Commit Graph

16 Commits

Author SHA1 Message Date
Mateusz Mandera 4eb629e276 auth: Use config_error instead of JsonableError in remote_user_sso. 2019-12-11 16:40:20 -08:00
David Rosa b041948132 docs: Reorganize auth and migrations subsystems.
- Moves "Authentication in the development environment" from subsystems
to "development/authentication.md".
- Moves "Renumbering migrations" to a section within "Schema migrations".
2019-11-07 09:42:36 -08:00
Mateusz Mandera 4dc3ed36c3 auth: Add initial SAML authentication support.
There are a few outstanding issues that we expect to resolve beforce
including this in a release, but this is good checkpoint to merge.

This PR is a collaboration with Tim Abbott.

Fixes #716.
2019-10-10 15:44:34 -07:00
Harshit Bansal bf14a0af4d auth: Migrate google auth to python-social-auth.
This replaces the two custom Google authentication backends originally
written in 2012 with using the shared python-social-auth codebase that
we already use for the GitHub authentication backend.  These are:

* GoogleMobileOauth2Backend, the ancient code path for mobile
  authentication last used by the EOL original Zulip Android app.

* The `finish_google_oauth2` code path in zerver/views/auth.py, which
  was the webapp (and modern mobile app) Google authentication code
  path.

This change doesn't fix any known bugs; its main benefit is that we
get to remove hundreds of lines of security-sensitive semi-duplicated
code, replacing it with a widely trusted, high quality third-party
library.
2019-07-21 20:51:34 -07:00
Vishnu Ks cc91e6cb94 auth: Allow setting GOOGLE_OAUTH2_CLIENT_ID from dev-secrets.
This makes it much more convenient to use Google/GitHub authentication
in a Zulip development environment for testing; one only has to set it
up once.
2019-06-14 10:16:26 -07:00
Vishnu Ks 16a345a766 auth: Document setting social_auth_github_key in dev-secrets.
This is a simpler configuration method for development, because
dev_settings.py isn't something the developer can edit.
2019-06-14 10:16:26 -07:00
Umair Khan d22639717c auth: Redirect to an error page instead of 500.
Previously, we used to raise an exception if the direct dev login code
path was attempted when:

* we were running under production environment.
* dev. login was not enabled.

Now we redirect to an error page and give an explanatory message to the
user.

Fixes #8249.
2018-02-20 22:34:53 -08:00
Tim Abbott 638eb7a8e4 docs: Update links to ReadTheDocs to always use https.
This is better security practice.

We also add a lint rule to enforce this for the future.
2017-11-16 10:59:24 -08:00
Tim Abbott 054952a44a docs: Update links from codebase to point to ReadTheDocs. 2017-11-16 10:53:49 -08:00
Vishnu Ks 36f29764cb emails: Add option to forward mails send in dev env to external email.
Fixes #7085.
2017-11-14 15:27:29 -08:00
Umair Khan 69ccc8ce0e ldap: Show helpful message when realm is None. 2017-09-30 10:18:25 -07:00
Tim Abbott a0a1fe1512 settings: Rename SERVER_URI to ROOT_DOMAIN_URI.
This should be a lot less confusing.

See #6013 for discussion.
2017-08-28 14:09:28 -07:00
Steve Howell ac80d1df0a Add /config-error/smtp endpoint for SMTP errors. 2017-08-21 15:39:26 -07:00
Vaida Plankyte 919ca3431f config_error.html: Use render_markdown_path for error content. 2017-08-17 16:09:26 -04:00
Vaida Plankyte 8a29f1dcf2 config_error.html: Increase container width. 2017-08-17 11:27:36 -07:00
Vaida Plankyte 52046d537a auth.py: Add config_error page for misconfigured github/google auth.
Significantly modified by tabbott to use a better system, pass tests,
and clean up the content.
2017-08-16 10:05:19 -07:00