Skip to content

Releases: City-of-Helsinki/django-helusers

v0.13.0

25 Jun 07:51
Compare
Choose a tag to compare

What's Changed

  • fix: improve ModelAdmins for ADGroupMapping and ADGroup by @voneiden in #101
  • HP-2429 | feat: migrate old user from Tunnistamo to Keycloak by @charn in #102

Full Changelog: v0.12.0...v0.13.0

v0.12.0

20 May 12:22
Compare
Choose a tag to compare

What's Changed

  • feat: define new setting ALLOWED_ALGORITHMS by @voneiden in #100

New Contributors

Full Changelog: v0.11.0...v0.12.0

v0.11.0

15 Mar 07:32
Compare
Choose a tag to compare

Changed

  • Add Django admin logout support for Django 5.0
  • Add code quality tooling: black, isort, flake8, commitlint, pre-commit
  • Run code quality tools and do the necessary fixes

v0.10.0

07 Mar 13:36
Compare
Choose a tag to compare

Changed

  • Drop support for Python 3.7 and older
  • Add support for Python 3.12
  • Require at least Django 3.2
  • Add support for Django 5.0 by adding a new session serializer TunnistamoOIDCSerializer which can handle session data produced by the custom helusers.defaults.SOCIAL_AUTH_PIPELINE pipeline. Django 5.0 removed PickleSerializer.

v0.9.0

09 Aug 14:52
Compare
Choose a tag to compare

Fixed

  • ApiTokenAuthentication again validates the aud claim. The aud claim wasn't validated if the drf-oidc-auth version was 1.0.0 or greater.

Added

  • Ability to use "dot notation" in API_AUTHORIZATION_FIELD setting for searching api scopes from deeper in the claims
  • Documentation about social auth pipeline configuration

Removed

  • Removed drf-oidc-auth requirement when using ApiTokenAuthentication. Django REST framework is still required.

Changed

  • API_AUTHORIZATION_FIELD and API_SCOPE_PREFIX settings now support a list of strings

  • ApiTokenAuthentication is no longer a subclass of oidc_auth.authentication.JSONWebTokenAuthentication but a direct subclass of rest_framework.authentication.BaseAuthentication

  • ApiTokenAuthentication uses the same JWT class as RequestJWTAuthentication for the token validation

    • Changed methods:
      • decode_jwt can raise jose.JWTError exception
      • get_oidc_config no longer returns oidc configuration dictionary but an OIDCConfig instance
      • validate_claims still exists and is called, but doesn't do anything
    • Removed methods:
      • get_audiences
      • jwks
      • jwks_data
      • oidc_config
    • Removed properties:
      • claims_options
      • issuer
  • ApiTokenAuthentication now supports multiple issuers. Previously it accepted multiple issuers in the settings but could only use the first issuer.

  • ApiTokenAuthentication.authenticate no longer raises AuthenticationError if authorization header contains the correct scheme but not a valid JWT-token. Now it just returns None which means the authentication didn't succeed but can be tried with the next authenticator.

  • ApiTokenAuthentication now rejects tokens if they are invalidated with back-channel log out

  • amr claim is no longer validated in ApiTokenAuthentication

  • Issued at (iat) claim is no longer limited by the OIDC_LEEWAY oidc_auth setting (default 10 minutes) when using ApiTokenAuthentication. i.e. tokens can be generated as long ago as needed.

  • User is no longer created if token is correct but is missing the required API scopes in ApiTokenAuthentication

0.8.1

04 Apr 13:14
Compare
Choose a tag to compare

Fixed

  • Admin site logout view caching with Django 4
  • Turn invalid string amr claim into an array in JWT

0.8.0

17 Mar 07:18
Compare
Choose a tag to compare

Added

  • Support for Python 3.10 & 3.11
  • Support for Django >=4.0

Removed

  • Support for Python 3.6
  • Support for Django 2.2

0.7.1

12 Apr 12:53
Compare
Choose a tag to compare

Changed

  • Handle a list of configured issuers in ApiTokenAuthentication
  • Require Django version < 4

0.7.0

16 Aug 06:04
Compare
Choose a tag to compare

Added

Changed

  • Set required Django version to 2.2 and later.

Removed

  • The key_provider argument of helusers.oidc.RequestJWTAuthentication.__init__ method was removed. It existed only for test support, but tests have been modified in a way that it's not needed any more.

0.6.1

15 Jun 13:05
Compare
Choose a tag to compare

Added

  • Set django-heluers' default auto field to be django.db.models.AutoField for Django versions >=3.2 to avoid unwanted migrations.