Skip to content

Commit

Permalink
Merge pull request #90 from nitmir/dev
Browse files Browse the repository at this point in the history
Update to version 2.1.0

v2.1.0 - 2024-08-18
===================

Added
-----

* Support for Django 4.2
* Allow forms to be overridden from settings

Deprecated
----------

* Make the crypt module optional and deprecate it's usage.
  The python stdlid crypt module is deprecated since version 3.11 and
  will be removed in version 3.13. Check for the availability of the
  crypt module.
  All password checks using the crypt module will stop to work on
  python 3.13.
  • Loading branch information
nitmir authored Aug 18, 2024
2 parents 0025a37 + 194ebac commit 9d04a7b
Show file tree
Hide file tree
Showing 14 changed files with 237 additions and 131 deletions.
80 changes: 80 additions & 0 deletions .github/workflows/github-actions.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: django-cas-server
run-name: ${{ github.actor }} is running django-cas-server CI tests
on: [push]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
flake8:
runs-on: ubuntu-latest
container:
image: python:bookworm
steps:
- uses: actions/checkout@v3
- run: pip install tox
- run: tox -e flake8
check_rst:
runs-on: ubuntu-latest
container:
image: python:bookworm
steps:
- uses: actions/checkout@v3
- run: pip install tox
- run: tox -e check_rst
coverage:
runs-on: ubuntu-latest
container:
image: python:bookworm
steps:
- uses: actions/checkout@v3
- run: pip install tox
- run: tox -e coverage
env:
COVERAGE_TOKEN: ${{ secrets.COVERAGE_TOKEN }}
tests:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch: ["amd64", "ppc64le"]
tox:
# REHL 7 support and Ubuntu bionic
- python: "3.6"
env: "py36-django111"
# RHEL 8 support
- python: "3.6"
env: "py36-django22"
# Debian buster support
- python: "3.7"
env: "py37-django111"
# Ubuntu focal support
- python: "3.8"
env: "py38-django22"
# Debian bullseye
- python: "3.9"
env: py39-django22
# Ubuntu jammy
- python: "3.10"
env: "py310-django32"
# Debian bookworm
- python: "3.11"
env: py311-django32
# Django additional supported version
- python: "3.9"
env: py39-django42
- python: "3.10"
env: py310-django42
- python: "3.11"
env: py311-django42
steps:
- uses: actions/checkout@v3
- if: matrix.arch != 'amd64'
name: "Install docker multiarch support"
run: |
sudo apt-get update -y
sudo apt-get install -y qemu qemu-user-static
sudo docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes
- name: "Check docker arch ${{ matrix.arch }} support"
run: sudo docker run --platform linux/${{ matrix.arch }} --rm ${{ matrix.arch }}/python:${{ matrix.tox.python }} /bin/bash -c "echo -n \"Running with arch \"; uname -m;"
- name: "Run tests on arch ${{ matrix.arch }}"
run: sudo docker run --platform linux/${{ matrix.arch }} --rm -v $(pwd):$(pwd) ${{ matrix.arch }}/python:${{ matrix.tox.python }} /bin/bash -c "cd $(pwd); uname -m; pip install tox; tox -e ${{ matrix.tox.env }}"
67 changes: 0 additions & 67 deletions .travis.yml

This file was deleted.

20 changes: 20 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,26 @@ All notable changes to this project will be documented in this file.
.. contents:: Table of Contents
:depth: 2

v2.1.0 - 2024-08-18
===================

Added
-----

* Support for Django 4.2
* Allow forms to be overridden from settings

Deprecated
----------

* Make the crypt module optional and deprecate it's usage.
The python stdlid crypt module is deprecated since version 3.11 and
will be removed in version 3.13. Check for the availability of the
crypt module.
All password checks using the crypt module will stop to work on
python 3.13.


v2.0.0 - 2022-10-17
===================

Expand Down
24 changes: 19 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
.PHONY: build dist docs
VERSION=`python3 setup.py -V`

WHL_FILES := $(wildcard dist/*.whl)
WHL_ASC := $(WHL_FILES:=.asc)
DIST_FILE := $(wildcard dist/*.tar.gz)
DIST_ASC := $(DIST_FILE:=.asc)

build:
python3 setup.py build

Expand Down Expand Up @@ -35,19 +40,20 @@ clean_all: clean clean_tox clean_test_venv clean_docs clean_eggs

dist:
python3 setup.py sdist
python3 setup.py bdist_wheel

test_venv/bin/python:
python3 -m venv test_venv
test_venv/bin/pip install -U --requirement requirements-dev.txt 'Django>=3.2,<3.3'
test_venv/bin/pip install -U --requirement requirements-dev.txt 'Django>=4.2,<4.3'

test_venv/cas/manage.py: test_venv
mkdir -p test_venv/cas
test_venv/bin/django-admin startproject cas test_venv/cas
ln -s ../../cas_server test_venv/cas/cas_server
sed -i "s/'django.contrib.staticfiles',/'django.contrib.staticfiles',\n 'cas_server',/" test_venv/cas/cas/settings.py
sed -i "s/'django.middleware.clickjacking.XFrameOptionsMiddleware',/'django.middleware.clickjacking.XFrameOptionsMiddleware',\n 'django.middleware.locale.LocaleMiddleware',/" test_venv/cas/cas/settings.py
sed -i 's/from django.conf.urls import url/from django.conf.urls import url, include/' test_venv/cas/cas/urls.py
sed -i "s@url(r'^admin/', admin.site.urls),@url(r'^admin/', admin.site.urls),\n url(r'^', include('cas_server.urls', namespace='cas_server')),@" test_venv/cas/cas/urls.py
sed -i 's/from django.urls import path/from django.urls import path, include/' test_venv/cas/cas/urls.py
sed -i "s@path('admin/', admin.site.urls),@path('admin/', admin.site.urls),\n path('', include('cas_server.urls', namespace='cas_server')),@" test_venv/cas/cas/urls.py
test_venv/bin/python test_venv/cas/manage.py migrate
test_venv/bin/python test_venv/cas/manage.py createsuperuser

Expand All @@ -71,5 +77,13 @@ test_venv/bin/sphinx-build: test_venv
docs: test_venv/bin/sphinx-build
bash -c "source test_venv/bin/activate; cd docs; make html"

publish_pypi_release:
python3 setup.py sdist bdist_wheel upload --sign
sign_release: $(WHL_ASC) $(DIST_ASC)

dist/%.asc:
gpg --detach-sign -a $(@:.asc=)

test_venv/bin/twine: test_venv
test_venv/bin/pip install twine

publish_pypi_release: test_venv test_venv/bin/twine dist sign_release
test_venv/bin/twine upload --sign dist/*
43 changes: 30 additions & 13 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ Features
* Possibility to rename/rewrite attributes per service
* Possibility to require some attribute values per service
* Federated mode between multiple CAS
* Supports Django 1.11, 2.2, 3.2, 4.0 and 4.1
* Supports Django 1.11, 2.2, 3.2, 4.2
* Supports Python 3.6+

Dependencies
============

``django-cas-server`` depends on the following python packages:

* Django >= 1.11 < 4.2
* Django >= 1.11 < 4.3
* requests >= 2.4
* requests_futures >= 0.9.5
* lxml >= 3.4
Expand Down Expand Up @@ -146,12 +146,12 @@ Quick start

2. Include the cas_server URLconf in your project urls.py like this::

from django.conf.urls import url, include
from django.urls import path, include

urlpatterns = [
url(r'^admin/', admin.site.urls),
path('admin/', admin.site.urls),
...
url(r'^cas/', include('cas_server.urls', namespace="cas_server")),
path('cas/', include('cas_server.urls', namespace="cas_server")),
]

3. Run ``python manage.py migrate`` to create the cas_server models.
Expand Down Expand Up @@ -352,6 +352,19 @@ Tickets miscellaneous settings
* ``CAS_PROXY_GRANTING_TICKET_PREFIX``: Prefix of proxy granting ticket. The default is ``"PGT"``.
* ``CAS_PROXY_GRANTING_TICKET_IOU_PREFIX``: Prefix of proxy granting ticket IOU. The default is ``"PGTIOU"``.

Forms settings
--------------

* ``CAS_USER_CREDENTIAL_FORM``: A dotted path to a form or a form used on the login page to retrieve
user credentials. The default is ``"cas_server.forms.UserCredential"``.
* ``CAS_WARN_FORM``: A dotted path to a form or a form used on warn page before emitting a ticket.
The default is ``"cas_server.forms.WarnForm"``.
* ``CAS_FEDERATE_SELECT_FORM``: A dotted path to a form or a form used on the login page to select
another CAS in federated mode. The default is ``"cas_server.forms.FederateSelect"``
* ``CAS_FEDERATE_USER_CREDENTIAL_FORM``: A dotted path to a form or a form used on the login page in
federated mode. The default is ``"cas_server.forms.FederateUserCredential"``
* ``CAS_TICKET_FORM``: A dotted path to a form or a form for Tickets in the admin interface.
The default is ``"cas_server.forms.TicketForm"``

Mysql backend settings
----------------------
Expand All @@ -370,16 +383,17 @@ Only useful if you are using the mysql authentication backend:
* ``CAS_SQL_PASSWORD_CHECK``: The method used to check the user password. Must be one of the following:

* ``"crypt"`` (see <https://en.wikipedia.org/wiki/Crypt_(C)>), the password in the database
should begin with $
should begin with $. This method is deprecated and will stop to work in python 3.13.
* ``"ldap"`` (see https://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html)
the password in the database must begin with one of {MD5}, {SMD5}, {SHA}, {SSHA}, {SHA256},
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}.
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}. {CRYPT} is deprecated
and will stop to work in python 3.13.
* ``"hex_HASH_NAME"`` with ``HASH_NAME`` in md5, sha1, sha224, sha256, sha384, sha512.
The hashed password in the database is compared to the hexadecimal digest of the clear
password hashed with the corresponding algorithm.
* ``"plain"``, the password in the database must be in clear.

The default is ``"crypt"``.
The default is ``"crypt"``. This default is deprecated and will stop to work in python 3.13.


Sql backend settings
Expand All @@ -396,16 +410,18 @@ used by the sql backend.
* ``CAS_SQL_PASSWORD_CHECK``: The method used to check the user password. Must be one of the following:

* ``"crypt"`` (see <https://en.wikipedia.org/wiki/Crypt_(C)>), the password in the database
should begin with $
should begin with $. This method is deprecated and will stop to work in python 3.13.
* ``"ldap"`` (see https://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html)
the password in the database must begin with one of {MD5}, {SMD5}, {SHA}, {SSHA}, {SHA256},
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}.
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}. {CRYPT} is deprecated
and will stop to work in python 3.13.
* ``"hex_HASH_NAME"`` with ``HASH_NAME`` in md5, sha1, sha224, sha256, sha384, sha512.
The hashed password in the database is compared to the hexadecimal digest of the clear
password hashed with the corresponding algorithm.
* ``"plain"``, the password in the database must be in clear.

The default is ``"crypt"``.
The default is ``"crypt"``. This default is deprecated and will stop to work in python 3.13.

* ``CAS_SQL_PASSWORD_CHARSET``: Charset the SQL users passwords was hash with. This is needed to
encode the user submitted password before hashing it for comparison. The default is ``"utf-8"``.

Expand All @@ -426,10 +442,11 @@ Only useful if you are using the ldap authentication backend:
* ``CAS_LDAP_PASSWORD_CHECK``: The method used to check the user password. Must be one of the following:

* ``"crypt"`` (see <https://en.wikipedia.org/wiki/Crypt_(C)>), the password in the database
should begin with $
should begin with $. This method is deprecated and will stop to work in python 3.13.
* ``"ldap"`` (see https://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html)
the password in the database must begin with one of {MD5}, {SMD5}, {SHA}, {SSHA}, {SHA256},
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}.
{SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}. {CRYPT} is deprecated and
will stop to work in python 3.13.
* ``"hex_HASH_NAME"`` with ``HASH_NAME`` in md5, sha1, sha224, sha256, sha384, sha512.
The hashed password in the database is compared to the hexadecimal digest of the clear
password hashed with the corresponding algorithm.
Expand Down
2 changes: 1 addition & 1 deletion cas_server/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
django = None

#: version of the application
VERSION = '2.0.0'
VERSION = '2.1.0'

if django is None or django.VERSION < (3, 2):
#: path the the application configuration class
Expand Down
4 changes: 2 additions & 2 deletions cas_server/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket, User, ServicePattern
from .models import Username, ReplaceAttributName, ReplaceAttributValue, FilterAttributValue
from .models import FederatedIendityProvider, FederatedUser, UserAttributes
from .forms import TicketForm
from .utils import import_attr


class BaseInlines(admin.TabularInline):
Expand All @@ -36,7 +36,7 @@ class UserAdminInlines(BaseInlines):
Base class for inlines in :class:`UserAdmin` interface
"""
#: The form :class:`TicketForm<cas_server.forms.TicketForm>` used to display tickets.
form = TicketForm
form = import_attr(settings.CAS_TICKET_FORM)
#: Fields to display on a object that are read only (not editable).
readonly_fields = (
'validate', 'service', 'service_pattern',
Expand Down
12 changes: 11 additions & 1 deletion cas_server/default_settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -246,14 +246,24 @@
#: :class:`bool` If `True` Django language cookie will be removed on logout from CAS server
CAS_REMOVE_DJANGO_LANGUAGE_COOKIE_ON_LOGOUT = False

#: A dotted path to a form or a form used on the login page to retrieve user credentials
CAS_USER_CREDENTIAL_FORM = "cas_server.forms.UserCredential"
#: A dotted path to a form or a form used on warn page before emitting a ticket
CAS_WARN_FORM = "cas_server.forms.WarnForm"
#: A dotted path to a form or a form used on the login page to select another CAS in federated mode
CAS_FEDERATE_SELECT_FORM = "cas_server.forms.FederateSelect"
#: A dotted path to a form or a form used on the login page in federated mode
CAS_FEDERATE_USER_CREDENTIAL_FORM = "cas_server.forms.FederateUserCredential"
#: A dotted path to a form or a form for Tickets in the admin interface
CAS_TICKET_FORM = "cas_server.forms.TicketForm"

GLOBALS = globals().copy()
for name, default_value in GLOBALS.items():
# only care about parameter begining by CAS_
if name.startswith("CAS_"):
# get the current setting value, falling back to default_value
value = getattr(settings, name, default_value)
# set the setting value to its value if defined, ellse to the default_value.
# set the setting value to its value if defined, else to the default_value.
setattr(settings, name, value)

# Allow the user defined CAS_COMPONENT_URLS to omit not changed values
Expand Down
Loading

0 comments on commit 9d04a7b

Please sign in to comment.