| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
the horizon login page (and middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.
Co-Authored-By: Tihomir Trifonov <t.trifonov@gmail.com>
Co-Authored-By: Eric Peterson <eric.peterson1@twcable.com>
Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c
Closes-Bug: 1394370
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change will make the region and project "sticky" in that whatever is selected
will remain selected. When users select other projects or login/logout the region will
stay what the user last selected, and users will try to be returned to the last used
project
Change-Id: I8b38ab2cb8b616ad6976aa8167b8209926054df4
Closes-Bug: 1357047
Closes-Bug: 1389401
|
| |
| |
| |
| |
| |
| |
| | |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I6d6d182de2599b842d2d4f9cc31d6ea375f33595
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prevent logged-in users redirect in case 'login'
view is used for switching the regions via modal form.
Change-Id: I47f26eea19e577998c7e3906a51900b51024eb43
Related-Bug: #1381413
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is useful when users(client web forms) just provide
username/password to authenticate with django_openstack_auth. In this
case, they can still login if keystone version == 2.0 since keystone
v2.0 only requires username/password and auth_url to authenticate. In
most cases, auth_url can get from django(horizon)'s settings.
Fix-bug: #1316490
Change-Id: I2ed24238adb79b6ef33e4bf20232b6a924ad0b1f
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changed the name of the app from keystone_auth to
openstack_auth in the installation instructions
Removed the redudant installation instructions in README.rst
Change-Id: If97c93a446754573bd6fb55b15cb4c881ad1f4e6
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Because of hardcoding name as the 'admin' was impossible to
use administrative panel with a custom administrative role name.
This fix replaces hardcoded the name of the administrative role
with the Horizon settings constant with list of roles.
So, now administrative roles can be multiple.
Related commit: https://review.openstack.org/#/c/123741/
Change-Id: I04277cd50a938f02949ae0e33228e1628197d252
Partial-Bug: #1161144
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I34236f16fff20b9b07c262d96a973d05c9048004
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ib9fa4ffe5d62cf287713d54f327e37913fb388d2
|
|\ \ \ \
| |/ / /
|/| | | |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A kind of binary files are useless to be maintained in git repo.
I18N team and package distributors have agreed to remove compiled
message catalogs from openstack-auth git repository.
To compile message catalogs, run the following command before
the installation:
python setup.py compile_catalog
Make sure to install Babel>=1.3 before running the above command.
DocImpact
Closes-Bug: #1196982
Change-Id: Iab2398e942e142f9ab370d8a8f9d539b257e1620
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In order to sync global-requirements, this patch bumps
hacking to 0.9.x series.
H236, H305, H307 errors are fixed in this patch.
H307 and H904 are added to the ignore list.
Change-Id: I37c16ad67912dec8ce1562676ae0ebbfbe277d99
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls the common code for Version specific tests into a mixing
class, reducing code duplication significantly.
Change-Id: I4136b866700a74aa93e38363fdcb29fe6c5ed65c
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
There is no CONTRIBUTING.rst file, the patch will add it.
Change-Id: I6b40e0061a2da85e61257f2bfc2f7040d44fa49b
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Idd78bf3bd89dd3c04782cde03ce2d5fdddfdf400
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This fixes the issue that the doc is not generated properly
in gate-django_openstack_auth-docs job.
Change-Id: I5780ee32856a9b1fd4aed5b6a1a84d319aaf464e
Closes-Bug: #1369064
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In Debian, we are going to release Jessie with Django 1.7,
which has just been released. Therefore, compatibility is
important for us.
This patch, which the Debian package already carries, fixes
2 small compatibility issues with Django 1.7. It is safe to
use openstack_auth with these patches and a lower version of
Django, which makes it safe to apply this patch.
Change-Id: I564cde889c56e12fc0fc1347537e66b576605a0d
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I4e8dfa9842a568228aa033d99db95b84ae5e24bf
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The user's authentication token was hashed using the MD5 algorithm.
The MD5 algorithm shouldn't be used because of the potential for
hash collisions. Some security standards mandate a SHA2 algorithm
or better must be used.
With this change the algorithm to use for hashing tokens can be
configured by setting the OPENSTACK_TOKEN_HASH_ALGORITHM
configuration option to a hash algorithm supported by Python's
hashlib library[1]. For example, a deployer could set the option to
'sha256' to meet a SHA2 security standard.
The algorithm chosen must match the hash algorithm that the
identity server is configured to use (Keystone and the auth_token
middleware can be configured to use any hash algorithm supported by
hashlib).
This is for security hardening.
[1] https://docs.python.org/2/library/hashlib.html
DocImpact
SecurityImpact
Change-Id: I9e3eba7e0a12ae40a08d0ed851ea916ec6591bcc
Closes-Bug: #1174499
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I56299bcb4f02dfab95b995f147c32623cf329fab
|
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The django.contrib.auth.views login and logout views take usefull parameters
which where dropped by the openstack_auth.views methods.
Added a TOKEN_TIMEOUT_MARGIN which allows to check token expiration minus a
time margin in seconds. This is usefull if you know a process will take a
certain time, you want to have your token still valid all this time (e.g. the
time it can take to render a view).
This patch is required for https://review.openstack.org/88220
Change-Id: I7508c40d6f1eaa2bf1eef5cc762052b15d6d9273
Closes-Bug: 1308918
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
Closes-Bug: #1363515
Change-Id: I252b99fba3c48a7ed27af1b7da3b1cb037555eb8
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
utils.py, views.py and backend.py were using .replace('v3', 'v2.0') and
.replace('v2.0', 'v3') methods on url strings.
This is BAD because if you have v3 in your url's domain it brakes it.
A new url_path_replace method now only performs the replaces in the url path
and leaves the domain unchanged.
Some checks where performed to test if a substring was in the url path but the
tests where performed on the whole url and could return a false positive if the
substring exists in the domain name or in the query string.
The new has_in_url_path method checks only if the substring is in the path of
the url.
Change-Id: I030d928d83e5c91cf26101221649a299d146747d
Closes-Bug: 1324948
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
user_domain_name is exposed by keystoneclient, adding
this information for horizon as well.
Change-Id: Ic09b892bcb7669ed19a353e535d1aea43bbe92b7
Closes-Bug: #1360521
|
|/ / /
| | |
| | |
| | | |
Change-Id: I4b2838822df8e6141abd7ef0f79774c6fb911e3a
|
| | |
| | |
| | |
| | | |
Change-Id: I266ff7740cae49c2c33b8536bbdd52db97b9dabc
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Project list fetched for each request. The patches caches the
project list and uses the token as the key in the cache. When
the user logout or switch project, the project list is removed
from the cache.
Change-Id: I2386d7a342cf02a0252e97cc48c5349ccab8a9eb
Closes-bug: 1241838
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ied3a112db624826bd0e80a909da85bc832510dc3
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the Horizon settings file specifies a v2.0 endpoint and
indicates v3 API to use with Keystone, the code redirects the
v2.0 to v3 without notice. Logging a warning, so deployers can
address the mismatch.
Closes-Bug: #1291457
Change-Id: If9e9e40af5ac23e8dea552d2d1a04597c67837a7
|
| | |
| | |
| | |
| | |
| | |
| | | |
Completes blueprint openstack-hacking-compliant
Change-Id: Ib286972b65e0e3282db483718421f7f28e8c6cd1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
UserManager/TenantManager seems private classes in keystoneclient
and the interface was changed in keystoneclient 0.10.0.
django-openstack-auth tests actually don't need these managers,
so this commit makes test data not use these classes.
Change-Id: I9398c705acab262e89d4801da84ccea188980d99
Closes-Bug: #1349485
|
| | |
| | |
| | |
| | | |
Change-Id: I6bb638b5b79a916b6bdfe21410b72de939806b94
|
| | |
| | |
| | |
| | | |
Change-Id: I9d56443fefcb901851fd00964aa5befe42f2a11b
|