Kyestone V2 support was removed in Train, so it's safe to do such cleanup.
* Functions which just return horizon settings are dropped and
the settings are referred directly now.
* The service catalog in the sample test data is updated to match
the format of the keystone API v3.
* Related to the above change of the sample service catalog,
openstack_dashboard.test.unit.api.test_keystone.ServiceAPITests is
updated to specify the region name explicitly because 'RegionTwo'
endpoint is no longer the second entry of the endpoint list in the
keystone API v3.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ib60f360c96341fa5c618595f4a9bfdfe7ec5ae83
Unfortunately the only way we can know the user_id at this point is
by parsing the error message.
I also refactored the exceptions in openstack_auth to make them use
different classes (but one common superclass).
Partially implements blueprint: allow-users-change-expired-password
Change-Id: Ieceee09db21040b96577db19bd195dc3799e3892
Keystone's API for changing the user password doesn't require
authentication, so we can have a page that doesn't require it too.
In order to change the password, the user has to provide their old
password. This is needed for when the password is expired or when
it has to be changed on first use.
The next step will be adding a redirect to this page when a password
is expired or required to be changed.
Part of blueprint: allow-users-change-expired-password
Change-Id: I3b207ef6c5a3095022a2acb64d3988e127f0f49a
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.
Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.
Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
We only support Django >= 1.11 now. Who cares about Django < 1.7.
Change-Id: I3576b921b976ef9e5bb1561bda85348112e4b6e8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The redirect for WEBSSO takes its data directly from the request's
POST data, and the format of that data has changed, so now we need
to convert it for it to work correctly.
Change-Id: I5b18e555a9bc6b24be1e59465f07e73e99739e22
closes-bug: #1794710
Instead of using endpoint URLs to designate regions in the login
form and its cookies, use numbers. This way, if internal URLs are
configured, they won't be exposed to the outside.
Change-Id: Ifed089e7cee3075bf2dc5d1ce77b0e1b1d091ca0
Closes-bug: #1787943
The django form field default is "required=True", so this patch
remove the redundant "required=True" in the form.
Change-Id: I3d91ae0638b69d56c1f1b72913ee4995db249007
The user domain name is useful information when troubleshooting
authentication in OpenStack-installations with multiple domains.
Change-Id: I1cecd36bfafd7bdf9a9c68d2311fa5ff96272f36
(cherry picked from commit 1fa9ae26cc6006f8ee94fabddb7fea171adee55d
in django_openstack_auth)
In Django 1.10 a new Form property was introduced, defaulting to True,
which enabled HTML form validation for fields marked "required" in
Django. This changed old behavior, which was that required fields were
only validated server-side. This patch restores old behavior by setting
use_required_attribute to False for the inherited AuthenticationForm.
This problem arose because when WebSSO is enabled and a
non-keystone-credentials authentication method is selected from the
dropdown list, the now-hidden username and password fields are still
marked "required" and still validated client-side, even though they are
invisible to the user and cannot be filled in. It would be nice to fix
the javascript to properly turn the "required" attribute on or off
depending on what authentication method is selected and whether the
"required" fields are even visible, but for now this just restores the
behavior we had before Djanto 1.10.
Change-Id: I3e798a2288d9c33396b40a86b07ea8c163d3b525
Closes-bug: #1703109
Moves Django OpenStack Auth content to Horizon, since they are so
tightly coupled. This cleans up the development workflow and should
make keystone / auth related contributions easier.
Implements: blueprint merge-openstack-auth
Change-Id: Ia1cdc47bad1ca6e633073a9f9445b0c7f70d05bc