A lightweight authentication and access management library for integration with OpenID Connect enabled authentication services.
Project description
A lightweight authentication and access management library for integration with OpenID Connect enabled authentication services.
Documentation
The full documentation is at https://mozilla-django-oidc.readthedocs.io.
Running Tests
Use tox to run as many different versions of Python you have. If you don’t have tox installed (and executable) already you can either install it in your system Python or https://pypi.python.org/pypi/pipsi. Once installed, simply execute in the project root directory.
$ tox
tox will do the equivalent of installing virtual environments for every combination mentioned in the tox.ini file. If your system, for example, doesn’t have python3.4 those tox tests will be skipped.
For a faster test-rinse-repeat cycle you can run tests in a specific environment with a specific version of Python and specific version of Django of your choice. Here is such an example:
$ virtualenv -p /path/to/bin/python3.5 venv
$ source venv
(venv) $ pip install Django==1.11.2
(venv) $ pip install -r tests/requirements.txt
(venv) $ DJANGO_SETTINGS_MODULE=tests.settings django-admin.py test
Measuring code coverage, continuing the steps above:
(venv) $ pip install coverage
(venv) $ DJANGO_SETTINGS_MODULE=tests.settings coverage run --source mozilla_django_oidc `which django-admin.py` test
(venv) $ coverage report
(venv) $ coverage html
(venv) $ open htmlcov/index.html
Linting
All code is checked with https://pypi.python.org/pypi/flake8 in continuous integration. To make sure your code still passes all style guides install flake8 and check:
$ flake8 mozilla_django_oidc tests
You can also run linting with tox:
$ tox -e lint
Releasing a new version
mozilla-django-oidc releases are hosted in PyPI. Here are the steps you need to follow in order to push a new release:
Make sure that HISTORY.rst is up-to-date focusing mostly on backwards incompatible changes.
Security vulnerabilities should be clearly marked in a “Security issues” section along with a level indicator of:
High: vulnerability facilitates data loss, data access, impersonation of admin, or allows access to other sites or components
Users should upgrade immediately.
Medium: vulnerability endangers users by sending them to malicious sites or stealing browser data.
Users should upgrade immediately.
Low: vulnerability is a nuissance to site staff and/or users
Users should upgrade.
Bump the project version and create a commit for the new version.
You can use bumpversion for that. It is a tool to automate this procedure following the semantic versioning scheme.
For a patch version update (eg 0.1.1 to 0.1.2) you can run bumpversion patch.
For a minor version update (eg 0.1.0 to 0.2.0) you can run bumpversion minor.
For a major version update (eg 0.1.0 to 1.0.0) you can run bumpversion major.
Create a signed tag for that version
Example:
git tag -s 0.1.1 -m "Bump version: 0.1.0 to 0.1.1"
Push the signed tag to Github
Example:
git push origin 0.1.1
The release is pushed automatically to PyPI using a travis deployment hook on every new tag.
License
This software is licensed under the MPL 2.0 license. For more info check the LICENSE file.
Credits
Tools used in rendering this package:
History
0.5.0 (2018-01-10)
Add Django 2.0 support
Fix tox configuration
Backwards-incompatible changes:
Drop Django 1.10 support
0.4.2 (2017-11-29)
Fix OIDC_USERNAME_ALGO to actually load dotted import path of callback.
Add verify_claims method for advanced authentication checks
0.4.1 (2017-10-25)
Send bytes to josepy. Fixes python3 support.
0.4.0 (2017-10-24)
Security issues:
High: Replace python-jose with josepy and use pyca/cryptography instead of pycrypto (CVE-2013-7459).
Backwards-incompatible changes:
OIDC_RP_IDP_SIGN_KEY no longer uses the JWK json as dict but PEM or DER keys instead.
0.3.2 (2017-10-03)
Features:
Implement RS256 verification Thanks @puiterwijk
Bugs:
Use settings.OIDC_VERIFY_SSL also when validating the token. Thanks @GermanoGuerrini
Make OpenID Connect scope configurable. Thanks @puiterwijk
Add path host injection unit-test (#171)
Revisit OIDC_STORE_{ACCESS,ID}_TOKEN config entries
Allow configuration of additional auth parameters
0.3.1 (2017-06-15)
Security issues:
Medium: Sanitize next url for authentication view
0.3.0 (2017-06-13)
Security issues:
Low: Logout using POST not GET (#126)
Backwards-incompatible changes:
The settings.SITE_URL is no longer used. Instead the absolute URL is derived from the request’s get_host().
Only log out by HTTP POST allowed.
Bugs:
Test suite maintenance (#108, #109, #142)
0.2.0 (2017-06-07)
Backwards-incompatible changes:
Drop support for Django 1.9 (#130)
If you’re using Django 1.9, you should update Django first.
Move middleware to mozilla_django_oidc.middleware and change it to use authentication endpoint with prompt=none (#94)
You’ll need to update your MIDDLEWARE_CLASSES/MIDDLEWARE setting accordingly.
Remove legacy base64 handling of OIDC secret. Now RP secret should be plaintext.
Features:
Add support for Django 1.11 and Python 3.6 (#85)
Update middleware to work with Django 1.10+ (#90)
Documentation updates
Rework test infrastructure so it’s tox-based (#100)
Bugs:
always decode verified token before json.load() (#116)
always redirect to logout_url even when logged out (#121)
Change email matching to be case-insensitive (#102)
Allow combining OIDCAuthenticationBackend with other backends (#87)
fix is_authenticated usage for Django 1.10+ (#125)
0.1.0 (2016-10-12)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for mozilla-django-oidc-0.5.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 56d72b3a35cbe9b313e4ec19a01943d4ca698562476d3387c3ab30e66d33bcf8 |
|
MD5 | 0b540b0ff6aa72b9d2c355c0dfe6de7f |
|
BLAKE2b-256 | d874dfcd66592e31534bda6e3f06dd150fe60920b6ec6aa6ab0761f6c09aafbf |
Hashes for mozilla_django_oidc-0.5.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ab6dcccf4841472c1e82244d66503e87ffae0ad7d38d6187fcca54810eceb7a6 |
|
MD5 | 67255a6515bcd20ad86c5dbf5f2ad85a |
|
BLAKE2b-256 | 06c29339141c8ef0ceaf81ae5ae303b25ab876b23d1b9dd476998b20bc16c670 |