Commit Graph

226 Commits

Author SHA1 Message Date
Gabriel Adrian Samfira 66b5713296 Properly set session value for services_region
Currently, the value stored in the services_region cookie is ignored
when logging into horizon. This causes confusion for users that have
previously selected one region, to find themselves in a different
region after their token expires and are forced to log in again.

This change sets the services_region session value to the value present
in the cookie, with a fallback to the login region.

Closes-bug: #2040455

Change-Id: I051648844bf8dffce792ff553e9949285b1be6d4
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2024-02-19 12:52:01 +00:00
Zuul 7af2dc32d8 Merge "Drop logic for django < 4.0" 2024-02-07 17:21:41 +00:00
Takashi Kajinami c8417cc8e6 Drop import for old horizon versions
These imports were kept to keep compatibility between separate
django-openstack-auth and horizon, but is no longer necessary since
horizon adopted to the new path and also django-openstack-auth was
merged into horizon very long ago.

Change-Id: I12dc4d585352477fded1aa96e8f712242849f843
2024-02-05 16:11:05 +09:00
Takashi Kajinami 05eaa7de4c Drop logic for django < 4.0
... because django 3.2 support has been removed.

Change-Id: Ifc25a2018ad956f4db6f21a7918878ca9eea850a
2024-02-02 03:24:04 +09:00
OpenStack Proposal Bot fb1a3e88da Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I0a79e35d0731ce7e956f53c17bca822923caf5e3
2023-10-27 04:43:08 +00:00
Thomas Goirand a55d82da08 Django 4.x: fix csrf reason list
The CSRF reason list has changed in Django 4.0. This fixes it.

Change-Id: I74e2d042db3b7911d9b4e19b5ad44e3f90f22267
2023-10-16 08:47:03 +00:00
OpenStack Proposal Bot 84ca532792 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: If5451e91c531c4d6c8a3c260b65b56f68e8aae3e
2023-09-26 04:07:39 +00:00
Benjamin Lasseye cb74c8c08f Add TOTP support
This patch adds support for MFA TOTP on openstack dashboard.
A new configuration variable OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED
was added false by default.
If enabled, users needing TOTP are prompted with a new form.
keystone doc: https://docs.openstack.org/keystone/latest/admin/auth-totp.html
Demonstration video : https://youtu.be/prDJJdFoMpM

Change-Id: I1047102a379c8a900a5e6840096bb671da4fd2ff
Blueprint: #totp-support
Closes-Bug: #2030477
2023-08-18 12:02:25 +00:00
Takashi Kajinami 9fa98969e7 Use OPENSTACK_ENDPOINT_TYPE by default
This is follow-up of I8438bedaf7cead452fc499e484d23690b48894d9 and
ensures the OPENSTACK_ENDPOINT_TYPE parameter is used when
OPENSTACK_KEYSTONE_ENDPOINT_TYPE is not set. This avoids backward-
incompatible change which affects deployments with endpoint type set
to non-default values.

Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I94d2d3e31fc0103773fb5d3ed2f5f792e8851f78
2022-12-26 07:01:07 +09:00
Zuul 0add65eddc Merge "Add OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt" 2022-12-15 17:50:38 +00:00
OpenStack Proposal Bot 28349ee91b Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I938820bb4827b4bf578ed81182572ca878e96758
2022-10-18 03:58:00 +00:00
OpenStack Proposal Bot a645545584 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ic32b69d9f50860ef20b0c564e777cc738e0b2b81
2022-10-06 03:11:09 +00:00
Tobias Urdin b22a6d65f7 Add OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt
The [1] changed the previous behavior of Horizon by
changing the hardcoded internal endpoint type to using
OPENSTACK_ENDPOINT_TYPE so it's no longer possible to use
internal endpoint type for Keystone but public for others.

This adds the OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt
to set the endpoint type for Keystone when grabbing it from
the service catalog.

[1] https://review.opendev.org/c/openstack/horizon/+/730781

Change-Id: I8438bedaf7cead452fc499e484d23690b48894d9
2022-09-29 13:23:59 +00:00
OpenStack Proposal Bot 2ebbb384a0 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I2a9934feb6da480e0f6b3eac462377fb85c899ef
2022-06-21 02:58:12 +00:00
Tobias Urdin 6a3fa87cde Pass client IP to keystoneauth1 session
This passes the client IP to the keystoneauth1 Session's
original_ip parameter.

This sets the Forwarder HTTP header so that when the request
lands in Keystone the request can actually be interpreted who
made the request and not only that it was proxied by Horizon.

  Forwarded: for=100.64.10.1;by=openstack_auth keystoneauth1/4.4.0 python-requests/2.25.1 CPython/3.6.8

In the above example header the 100.64.10.1 is the client IP
that is sent from a load balancer in the X-Forwarded-For header
while the actual REMOTE_ADDR in the HTTP request is the load balancers
IP address.

Change-Id: I52da9dcd7fb6b1ac46852718f285795628121e26
2022-05-24 10:38:02 +00:00
manchandavishal 33efe3179d Address RemovedInDjango40Warning
This patch is a follow-up patch of 00def145de which renamed
is_safe_url() -> url_has_allowed_host_and_scheme() because
is_safe_url() is deprecated in Django 3.0.
For more info, please refer [1].

[1] https://docs.djangoproject.com/en/4.0/releases/3.0/#deprecated-features-3-0

Change-Id: I419f328916650093396fc153932a5053c3fa6b0e
2022-03-31 11:07:32 +05:30
Zuul 1bb9092abf Merge "Address RemovedInDjango40Warning (7)" 2022-03-12 22:02:49 +00:00
Zuul ec634c937d Merge "Address RemovedInDjango40Warning (6)" 2022-03-12 22:02:46 +00:00
Zuul cf9a30d39e Merge "Address RemovedInDjango40Warning (3)" 2022-03-10 12:23:11 +00:00
Zuul dd9e4c82b5 Merge "Address RemovedInDjango40Warning (2)" 2022-03-03 10:14:04 +00:00
OpenStack Proposal Bot 94e4e2df01 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I1efeebbc45fe158cf39dbef9a0ca3cfd90daca3c
2022-02-22 03:02:39 +00:00
Radomir Dopieralski dbaca46d0f Add a unit test for the password change form
Change-Id: I5eeacefc3a0bd7d7f958f00befeb18e949c789db
2022-02-14 13:51:55 -06:00
Radomir Dopieralski 88dd887ad3 Fix getting defaults from cookie for region field in password form
Since the normal form doesn't have a request attribute, we have to
pass the initial value for the region from the view.

Change-Id: Icea647ad13718b74528922f362ad665be1392e9b
Closes-bug: #1957926
2022-02-04 18:08:42 +01:00
Akihiro Motoki 7052b7f065 Address RemovedInDjango40Warning (7)
HttpRequest.is_ajax() was marked as deprecated since Django 3.1 and will be
removed in Django 4.0 [1].

While the current implementation of is_ajax() relies on a jQuery-specific way
of signifying AJAX as noted in the Django relnotes, horizon works with this.
Thus this commit copies the existing logic of HttpRequest.is_ajax() to the
horizon repo (as horizon.utils.http.is_ajax()) and consumes it.

https: //docs.djangoproject.com/en/4.0/releases/3.1/#features-deprecated-in-3-1
Change-Id: I3def53033524985818a891a1b9d4659fad4ba2ba
2022-02-04 16:27:32 +09:00
Akihiro Motoki 00def145de Address RemovedInDjango40Warning (6)
Django 3.0 renamed is_safe_url() to url_has_allowed_host_and_scheme()
and deprecated is_safe_url().

https: //docs.djangoproject.com/en/4.0/releases/3.0/#deprecated-features-3-0
Change-Id: Ic970a93a2083525139d8741a4150e643264be43b
2022-02-04 16:27:32 +09:00
Akihiro Motoki d9266fd82c Address RemovedInDjango40Warning (3)
In Django 3.1, django.conf.urls.url() is deprecated
in favor of django.urls.re_path().

https://docs.djangoproject.com/en/4.0/releases/3.1/#id2

Change-Id: I484694f8718f61c022126a1935cf28fce075894b
2022-02-04 16:26:54 +09:00
Akihiro Motoki cd7c1b5110 Address RemovedInDjango40Warning (2)
django.utils.translation.ugettext(), ugettext_lazy(), ugettext_noop(),
ungettext(), and ungettext_lazy() are deprecated in favor of the
functions that they’re aliases for: django.utils.translation.gettext(),
gettext_lazy(), gettext_noop(), ngettext(), and ngettext_lazy().

https://docs.djangoproject.com/en/4.0/releases/3.0/#id3

Change-Id: I77878f84e9d10cf6a136dada81eabf4e18676250
2022-02-04 16:22:07 +09:00
Zuul 855bd80ec8 Merge "Add system scope support to context switcher" 2022-01-15 12:06:04 +00:00
Zuul 8fe5bbc8da Merge "Use OPENSTACK_KEYSTONE_URL instead of HTTP_REFERRER" 2022-01-12 12:15:26 +00:00
Georgina Shippey 33292ca0a4 Use OPENSTACK_KEYSTONE_URL instead of HTTP_REFERRER
By using OPENSTACK_KEYSTONE_URL instead of the HTTP_REFERRER
the authentication request between Horizon and Keystone continues
to work in situations where the HTTP_REFERRER is an external keystone
endpoint that Horizon does not have access to.

Change-Id: I9c5c8d59c5f5a8570dbb563ae224d45406a73ba5
Closes-bug: #1874705
2022-01-12 08:29:29 +00:00
Radomir Dopieralski 34a0159d1a Add system scope support to context switcher
Change-Id: Idd2ec7ae6e978a358b4b3639e86cadae06c90976
2021-11-26 14:09:46 +01:00
Zuul 6c2a98c9fe Merge "Escape unicode characters when setting logout_reason cookie" 2021-09-17 19:49:31 +00:00
Akihiro Motoki 6dfcb90131 Support Django 3.0 and 3.1 support (1)
* Django 3.0 dropped django.utils.decorators.available_attrs()
  in favor of functools.WRAPPER_ASSIGNMENTS.
* Django 3.0 dropped django.utils.functional.curry()
  in favor of functools.partial() or functools.partialmethod().

https://docs.djangoproject.com/en/3.1/releases/3.0/#removed-private-python-2-compatibility-apis

Change-Id: I4ab0e720a8ffe13a08f5e607a59e39f252338b90
2021-09-14 12:54:01 +00:00
OpenStack Proposal Bot 420eaa5bac Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ic3d270ae69b9c7f9fb17ca7073eb388e9c09537b
2021-09-10 07:04:14 +00:00
Radomir Dopieralski e68e239373 Escape unicode characters when setting logout_reason cookie
Change-Id: Ic61a3958461a4a939acc40d1039881e2d4c3a1cd
Closes-bug: #1894801
2021-09-08 16:26:30 +02:00
OpenStack Proposal Bot ebec26abe9 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I738011900c9da27479ab680c125c1ef5ef40c13d
2021-05-31 06:44:37 +00:00
OpenStack Proposal Bot 2bb6d60709 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Id731b510c18e2ec16714f17687a12a09867257aa
2021-04-15 06:49:49 +00:00
OpenStack Proposal Bot 6ac0917950 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I48ce006169de9efbd298d30ce358c6e547935727
2021-03-15 06:44:35 +00:00
Zuul 73f4469faa Merge "Move "Domain" field under "User Name" and "Password"" 2021-03-11 21:45:28 +00:00
Tatiana Ovchinnikova b09e5b303c Move "Domain" field under "User Name" and "Password"
Autofocus on the login screen now is on the first field. It's either
"User Name" or "Domain" with multidomain support. However it appears
to be more convenient to keep the focus on "User Name" whether there
is multidomain support or not. Also "Domain" is pre-filled with the
last domain used, so often there's no need to change it.

This patch moves "Domain" field under "User Name" and "Password" and
keeps autofocus always on "User Name".

Closes-Bug: #1916958

Change-Id: I590ce3a5cbaa0ebb470228a7114a60ff89467835
2021-03-10 13:50:36 -06:00
OpenStack Proposal Bot 87edcb6193 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: If961997b85e6e03aa7349f20a5d7bd68834976a5
2021-03-06 06:53:07 +00:00
Zuul c756724cda Merge "Support policy-in-code and deprecated policy" 2021-03-04 22:01:52 +00:00
Zuul 065dfc72ac Merge "Try loading all policy files even if some files are invalid" 2021-03-04 05:31:14 +00:00
Takashi Kajinami 82900d727f Try loading all policy files even if some files are invalid
This change ensures that horizon tries to load all policy files even
if an invalid policy file is found, so that horizon can use as many
policy rules as it can parse.

Closes-Bug: #1917483
Change-Id: I24f8da71460129ee7162af5f307a7e405addb15d
2021-03-04 00:42:59 +00:00
Akihiro Motoki 4894d0eede Use override_settings decorator consistently
Some tests in openstack_auth test_policy explicity calls enable/disable
of settings class. We usually use @override_settings decorator and
it automatically disables setting overriding when existing the decorator.
Let's use it for consistency.

Change-Id: I30cc97798ddf0c55ef4e05c885ffc8ef99a7be81
2021-02-04 14:44:25 +09:00
Akihiro Motoki b7bb76eb20 Support policy-in-code and deprecated policy
This commit allows horizon to handle deprecated policy rules.
The approach is explained in the document updated by this change.

oslo.policy requirement is updated. oslo.policy 3.2.0 is chosen
just because it is the first release in Victoria cycle.
requirements.txt and lower-constraints.txt are updated accordingly
including oslo.policy dependencies.

Change-Id: If5059d03f6bd7e94796065aa1b51c0c23ac85f5e
2021-01-27 14:02:27 +00:00
OpenStack Proposal Bot dc9e2f7881 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I6527f88ffba4df3eba92674139b14dd8627f1dea
2020-12-19 06:38:42 +00:00
Akihiro Motoki 4046ef6616 Recover scenario settings in openstack_auth test_auth
The scenario configuration in openstack_auth test_auth was ignored
somehow. Perhaps it happened when openstack_auth was merged into
the horizon repo as test runners used in the horizon repo so far
(django test runner, nose and pytest) do not support testscenarios.

This commit tries to recover the original intention of the scenario.
pytest supports several ways to parametrize tests [1]
but there seems no way without changing each test functions.
A quick port of "testscenarios" is explained [2],
but it is just a way to generate tests based on scenarios and
we still need to add scenario parameters to each test function,
so we cannot refer scenario parameters in setUp().
As a result, I chose a way to inherit the original class and
pass different attributes per scenario.
This is not ideal and I hope pytest lovers can improve the situation.

The test classes in test_auth are renamed to more meaningful ones.

Direct overrides of settings in test_auth.py are improved too.

[1] https://docs.pytest.org/en/stable/example/parametrize.html
[2] https://docs.pytest.org/en/stable/example/parametrize.html#a-quick-port-of-testscenarios

Change-Id: I1538ffbc853a2c9328c364f462a27be36c85cc2f
2020-10-27 19:58:07 +09:00
Zuul f90c3cd501 Merge "Use python3-style super()" 2020-10-27 04:42:53 +00:00
Zuul 19c90c1ad0 Merge "pylint: Fix unnecessary-comprehension warning" 2020-10-26 17:53:05 +00:00