- Apr 07, 2021
-
-
Jenkins for Software Heritage authored
Update to upstream version '0.5.1' with Debian dir f0529536b7e4e90479368a95b6c4b3dcbd115f26
-
Antoine Lambert authored
This replaces the Keycloak error message by a more comprehensible one for end users. Unfortunately, there is no way to get the bearer token validity period apart using Keycloak Admin REST API but we clearly do not want to query it in a django authentication backend. Related to T3121
- Apr 06, 2021
-
-
Antoine Lambert authored
-
- Apr 01, 2021
-
-
Antoine R. Dumont authored
Related to T2945
-
Antoine R. Dumont authored
Related to T2945
-
- Mar 30, 2021
-
-
Jenkins for Software Heritage authored
Update to upstream version '0.5.0' with Debian dir 2c3e79c15a522ca808dd16bfef4fe20e11db65b8
-
Antoine Lambert authored
That middleware detects when a user previously logged in using the OpenID Connect authentication backend got his session expired. In that case it will perform a redirection to a django view whose name must be set in the SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW django setting (typically a logout view). Related to T3150
-
Antoine Lambert authored
Add a generic Django REST Framework authentication backend enabling to authenticate a user using Keycloak and OpenID Connect bearer tokens. The backend can be easily plugged into a DRF application by: * adding "swh.auth.django.backends.OIDCBearerTokenAuthentication" to the REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] django setting. * configuring Keycloak URL, realm and client by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings Users will then be able to perform authenticated Web API calls by sending their refresh token in HTTP Authorization headers. Related to T3150
-
Antoine Lambert authored
Add a generic Django authentication backend and related login / logout views enabling to authenticate a user using Keycloak and the OpenID Connect authorization code flow with PKCE ("Proof Key for Code Exchange"). The backend can be easily plugged into any django application by: - adding "swh.auth.django.backends.OIDCAuthorizationCodePKCEBackend" to the AUTHENTICATION_BACKENDS django setting - configuring Keycloak by adding SWH_AUTH_SERVER_URL, SWH_AUTH_REALM_NAME and SWH_AUTH_CLIENT_ID in django settings - adding swh.auth.django.views.urlpatterns to the django application URLs - using the dedicated django views: "oidc-login" and "oidc-logout" Related to T3150
- Mar 26, 2021
-
-
Jenkins for Software Heritage authored
Update to upstream version '0.4.0' with Debian dir e652d062ba7f22d5d43c165ab1315c554abbb05e
- Mar 25, 2021
-
-
Antoine Lambert authored
It enables to properly override those values by getting / setting them from / to the wrapped KeycloakOpenID instance.
-
Antoine Lambert authored
This will simplify fixture use in external modules that use the pytest plugin.
-
Antoine R. Dumont authored
-
Antoine Lambert authored
Let's start to apply recommended guidelines when writing tests.
-
Antoine Lambert authored
Remove the AppUser test model inheriting from OIDCUser. Storing data related to a remote user should be done with a dedicated django model containing a user identifier column. Update tests accordingly.
-
- Mar 24, 2021
-
-
Antoine Lambert authored
Add fields "expires_in" and "refresh_expires_in" to OIDCUser model storing the validity times for access and refresh tokens. Add oidc_profile property to get the OpenID Connect profile associated to the user as a dictionary. Update and simplify tests for OIDCUser model. Related to T3150
-
Antoine Lambert authored
-
Antoine Lambert authored
Add keycloak_oidc_client factory to instantiate KeycloakOpenIDConnect class from the following django settings: - KEYCLOAK_SERVER_URL - KEYCLOAK_REALM_NAME - KEYCLOAK_CLIENT_ID This is required before moving the generic django OIDC auth backends from swh-web to swh-auth.
-
- Mar 23, 2021
-
-
Antoine Lambert authored
Use django stubs for mypy to remove the following error in models.py: "Need type annotation for 'url'".
-
Jenkins for Software Heritage authored
Update to upstream version '0.3.8' with Debian dir 1894edf3e90c621a3d7f01bf6658383a296b1b2c
-
Antoine R. Dumont authored
To ease transforming KeycloakError into an exception message. Related to T3166
-
Jenkins for Software Heritage authored
Update to upstream version '0.3.7' with Debian dir 7eb93f45c807fb5ae0ace645614ebf186a07c33f
-
Antoine Lambert authored
OIDCUser model will not be persisted to django database as those information are already stored in the identity provider one. So ensure no table for the model will be created in django database by setting the auto_created meta flag to True. Related to T3150
-
Jenkins for Software Heritage authored
Update to upstream version '0.3.6' with Debian dir eacabbd87a74f5d6eed187f60e8f9c8aeb4efba5
-
Antoine R. Dumont authored
Prior to this commit, this raised a basic error message instead of a json dict bytes encoded. This commit fixes it. Related to T2858
-