cas.eleves.ens.fr has /serviceValidate, not /p3/serviceValidate, and is
thus *probably* a V2 CAS server. python-cas was broken and using
/serviceValidate for V3 while it should have been /p3/serviceValidate,
see
c3ac4b6c76
reCAPTCHA v1 has been shut down since March 2018.
We now uses reCAPTCHA v2:
- user must check a simple checkbox (No CAPTCHA),
- eventually he must validate a challenge.
Moving keys settings allows to use the captcha for development.
Fixes#192.
- Deprecation warnings using Django 1.8 are resolved.
- Deprecation warnings using Django 1.11 are resolved.
- Admin: grappelli is no longer used.
- Upgrade to django-autocomplete-light v3 (v2 is not 1.11 compatible).
* autocomplete.modelform_factory being dropped, code uses dal Select2
views and widgets.
AccountBackend
- Should now work if used in AUTHENTICATION_BACKENDS settings.
- It does not retieve itself the password, as it should not be used
this way.
GenericBackend
- Delete useless 'username' arg of its 'authenticate()' method.
- Now delete the token in DB.
TemporaryAuthMiddleware
- New name of the middleware is more meaningful.
- Is now responsible to retrieve the password from the request, instead
of the AccountBackend.
GenericTeamToken model
- Add a manager' method to create token, avoiding possible error due to
unicity constraint.
GenericLoginView (authentication with the kfet generic user)
- Replace obscure system with a 100% HTTP handling.
- See comments for more information.
Misc
- More docstrings!
- More tests!
- Add some i18n.
- Add kfet/confirm_form.html template:
Ask user to confirm sth via a form (which will send a POST request).
Context variables:
* title: the page title
* confirm_url: action attribute for <form>
* text: displayed confirmation text
- kfet.js : Add functions allowing to emit POST request from <a> tag.
- Non-link nav items from kfet navbar also get a 'title'.
- A utility has been found for the 'sunglasses' glyphicon!
kfet.open app
- Base data (raw_open, last_update...) is stored and shared through cache system.
- 2 websockets groups: one for team users, one for other users.
- UI is initialized and kept up-to-date with WS.
- raw_open and force_close can be updated with standard HTTP requests.
At this time, there isn't any restriction on raw_open view. Common sense tell us
to change this behavior.
Misc
- Clean channels routing.
- 'PermConsumerMixin': user who sent the message is available as argument in
connection_groups method, which returns groups to which the user should be
appended on websocket connection (and discarded on disconnection).
- New kfet.utils module: should be used for mixins, whatever is useful and not concerns
the kfet app.
- Clean JS dependencies.