directory by setuptools, it makes pytest fail by raising\nImportPathMismatchError exceptions when invoked from root\ndirectory of the module.\n\nSo ignore the build folder to discover tests.
-
- Feb 10, 2022
-
-
Antoine Lambert authored
To install the new hook: $ pre-commit install -t commit-msg
-
- Feb 07, 2022
-
-
Antoine R. Dumont authored
Related to T3916
-
- Dec 16, 2021
-
-
Antoine R. Dumont authored
This also drops spurious copyright headers to those files if present. Related to T3812
-
- Dec 01, 2021
-
-
Antoine Lambert authored
This should help debugging keycloak authentication issues.
-
- Aug 23, 2021
-
-
Antoine Lambert authored
When a user session has been terminated without using the logout view (for instance a user can logout from all its authenticated sessions using the Keycloak account UI), the expired OIDC profile is still in webapp cache which causes errors and prevent new user logins. So ensure to remove expired profile from cache when detecting Keycloak session is no longer active in django authentication backend. Related to T3496
-
- Jul 01, 2021
-
-
Antoine Lambert authored
Migrate auth command group from swh-web-client package to the swh-auth package. Related to T3385
-
- Jun 09, 2021
-
-
Antoine Lambert authored
-
Antoine R. Dumont authored
-
- Apr 27, 2021
-
-
Antoine Lambert authored
Enable to check package documentation can be built without producing sphinx warnings. The sphinx environment is designed to be used in continuous integration in order to prevent breaking documentation build when committing changes. The sphinx-dev environment is designed to be used inside a full swh development environment. Related to T3258
-
Antoine Lambert authored
Sphinx complains about an unexpected indentation if a constructor docstring is missing.
-
- Apr 22, 2021
-
-
Antoine Lambert authored
Keycloak also allow to define user roles at realm level to define permissions at a global level not tight to a client. Include these extra roles in the user permissions set from the decoded token content. Related to T3213
-
- Apr 13, 2021
-
-
vlorentz authored
-
- Apr 09, 2021
-
-
Antoine Lambert authored
-
Antoine Lambert authored
-
- Apr 07, 2021
-
-
Antoine Lambert authored
The first time a user sends an expired token previously used to perform authenticated Web API calls, Keycloak will return the following error message: "Offline session not active". So handle that error message too for indicating a token has expired. Related to T3121
-
Antoine Lambert authored
This replaces the Keycloak error message by a more comprehensible one for end users. Unfortunately, there is no way to get the bearer token validity period apart using Keycloak Admin REST API but we clearly do not want to query it in a django authentication backend. Related to T3121
-
- Apr 06, 2021
-
-
Antoine Lambert authored
-
- Mar 30, 2021
-
-
Antoine Lambert authored
That middleware detects when a user previously logged in using the OpenID Connect authentication backend got his session expired. In that case it will perform a redirection to a django view whose name must be set in the SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW django setting (typically a logout view). Related to T3150
-
Antoine Lambert authored
Add a generic Django REST Framework authentication backend enabling to authenticate a user using Keycloak and OpenID Connect bearer tokens. The backend can be easily plugged into a DRF application by: * adding "swh.auth.django.backends.OIDCBearerTokenAuthentication" to the REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] django setting. * configuring Keycloak URL, realm and client by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings Users will then be able to perform authenticated Web API calls by sending their refresh token in HTTP Authorization headers. Related to T3150
-
Antoine Lambert authored
Add a generic Django authentication backend and related login / logout views enabling to authenticate a user using Keycloak and the OpenID Connect authorization code flow with PKCE ("Proof Key for Code Exchange"). The backend can be easily plugged into any django application by: - adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend" to the AUTHENTICATION_BACKENDS django setting - configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings - adding swh.auth.django.views.urlpatterns to the django application URLs - using the dedicated django views: "oidc-login" and "oidc-logout" Related to T3150
-
- Mar 26, 2021
-
- Mar 25, 2021
-
-
Antoine Lambert authored
It enables to properly override those values by getting / setting them from / to the wrapped KeycloakOpenID instance.
-
Antoine Lambert authored
This will simplify fixture use in external modules that use the pytest plugin.
-
Antoine R. Dumont authored
-
Antoine Lambert authored
Let's start to apply recommended guidelines when writing tests.
-
Antoine Lambert authored
Remove the AppUser test model inheriting from OIDCUser. Storing data related to a remote user should be done with a dedicated django model containing a user identifier column. Update tests accordingly.
-
- Mar 24, 2021
-
-
Antoine Lambert authored
Add fields "expires_in" and "refresh_expires_in" to OIDCUser model storing the validity times for access and refresh tokens. Add oidc_profile property to get the OpenID Connect profile associated to the user as a dictionary. Update and simplify tests for OIDCUser model. Related to T3150
-