12 Commits

Author SHA1 Message Date
Ivan Kolodyazhny
ee6fa9a245 Remove Keystone v2 related code
Kyestone V2 support was removed in Train, so it's safe to do such cleanup.

* Functions which just return horizon settings are dropped and
  the settings are referred directly now.
* The service catalog in the sample test data is updated to match
  the format of the keystone API v3.
* Related to the above change of the sample service catalog,
  openstack_dashboard.test.unit.api.test_keystone.ServiceAPITests is
  updated to specify the region name explicitly because 'RegionTwo'
  endpoint is no longer the second entry of the endpoint list in the
  keystone API v3.

Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ib60f360c96341fa5c618595f4a9bfdfe7ec5ae83
2020-04-23 11:43:12 +09:00
Ivan Kolodyazhny
c0cc0433c6 Fix change expired password feature
Closes-Bug: #1791111
Change-Id: I5f2a027149be490613e7661b895325a63374334d
2019-12-05 13:56:23 +00:00
Radomir Dopieralski
9d98a0c24d Automatically redirect to the password change when it's expired
Unfortunately the only way we can know the user_id at this point is
by parsing the error message.

I also refactored the exceptions in openstack_auth to make them use
different classes (but one common superclass).

Partially implements blueprint: allow-users-change-expired-password

Change-Id: Ieceee09db21040b96577db19bd195dc3799e3892
2019-09-16 12:45:23 +02:00
Radomir Dopieralski
ceb221f6ac Add a view for changing user password while not logged in
Keystone's API for changing the user password doesn't require
authentication, so we can have a page that doesn't require it too.
In order to change the password, the user has to provide their old
password. This is needed for when the password is expired or when
it has to be changed on first use.

The next step will be adding a redirect to this page when a password
is expired or required to be changed.

Part of blueprint: allow-users-change-expired-password
Change-Id: I3b207ef6c5a3095022a2acb64d3988e127f0f49a
2019-09-13 00:03:08 +09:00
Akihiro Motoki
e56e076ea8 Define default settings explicitly (openstack_auth)
This commit also moves descriptions of settings defined in openstack_auth
from openstack_dashboard/settings.py and local_settings.py(.example)
to openstack_auth/settings.py.

Note that if openstack_dashboard has different default settings
from openstack_auth defaults, they are now moved to
openstack_dashboard/defaults.py.

Part of blueprint ini-based-configuration
Change-Id: I59eebc388de0bcbd4d1fe35c6138efbd3e04c5b8
2019-09-12 15:05:56 +09:00
Stephen Finucane
b9e374d095 trivial: Remove dead code
We only support Django >= 1.11 now. Who cares about Django < 1.7.

Change-Id: I3576b921b976ef9e5bb1561bda85348112e4b6e8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2019-09-11 07:28:07 +09:00
Radomir Dopieralski
1953c689e8 Properly calculate auth_url for WEBSSO from POST data
The redirect for WEBSSO takes its data directly from the request's
POST data, and the format of that data has changed, so now we need
to convert it for it to work correctly.

Change-Id: I5b18e555a9bc6b24be1e59465f07e73e99739e22
closes-bug: #1794710
2018-10-31 14:49:06 +01:00
Radomir Dopieralski
16c4f4c3a2 Don't expose endpoint URLs in the login form
Instead of using endpoint URLs to designate regions in the login
form and its cookies, use numbers. This way, if internal URLs are
configured, they won't be exposed to the outside.

Change-Id: Ifed089e7cee3075bf2dc5d1ce77b0e1b1d091ca0
Closes-bug: #1787943
2018-08-21 13:32:26 +02:00
Qian Min Chen
2fa872aac2 Remove the redundant "required=True"
The django form field default is "required=True", so this patch
remove the redundant "required=True" in the form.

Change-Id: I3d91ae0638b69d56c1f1b72913ee4995db249007
2018-07-23 09:42:41 +08:00
Trygve Vea
b41402ef26 Add user_domain_name to logs regarding authentication
The user domain name is useful information when troubleshooting
authentication in OpenStack-installations with multiple domains.

Change-Id: I1cecd36bfafd7bdf9a9c68d2311fa5ff96272f36
2017-11-24 21:12:23 +00:00
Colleen Murphy
63d7146882 Don't add required attribute to html form fields
(cherry picked from commit 1fa9ae26cc6006f8ee94fabddb7fea171adee55d
 in django_openstack_auth)

In Django 1.10 a new Form property was introduced, defaulting to True,
which enabled HTML form validation for fields marked "required" in
Django. This changed old behavior, which was that required fields were
only validated server-side. This patch restores old behavior by setting
use_required_attribute to False for the inherited AuthenticationForm.

This problem arose because when WebSSO is enabled and a
non-keystone-credentials authentication method is selected from the
dropdown list, the now-hidden username and password fields are still
marked "required" and still validated client-side, even though they are
invisible to the user and cannot be filled in. It would be nice to fix
the javascript to properly turn the "required" attribute on or off
depending on what authentication method is selected and whether the
"required" fields are even visible, but for now this just restores the
behavior we had before Djanto 1.10.

Change-Id: I3e798a2288d9c33396b40a86b07ea8c163d3b525
Closes-bug: #1703109
2017-11-13 13:58:25 +00:00
Rob Cresswell
e3e5812b19 Add Django OpenStack Auth to Horizon
Moves Django OpenStack Auth content to Horizon, since they are so
tightly coupled. This cleans up the development workflow and should
make keystone / auth related contributions easier.

Implements: blueprint merge-openstack-auth
Change-Id: Ia1cdc47bad1ca6e633073a9f9445b0c7f70d05bc
2017-09-27 12:06:57 +01:00