140 Commits

Author SHA1 Message Date
Zuul
aa3c7e1919 Merge "Remove six usage from openstack_auth package" 2020-01-10 02:55:48 +00:00
Ivan Kolodyazhny
5dd2bf5fb6 Remove six usage from openstack_auth package
We don't support Python 2 anymore so we don't need this
compatibility library.

Change-Id: I0ecd706af1b4432fe439472189444141853c9d0b
2020-01-09 16:54:54 +02:00
OpenStack Proposal Bot
0a4785c489 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Icf653870aaa78af6b85e829bea0773f343405e76
2020-01-09 07:04:20 +00:00
白子玉
3f7fc68085 Changed default identity url to horizon
The keystone doesn't use 5000 port anymore from Newton version. And all
 the references should be changed together.

Change-Id: I3f02686ab5b3abf48f129fde92e90427ca148317
2019-12-06 18:41:38 +08:00
Ivan Kolodyazhny
c0cc0433c6 Fix change expired password feature
Closes-Bug: #1791111
Change-Id: I5f2a027149be490613e7661b895325a63374334d
2019-12-05 13:56:23 +00:00
OpenStack Proposal Bot
fa5f7b8996 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I9a4da50f970e787d6e9772f0132b9f5fba072f20
2019-10-12 07:00:33 +00:00
OpenStack Proposal Bot
5c3a402b7b Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I09ecb6d29bd1b70221b47f1b45de32b823a7b3ac
2019-10-06 08:31:37 +00:00
OpenStack Proposal Bot
f9b2be40f6 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I0645a2807d1e6dcf3c66fce081ca0829d40e96b2
2019-10-01 08:56:00 +00:00
OpenStack Proposal Bot
4783feea79 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I06d7c964fd76a5c1a0f51afea5833f06a8e3678d
2019-09-28 08:07:11 +00:00
Zuul
ab429363ba Merge "Handle partial dict setting" 2019-09-26 19:46:39 +00:00
Zuul
e1d2a8dfb3 Merge "Handle Permission Denied for policy files" 2019-09-26 18:39:54 +00:00
Ivan Kolodyazhny
f57b6ead57 Handle Permission Denied for policy files
oslo.policy doesn't handle Permission Denied error during file
parsing. This patch just ignores IOError exceptions to fallback to
the default behaviour.

Closes-Bug: #1845523
Change-Id: I87c2862e6e3a3f42d231552b00dc02364d6fa14f
2019-09-26 18:46:03 +03:00
Akihiro Motoki
ec970fd6e8 Handle partial dict setting
In Train cycle, we moved the definition of default values
to openstack_dashboard/defaults.py. The current code accesses
a dict member using []. It requires operators to define a dict
setting with a full member.

This commit allows to use dict-type settings with partial members.

A new function is introduced to retrieve a dict-type setting
considering default values defined in
{openstack_dashboard,horizon,openstack_auth}/defaults.py

Change-Id: I7ff0ad4bca698aef9c0eba370b0570200a14367a
Closes-Bug: #1843104
2019-09-26 14:31:17 +09:00
Zuul
fd08f3672f Merge "Don't display expiration warning for expiration date in the past" 2019-09-25 22:42:04 +00:00
OpenStack Proposal Bot
81200b7043 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I32bcf509dab5c4a754b8124014ed25cd59780ea9
2019-09-24 07:54:46 +00:00
Zuul
bcdff69221 Merge "Documentation and release notes for changing expired passwords" 2019-09-19 14:34:24 +00:00
Zuul
34d122d44d Merge "Automatically redirect to the password change when it's expired" 2019-09-19 14:12:55 +00:00
Radomir Dopieralski
7c3a9dd8d0 Documentation and release notes for changing expired passwords
Change-Id: I723f45e7ffe1f61bed244642c49eba24dafd7427
Part of blueprint: allow-users-change-expired-password
2019-09-18 07:25:26 +00:00
Radomir Dopieralski
3ba5da30d3 Don't display expiration warning for expiration date in the past
If the expiration date of a password is in the past, don't display the
expiration warning, as it's not helpful and confuses the user.

This can happen after a user whose password was set to be changed on the
first login changes it, but probably also in other situations, depending
on how many more bugs in Keystone there are around expiring passwords.

Change-Id: Ib79f6ef354c456bbdc2d7c1d4371ae15e825b557
2019-09-17 20:55:34 +02:00
OpenStack Proposal Bot
437e32d18e Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I4c5b77c21ffe1f6669c02d3b203838b3f41c2cd8
2019-09-17 09:37:40 +00:00
Radomir Dopieralski
9d98a0c24d Automatically redirect to the password change when it's expired
Unfortunately the only way we can know the user_id at this point is
by parsing the error message.

I also refactored the exceptions in openstack_auth to make them use
different classes (but one common superclass).

Partially implements blueprint: allow-users-change-expired-password

Change-Id: Ieceee09db21040b96577db19bd195dc3799e3892
2019-09-16 12:45:23 +02:00
OpenStack Proposal Bot
fa804370b1 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I0ae103cf4ecbb7d16da1b05eae888f19aa8d0152
2019-09-16 09:23:35 +00:00
Zuul
1208919617 Merge "Drop deprecated Keystone V2 API support" 2019-09-12 19:26:59 +00:00
Ivan Kolodyazhny
f33e5fd8ac Drop deprecated Keystone V2 API support
Keystone V2 API was deprecated in Stein release in Horizon and
removed from Keystone in Queens release.

Change-Id: I917e273d3174adf0874e516b3d635ccb8ba58a27
2019-09-12 17:15:07 +00:00
Radomir Dopieralski
ceb221f6ac Add a view for changing user password while not logged in
Keystone's API for changing the user password doesn't require
authentication, so we can have a page that doesn't require it too.
In order to change the password, the user has to provide their old
password. This is needed for when the password is expired or when
it has to be changed on first use.

The next step will be adding a redirect to this page when a password
is expired or required to be changed.

Part of blueprint: allow-users-change-expired-password
Change-Id: I3b207ef6c5a3095022a2acb64d3988e127f0f49a
2019-09-13 00:03:08 +09:00
Akihiro Motoki
e56e076ea8 Define default settings explicitly (openstack_auth)
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.

Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.

Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
2019-09-12 15:05:56 +09:00
Zuul
3abaeda160 Merge "trivial: Remove vendored 'is_safe_url' function" 2019-09-11 06:14:00 +00:00
Zuul
4f7b401fee Merge "trivial: Mark inner method as such" 2019-09-11 04:46:56 +00:00
Zuul
afdfaef879 Merge "trivial: Remove dead code" 2019-09-11 04:46:54 +00:00
Zuul
10bb108cb8 Merge "trivial: Add TODOs for remaining function-based views" 2019-09-11 04:40:38 +00:00
Stephen Finucane
1de8e806e0 trivial: Remove vendored 'is_safe_url' function
This has been present since at least Django 1.6 [1], though the comment
on the removed function suggests it might have been earlier (pre-Git
days, perhaps?).

[1] https://github.com/django/django/commit/a2f2a399566

Change-Id: Ib6978ffa8d3962383fbc0a1c3cfd9da9e162f7dd
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-09-11 03:33:41 +00:00
Stephen Finucane
ea24949ede trivial: Add TODOs for remaining function-based views
These are going the way of the dinosaur and will eventually need to be
replaced, some of them in coming patches.

Change-Id: I3a1d514c8770478349b4f91b128c8230b108d979
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-09-11 07:29:49 +09:00
Stephen Finucane
b9e374d095 trivial: Remove dead code
We only support Django >= 1.11 now. Who cares about Django < 1.7.

Change-Id: I3576b921b976ef9e5bb1561bda85348112e4b6e8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-09-11 07:28:07 +09:00
Stephen Finucane
4de98a0dc9 trivial: Mark inner method as such
Took me a while to figure out this wasn't part of the API for an auth
backend. Make that more obvious.

Change-Id: Idb5efd850426b41d638c6d8c7112735d1423fdab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-09-11 07:27:34 +09:00
Stephen Finucane
97993e0c6f django22: Call 'is_safe_url' with 'allowed_hosts'
Per the Django 2.1 release notes [1]:

  'allowed_hosts' is now a required argument of private API
  'django.utils.http.is_safe_url()'.

This was actually changed in [2], [3].

[1] https://docs.djangoproject.com/en/2.2/releases/2.1/#miscellaneous
[2] https://github.com/django/django/commit/96107e2844d
[3] https://github.com/django/django/commit/1e81a4b897b

Change-Id: Ibfd61c7197602aad9a833280f74f50e7819a39dd
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-08-27 11:19:25 +01:00
Stephen Finucane
fff89e69df django22: Add 'request' as first argument to 'authenticate'
As noted in the Django 2.1 release notes [1]:

  The authenticate() method of authentication backends requires request
  as the first positional argument.

This can be seen here [2]. Simple enough, though it took me ages to
figure this out because Django gave me *zero* warning that a backend
because of this change. Heck, raising the TypeError would have helped :(

[1] https://docs.djangoproject.com/en/2.2/releases/2.1/#features-removed-in-2-1
[2] https://github.com/django/django/commit/5e31be1b96f

Change-Id: I0dd37d33c8e42a70c00a9f1460c1cec86c5b6006
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-08-27 11:19:25 +01:00
Stephen Finucane
7938f36016 django22: The 'login' functional-based view is gone (pt. 2)
This is the larger change. We could attempt to rewrite this whole thing
to a class-based view but that's more work that it's worth right now.
Instead, we simply do what the now-removed 'login' function-based view
was doing, as seen at [1].

A lot of never-used customizability is removed because it's not needed
and made things more complicated than it needed to be.

[1] https://github.com/django/django/blob/1.11/django/contrib/auth/views.py#L133-L139

Change-Id: Ib934d8a2c32cb32761558a68f061f415bb8737c4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-08-27 11:19:25 +01:00
OpenStack Proposal Bot
d109135367 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I17469f7f710a0ea6c72a0b265e6f42698c57b602
2019-08-06 09:39:07 +00:00
OpenStack Proposal Bot
abb23c672f Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I4f25958d400aa8f0eaddeaedf4d9101a0c48b504
2019-07-30 08:37:51 +00:00
OpenStack Proposal Bot
64aa0dc984 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Icb3905fc7dcb3d00c08e8852d9cc4798d6cbe427
2019-07-06 06:15:13 +00:00
Ivan Kolodyazhny
26eebd4abb Cleanup unused util functions
There are a lot of util funtions that are not used neither in Horizon,
nor in plugins. This patch removes them.

Change-Id: I987b39d620a037834cb2d05a234a1ad089276108
2019-06-21 15:10:57 +00:00
zhufl
5adf687ff2 Fix :param: in docstring
In docstring :param should be used instead of :param:.

Change-Id: Id702ffe8968e8ba4f9a9834d8a16c45faca3e6ee
2019-06-14 17:07:39 +08:00
Zuul
4c203b10c8 Merge "Remove token object from credentials" 2019-06-06 09:24:59 +00:00
OpenStack Proposal Bot
69f00b4379 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ib1edeafd48098284cb54e45a417421cb29c7bca6
2019-05-14 09:24:10 +00:00
OpenStack Proposal Bot
259667dab1 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I63eb0cc9e086318169bf458275017845382d468b
2019-04-25 07:06:46 +00:00
OpenStack Proposal Bot
23e297410a Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Idaf58de99b11881a31f9f50761561b8cef7ab718
2019-04-21 06:29:38 +00:00
zhufl
080373033e Add missing ws separator between words
This is to add missing ws separator between words.

Change-Id: Icfe0c1f6893b5c54dfa0ef7fe15499b3b50079ed
2019-04-15 15:07:11 +08:00
George Melikov
eca9c91494 Remove token object from credentials
Token is not used in policies,
and json.dumps can't dump it when http rules are used.

Closes-Bug: 1823977

Change-Id: Id1b0b94d27d24d7dfdd2f1542973088947d83ada
Signed-off-by: George Melikov <mail@gmelikov.ru>
2019-04-09 18:00:41 +03:00
Sergey Vilgelm
2842d7df37
Fix untrusted dashboard host
The `openstack_auth login` view uses `request.build_absolute_uri` function
to build an origin uri when websso is enabled and
the WEBSSO_DEFAULT_REDIRECT_PROTOCOL is set.
This function doesn't insert the `WEBROOT` variable into uri what causes an
error:
    http://domain.name/auth/websso/ is not a trusted dashboard host
Using the `build_absolute_uri` from `utils` module fixes this problem. It
generates the right uri:
    http://domain.name/dashboard/auth/websso/

Change-Id: I94100f66a9f07eb8da75d344cbd120838fe25d1e
2019-01-22 23:17:33 -06:00
Zuul
64542397d8 Merge "pylint: fix too-many-nested-blocks/redefined-argument-from-local" 2019-01-16 17:57:15 +00:00