Since allauth is installed, users are not automatically logged out of CAS
when logging out GestioCOF.
This change simplifies the view and avoid being stuck because of
the redirect to the logout page, which happened via a GET request and so
prompting to confirm.
Refer to allauth doc for an accurate features list:
http://django-allauth.readthedocs.io/en/latest/
Users can now change their password, ask for a password reset, or set
one if they don't have one.
In particular, it allows users whose account has been created via a
clipper authentication to configure a password before losing their
clipper. Even if they have already lost it, they are able to get one
using the "Reset password" functionality.
Allauth multiple emails management is deactivated. Requests to the
related url redirect to the home page.
All the login and logout views are replaced by the allauth' ones. It
also concerns the Django and Wagtail admin sites.
Note that users are no longer logged out of the clipper CAS server when
they authenticated via this server. Instead a message suggests the user
to disconnect.
Clipper connections and `login_clipper`
---------------------------------------
- Non-empty `login_clipper` are now unique among `CofProfile` instances.
- They are created once for users with a non-empty 'login_clipper' (with
the data migration 0014_create_clipper_connections).
- The `login_clipper` of CofProfile instances are sync with their
clipper connections:
* `CofProfile.sync_clipper_connections` method updates the
connections based on `login_clipper`.
* Signals receivers `sync_clipper…` update `login_clipper` based on
connections creations/updates/deletions.
Misc
----
- Add NullCharField (model field) which allows to use `unique=True` on
CharField (even with empty strings).
- Parts of kfet mixins for TestCase are now in shared.tests.testcase,
as they are used elsewhere than in the kfet app.
AccountBackend
- Should now work if used in AUTHENTICATION_BACKENDS settings.
- It does not retieve itself the password, as it should not be used
this way.
GenericBackend
- Delete useless 'username' arg of its 'authenticate()' method.
- Now delete the token in DB.
TemporaryAuthMiddleware
- New name of the middleware is more meaningful.
- Is now responsible to retrieve the password from the request, instead
of the AccountBackend.
GenericTeamToken model
- Add a manager' method to create token, avoiding possible error due to
unicity constraint.
GenericLoginView (authentication with the kfet generic user)
- Replace obscure system with a 100% HTTP handling.
- See comments for more information.
Misc
- More docstrings!
- More tests!
- Add some i18n.
- Add kfet/confirm_form.html template:
Ask user to confirm sth via a form (which will send a POST request).
Context variables:
* title: the page title
* confirm_url: action attribute for <form>
* text: displayed confirmation text
- kfet.js : Add functions allowing to emit POST request from <a> tag.
- Non-link nav items from kfet navbar also get a 'title'.
- A utility has been found for the 'sunglasses' glyphicon!