.. This README is meant for consumption by humans and pypi. Pypi can render rst files so please do not use Sphinx features.
If you want to learn more about writing documentation, please check out: http://docs.plone.org/about/documentation_styleguide.html
This text does not appear on pypi or github. It is a comment.
================
pas.plugins.imio
================
Install local or remote connector to Imio authentic (SSO).
Features
--------
- Override Plone login page
- Connect with SSO
- Disabled edition of username and e-mail
- Connect with JWT
.. image:: https://github.com/IMIO/pas.plugins.imio/workflows/Tests/badge.svg
:target: https://github.com/IMIO/pas.plugins.imio/actions?query=workflow%3ATests
:alt: CI Status
.. image:: https://coveralls.io/repos/github/IMIO/pas.plugins.imio/badge.svg?branch=master
:target: https://coveralls.io/github/IMIO/pas.plugins.imio?branch=master
:alt: Coveralls
Installation
------------
You need libffi-dev and openssl-dev packages installed (`sudo apt install libffi-dev openssl-dev`)
Install pas.plugins.imio by adding it to your buildout::
[buildout]
...
eggs =
pas.plugins.imio
And then running ``bin/buildout``
After your instance is up, you can now install pas.plugins.imio from addons page.
Usage
-----
To update list of users, go to one of this view :
- /@@add-authentic-users?type=usagers
- /@@add-authentic-users?type=agents
To login with an user registred into Plone/Zope instead of pas plugin use this view :
- Plone 4: ${portal_url}/login_form
- Plone 5.2+: ${portal_url}/zope_login
You can also use plone default view for login with zope admin: aq_parent/@@plone-root-login
How to use JWT
--------------
First, add an Openid Connect client to Authentic with these options:
- Processus d’autorisation : mot de passe du propriétaire de ressource
- Politique des identifiants : identifiant unique
- Portée de cession par crédentiels du propriétaire de la ressource : openid
- Algorithme de signature IDToken : RSA
- Oidc claims : userid | django_user_identifier | openid
Second, you can ask Authentic to get a JWT
Python code example::
import requests
url = "http://agents.localhost/idp/oidc/token/"
payload = {
"grant_type": "password",
"client_id": "client-id-plone5-app",
"client_secret": "client-secret-plone5-app",
"username": "jdoe",
"password": "jdoe",
"scope": ["openid"],
}
headers = {
"Content-Type": "application/x-www-form-urlencoded",
}
response = requests.post(url, headers=headers, data=payload).json()
id_token = response.get("id_token")
Finally, you can request Plone with bearer header::
import requests
url = "http://localhost:8081/imio/test-1/"
headers = {
"Accept": "application/json",
"Authorization": "Bearer {0}".format(id_token),
}
response = requests.get(url, headers=headers)
Translations
------------
This product has been translated into
- English
- French
Contribute
----------
- Issue Tracker: https://github.com/IMIO/pas.plugins.imio/issues
- Source Code: https://github.com/IMIO/pas.plugins.imio
License
-------
The project is licensed under the GPLv2.
Contributors
============
- Benoit Suttor, bsuttor@imio.be
Changelog
=========
2.0.9 (2023-08-31)
------------------
- Fix login could be id of user.
[bsuttor]
- Fix byte convertion error on python3.
[bsuttor]
2.0.8 (2023-08-18)
------------------
- Fix bug in users enumeration: wrong user could be retrieved (#4)
[laulaz]
- Finally check certs on JWT call (except for test).
[bsuttor]
- Fix creation of user on JWT call and test it.
[bsuttor]
2.0.7 (2023-03-28)
------------------
- Keep old groups during first login.
[bsuttor]
2.0.6 (2022-07-18)
------------------
- Do not verify_signature for jwt call because of error: "Could not deserialize key data".
[bsuttor]
2.0.5 (2022-07-13)
------------------
- Keep old roles on migration of users.
[bsuttor]
2.0.4 (2022-07-13)
------------------
- Temporary remove pas.app.users override because it do not work on Plone 6.
[bsuttor]
- Add possibility to remove old user (without login).
[bsuttor]
2.0.3 (2022-06-29)
------------------
- Migration code refactoring & add tests
[laulaz]
2.0.2 (2022-06-29)
------------------
- Add migration code (to new userid) for local roles / ownership
[laulaz]
2.0.1 (2022-06-15)
------------------
- Add posibility to delete user on zmi view.
[bsuttor]
- Improve user migration code
[laulaz]
- Verify signature for login with JWT.
[bsuttor]
2.0 (2022-06-01)
----------------
- Get userid and user login for user connected by JWT.
[bsuttor]
- Allow user search on any parts of id/login/email (not just the start)
[laulaz]
- Use uuid as plone user.id instead of username.
[bsuttor, laulaz]
- Be aware of next url when you call auhentic users api.
[bsuttor]
- Add zmi view of users.
[bsuttor]
1.0.11 (2022-04-21)
-------------------
- Revert previous release.
[bsuttor]
1.0.10 (2022-04-21)
-------------------
- Nothing changed yet.
1.0.9 (2022-01-19)
------------------
- Get rid of includeDependencies for Plone 6 compatibility.
[laulaz]
1.0.8 (2021-10-15)
------------------
- Fill username when user is created with JWT.
[bsuttor]
1.0.7 (2021-10-15)
------------------
- Create user with JWT token on first connection.
[bsuttor]
1.0.6 (2021-06-01)
------------------
- Fixed ModuleNotFoundError: No module named 'App.class_init' on Zope 5.
[bsuttor]
- Add JWT support.
[bsuttor]
1.0.5 (2021-01-04)
------------------
- Improve Anysurfer integration.
[bsuttor]
- Added revoke-user-access page to remove a user from its groups and revoke its roles.
[odelaere]
1.0.4 (2020-10-08)
------------------
- Plugin also provide IUserIntrospection so user from Authentic PAS plugin will also listed in api.user.get_users().
[bsuttor]
- Use IItem for Object to redirect imio_login instead of INavigation. It's solved bug to redirect from other page than root navigation, and so page which required access.
[bsuttor]
- Fix redirect after login for Plone < 5.2.
[odelaere]
1.0.3 (2020-07-30)
------------------
- Add Plone 5 testing profile.
[bsuttor]
1.0.2 (2020-07-16)
------------------
- Fix(testing profile): dependency of plone4 profile do not exists, use default.
[bsuttor]
1.0.1 (2020-07-16)
------------------
- Add plone 4 testing profile.
[bsuttor]
- Do not install usager login by default.
[bsuttor]
- Fix: import zcml permission from plone.app.controlpanel
[bsuttor]
1.0.0 (2020-05-29)
------------------
- Fix: set username on python3 when new user added.
[bsuttor]
1.0b11 (2020-03-27)
-------------------
- Also see came_from on request for next url.
[bsuttor]
1.0b10 (2020-03-27)
-------------------
- Fix: redirect on homepage.
[bsuttor]
- Improve next_url login.
[bsuttor]
1.0b9 (2020-02-26)
------------------
- Use state / user_state to redirect to page which apply SSO.
[bsuttor]
1.0b8 (2020-02-21)
------------------
- Set talk less.
[bsuttor]
1.0b7 (2020-02-11)
------------------
- Fix french typo.
[bsuttor]
1.0b6 (2020-02-07)
------------------
- Add plone.app.changeownership dependency.
[bsuttor]
1.0b5 (2020-02-07)
------------------
- Improve python3 compatibility, check if python 2 before safe_utf8.
[bsuttor]
1.0b4 (2020-02-07)
------------------
- Bad release.
[bsuttor]
1.0b3 (2020-02-07)
------------------
- Override plone userlist page to add link to WCA on Plone 5.
[bsuttor]
- Add zope_login to bypass SSO auth.
[bsuttor]
1.0b2 (2020-02-04)
------------------
- Fix python3 EnumerateUsers.
[bsuttor]
- Override plone userlist page to add link to WCA.
[bsuttor]
1.0b1 (2019-12-16)
------------------
- Python 3 support.
[bsuttor]
1.0a10 (2019-11-18)
-------------------
- Add css for login-page
[bsuttor]
- Add fr translations.
[bsuttor]
1.0a9 (2019-11-05)
------------------
- Override default login_form template (with z3c.jbot) to allow login with zope admin and an external url set.
[bsuttor]
1.0a8 (2019-09-04)
------------------
- Set Site Manager role to user with admin of service role on Authentic.
[bsuttor]
1.0a7 (2019-06-28)
------------------
- Set Manager role if you are into admin role on Authentic.
[bsuttor]
- Add Member role to user connected with Authentic.
[bsuttor]
1.0a6 (2019-05-20)
------------------
- Get logout hostname redirect from agents config.
[bsuttor]
- Add roles scope on agents.
[bsuttor]
1.0a5 (2019-05-09)
------------------
- Add userfactories to connect with email for usagers and with userid of agents.
[bsuttor]
1.0a4 (2019-04-26)
------------------
- Use different OU for usagers and agents.
[bsuttor]
1.0a3 (2019-04-25)
------------------
- Use different usagers and agents environement variables to connect to SOO.
[bsuttor]
1.0a2 (2019-04-25)
------------------
- Use agents and usagers to connect to Plone.
[bsuttor]
1.0a1 (2018-03-28)
------------------
- Initial release.
[bsuttor]
Raw data
{
"_id": null,
"home_page": "https://pypi.python.org/pypi/pas.plugins.imio",
"name": "pas.plugins.imio",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "Python Plone",
"author": "Benoit Suttor",
"author_email": "bsuttor@imio.be",
"download_url": "https://files.pythonhosted.org/packages/f9/e6/bd602a86337509922750433333f191e83a0818208f7912422b558c0bd2b6/pas.plugins.imio-2.0.9.tar.gz",
"platform": null,
"description": ".. This README is meant for consumption by humans and pypi. Pypi can render rst files so please do not use Sphinx features.\n If you want to learn more about writing documentation, please check out: http://docs.plone.org/about/documentation_styleguide.html\n This text does not appear on pypi or github. It is a comment.\n\n================\npas.plugins.imio\n================\n\nInstall local or remote connector to Imio authentic (SSO).\n\n\nFeatures\n--------\n\n- Override Plone login page\n- Connect with SSO\n- Disabled edition of username and e-mail\n- Connect with JWT\n\n\n.. image:: https://github.com/IMIO/pas.plugins.imio/workflows/Tests/badge.svg\n :target: https://github.com/IMIO/pas.plugins.imio/actions?query=workflow%3ATests\n :alt: CI Status\n\n.. image:: https://coveralls.io/repos/github/IMIO/pas.plugins.imio/badge.svg?branch=master\n :target: https://coveralls.io/github/IMIO/pas.plugins.imio?branch=master\n :alt: Coveralls\n\n\nInstallation\n------------\n\nYou need libffi-dev and openssl-dev packages installed (`sudo apt install libffi-dev openssl-dev`)\nInstall pas.plugins.imio by adding it to your buildout::\n\n [buildout]\n\n ...\n\n eggs =\n pas.plugins.imio\n\nAnd then running ``bin/buildout``\n\nAfter your instance is up, you can now install pas.plugins.imio from addons page.\n\n\nUsage\n-----\n\nTo update list of users, go to one of this view :\n\n- /@@add-authentic-users?type=usagers\n- /@@add-authentic-users?type=agents\n\n\nTo login with an user registred into Plone/Zope instead of pas plugin use this view :\n\n- Plone 4: ${portal_url}/login_form\n- Plone 5.2+: ${portal_url}/zope_login\n\nYou can also use plone default view for login with zope admin: aq_parent/@@plone-root-login\n\n\nHow to use JWT\n--------------\n\nFirst, add an Openid Connect client to Authentic with these options:\n\n- Processus d\u2019autorisation : mot de passe du propri\u00e9taire de ressource\n- Politique des identifiants : identifiant unique\n- Port\u00e9e de cession par cr\u00e9dentiels du propri\u00e9taire de la ressource : openid\n- Algorithme de signature IDToken : RSA\n- Oidc claims : userid | django_user_identifier | openid\n\nSecond, you can ask Authentic to get a JWT\n\nPython code example::\n\n import requests\n\n url = \"http://agents.localhost/idp/oidc/token/\"\n payload = {\n \"grant_type\": \"password\",\n \"client_id\": \"client-id-plone5-app\",\n \"client_secret\": \"client-secret-plone5-app\",\n \"username\": \"jdoe\",\n \"password\": \"jdoe\",\n \"scope\": [\"openid\"],\n }\n headers = {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n }\n\n response = requests.post(url, headers=headers, data=payload).json()\n id_token = response.get(\"id_token\")\n\nFinally, you can request Plone with bearer header::\n\n import requests\n\n url = \"http://localhost:8081/imio/test-1/\"\n headers = {\n \"Accept\": \"application/json\",\n \"Authorization\": \"Bearer {0}\".format(id_token),\n }\n\n response = requests.get(url, headers=headers)\n\nTranslations\n------------\n\nThis product has been translated into\n\n- English\n- French\n\n\nContribute\n----------\n\n- Issue Tracker: https://github.com/IMIO/pas.plugins.imio/issues\n- Source Code: https://github.com/IMIO/pas.plugins.imio\n\n\nLicense\n-------\n\nThe project is licensed under the GPLv2.\n\n\nContributors\n============\n\n- Benoit Suttor, bsuttor@imio.be\n\n\nChangelog\n=========\n\n\n2.0.9 (2023-08-31)\n------------------\n\n- Fix login could be id of user.\n [bsuttor]\n\n- Fix byte convertion error on python3.\n [bsuttor]\n\n\n2.0.8 (2023-08-18)\n------------------\n\n- Fix bug in users enumeration: wrong user could be retrieved (#4)\n [laulaz]\n\n- Finally check certs on JWT call (except for test).\n [bsuttor]\n\n- Fix creation of user on JWT call and test it.\n [bsuttor]\n\n\n2.0.7 (2023-03-28)\n------------------\n\n- Keep old groups during first login.\n [bsuttor]\n\n\n2.0.6 (2022-07-18)\n------------------\n\n- Do not verify_signature for jwt call because of error: \"Could not deserialize key data\".\n [bsuttor]\n\n\n2.0.5 (2022-07-13)\n------------------\n\n- Keep old roles on migration of users.\n [bsuttor]\n\n\n2.0.4 (2022-07-13)\n------------------\n\n- Temporary remove pas.app.users override because it do not work on Plone 6.\n [bsuttor]\n\n- Add possibility to remove old user (without login).\n [bsuttor]\n\n\n2.0.3 (2022-06-29)\n------------------\n\n- Migration code refactoring & add tests\n [laulaz]\n\n\n2.0.2 (2022-06-29)\n------------------\n\n- Add migration code (to new userid) for local roles / ownership\n [laulaz]\n\n\n2.0.1 (2022-06-15)\n------------------\n\n- Add posibility to delete user on zmi view.\n [bsuttor]\n\n- Improve user migration code\n [laulaz]\n\n- Verify signature for login with JWT.\n [bsuttor]\n\n\n2.0 (2022-06-01)\n----------------\n\n- Get userid and user login for user connected by JWT.\n [bsuttor]\n\n- Allow user search on any parts of id/login/email (not just the start)\n [laulaz]\n\n- Use uuid as plone user.id instead of username.\n [bsuttor, laulaz]\n\n- Be aware of next url when you call auhentic users api.\n [bsuttor]\n\n- Add zmi view of users.\n [bsuttor]\n\n\n1.0.11 (2022-04-21)\n-------------------\n\n- Revert previous release.\n [bsuttor]\n\n\n1.0.10 (2022-04-21)\n-------------------\n\n- Nothing changed yet.\n\n\n1.0.9 (2022-01-19)\n------------------\n\n- Get rid of includeDependencies for Plone 6 compatibility.\n [laulaz]\n\n\n1.0.8 (2021-10-15)\n------------------\n\n- Fill username when user is created with JWT.\n [bsuttor]\n\n\n1.0.7 (2021-10-15)\n------------------\n\n- Create user with JWT token on first connection.\n [bsuttor]\n\n\n1.0.6 (2021-06-01)\n------------------\n\n- Fixed ModuleNotFoundError: No module named 'App.class_init' on Zope 5.\n [bsuttor]\n\n- Add JWT support.\n [bsuttor]\n\n\n1.0.5 (2021-01-04)\n------------------\n\n- Improve Anysurfer integration.\n [bsuttor]\n\n- Added revoke-user-access page to remove a user from its groups and revoke its roles.\n [odelaere]\n\n\n1.0.4 (2020-10-08)\n------------------\n\n- Plugin also provide IUserIntrospection so user from Authentic PAS plugin will also listed in api.user.get_users().\n [bsuttor]\n\n- Use IItem for Object to redirect imio_login instead of INavigation. It's solved bug to redirect from other page than root navigation, and so page which required access.\n [bsuttor]\n\n- Fix redirect after login for Plone < 5.2.\n [odelaere]\n\n\n1.0.3 (2020-07-30)\n------------------\n\n- Add Plone 5 testing profile.\n [bsuttor]\n\n\n1.0.2 (2020-07-16)\n------------------\n\n- Fix(testing profile): dependency of plone4 profile do not exists, use default.\n [bsuttor]\n\n\n1.0.1 (2020-07-16)\n------------------\n\n- Add plone 4 testing profile.\n [bsuttor]\n\n- Do not install usager login by default.\n [bsuttor]\n\n- Fix: import zcml permission from plone.app.controlpanel\n [bsuttor]\n\n\n1.0.0 (2020-05-29)\n------------------\n\n- Fix: set username on python3 when new user added.\n [bsuttor]\n\n\n1.0b11 (2020-03-27)\n-------------------\n\n- Also see came_from on request for next url.\n [bsuttor]\n\n\n1.0b10 (2020-03-27)\n-------------------\n\n- Fix: redirect on homepage.\n [bsuttor]\n\n- Improve next_url login.\n [bsuttor]\n\n\n1.0b9 (2020-02-26)\n------------------\n\n- Use state / user_state to redirect to page which apply SSO.\n [bsuttor]\n\n\n1.0b8 (2020-02-21)\n------------------\n\n- Set talk less.\n [bsuttor]\n\n\n1.0b7 (2020-02-11)\n------------------\n\n- Fix french typo.\n [bsuttor]\n\n\n1.0b6 (2020-02-07)\n------------------\n\n- Add plone.app.changeownership dependency.\n [bsuttor]\n\n\n1.0b5 (2020-02-07)\n------------------\n\n- Improve python3 compatibility, check if python 2 before safe_utf8.\n [bsuttor]\n\n\n1.0b4 (2020-02-07)\n------------------\n\n- Bad release.\n [bsuttor]\n\n\n1.0b3 (2020-02-07)\n------------------\n\n- Override plone userlist page to add link to WCA on Plone 5.\n [bsuttor]\n\n- Add zope_login to bypass SSO auth.\n [bsuttor]\n\n\n1.0b2 (2020-02-04)\n------------------\n\n- Fix python3 EnumerateUsers.\n [bsuttor]\n\n- Override plone userlist page to add link to WCA.\n [bsuttor]\n\n\n1.0b1 (2019-12-16)\n------------------\n\n- Python 3 support.\n [bsuttor]\n\n\n1.0a10 (2019-11-18)\n-------------------\n\n- Add css for login-page\n [bsuttor]\n\n- Add fr translations.\n [bsuttor]\n\n\n1.0a9 (2019-11-05)\n------------------\n\n- Override default login_form template (with z3c.jbot) to allow login with zope admin and an external url set.\n [bsuttor]\n\n\n1.0a8 (2019-09-04)\n------------------\n\n- Set Site Manager role to user with admin of service role on Authentic.\n [bsuttor]\n\n\n1.0a7 (2019-06-28)\n------------------\n\n- Set Manager role if you are into admin role on Authentic.\n [bsuttor]\n\n- Add Member role to user connected with Authentic.\n [bsuttor]\n\n\n1.0a6 (2019-05-20)\n------------------\n\n- Get logout hostname redirect from agents config.\n [bsuttor]\n\n- Add roles scope on agents.\n [bsuttor]\n\n\n1.0a5 (2019-05-09)\n------------------\n\n- Add userfactories to connect with email for usagers and with userid of agents.\n [bsuttor]\n\n\n1.0a4 (2019-04-26)\n------------------\n\n- Use different OU for usagers and agents.\n [bsuttor]\n\n\n1.0a3 (2019-04-25)\n------------------\n\n- Use different usagers and agents environement variables to connect to SOO.\n [bsuttor]\n\n\n1.0a2 (2019-04-25)\n------------------\n\n- Use agents and usagers to connect to Plone.\n [bsuttor]\n\n\n1.0a1 (2018-03-28)\n------------------\n\n- Initial release.\n [bsuttor]\n",
"bugtrack_url": null,
"license": "GPL version 2",
"summary": "Pas plugin use to connect to auth.imio.be",
"version": "2.0.9",
"project_urls": {
"Homepage": "https://pypi.python.org/pypi/pas.plugins.imio"
},
"split_keywords": [
"python",
"plone"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "3ad27883e0b475a82dc5373d8109b1e8daf123252bb16232a641fd17d6daa1f7",
"md5": "9bc96eca413bda92c728959d6a312a51",
"sha256": "1c99234685e7bfe4ab77c810fadcc52fe9b14037a8eaa0eedbd2f8efec5e2ccd"
},
"downloads": -1,
"filename": "pas.plugins.imio-2.0.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "9bc96eca413bda92c728959d6a312a51",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 75273,
"upload_time": "2023-08-31T11:58:01",
"upload_time_iso_8601": "2023-08-31T11:58:01.177545Z",
"url": "https://files.pythonhosted.org/packages/3a/d2/7883e0b475a82dc5373d8109b1e8daf123252bb16232a641fd17d6daa1f7/pas.plugins.imio-2.0.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "f9e6bd602a86337509922750433333f191e83a0818208f7912422b558c0bd2b6",
"md5": "3b0133175aaca9021a0ab421a876ca01",
"sha256": "157da141dfff135af392b279fd06ee7f50c8d74384da88aab78032743c648e7a"
},
"downloads": -1,
"filename": "pas.plugins.imio-2.0.9.tar.gz",
"has_sig": false,
"md5_digest": "3b0133175aaca9021a0ab421a876ca01",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 56462,
"upload_time": "2023-08-31T11:58:03",
"upload_time_iso_8601": "2023-08-31T11:58:03.325385Z",
"url": "https://files.pythonhosted.org/packages/f9/e6/bd602a86337509922750433333f191e83a0818208f7912422b558c0bd2b6/pas.plugins.imio-2.0.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-31 11:58:03",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "pas.plugins.imio"
}
JSON