flask_oauthlib is no longer available in Debian Bullseye. It is only a
wrapper around oauthlib, which is still available. While this change does
increase the OAuth2 code size, it achieves compatability with both Debian
Buster and Bullseye.

Aside from error handling, this change has no noticable effects on OAuth2.0
clients. In terms of error handling, a few cases that were not properly
handled before now return appropriate error pages.

Fixes #101

sistason authored 3 years ago and Julian committed 3 years ago

This changes config key "LOGINNAME_BLACKLIST" to "LOGINNAME_BLOCKLIST".

Code is mostly based on python-fido2's example code. Note that webauthn
requires the website to be delivered via HTTPS. Flask's development server
automatically sets up a self-signed ssl cert with the `ssl_context="adhoc"`
option.

Julian authored 4 years ago and nd committed 4 years ago

LDAP_SERVICE_MOCK must be set to True to enable ldap mocking. As a
security measure, mocking is only allowed in debug mode. Also changed
ACL_ADMIN_GROUP and ACL_SELFSERVICE_GROUP in default_config.cfg to more
distinguishable values and removed the unused ACL_LDAP_GROUP_USEREDIT
entry.

The sample entries in ldap_server_entries.json are the bare minimum
required for mocking and most likely won't suffice on a real LDAP server.
Also ldap3's mocked server is very limited and does not correctly verify
hashed password, update group memberships or implement ldap
overlays/extentions correctly.

Closes #20