Tags give the ability to mark specific points in history as being important
  • v1.1.0   Version 1.1.0
  • v1.0.0   Version 1.0.0
  • v0.9.0   Version 0.9.0
  • v0.8.0   Version 0.8.0
  • v0.7.4   Version 0.7.4
  • v0.7.3   Version 0.7.3
    Release v0.7.3

    Added

    • Add autofocus to the username input on the login page

    Fixed

    • Really pick the last version on Pypi for new version checking. We were only sorting version string lexicographically and it would have break when we reach version 0.10.N or 0.N.10
    • Only check for valid username/password if username and password POST fields are posted. This fix a bug where posting without it raise a exception are None where passed for username/password verification.
  • v0.7.2   Version 0.7.2
    Release v0.7.2

    Added

    • Add Django 1.10 support
    • Add support of gitlab continuous integration

    Fixed

    • Fix BootsrapForm: placeholder on Input and Textarea only, use class form-control on Input, Select and Textarea.
    • Fix lang attribute in django 1.7. On html pages, the lang attribute of the was not present in django 1.7. We use now a methode to display it that is also available in django 1.7
  • v0.7.1
    bbf0c6e2 · Update version to 0.7.0 ·
    Release v0.7.1

    v0.7.1 - 2016-08-24

    Added

    • Add a forgotten migration (only change help_text and validators)
  • v0.7.0
    Release v0.7.0

    v0.7.0 - 2016-08-24

    Added

    • Add a CHANGELOG.rst file.
    • Add a validator to models CharField that should be regular expressions checking that user input are valids regular expressions.
    • Add a CAS_INFO_MESSAGES and CAS_INFO_MESSAGES_ORDER settings allowing to display messages in info-boxes on the html pages of the default templates.

    Changed

    • Allow the user defined CAS_COMPONENT_URLS to omit not changed values.
    • replace code-block without language indication by literal blocks.
    • Update french translation

    Fixed

    • Some README.rst typos.
    • some english typos
  • v0.6.4
    Release v0.6.4

    v0.6.4 - 2016-08-14

    commit: 282e3a83

    Added

    • Add a forgotten migration (only change help_text)
  • v0.6.3
    07a537b4 · Update version to 0.6.3 ·
    Release v0.6.3

    v0.6.3 - 2016-08-14

    commit: 07a537b4

    Added

    • Add powered by footer
    • Add a github version badge
    • documents templatetags

    Changed

    • Usage of the documented API for models _meta in auth.DjangoAuthUser
    • set warn cookie using javascript if possible
    • Unfold many to many attributes in auth.DjangoAuthUser attributes

    Fixed

    • typos in README.rst
    • w3c validation

    Cleaned

    • Code factorisation (models.py, views.py)
  • v0.6.2
    773707e6 · Update version to 0.6.2 ·
    Release v0.6.2

    v0.6.2 - 2016-08-02

    commit: 773707e6

    Added

    • Support authentication renewal in federate mode
    • Add new version email and info box then new version is available
    • Add SqlAuthUser and LdapAuthUser auth classes. Deprecate the usage of MysqlAuthUser in favor of SqlAuthUser.
    • Add pytest-warning to tests
    • Add a checkbox to forget the identity provider if we checked "remember the identity provider"
    • Add dependancies correspondance between python pypi, debian and centos packages in README

    Changed

    • Move coverage computation last in travis
    • Enable logging to stderr then running tests
    • Remember "warn me before…" using a cookie
    • Put favicon (shortcut icon) URL in settings

    Deprecated

    • The auth class MysqlAuthUser is deprecated in favor of the SqlAuthUser class.

    Fixed

    • Use custom templatetags instead settings custom attributes to Boundfields (As it do not work with django 1.7)
    • Display an error message on bad response from identity provider in federate mode instead of crashing. (e.g. Bad XML document)
    • Catch base64 decode error on b64decode to raise our custom exception BadHash
    • Add secret as sensitive variables/post parameter for /auth
    • Only set "remember my provider" in federated mode upon successful authentication
    • Since we drop django-boostrap3 dependancies, Django default minimal version is 1.7.1
    • [cas.py] Append renew=true when validating tickets

    Cleaned

    • code factorization (cas.py, forms.py)
  • v0.6.1
    Release v0.6.1

    v0.6.1 - 2016-07-27

    commit: b168e0a6

    Added

    • Add sphinx docs + autodoc
    • Add the possibility to run tests with "setup.py test"
    • Include docs, Makefile, coverage config and tests config to source package
    • Add serviceValidate ProxyTicket tests
    • Add python 3.5 tox/travis tests

    Changed

    Fixed

    • Keep LoginTicket list upon fail authentication (It prevent the next login attemps to fail because of bad LT)

    Cleaned

    • Compact federated mode migration
    • Reformat default_settings.py for documentation using sphinx autodoc
    • Factorize some code (from views.py to Ticket models class methods)
    • Update urlpattern for django 1.10
    • Drop dependancies django-picklefield and django-bootstrap3
  • v0.6.0
    Release v0.6.0

    v0.6.0 - 2016-07-06

    commit: 4ad4d13b

    Added

    • Add a section describing service patterns options to README.rst

    • Add a federation mode: When the settings CAS_FEDERATE is True, django-cas-server will offer to the user to choose its CAS backend to authenticate. Hence the login page do not display anymore a username/password form but a select form with configured CASs backend. This allow to give access to CAS supported applications to users from multiple organization seamlessly.

      It was originally developped to mach the need of https://ares.fr (Federated CAS at https://cas.ares.fr, example of an application using it as https://chat.myares.fr)

    Fixed

    • Then a ticket was marked as obtained with the user entering its credentials (aka not by SSO), and the service did not require it, ticket validation was failing. Now, if the service do not require authentication to be renewed, both ticket with renewed authentication and non renewed authentication validate successfully.
  • v0.5.0
    e3ab6427 · Update version to 0.5.0 ·
    Release v0.5.0

    v0.5.0 - 2016-07-01

    commit: e3ab6427

    Added

    • Add more password scheme support to the mysql authentication backend: ldap user attribute scheme encoding and simple password hash in hexa for md5, sha1, sha224, sha256, sha384, sha512.
    • Add a main heading to template "Central Authentication Service" with a logo controled by CAS_LOGO_URL
    • Add logos to the project (svg, png)
    • Add coverage computation
    • link project to codacy
    • Update doc: add debian requirement, correct typos, correct links

    Changed

    • Use settings to set tests username password and attributes
    • Tweak the css and html for small screens
    • Update travis cache for faster build
    • clean Makefile, use pip to install, add target for tests

    Fixed

    • Fix "warn me": we generate the ticket after the user agree to be connected to the service. we were generating first and the connect button was a link to the service url with the ?ticket= this could lead to situation where the ticket validity expire if the user is slow to click the connect button.
    • Fix authentication renewal: the renew parameter were not transmited when POST the login request and self.renew (aks for auth renewal) was use instead of self.renewed (auth was renewd) when generating a ticket.
    • Fix attribute value replacement when generating a ticket: we were using the 'name' attribute instead of the 'attribut' attribut on ReplaceAttributValue
    • Fix attribute value replacement when generating a ticket then the value is a list: iterate over each element of the list.
    • Fix a NameError in utils.import_attr
    • Fix serviceValidate and samlValidate when user_field is an attribute that is a list: we use the first element of the list as username. we were serializing the list before that.
    • Correct typos

    Cleaned

    • Clean some useless conditional branches found with coverage
    • Clean cas.js: use compact object declararion
    • Use six for python{2|3} compatibility
    • Move all unit tests to cas_server.tests and use django primitive. We also have a 100% tests coverage now. Using the django classes for tests, we do not need to use our own dirty mock.
    • Move mysql backend password check to a function in utils
  • v0.4.4
    77d1607b · Update version to 0.4.4 ·
    Release v0.4.4

    v0.4.4 - 2016-04-30

    commit: 77d1607b

    Added

    • Add sensitive_post_parameters and sensitive_variables for passwords, so passwords are anonymised before django send an error report.

    Fixed

    • Before commit 77fc5b59 the User model had a foreign key to the Session model. After the commit, Only the session_key is store, allowing to use different backend than the Session SQL backend. So the first migration (which is 21 migrations combined) was creating the User model with the foreign key, then delete it and add the field session_key. Somehow, MySQL did not like it. Now the first migration directly create the User model with the session_key and without the foreign key to the Session SQL backend.
    • Evaluate attributes variables in the template samlValidate.xml. the {{ }} was missing causing the variable name to be displyed instead of the variable content.
    • Return username in CAS 1.0 on the second ligne of the CAS response as specified.

    Changed

    • Update tests
  • v0.4.3
    f6d436ac · Update version to 0.4.3 ·
    Release v0.4.3

    v0.4.3 - 2016-03-18

    commit: f6d436ac

    Fixed

    • Currently, one of our dependancy, django-boostrap3, do not support django 1.7 in its last version. So there is some detection of the current django installed version in setup.py to pin django-boostrap3 to a version supported by django 1.7 if django 1.7 is installed, or to require at least django 1.8. The detection did not handle the case where django was not installed.
    • [PEP8] Put line breaks after binary operator and not before.
  • v0.4.2
    d1cd17d6 · Update version to 0.4.2 ·
    Release v0.4.2

    v0.4.2 - 2016-03-18

    commit: d1cd17d6

    Added

    • On logout, display the number of sessions we are logged out from.

    Fixed

    • One of our dependancy, django-boostrap3, do not support django 1.7 in its last version. Some django version detection is added to setup.py to handle that.
    • Some typos
    • Make errors returned by utils.import_attr clearer (as they are likely to be displayed to the django admin)
  • v0.4.1
    5e63f39f · Update version to 0.4.1 ·
    Release v0.4.1

    v0.4.1 - 2015-12-23

    commit: 5e63f39f

    Added

    • Add a run_test_server target to make file. Running make run_test_server will build a virtualenv, create a django projet with django-cas-server and lauch ./management.py runserver. It is quite handy to test developement version.
    • Add verbose name for cas_server app and models
    • Add Makefile clean targets for tox tests and test virtualenv.
    • Add link on license badge to the GPLv3

    Changed

    • Make Makefile clean targets modular
    • Use img.shields.io for PyPi badges
    • Get django-cas-server version in Makefile directly from setup.py (so now, the version is only written in one place)

    Fixed

    • Fix MysqlAuthUser when number of results != 1: In that case, call super anyway this the provided username.
  • v0.4
    7b4fac57 · Update version to 0.4 ·
    Release v0.4

    v0.4.0 - 2015-12-15

    commit: 7b4fac57

    Added

    • Add a help_text to pattern of ServicePattern
    • Add a timeout to SLO requests
    • Add logging capabilities (see README.rst for instruction)
    • Add management commands that should be called on a regular basis to README.rst