lp:~jamesh/django-openid-auth/sanitise-url
- Get this branch:
- bzr branch lp:~jamesh/django-openid-auth/sanitise-url
Branch merges
- Martin Albisetti (community): Approve
- John O'Brien (community): Approve
-
Diff: 189 lines (+64/-30)5 files modifieddjango_openid_auth/__init__.py (+0/-23)
django_openid_auth/admin.py (+24/-0)
django_openid_auth/forms.py (+0/-1)
django_openid_auth/tests/test_views.py (+30/-0)
django_openid_auth/views.py (+10/-6)
Branch information
Recent revisions
- 66. By James Henstridge
-
Move the OPENID_
USE_AS_ ADMIN_LOGIN code to django_ openid_ auth.admin so
it only gets imported if the application is actually using
django.contrib. admin. - 65. By James Henstridge
-
Add a high level test to show that requests without a "next" parameter pass.
- 64. By James Henstridge
-
Fix the sanitise_
redirect_ url function to handle an empty string properly. Revision 60 changed the behaviour so that empty URLs would be returned
unchanged rather than rewriting to settings.LOGIN_REDIRECT_ URL. This meant that login without a "next" parameter would end up
redirecting back to the login_complete() view. Since the OpenID
response had already been handled, this would look like a replay attack
and the user would be presented with an error. - 62. By Stuart Metcalfe
-
prevents manual assignment of local groups which are bound to remote teams in the user admin ui
- 60. By Stuart Langridge
-
allow a list of permitted external domains to be defined in settings and allow redirects to those external domains as well as local URLs (as before)
- 58. By Elliot Murphy
-
New version number since we have a few contributions that need to be
merged and released.
Branch metadata
- Branch format:
- Branch format 6
- Repository format:
- Bazaar pack repository format 1 with rich root (needs bzr 1.0)