Force bcrypt 2y for PHP apps
2b isn't supported by older versions of PHP supplied by e.g. Ubuntu
14.04. 2a is insecure.
Remove plaintext warning
No services store plaintext passwords anymore.
Switch form to password field
Insecure, but 2b is not supported by IPS4 according to user reports. This manager needs to be changed to use the IPS4 API at some point anyway, so really a stop gap measure.
Will cause Django to fake any initial migrations for tables that already exist. Required as we have moved some tables to other apps.
If the tables don't exist, the initial migrations run as normal.
* Add service access permissions and migration
`ENABLE_AUTH_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if
none is configured.
`ENABLE_BLUE_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none
is configured.
* Move views and hooks to permissions based access
* Remove access restriction to services view
Hypothetically non-member/blues could be granted permission to access
services manually as desired now. A user that has no permissions to
access any services will see a blank services list.
* Remove obsolete service settings
* Remove references to obsolete settings
* Adjusted tests to support permissions based access
* Fix incorrectly named permissions
* Add simple get_services generator function
* Added signals for user and groups perm changes
* Update validate_services to support permissions
deactivate_services removed as its surplus to requirements.
* Removed state parameter from validate_services calls
* Update tests to support signals changes
* Fix incorrect call to validate_services task
* Fix validate_services and test
* Add validate_user to changed user groups signal
* Added tests for new signals
* Remove unnecessary post_add signals
* Added documentation for service permissions
* Added detection for members with service active
If there are any service users in the Member or Blue groups active, then
the permission will be added to the respective Member or Blue group.
This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service.
Remove obsolete state based status checking
* Correct invalid html
* Add bundle files for CDN CSS and javascript
* Replace static javascript refs with bundles
* Change password reset templates to use a basefile
And switch to use bundles
* Remove third party libraries
* Remove awkward margin styling on navbars
* SeAT service in modular service app format
* Replace string concatenation with formatters
* Fix incorrect references to user
* Fix exception when user doesn't have seat active
* Prevent deletion of seat API keys by default
* Improve api response error handling
* Corrected notification message
* Added missing view returns
* Update SeAT to use permissions based access
* Update password generator to new style
* Correct logging message
* Fix seat role update tasks
* Correct validate user logic
* Add seat test settings
* Added basic seat unit tests
* Added add permissions function from other branch
* Remove obsolete settings references
* Add public field to AuthGroup
* Add permission for users to join non-public groups
By default this permission will be applied to the "Member" group to
maintain the current behaviour.
* Allow users to join public groups
Users without the 'groupmanagement.request_groups' permission will be
able to join groups marked as public but will not be able to see or join
any other groups.
* Prevent None state change from purging groups
Currently when a user drops from Blue or Member state all groups and
permissions are discarded. This softens that approach by not removing
public groups and creates a distinction between the two activities. An
argument could maybe be made for not removing permissions on a state
change, but that is beyond the scope of this change.
* Correct syntax for removing filtered groups
* Add unit tests for disable user and member
* Update services signals tests
* Correct mocking call
* Remove permissions checking from menu item
* Added block for page_title as title fragment
* Add permissions auditing tool
* Added tests for permissions audit tool
* Added documentation for permissions tool
* Add permissions tool to coverage
* Fix and update javascript
Reformatted javascript.
Updated javascript to reduce duplicate code.
* Replace countdown and dateformat with moment
Improves i18n
Fixes#685
* Added a check to prevent dataloss from missing service modules
Migration will raise an exception and refuse to run if a model has data
for a field which is missing its target service.
* Add setting to allow services to be installed after service migration
Previously django would complain about migrations being out of order. By
setting `SERVICES_MIGRATED=True` the
`authentication.0013_service_modules` migration drops all of its
'optional' dependencies which allows the initial migrations of service
modules to run normally. If the setting is missing or set to False, the
migration will require all installed and required services migrations to
have run before the `authentication.0013_service_modules` migration.
* Move setting to somewhere it makes more sense
* Modify celerybeat registration to automatically register services
Added documentation for writing service integrations
Added menu hook documentation
Added notes about installing service modules before following service installation guide
Added transition to bcrypt-sha256 hashing for mumble passwords.
All new passwords will be hashed by bcrypt-sha256. The existing SHA-1
hashes will continue to work as a fallback for legacy password hashes.
* Hooks registration, discovery and retrieval module
Will discover @hooks.register decorated functions inside
the auth_hooks module in any installed django app.
* Class to register modular service apps
* Register service modules URLs
* Example service module
* Refactor services into modules
Each service type has been split out into its own django app/module. A
hook mechanism is provided to register a subclass of the ServiceHook
class. The modules then overload functions defined in ServiceHook as
required to provide interoperability with alliance auth. Service modules
provide their own urls and views for user registration and account
management and a partial template to display on the services page. Where
possible, new modules should provide their own models for local data
storage.
* Added menu items hooks and template tags
* Added menu item hook for broadcasts
* Added str method to ServicesHook
* Added exception handling to hook iterators
* Refactor mumble migration and table name
Upgrading will require `migrate mumble --fake-initial` to be run first
and then `migrate mumble` to rename the table.
* Refactor teamspeak3 migration and rename table
Upgrading will require `migrate teamspeak3 --fake-initial`
* Added module models and migrations for refactoring AuthServicesInfo
* Migrate AuthServiceInfo fields to service modules models
* Added helper for getting a users main character
* Added new style celery instance
* Changed Discord from AuthServicesInfo to DiscordUser model
* Switch celery tasks to staticmethods
* Changed Discourse from AuthServicesInfo to DiscourseUser model
* Changed IPBoard from AuthServicesInfo to IpboardUser model
* Changed Ips4 from AuthServicesInfo to Ips4User model
Also added disable service task.
This service still needs some love though. Was always missing a
deactivate services hook (before refactoring) for reasons I'm unsure of
so I'm reluctant to add it without knowing why.
* Changed Market from AuthServicesInfo to MarketUser model
* Changed Mumble from AuthServicesInfo to MumbleUser model
Switched user foreign key to one to one relationship.
Removed implicit password change on user exists.
Combined regular and blue user creation.
* Changed Openfire from AuthServicesInfo to OpenfireUser model
* Changed SMF from AuthServicesInfo to SmfUser model
Added disable task
* Changed Phpbb3 from AuthServicesInfo to Phpbb3User model
* Changed XenForo from AuthServicesInfo to XenforoUser model
* Changed Teamspeak3 from AuthServicesInfo to Teamspeak3User model
* Remove obsolete manager functions
* Standardise URL format
This will break some callback URLs
Discord changes from /discord_callback/ to /discord/callback/
* Removed unnecessary imports
* Mirror upstream decorator change
* Setup for unit testing
* Unit tests for discord service
* Added add main character helper
* Added Discourse unit tests
* Added Ipboard unit tests
* Added Ips4 unit tests
* Fix naming of market manager, switch to use class methods
* Remove unused hook functions
* Added market service unit tests
* Added corp ticker to add main character helper
* Added mumble unit tests
* Fix url name and remove namespace
* Fix missing return and add missing URL
* Added openfire unit tests
* Added missing return
* Added phpbb3 unit tests
* Fix SmfManager naming inconsistency and switch to classmethods
* Added smf unit tests
* Remove unused functions, Added missing return
* Added xenforo unit tests
* Added missing return
* Fixed reference to old model
* Fixed error preventing groups from syncing on reset request
* Added teamspeak3 unit tests
* Added nose as test runner and some test settings
* Added package requirements for running tests
* Added unit tests for services signals and tasks
* Remove unused tests file
* Fix teamspeak3 service signals
* Added unit tests for teamspeak3 signals
Changed other unit tests setUp to inert signals
* Fix password gen and hashing python3 compatibility
Fixes#630
Adds unit tests to check the password functions run on both platforms.
* Fix unit test to not rely on checking url params
* Add Travis CI settings file
* Remove default blank values from services models
* Added dynamic user model admin actions for syncing service groups
* Remove unused search fields
* Add hook function for syncing nicknames
* Added discord hook for sync nickname
* Added user admin model menu actions for sync nickname hook
* Remove obsolete code
* Rename celery config app to avoid package name clash
* Added new style celerybeat schedule configuration
periodic_task decorator is depreciated
* Added string representations
* Added admin pages for services user models
* Removed legacy code
* Move link discord button to correct template
* Remove blank default fields from example model
* Disallow empty django setting
* Fix typos
* Added coverage configuration file
* Add coverage and coveralls to travis config
Should probably use nose's built in coverage, but this works for now.
* Replace AuthServicesInfo get_or_create instances with get
Reflects upstream changes to AuthServicesInfo behaviour.
* Update mumble user table name
* Split out mumble authenticator requirements
zeroc-ice seems to cause long build times on travis-ci and isn't
required for the core projects functionality or testing.