Commit Graph

211 Commits

Author SHA1 Message Date
Leo Franchi e4dbe57c10 Fix Google OAuth login by checking True as well as true in oauth response
(imported from commit c80620eca4dbd9b5b0122e8e564bc7257a2bd4f5)
2014-05-14 10:00:03 -07:00
Zev Benjamin 2f7af69091 Add customizations for CUSTOMER16 employees' realm
CUSTOMER16 wants their employee realm to:
* only use JWT logins
* have name changes be disabled (they want users' full names to be the
  their CUSTOMER16 user name).
* not show the suggestion that users download the desktop app

(imported from commit cb5f72c993ddc26132ce50165bb68c3000276de0)
2014-04-04 16:51:32 -07:00
Zev Benjamin 2e1d5ffd1c Make password_auth_enabled() take a realm object
This will actually be used in an upcoming commit.

(imported from commit 5d3db685a245899b2523440398f2ed2f0cfec4f4)
2014-04-04 16:51:32 -07:00
Luke Faraone 3948e1673d [manual] Accept OAuth2 tokens for API login via Google Apps
This is used by the Android app to authenticate without prompting for a
password.

To do so, we implement a custom authentication backend that validates
the ID token provided by Google and then tries to see if we have a
corresponding UserProfile on file for them.

If the attestation is valid but the user is unregistered, we return that
fact by modifying a dictionary passed in as a parameter. We then return
the appropriate error message via the API.

This commit adds a dependency on the "googleapi" module. On Debian-based
systems with the Zulip APT repository:
    sudo apt-get install python-googleapi

For OS X and other platforms:
    pip install googleapi

(imported from commit dbda4e657e5228f081c39af95f956bd32dd20139)
2014-01-13 13:30:55 -05:00
Luke Faraone 9816324076 Correctly concatenate local part with domain in LDAP backend.
(imported from commit 951123e2e0ed52a11dc8b5ce3aeff2c1d4f5e816)
2013-11-25 17:44:47 -05:00
Luke Faraone dff03fafda Use LDAP-provided information if available for real names
If authoritative data is available from say the LDAP database, we now
ignore the POSTed user name, and don't offer it as a form field.

We fall back to giving the user a text field if they aren't in LDAP.

If users do not have any form fields to fill out, we simply bring them
to the app without the registration page, logging them in using a dummy
backend.

(imported from commit 6bee87430ba46ff753ea3408251e8a80c45c713f)
2013-11-22 16:51:26 -05:00
Luke Faraone af02e45a17 [manual] Support authentication and profile prefilling via LDAP
The latter doesn't depend on the former; we can still fill in your full
name even if you didn't authenticate via LDAP.

This commit requires django_auth_ldap to be installed. On Debian
systems, you can do so via APT:
    sudo apt-get install python-django-auth-ldap

On OS X, use your favourite package manager. For pip, I believe this
will work:
    pip install django_auth_ldap

django_auth_ldap depends on the "ldap" Python package, which should be
installed automatically on your system.

(imported from commit 43967754285990b06b5a920abe95b8bce44e2053)
2013-11-22 16:51:26 -05:00
Kevin Mehall 4a6b7cb20b Disable password change when SSO is the only login option
(imported from commit fd1a14237e2d6ea574331ed178bfc0db5beb18c6)
2013-11-12 10:37:33 -05:00
Luke Faraone c11b65590b SSO / REMOTE_USER support
(imported from commit 4f4fad7af5d3c6099cac95d7708338c182626d72)
2013-11-05 16:14:13 -05:00
Luke Faraone a34731ed00 Factor out get_user in zproject/backends.py
(imported from commit d60b5440722ed596ffbcb81086b2f62d535288dd)
2013-11-05 16:14:13 -05:00
Tim Abbott 7b9305b06f Rename Django project to zproject.
This includes a hack to preserve humbug/backends.py as a symlink, so
that we don't need to regenerate all our old sessions.

(imported from commit b7918988b31c71ec01bbdc270db7017d4069221d)
2013-08-07 11:04:03 -04:00