summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix the check for hasattr(., 'admin')Patrick Uiterwijk2014-09-051-1/+0
| | | | | | | Avoid crashing if a provider does not have an admin interface Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add FAS login pluginSimo Sorce2014-08-272-0/+237
| | | | | | | | | | This plugin simply take a Fedora username and password and authenticates the user against the FAS Server. FAS returned data is saved as userdata in the 'fas' attribute. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Restore ability to run from checkoutSimo Sorce2014-08-272-6/+105
| | | | | | | also adds quickrun.py script to make it easy. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Move user attribute storage into session functionsSimo Sorce2014-08-272-7/+20
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use new Log class everywhereSimo Sorce2014-08-276-41/+14
| | | | | | | | | Replace copies of _debug function sprinkled all over the code with a single implementation Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> - Removed replace of self._debug to self.debug
* Add Log class that can be inherited from safelySimo Sorce2014-08-271-0/+20
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Prefer the 'form' login manager in ipa setupsSimo Sorce2014-08-271-3/+3
| | | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk - Replaced "all(lm not in" with "not any(lm in"
* Add External form auth pluginSimo Sorce2014-08-273-2/+192
| | | | | | | This plugin uses mod_intercept_form_submit to perform authentication. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Rework remote_login and remove protect decoratorSimo Sorce2014-08-274-9/+5
| | | | | | | | | | | | The protect decorator was not really being used for anything, remove it. Change the way UserSession's remote_login() works. If called now it either sets a REMOTE_USER (if found) or nukes the current user data in the session. This means this function can be safely called only in a login plugin now. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Change test executables into modulesSimo Sorce2014-06-175-224/+270
| | | | | | | Create a common tests framework and convert tests into modules loaded at runtime using the ipsilon plugin framework. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix warningSimo Sorce2014-06-171-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add tests to source distribution tooSimo Sorce2014-06-172-1/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add project url and maintainer data to setup fileSimo Sorce2014-06-171-0/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Strenghten default Security options in IDPSimo Sorce2014-06-175-5/+14
| | | | | | | | Always deny access to the IDP if not using SSL by default. Always turn on secure/httponly cookies by default. Add a switch to disable all security options for testing. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix non-'make test' installationSimo Sorce2014-06-171-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Move parsing code into helpers moduleSimo Sorce2014-06-153-226/+258
| | | | | | This way common test actions can be easily reused by multiple tests. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add server install option to turn on debuggingSimo Sorce2014-06-063-3/+7
| | | | | | | Use this in the testsuite so we can get meaningful output in the logs when something fails. Signed-off-by: Simo Sorce <simo@redhat.com>
* Print more info about the steps being performedSimo Sorce2014-06-061-0/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Clean up only after package removal, not during upgrades.Jan Pazdziora2014-06-061-2/+5
| | | | | Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make sure semanage and restorecon are installed when we want to use them.Jan Pazdziora2014-06-061-0/+2
| | | | | | | | | Addressing Installing : ipsilon-0.2.4-3.fc20.x86_64 1/1 /var/tmp/rpm-tmp.pDkQSL: line 1: semanage: command not found Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* If there are some errors while semanaging, we want to see them.Jan Pazdziora2014-06-061-4/+4
| | | | | Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Bump up release to 0.2.5Simo Sorce2014-06-042-3/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add first test, checks client/server installs workSimo Sorce2014-06-043-0/+307
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support for socket wrappers if availableSimo Sorce2014-06-042-1/+29
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add basic testing infrastructureSimo Sorce2014-06-046-0/+368
| | | | | | | | | | | | | | make test will now run some sanity tests to make sure basic installation procedures work in a sinthetic test environment. Adds: - custom httpd setup for tests - use profiles to driver ipsilon servers and clients installation - starts multiple httpd servers This way we can test interaction between IDP and SP servers Signed-off-by: Simo Sorce <simo@redhat.com>
* Add test login moduleSimo Sorce2014-06-041-0/+154
| | | | | | | This is useful to do automated testing. It accepts authentication as long as the password is 'ipsilon'. Signed-off-by: Simo Sorce <simo@redhat.com>
* Additional parametrization of template filesSimo Sorce2014-06-043-7/+13
| | | | | | To allow for testing in a custom rootdir, and with a custom user. Signed-off-by: Simo Sorce <simo@redhat.com>
* Do not make directory unwritableSimo Sorce2014-06-041-1/+1
| | | | | | | | This does not stop the user, but makes it hard to deal wit the directory in testing. Let file fixing use the default 700 permissions. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support for passing configuration profileSimo Sorce2014-06-042-0/+75
| | | | | | | | | | | | | | | | | | The new option --config-profile accepts a INI style file, so that installation options are passed in via a file. this is useful for testing and automated installs. This file can have 2 sections: globals, arguments. The globals section can change global variable in the install script like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an installation can use non-standad directories. The argumets section accepts any argument option. The config profile file is parsed after all arguments have parsed and can override any plugin argument. Signed-off-by: Simo Sorce <simo@redhat.com>
* Allow turning off security at install timeSimo Sorce2014-06-043-3/+19
| | | | | | This should be used only for testing purposes Signed-off-by: Simo Sorce <simo@redhat.com>
* Add optional field to allow pasting the metadataSimo Sorce2014-06-042-3/+32
| | | | | | | This way a user can avoid copying the metadata file arund but paste the content straight from a terminal window. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add tooltips to SAML formsSimo Sorce2014-05-293-6/+16
| | | | | | This should make clearer what is expected in each field. Signed-off-by: Simo Sorce <simo@redhat.com>
* Show the Save button only if it usefulSimo Sorce2014-05-291-4/+6
| | | | | | | If the user cannot perform any action there is no reason to show the save button. Signed-off-by: Simo Sorce <simo@redhat.com>
* If krb is explicitly 'no' do not check for ipaSimo Sorce2014-05-291-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix location nameSimo Sorce2014-05-291-1/+1
| | | | | | Must be the same name wher ethe instance is mounted! Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix typoSimo Sorce2014-05-291-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add sdist and rpms targets to MakefileSimo Sorce2014-05-201-0/+26
| | | | | | make rpms will now create fedora rpms in dist/[s]rpms Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix sample spec file to use a versioned doc dirSimo Sorce2014-05-201-2/+4
| | | | | | This makes the same spec file work on latest Fedora and RHEL7 too. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix handling of SP renamesSimo Sorce2014-05-202-4/+14
| | | | | | Properly replace page self.url Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix referer checks with escaped URLsSimo Sorce2014-05-201-4/+16
| | | | | | | | | | | | | When a SP name included spaces the referer checker would fail to match the url. It would try to return a 403 error, unfortunately this would also trip as a return instead of an exception was used, ending up with a 500 error being returned to the user. Fix url checks by unquoting before comparing. Fix error reporting by rasing an exception when needed instead of returning. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix E501 line too long errorsSimo Sorce2014-05-201-2/+4
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix E256 with stricter pep8 error checkerSimo Sorce2014-05-206-8/+8
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix E713 with stricter pep8 error checkerSimo Sorce2014-05-204-4/+4
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Bump up release to 0.2.4Simo Sorce2014-05-202-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Distribute README file tooSimo Sorce2014-05-202-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix typo in selinux boolean nameSimo Sorce2014-05-201-1/+1
| | | | | | This was causing pam auth to fail, as the boolean was not being turned on. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix generation fo server's metadata fileSimo Sorce2014-05-191-2/+2
| | | | | | | At some point a '/' got lost, causing the generation of wrong endpoints. Clients would then be redirected to an unexisting path and get a 404. Signed-off-by: Simo Sorce <simo@redhat.com>
* Bump up release to 0.2.3Simo Sorce2014-05-102-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix broken login plugins order config handlingNathan Kinder2014-05-101-13/+18
| | | | | | | | | | | | | | | | | | | | | | The administrative page for configuring login plugins order had a number of problems. The html template expects a list of plugin names to be supplied, but a list of the actual plugin objects was being supplied. This caused a 500 error since join() would throw an exception when it encounters something other than a string. Even after fixing the 500 error, actually modifying the plugin order would not work due to further issues with plugin objects being used when strings representing the plugin names are expected (and vice-versa). This patch ensures that strings representing plugin names are supplied to the html template, and that plugin objects are used when re-ordering the live plugin list. Resolves: https://fedorahosted.org/ipsilon/ticket/2 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* WSGI settings incorrectly makes instance globalNathan Kinder2014-05-101-1/+4
| | | | | | | | | | | | | | | The WSGIProcessGroup directive should only apply to the /idp URI. Without wrapping this directive in the Location element, multiple Ipsilon instances or an Ipsilon instance installed on a FreeIPA server will conflict and encounter problems running in the same httpd process. All wsgi processes will end up redirected to the last process grup defined in the configuration in this case and all other instances of wsgi applications will be unreachable. Resolves: https://fedorahosted.org/ipsilon/ticket/1 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-24 03:59:27 +0000