Compare commits

..

No commits in common. "master" and "thubrecht/disable-password" have entirely different histories.

47 changed files with 88 additions and 311 deletions

View file

@ -35,37 +35,32 @@ before_script:
- apt-get update -q && apt-get -o dir::cache::archives="vendor/apt" install -yqq python3-dev libldap2-dev libsasl2-dev
- pip install tox
python35:
image: python:3.5
stage: tests
script:
- tox -e py35-django22
python36:
image: python:3.6
stage: tests
script:
- tox -e py36-django22
- tox -e py36-django31
- tox -e py36-django32
- tox -e py36-django30
python37:
image: python:3.7
stage: tests
script:
- tox -e py37-django22
- tox -e py37-django31
- tox -e py37-django32
- tox -e py37-django30
python38:
image: python:3.8
stage: tests
script:
- tox -e py38-django22
- tox -e py38-django31
- tox -e py38-django32
python39:
image: python:3.9
stage: tests
script:
- tox -e py39-django22
- tox -e py39-django31
- tox -e py39-django32
- tox -e py38-django30
# ---
# Release artifacts

3
MANIFEST.in Normal file
View file

@ -0,0 +1,3 @@
include LICENSE
recursive-include authens/static *
recursive-include authens/templates *

View file

@ -66,24 +66,13 @@ LOGIN_URL = reverse_lazy("authens:login")
```
- (Optionnel) Par défaut AuthENS propose les 3 modes de connexion (CAS / Vieux
compte CAS / mot de passe). Les modes de connexion "Vieux compte CAS" et
"mot de passe" peuvent être désactivés en ajoutant :
compte CAS / mot de passe). Le mode de connexion "Vieux compte CAS" peut être
désactivé en ajoutant :
```python
AUTHENS_USE_OLDCAS = False
AUTHENS_USE_PASSWORD = False
```
- (Optionnel) Il est possible d'autoriser la connexion via CAS pour les membres
de `staffs`, lorsque cette option est activée, leur promotion est fixée à 0,
lorsque l'option est désactivée, une tentative de connexion renvoie une erreur
car le format de `$HOME` n'est pas valide.
```python
AUTHENS_ALLOW_STAFF = True
```
- (Optionnel) AuthENS utilise le paramètre Django standard
[`LOGIN_REDIRECT_URL`](https://docs.djangoproject.com/en/3.0/ref/settings/#login-redirect-url)
par défaut pour rediriger l'utilisateurice en cas de connexion réussie.
@ -96,7 +85,7 @@ AUTHENS_ALLOW_STAFF = True
### Création d'utilisateurices
AuthENS maintient une table des comptes clipper connus.
AuthENS maintient une tables des comptes clipper connus.
Cette table est automatiquement mise à jour lors qu'une personne se connecte via
le CAS pour la première fois.
En revanche lorsqu'un nouveau compte est créé manuellement et que ce compte
@ -128,19 +117,6 @@ def create_user_view(requests, cas_login: str):
## Utilisation avancée
### Modification des templates
Il est possible de supplanter les templates d'authens en activant un répertoire
de templates dans les settings Django, puis de créer un dossier `authens` dans
celui-ci. Les templates à substituer sont :
- `authens/login_switch.html` pour la sélection de la méthode de connexion
- `authens/pwd_login.html` pour le formulaire de connexion par mot de passe
- `authens/pwd_reset.html` pour le formulaire de demande de réinitialisation de
mot de passe
- `authens/pwd_reset_confirm.html` pour le formulaire de réinitialisation de mot
de passe
### Migration depuis `django_cas_ng`
Pour migrer depuis `django_cas_ng`, il est recommandé de faire une

View file

@ -3,4 +3,3 @@ from django.apps import AppConfig
class AuthEnsConfig(AppConfig):
name = "authens"
default_auto_field = "django.db.models.AutoField"

View file

@ -1,5 +1,4 @@
LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636"
AUTHENS_USE_OLDCAS = True
AUTHENS_USE_PASSWORD = True
AUTHENS_ALLOW_STAFF = False
# TODO: CAS_SERVER_URL

Binary file not shown.

View file

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-11-02 10:22+0100\n"
"POT-Creation-Date: 2021-01-28 20:40+0100\n"
"PO-Revision-Date: 2021-01-30 20:48+0100\n"
"Last-Translator: Tom Hubrecht <tom.hubrecht@ens.fr>\n"
"Language-Team: \n"
@ -22,7 +22,7 @@ msgstr ""
msgid "Ancien login clipper"
msgstr "Old clipper username"
#: forms.py:18 templates/authens/login_switch.html:15
#: forms.py:18 templates/authens/login_switch.html:14
msgid "Mot de passe"
msgstr "Password"
@ -39,7 +39,7 @@ msgstr ""
"No user exists with this username, this entrance year and/or this password. "
"Please check your entry. Attention, all fields are case sensitive!"
#: models.py:19 models.py:60
#: models.py:19 models.py:57
msgid "utilisateurice"
msgstr "user"
@ -47,36 +47,36 @@ msgstr "user"
msgid "login CAS"
msgstr "CAS username"
#: models.py:30 models.py:70
#: models.py:30 models.py:67
msgid "année de création du compte CAS"
msgstr "year of CAS account creation"
#: models.py:37
#: models.py:34
msgid "Compte CAS"
msgstr "CAS account"
#: models.py:38
#: models.py:35
msgid "Comptes CAS"
msgstr "CAS accounts"
#: models.py:42
#: models.py:39
#, python-format
msgid "compte CAS %(cas_login)s (promo %(entrance_year)s) lié à %(user)s"
msgstr "CAS account %(cas_login)s (year %(entrance_year)s) linked to %(user)s"
#: models.py:66
#: models.py:63
msgid "ancien login CAS"
msgstr "old CAS username"
#: models.py:81
#: models.py:78
msgid "Ancien compte CAS"
msgstr "Old CAS account"
#: models.py:82
#: models.py:79
msgid "Anciens comptes CAS"
msgstr "Old CAS accounts"
#: models.py:86
#: models.py:83
#, python-format
msgid ""
"Ancien compte CAS %(cas_login)s (promo %(entrance_year)s) lié à %(user)s"
@ -91,11 +91,11 @@ msgstr "Connection method"
msgid "Clipper"
msgstr "Clipper"
#: templates/authens/login_switch.html:20
#: templates/authens/login_switch.html:18
msgid "Vieilleux"
msgstr "Alumni"
#: templates/authens/login_switch.html:27
#: templates/authens/login_switch.html:25
#, python-format
msgid ""
"Si votre fin de scolarité approche, créez un mot de passe pour votre compte "
@ -153,25 +153,16 @@ msgstr "For your information, your username is the following: %(username)s"
msgid "L'équipe %(site_name)s"
msgstr "The %(site_name)s team"
#: views.py:89
#, fuzzy
#| msgid "Connexion échouée !"
msgid "Connection échouée !"
#: views.py:86
msgid "Connexion échouée !"
msgstr "Connection failed!"
#: views.py:105
#: views.py:102
msgid ""
"Si un compte avec cet email existe, un email de réinitialisation vient de "
"lui être envoyé !"
msgstr ""
"A password reset email has just been send to the inidcated address, "
"provided an account with this email exists)"
"Un email de réinitialisation du mot de passe vient d'être envoyé à l'adresse "
"indiquée !"
msgstr "A password reset email has just been sent to the indicated address!"
#: views.py:115
#: views.py:112
msgid "Mot de passe modifié avec succès !"
msgstr "Password changed successfully!"
#~ msgid ""
#~ "Un email de réinitialisation du mot de passe vient d'être envoyé à "
#~ "l'adresse indiquée !"
#~ msgstr "A password reset email has just been sent to the indicated address!"

View file

@ -30,9 +30,6 @@ class CASAccount(models.Model):
verbose_name=_("année de création du compte CAS"), blank=False, null=False
)
# The entrance year 0 is used for members of staff
STAFF_ENTRANCE_YEAR = 0
class Meta:
verbose_name = _("Compte CAS")
verbose_name_plural = _("Comptes CAS")

View file

@ -2,7 +2,6 @@
# TODO: make the python-ldap dependency optional
import ldap
from django.conf import settings
from django.contrib.auth import get_user_model

View file

View file

@ -3,11 +3,6 @@ from urllib.parse import urlunparse
from cas import CASClient
from django.conf import settings
from authens import conf as default_conf
from authens.models import CASAccount
def get_cas_client(request):
"""Return a CAS client configured for SPI's CAS."""
@ -31,14 +26,6 @@ def parse_entrance_year(home_dir):
return None
dirs = home_dir.split("/")
allow_staff = getattr(
settings, "AUTHENS_ALLOW_STAFF", default_conf.AUTHENS_ALLOW_STAFF
)
if allow_staff and dirs[:3] == ["", "users", "staffs"]:
return CASAccount.STAFF_ENTRANCE_YEAR
if len(dirs) < 3 or not dirs[2].isdecimal() or dirs[1] != "users":
raise ValueError("Invalid home directory: {}".format(home_dir))

View file

@ -102,7 +102,7 @@ class PasswordResetView(SuccessMessageMixin, auth_views.PasswordResetView):
success_url = reverse_lazy("authens:login")
success_message = _(
"Si un compte avec cet email existe, un email de réinitialisation vient de lui être envoyé !"
"Un email de réinitialisation vient d'être envoyé à l'adresse indiquée !"
)
@ -138,14 +138,14 @@ class LogoutView(auth_views.LogoutView):
else:
self.cas_connected = False
def get_success_url(self):
next_page = super().get_success_url()
def get_next_page(self):
next_page = super().get_next_page()
if self.cas_connected:
cas_client = get_cas_client(self.request)
# If the next_url is local (no hostname), make it absolute so that the user
# is correctly redirected from CAS.
if next_page is not None and not urlparse(next_page).netloc:
if not urlparse(next_page).netloc:
request = self.request
next_page = urlunparse(
(request.scheme, request.get_host(), next_page, "", "", "")

View file

@ -1,53 +0,0 @@
{
sources ? import ./npins,
pkgs ? import sources.nixpkgs { },
}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
python3 = pkgs.python3.override { packageOverrides = _: _: { inherit (nix-pkgs) python-cas; }; };
deploy-pypi = pkgs.writeShellApplication {
name = "deploy-pypi";
runtimeInputs = [
(pkgs.python3.withPackages (ps: [
ps.setuptools
ps.build
ps.twine
]))
];
text = ''
# Clean the repository
rm -rf dist
python -m build
twine upload dist/*
'';
};
in
{
devShell = pkgs.mkShell {
name = "cas-eleves.dev";
packages = [
(python3.withPackages (ps: [
ps.django
ps.python-ldap
ps.python-cas
]))
pkgs.gettext
pkgs.gtranslator
];
};
publishShell = pkgs.mkShell {
name = "loadcredential.publish";
packages = [ deploy-pypi ];
};
}

View file

@ -13,10 +13,9 @@ Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from example import views
from django.contrib import admin
from django.urls import include, path
from example import views
urlpatterns = [
path("admin/", admin.site.urls),

View file

@ -1,80 +0,0 @@
# Generated by npins. Do not modify; will be overwritten regularly
let
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
mkSource =
spec:
assert spec ? type;
let
path =
if spec.type == "Git" then
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = path; };
mkGitSource =
{
repository,
revision,
url ? null,
hash,
branch ? null,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null then
(builtins.fetchTarball {
inherit url;
sha256 = hash;
})
else
assert repository.type == "Git";
let
urlToName =
url: rev:
let
matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
short = builtins.substring 0 7 rev;
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
in
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName repository.url revision;
in
builtins.fetchGit {
url = repository.url;
rev = revision;
inherit name;
narHash = hash;
};
mkPyPiSource =
{ url, hash, ... }:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ url, hash, ... }:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
in
if version == 4 then
builtins.mapAttrs (_: mkSource) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

View file

@ -1,22 +0,0 @@
{
"pins": {
"nix-pkgs": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs.git"
},
"branch": "main",
"revision": "46879d052e4a694ceb3027dbcff641c44e0ae1bd",
"url": null,
"hash": "sha256-/Yn3NDYA76bv8x06jahLAJ2z54L0vFeAtQKzyW3MfGA="
},
"nixpkgs": {
"type": "Channel",
"name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre647329.6842b061970b/nixexprs.tar.xz",
"hash": "04inyzaffqclmymaphc4cwhywnyk51hi44508kfbsj9h57875hb6"
}
},
"version": 4
}

View file

@ -1,49 +0,0 @@
[build-system]
requires = ["setuptools", "setuptools_scm"]
build-backend = "setuptools.build_meta"
[project]
name = "authens"
dynamic = ["version"]
authors = [
{name = "Klub Dev ENS", email = "klub-dev@ens.fr"},
{name = "Tom Hubrecht", email = "pypi@mail.hubrecht.ovh"},
]
description = "CAS Authentication Client at the ENS."
license = {file = "LICENSE"}
readme = "README.md"
classifiers = [
"Development Status :: 4 - Beta",
"Environment :: Web Environment",
"Framework :: Django",
"Framework :: Django :: 4.1",
"Framework :: Django :: 4.2",
"Intended Audience :: Developers",
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Topic :: Internet :: WWW/HTTP",
"Topic :: Internet :: WWW/HTTP :: Dynamic Content",
]
dependencies = [
"django >= 4.1",
"python-ldap >= 3, < 4",
"python-cas >= 1.5, < 2",
]
[project.urls]
Homepage = "https://git.dgnum.eu/DGNum/authens"
Repository = "https://git.dgnum.eu/DGNum/authens"
Issues = "https://git.dgnum.eu/DGNum/authens/issues"
[tool.setuptools.dynamic]
version = {attr = "authens.__VERSION__"}
[tool.setuptools.packages.find]
where = ["src"]

View file

@ -10,8 +10,13 @@ ignore =
W503
[isort]
profile = black
# For black compat: https://github.com/ambv/black#how-black-wraps-lines
combine_as_imports = true
default_section = THIRDPARTY
force_grid_wrap = 0
include_trailing_comma = true
known_django = django
known_first_party = authens,tests
sections = FUTURE,STDLIB,THIRDPARTY,DJANGO,FIRSTPARTY,LOCALFOLDER
line_length = 88
multi_line_output = 3
sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER

37
setup.py Normal file
View file

@ -0,0 +1,37 @@
import setuptools
with open("README.md", "r") as file:
long_description = file.read()
setuptools.setup(
name="authens",
version="0.1b1",
author="Klub Dev ENS",
author_email="klub-dev@ens.fr",
description="CAS Authentication at the ENS",
long_description=long_description,
long_description_content_type="text/markdown",
url="https://git.eleves.ens.fr/klub-dev-ens/authens",
packages=setuptools.find_packages(),
include_package_data=True,
classifiers=[
"Environment :: Web Environment",
"Framework :: Django",
"Framework :: Django :: 2.2",
"Framework :: Django :: 3.0",
"Intended Audience :: Developers",
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Topic :: Internet :: WWW/HTTP",
"Topic :: Internet :: WWW/HTTP :: Dynamic Content",
],
python_requires=">=3.5",
install_requires=["Django>=2.2", "python-ldap>=3,<4", "python-cas>=1.5,<2"],
)

View file

@ -1 +0,0 @@
(import ./. { }).devShell

View file

@ -1,5 +0,0 @@
__VERSION__ = "0.2.0"
__all__ = [
"__VERSION__",
]

View file

@ -1,12 +1,12 @@
[tox]
envlist =
py{36,37,38,39}-django{22,31,32}
py{35,36,37,38}-django22,
py{36,37,38}-django30
[testenv]
deps =
django22: Django>=2.2.17,<3
django31: Django==3.1.*
django32: Django==3.2.*
django22: Django==2.2.*
django30: Django==3.0.*
python-cas
python-ldap
commands =