summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Horizon login page contains DOS attack mechanism1.1.8eric2014-12-081-1/+0
| | | | | | | | | | | | | the horizon login page (and middleware) accesses the session too early in the login process, which will create session records in the session backend. This is especially problematic when non-cookie backends are used. Co-Authored-By: Tihomir Trifonov <t.trifonov@gmail.com> Co-Authored-By: Eric Peterson <eric.peterson1@twcable.com> Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c Closes-Bug: 1394370
* Merge "Make region and project sticky"Jenkins2014-11-205-69/+132
|\
| * Make region and project stickyeric2014-11-175-69/+132
| | | | | | | | | | | | | | | | | | | | | | This change will make the region and project "sticky" in that whatever is selected will remain selected. When users select other projects or login/logout the region will stay what the user last selected, and users will try to be returned to the last used project Change-Id: I8b38ab2cb8b616ad6976aa8167b8209926054df4 Closes-Bug: 1357047 Closes-Bug: 1389401
* | Imported Translations from TransifexOpenStack Proposal Bot2014-11-181-0/+62
| | | | | | | | | | | | | | For more information about this automatic import see: https://wiki.openstack.org/wiki/Translations/Infrastructure Change-Id: I6d6d182de2599b842d2d4f9cc31d6ea375f33595
* | Merge "Fix inability to switch region via Switch Region dropdown"Jenkins2014-11-171-8/+9
|\ \
| * | Fix inability to switch region via Switch Region dropdownVlad Okhrimenko2014-10-221-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | Prevent logged-in users redirect in case 'login' view is used for switching the regions via modal form. Change-Id: I47f26eea19e577998c7e3906a51900b51024eb43 Related-Bug: #1381413
* | | Merge "Set default auth_url from django settings when auth_url is None"Jenkins2014-11-141-0/+3
|\ \ \
| * | | Set default auth_url from django settings when auth_url is NoneXiao Hanyu2014-05-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is useful when users(client web forms) just provide username/password to authenticate with django_openstack_auth. In this case, they can still login if keystone version == 2.0 since keystone v2.0 only requires username/password and auth_url to authenticate. In most cases, auth_url can get from django(horizon)'s settings. Fix-bug: #1316490 Change-Id: I2ed24238adb79b6ef33e4bf20232b6a924ad0b1f
* | | | Merge "Updated the installation instructions"Jenkins2014-11-132-35/+41
|\ \ \ \
| * | | | Updated the installation instructionsJames Muranga2014-11-122-35/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed the name of the app from keystone_auth to openstack_auth in the installation instructions Removed the redudant installation instructions in README.rst Change-Id: If97c93a446754573bd6fb55b15cb4c881ad1f4e6
* | | | | Merge "Remove admin role name 'admin' hardcode in User.is_superuser()"Jenkins2014-11-031-1/+6
|\ \ \ \ \ | |_|_|_|/ |/| | | |
| * | | | Remove admin role name 'admin' hardcode in User.is_superuser()Paul Karikh2014-10-301-1/+6
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because of hardcoding name as the 'admin' was impossible to use administrative panel with a custom administrative role name. This fix replaces hardcoded the name of the administrative role with the Horizon settings constant with list of roles. So, now administrative roles can be multiple. Related commit: https://review.openstack.org/#/c/123741/ Change-Id: I04277cd50a938f02949ae0e33228e1628197d252 Partial-Bug: #1161144
* | | | Imported Translations from TransifexOpenStack Proposal Bot2014-10-241-0/+62
| |_|/ |/| | | | | | | | | | | | | | | | | For more information about this automatic import see: https://wiki.openstack.org/wiki/Translations/Infrastructure Change-Id: I34236f16fff20b9b07c262d96a973d05c9048004
* | | Merge "Updated from global requirements"Jenkins2014-10-222-2/+2
|\ \ \
| * | | Updated from global requirementsOpenStack Proposal Bot2014-10-222-2/+2
| | | | | | | | | | | | | | | | Change-Id: Ib9fa4ffe5d62cf287713d54f327e37913fb388d2
* | | | Merge "Remove compiled message catalogs"Jenkins2014-10-2224-0/+1
|\ \ \ \ | |/ / / |/| | |
| * | | Remove compiled message catalogsAkihiro Motoki2014-10-1124-0/+1
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A kind of binary files are useless to be maintained in git repo. I18N team and package distributors have agreed to remove compiled message catalogs from openstack-auth git repository. To compile message catalogs, run the following command before the installation: python setup.py compile_catalog Make sure to install Babel>=1.3 before running the above command. DocImpact Closes-Bug: #1196982 Change-Id: Iab2398e942e142f9ab370d8a8f9d539b257e1620
* | | Bump hacking to 0.9.x seriesAkihiro Motoki2014-10-1910-23/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | In order to sync global-requirements, this patch bumps hacking to 0.9.x series. H236, H305, H307 errors are fixed in this patch. H307 and H904 are added to the ignore list. Change-Id: I37c16ad67912dec8ce1562676ae0ebbfbe277d99
* | | Merge "extract mock setup methods"Jenkins2014-10-181-450/+154
|\ \ \
| * | | extract mock setup methodsAdam Young2014-10-031-450/+154
| |/ / | | | | | | | | | | | | | | | | | | Pulls the common code for Version specific tests into a mixing class, reducing code duplication significantly. Change-Id: I4136b866700a74aa93e38363fdcb29fe6c5ed65c
* | | Merge "Add CONTRIBUTING.rst"Jenkins2014-10-091-0/+16
|\ \ \ | |/ / |/| |
| * | Add CONTRIBUTING.rstliuqing2014-07-141-0/+16
| | | | | | | | | | | | | | | | | | There is no CONTRIBUTING.rst file, the patch will add it. Change-Id: I6b40e0061a2da85e61257f2bfc2f7040d44fa49b
* | | Merge "Updated from global requirements"1.1.7Jenkins2014-09-191-1/+1
|\ \ \
| * | | Updated from global requirementsOpenStack Proposal Bot2014-09-181-1/+1
| | | | | | | | | | | | | | | | Change-Id: Idd78bf3bd89dd3c04782cde03ce2d5fdddfdf400
* | | | Merge "Set DJANGO_SETTINGS_MODULE envvar in doc/source/conf.py"Jenkins2014-09-191-0/+4
|\ \ \ \
| * | | | Set DJANGO_SETTINGS_MODULE envvar in doc/source/conf.pyAkihiro Motoki2014-09-131-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the issue that the doc is not generated properly in gate-django_openstack_auth-docs job. Change-Id: I5780ee32856a9b1fd4aed5b6a1a84d319aaf464e Closes-Bug: #1369064
* | | | | Merge "Fix Django 1.7 compat"Jenkins2014-09-192-1/+6
|\ \ \ \ \ | |_|/ / / |/| | | |
| * | | | Fix Django 1.7 compatThomas Goirand2014-09-092-1/+6
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Debian, we are going to release Jessie with Django 1.7, which has just been released. Therefore, compatibility is important for us. This patch, which the Debian package already carries, fixes 2 small compatibility issues with Django 1.7. It is safe to use openstack_auth with these patches and a lower version of Django, which makes it safe to apply this patch. Change-Id: I564cde889c56e12fc0fc1347537e66b576605a0d
* | | | Merge "Updated from global requirements"Jenkins2014-09-162-0/+6
|\ \ \ \
| * | | | Updated from global requirementsOpenStack Proposal Bot2014-09-152-0/+6
| | | | | | | | | | | | | | | | | | | | Change-Id: I4e8dfa9842a568228aa033d99db95b84ae5e24bf
* | | | | Merge "Configurable token hashing algorithm"Jenkins2014-09-161-2/+6
|\ \ \ \ \
| * | | | | Configurable token hashing algorithmBrant Knudson2014-08-241-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The user's authentication token was hashed using the MD5 algorithm. The MD5 algorithm shouldn't be used because of the potential for hash collisions. Some security standards mandate a SHA2 algorithm or better must be used. With this change the algorithm to use for hashing tokens can be configured by setting the OPENSTACK_TOKEN_HASH_ALGORITHM configuration option to a hash algorithm supported by Python's hashlib library[1]. For example, a deployer could set the option to 'sha256' to meet a SHA2 security standard. The algorithm chosen must match the hash algorithm that the identity server is configured to use (Keystone and the auth_token middleware can be configured to use any hash algorithm supported by hashlib). This is for security hardening. [1] https://docs.python.org/2/library/hashlib.html DocImpact SecurityImpact Change-Id: I9e3eba7e0a12ae40a08d0ed851ea916ec6591bcc Closes-Bug: #1174499
* | | | | | Merge "Work toward Python 3.4 support and testing"Jenkins2014-09-161-1/+1
|\ \ \ \ \ \ | |_|/ / / / |/| | | | |
| * | | | | Work toward Python 3.4 support and testingJeremy Stanley2014-09-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I56299bcb4f02dfab95b995f147c32623cf329fab
* | | | | | Adding django kwargs to login and logout viewsYves-Gwenael Bourhis2014-09-124-26/+86
| |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The django.contrib.auth.views login and logout views take usefull parameters which where dropped by the openstack_auth.views methods. Added a TOKEN_TIMEOUT_MARGIN which allows to check token expiration minus a time margin in seconds. This is usefull if you know a process will take a certain time, you want to have your token still valid all this time (e.g. the time it can take to render a view). This patch is required for https://review.openstack.org/88220 Change-Id: I7508c40d6f1eaa2bf1eef5cc762052b15d6d9273 Closes-Bug: 1308918
* | | | | Consider old version of token without 'user_domain_name' attrAkihiro Motoki2014-08-311-1/+3
|/ / / / | | | | | | | | | | | | | | | | Closes-Bug: #1363515 Change-Id: I252b99fba3c48a7ed27af1b7da3b1cb037555eb8
* | | | Merge "Added url_path_replace and has_in_url_path methods"Jenkins2014-08-283-6/+29
|\ \ \ \
| * | | | Added url_path_replace and has_in_url_path methodsYves-Gwenael Bourhis2014-08-263-6/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | utils.py, views.py and backend.py were using .replace('v3', 'v2.0') and .replace('v2.0', 'v3') methods on url strings. This is BAD because if you have v3 in your url's domain it brakes it. A new url_path_replace method now only performs the replaces in the url path and leaves the domain unchanged. Some checks where performed to test if a substring was in the url path but the tests where performed on the whole url and could return a false positive if the substring exists in the domain name or in the query string. The new has_in_url_path method checks only if the substring is in the path of the url. Change-Id: I030d928d83e5c91cf26101221649a299d146747d Closes-Bug: 1324948
* | | | | Merge "Add user_domain_name in the user object"Jenkins2014-08-281-2/+10
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Add user_domain_name in the user objectlin-hua-cheng2014-08-221-2/+10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | user_domain_name is exposed by keystoneclient, adding this information for horizon as well. Change-Id: Ic09b892bcb7669ed19a353e535d1aea43bbe92b7 Closes-Bug: #1360521
* | | | Updated from global requirementsOpenStack Proposal Bot2014-08-221-1/+1
|/ / / | | | | | | | | | Change-Id: I4b2838822df8e6141abd7ef0f79774c6fb911e3a
* | | Updated from global requirementsOpenStack Proposal Bot2014-08-131-1/+1
| | | | | | | | | | | | Change-Id: I266ff7740cae49c2c33b8536bbdd52db97b9dabc
* | | Merge "Cache the User's Project by Token ID"Jenkins2014-08-063-0/+131
|\ \ \
| * | | Cache the User's Project by Token IDLin Hua Cheng2014-07-303-0/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Project list fetched for each request. The patches caches the project list and uses the token as the key in the cache. When the user logout or switch project, the project list is removed from the cache. Change-Id: I2386d7a342cf02a0252e97cc48c5349ccab8a9eb Closes-bug: 1241838
* | | | Updated from global requirementsOpenStack Proposal Bot2014-08-041-1/+1
| | | | | | | | | | | | | | | | Change-Id: Ied3a112db624826bd0e80a909da85bc832510dc3
* | | | Adding log message for keystone API mismatchDavid Lyle2014-07-301-0/+4
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | When the Horizon settings file specifies a v2.0 endpoint and indicates v3 API to use with Keystone, the code redirects the v2.0 to v3 without notice. Logging a warning, so deployers can address the mismatch. Closes-Bug: #1291457 Change-Id: If9e9e40af5ac23e8dea552d2d1a04597c67837a7
* | | Fix H4xx docstring issuesAkihiro Motoki2014-07-299-42/+43
| | | | | | | | | | | | | | | | | | Completes blueprint openstack-hacking-compliant Change-Id: Ib286972b65e0e3282db483718421f7f28e8c6cd1
* | | Replace UserManager/TenantManager with None in testsAkihiro Motoki2014-07-291-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UserManager/TenantManager seems private classes in keystoneclient and the interface was changed in keystoneclient 0.10.0. django-openstack-auth tests actually don't need these managers, so this commit makes test data not use these classes. Change-Id: I9398c705acab262e89d4801da84ccea188980d99 Closes-Bug: #1349485
* | | Imported Translations from TransifexOpenStack Proposal Bot2014-07-1625-142/+167
| | | | | | | | | | | | Change-Id: I6bb638b5b79a916b6bdfe21410b72de939806b94
* | | Imported Translations from TransifexOpenStack Proposal Bot2014-07-1326-504/+673
| | | | | | | | | | | | Change-Id: I9d56443fefcb901851fd00964aa5befe42f2a11b
View Lorry Controller Status