authentic2 (6.33.post4+gece99ea9-1~eob130+1) trixie-eobuilder; urgency=low

  * (ece99e) translation update (#108380)
  * (5d12c6) api: add endpoint to manage admin-roles of a role (#108380)
  * (138b0b) api: add endpoint to manage admin-users of a role (#108380)
  * (fbfad5) journal: add api-context to admin-users and -roles actions (#108380)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 30 Oct 2025 15:40:41 +0100

authentic2 (6.33) trixie-eobuilder; urgency=low

  * (1b63dc) do not break on overly confident user fields export order (#111514)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 29 Oct 2025 15:41:18 +0100

authentic2 (6.32) trixie-eobuilder; urgency=low

  * (9e71ba) debian: pass correct STATIC_ROOT as environment variable (#96042)
  * (f6e80e) idp_oidc: let logouts redirect to custom android url schemes (#111396)
  * (4865ba) set trigram threshold for all searched free text (#97935)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 Oct 2025 12:08:41 +0100

authentic2 (6.31) trixie-eobuilder; urgency=low

  * (b700e1) do not break authn when one of multiple users has no valid passwd
    (#111480)
  * (545028) misc: support django-ratelimit>3 (#111272)
  * (1ad714) debian: fix chown typo in postinst (#111275)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 Oct 2025 09:15:41 +0100

authentic2 (6.30) trixie-eobuilder; urgency=low

  * (4c51c4) debian: missing comma in Depends (#111248)
  * (7b9b13) debian: add python3-zxcvbn to debian/control (#111248)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 21 Oct 2025 12:11:49 +0200

authentic2 (6.29) trixie-eobuilder; urgency=low

  * (300a5e) settings: let Django configure logging (#111299)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 Oct 2025 21:35:48 +0200

authentic2 (6.28) trixie-eobuilder; urgency=low

  * (6dbc69) tests: mock franceconnect jwkset url during manager test (#111230)
  * (2ddc41) manager: fix compatibility with django-import-export 4.3.5 (#111129)
  * (6e4ff0) ci: add trixie dependencies to targets (#111129)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 19 Oct 2025 11:45:32 +0200

authentic2 (6.27) trixie-eobuilder; urgency=low

  * (4d05a4) translation update (#93150)
  * (4dc189) misc: fix erroneous m2m field label (#93150)
  * (c2e9cc) a2_rbac: let OU-deletion trigger stale user imports removal (#96429)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Oct 2025 15:08:29 +0200

authentic2 (6.26) trixie-eobuilder; urgency=low

  * (55bc6d) hide registration link on deletion-confirmation reauthn (#97578)
  * (6b5c5b) ProfileView: remove deprecated 'profile' context variable (#99220)
  * (6c9852) ci: also build package for trixie (#111016)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Oct 2025 12:27:15 +0200

authentic2 (6.25) trixie-eobuilder; urgency=low

  * (2656c8) EditProfile: let used form-class be a cbv attribute (#111096)
  * (25f560) ldap: add connection through an HTTP proxy (#110873)
  * (b49f89) misc: do not log login failed when user has no usable password
    (#110873)
  * (88e964) translation update (#104120)
  * (87eb29) misc: let password-reset email disclose action unavailability (#104120)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 15 Oct 2025 12:59:13 +0200

authentic2 (6.24) trixie-eobuilder; urgency=low

  * (6c7cce) translation update (#99904)
  * (6d7b9d) auth_oidc: intercept duplicate error on STRATEGY_FIND_EMAIL (#99904)
  * (6a0ab5) manager: in select2 view replace serialized queryset by a string
    (#107704)
  * (4c1382) idp_oidc: allow redirecting to custom url schemes (#110824)
  * (6c97c2) views: filter consent with user on deletion (#110780)
  * (d080b2) translation update (#104117)
  * (499b53) auth_fc: add missing i18n (#104117)
  * (da4cf0) tests: fill existing coverage gaps (#108972)
  * (5e2c7c) api: allow bulk-removing all memberships of a role (#108972)
  * (56a707) translation update (#110748)
  * (325c62) /password/change/: add ip-based ratelimit (#110748)
  * (a301bc) /accounts/: use country-name html autocompletion value (#110747)
  * (211451) a2_rbac: give more permissions to OUs' admin-role (#106950)
  * (297a8c) role_manager: test role-deletion journal event (#109403)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 14 Oct 2025 15:16:48 +0200

authentic2 (6.23) trixie-eobuilder; urgency=low

  * (4f1f76) translation update
  * (dd7526) api: check members presence before removing them (#50861)
  * (b47d7b) ci: fix warning about deprecated diff-cover option --html-report
    (#110627)
  * (2717cf) ci: raise error on warnings (#110627)
  * (f46159) misc: fix CoverageWarning about unparsable source files (#110627)
  * (064317) misc: fix warnings about unhandled thread exception in
    test_attribute_value_uniqueness (#110627)
  * (598084) misc: fix warnings about unclosed files (#110627)
  * (103cb4) tests: fix TypeError "float object cannot be interpreted as an integer"
    (#110627)
  * (272f18) tests: fix warnings "Passing unsaved model instances to related filters
    is deprecated." (#110627)
  * (f278cf) migrations: fix warnings about deprecated index_together (#110627)
  * (3f4807) templates: fix warnings about deprecated form default render method
    (#110627)
  * (6b30db) templates: fix warnings about deprecated length_is template filter
    (#110627)
  * (e3deb1) manager: fix warnings about using delete() instead of form_valid()
    method in DeleteView (#110627)
  * (e8b18c) oidc: fix warnings about deprecated accessor in jwcrypto (#110627)
  * (fed852) tests: fix warnings about min_password_strength in tests (#110627)
  * (e93cc3) tests: fix warnings about deprecation of ast.Num, ast.Str (#110627)
  * (1747ba) utils/evaluate: fix warnings about deprecation of
    ast.Num/Str/NameConstant (#110627)
  * (23b325) idp/saml2: fix warnings about using deprecated datetime.utcnow()
    (#110627)
  * (81af90) a2_rbac: fix warnings about using naive datetimes (#110627)
  * (8eb49b) misc: fix warnings about using deprecated django.utils.timezone.utc
    (#110627)
  * (bf1a73) tests: fix warning about use of datetime.utcnow() (#110627)
  * (dd470e) tests: fix warning about use of naive datetimes (#110627)
  * (59e8cc) idp/saml2: remove dead code (#110627)
  * (5d9fa7) misc: remove custom hashers and openldap ldif support (#110627)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 10 Oct 2025 16:17:34 +0200

authentic2 (6.22) trixie-eobuilder; urgency=low

  * (ca1cc6) translation update (#110147)
  * (9bbd8b) auth_fc: reduce log of unapplied mapping to debug (#110643)
  * (8e54d4) auth_fc: add default mapping for birthdate (#110643)
  * (115bca) /accounts/: html-autocomplete edit-form usual fields (#107385)
  * (123d30) idp/saml: fix open redirect in error_redirect() and slo() (#110540)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Oct 2025 11:02:14 +0200

authentic2 (6.21) trixie-eobuilder; urgency=low

  * (027b5f) auth_fc: catch all cases of integrity errors while linking (#106136)
  * (0beac0) auth_fc: lock subject id during account modifications (#106136)
  * (d4c112) idp/saml: remove all consent and federation management related code
    (#110147)
  * (f3816a) api: enable users filtering with more attributes (#106676)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 01 Oct 2025 11:02:25 +0200

authentic2 (6.20) trixie-eobuilder; urgency=low

  * (aaa61a) tech-info: toggle debug-level output in case of ldap errors (#67303)
  * (dd0a18) manager: provide a simpler role creation form (#66794)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 12 Sep 2025 11:40:41 +0200

authentic2 (6.19) trixie-eobuilder; urgency=low

  * (6b885b) translation update (#109649)
  * (291ff3) /manage/: provide more precise OU help-text (#109649)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 02 Sep 2025 17:56:16 +0200

authentic2 (6.18) trixie-eobuilder; urgency=low

  * (7936a6) translation update (#106016)
  * (5f8cb1) idp_oidc: display offline-access notice on consents page (#106016)
  * (17fe63) idp_oidc: offline access invalidates one-time authzs (#106016)
  * (2be6e6) idp_oidc: link tokens to their issuing authz (#106016)
  * (5e1c0d) auth_fc: default to newer platform & version (#109369)
  * (2694c9) auth_fc: deprecate old sandbox ("test") platform (#109369)
  * (e46ff0) auth_fc: match scopes' translation with source datapass config
    (#109375)
  * (68a5e4) manager: set progress to 100 only when csv is generated (#109422)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 31 Aug 2025 08:49:44 +0200

authentic2 (6.17) trixie-eobuilder; urgency=low

  * (8b6d9e) api: add 'err' key in synchronization endpoint (#109421)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 26 Aug 2025 13:33:15 +0200

authentic2 (6.16) trixie-eobuilder; urgency=low

  * (e3f56e) tests: fix typo (#109120)
  * (953471) misc: wrap change to pg_trgm.* variables in an atomic block (#109120)
  * (d269c1) tests: fix test_journal_form_date_hierarchy random failures (#109132)
  * (730974) ci: make diff-cover use coverage.xml (#108999)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 19 Aug 2025 10:32:17 +0200

authentic2 (6.15) trixie-eobuilder; urgency=low

  * (6764c8) auth_oidc: fix oidc-register-issuer optionnal arguments (#107682)
  * (24fa37) translation update (#108858)
  * (1f2ab3) login-password authn: fix erroneous min-backoff field label (#108858)
  * (001d4f) translation update (#108915)
  * (a338a6) auth_fc: remove deprecated client_id help text (#108915)
  * (6a1c1f) auth_fc: fix misc discrepancies in IdP conf information (#108915)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 Aug 2025 14:57:56 +0200

authentic2 (6.14) trixie-eobuilder; urgency=low

  * (2356c2) translation update (#108895)
  * (d41856) auth_fc: add link-by-email option disclaimer (#108895)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 06 Aug 2025 14:15:54 +0200

authentic2 (6.13) trixie-eobuilder; urgency=low

  * (26720e) translation update (#108730)
  * (ab98ad) password authn: enforce settable session-duration boundaries (#108730)
  * (03dbeb) translation update (#108726)
  * (c0f4d9) login-password authn: fix erroneous min backoff help text (#108726)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 30 Jul 2025 12:06:26 +0200

authentic2 (6.12) trixie-eobuilder; urgency=low

  * (f5bb8e) urls: fix urlpattern when DEBUG=True and fix test (#108036)
  * (486e3e) translation update (#108723)
  * (3f6104) fix password-authn's broken help-text i18n (#108723)
  * (57cc94) fix miscellaneous translation issues (#108723)
  * (fde767) auth_oidc: fix claim error 1st Event creation (#108383)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 30 Jul 2025 09:56:18 +0200

authentic2 (6.11) trixie-eobuilder; urgency=low

  * (7121c3) ci: add def keyword to comply to jenkins warning (#108148)
  * (563260) ci: display diff-cover result on build page (#108209)
  * (c3bd9e) translation update (#106758)
  * (60782e) authenticators: add an optional ImageField for connect button (#106758)
  * (55cb7f) apiclient: fix password hint text (#107975)
  * (d452a7) translation update (#107868)
  * (5dc9d0) Revert "translation update (#107868)"
  * (93527f) translation update (#107868)
  * (64c1d6) auth_oidc: add journal entry for OIDC "no user found" error (#107868)
  * (fe5c05) translation update (#107989)
  * (c12918) auth_oidc: log user's roles addition/removal in journal on login
    (#107989)
  * (39e02d) api_views: add /roles/…/children/ endpoint (#107999)
  * (2333b2) idp_oidc: add backoffice activation of clients' offline access
    (#108022)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 Jul 2025 11:28:58 +0200

authentic2 (6.10) trixie-eobuilder; urgency=low

  * (52ab5f) translation update (#82388)
  * (e91381) accounts: provide a phone validation action (#82388)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Jul 2025 16:18:08 +0200

authentic2 (6.9) trixie-eobuilder; urgency=low

  * (6db766) auth_oidc: fix & test oidc-register-issuer claims argument (#106582)
  * (6c8638) auth_oidc: fix & test oidc-register-issuer command (#106582)
  * (fca5b6) translation update (#84382)
  * (b33314) user_import: handle legacy UserImport uuid (#107741)
  * (2d8cb3) misc: fix url patterns (#107736)
  * (edbdf3) auth_oidc: delete unreachable code (#84382)
  * (d34936) auth_oidc: record Event on missing claim (#84382)
  * (4fd7f5) journal: attempt to save Event that have been rollback (#84382)
  * (c5a542) tests: add --coverage & --numprocesses arguments to nox (#107488)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Jul 2025 16:25:55 +0200

authentic2 (6.8) trixie-eobuilder; urgency=low

  * (abb929) manager: use same uuid base64urlencoded id for export and import
    (#82550)
  * (3860b6) su: add path converter for base64 encoded UUID and use it (#82550)
  * (20c2a5) urls: add a2_token url converter and use it (#82550)
  * (2bf790) urls: use user_uuid path converter (#82550)
  * (de8ee7) idp_oidc: provide a token-revocation endpoint (#107447)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 30 Jun 2025 09:31:32 +0200

authentic2 (6.7) trixie-eobuilder; urgency=low

  * (6c60c0) translation update (#105647)
  * (79dbd6) idp_oidc: perform refresh-token uninterrupted chaining (#105647)
  * (7ec975) idp_oidc: refresh request invalidates previously-issued tokens
    (#105647)
  * (3818f8) idp_oidc: let user know their consent bears offline access (#105647)
  * (e6ca01) idp_oidc: handle “offline_access” authorization scope (#105647)
  * (67059c) idp_oidc: let refresh token duration be app-settable (#105647)
  * (7e7d8c) idp_oidc: let authorized clients issue refresh requests (#105647)
  * (5ea4b9) idp_oidc: let token endpoint issue refresh tokens when relevant
    (#105647)
  * (6d7946) idp_oidc: create refresh token model (#105647)
  * (eb795c) idp_oidc: let client configuration allow for refresh tokens (#105647)
  * (c5a760) registration: autocomplete html from pre-registration onwards (#107305)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 27 Jun 2025 10:08:23 +0200

authentic2 (6.6) trixie-eobuilder; urgency=low

  * (249987) ci: hold diff-cover in a version!=9.4.0 (#107265)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 Jun 2025 11:50:11 +0200

authentic2 (6.5) trixie-eobuilder; urgency=low

  * (b77b4d) auth_fc: hide email-based linking option by default (#106715)
  * (b222c3) auth_fc: deactivate email-based linking by default (#106715)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 Jun 2025 10:46:26 +0200

authentic2 (6.4) trixie-eobuilder; urgency=low

  * (a1ec93) translation update (#98735)
  * (2e3b55) manager: make A2_PROFILE_CAN_CHANGE_EMAIL runtime & editable (#98735)
  * (f3c6d4) misc: consider user-initiated account creation as authn event (#82736)
  * (95bd0d) passwords: fix longer password hint construction (#106688)
  * (70f5a9) css: increase password hint size (#106687)
  * (216b3a) translation update (#106783)
  * (07dda1) auth_fc: display IdP conf info at authenticator creation time (#106783)
  * (cd0409) authentic: check user email change against authenticator policy
    (#105354)
  * (acd4c3) authenticators: add option to allow user change its email (#105354)
  * (4d862c) ci: add diff-cover generation & test to nox (#106451)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 17 Jun 2025 16:07:41 +0200

authentic2 (6.3) trixie-eobuilder; urgency=low

  * (4a6f8a) misc: use format_lazy() to construct lazy translated strings (#106629)
  * (2dbdc5) idp_oidc: use gettezt_lazy instead of gettext for static strings
    (#106629)
  * (47d18f) tests: prevent off by one error (#106629)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 06 Jun 2025 01:17:49 +0200

authentic2 (6.2) trixie-eobuilder; urgency=low

  * (8c9f4f) forms: autocomplete current passwords at authentication time (#106616)
  * (051240) settings: remove INTERNAL_IPS from settings (#106605)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 05 Jun 2025 17:02:22 +0200

authentic2 (6.1) trixie-eobuilder; urgency=low

  * (0f0f58) translation update (#106508)
  * (4bfc58) auth_fc: add new integration environment urls (#106508)
  * (9558b6) tests: fix test_oidc_sync_provider avoiding admin user selection
    (#92426)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 Jun 2025 13:02:53 +0200

authentic2 (6.0) trixie-eobuilder; urgency=low

  * (1f4faf) tests: fix tests for pytest8.4 (#106491)
  * (463ae9) auth_fc: deprecated scopes should still be displayed if used (#106230)
  * (686ccb) tests: fix event type retention test (#106357)
  * (ccc122) misc: escape possible formula in CSV export (#105841)
  * (917839) translation update (#101591)
  * (32d55b) manager: add retention days in event types listing (#101591)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 03 Jun 2025 10:34:51 +0200

authentic2 (5.99) trixie-eobuilder; urgency=low

  * (c0991e) auth_fc: perform /login/?next=… indirection at FC authz error (#105671)
  * (34d0b6) idp_oidc: do not crash on odd unchanged sector-ids at data clean
    (#105277)
  * (1e1528) translation update (#105921)
  * (7eb447) auth_fc: provide clearer messages on FC internal errors (#105921)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 23 May 2025 07:44:43 +0200

authentic2 (5.98) trixie-eobuilder; urgency=low

  * (e838f8) translation update (#105813)
  * (0d6db8) auth_fc: provide authenticator multiaccount option help-text (#105813)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 18 May 2025 12:46:19 +0200

authentic2 (5.97) trixie-eobuilder; urgency=low

  * (85d8fc) auth_oidc: do not send ui_locales= to authorization endpoint (#105621)
  * (ed459c) journal: add support for file field to ManagerServiceEdit (#104865)
  * (8a2ea2) auth_fc: remove unused new_url argument from
    LoginOrLinkView.encode_state() (#104118)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 13 May 2025 17:57:38 +0200

authentic2 (5.96) trixie-eobuilder; urgency=low

  * (b1f88f) translation update (#99983)
  * (b37a28) fc/multiaccount: let anonymous fc users select one of their accounts
    (#99983)
  * (45ed42) auth_fc: perform “monoaccount” checks while linking users (#99983)
  * (15dfec) auth_fc: add multiaccount feature flag to authenticator (#99983)
  * (67951a) auth_fc: discard unused FC link order field (#99983)
  * (8b364b) auth_fc: delete FcAccounts with nonzero order value (#99983)
  * (e86b1b) tests/passwords: work around zxcvbn's dicts side-fx statefulness
    (#105471)
  * (7b6233) idp_oidc: allow hyphens in custom scheme in redirect URIs (#105285)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 12 May 2025 16:42:28 +0200

authentic2 (5.95) trixie-eobuilder; urgency=low

  * (0ecdb7) passwords: add support for zxcvbn 4.5.0 (#104832)
  * (95e478) tests: make tests run in random order (#104988)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 30 Apr 2025 11:36:27 +0200

authentic2 (5.94) trixie-eobuilder; urgency=low

  * (7c2d23) debian: use IDLE scheduler for cron jobs (#104937)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Apr 2025 15:46:11 +0200

authentic2 (5.93) trixie-eobuilder; urgency=low

  * (449437) translation update (#104891)
  * (badff9) tests: adjust w.c.s. mocked response (#105238)
  * (6e754d) tests: remove LANGUAGE_CODE from test_find_duplicates fixing l10n
    (#96079)
  * (25e4f6) manager: fix ManagerRoleAdministratorRole* message (#96079)
  * (f86f85) auth_fc: display user-friendly authz error descriptions (#104891)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Apr 2025 14:52:48 +0200

authentic2 (5.92) trixie-eobuilder; urgency=low

  * (0561c0) translation update
  * (1076ac) manager/services: add link to well-known oidc metadata (#104529)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 Apr 2025 11:34:31 +0200

authentic2 (5.91) trixie-eobuilder; urgency=low

  * (fe4314) translation update
  * (f154b7) idp_oidc: make claim popup return to service settings (#72434)
  * (047ff9) idp_oidc: remove duplicate client_id/secret fields on setting page
    (#104310)
  * (a78961) idp_oidc: remove default mapping for preferred_username (#104312)
  * (710015) idp_oidc: include issuer in UserInfo response (#104199)
  * (b366ab) idp_oidc: include issuer value in authz callback querystring (#104199)
  * (5a8d6a) idp_oidc: allow custom URL schemes (#104222)
  * (9054a3) idp_oidc: factorize redirect_uri handling in authorize and logout
    endpoint (#104222)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Apr 2025 17:53:44 +0200

authentic2 (5.90) trixie-eobuilder; urgency=low

  * (783053) api: add an include-roles flag to user listing APIs (#103683)
  * (3ed8ca) api: specialize user list serializer for performance (#103784)
  * (474442) authenticators: define ordering for adding roles actions (#102392)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 28 Mar 2025 12:01:39 +0100

authentic2 (5.89) trixie-eobuilder; urgency=low

  * (cebbc6) translation update (#103657)
  * (9927c2) auth_fc: display error message on state param inconsistency (#103657)
  * (15222e) authenticators: let phone field changes invalidate sms codes (#103000)
  * (1d15e7) manager: Journal needs to be instanciated with a django User (#102943)
  * (d41477) debian+setup: exclude unsupported django 3.2 dependency (#103230)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Mar 2025 15:35:35 +0100

authentic2 (5.88) trixie-eobuilder; urgency=low

  * (0a36c6) translation update (#100061)
  * (e75903) phone_field: add composite-input help text (#100061)
  * (106f25) api: include name & id in check_api_client (#101768)
  * (646b44) auth_fc: test that account self-deletion clears statefulness data
    (#102385)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 03 Mar 2025 09:41:51 +0100

authentic2 (5.87) trixie-eobuilder; urgency=low

  * (26d9dc) auth_fc: hide uncommon scopes by default (#102356)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 20 Feb 2025 14:47:04 +0100

authentic2 (5.86) trixie-eobuilder; urgency=low

  * (dc196e) misc: add migrations requested by django 4.2 (#101218)
  * (47afa6) misc: remove leftover unused imports (#101218)
  * (b7d44d) misc: let pre-commit apply changes (#101218)
  * (436a47) ci: update black version (#101218)
  * (80eb33) ci: change black to target python 3.11 (#101218)
  * (94d3c2) ci: change django-upgrade to target django 4.2 (#101218)
  * (a993ae) ci: change pyupgrade to target python 3.11 (#101218)
  * (22369f) ci: update django-upgrade version (#101218)
  * (7a71b6) ci: update pyupgrade version (#101218)
  * (fb8e7b) ci: update nox to only test against django 4.2 (#101218)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 11 Feb 2025 15:25:11 +0100

authentic2 (5.85) trixie-eobuilder; urgency=low

  * (a455ea) translation update
  * (479eb4) translation update (#93137)
  * (cf44e1) apiclient: handle duplicated APIClient identifier in edit form (#93137)
  * (4768ff) apiclient: make APIClient identifier unique (#93137)
  * (f4d3fd) apiclient: add by_identifier to APICLient manager and use it (#99137)
  * (3d80c1) api: include roles in users API (#25645)
  * (4e2de8) translation update (#99754)
  * (51c359) csv-import: log start, stop, user creation & modification (#99754)
  * (cc19fa) ci: run tests on django4 by default (#100900)
  * (17b892) misc: review next_url management on profile, password reset and
    registration views (#76835)
  * (684215) tests: check open redirection is impossible for /password/reset/
    (#76835)
  * (2cf806) misc: pass next_url through token for password reset confirm view
    (#76858)
  * (45689f) tests: refactor authentication and sms authentication tests (#76835)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Feb 2025 17:04:20 +0100

authentic2 (5.84) trixie-eobuilder; urgency=low

  * (0754c3) translation update (#100618, #100778)
  * (2f6978) /accounts/consents/: display authorized scopes (#100778)
  * (f8d7ab) ldap_backend: handle dsa's unavailability at connection time (#100618)
  * (59fb32) /manage/tech-info/: don't crash on buggy directory url retrieval
    (#100618)
  * (16271d) translation update (#83996)
  * (550e8f) Revert "translation update (#83996)"
  * (ab4b9e) translation update (#83996)
  * (b7e984) journal: add code to support django 3 & 4 (#83996)
  * (c4b5fb) journal: logs service creation, update, deletion actions (#83996)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Jan 2025 05:19:55 +0100

authentic2 (5.83) trixie-eobuilder; urgency=low

  * (75d190) PhoneField: add composite-widget style by siblings selection (#73949)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 18 Dec 2024 14:19:19 +0100

authentic2 (5.82) trixie-eobuilder; urgency=low

  * (adcbe2) translation update
  * (21360c) PhoneField: display one-liner international phone input (#73949)
  * (5fd408) AttributeValue: discard unused verification-sources array (#99156)
  * (93ff16) misc: fix typo in ldap_backend (#98215)
  * (3f58cc) a2_rbac: provide clearer explanation of ou's email validation (#95390)
  * (4599ce) user_import: remove and avoid duplicate uuids (#99636)
  * (c3bec9) misc: check next_url only contains printable characters (#99753)
  * (d170d4) auth_fc: fix FcAccount.user_info verbose_name (#99241)
  * (efb15c) api: add date-joined users filter (#99358)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 18 Dec 2024 11:43:08 +0100

authentic2 (5.81) trixie-eobuilder; urgency=low

  * (3a6c72) translation update (#76224)
  * (e5495f) idp_oidc: add client_id & client_secret fields in edit form (#76224)
  * (2d04c0) csv-import: use case-insensitive logic to lookup users by email
    (#99224)
  * (6c2a7e) serializers: declare users' password as write-only (#99167)
  * (1d7f06) auth_fc: fix warning about autodetection of AppConfig (#98976)
  * (cd26fa) auth_fc: always verify server certificate (#98976)
  * (81b2a9) auth_fc: fix issuer check for FranceConnect v2 (#98976)
  * (37d802) auth-fc: fix urls for FranceConnect v2 (#98976)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 03 Dec 2024 12:20:37 +0100

authentic2 (5.80) trixie-eobuilder; urgency=low

  * (5ff250) manager: ignore FileNotFoundError during user import run (#86086)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Nov 2024 19:48:05 +0100

authentic2 (5.79) trixie-eobuilder; urgency=low

  * (bcd264) misc: add cache on apiclient password hash (#98076)
  * (5d815f) translation update (#98361)
  * (933332) passwords: merge password strength message (#98361)
  * (c70761) tests: add tests with a faulty memcached mock (#79747)
  * (eb585b) misc: ignore cache exceptions (#79747)
  * (dc23a2) trivial: remove space before : in English string (#98360)
  * (bf0fe5) a11y: apply aria-live="polite" to full password strength zone (#98360)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 19 Nov 2024 17:22:43 +0100

authentic2 (5.78) trixie-eobuilder; urgency=low

  * (2e0582) password.js: fix password equality check (#98241)
  * (9c5b23) forms: avoid calling /api/validate-password with empty password
    (#96325)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 Nov 2024 11:43:19 +0100

authentic2 (5.77) trixie-eobuilder; urgency=low

  * (9e9236) auth_fc: ignore userinfo response's charset in MIME header (#98091)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 05 Nov 2024 10:37:41 +0100

authentic2 (5.76) trixie-eobuilder; urgency=low

  * (baeabc) misc: fix rendering of link column for users without permissions
    (#96581)
  * (f99999) misc: allow django-select2 up to 7.10 (#97974)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Nov 2024 15:01:09 +0100

authentic2 (5.75) trixie-eobuilder; urgency=low

  * (c4e37a) utils/service: do not crash on stale in-session service info (#97954)
  * (9fade3) ci: show installed versions in tests target (#91891)
  * (406a7b) translation update (#93454)
  * (4481be) utils/jwc: use unique parse_id_token function for OIDC & FC (#93454)
  * (7f8733) auth_fc: check 'iss' value as v2 authz callback param (#93454)
  * (e8e976) auth_fc: update extensive scopes list (#93454)
  * (53a4de) auth_fc: check for authz errors as callback response params (#93454)
  * (023af4) auth_fc: add authz prompt param, mandatory in v2 (#93454)
  * (83226f) auth_fc: let provider's userinfo response be a JWT (#93454)
  * (2c34ca) auth_fc/management: add jwkset refresh command (#93454)
  * (797c70) auth_fc: retrieve and use platform's json webkey set (jwks) (#93454)
  * (1f364d) auth_fc: add support for v2 api urls (#93454)
  * (b09c96) utils: add new json web cryptography submodule (#93454)
  * (585133) Revert "ci: always run all tests (#95309)" (#97931)
  * (6de0cf) ci: let pylint errors stop the build (#97889)
  * (7a3597) ci: merge check-migrations with tests (#97886)
  * (dac33f) misc: ignore pylint warnings about django.utils.timezone.utc. it still
    needed with django 3.2 (#95309)
  * (94b574) ci: always run all tests (#95309)
  * (b540b8) misc: adapts some migration steps to works with both django 3 and 4
    (#95309)
  * (430b8d) tests: change password strenght in user manager tests (#95309)
  * (15ea1e) tests: make the run_on_commit_hook() compatible (#95309)
  * (566606) tests: make form fetch more precise (#95309)
  * (e39ebd) tests: make the MultiWidget presence test compatible with django 4
    (#95309)
  * (886eae) misc: make DeleteView compatible with Django 4 (#95309)
  * (b75eb4) admin: django.contrib.auth.UserAdmin.actions is now a tuple in django 4
    (#95309)
  * (f12bb1) api: make routers compatible with future DRF. DRF asks for unique
    router basename (#95309)
  * (670ddd) misc: bump django/DRF dependencies in setup.py (#95309)
  * (7940df) ci: add check-manifest to noxfile (#97809)
  * (c90b9a) ci: use nox instead of tox (#91430)
  * (bae7ab) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 31 Oct 2024 18:51:33 +0100

authentic2 (5.74) trixie-eobuilder; urgency=low

  * (ad3019) translation update (#96463)
  * (2f02b3) manager: add a link to generate a new APIClient password (#96463)
  * (a44c22) manager: check APIClient password strength (#96463)
  * (d82423) manager: prefill APIClient password field with a strong password
    (#96463)
  * (858810) debian: add MEDIA_ROOT configuration (#96767)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 Oct 2024 09:42:31 +0200

authentic2 (5.73) trixie-eobuilder; urgency=low

  * (25127e) misc: delete user external id referenced by another guid before
    updating (#96634)
  * (026be8) translation update (#96858)
  * (32f486) auth_oidc: provide help_text from idtoken_claim parameter (#96858)
  * (0d2829) idp_saml: remove federation management views (#95597)
  * (d6b389) tests: get mellon from gitea (#96773)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 15 Oct 2024 15:10:28 +0200

authentic2 (5.72) trixie-eobuilder; urgency=low

  * (970d9a) user_import: try to catch all errors during migration (#96633)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 09 Oct 2024 15:06:13 +0200

authentic2 (5.71) trixie-eobuilder; urgency=low

  * (1b1b51) user_import: move RunPython step to another migration (#96583)
  * (4e118e) user_import: ensure migration do not break when Ou no longer exists
    (#96474)
  * (408556) user_import: RunPython migration step is not needed when creating a
    schema (#96471)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 08 Oct 2024 11:33:44 +0200

authentic2 (5.70) trixie-eobuilder; urgency=low

  * (b53594) user_import: ignore invalid imports during migrations (#96415)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Oct 2024 10:15:38 +0200

authentic2 (5.69) trixie-eobuilder; urgency=low

  * (fc8b41) translation update
  * (dab189) manager: allow OU manager to import users (#85200)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Oct 2024 08:04:36 +0200

authentic2 (5.68) trixie-eobuilder; urgency=low

  * (88f01c) translation update
  * (fdd40e) handle next_url after email change and verification (#96169)
  * (cc5562) misc: remove button-paragraph style, now in gadjo (#96144)
  * (f1c253) discard deletion backoffice messages for saml-identified users (#96064)
  * (17ed3d) auth_saml: prevent GET on metadata in detail page (#96110)
  * (1937ff) auth_saml: do not retry loading metadata URL 3 times (#96110)
  * (11b57a) authenticators: display delay warning after edit (#95391)
  * (f2b013) misc: force keyword arguments (#95724)
  * (da68cd) ci: increase max-positional-arguments to 10 (#95724)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Oct 2024 11:14:29 +0200

authentic2 (5.67) trixie-eobuilder; urgency=low

  * (b8fb38) manager: remove duplicated password field on apiclient edit form
    (#94879)
  * (0a4569) Reapply "api: remove deprecated statistics endpoints (#90669)" (#95221)
  * (bf0844) translation update (#84911)
  * (01720f) translation update (#84911)
  * (ed4c1f) journal: add record for su token generation & record su logins (#84911)
  * (8f2499) translation update (#84910)
  * (fd64ef) manager: add a checkbox to show only superusers (#84910)
  * (18628d) auth_oidc: handle consistent email verification upon login (#95224)
  * (5fa372) auth_oidc: handle user attributes validation errors (#94795)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 18 Sep 2024 14:19:32 +0200

authentic2 (5.66) trixie-eobuilder; urgency=low

  * (3532f0) manager: fix users roles search form (#95036)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 11 Sep 2024 18:07:49 +0200

authentic2 (5.65) trixie-eobuilder; urgency=low

  * (dd81d5) registration: catch error when png metadata are too large (#95153)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 10 Sep 2024 15:29:49 +0200

authentic2 (5.64) trixie-eobuilder; urgency=low

  * (a3b916) translation update (#95035)
  * (18636b) password_reset: handle case when username given for user without email
    (#95035)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 10 Sep 2024 09:47:44 +0200

authentic2 (5.63) trixie-eobuilder; urgency=low

  * (89035c) manager: allow searching roles by slug (#94830)
  * (7887c6) misc: remove AUTHENTIC2_VERSION in base.html footer (#94609)
  * (d747a5) debian: use PyMemcacheCache django cache backend (#94277)
  * (fba800) api: change permissions for user service data endpoint (#91808)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 Sep 2024 12:17:57 +0200

authentic2 (5.62) trixie-eobuilder; urgency=low

  * (d0175f) translation update (#94627)
  * (26751b) Revert "api: remove deprecated statistics endpoints (#90669)" (#94627)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 30 Aug 2024 09:47:24 +0200

authentic2 (5.61) trixie-eobuilder; urgency=low

  * (77af89) translation update
  * (c45263) api: add q style filter on /api/roles/ (#93918)
  * (890656) api: add boolean filter for admin and internal roles (#93903)
  * (c5f3fa) a2_rbac: add methods to filter internal roles (#93903)
  * (fddb09) a2_rbac: add methods to filter admin roles (#93903)
  * (2b8a20) tox.ini: make compatible with python3.12 (#93903)
  * (71feed) auth: add disclaimer on delay to see change to authenticators (#91456)
  * (52714d) views: handle GET on consent delete view gracefully (#84587)
  * (5f5d60) api: only use strings in ordering tuples (#80915)
  * (0059b7) utils/api: improve validation of NaturalKeyRelatedField (#66739)
  * (e56657) idp_saml2: prevent race condition between .exists() and .latest()
    (#49932)
  * (ed38e7) tests: replace pytest-freezegun with pytest-freezer (#94186)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 27 Aug 2024 16:03:23 +0200

authentic2 (5.60) trixie-eobuilder; urgency=low

  * (4b5c79) translation update (#93023)
  * (898f9f) manager: reword role absence message in APIClient details (#93023)
  * (6b5279) csv_import: ignore empy rows (#93812)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 12 Aug 2024 09:30:49 +0200

authentic2 (5.59) trixie-eobuilder; urgency=low

  * (14f0fd) auth_oidc: allow no OU on OIDC provider in the manager form (#93856)
  * (d9c758) auth_oidc: only set user's ou if there is none or a ou__slug mapping is
    used (#93856)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 05 Aug 2024 18:06:20 +0200

authentic2 (5.58) trixie-eobuilder; urgency=low

  * (1823cb) manager: fix user import according to hobo agent (#92950)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 01 Aug 2024 12:25:31 +0200

authentic2 (5.57) trixie-eobuilder; urgency=low

  * (c26e3c) translation update (#91998)
  * (d43f11) manager: add email domain blacklist to password authenticator (#91998)
  * (ae7851) a2_rbac: set existing role-admin roles' adequate permissions (#75205)
  * (6e7395) a2_rbac: restrict permissions granted to role administration (#75205)
  * (2fce99) manager: disable autocomplete on APIClient login/pass fields (#92363)
  * (a4bc75) apiclient: fix authentication when identifier is not unique (#93475)
  * (dd0f0e) translation update (#93287)
  * (cb3d92) auth_fc: add more generic INSEE code territory recognition (#93287)
  * (524d1b) tests: update generated RSA keysize for cryptography 43 (#93365)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 01 Aug 2024 11:59:10 +0200

authentic2 (5.56) trixie-eobuilder; urgency=low

  * (3a2eae) misc: allow verification sources to be left empty (#92626)
  * (bac0de) translation update (#92800)
  * (895129) manager: change password field description for apiclient edition
    (#92800)
  * (c17e81) translation update (#93171)
  * (8a657d) authenticators: expand show_condition help text (#93171)
  * (a3ef3e) trivial: update pre-commit-hooks to 4.6.0 (#93275)
  * (aebfd8) api: fix check apiclient API for apiclient with same identifier
    (#93022)
  * (de25a0) fix phone-attribute modification fr translation (#92841)
  * (572f21) ci: stop building for bullseye (#93027)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Jul 2024 16:49:39 +0200

authentic2 (5.55) trixie-eobuilder; urgency=low

  * (25c756) translation update (#92024)
  * (6f7c1c) /accounts/: when possible let users delete their phone id (#92024)
  * (77bead) update phone-authn related translations

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Jul 2024 12:33:14 +0200

authentic2 (5.54) trixie-eobuilder; urgency=low

  * (4b6ca0) translation update
  * (a2ae92) registration: fix redirect after canceling at /register (#85426)
  * (fcf186) api: add service's is_superuser in check-api-client (#92548)
  * (d38537) /accounts/: provide clearer changed phone id label (#92020)
  * (5e53a7) /accounts/: handle changed phone identifier local uniqueness (#92018)
  * (a5ed7f) misc: fix erroneous data in log info-level entry (#92018)
  * (a33d68) /manage/users/: fix buggy phone-id uniqueness checks at edit (#92027)
  * (ed3be6) translation update (#92223)
  * (c0e021) manager: add IP restrictions infos in APIClient details (#92223)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 04 Jul 2024 19:30:03 +0200

authentic2 (5.53) trixie-eobuilder; urgency=low

  * (149a61) auth_fc: do not set title as verified, never update it (#92276)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 28 Jun 2024 17:51:24 +0200

authentic2 (5.52) trixie-eobuilder; urgency=low

  * (bc1a3c) misc: accept empty value as title value (#92436)
  * (80cf71) translation update (#90165)
  * (bca592) authentic2_idp_oidc: disallow sector identifier changes when it's
    dangerous (#90165)
  * (0d0aa2) auth_oidc: use idtoken content in role attribution context (#92300)
  * (30bf9a) auth_oidc: make authentication error message localizable (#92349)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 28 Jun 2024 14:04:56 +0200

authentic2 (5.51) trixie-eobuilder; urgency=low

  * (84b7d8) manager: remove superfluous newlines added in api client IP fields
    (#92221)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 24 Jun 2024 16:33:38 +0200

authentic2 (5.50) trixie-eobuilder; urgency=low

  * (d99e71) attribute_kinds: serialize title to string for DRF (#92148)
  * (b0bc20) misc: mark saml management command directory as a module (#92151)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 Jun 2024 12:40:30 +0200

authentic2 (5.49) trixie-eobuilder; urgency=low

  * (755fce) translation update
  * (f22b7f) auth_saml: add idp metadata refresh command (#91907)
  * (929eea) auth_oidc: log and report invalid claim values (#91307)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 Jun 2024 08:39:45 +0200

authentic2 (5.48) trixie-eobuilder; urgency=low

  * (bf923f) translation update
  * (572558) i18n: show 'Execute import' instead of 'Execute' in user_import_report
    (#86015)
  * (018fb7) ldap: only warn when server is not available/timeout (#75632)
  * (f94db0) translation update, with i18n input string newlines stripped (#91869)
  * (468c54) manager: provide clearer explanation for an API client's OU (#91869)
  * (54a067) misc: fix pylint 3.2.x warnings (#90625)
  * (b0b3be) translation update (#91751)
  * (3f4ba0) manager: remove apiclient role link if no permission on it (#91751)
  * (d88f10) manager: add inherited role's ou in apiclient details (#91750)
  * (326b02) manager: add inherited roles in api_client details (#76359)
  * (4d4421) misc: use publik_django_templatetags.wcs.context_processors.wcs_objects
    (#91854)
  * (7ef664) translation update (#91760)
  * (37c664) manager: ignore defaultness variations at OU import (#91760)
  * (349696) translation: change 'Définir son' to 'Associer un(e)' (#84047)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 18 Jun 2024 11:21:29 +0200

authentic2 (5.47) trixie-eobuilder; urgency=low

  * (ed4157) js: fix address value prefill with house number (#91491)
  * (62dc3e) csv_import: strip csv values before user import to avoid errors on
    trailing spaces (#86013)
  * (6abe1a) misc: mark 'Password' API client form field for translation (#91461)
  * (453729) custom_user: add custom_user index on user last_name,first_name
    (#89986)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 05 Jun 2024 15:22:35 +0200

authentic2 (5.46) trixie-eobuilder; urgency=low

  * (866d6d) auth_oidc: use Model.clean_fields() when emitting field specific errors
    (#91261)
  * (c03344) idp_oidc: add typ:JWT to JWT header (#91351)
  * (ff27e4) translation update (#90052)
  * (2ca2d2) api: add feature flag for APIClient IP restriction (#90052)
  * (93fe24) manage: add ip restrictions fields to apiclient forms (#90052)
  * (ccc325) api: add ip parameter to check-api-client (#90052)
  * (de65a3) api: add ip restriction to api client model (#90052)
  * (0a29e1) misc: prevent recursion inside LDAPUser.init_from_request (#91260)
  * (6ff399) auth_fc: do not expose link block for external accounts (#91075)
  * (e75c38) custom_user: add method to check if user is an external account
    (#91075)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 03 Jun 2024 17:25:48 +0200

authentic2 (5.45) trixie-eobuilder; urgency=low

  * (8af1f4) misc: add cache to authenticators getters (#91208)
  * (d7d426) api: change client's password handling (#89456)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 May 2024 18:31:45 +0200

authentic2 (5.44) trixie-eobuilder; urgency=low

  * (210e36) manager: set OUs' phone-identifier local uniqueness (#90991)
  * (c36d21) auth_saml: check user.roles before applying changes (#91074)
  * (4c01e7) registration: ignore OU on registration with existing email and global
    unicity (#88009)
  * (a6ff36) translation update (#91047)
  * (cfd61a) idp_oidc: add pre-defined claim value help-text in manager (#91047)
  * (17399e) CAS: fix checking user service access before redirecting him (#90766)
  * (88c619) tox: discard pylint 3.2.x versions (#90834)
  * (df7a49) api: remove deprecated statistics endpoints (#90669)
  * (f92317) api: do not expose group_by filter for inactivity statistics (#90469)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 May 2024 16:12:25 +0200

authentic2 (5.43) trixie-eobuilder; urgency=low

  * (182e1b) translation update (#90337)
  * (af7807) registration: add account redundancy info in sms (#90337)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 May 2024 10:46:45 +0200

authentic2 (5.42) trixie-eobuilder; urgency=low

  * (cd3244) translation update (#90431)
  * (4187b9) forms: add “phone-optional” widget rendering (#90431)
  * (9d1c86) tox: grab latest main gadjo sources from gitea (#90649)
  * (b6a449) misc: adapt to gadjo's more recent versions changes (#90649)
  * (bbd519) tox: discard overly-strict 3.2.0 pylint version (#90624)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 May 2024 10:29:40 +0200

authentic2 (5.41) trixie-eobuilder; urgency=low

  * (71203d) api: do not crash on None name in roles endpoint (#90438)
  * (f9b6a7) api: do not crash on None name in roles endpoint (#90438)
  * (c87ba2) auth_oidc: add early debug log of id_token content (#89940)
  * (f801df) auth_oidc: catch JWT signature verification exceptions (#90208)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 13 May 2024 17:42:18 +0200

authentic2 (5.40) trixie-eobuilder; urgency=low

  * (bc45b6) translation update (#90190)
  * (112d16) phone field: do not bypass more precise dialability check (#90190)
  * (c20520) phone authn: fix i18n on format error messages (#90190)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 May 2024 12:11:25 +0200

authentic2 (5.39) trixie-eobuilder; urgency=low

  * (e58003) passwords: do not assume email input on account recovery (#90191)
  * (8c4d98) misc: use samesite=None for opened session cookie (#90197)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 Apr 2024 15:06:38 +0200

authentic2 (5.38) trixie-eobuilder; urgency=low

  * (55416b) translation update (#88163)
  * (7f03e0) phone-authn: on registration, inform user of existing duplicate
    (#88163)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 29 Apr 2024 09:54:01 +0200

authentic2 (5.37) trixie-eobuilder; urgency=low

  * (dbf77a) hide fields' requisiteness on phone-enabled password-reset (#88147)
  * (5cc355) password_reset: provide phone authn config in template ctx (#88158)
  * (033c85) hide fields' requisiteness on phone-enabled registration (#88146)
  * (154214) login registration: provide phone authn config in template ctx (#88144)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Apr 2024 17:09:32 +0200

authentic2 (5.36) trixie-eobuilder; urgency=low

  * (6db2b5) translation update (#88287)
  * (ad67e6) /accounts/: compute profile completion ratio (#88287)
  * (2b3d04) manager: search role with unaccent lookup (#87906)
  * (1d966e) translation update (#88786)
  * (f3e57d) login/pwd authenticator: allow setting sms code duration (#88786)
  * (a6df1a) translation update (#88045)
  * (fe9983) misc: add skipped i18n str fragment (#88045)
  * (6a7a48) forms/fields: provide clearer validation error for PhoneField (#88045)
  * (0abfbc) api: check phone uniqueness at user serializer validation (#83700)
  * (d04202) auth_oidc: prevent trace when jwkset_json is None (#88885)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Apr 2024 11:25:29 +0200

authentic2 (5.35) trixie-eobuilder; urgency=low

  * (16b714) Revert manager: search role with unaccent lookup (#87906)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 30 Mar 2024 14:53:08 +0100

authentic2 (5.34) trixie-eobuilder; urgency=low

  * (67674f) manager: search role with unaccent lookup (#87906)
  * (36bc55) authenticators: add helper functions for show condition (#67986)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 29 Mar 2024 23:30:58 +0100

authentic2 (5.33) trixie-eobuilder; urgency=low

  * (4dc8f6) misc: remove dead logged-in JSONP endpoint (#88195)
  * (95701c) manager: add display condition on homepage sidebar title (#87961)
  * (0334e5) widgets: add check on field_id parameter for select2.json urls (#88250)
  * (634211) translation update
  * (cbbc6b) translation update
  * (137a58) forms: add an example of email address in registration form (#83254)
  * (891dd6) manager: forbid sort on role inheritance table member column (#88249)
  * (cb751d) urls: use uuid routing parameter for sms code opaque urls (#88044)
  * (1831a8) discard unused token qs paramer when redirecting to code input (#88045)
  * (a03e11) tests: remove httmock from tox.ini deps (#87799)
  * (851ac2) tests: replace httmock with responses for auth_oidc tests (#85702)
  * (6b5c57) tests: replace httmock by responses in auth_fc tests (#85701)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Mar 2024 16:37:06 +0100

authentic2 (5.32) trixie-eobuilder; urgency=low

  * (2d9a56) journal: fix get_message for user.login.failure events (#87616)
  * (35e042) manager: add multi-word role search (#86979)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 29 Feb 2024 15:33:44 +0100

authentic2 (5.31) trixie-eobuilder; urgency=low

  * (af6ad8) csv_import: accept empty unmandatory phone (#87581)
  * (f9d07d) auth_oidc: ignore missing kid when comparing keysets (#87468)
  * (7d6601) idp oidc: use min() to cap login retry timeout (#87442)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 28 Feb 2024 17:48:38 +0100

authentic2 (5.30) trixie-eobuilder; urgency=low

  * (0c77d6) ldap: prevent use of lock_email outside of a transaction (#70439)
  * (5726ea) tests: use a deterministic order on users (#67600)
  * (39ee9d) ldap: use get_by_email for ldap email lookup (#67600)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 23 Feb 2024 20:18:27 +0100

authentic2 (5.29) trixie-eobuilder; urgency=low

  * (d27106) translation update
  * (dbed18) api/statistics: add service_ou filter when not group-by (#86179)
  * (4ba169) a2_rbac: set admin role view permissions to role's OU users (#84706)
  * (dc5b82) translation update (another typo fix) (#86861)
  * (7fd657) translation update (typo fix) (#86861)
  * (e63b9c) auth_oidc: rewrite loading of jwkset by URL (#85934)
  * (eceb4b) tests: split auth_oidc manager tests (#85934)
  * (f13c7c) tests: move auth_oidc tests (#85934)
  * (50c0bb) misc: move http utils in authentic2.utils.http (#85934)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Feb 2024 17:51:28 +0100

authentic2 (5.28) trixie-eobuilder; urgency=low

  * (d50622) idp_cas: fix retrieval of LDAP user attributes (#86089)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 05 Feb 2024 10:51:19 +0100

authentic2 (5.27) trixie-eobuilder; urgency=low

  * (3ab951) translation update
  * (9a46b0) utils: authorize unaryop in expressions (#86266)
  * (1e4833) utils: fix interpolation of error messages in condition_validator
    (#86266)
  * (b41cca) api/statistics: add inactivity-related events (#85790)
  * (06ea77) manager: do not display empty menu on users page (#85199)
  * (37f389) idp_oidc: add slug edition field in edit form (#76223)
  * (7c4462) templates: add true, false, & null aliases to context (#83795)
  * (02fccc) manager: add link to role in api_client details (#76473)
  * (5879a3) manager: add homepage link on service page (#76005)
  * (d7bfac) api: remove deprecated statistics from API listing (#86177)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 01 Feb 2024 18:19:27 +0100

authentic2 (5.26) trixie-eobuilder; urgency=low

  * (3bcba1) translation update
  * (6cd42b) auth_saml: do not load disabled authenticators (#86075)
  * (5bb21a) auth_oidc: do not use logging inside a failed transaction (#84540)
  * (c58210) saml: get uploaded metadata file content as a string (#86217)
  * (670481) misc: make opened session cookie http only and secure (#76809)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 Jan 2024 09:42:52 +0100

authentic2 (5.25) trixie-eobuilder; urgency=low

  * (ddec7a) translation update
  * (e6feec) misc: improve error handling when reading/writing roles summary cache
    (#84096)
  * (95cc8b) translation update (#75255)
  * (119ae5) user_details: use model's effective alert date when relevant (#75255)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Jan 2024 21:46:54 +0100

authentic2 (5.24) trixie-eobuilder; urgency=low

  * (9bd585) misc: do not use the ORM in Command.__init__ (#85699)
  * (9bdae8) misc: replace PASSWORD_RESET_TIMEOUT_DAYS by PASSWORD_RESET_TIMEOUT
    (#81386)
  * (27cb40) tests/change_phone: deprecate httmock (#85304)
  * (2e4529) tests/commands: deprecate httmock (#85304)
  * (20c1bc) tests/registration: deprecate httmock (#85304)
  * (047e6f) tests/password_reset: deprecate httmock (#85304)
  * (37c5ff) tests/views: deprecate httmock (#85304)
  * (fc5ec7) tests/admin: deprecate httmock (#85304)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 15 Jan 2024 18:10:50 +0100

authentic2 (5.23) trixie-eobuilder; urgency=low

  * (de5168) translation update
  * (798712) tox.ini: simplify coverage configuration (#1)
  * (3a2472) auth_oidc: suppress error log on non error condition (#85669)
  * (594ada) api: add routes to get roles by slug (#52226)
  * (a89afc) api: add routes to get OUs by slug (#52226)
  * (7819b8) user: add helper to add role to user (#52226)
  * (aa8cf9) tests: move create_user in tests.utils (#52226)
  * (b3a791) misc: add converters (#52226)
  * (6cb325) auth_fc: add mapping from gender to title (#84093)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 15 Jan 2024 15:46:44 +0100

authentic2 (5.22) trixie-eobuilder; urgency=low

  * (c0cd75) tox.ini: include tests in coverage reports (#85643)
  * (aa554e) idp_oidc: use sesssion accessor in Token.is_valid() (#85643)
  * (62a950) idp_oidc: use code's session in token endpoint (#85643)
  * (fccc8b) tests/idp_oidc: use new app for calls to the token endpoint (#85643)
  * (28afd8) tox.ini: use pytest-cov test context (#84017)
  * (1d92a0) idp_oidc: build the sid using the client_id instead of the sector
    identifier (#84017)
  * (3f038a) api/tests: test get_or_create & force_password_reset jointly (#85363)
  * (223f14) translation update (#85235)
  * (836769) management: send sms alert to email-less inactive users (#85235)
  * (ad8452) translation update (#85276)
  * (5b6227) manager: prevent phone id duplicates at user edition time (#85276)
  * (5a969b) translation update (#83841)
  * (5468f6) auth_oidc: disable local webkey json edition when fetched remotely
    (#83841)
  * (57dd6b) auth_oidc/management: add remote jwksets refresh command (#83841)
  * (51820d) auth_oidc: let providers declare their webkeys through public url
    (#83841)
  * (7736fe) translation update (#82737)
  * (b9da1b) handle phone-uniqueness settings at registration time (#82737)
  * (fe87d2) templates: adapt account selection form to phone authn (#82737)
  * (6e2105) test phone-registration with existing accounts scenarios (#82737)
  * (24216c) ldap: set LDAP url on raised LDAPError for the technical information
    view (#83425)
  * (0ca023) manager: fix slug computing on role creation (#82389)
  * (c22443) css: improve layout of role summary page (#82541)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 15 Jan 2024 12:04:54 +0100

authentic2 (5.21) trixie-eobuilder; urgency=low

  * (c7b992) update translations

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Jan 2024 11:24:33 +0100

authentic2 (5.20) trixie-eobuilder; urgency=low

  * (f9dfd4) auth_oidc: fix warning message formatting on id token error (#85119)
  * (8bbf98) update translations
  * (1b80eb) authenticators: fix condition and show_condition help text (#83730)
  * (f1ec75) idp_cas: does not revalidate the session key (#10688)
  * (4cf0ec) tests: decrease concurrency to 20 (#84960)
  * (f45440) manager: fix ordering in user's roles table (#16474)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 28 Dec 2023 16:08:13 +0100

authentic2 (5.19) trixie-eobuilder; urgency=low

  * (62b265) translation update (#81969)
  * (2a1c64) ldap: display directory errors at user authentication time (#81969)
  * (c649bc) api: discard obsolete registration endpoint (#83234)
  * (42e392) translation update (#84666)
  * (669195) data_transfer: handle MultipleObjectsReturned in search_role() (#84766)
  * (1aa7e1) forms: do not assume identifier presence at password reset (#84666)
  * (8eea70) tox.ini: remove constraint on pylint version (#84019)
  * (293347) tests: skip test_null_byte after python 3.11 (#84824)
  * (3b6fdd) auth_saml: show OU in authenticator configuration form (#84560)
  * (b0a9b7) auth_saml: create user on authenticator's OU (#84563)
  * (f95e95) tests/api: give get_or_create across objects its own test file (#84679)
  * (178689) tests/api: give free-text search its own test file (#84679)
  * (b3477d) tests/api: give filters their own test file (#84679)
  * (872396) tests/api: group user synchronization tests in adequate file (#84679)
  * (3d2c69) tests/api: give password validation its own test file (#84679)
  * (e6a800) tests/api: give /find_duplicates/ its own test file (#84679)
  * (13c32a) tests/api: give phone normalization its own test file (#84679)
  * (67f152) tests/api: give role memberships their own test file (#84679)
  * (01bf2b) tests/api: give statistics their own test file (#84679)
  * (0e727f) tests/api: give user profile their own test file (#84679)
  * (3db301) CI: let (now more powerful) jenkins run more concurrent threads
    (#84578)
  * (6d54fe) misc: add dependency on publik-django-templatetags to setup.py (#84358)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Dec 2023 11:36:24 +0100

authentic2 (5.18) trixie-eobuilder; urgency=low

  * (a4d774) translation update
  * (6ed2ab) manage: display identifier phone number in users table (#83261)
  * (29aadd) tests: check volume of queries while displaying users table (#83261)
  * (b925bc) misc: declare dependency on publik-django-templatetags (#83698)
  * (4af1cd) manager: enable context_processors in backoffice_sidebar_template
    (#83885)
  * (ef0dfc) Revert "manager: feed template vars to views" (#83885)
  * (1a4dce) idp_oidc: add boolean flag to OIDCClient to force use of PKCE (#84200)
  * (632e2a) idp_oidc: implement PKCE mechanism (#84200)
  * (4bf5af) manager: feed template vars to views (#83885)
  * (127e49) templates: add message about form errors in page title (#83164)
  * (953c84) manage: display users advanced config form as popup (#83848)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 06 Dec 2023 16:04:02 +0100

authentic2 (5.17) trixie-eobuilder; urgency=low

  * (9f4e55) translation update
  * (e1099a) role_summary: support objects with no dependencies (#84132)
  * (9ee9d0) tests: use deterministic suffixes (#83710)
  * (19a17d) views: forbid registration view to authenticated users (#12382)
  * (7efa69) misc: log requests during build_role_summary_cache (#84098)
  * (4fb92d) tests: disable log_to_console contextmanager during some tests (#84084)
  * (77c409) translation update (#84097)
  * (d6a419) idp_oidc: warn admin on changed sector_id in /manage/ (#84097)
  * (0045e2) translation update (#84092)
  * (6a2059) idp_oidc: prevent ambiguous redirect uris when used as sector id
    (#84092)
  * (a80751) ldap: do not crash when simple_bind_s raises STRONG_AUTH_REQUIRED
    (#83539)
  * (e0dcfc) auth_fc: ignore invalid emails (#49623)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 01 Dec 2023 14:31:24 +0100

authentic2 (5.16) trixie-eobuilder; urgency=low

  * (6000a4) translation update
  * (2a9446) auth_oidc: check provider.jwkset before using it (#75786)
  * (49c9e6) tox.ini: remove last constraints on psycopg2-binary (#83888)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 Nov 2023 10:51:01 +0100

authentic2 (5.15) trixie-eobuilder; urgency=low

  * (adf59b) setup: compute pep440 compliant dirty version number (#81731)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 Nov 2023 17:38:18 +0100

authentic2 (5.14) trixie-eobuilder; urgency=low

  * (b07ea3) translation update (#83638)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 Nov 2023 16:01:41 +0100

authentic2 (5.13) trixie-eobuilder; urgency=low

  * (b6f13f) translation update (#81389)
  * (952072) manager: display templated user info in sidebar (#81389)
  * (ae2f54) manage: reset phone verification on value change (#82739)
  * (924ec5) accounts: fix deletion message on missing phone (#82739)
  * (af5311) manage: discard irrelevant "deletion" info for ldap users (#82522)
  * (66137a) manager: don't use service type in deletion popup title (#83197)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Nov 2023 10:57:57 +0100

authentic2 (5.12) trixie-eobuilder; urgency=low

  * (dec602) translation update
  * (e4bff6) manager: reword a label on the role summary page (#83448)
  * (f11af4) misc: get rid of unused fieldset on the role summary view (#83404)
  * (3e3034) translation update
  * (14d739) debian: add back memory-report to uwsgi default configuration (#80451)
  * (5a1548) idp_oidc: authorization code flow, provide "sid" claim in id_token
    (#83365)
  * (ed92e3) manager: expose role summary page (#83303)
  * (550786) misc: give a name to sample roles CSV file (#83107)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 14 Nov 2023 14:02:48 +0100

authentic2 (5.11) trixie-eobuilder; urgency=low

  * (d2439d) debian: run roles-summary every night (#83097)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Nov 2023 11:16:18 +0100

authentic2 (5.10) trixie-eobuilder; urgency=low

  * (4ba285) manager: use cached data to build role summary page (#82837)
  * (6740c4) management: add role_summary command (#82837)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Nov 2023 17:24:22 +0100

authentic2 (5.9) trixie-eobuilder; urgency=low

  * (a26551) misc: use select2 widget for roles in AddRoleAction (#82092)
  * (aab612) translation update (#83013)
  * (472e86) idp_oidc: raise error on inconsistent authz storage config (#83013)
  * (e0d257) translation update (#82729)
  * (c491d6) idp_oidc: make "do not ask again" choice optional (#82729)
  * (461011) translation update (#82733)
  * (c81887) accounts: add phone-change view title (#82733)
  * (f447ed) i18n: fix phone authn translation typo (#82732)
  * (4c64a4) debian: add uwsgi/authentic SyslogIdentifier in services (#82977)
  * (a6abde) misc: add autocomplete attribute to email field on register form
    (#82158)
  * (cf052e) misc: add a proper title to role summage page (#82838)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Nov 2023 16:53:49 +0100

authentic2 (5.8) trixie-eobuilder; urgency=low

  * (7c8380) update translation
  * (b297b7) manager: query other services in summary page (#79620)
  * (465226) api: add role summary view (#79620)
  * (16af37) misc: add DRF error utilities (#79620)
  * (8f6628) manager: start role summary page (#79620)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 20 Oct 2023 12:14:10 +0200

authentic2 (5.7) trixie-eobuilder; urgency=low

  * (38d52e) translation update (#66416)
  * (376c66) ldap: use a separate backend config flag for ppolicy controls (#66416)
  * (554491) tests/ldap: fix conflicting access rights with slapd>2.4 (#66416)
  * (ad06d2) password_reset_confirm: handle ldap ppolicy errors (#66416)
  * (7c7c63) password_change: stay on form page when ldap ppolicy errors happen
    (#66416)
  * (20f98d) ldap: improve password expiration date formatting (#66416)
  * (284d18) ldap: set sharper ppolicy_control error messages when relevant (#66416)
  * (c4289c) ppolicy: handle reset redirect after a changeAfterReset error (#66416)
  * (3d10be) ldap: handle ppolicy controls at password-reset time (#66416)
  * (fddbad) ldap: rename process_controls method to process_bind_controls (#66416)
  * (c309d2) ldap: fix encoding password on modify_password (#66416)
  * (42961d) password_policy_control_messages: fix handling passwordExpired (#66416)
  * (a27ef6) test_ldap: use USERNAME & PASS instead of hard-coded values (#66416)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 17 Oct 2023 10:30:25 +0200

authentic2 (5.6) trixie-eobuilder; urgency=low

  * (6bbcb3) translation update
  * (6045f5) idp_oidc: allow CORS requests on configuration, certs, token and
    user_info (#50571)
  * (455a68) idp_oidc: add getter on redirect_uris (#50571)
  * (a5f6c7) idp_oidc: remove unused arguments (#50571)
  * (d9f9b5) idp_saml2: add CORS headers to SSO endpoint (#82266)
  * (2cc154) debian: raise upper version bound on django-import-export (#81941)
  * (5d6931) tox: provide respective django-import-export dependencies (#81941)
  * (c1c3a7) setup: allow for bookworm's django-import-export (#81941)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 12 Oct 2023 18:13:29 +0200

authentic2 (5.5) trixie-eobuilder; urgency=low

  * (f8c87c) authenticators: fix bad empty conditions in AddRoleAction (#82128)
  * (eb8a3f) a11y: add back link label in "what is FranceConnect?" link title
    (#82093)
  * (35a2c5) debian: raise upper version bound on drf (#81943)
  * (76fbfb) api: fix SlugFromNameDefault's context initialization (#81943)
  * (6c2c4d) tox: add 'stable' env drf dependency (#81943)
  * (7d7c82) setup: allow for drf v3.14 (bookworm version) as dependency (#81943)
  * (a76883) tox: add 'stable' env (and its only dependency supported yet) (#81945)
  * (5a67dc) setup: allow jwcrypto v1.1 as dependency (#81945)
  * (e86a66) tox: make bullseye dependencies appear as 'oldstable' (#81945)
  * (652c73) fix translation (#81987)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 06 Oct 2023 23:11:50 +0200

authentic2 (5.4) trixie-eobuilder; urgency=low

  * (37a0c4) translation update
  * (793523) custom_user: use strict_word_similarity in find_duplicates (#80940)
  * (1f980a) ci: keep on using pylint 2 while pylint-django is not ready (#81905)
  * (00f910) utils: disallow any redirect URL starting with /\ or \\ (#81522)
  * (fb2f11) authenticators: remove obsolete fields from AddRoleAction (#81388)
  * (5adb9c) authenticators: use condition for role attribution (#81388)
  * (869aa8) utils: add condition template evaluation (#81388)
  * (58d601) ldap: mark error block with errornotice class (#81664)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 Oct 2023 11:51:34 +0200

authentic2 (5.2) trixie-eobuilder; urgency=low

  * (bc61f7) translation update (#81478)
  * (a312f0) csv_import: detect inconsistent password hash formats (#81478)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 25 Sep 2023 16:58:07 +0200

authentic2 (5.1) trixie-eobuilder; urgency=low

  * (fb609d) manage: discard redundant detailed apiclient description (#81444)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 21 Sep 2023 12:10:09 +0200

authentic2 (5.0) trixie-eobuilder; urgency=low

  * (704c08) api: write user's phone as a profile attribute only (#80950)
  * (432f73) api: make users pagination offset as a setting (#81100)
  * (a271a4) translation update (#81333)
  * (18e063) manage: display relevant info on apiclient detail page (#81333)
  * (16d766) translation update (#78332)
  * (e465ff) api: allow per-client user attributes restriction (#78332)
  * (610faa) translation update
  * (1304e5) api: add ou selection to get/update_or_create mixin (#80957)
  * (022060) api: test roles endpoint simple get/update_or_create behavior (#80957)
  * (bc258e) auth_saml: allow empty value in attribute mapping json field (#81011)
  * (86e9e5) utils/evaluate: allow DNS blocklisting of IPv6 addresses (#80508)
  * (f31786) custom_user: use any identifier for full name fallback display (#80473)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 21 Sep 2023 11:37:12 +0200

authentic2 (4.99) trixie-eobuilder; urgency=low

  * (4766ae) auth_oidc: fix role attribution when no user info or it misses expected
    attribute (#80548)
  * (a88215) ci: fix pre-commit failing on double quotes introduced by (#79807)
  * (8ecd9b) translation update
  * (fa9f88) debian: add richelieu wordlist to package (#79806)
  * (004dd2) authenticators: load custom password dictionaries (#79806)
  * (5b8524) forms: include user attributes in password strength check (#79807)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Aug 2023 15:37:38 +0200

authentic2 (4.98) trixie-eobuilder; urgency=low

  * (ad918e) authenticators: accept longer login button labels (#80424)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 17 Aug 2023 15:41:47 +0200

authentic2 (4.97) trixie-eobuilder; urgency=low

  * (dbf2b1) translation update (#78111)
  * (e05961) warn users on password change confirmation (#78111)
  * (91433b) manager: avoid crash in slug creation from long names (#80383)
  * (08d3dc) handle password-less phone identifier change (#79891)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 17 Aug 2023 11:11:18 +0200

authentic2 (4.96) trixie-eobuilder; urgency=low

  * (e1de37) translation update
  * (ef82ff) accounts: adapt first email declaration action label (#80361)
  * (80b2e6) accounts: warn on redundant messages for SMS-based actions (#80342)
  * (c317cf) registration: perform proper identifier verification (#79865)
  * (2fb16c) change_email: adapt help text when no current address is known (#79801)
  * (2bf74f) tests phone authn and OU selection compatibility (#78454)
  * (b66cbc) translation update (#80286)
  * (4744f6) forms: rephrase authentication form error message (#80286)
  * (26b0d8) ci: build deb package for bookworm (#78968)
  * (156469) misc: update git-blame-ignore-revs to ignore quote changes (#80252)
  * (b019f0) misc: apply double-quote-string-fixer (#80252)
  * (6e5428) misc: add pre commit hook to force single quotes (#80252)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 14 Aug 2023 15:04:13 +0200

authentic2 (4.95) trixie-eobuilder; urgency=low

  * (df7450) translation update (#72615)
  * (c5e56d) allow phone-based account deletion (#72615)
  * (aa5e28) custom_user: perform phone-id retrieval as a model property (#72615)
  * (520135) general: add a timestamp to static URLs, to avoid caching issues
    (#80226)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Aug 2023 13:55:25 +0200

authentic2 (4.94) trixie-eobuilder; urgency=low

  * (671742) translation update
  * (3ed9aa) forms: use correct username label in auth error message (#79808)
  * (11dc66) views: stop advertizing username login by default (#79808)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Aug 2023 17:58:06 +0200

authentic2 (4.93) trixie-eobuilder; urgency=low

  * (6ebea8) translation update
  * (4aac23) manager: add breadcrumbs in service config edition page (#79260)
  * (6b7a2a) add role action based on received SSO attribute (#77756)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Aug 2023 13:18:25 +0200

authentic2 (4.92) trixie-eobuilder; urgency=low

  * (afc21d) translation fix
  * (76bce2) api: add api/users/<uuid>/service/<slug> endpoint (#79230)
  * (e42047) debian: remove memory-report from uwsgi default configuration (#79890)
  * (d9ef51) misc: remove old Django version support (#79851)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 31 Jul 2023 14:03:57 +0200

authentic2 (4.91) trixie-eobuilder; urgency=low

  * (b478bc) translation update (#72614)
  * (6c27ec) accounts: let users declare and change an identifying phone number
    (#72614)
  * (eab3d4) accounts: exclude identifier phone from attributes edition view
    (#72614)
  * (cc203c) api: provide an authentication healthcheck endpoint (#79183)
  * (c2c449) api: add full_name to serialized users (#79504)
  * (1c2a44) translation update (#76781)
  * (638ffe) authenticators: add view for login failure events (#76781)
  * (95583e) journal_event_types: fix link with authenticator on user login failure
    (#76781)
  * (c5c034) tests: raise unrealistic user csv import timeouts (#79725)
  * (7c158f) attribute_kinds: check types at date (de)serialization time (#76883)
  * (8c79a9) ldap_backend: periodically update mapped roles list (#75611)
  * (24d7ed) auth_oidc: filter out disabled attributes (#75474)
  * (42c2ec) auth_oidc: test that disabled attributes are out of mapping form
    (#75474)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Jul 2023 16:28:29 +0200

authentic2 (4.90) trixie-eobuilder; urgency=low

  * (e59f25) auth_saml: hide unused ou field in authenticator settings (#79489)
  * (377b85) translation update (#79528)
  * (3e6718) authenticators: explain static password strength checks (#79528)
  * (8a1ffc) authenticators: translate boolean values on details page (#79507)
  * (1d42f7) translation update (#77243)
  * (2aaa7f) manager: allow showing role admin roles in parents view (#77243)
  * (1ad84a) manager: allow viewing admin role of a role (#77243)
  * (1a6130) custom_user: remove deprecated identifier db constraint (#79135)
  * (a0fee8) user: revert phone modelfield-to-attribute implicit write (#79135)
  * (9b37fd) manager: use get_full_name to display user in title and breadcrumb
    (#79502)
  * (f53fe7) manager: redirect to account page after user switch (#79550)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 17 Jul 2023 14:50:45 +0200

authentic2 (4.89) trixie-eobuilder; urgency=low

  * (e9f8c7) api: do not crash on invalid filter (#79447)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Jul 2023 10:53:36 +0200

authentic2 (4.88) trixie-eobuilder; urgency=low

  * (b450d8) translation update (fix ldap no reset password email)
  * (3160a8) registration: forbid too long email addresses (#78400)
  * (4a0aeb) authenticators: enable password strength meter by default (#79072)
  * (dc4341) authenticators: force first migration after a2_rbac migrations (#79083)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 30 Jun 2023 17:24:36 +0200

authentic2 (4.87) trixie-eobuilder; urgency=low

  * (f718cb) authenticators: migrate min_password_strength to password authenticator
    (#78232)
  * (08d7c0) translation update (#78046)
  * (e4cb69) /manage/: make phone-authn config a flagged feature (#78046)
  * (053899) password reset: decide on which phone attribute to use (#78046)
  * (795f04) registration: decide on which phone attribute to use (#78046)
  * (f9b9d9) authn: let the model backend decide which phone attribute to use
    (#78046)
  * (eef2e1) migrate A2_ACCEPT_*_AUTHENTICATION to models (#78046)
  * (a1169d) add identifiers options on login/password authn (#78046)
  * (16bfe4) translation update (french orthography rectifications of 1990)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 26 Jun 2023 15:58:24 +0200

authentic2 (4.86) trixie-eobuilder; urgency=low

  * (c52415) translation update
  * (e90b1a) a11y: remove autofocus of username input field (#78108)
  * (f8ec00) misc: mark "Users export" title for translation (#78659)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 23 Jun 2023 11:28:40 +0200

authentic2 (4.85) trixie-eobuilder; urgency=low

  * (3e2cde) translation update
  * (bcae7d) translation update
  * (f10d5b) authenticators: migrate some settings to password authenticator
    (#41671)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Jun 2023 11:07:25 +0200

authentic2 (4.84) trixie-eobuilder; urgency=low

  * (f8a85c) registration: fix phone form field validation (#78244)
  * (fda174) translation update (#75142)
  * (bebb67) accounts: adapt to service appearance configuration (#75142)
  * (a0af74) password_reset: keep next-url througout sms reset process (#78409)
  * (7cd1f7) utils/misc: allow explicit next_url through authn simulation (#78409)
  * (447f70) translation update
  * (19f3e0) keep next_url througout phone registration (#72441)
  * (cd04a9) authentication: remove A2_REGISTRATION_GROUPS setting (#78230)
  * (5020e4) idp_oidc: simplify OIDCClientForm implementation (#77593)
  * (7b441a) authenticators: fix permission checking when editing related objects
    (#77366)
  * (1f157c) manager: remove role permission views (#77410)
  * (4a7575) authenticators: move registration_open flag to password authenticator
    (#77789)
  * (d511b5) a11y: remove erroneous <p> around registration form (#78109)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 13 Jun 2023 11:51:57 +0200

authentic2 (4.83) trixie-eobuilder; urgency=low

  * (dc1686) tests: add check on behaviour of OICDClient's clean (#77452)
  * (46b04a) debian: apply new pre-commit-debian (#77727)
  * (4268d3) ci: upgrade pre-commit-debian (#77727)
  * (a89824) manager: do not include erroneous link to deleted users (#62204)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 May 2023 10:57:44 +0200

authentic2 (4.82) trixie-eobuilder; urgency=low

  * (c247eb) templates: fix service info fragment broken links (#77844)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 23 May 2023 14:58:31 +0200

authentic2 (4.81) trixie-eobuilder; urgency=low

  * (1bf323) misc: fix "remotre" typo in authenticator condition (#77834)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 23 May 2023 13:30:10 +0200

authentic2 (4.80) trixie-eobuilder; urgency=low

  * (1e9c56) translation update (#77296)
  * (632d60) use generic appearance for SAML2 services only (#77296)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 15 May 2023 15:42:02 +0200

authentic2 (4.79) trixie-eobuilder; urgency=low

  * (2b6591) translation update
  * (85ce96) tests: remove mention of unused saml role action name (#77483)
  * (ac298d) a11y: add role="status" to "an email has been sent" messages (#75680)
  * (6b8b30) a11y: add proper text to close email input help (#71069)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 12 May 2023 15:40:47 +0200

authentic2 (4.78) trixie-eobuilder; urgency=low

  * (6821c6) translation update (#69890)
  * (ba9550) provide generic input code logic (#69890)
  * (af8adc) views: handle phone input on pw reset view (#69890)
  * (9de50d) forms/passwords: add phone field (#69890)
  * (45bc87) utils/sms: add password lost sms code recovery utils (#69890)
  * (cc443d) models: sms code adjustments for password reset (#69890)
  * (5cd9ad) auth_saml: add explicit class for submit button (#65864)
  * (7be932) debian: use argon2 as default hasher (#77111)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 04 May 2023 15:10:27 +0200

authentic2 (4.77) trixie-eobuilder; urgency=low

  * (49e758) translation update
  * (b782ec) auth_oidc: split configuration form into general and advanced tabs
    (#74969)
  * (dc6043) authenticators: record edited fields when using tabs (#74969)
  * (9d78da) manager: render authenticator form correctly when no tabs (#74969)
  * (e1fa32) authn: provide a single field for username and phone number (#72449)
  * (deb7d7) allow for fallback default variables in service info template (#75138)
  * (4fda95) manager: provide services default configuration interface (#75139)
  * (beec67) migrations: perform services default config data initialization
    (#75139)
  * (4b7e5d) models: add RuntimeSetting class (#75139)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 02 May 2023 12:04:04 +0200

authentic2 (4.76) trixie-eobuilder; urgency=low

  * (fa13b5) misc: set secure and http-only for cookie 'cookie-test' (#76809)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 20 Apr 2023 14:19:24 +0200

authentic2 (4.75) trixie-eobuilder; urgency=low

  * (77d9ac) translation update
  * (520f9c) journal: do not crash on None references (#76782)
  * (4ea4a6) auth_oidc: provide a less scary displayed error message (#73669)
  * (261c56) auth_oidc: avoid user messages with prompt=none related errors (#72538)
  * (65baa0) plugins: stop using pkg_resources (#22865)
  * (f0bc8f) utils: check csrf according to middleware declaration (#76589)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Apr 2023 17:41:17 +0200

authentic2 (4.74) trixie-eobuilder; urgency=low

  * (0c83fb) html: remove cell--body class to login password registration block
    (#76295)
  * (1bc5aa) api: return inherited roles for api client (#76282)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Apr 2023 06:53:13 +0200

authentic2 (4.73) trixie-eobuilder; urgency=low

  * (d38a53) html: add cell--body class to content of  block & a2block (#76204)
  * (b613a5) tests: update error selector for "new" gadjo markup (#76115)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 04 Apr 2023 10:48:50 +0200

authentic2 (4.72) trixie-eobuilder; urgency=low

  * (3a0316) manager: check slug of roles on CSV import (#75603)
  * (4c0277) misc: unify login blocks tags structure (#53264)
  * (cd1a6e) misc: render authenticators names in their own templates (#53264)
  * (1aeb81) ldap: prevent crash when recording a timeout failure (#73342)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 29 Mar 2023 17:14:29 +0200

authentic2 (4.71) trixie-eobuilder; urgency=low

  * (8d08f3) misc: update git-blame-ignore-revs (#75442)
  * (b21196) misc: bump djhtml version (#75442)
  * (f11043) misc: bump black version (#75442)
  * (bfc3a6) misc: change pyupgrade target version to 3.9 (#75442)
  * (74a045) misc: rename app.py to apps.py (#75462)
  * (6cbef3) misc: move AppConfig subclasses from init to apps.py (#75462)
  * (e12903) misc: change django-upgrade target version to 3.2 (#75442)
  * (7ee0ad) misc: require django 3.2 (#75442)
  * (e40161) tox: remove deprecated targets (#75439)
  * (a61a73) ldap_backend: add a synchronization timeout block option (#63560)
  * (ff62da) unused-accounts: use keepalive when identifying users to delete
    (#75286)
  * (747d11) unused-accounts: do not alert never-logged-in SAML2-federated users
    (#75179)
  * (4eca6f) templates: redo service info fragment with less blocks (#75125)
  * (087a71) authentic2_idp_oidc: index AccessToken::uuid field (#75238)
  * (47f70f) sql: index fields spotted in slow queries (#68317)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Mar 2023 10:27:17 +0100

authentic2 (4.70) trixie-eobuilder; urgency=low

  * (864e02) api: keep underscore when slugifying (#75227)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 08 Mar 2023 10:27:25 +0100

authentic2 (4.69) trixie-eobuilder; urgency=low

  * (bb1b5e) unused-accounts: explicitely skip ldap users (#75196)
  * (d4b0c1) unused-accounts: do not delete users from existing LDAP configuration
    (#75145)
  * (9d4037) unused-accounts: fix no-mail federated-account deletion feature
    (#75181)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 07 Mar 2023 11:50:30 +0100

authentic2 (4.68) trixie-eobuilder; urgency=low

  * (989d5c) unused-accounts: do not sent mail to never-logged-in federated users
    (#75086)
  * (9b5aab) utils: removed dead function batch() (#74727)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 06 Mar 2023 16:19:42 +0100

authentic2 (4.67) trixie-eobuilder; urgency=low

  * (de60d0) translation update (#72703)
  * (1d668a) OU consistency check between api client and roles at validation
    (#72703)
  * (ed292f) manager: filter api client's assignable roles depending on its OU
    (#72703)
  * (88fe8e) manager: force api client ou assignment for local admins (#72703)
  * (16ba28) models: drop non-nullity constraint ou API clients' OU (#72703)
  * (af77cf) manager: filter apiclient's available ous on user's ou perms (#72688)
  * (ba5602) manager: filter api client qs on user's admin ou permissions (#72688)
  * (2bf677) idp_oidc: restrict client's returned qs to authorized users (#65942)
  * (bfa653) translation update
  * (324c36) idp_oidc: enforce name uniqueness on claims in UI (#74920)
  * (e59226) idp_oidc: fix erroneous exception-handling at client authn time
    (#73990)
  * (3a6aa9) clean-unused-account: also delete never-logged-in users (#74890)
  * (575cf1) custom_user: provide more generic user-inactivity notifications
    (#74178)
  * (e3ba72) api: add global login and registration counts to statistics (#63368)
  * (30251c) api: add cleaner endpoints for statistics (#63368)
  * (104b33) api: drop legacy OU api filter (#63368)
  * (2b3cd0) tests: do not check whole statistics json (#63368)
  * (9e232c) api: split statistics filters code (#63368)
  * (309974) Prepare Jenkinsfile for Gitea migration (#74572)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Mar 2023 16:15:23 +0100

authentic2 (4.66) trixie-eobuilder; urgency=low

  * (621f2e) manager: add explicit ordering to role table (#65159)
  * (1d40e4) translation update
  * (666198) templates: complete and update title block usage (#73950)
  * (136e3d) translation update (#74464)
  * (947c32) user-detail: display planned alert & deletion dates (#74464)
  * (909ae8) translation update (#74228)
  * (b168ac) manager: display last (keepalive) activity on user page (#74228)
  * (63fa2d) manager: provide a simpler ou creation form (#66795)
  * (493951) tests: test profile distinction in synchronization endpoint (#63157)
  * (241cea) tests: add basic authz for oidc clients (#63157)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Feb 2023 10:25:32 +0100

authentic2 (4.65) trixie-eobuilder; urgency=low

  * (bf73d8) debian: set LimitNOFILE=2048 for authentic2-multitenant service
    (#74414)
  * (4d7bf0) ci: upgrade isort (#74044)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 10 Feb 2023 12:17:53 +0100

authentic2 (4.64) trixie-eobuilder; urgency=low

  * (277554) manager: let service field values devoid of trailing delimiters
    (#73873)
  * (70efa0) pylint: disable error on seemingly used-before-assigned variable
    (#74065)
  * (3e3280) codestyle: fix metaclass constructor's first argument name (#74065)
  * (03c445) pylint.rc: ignore use-dict-literal (R1735) error (#74065)
  * (4c0340) auth_oidc: factorize claim mapping resolution (#72418)
  * (ee7274) pylint: ignore broad-exception-raised (broad-except alias)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Feb 2023 10:23:05 +0100

authentic2 (4.63) trixie-eobuilder; urgency=low

  * (1a24a8) settings: rename erroneous 'lang' phone number entry for 'region'
    (#73998)
  * (1abaaa) use correct region codes for overseas french territories (#73998)
  * (5ead04) misc: change email live hint message element to be <p> (#71068)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 31 Jan 2023 09:37:36 +0100

authentic2 (4.62) trixie-eobuilder; urgency=low

  * (782290) journal: reduce default retention delay to one year (#73512)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 20 Jan 2023 09:53:55 +0100

authentic2 (4.61) trixie-eobuilder; urgency=low

  * (888292) manager: redo <title> to be "page name | global name" (#73382)
  * (c95de4) widgets: add aria-live attribute on password strength hint (#73095)
  * (ed8b7e) translation update (#73412)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 Jan 2023 19:29:21 +0100

authentic2 (4.60) trixie-eobuilder; urgency=low

  * (041a27) auth_oidc: prompt login on passive requests for buggy providers
    (#734123)
  * (74e6f1) auth_oidc: add passive authn deactivation flag (#73412)
  * (ffe6c3) style: provide a single-line layout for phone fields (#73011)
  * (1ae6e6) translation update (#72384)
  * (86fc21) manager: disable globally-overriden options on OU edition page (#72384)
  * (043c7a) forms: provide stricter PhoneField validation (#73345)
  * (561632) translation update
  * (c725e4) a11y: include link label in "what is FranceConnect?" link title
    (#73084)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 17 Jan 2023 09:48:07 +0100

authentic2 (4.59) trixie-eobuilder; urgency=low

  * (789c17) auth_oidc: exclude last_sync_time from authn editable fields (#73227)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 10 Jan 2023 15:58:50 +0100

authentic2 (4.58) trixie-eobuilder; urgency=low

  * (7e28ae) translation update (#73018)
  * (1da9c9) manager: display ldap information even when erroneous (#73018)
  * (992bf5) ci: only build package for bullseye (#72729)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 05 Jan 2023 11:24:10 +0100

authentic2 (4.57) trixie-eobuilder; urgency=low

  * (67b3c1) translation update
  * (c5b67a) idp_oidc: get user profile selection or consent even when prompt=none
    (#72507)
  * (044324) registration: provide a more user-friendly input code form (#72604)
  * (38e12e) views: fix sms-registration phone-number ratelimit key (#72597)
  * (07178c) translation update
  * (7b76ee) translation update (#72581)
  * (26ea4a) i18n: add missing string (#72581)
  * (c9d6ce) misc: move configuration URLs to new lines in idp configuration infos
    (#72553)
  * (9846a2) api client: fix casing of labels in detail view (#72562)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 20 Dec 2022 12:39:56 +0100

authentic2 (4.56) trixie-eobuilder; urgency=low

  * (3c63dc) translation update
  * (86f919) forms/authn: define explicit fields order (#72430)
  * (73ac9f) auth_oidc: add an oidc-sync-provider command (#62710)
  * (2aeb5b) management: add a LogToConsoleCommand base class (#62710)
  * (0848d1) auth_fc: add flag to disable link by email (#68360)
  * (e524c5) misc: proxy passive SSO from SAML2 services to OIDC idps (#27135)
  * (9d0d83) auth_oidc: make autorun go directly to the OP (#27135)
  * (f34b2a) misc: add next_url parameter to Authenticator.autorun() (#27135)
  * (9e7e6d) auth_fc: provision user's informations on registration (#72358)
  * (5dddd1) auth_fc: set the created user in the registration mail template context
    (#72358)
  * (210f6b) misc: adapt to tox 4 and simplify Jenkinsfile (#72175)
  * (4240f9) api_views: handle ou-wise api-client checks (#71275)
  * (a7ffb5) models: add ou field to api clients (#71275)
  * (d542d3) api: make sync endpoint adapt to permissions by OU (#71506)
  * (cd2a64) authenticators: clarify button description attribute (#72295)
  * (e065f4) translation update
  * (771125) drf: remove obsolete NullBooleanField serializer field (#72067)
  * (c91d38) models: remove obsolete NullBooleanField (#72067)
  * (68fec4) idp_oidc: display BO custom client config to superusers only (#71905)
  * (92b4ed) translation update (#49212, part 2)
  * (2f7d06) authn: make phone field optional (#72337)
  * (5fd1c9) manager: test user free search for local and e164 phones (#69907)
  * (3e53e2) api: let free text search accept local phone numbers (#69906)
  * (8ee074) api: test user phone number basic authz (#69314)
  * (b3036b) api: update phone drf field to handle E164 format (#69430)
  * (a179cb) translation update
  * (3582ba) views: make sms code trigger a standard registration finalization
    (#69223)
  * (26f9d2) add a page for users to input their sms registration code (#69223)
  * (e35275) use phone number as registration means in form validation (#69223)
  * (d40f5d) utils: add registration sms code sending logic (#69223)
  * (c9906d) app_settings: add sms-related authentic2 settings (#69223)
  * (bd17c8) add sms code model (#69223)
  * (ff50dc) utils/misc: add sms code creation utilitary function (#69223)
  * (2741f4) add sms code related settings (#69223)
  * (57da31) registration: display phone number in form (#69223)
  * (728e9a) authenticators: add idp configuration info for saml and oidc (#67987)
  * (dad0a9) authn: make username required when it is the only identifier (#72269)
  * (a8f339) data_transfer: export new role attributes (#71844)
  * (0ad917) manager: change role parents view title (#62617)
  * (43ccdf) custom_user: set email verification sources (#66054)
  * (bf8597) translation update (#65612)
  * (8f1703) api_views: set api as verification source for custom attributes
    (#65612)
  * (5cd75e) auth_fc: set fc as verification source for custom attributes (#65612)
  * (9c340c) manage custom attribute's verification sources (#65612)
  * (1be3b3) translation update (#49212)
  * (f7d689) authentication/forms: add user phone as identifier (#69221)
  * (308694) csv_import adapt user csv logic to new phone_number kind (#69365)
  * (2c0443) attribute_kinds: use custom PhoneField for phone_number type (#69365)
  * (62bb19) utils/misc: add parse_phone_number_utility (#69365)
  * (9ebd73) widgets: use libphonenumbers' local formatting (#69365)
  * (0b6f7e) fields: fix default dial code retrieval in PhoneField (#69365)
  * (29893d) ci: limit tox version used while running tests (#72162)
  * (7a3d11) build: limit to django-ratelimit version (#71991)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Dec 2022 10:24:08 +0100

authentic2 (4.55) trixie-eobuilder; urgency=low

  * (aae305) translation update
  * (248068) auth_oidc: show a warning message if target user is already linked to
    another provider (#65692)
  * (855bb1) misc: use PIL.Image.Resampling.LANCZOS instead of PIL.Image.LANCZOS
    (#71899)
  * (3fcbe2) django.contrib.postgres's JSONField is deprecated (#71619)
  * (5788e9) NullBooleanField is deprecated since Django 3.1 (#71619)
  * (896819) tox.ini: remove unused tox dependencies
  * (ea5366) tox.ini: pass posargs to pylint
  * (4b3bcd) settings: set samesite flag on cookies when possible (#71880)
  * (d8d29e) settings: set secure flag on cookies (#71880)
  * (97a5eb) Revert "idp_oidc: add api access and profile […] (#71820)" (#71890)
  * (d62d23) auth_fc: discard deprecated scopes (#71868)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 01 Dec 2022 19:01:52 +0100

authentic2 (4.54) trixie-eobuilder; urgency=low

  * (8e6a95) attributes_ng: restore setting superuser flag (#71855)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Nov 2022 18:55:27 +0100

authentic2 (4.53) trixie-eobuilder; urgency=low

  * (5f0c03) a2_rbac: move role attributes to real model fields (#69895)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Nov 2022 14:05:38 +0100

authentic2 (4.52) trixie-eobuilder; urgency=low

  * (9ba3df) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Nov 2022 12:34:35 +0100

authentic2 (4.51) trixie-eobuilder; urgency=low

  * (914158) idp_oidc: add api access and profile management to BO config (#71820)
  * (0c5da1) idp_oidc: remove client config through django's admin pages (#71700)
  * (d19ac1) auth_fc: close FranceConnect session when linking fails (#71607)
  * (cfefbd) tests: do not follow redirects in login_with_fc (#71607)
  * (a8ebcc) translation update (#69989)
  * (9171c3) auth_fc: show warning on password change page if user is linked to
    FranceConnect (#69989)
  * (89b526) auth_fc: store id_token in session when linking (#69989)
  * (5a821a) a2_rbac: add global management role for api clients (#71267)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 29 Nov 2022 11:26:43 +0100

authentic2 (4.50) trixie-eobuilder; urgency=low

  * (e9ccac) MANIFEST.in: add missing auth_fc txt templates (#71695)
  * (5a3f82) settings: mute warning about auto fields
  * (823240) tox: ignore tests/ when updating locales (#71523)
  * (eadb68) translation update (#71523)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 25 Nov 2022 00:56:39 +0100

authentic2 (4.49) trixie-eobuilder; urgency=low

  * (7fa087) translation update
  * (01190b) api: add keepalive option to user syncronization API (#67901)
  * (23956e) tests: simplify user synchronization API tests (#67901)
  * (5a592b) tests: split user synchronization API tests (#67901)
  * (0cb14c) api: refactor user synchronization API endpoint (#67901)
  * (ff581d) misc: adapt clean-unused-account for keepalive (#67901)
  * (fa52e3) models: add User.keepalive field (#67901)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 21 Nov 2022 17:49:54 +0100

authentic2 (4.47) trixie-eobuilder; urgency=low

  * (35de40) translation update
  * (41fa87) apiclient: make description non mandatory (#69524)
  * (b80672) general: add a new "language" attribute kind (#71033)
  * (d885b0) trivial: update FC translation to match button text (#71075)
  * (a461d2) misc: remove unnecessary parameter in SIRET regex validation (#71032)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 15 Nov 2022 19:49:53 +0100

authentic2 (4.46) trixie-eobuilder; urgency=low

  * (f8f19e) django_rbac: remove utils (#70894)
  * (58dd0a) a2_rbac: move managers from django_rbac (#70894)
  * (14e25a) django_rbac: remove unused code (#70894)
  * (ba71c3) a2_rbac: move context_processors from django_rbac (#70894)
  * (8d6006) translation update
  * (588fd6) auth_fc: send email on registration (#65839)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 14 Nov 2022 12:00:15 +0100

authentic2 (4.45) trixie-eobuilder; urgency=low

  * (596444) translation update
  * (5c4318) misc: use LANCZOS instead of PIL.Image.Antialias (#70634)
  * (65e5a3) auth_saml: add name id policy format choices (#70750)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Nov 2022 13:30:32 +0100

authentic2 (4.44) trixie-eobuilder; urgency=low

  * (9670f4) tests: pass a valid get_response upon middleware initialization
    (#70861)
  * (047497) translation update
  * (89cb39) add forgotten period in translation
  * (4599cb) auth_saml: remove metadata file path field (#70491)
  * (9cd4b4) authenticators: add manager role (#66984)
  * (f93290) auth_saml: improve lookup by attributes description (#70700)
  * (1144f9) auth_saml: display xml metadata in separate view (#70492)
  * (b4c684) auth_saml: validate xml metadata (#70492)
  * (c76884) auth_oidc: remove admin views (#68429)
  * (6f9ebf) misc: do not instantatiate StoreRequestMiddleware without an argument
    (#70631)
  * (427021) misc: do not use dns.resolver.query on later versions of dnspython
    (#70632)
  * (6eea42) auth_oidc: do not attempt to generate one's own client credentials
    (#70749)
  * (d87e9b) debian: make migrate_schemas verbose (#70799)
  * (97c4ed) misc: fix spelling of OpenID Connect (#70747)
  * (4065ab) ci: update pyupgrade to 3.1.0 (#70693)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Nov 2022 10:59:38 +0100

authentic2 (4.43) trixie-eobuilder; urgency=low

  * (3343aa) idp_oidc: discard ambiguous profile validation context variable
    (#70553)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 Oct 2022 11:25:09 +0200

authentic2 (4.42) trixie-eobuilder; urgency=low

  * (109f86) translation update
  * (883ca8) attribute_kinds: remove dead 'free_text_search' entry (#70341)
  * (891599) Fix error 500 on CAS logout page if no HTTP Referer is provided
    (#43221)
  * (ca068d) fields: add a PhoneField (#70486)
  * (a776b1) widgets: add a PhoneWidget (#70486)
  * (a32c0d) settings: add supported phone country codes (#70486)
  * (4f61ce) setup: add phonenumbers dependency (#70486)
  * (d3e64b) custom_user: perform implicit writes on redundant phone fields (#65173)
  * (342157) custom_user: add phone and phone verification fields (#65173)
  * (cb9df4) a2_rbac: migrate existing operations to new model (#69902)
  * (3dab8f) a2_rbac: move signal handlers from django_rbac (#69902)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 20 Oct 2022 17:50:59 +0200

authentic2 (4.41) trixie-eobuilder; urgency=low

  * (079853) translation update
  * (008ace) tests: add auth_saml logout test (#69720)
  * (3fb319) auth_saml: after logout response return to the logout view (#69720)
  * (3af470) auth_saml: use token url for logout (#69720)
  * (307a06) misc: use hooks to accumulate redirect logout urls (#69720)
  * (700512) views: refactor the logout view (#69720)
  * (adc13b) misc: split auth_saml tests (#69720)
  * (342b85) misc: move auth_saml test in directory (#69720)
  * (8f3ca8) misc: move hooks module in utils package (#69720)
  * (e520e1) tests: target the password form in login() (#69720)
  * (ebe038) auth_oidc: allow multiple oidc providers with empty issuers (#68656)
  * (282f5f) misc: remove deprecated providing_args argument of Signal (#69992)
  * (20ded9) misc: remove dead code for avoid_consent signal (#69992)
  * (ce9648) misc: remove dead code for authorize_service signal (#69992)
  * (351c2b) idp_oidc: authorize claim settings with the authentic2.admin_service
    permission (#70412)
  * (d3c35e) tests: use admin user for idp_oidc manager's tests (#70412)
  * (3035fe) tests: move idp_oidc manager tests in idp_oidc directory (#70412)
  * (8b9b1a) manager: augment PermissionMixin to check permission on a parent of the
    target object (#70412)
  * (cecec5) misc: replace use of HttpRequest.is_ajax() (#70432)
  * (b34c2e) manager: restore button appearance of sidebar entries (#70427)
  * (5b6216) misc: make getlasso3.sh non verbose

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Oct 2022 13:09:02 +0200

authentic2 (4.40) trixie-eobuilder; urgency=low

  * (f0ef84) translation update
  * (c3f94e) translation fix (duplicated strings)
  * (2813a2) translation update
  * (772a3f) rbac: handle inheritance between model in get_all_permissions (#70152)
  * (626ab8) a2_rbac: add helper method to build permissions (#70152)
  * (475ef7) authenticators: require name on creation (#68802)
  * (a17806) authenticators: display slug if there is no name (#68802)
  * (ca57ab) auth_fc: let explanation text appear within login block (#70386)
  * (eea033) authenticators: add import/export (#65360)
  * (c63b3e) manager: use same name for permissions in homepage and permission mixin
    (#70041)
  * (4f4892) manager: share code to display main and sidebar entries on homepage
    (#70041)
  * (64e67a) misc: rename authentic2-ctl to manage.py (#70162)
  * (bca863) models: add an index on DeletedUser.old_email (#69591)
  * (1a127b) models: add an index on DeletedUser.old_uuid (#69591)
  * (d2e394) manager: search journal by uuid of deleted accounts (#69591)
  * (f4979a) manager: add a permission denied view (#70042)
  * (4984ef) idp_oidc: adapt error message for expired codes (#67277)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 18 Oct 2022 14:33:51 +0200

authentic2 (4.39) trixie-eobuilder; urgency=low

  * (ed4249) custom_user: move permission mixin code from django_rbac (#70135)
  * (df45b0) custom_user: remove old import compatibility code (#70135)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 17 Oct 2022 10:26:17 +0200

authentic2 (4.38) trixie-eobuilder; urgency=low

  * (6711b1) idp_oidc: include set of user's profile types in consent page (#70175)
  * (bb88e2) manager: do not combine section and tabs style in authentication forms
    (#70203)
  * (01f852) idp_oidc: use invalid_grant error in token endpoint (#66544)
  * (d5df01) manager: restrict apiclient views to the superuser (#70047)
  * (744078) manager: if permissions are global, do not check on model instance
    (#70047)
  * (f0c10e) manager: move apiclient views in a module (#70047)
  * (cbb0c3) authentic: display only service home link only if defined (#64649)
  * (802507) tox.ini: remove mandatory --sw pytest option (#70155)
  * (7c690d) uwsgi: new configuration (#67583)
  * (8b993d) misc: replace deprecated distutils by setuptols or stdlib (#69991)
  * (ef70a4) remove getlasso.sh (#69991)
  * (d84e49) misc: replace deprecated force_text by force_str (#69988)
  * (43c256) misc: replace deprecated ugettext by gettext (#69974)
  * (81ed76) misc: replace use of distutils.sysconfig by sysconfig (#69975)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 17 Oct 2022 10:03:50 +0200

authentic2 (4.37) trixie-eobuilder; urgency=low

  * (a9f721) update translation

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Oct 2022 10:17:15 +0200

authentic2 (4.36) trixie-eobuilder; urgency=low

  * (c393ad) misc: make minimum password strength configurable in ous (#68745)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Oct 2022 08:48:58 +0200

authentic2 (4.35) trixie-eobuilder; urgency=low

  * (bc2020) auth_fc: translation update (#69850)
  * (2d5a57) auth_fc: reshuffle fc link page layout (#69850)
  * (62f42b) auth_fc: provide a more accurate unlinking help text (#69850)
  * (ded763) auth_fc: move explanation link below the login button (#69850)
  * (5ae3e1) auth_saml: improve mandatory option description in set attribute
    (#68806)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Oct 2022 08:27:38 +0200

authentic2 (4.34) trixie-eobuilder; urgency=low

  * (66c3da) a2_rbac: move abstract model code from django_rbac (#58696)
  * (cea8ad) tests: fix pylint errors in test_rbac (#58696)
  * (1516c4) tests: move test_rbac to main tests (#58696)
  * (692ca7) tests_rbac: make some assertions more specific (#58696)
  * (4bb8ee) translation update
  * (8f4da5) manager: improve default role form fields (#58699)
  * (3c9749) misc: add django-upgrade files/notes (#69426)
  * (0bec12) misc: apply django-upgrade (#69426)
  * (d91cb8) misc: run pyupgrade hook first (#69426)
  * (d919c0) misc: fix incorrect pre-commit info in readme
  * (a1b58a) tests: check next_url is preserved on registration for an existing
    email (#69538)
  * (d52764) translation update
  * (b444ab) templates: add blocktrans trimmed where useful (#69422)
  * (0db08a) views: keep next_url on password reset (#69537)
  * (537d2e) authenticators: add explanations on each configuration tabs (#68804)
  * (0d88a9) PasswordChangeView: show success message only on success (#69463)
  * (46d10c) misc: add djhtml files/notes (#69422)
  * (8251b8) misc: apply djhtml (#69422)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 05 Oct 2022 10:35:28 +0200

authentic2 (4.33) trixie-eobuilder; urgency=low

  * (bcfc26) translation update
  * (d348f5) misc: merge translation files into single file (#69677)
  * (b4aae7) translation update
  * (39d76e) misc: disambiguate some translations (#69677)
  * (67e3f1) apiclient: prefill password (#69527)
  * (6b77f8) manager: display UUID on user detail page (#69036)
  * (d72125) auth_oidc: allow adding roles on login (#53442)
  * (5e156b) auth_oidc: use generic related object code (#53442)
  * (cf5132) auth_oidc: configure claims widget through subclass (#53442)
  * (b524ae) auth_saml: move role choice field outside of module (#53442)
  * (ad2d35) auth_saml: move add role action to authenticators app (#53442)
  * (b24fad) auth_saml: move related object code to authenticators app (#53442)
  * (700a5b) auth_saml: switch related object foreign key to base model (#53442)
  * (2bd79c) auth_saml: genericize related object code (#53442)
  * (c12438) auth_saml: move model form parameters to class (#53442)
  * (fc0937) authenticators: remove obsolete manager_form_class (#53442)
  * (249f42) auth_saml: improve journal message for related objects (#69368)
  * (a2568a) auth_saml: remove rename attribute action (#68383)
  * (5e184a) translation update (#69416)
  * (25a7c6) idp_oidc: serve user profile information in UserInfo endpoint (#69416)
  * (3e7ae2) idp_oidc: add profile field to access token model (#69416)
  * (4ba89d) translation update (#68803)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 29 Sep 2022 10:17:41 +0200

authentic2 (4.32) trixie-eobuilder; urgency=low

  * (0a334b) manager: apply event_type filter even if not event type was found
    (#69264)
  * (467bb3) journal: log references to the base Service instance (#68390)
  * (1016ca) journal: remove unused service parameter (#68390)
  * (21249f) statistics: lookup service also with their subclass reference_id
    (#68390)
  * (1b51c4) manager: use the same trigram threshold for searching the journal and
    the users (#69191)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 19 Sep 2022 18:36:31 +0200

authentic2 (4.31) trixie-eobuilder; urgency=low

  * (5d62a0) translation update
  * (b568ea) auth_saml: warn if mellon key settings are not set (#68935)
  * (770a1b) translation fix
  * (fc345e) translation update
  * (ca706f) auth_fc: provide clearer account linking errors (#68368)
  * (1c4b9c) auth_fc: provide a clearer unlink confirmation message (#68367)
  * (42cef0) auth_fc: provide clearer explanation appearing on unlink page (#68365)
  * (0dd869) auth_fc: fix inaccurate terminology on user account page (#68364)
  * (88b298) auth_fc: provide minor layout adjustments to login page (#68359)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Sep 2022 10:47:16 +0200

authentic2 (4.30) trixie-eobuilder; urgency=low

  * (889284) translation update
  * (5f15f6) auth_oidc: use better journal event names (#69094)
  * (93e621) manager: uniformize API Clients title case (#69094)
  * (74ea18) authenticators: use correct aria-label in configuration tabs (#69094)
  * (45a80d) authenticators: allow splitting configuration form (#67875)
  * (a11ddf) auth_saml: clarify some parameters (#67875)
  * (55a2c5) auth_oidc: get a lock on the sub during authentication (#65412)
  * (e6d3cb) misc: add Lock.lock_identifier method (#65412)
  * (4e0c31) misc: add support for a template variable hiding registration link
    (#68901)
  * (2cf3d0) auth_saml: use select widget for choosing user attributes (#68384)
  * (c9a912) forms: move attribute select widget from auth_oidc (#68384)
  * (e26211) auth_saml: rename user attribute field for consistency (#68384)
  * (99236e) auth_oidc: improve claims string representation (#66419)
  * (08324d) auth_oidc: add views to configure claims (#66419)
  * (519dbc) auth_oidc: move claims form code (#66419)
  * (451b19) manager: separate oidc service settings on another page (#68108)
  * (3df5b6) authentic2_idp_oidc: don't ignore boolean attributes in manager
  * (bf500d) authenticators: keep readable journal log even if deleted (#68184)
  * (e6ff6d) manager: start api client interface (#68404)
  * (2be6ad) fix translation bug (#68938)
  * (09f679) translation update
  * (4bb887) misc: generate hints from zxcvbn report (#63831)
  * (5de83a) misc: add password strength meter in NewPasswordInput (#63831)
  * (f37222) misc: use a template for NewPasswordInput (#63831)
  * (8e1576) misc: validate password strength (#63830)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 14 Sep 2022 15:56:24 +0200

authentic2 (4.29) trixie-eobuilder; urgency=low

  * (1a9537) translation update
  * (d6bf65) manager: provide an updated menu.json including main backoffice page
    (#66496)
  * (09b1e2) general: give a timeout to all HTTP requests (#68470)
  * (b3eb11) pylint: ignore unsupported-binary-operation (#68470)
  * (33af19) manager: style/reformat tech info page (#68289)
  * (997a09) manager: display LDAP configuration as JSON (#68286)
  * (718c69) manager: display ldapsearch command on multiple lines (#68285)
  * (054cc0) manager: display unmodified LDAP configuration in tech info page
    (#68279)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 Aug 2022 07:39:53 +0200

authentic2 (4.28) trixie-eobuilder; urgency=low

  * (c5b4c0) auth_saml: catch any exception in data migration (#68273)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 22 Aug 2022 10:43:37 +0200

authentic2 (4.27) trixie-eobuilder; urgency=low

  * (f42905) api: add dash to check-api-client endpoint (#68276)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 19 Aug 2022 09:56:33 +0200

authentic2 (4.26) trixie-eobuilder; urgency=low

  * (69ce4d) translation update
  * (742e95) auth_saml: add views to configure related objects (#67025)
  * (18ea92) manager: factorize role with OU display code (#67025)
  * (b486ca) auth_saml: remove JSON fields from model (#67025)
  * (e77650) auth_saml: lookup by attributes using model (#67025)
  * (1ea8c9) auth_saml: add roles using model and remove useless code (#67025)
  * (b1f6dd) auth_saml: set attributes using model (#67025)
  * (bf6343) auth_saml: rename attributes using model (#67025)
  * (0c2089) auth_saml: migrate JSON fields to models (#67025)
  * (3cca14) auth saml: skip authenticate() if not enabled (#68237)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Aug 2022 18:52:01 +0200

authentic2 (4.25) trixie-eobuilder; urgency=low

  * (a5257d) translation update
  * (803fd7) auth_saml: remove login hints field (#68223)
  * (e89ba4) api: add check-apiclient endpoint (#66985)
  * (82899d) handle APICLient in DRF authentication (#66985)
  * (ffaf24) start APIClient model (#66985)
  * (e2e2a4) authenticators: view show condition even if empty (#65478)
  * (083c34) authenticators: use validator instead of form mixin (#68177)
  * (4cbf54) build: ship .svg files (#66497)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Aug 2022 11:31:09 +0200

authentic2 (4.24) trixie-eobuilder; urgency=low

  * (bf400a) misc: remove dead authenticators code (#66853)
  * (8f60d3) translation update
  * (2aa23b) manager: provide a new homepage layout (#66497)
  * (b97d40) translation update (add missing starting space)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Aug 2022 11:28:22 +0200

authentic2 (4.23) trixie-eobuilder; urgency=low

  * (c4a7d8) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Aug 2022 11:07:24 +0200

authentic2 (4.22) trixie-eobuilder; urgency=low

  * (fce30f) password: use login form customization fields (#51363)
  * (359e93) auth_saml: use login form customization fields (#51363)
  * (073f05) auth_oidc: use login form customization fields (#51363)
  * (2aed79) authenticators: add login form customization fields (#51363)
  * (f4e0a5) manager: add a disabled badge next to title of user page (#66869)
  * (5944fd) manager: do not use a popup to edit services (#68110)
  * (dcc762) fc: remove unused images (#67515)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Aug 2022 09:46:16 +0200

authentic2 (4.21) trixie-eobuilder; urgency=low

  * (3cc637) misc: skip users with no email in clean-unused-accounts (#67998)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 09 Aug 2022 16:18:28 +0200

authentic2 (4.20) trixie-eobuilder; urgency=low

  * (1f30d2) debian: remove obsolete standard error output config from systemd unit
    (#65101)
  * (6fba04) manager: do not override user-name block in gadjo header (#67654)
  * (814ea1) ldap: apply group to role mapping atomically (#67814)
  * (b895c0) api: add timestamp parameter to users synchronization api (#57564)
  * (983c62) auth_fc: un-verify attributes when user deletes FC link (#65574)
  * (4eae26) roles: added /manage/roles/uuid:<> url (#66760)
  * (c16b6b) idp_oidc: do not delete code on resolution by token endpoint (#66893)
  * (0fc6f1) auth_fc: returns 404 if authenticator is missing or disabled (#67656)
  * (47fd5f) auth_oidc: remove app_settings (#67542)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 02 Aug 2022 10:07:10 +0200

authentic2 (4.19) trixie-eobuilder; urgency=low

  * (b2d129) translation update
  * (0bdf29) auth_fc: set authenticator to be first by default on creation (#66266)
  * (0bbe5f) authenticators: set order through dragndrop (#65479)
  * (5b9e32) authenticators: update password authenticator in data migration
    (#67563)
  * (4263b8) tests_rbac: remove arbitrary execution time checks (#67550)
  * (db4792) idp_oidc: remove unnecessarily verbose matching strategy log (#67545)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 21 Jul 2022 16:36:09 +0200

authentic2 (4.18) trixie-eobuilder; urgency=low

  * (27906c) translation update
  * (497994) misc: do not export deleted role parenting relations (#67489)
  * (0d9b1e) ldap: include LDAPTLS_REQCERT in ldapsearch command if defined in
    config (#67416)
  * (b58a89) authenticators: only show name field for oidc and saml (#67118)
  * (f5d7ca) authenticators: do not require OU on creation (#67118)
  * (8b09b2) authenticators: remove orphan settings with login password migration
    (#65707)
  * (5f1a2c) tests: fix login password authenticator test (#65707)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 19 Jul 2022 20:02:20 +0200

authentic2 (4.17) trixie-eobuilder; urgency=low

  * (9788c3) translations update
  * (39e2c4) manager: add OpenID service handling (#20696)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 08 Jul 2022 10:31:59 +0200

authentic2 (4.16) trixie-eobuilder; urgency=low

  * (05c73f) translation update
  * (5d5716) authenticators: keep correct name in login_block (#67103)
  * (fd7728) mail: fixed passing user instead of email during sending (#67101)
  * (03d12e) ci: speed up slow tests by reducing loop sizes (#67106)
  * (062f1f) ci: removed unnecessary test case, as find_duplicates is already tested
    (#67106)
  * (d5f16e) ci: removed unnecessary slow marker (#67106)
  * (d3782c) ci: speed up CI using multiple processes with pylint (#42144)
  * (f695ab) ci: speed up CI by using pytest-xdist (#42144)
  * (78e694) tests: add test on @ bad email (#62354)
  * (d97127) tests: refactor EmailValidator tests (#62354)
  * (ca1583) utils: do not try to send mail to clearly unusable email addresses
    (#62354)
  * (b47a73) auth_oidc: provide clearer STRATEGY_CREATE explanation (#64624)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 Jul 2022 17:56:20 +0200

authentic2 (4.15) trixie-eobuilder; urgency=low

  * (4918be) translation update
  * (fca91d) manager: hide authenticators menu entry for unauthorized users (#66991)
  * (c30a64) utils/evaluate: fill default context with necessary variables (#66943)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 05 Jul 2022 15:43:16 +0200

authentic2 (4.14) trixie-eobuilder; urgency=low

  * (769b8f) auth_saml: fix empty value for comma separated settings (#66975)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Jul 2022 21:16:29 +0200

authentic2 (4.13) trixie-eobuilder; urgency=low

  * (083f66) auth_saml: fix loading idp settings (#66964)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Jul 2022 19:32:19 +0200

authentic2 (4.12) trixie-eobuilder; urgency=low

  * (7632a2) translations: always use "collectivité" (#66939)
  * (d56988) auth_saml: add configuration form (#65483)
  * (b6d24e) auth_saml: migrate authenticator to database (#65483)
  * (0aa155) auth_saml: move view code to separate file (#65483)
  * (2dc43d) authenticators: use slug rather than pk in identifier (#65483)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Jul 2022 15:33:05 +0200

authentic2 (4.11) trixie-eobuilder; urgency=low

  * (39e70c) translation update (#66304)
  * (c53789) auth_fc: provide a more human-friendly core id claim label (#66304)
  * (befc42) idp/saml2: use sp's next url as part of authn display conditions
    (#65643)
  * (fbf911) translation update (#65491)
  * (4e7a68) ldap: display server error on technical info backoffice page (#65491)
  * (344875) ldap: provide a 'raises' keyword-argument flag on connection retrieval
    (#65491)
  * (e89d75) jenkins: adapt jenkinsfile scripts to env changes in tox.ini (#66488)
  * (474b56) tox: explicitly match envs dependencies with debian releases (#66488)
  * (cd12cd) tox: remove deprecated dependency rules (#66488)
  * (80c0e0) api: apply unflatten to input JSON (#66742)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Jul 2022 12:36:19 +0200

authentic2 (4.10) trixie-eobuilder; urgency=low

  * (3a6355) middleware: set a variable value in the A2_OPENED_SESSION cookie
    (#66745)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 29 Jun 2022 11:24:57 +0200

authentic2 (4.9) trixie-eobuilder; urgency=low

  * (de17a8) ldap: add options to control authentication and cron provisionning
    (#60492)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 Jun 2022 11:06:21 +0200

authentic2 (4.8) trixie-eobuilder; urgency=low

  * (c6badc) tests: make exponential backoff test more permissive (#66612)
  * (50c473) auth_oidc: adapt to be compatible with jwcrypto<1 (#66438)
  * (3c8d34) translation fix (#66491)
  * (0be46d) ldap: add page_size configuration option (#65605)
  * (c0a416) auth_oidc: check required claims only from the idtoken or the user_info
    endpoint not both (#66445)
  * (d70995) jenkins: adapt to unit test files changes (#66042)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 Jun 2022 09:59:47 +0200

authentic2 (4.7) trixie-eobuilder; urgency=low

  * (c4d57e) debian: apply wrap-and-sort
  * (1583df) misc: use pre-commit-debian (#66191)
  * (a4dcd8) misc: make makemessages remove obsolete strings by default (#66289)
  * (e1e410) fc: do not add extra stylesheet anymore (#64571)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 17 Jun 2022 19:53:52 +0200

authentic2 (4.6) trixie-eobuilder; urgency=low

  * (a39e0a) authentic2_auth_fc: fix authenticator creation function (#66243)
  * (522f77) authentic2_auth_fc: move authenticator creation function (#66243)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 15 Jun 2022 16:51:03 +0200

authentic2 (4.5) trixie-eobuilder; urgency=low

  * (8ef8f0) translation update
  * (9547cc) auth_fc: migrate authenticator to database (#65482)
  * (b81b81) pylint: disable not-an-iterable warning (#65482)
  * (9c3552) auth_fc: move authenticator methods to views (#65482)
  * (ae3007) auth_fc: move methods to utils (#65482)
  * (e30f58) authenticators: do not require name or OU on creation (#65482)
  * (10e68f) authenticators: split internal flag for more granularity (#65482)
  * (a19be4) authenticators: log modifications to journal (#65358)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 14 Jun 2022 14:33:02 +0200

authentic2 (4.4) trixie-eobuilder; urgency=low

  * (8af983) translation update
  * (474dbc) authenticators: exclude fields from configuration validity check
    (#65968)
  * (b265c9) authenticators: validate show condition using proper validator (#65969)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 07 Jun 2022 14:43:41 +0200

authentic2 (4.3) trixie-eobuilder; urgency=low

  * (e5a203) pylint.rc: remove obsolete no-self-use check (#65905)
  * (ce5d04) pylint.rc: remove obsolete options (#65905)
  * (465076) pylint: fix C3001 unnecessary-lambda-assignment error (#65905)
  * (e6f146) auth_fc: prevent unicode normalization from mixing users at lookup
    (#64673)
  * (e7f105) auth_oidc: prevent unicode normalization from mixing users at lookup
    (#64626)
  * (00e811) authenticators: forbid enabling if configuration is not complete
    (#65842)
  * (2bd4c5) authenticators: redirect to edit view on creation (#65842)
  * (e02bf6) auth_oidc: add a STRATEGY_FIND_EMAIL user-matching provider option
    (#63729)
  * (f1dd51) authenticators: add missing translation (#65831)
  * (2b91b6) tests: remove hardcoded login password authenticator pk (#65832)
  * (4ce32d) ldap: serverctrls can be empty on non comformant LDAP
    directories(#65604)
  * (884156) authenticators: hide empty kebab menu for password authenticator
    (#65477)
  * (2b8243) authenticators: forbid disabling all authenticators (#65642)
  * (13b117) api: add endpoints to manage role inheritance (#62013)
  * (477bc0) rbac: add direct parameter to parents and children methods (#62013)
  * (df780c) rbac: add helper methods to add/remove permissions from roles (#62013)
  * (b2ae19) utils: add DjangoRBACPermission DRF's permission class (#62013)
  * (fdf737) utils: add NaturalKeyRelatedField class (#62013)
  * (cedbbf) rbac: add slug and name as implicit natural keys (#62013)
  * (1c619b) tests: add fixture decorator for db fixture with global scope (#62013)
  * (f72b98) tests: move api tests in subdirectory (#62013)
  * (2dfd0f) api: reorder urls (#62013)
  * (a1a8a1) misc: copy context inherited context in authenticator's login (#65693)
  * (98873a) translations: update to use "Modifier" and "Enregistrer" (#65736)
  * (593bc1) ldap: log missing mandatory group (#65725)
  * (316f4b) debian: fix pointer to uwsgi file (#65724)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Jun 2022 09:49:36 +0200

authentic2 (4.2) trixie-eobuilder; urgency=low

  * (015da2) authentic2_auth_oidc: attach claims and accounts to new authenticator
    (#65504)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 24 May 2022 16:45:01 +0200

authentic2 (4.1) trixie-eobuilder; urgency=low

  * (f5b4be) Revert "authentic2_auth_oidc: attach claims and accounts to new
    authenticator (#65504)"

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 24 May 2022 16:12:19 +0200

authentic2 (4.0) trixie-eobuilder; urgency=low

  * (3912f2) authentic2_auth_oidc: attach claims and accounts to new authenticator
    (#65504)
  * (cd2fe7) settings: restore auth frontend plugin registration (#65484)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 24 May 2022 11:54:51 +0200

authentic2 (3.99) trixie-eobuilder; urgency=low

  * (8b71c4) authenticators: use only type as identifier in case of single instance
    (#65533)
  * (aad218) tests: handle quote character variation in django 3.2 onwards (#65495)
  * (8f1ea0) idp_oidc: add iss and sid parameter to frontchannel_logout_uri (#65475)
  * (7b45f7) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 May 2022 11:11:51 +0200

authentic2 (3.98) trixie-eobuilder; urgency=low

  * (297b97) authenticators: adjust show_condition field contraints (#65472)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 May 2022 19:22:12 +0200

authentic2 (3.97) trixie-eobuilder; urgency=low

  * (d01300) translation update
  * (8eec40) build: distribute src/authentic2/apps/authenticators/templates/
    (#53902)
  * (2c6b3d) auth_oidc: migrate authenticator to database (#53902)
  * (46c99d) authenticators: migrate login password authenticator (#53902)
  * (8532ac) authenticators: add new app (#53902)
  * (03082f) templates: add blocks around service links (#65446)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 May 2022 18:01:47 +0200

authentic2 (3.96) trixie-eobuilder; urgency=low

  * (02f095) misc: delete unused safe_get_or_create (#64485)
  * (362b4c) misc: use lock on email when creating user instances (#64485)
  * (e555ca) misc: add lock model (#64485)
  * (873ebb) translation fix, 2
  * (e7ed0b) translation fix
  * (de64c8) translation update
  * (415d5e) auth_saml: add plain i18n on mapping error messages (#65057)
  * (243531) Jenkinsfile: run nightly build with django3.2 too (#64305)
  * (43fe2f) tests: handle varying displayed role fields row order (#64305)
  * (b0132b) tests/auth_fc: unset local no_proxy env variable (#64305)
  * (8635de) tests: disregard apostrophe char variations between dj versions
    (#64305)
  * (66e8d6) widgets: adapt ModelSelect2Mixin.filter_queryset prototype (#64305)
  * (07411e) widgets: override select2's ns management with a2's url routing
    (#64305)
  * (7cedc9) django3: try to read signed cookie content in tests (#64305)
  * (9b0ac4) django_rbac: fix ContentType.__str__ variations (#64305)
  * (503a98) api: test drf tz awareness errors in serializer datetimefield filters
    (#64305)
  * (17eb53) templates: remove deprecated admin_static tag library (#64305)
  * (a93af5) manager: remove unnecessary table deepcopy (#64305)
  * (b93c66) django3: fix FieldDoesNotExist import (#64305)
  * (27579f) drop deprecated django curry in favor of functools.partialmethod
    (#64305)
  * (c101c0) define a _user_get_all_permissions util when necessary (#64305)
  * (5d3176) settings: hard-code xstatic uris instead of gadjo templatetag reliance
    (#64305)
  * (8166c6) saml: discard deprecated force_text in saml2utils (#64305)
  * (2c58c3) discard deprecated unicode-aware i18n utils (#64305)
  * (805436) plugins: discard deprecated django.conf.urls.url (#64305)
  * (3d7fe3) debian: allow dependencies to be django-3 compliant (#64305)
  * (a26f30) tox: add locale to makemessages command (#64305)
  * (1c442d) tox: ldaptools version compatible with openldap matching dj3 in debian
    (#64305)
  * (0d0f89) tox: test with bullseye's django3 and matching dependency versions
    (#64305)
  * (7a9fb6) setup: provide a bullseye's django3 compliant config (#64305)
  * (deb99a) auth saml: include unknown attribute name in logs (#65047)
  * (7a9583) templates: remove spaces before question marks (#65077)
  * (c50f98) tox.ini: simplify disabling of --sw

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 13 May 2022 12:33:34 +0200

authentic2 (3.95) trixie-eobuilder; urgency=low

  * (0a79c4) idp_oidc: display service info on authorization page (#64672)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 09 May 2022 16:09:11 +0200

authentic2 (3.94) trixie-eobuilder; urgency=low

  * (7de36f) manager: set login_hint=backoffice on login (#64949)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 06 May 2022 17:32:51 +0200

authentic2 (3.93) trixie-eobuilder; urgency=low

  * (0aecc5) tests: fix test pwdGraceAuthnLimit test value according to testcase
    (#64247)
  * (84d2c7) tests: do not fail on absent schema in newer openldap versions (#64247)
  * (c1b80a) api: fix aggregation by service in statistics (#64853)
  * (f3c52b) translation update
  * (4b4eac) misc: remove usage of f-strings for translatable strings (#64827)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 05 May 2022 18:46:24 +0200

authentic2 (3.92) trixie-eobuilder; urgency=low

  * (f1aa83) translation update
  * (8d3744) debian: manage crons through uwsgi (#64256)
  * (0cfd6b) forms: fail cleanly if LDAP user cannot be retrieved (#62866)
  * (014825) forms: show error if all accounts for reset have no email (#62866)
  * (4da7c8) middleware: fix threading deprecated function call (#64643)
  * (067a4b) password reset: Fix error reporting when
    A2_USER_CAN_RESET_PASSWORD_BY_USERNAME is enabled (#64607)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 May 2022 08:09:29 +0200

authentic2 (3.91) trixie-eobuilder; urgency=low

  * (28b227) misc: show service name only if it's OIDC service (#64467)
  * (1a6532) translation update (#63646)
  * (2bd568) ldap: use guid attributes as global external id (#63646)
  * (39fb24) journal: log user deletion for inactivity (#63470)
  * (93c257) journal: log sending inactivity reminder email (#63470)
  * (ccc857) setup.py: remove ldaptools from deps (#64473)
  * (dc2bc4) tests: fix selectors after service fragment template styles rename
    (#64438)
  * (86c18a) templates: update service info page CSS classes (#64438)
  * (84cf3a) urls: move public view into their own prefix (#12932)
  * (30b90b) manager: remove possibility of rel=popup on table rows (#59991)
  * (8c03d2) manager: remove data-url on table rows (#59991)
  * (770336) manager: use .clickable-rows class (#59991)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 25 Apr 2022 11:27:16 +0200

authentic2 (3.90) trixie-eobuilder; urgency=low

  * (785514) auth_fc: record user registration events (#64339)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Apr 2022 11:59:41 +0200

authentic2 (3.89) trixie-eobuilder; urgency=low

  * (86eaa8) views: let the 'fc-create' hook view request objects (#64281)
  * (a19bb4) translation update
  * (c303ab) ldap_backend: search mandatory roles in default ou when ambiguous
    (#63942)
  * (ccbada) translations: update to use "Modifier" and "Enregistrer" (#63910)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 19 Apr 2022 10:19:09 +0200

authentic2 (3.88) trixie-eobuilder; urgency=low

  * (ec5cc3) auth_oidc: log created user only if a user is created (#63730)
  * (a3dd7b) misc: drop use of custom partial index on Role and Permission (#63690)
  * (c595b6) misc: drop use of custom partial index on AttributeValue (#63690)
  * (388c50) api: fix non determinism in statistics API tests (#63690)
  * (646a9f) misc: drop use of custom partial index on Service (#63690)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 08 Apr 2022 16:26:01 +0200

authentic2 (3.87) trixie-eobuilder; urgency=low

  * (bd93c7) tox.ini: set psycopg2 constraint in all environments
  * (8d6761) translation update (#62930)
  * (968f4f) auth_saml: update error message on user creation failure (#62930)
  * (b6ab4b) translation update (#63580)
  * (a171dd) ldap: fix sync_ldap_users tests (#63580)
  * (78e98c) ldap: fail cleanly when an external_id cannot be made (#63580)
  * (301523) ldap: add lookup through email (#62270)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 Apr 2022 17:03:10 +0200

authentic2 (3.86) trixie-eobuilder; urgency=low

  * (7c327d) translation update
  * (7d142f) general: enclose buttons in a <div class="buttons"> (#63569)
  * (3a1073) display service logo and name on login and registration pages (#47406)
  * (10366a) misc: add logo and text color for service and OU (#47406)
  * (5e772e) misc: use existing account email when sending token in registration
    (#63409)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 06 Apr 2022 10:49:44 +0200

authentic2 (3.85) trixie-eobuilder; urgency=low

  * (4d7126) build: allow latest xstatic-jquery dependency (#63486)
  * (a3d438) settings: remove profile management feature flag (#62486)
  * (2604ff) trivial: bump black version to 22.3.0
  * (7b1410) misc: use scss for all css files (#62936)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Apr 2022 10:22:39 +0200

authentic2 (3.84) trixie-eobuilder; urgency=low

  * (be7d25) idp_oidc: add a profile reference in modify_user_info hook (#63164)
  * (9e3ebc) api: manage profile email through dedicated endpoint (#62522)
  * (d63f4a) idp_oidc: disable profile sub substitution switch (#62488)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 28 Mar 2022 19:56:05 +0200

authentic2 (3.83) trixie-eobuilder; urgency=low

  * (1cdbb5) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 28 Mar 2022 14:14:36 +0200

authentic2 (3.82) trixie-eobuilder; urgency=low

  * (c004a5) misc: implement soft-delete on RoleParenting (#57500)
  * (a8994c) django_rbac: new update_transitive_closure algorithm (#57500)
  * (c7399b) tests_rbac: add randomized tests on role parenting (#57500)
  * (947792) django_rbac: add missing constraints (#57500)
  * (bd900e) tests_rbac: factorize get_*_model calls (#57500)
  * (11cfc0) tests_rbac: test with postgresql (#57500)
  * (a77a05) api: add ou__slug filter to /api/roles/ (#63104)
  * (13edb2) manager: limit horizontal scroll to examples in user import page
    (#62935)
  * (43ac8d) journal: make all record() arguments keyword only (#63174)
  * (eb8cd0) misc: fix pylint errors (#63174)
  * (60ed7f) idp_oidc: restore permissive no-authz mode in client configuration
    (#63085)
  * (4c97a6) views: support any kind of authentication for email change (#61125)
  * (79ed58) auth_fc: allow showing messages on authorization requests (#61125)
  * (9b1bbb) auth_fc: record authentication on link only if link already exists and
    was created before last_login (#61125)
  * (5744a9) auth_fc: make autorun go directly to FranceConnect URL (#61125)
  * (ad3963) utils: add sign_next_url to redirect() (#61125)
  * (22d22c) message: keep set-cookie when showing message during redirect (#61125)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 25 Mar 2022 11:14:05 +0100

authentic2 (3.81) trixie-eobuilder; urgency=low

  * (ccdbb9) translation update
  * (69f8e3) idp_oidc: fix profile suffix during sub generation (#62702)
  * (1e07b6) translation update
  * (964287) csv_import: add force-password-reset column (#62252)
  * (d8c76d) journal: make search by email accept email substring (#62304)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 18 Mar 2022 12:51:35 +0100

authentic2 (3.80) trixie-eobuilder; urgency=low

  * (d423c6) misc: add compatibility with bullseye's django-tables2 (#62527)
  * (f67f42) tests: add tests on stability of OIDC sub generation
  * (640db2) idp_oidc: fix reversible profile sub generation (#62509)
  * (0964d1) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 14 Mar 2022 17:31:00 +0100

authentic2 (3.79) trixie-eobuilder; urgency=low

  * (2de89c) translation update
  * (ed6cef) api: add identifier management to user profile endpoint (#58556)
  * (a5cf47) idp_oidc: make user info depend on profile choice during authz (#58556)
  * (eb41a3) custom_user: add Profile.email field (#58556)
  * (6049dc) define allowed services m2m for user profile types (#60082)
  * (94b2e2) tests: fix pylint warning
  * (7510b7) api: add a user profile management endpoint (#58554)
  * (fee588) journal: add user profile management events (#58554)
  * (18b77c) custom_user: add base models for subprofile management (#58554)
  * (3dea0a) utils: implement a safe generate_slug with infix modification (#58554)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Mar 2022 15:18:47 +0100

authentic2 (3.78) trixie-eobuilder; urgency=low

  * (8e3845) trivial: add missing python-format markers to .po file
  * (db574f) translation update
  * (3fa422) misc: correct log view title wording (#62206)
  * (dd5d7a) trivial: update .git-blame-ignore-revs for new black
  * (09c2a0) misc: apply black 22.1.0
  * (16a1ca) trivial: bump black version to 22.1.0 (#62312)
  * (6176c3) misc: add an id attribute to login password form (#62171)
  * (f5f7d2) auth_oidc: do not crash on inconsistent claim mapping config (#62156)
  * (9f53b2) translation update (#62024)
  * (9141d7) auth_oidc: check consistency between idtoken_algo and jwkset (#62024)
  * (ed0576) a2_rbac: change unused accounts delays, to have nicer first message
    (#62174)
  * (79c618) translation update (#62159)
  * (ddfe7b) idp_oidc: invalidate no-authz mode in client model (#62159)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Mar 2022 19:22:20 +0100

authentic2 (3.77) trixie-eobuilder; urgency=low

  * (c07441) misc: fix typo in homepage view (#62075)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 22 Feb 2022 15:04:31 +0100

authentic2 (3.76) trixie-eobuilder; urgency=low

  * (2527ca) auth_oidc: accept null and empty string value for optional
    claims(#62060)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 22 Feb 2022 12:15:42 +0100

authentic2 (3.75) trixie-eobuilder; urgency=low

  * (fe7764) translation update
  * (cae2e1) misc: remove cache decorators declaration to avoir circular import
    (#62014)
  * (76decb) views: do not use session's home_url on homepage (#61735)
  * (c0efd5) misc: reimplement good_next_urls on home_url and Service.all_base_urls
    (#61735)
  * (2c95dd) misc: add Service.home_url field (#61735)
  * (fa86da) misc: add missing field to admin form of Service subclasses (#61735)
  * (c75d48) misc: move cache decorators in utils (#61735)
  * (0423db) views: require authentication for deleting account without a verified
    email (#28853)
  * (d84118) misc: allow signed token to login view (#28853)
  * (8acfa9) admin: expose User.email_verified field (#28853)
  * (de9e64) misc: fix typos in authentic2.utils.service (#61934)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 22 Feb 2022 11:59:51 +0100

authentic2 (3.74) trixie-eobuilder; urgency=low

  * (f63caf) misc: only autofocus username field if login block is first (#61881)
  * (c557ec) a2_rbac: provide default values for unused account thresholds (#60463)
  * (173e63) idp_oidc: fail on missing id during client authn (#61721)
  * (ed2a65) debian: update dependency to specify django >= 2.2 (#61586)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 Feb 2022 21:19:58 +0100

authentic2 (3.73) trixie-eobuilder; urgency=low

  * (b8c499) ldap: add uniform reporting of exceptions (#61462)
  * (ced3e8) misc: do not search for home URLs on requests to non-existant tenants
    (#61459)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 06 Feb 2022 10:56:33 +0100

authentic2 (3.72) trixie-eobuilder; urgency=low

  * (2b4062) translation update
  * (051d27) misc: maintain home url, service and ou (#61199)
  * (f72d1d) misc: use new signing.dumps/loads implementation (#61130)
  * (0795cb) utils: add dumps/loads for confidentiality protected tokens (#61130)
  * (2d93d9) misc: move authentic2.crypto to authentic2.utils.crypto (#61130)
  * (1a446f) ldap: always report count of synchronized users (#61128)
  * (ebab6f) ldap: do not continue on timeout (#61128)
  * (d65690) ldap: factorize get_users per block actions (#61128)
  * (560717) misc: add journal event type for access-denied event on sso (#60679)
  * (342ed7) models: add User.email_verified_date field (#19634)
  * (34d4b4) Jenkinsfile: notify failed builds through jabber
  * (30099c) commands: prevent duplicated log messages in sync-ldap-users (#58404)
  * (2ec198) Jenkinsfile: run nightly test using groovy script

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 05 Feb 2022 10:30:22 +0100

authentic2 (3.71) trixie-eobuilder; urgency=low

  * (3b1dcb) translation update
  * (b79f16) manager: use ajax to refresh tables using search button (#60118)
  * (a33834) trivial: remove compatibility-code for python < 3.6 (#61119)
  * (51cf94) a2_rbac: add home_url field on OrganizationalUnit (#60349)
  * (b9845d) Jenkinsfile: publish test results only one time (#60129)
  * (549515) Jenkinsfile: always publish test results (#60129)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 28 Jan 2022 16:10:50 +0100

authentic2 (3.70) trixie-eobuilder; urgency=low

  * (35bf68) misc: prevent double click in display_message_and_continue.html
    (#60815)
  * (ecec41) templates: hide messages on logout page (#19410)
  * (5ff250) misc: remove samesite retro-compatibility code (#60798)
  * (62d5a3) misc: add samesite=Lax to all set_cookie calls (#60798)
  * (a05c13) manager: simplify data-url in tables (#60678)
  * (20a8b3) utils: use an exclusive lock on model's table in safe_get_or_create
    (#60658)
  * (4f96d7) trivial: remove old django-compatibility support code (#60387)
  * (8856b4) translation update
  * (2795a2) auth_oidc: relabel STRATEGY_CREATE option for disambiguation (#60476)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 20 Jan 2022 12:00:30 +0100

authentic2 (3.69) trixie-eobuilder; urgency=low

  * (bfb022) tests: loosen failure threshold value on test_safe_get_or_create
    (#60035)
  * (df3be1) misc: force password rule and the validation symbol on the same line
    (#60598)
  * (0bf05c) jenkins: show execution context in coverage reports (#60446)
  * (68febb) jenkins: use python3 to get a port for postgresql (#60467)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 13 Jan 2022 19:45:22 +0100

authentic2 (3.68) trixie-eobuilder; urgency=low

  * (5c0c45) translation update
  * (c95fe4) misc: always add service variables to login condition context (#60125)
  * (4e97ac) misc: adapt account deletion button label to explanation text (#60153)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Jan 2022 22:26:55 +0100

authentic2 (3.67) trixie-eobuilder; urgency=low

  * (82e1b8) translation update
  * (94f10e) manager: translate select2 messages in role member add field (#60271)
  * (f54ae1) manager: add placeholder and minimum input length to role member add
    field (#60271)
  * (020eb9) manager: fix user/role choices mix in role member add field (#60299)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 05 Jan 2022 16:55:46 +0100

authentic2 (3.66) trixie-eobuilder; urgency=low

  * (8eafcd) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 04 Jan 2022 16:44:55 +0100

authentic2 (3.65) trixie-eobuilder; urgency=low

  * (84bc4a) manager: add child roles in role members view (#59664)
  * (bd437d) manager: handle data-pk row attribute at view level (#59664)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 04 Jan 2022 16:03:29 +0100

authentic2 (3.64) trixie-eobuilder; urgency=low

  * (abf3ca) evaluate: log exception when on_raise is used (#59997)
  * (8434dc) evaluate: use dns.resolver.query (#59996)
  * (520d84) translation update
  * (cdda4a) custom_user: return get_full_name result in __str__ (#59922)
  * (31fa1d) jenkins: run drf3.12 env on main branch nightly build (#59601)
  * (aec2a4) tox: update main env for more recent restframework testing (#59601)
  * (e8b901) setup: update upper & lower bounds on restframework version (#59601)
  * (3e85e0) debian: allow for djangorestframework bullseye package (#59601)
  * (58f58c) api: drop deprecated drf version check (#59601)
  * (676188) tox: remove old django 1.11 reference
  * (e243c8) build: update setup.py to require django at least django 2.2

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 22 Dec 2021 11:46:16 +0100

authentic2 (3.63) trixie-eobuilder; urgency=low

  * (36c008) auth_saml2: fix template_base path (#59519)
  * (50fd8b) setup: ease upper limitation on django-import-export version (#59600)
  * (a59074) debian: allow for django-import-export bullseye package (#59600)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 14 Dec 2021 11:27:42 +0100

authentic2 (3.62) trixie-eobuilder; urgency=low

  * (87f6c1) translation update
  * (a97b5f) remove unnecessary i18n in #58938
  * (644990) manager: add a technical info page with ldap configs (#58938)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 13 Dec 2021 10:51:43 +0100

authentic2 (3.61) trixie-eobuilder; urgency=low

  * (c2a496) translation update
  * (20dd0a) manager: remove children table from role members page (#57955)
  * (ab22f2) manager: include roles along with users in role members table (#57955)
  * (7b6e74) tables: simplify PermissionLinkColumn (#57955)
  * (eabdce) misc: add get_absolute_url method to Role and User (#57955)
  * (5ea733) a2_rbac: use a TextField to store role name (#59122)
  * (7b1727) a2_rbac: disable required attributes check at OU level (#58546)
  * (a925b6) data_transfer: simplify logic (#51464)
  * (1f1a64) import_site: allow creating roles in default ou (#51464)
  * (735d6b) manager: allow importing roles from different OUs (#58826)
  * (75217f) idp_oidc: log invalid client_id in token endpoint (#58718)
  * (2e9dca) idp_oidc: log invalid client_secret in token endpoint (#58718)
  * (f82537) debian: remove obsolete dh-systemd build-dep
  * (33cb31) jenkins: build packages for buster & bullseye
  * (d75891) Jenkinsfile: always send notification mail (#59465)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 13 Dec 2021 10:15:20 +0100

authentic2 (3.60) trixie-eobuilder; urgency=low

  * (026c90) views: translate boolean attributes in profile (#58939)
  * (d80c5e) jenkins: compile translations before tests (#58939)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Dec 2021 11:03:50 +0100

authentic2 (3.59) trixie-eobuilder; urgency=low

  * (077516) translation update
  * (186f82) auth: inject dnsbl function in condition evaluation context (#58055)
  * (cb68c2) utils/evaluate: add a dnsbl() dict like (#58055)
  * (56787f) utils/evaluate: allow some calls in expressions (#58055)
  * (a7414b) debian: add RANDOM to cron job for authentic2-multitenant (#58987)
  * (f514d9) pylint.sh: disable echo of command lines
  * (548f01) misc: fix pylint errors in tests
  * (93b363) views: prevent race condition during registration (#58846)
  * (50e48b) discard django_rbac generic getters in main a2 code (#58695)
  * (650590) api: add force-password-reset user API (#58904)
  * (c7e9fd) build: bump black version

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 Nov 2021 15:41:12 +0100

authentic2 (3.58) trixie-eobuilder; urgency=low

  * (96dfa4) journal: fix search by email (#58704)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Nov 2021 15:11:18 +0100

authentic2 (3.57) trixie-eobuilder; urgency=low

  * (d41136) translation update
  * (6629d7) auth_fc: strip 'NO_PROXY' from env while testing proxy support (#58391)
  * (342be7) journal: add ldap down info on failed user login (#58151)
  * (c86ed4) oidc: fix typo in client_secret_post support declaration (#58521)
  * (c8ea67) idp/saml: fix gettext call for unknown bining error (#58481)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Nov 2021 09:01:50 +0100

authentic2 (3.56) trixie-eobuilder; urgency=low

  * (f89141) ldap: discard obsolete python2 compat code (#58340)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 03 Nov 2021 11:21:08 +0100

authentic2 (3.55) trixie-eobuilder; urgency=low

  * (814be1) translation update
  * (ec16f3) models: authorize superusers to access every service (#58059)
  * (cd8f1d) manager: search events by authentication method (#57932)
  * (00400b) journal_event_types: fix incorrect FranceConnect identifier (#57932)
  * (42f257) api: add a full_known_users option to /synchronization/ endpoint
    (#57567)
  * (de5a6f) authentic2_auth_oidc: add template syntax check to claim (#58024)
  * (a80652) ldap: allow skipping user initialization if no request (#57554)
  * (ae498b) ldap: inform user when password change has failed (#57733)
  * (20cbe1) ldap: do not crash if password change is not allowed (#57733)
  * (25f0a7) misc: add attribute to current password field on change password page
    (#58105)
  * (9860f4) misc: display/hide ok password criteria glyph using visibility property
    (#58203)
  * (c834c9) misc: add support for .well-known/change-password URI (#58106)
  * (168217) ldap: support trailing slash on tls errors (#58149)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 02 Nov 2021 18:25:54 +0100

authentic2 (3.54) trixie-eobuilder; urgency=low

  * (85411f) api: allow filtering roles list (#57504)
  * (95a741) add missing capitalization in translation
  * (c51518) fix typo in translation
  * (0a3b46) manager: make slug conflict resolution simpler (#57138)
  * (9f15d4) debian: switch to debhelper-compat 12 (#57538)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Oct 2021 10:37:28 +0200

authentic2 (3.53) trixie-eobuilder; urgency=low

  * (8546db) translation update
  * (5aa2c2) api: adapt to upcoming api changes in drf 3.11 (#57638)
  * (32c1da) a2_rbac: fix typo in migration (#57591)
  * (7d2c4e) idp_oidc: refactor cleaning of claim values (#57525)
  * (bea764) misc: remove auth2_ssl module (#57209)
  * (5ad194) manager: provide a human-friendly rbac inheritance terminology (#56638)
  * (12fe40) idp_saml2: set sessionNotOnOrAfter to half the current session duration
    (#56865)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 Oct 2021 20:53:18 +0200

authentic2 (3.52) trixie-eobuilder; urgency=low

  * (2b8e3f) api: use case-insensitive lookup for get_or_create=email (#57423)
  * (605094) settings: ignore-case when linking user's by email with SAML (#57346)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 29 Sep 2021 21:03:25 +0200

authentic2 (3.51) trixie-eobuilder; urgency=low

  * (0f81b6) translation update
  * (24a4c4) ldap: allow passing realm to sync-ldap-users command (#57038)
  * (3bfe24) misc: fix deprecated-method pylint error (#56982)
  * (9babcb) misc: fix redundant-unittest-assert pylint error (#56982)
  * (0748fa) misc: fix f-string-without-interpolation pylint error (#56982)
  * (727232) misc: fix logging-fstring-interpolation pylint error (#56982)
  * (61db86) misc: fix logging-not-lazy pylint error (#56982)
  * (be73f6) misc: fix raising-format-tuple pylint error (#56982)
  * (19c5e7) misc: fix try-except-raise pylint error (#56982)
  * (8f9c96) misc: fix unbalanced-tuple-unpacking pylint error (#56982)
  * (292d6d) misc: fix unused-wildcard-import pylint error (#56982)
  * (e0b86a) misc: fix unused-variable pylint error (#56982)
  * (f3e5f4) misc: fix unused-import pylint error (#56982)
  * (d52fd2) misc: fix global-statement pylint error (#56982)
  * (0f93f4) misc: fix global-variable-not-assigned pylint error (#56982)
  * (647af6) misc: fix reimported pylint error (#56982)
  * (3ed55f) misc: fix wildcard-import pylint error (#56982)
  * (3903a3) misc: fix arguments-renamed pylint error (#56982)
  * (31d68f) misc: fix useless-super-delegation pylint error (#56982)
  * (eda115) misc: fix comparison-with-callable pylint error (#56982)
  * (b4c3bb) misc: fix eval-used pylint error (#56982)
  * (562480) misc: fix unnecessary-lambda pylint error (#56982)
  * (d8553c) misc: fix unnecessary-pass pylint error (#56982)
  * (15436a) misc: fix pointless-string-statement pylint error (#56982)
  * (904dce) misc: fix pointless-statement pylint error (#56982)
  * (c5b69b) misc: fix dangerous-default-value pylint error (#56982)
  * (b5b6fb) misc: fix use-dict-literal pylint error (#56982)
  * (9d51d9) misc: fix consider-using-with pylint error (#56982)
  * (ea5228) misc: fix no-else-continue pylint error (#56982)
  * (d79c56) misc: fix consider-using-in pylint error (#56982)
  * (19aaa8) misc: fix no-else-break pylint error (#56982)
  * (fdb8b2) misc: fix no-else-raise pylint error (#56982)
  * (2a8c06) misc: fix consider-using-in pylint error (#56982)
  * (1af441) misc: fix useless-return pylint error (#56982)
  * (a4b9e5) misc: fix consider-using-ternary pylint error (#56982)
  * (9fc2e2) misc: fix simplifiable-if-statement pylint error (#56982)
  * (8a26fc) misc: fix consider-using-from-import pylint error (#56982)
  * (1a0801) misc: fix logging-too-many-args pylint error (#56982)
  * (2071de) misc: fix no-value-for-parameter pylint error (#56982)
  * (36a31d) misc: fix assignment-from-no-return pylint error (#56982)
  * (e2647e) misc: fix undefined-variable pylint error (#56982)
  * (b49ea2) misc: fix used-before-assignment pylint error (#56982)
  * (9d7aa5) misc: fix import-error pylint error (#56982)
  * (3e5fc8) misc: fix invalid-str-returned pylint error (#56982)
  * (df66d7) misc: fix no-self-argument pylint error (#56982)
  * (e3adcd) misc: fix access-member-before-definition pylint error (#56982)
  * (f4ae48) misc: fix function-redefined pylint error (#56982)
  * (2d0b05) misc: fix return-in-init pylint error (#56982)
  * (3b6cfa) misc: fix len-as-condition pylint error (#56982)
  * (2c5acd) misc: fix ungrouped-imports pylint error (#56982)
  * (7fd28d) misc: fix wrong-import-order pylint error (#56982)
  * (f20fa5) misc: fix line-too-long pylint error (#56982)
  * (aabe4a) misc: fix consider-using-dict-items pylint error (#56982)
  * (f3609d) misc: fix bad-classmethod-argument pylint error (#56982)
  * (fa7782) misc: fix unidiomatic-typecheck pylint error (#56982)
  * (a47bce) misc: fix misplaced-comparison-constant pylint error (#56982)
  * (42f0a4) misc: fix singleton-comparison pylint error (#56982)
  * (a2d868) misc: fix empty-docstrings pylint error (#56982)
  * (7406f4) decorators: remove broken and unused decorator (#56982)
  * (716a35) tests: replace norequest decorator by explicit function (#56982)
  * (e20797) misc: update pylint configuration (#56982)
  * (2df444) trivial/translation: end error sentences with dots
  * (c3b542) franceconnect: center "link account" button (#57195)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 Sep 2021 20:38:12 +0200

authentic2 (3.50) trixie-eobuilder; urgency=low

  * (e61870) auth_saml: adapt to schema change in django-mellon (#57101)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 22 Sep 2021 15:44:19 +0200

authentic2 (3.49) trixie-eobuilder; urgency=low

  * (82a1a1) ldap: check whether backend performed actual user retrieval (#57039)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 17 Sep 2021 12:15:53 +0200

authentic2 (3.48) trixie-eobuilder; urgency=low

  * (40b792) translation update
  * (4b215c) misc: do not send password reset link to ldap users (#50348)
  * (c6fa98) tests: get rid of reset_password_ldap_user helper (#50348)
  * (40211d) views: add login method using token (#50348)
  * (ff8749) Jenkinsfile: add stage to publish coverage and unit test results
    (#56657)
  * (fd819a) translation update
  * (1c7cc0) ldap: retrieve tls info on ldap errors (#56666)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 17 Sep 2021 10:13:24 +0200

authentic2 (3.47) trixie-eobuilder; urgency=low

  * (50f9c7) ldap: add useful output to sync-ldap-users command (#54078)
  * (c72d6d) manager: disallow ordering by client in authorizations table (#56573)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Sep 2021 09:56:55 +0200

authentic2 (3.46) trixie-eobuilder; urgency=low

  * (43f8cd) csv: look for duplicate users in the target ou (#56831)
  * (03bd9d) idp_oidc: record sso refusal in journal (#56343)
  * (db0e54) debian: replace usage of deprecated which command (#56297)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Sep 2021 09:19:35 +0200

authentic2 (3.45) trixie-eobuilder; urgency=low

  * (907520) views: record consent delete (#56347)
  * (4f5110) views: do not delete all consents on post (#56348)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 10 Sep 2021 16:56:04 +0200

authentic2 (3.44) trixie-eobuilder; urgency=low

  * (3dcafd) revert child/parent translation (#56626)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Sep 2021 15:43:22 +0200

authentic2 (3.43) trixie-eobuilder; urgency=low

  * (d28d53) translation update
  * (3b5f9e) attribute_kinds: add french phone number type (#45422)
  * (65a103) manager: fix typo in user role search form (#56516)
  * (d67ff3) misc: use trigram index in free_text_search() for emails (#56439)
  * (e7ed61) misc: ignore case when searching by email  (#42880)
  * (d2a9e3) journal: make user column clickable (#56326)
  * (4b4851) journal: make event type search less strict (#55969)
  * (469e46) manager: add user deletions choice in journal search form (#55969)
  * (167d5e) manager: add access to journal event types list (#55969)
  * (d23b49) journal: refactor journal search documentation (#55969)
  * (b86297) ldap_backend: do not check group dns if there is no group filter
    (#56115)
  * (2db35f) manager: expose user deactivation reason (#19718)
  * (c7dd8f) manager: display inheritance info excerpt in table on role page
    (#53481)
  * (349890) manager: controle role inheritance using table (#53481)
  * (d052b5) manager: move role ajax checkbox js to file (#53481)
  * (5d14c6) manager: factorize SHOW_ALL_OU default value (#53481)
  * (33eb04) auth_oidc: ignore email case when linking existing users (#56392)
  * (5efacd) auth_oidc: customize handling of access_denied (#56337)
  * (10e39e) Jenkinsfile: factorize reporting as a final step (#56263)
  * (f0d322) Jenkinsfile: run slow authentic tests at night (#56263)
  * (85c532) Jenkinsfile: keep using the existing venv (#56263)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Sep 2021 17:02:08 +0200

authentic2 (3.42) trixie-eobuilder; urgency=low

  * (fc6035) translation update
  * (294004) manager: select default OU when adding a role (#56067)
  * (56972e) misc: remove excessive spaces from strings (#56007)
  * (f24096) misc: concatenate strings when possible (#56007)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 18 Aug 2021 20:54:21 +0200

authentic2 (3.41) trixie-eobuilder; urgency=low

  * (208156) translation update
  * (964992) build: distribute src/authentic2/backends/templates/ (#56074)
  * (9b0acc) auth_oidc: fix typo (#56055)
  * (6de7c5) trivial: fix typo and phrasing in ldap debug log message (#56056)
  * (4a3deb) manager: fix phrasing of LDAP link info (#56045)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 09 Aug 2021 20:47:42 +0200

authentic2 (3.40) trixie-eobuilder; urgency=low

  * (be1fa8) translation update
  * (374fd8) auth_saml: add defalut value for MELLON_LOOKUP_BY_ATTRIBUTES (#46566)
  * (c3f39b) ci: make target for check-migrations / simplify Jenkinsfile and default
    targets
  * (3fa72a) manager: prevent CSV injection through exports (#55976)
  * (d1aae6) journal: improve message when no search results (#55968)
  * (7050db) ldap: on INVALID_CREDENTIALS, try to rebind before looking up the user
    (#53685)
  * (c9b626) ldap: do not trace when SEARCH return no attributes (#53685)
  * (ef1d8c) manager: include ldap external id info in user details  (#51211)
  * (6cf8ef) manager: add and uniformize page titles (#55838)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 09 Aug 2021 09:08:30 +0200

authentic2 (3.39) trixie-eobuilder; urgency=low

  * (8b87c6) update translation
  * (a70a97) use tox in update-locales.sh
  * (1ed638) auth_fc: only check required attributes on user registration (#55836)
  * (61fa17) auth_fc: ignore non user_editable attributes when checking missing
    required attributes (#55836)
  * (009134) auth_fc: refactor missing required attributes check (#55836)
  * (4005f8) idp_oidc: handle view restriction if prompt=none (#55866)
  * (8db034) idp_saml2: handle view restriction on passive AuthnREquest (#55866)
  * (87f688) tests: add cgu_attribute fixture (#55866)
  * (2677dd) middleware: add custom handling of view restriction by views (#55866)
  * (8cd7bd) middleware: disable the common domain cookie during view restrictions
    (#55857)
  * (e377bb) middleware: refactor OpenedSessionCookieMiddleware (#55857)
  * (71dc83) translation update
  * (aaec7f) manager: add missing translation in journal form (#55851)
  * (a37f20) fix typo in translation
  * (6ed577) commands: add custom makemessages command (#55822)
  * (2e3cbd) translation fix
  * (23548e) manager: remove row link in user roles table (#55839)
  * (c8c64b) api: allow changing profile image (#52949)
  * (8e5f39) manager: move role delete and permission buttons to kebab (#55640)
  * (918e7d) manager: reorganize buttons on user details page (#55641)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 30 Jul 2021 14:14:38 +0200

authentic2 (3.38) trixie-eobuilder; urgency=low

  * (23c0d4) update translation
  * (c5e5a1) misc: block user without required_on_login attributes (#24056)
  * (34cd3c) misc: refactor ViewRestrictionMiddleware (#24056)
  * (5a1321) misc: add a required_on_login flag on Attribute (#24056)
  * (9a6269) templates: close an h3 tag left open (#55801)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 23 Jul 2021 17:15:44 +0200

authentic2 (3.37) trixie-eobuilder; urgency=low

  * (5f3ebd) translation update (~always use "utilisateur", not "usager")

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 16 Jul 2021 08:42:11 +0200

authentic2 (3.36) trixie-eobuilder; urgency=low

  * (7bb237) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 16 Jul 2021 08:16:06 +0200

authentic2 (3.35) trixie-eobuilder; urgency=low

  * (041d71) translation update
  * (34e42d) misc: update import statements (#55602)
  * (fac97f) misc: move utils/__init__.py to utils/misc.py (#55602)
  * (678798) admin saml: handle binary content in metadata http response (#55455)
  * (426705) manager: show only roles user is a member of (#55542)
  * (9b6e2e) forms: add autocomplete attributes for registration (#41131)
  * (fdd3f1) misc: add pyupgrade files/notes (#55519)
  * (7bc0fc) misc: apply pyupgrade (#55519)
  * (7408e4) idp_oidc: use sessions's expiry age as seconds not days (#55508)
  * (f391bb) api: limit find_duplicates to one organization unit (#55419)
  * (31f25c) ldap: include server address in error logs (#55383)
  * (2928bb) a2_rbac: fix inconsistencies in OUs' user password reset option
    (#46650)
  * (dc2667) utils: reshuffle user flag retrieval precedence (#46650)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Jul 2021 21:42:52 +0200

authentic2 (3.34) trixie-eobuilder; urgency=low

  * (7f67ec) idp_oidc: use sessions's expiry age as seconds not days (#55416)
  * (4650f3) tox.ini: do not run environments with Django 1.11

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 06 Jul 2021 10:15:40 +0200

authentic2 (3.33) trixie-eobuilder; urgency=low

  * (bf3603) manager: remove JS to populate slug field (#54649)
  * (da6013) views: evaluation context error will success (#55127)
  * (5a02e2) settings: define form rendrer allowing widgets templates override
    (#54675)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 01 Jul 2021 14:12:02 +0200

authentic2 (3.32) trixie-eobuilder; urgency=low

  * (e4504a) user_import: make sure legacy utf-8 encoding doesn't crash (#55008)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 24 Jun 2021 10:00:36 +0200

authentic2 (3.31) trixie-eobuilder; urgency=low

  * (dec65e) translation update
  * (26f5b9) auth_fc: add titles to links opening in new window (#54560)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 24 Jun 2021 09:40:58 +0200

authentic2 (3.30) trixie-eobuilder; urgency=low

  * (3b10e7) tox: limit psycopg2 to < 2.9 (#54925)
  * (0fb978) idp_oidc: adapt to changes in jwcrypto 0.9.1 (#54740)
  * (7db6fe) tests: move idp_oidc tests in a subdirectory (#54740)
  * (1792fb) tox.ini: do not test anymore with DRF 3.4

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 17 Jun 2021 08:50:38 +0200

authentic2 (3.29) trixie-eobuilder; urgency=low

  * (a8dbff) debian: set spooler-max-tasks for uwsgi (#54626)
  * (d53bce) debian: enable uwsgi memory reports (#54610)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 07 Jun 2021 15:28:39 +0200

authentic2 (3.28) trixie-eobuilder; urgency=low

  * (4eb5e4) ldap: do not crash on timeout in get_ldap_group_dns (#54405)
  * (b961ec) api: add page size parameter to user's API (#54514)
  * (da8d57) tests: add key id to JWKSET in idp oidc (#54503)
  * (434a32) clean-user-exports: prevent crash when missing directory (#54406)
  * (78b07a) api: record actions in journal (#48010)
  * (b7b9a3) ldap: record user reactivation in journal (#54170)
  * (65d34a) views: do not link to registration when it is closed (#52770)
  * (332f3c) templates: fix OU link in role pages breadcrumb (#54201)
  * (0f848e) templates: use common breadcrumb in role edit page (#47703)
  * (e71abf) manager: remove useless link from journal breadcrumb (#47702)
  * (d8cd51) manager: allow filtering services by OU (#54190)
  * (d838ad) manager: fix appbar link style in service view (#54192)
  * (c49d2c) misc: do not "correct" email domain on enter key (#50763)
  * (8faea5) csv_import: remove modify import form (#53463)
  * (08ece0) templates: state password reset email is always sent (#53597)
  * (24d428) import_site: remove obsolete dry run provisionning protection (#51462)
  * (92a988) misc: restore select2 translations (#54147)
  * (a92133) manager: show deleted users informations in journal (#51808)
  * (5e29c7) manager: search deleted users by email (#51808)
  * (e77c98) journal: permit custom prefetching (#51808)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Jun 2021 17:56:55 +0200

authentic2 (3.27) trixie-eobuilder; urgency=low

  * (32cc38) journal: remove unused template (#54295)
  * (66a058) manager: avoid validation error on journal date search (#54295)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 26 May 2021 11:41:02 +0200

authentic2 (3.26) trixie-eobuilder; urgency=low

  * (1a236f) ldap: do not trace if deactivation_reason is None (#54198)
  * (4a31ee) fix typo in translation
  * (b09dbe) misc translation fix
  * (a1f478) translations: stop talking about "applications" (#16180)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 May 2021 11:33:16 +0200

authentic2 (3.25) trixie-eobuilder; urgency=low

  * (161325) views: automatically redirect after diplaying a success message
    (#54172)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 May 2021 09:45:22 +0200

authentic2 (3.24) trixie-eobuilder; urgency=low

  * (c0e722) translation update
  * (d18054) manager: use proper submit label for password change view (#53650)
  * (99d765) manager: use propre submit button label for create user view (#53650)
  * (8268e9) ldap: record user deactivation in journal (#52671)
  * (231f1e) LDAPBackend: reactive user on login/synchronization if inactive
    (#52670)
  * (a63507) ldap: make .build_external_id() resilient to missing attribute (#54080)
  * (019159) auth_fc: do not update user email with email returned by FC (#45199)
  * (f14839) test: auth_fc updates the user email with FC info (#45199)
  * (4f8f5f) tests: fix tests on ppolicy (#51239)
  * (ff9e90) ldap: default use_controls to False (#51239)
  * (1f6378) ldap: add method to get ppolicy operational attributes (#51239)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 May 2021 08:42:36 +0200

authentic2 (3.23) trixie-eobuilder; urgency=low

  * (99f55b) translation update
  * (f2cdd4) manager: paginate user role view (#53151)
  * (146908) journal_event_types: add user email change (#52567)
  * (802fa8) auth_oidc: log user_info content at DEBUG level (#53929)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 18 May 2021 15:19:32 +0200

authentic2 (3.22) trixie-eobuilder; urgency=low

  * (71e686) translation update
  * (734995) locale: change password reset french translation (#53408)
  * (f78970) utils: remove global recording of password resets (#53653)
  * (df7fa5) misc: remove documentation files (#53764)
  * (7d0303) forms: do not call password validation JS too early (#53651)
  * (318c70) ldap: deactivate orphaned users of old sources (#52924)
  * (4fca92) doc: add instructions for developers to update translations (#51277)
  * (f24d90) doc: add a reference to the release cycle (#51668)
  * (6a16ab) auth_oidc: log id_token content for debug (#53591)
  * (fb43ef) saml: do not show invalid SSO message to end-user (#53716)
  * (627c4d) misc: ignore last commit in git-blame (#53714)
  * (a265c6) misc: remove unicode prefixed strings (#53714)
  * (adf8bf) csv_import: handle null bytes (#53323)
  * (0afeb1) templates: load static library using {% load static %} (#53227)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 May 2021 09:01:16 +0200

authentic2 (3.21) trixie-eobuilder; urgency=low

  * (0c342c) translation update
  * (a4c3ff) add missing format strings for translation
  * (7f8353) auth_fc: handle case of multiple FranceConnect accounts with same email
    (#53409)
  * (86219a) auth_fc: fix typo in views.py (#53409)
  * (95d8f6) views: add registration method to registration email context (#21914)
  * (5172ff) journal: show default cursor on row hover (#47892)
  * (7eee08) csv_import: do not send creation email when simulating (#53453)
  * (c51adc) clean-unused-accounts: use get_user_queryset() (#53446)
  * (8915d6) auth_oidc: add STRATEGY_FIND_USERNAME to match sub with username
    (#53445)
  * (c7418a) tests: relax assertions in safe_get_or_create test
  * (f0d695) manager: display role UUID (#52225)
  * (fd7435) manager: include oidc and saml federation info in user details (#28210)
  * (30ee54) manager: display progress while importing users (#50163)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 28 Apr 2021 12:13:12 +0200

authentic2 (3.2) trixie-eobuilder; urgency=low

  * (5ca05f) auth_fc: restore button on registration page (#53241)
  * (87677f) auth_fc: completely move account creation into the view (#52929)
  * (a208a4) auth_fc: ensure token and user_info are never empty (#52929)
  * (035c60) auth_fc: separate link from login use case (#52929)
  * (5aff1a) utils: pass given service to journal in login (#52929)
  * (316248) compat: add a set_cookie function (#52929)
  * (c514c6) utils: add a safe_get_or_create() primitive (#52929)
  * (03a874) crypto: add utility for create hash chains (#52929)
  * (afc6ec) crypto: remove py2 compatibility code (#52929)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 19 Apr 2021 11:19:22 +0200

authentic2 (3.1) trixie-eobuilder; urgency=low

  * (cf9c0b) auth_oidc: report token endpoint errors to user and in logs (#47656)
  * (e78036) auth_saml: handle underscores in idp slug (#52981)
  * (b429cf) forms: add honeypot field to password reset form (#52883)
  * (7248be) management: add command to cleanup old export files (#52626)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 15 Apr 2021 21:31:28 +0200

authentic2 (3.0) trixie-eobuilder; urgency=low

  * (49cee4) auth_fc: restore button accessibility (#52805)
  * (40e5bc) manager: add permissions based access to global journal (#52765)
  * (cfb8a0) tests: detect use of --nomigrations through pytestconfig
  * (d8ce46) ldap: filter users by source in deactivate_orphaned_users (#52917)
  * (40eeaa) clean-unused-accounts: run every hour, but limit the number of
    notifications sent (#52644)
  * (c70f20) views: use LDAPBackendPasswordLost to switch to LDAP account (#43585)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 12 Apr 2021 15:35:02 +0200

authentic2 (2.100) trixie-eobuilder; urgency=low

  * (aa0e76) auth_fc: save forced mapping of first_name and last_name (#52855)
  * (12fc2b) auth_fc: save unusable password of new users (#52855)
  * (20e610) auth_fc: check required attributes values (#52818)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 08 Apr 2021 12:05:23 +0200

authentic2 (2.99) trixie-eobuilder; urgency=low

  * (b39a13) auth_fc: make button resizable (#52766)
  * (6a77c0) auth_fc: restore button size (#52754)
  * (296fc9) debian: add spooler parameter to multitenant init script (#52756)
  * (ffdf8a) auth_fc: update bouton on linking page (#52755)
  * (8123cc) auth_fc: handle button hover effect in css (#52759)
  * (566fa8) debian: add required spooler creation to multitenant package (#52686)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 06 Apr 2021 13:33:16 +0200

authentic2 (2.98) trixie-eobuilder; urgency=low

  * (02e409) translation update
  * (a9b667) fix code-style
  * (4af9b0) debian: add --spooler option to uwsgi (#52655)
  * (0a880d) utils: set LDAP auth backend when resetting password of an LDAP account
    (#52638)
  * (269a3b) debian: add missing python3-uwsgidecorators dependency (#52645)
  * (91a190) manager: easier journal filtering by event types (#50054)
  * (f361cf) settings: remove ATOMIC_REQUESTS=True (#52627)
  * (36fd7c) manager: import roles using CSV (#24921)
  * (b3bc13) manager: export users asynchronously (#43153)
  * (413604) manager: move user export code (#43153)
  * (6937f2) misc: add uwsgi spooler (#43153)
  * (c79cc3) auth_fc: remove registration view, create and log in user (#50964)
  * (98c1ff) auth_fc: update FC connect button and add hover effect (#52612)
  * (931e5b) update pylint.rc with last version from w.c.s. (#51639)
  * (ebc5a9) misc: fix reference to urllib.parse (#52601)
  * (92a1ee) trivial: fix variable name used for invalid group_by_time (#52603)
  * (d658eb) import pylint config from w.c.s. and simplify launch (#51639)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 02 Apr 2021 17:03:01 +0200

authentic2 (2.97) trixie-eobuilder; urgency=low

  * (13cd49) forms: specialize form for password reset by username (#52013)
  * (5baca2) data_transfer: validate Role.slug and Role.uuid fields (#52192)
  * (b21d5a) tests: copy/paste users tests to member users api (#50889)
  * (ed01a4) api: add list and retrieve role member(s) api (#50889)
  * (852655) api: upgrade change_role permission to manage_members (#50889)
  * (9be334) api_views: handle both kind of TimeError (#52444)
  * (ead865) readme: fix isort parameters
  * (475184) misc: remove six module usage (#52503)
  * (8b506d) misc: remove some unused imports (#52457)
  * (6c4aad) misc: remove some python2 compatibility code (#52457)
  * (41e2c8) add isort configuration (#52457)
  * (86d946) misc: apply isort (#52457)
  * (3dc618) add black configuration (#52457)
  * (4bb33d) misc: apply black (#52457)
  * (57ded4) authenticators: attach login failure record to user (#51626)
  * (f962bd) manager: include ou in roles csv export (#45809)
  * (5130aa) manager: fix site_json field label (#52200)
  * (067678) templates: add select2 field translations (#47855)
  * (ff8c2a) misc: empty redundant migration authentic2.0033 (#47699)
  * (14883a) misc: do not silence failures of migration authentic2.0028 (#47699)
  * (762cba) ldap: add method and command to deactivate orphaned users (#6379)
  * (1c3bac) ldap: add DN to normalized results

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 31 Mar 2021 19:19:24 +0200

authentic2 (2.96) trixie-eobuilder; urgency=low

  * (3e7112) translation update
  * (abd83b) misc: fix documentation string ref in journal search engine
  * (e15dd6) manager: instuct opening user switch link in private window (#45513)
  * (62b7fb) data_transfer: allow missing role slug (#51463)
  * (961af9) utils: add setting to choose email sending format (#50745)
  * (d0b6b6) templates: improve color contrast in csv import report (#50162)
  * (0f4439) csv_import: allow settings password hash (#50156)
  * (7aa260) manager: allow execute from simulation in csv import (#50159)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Mar 2021 22:54:15 +0100

authentic2 (2.95) trixie-eobuilder; urgency=low

  * (534df3) manager: record then execute user deletion (#51671)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Mar 2021 15:53:14 +0100

authentic2 (2.94) trixie-eobuilder; urgency=low

  * (898105) translation update
  * (902c86) trivial: fix typo in error message
  * (4484b7) tests: fix faulty email validator test (#51624)
  * (2048d0) ldap: redirect /password/change if it is about to expire (#51268)
  * (409305) ldap: fix misleading variable /timeBeforeExpiration/expiration_date/
    (#51274)
  * (2c6c03) misc: send password reset email even if disabled account (#20830)
  * (1ae7ac) misc: send password reset email even if no account (#47469)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 04 Mar 2021 21:29:42 +0100

authentic2 (2.93) trixie-eobuilder; urgency=low

  * (1192ec) translation update
  * (5a534e) tests: simplify idp_oidc tests
  * (e2fa4c) journal: empty references qs should return no statistics (#49670)
  * (2d803b) api_views: only show filtering by OUs if relevant (#49670)
  * (dd3ed1) statistics: allow filtering by users OU (#49670)
  * (c27792) api_views: factorize code for stat decorator (#49670)
  * (2f4260) app_settings: enable login rate limiting by default (#50771)
  * (8a5432) custom_user: remove User's deleted field (#51452)
  * (8e0f6d) misc: delete users synchronously (#51452)
  * (2bdd08) manager: add a column to display role is synced from ldap (#51120)
  * (0225be) saml: add missing **kwargs to method (#50747)
  * (2089b8) utils: mention expression on condition validation error (#50016)
  * (9a4ab6) ldap: differentiate errors during bind (#51353)
  * (8df0d9) custom_user: forbid special characters in names (#51194)
  * (926aad) manager: show missing role recap in csv import (#50166)
  * (e895bb) csv_import: add auto key column detection (#50157)
  * (229582) csv_import: ignore empty role values (#50158)
  * (143dec) auth_saml: user default user's queryset (#51454)
  * (3cdd9e) ldap: log missing group dn when mapped to a role (#50928)
  * (ebd152) api: ignore deleted users when using update/get_or_create (#51368)
  * (492338) api: do not mix get_queryset() and filter_queryset() (#51368)
  * (562cb4) misc: use non-autoescaping template render for email text bodies and
    subjects (#51374)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 04 Mar 2021 09:00:25 +0100

authentic2 (2.92) trixie-eobuilder; urgency=low

  * (7b500f) auth_oidc: use SameSite=Lax (#51252)
  * (06461f) Jenkinsfile: test with django 2.2 on regular runs
  * (8a01e5) tox.ini: test with django 2.2 on regular runs

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Feb 2021 14:28:51 +0100

authentic2 (2.91) trixie-eobuilder; urgency=low

  * (5a335b) translation update
  * (814e01) ldap: optionally collects messages from ppolicy
  * (8efb3e) journal: ignore event referencing deleted service in statistics
    (#50987)
  * (cc02a3) ldap: additional tests for the keep_password function (#50931)
  * (882ce5) doc: explain how to run all the tests (#50921)
  * (0e2117) doc: run tests with code coverage (#50921)
  * (27c3ef) doc: note about tests/test_ldap.py failing because of apparmor (#50921)
  * (a2ccc2) doc: instructions to setup a development environment (#50921)
  * (5b4cf3) doc: sphinx.ext.pngmath is now sphinx.ext.imgmath (#50921)
  * (4aa751) manager: display user deactivation date (#51112)
  * (3b1283) manager: use dedicated method to deactivate user (#51112)
  * (d41242) utils: do not record login if simulated (#50975)
  * (46c977) custom_user: add field to store user deactivation time (#50966)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 18 Feb 2021 10:50:58 +0100

authentic2 (2.90) trixie-eobuilder; urgency=low

  * (09d8a6) api: do not clobber HTTP verb methods in viewsets (#50919)
  * (751463) auth_oidc: enforce SameSite=Lax on the state cookie (#48347)
  * (2eeb1c) ldap: removed unused setting group_dn_template (#50922)
  * (8e0f0b) ldap: add group_basedn to _DEFAULTS (#50922)
  * (692543) ldap: transition to lowercase dn from case mixed in sessions (#50908)
  * (19a8df) ldap: ignore case of group distinguished names (#50908)
  * (2a5f5c) debian: fix typo in debian/control
  * (71b3ca) auth_saml: report user creation errors (#50834)
  * (e5f368) misc: control similarity threshold for fts (#50781)
  * (1c8c81) auth_saml: log mapping errors during user creation (#48784)
  * (ab6ee4) settings: mark laposte.net as well-known domain, not laposte.fr
    (#50765)
  * (e45f69) custom_user: search email by subtring or trigram in FTS search (#50732)
  * (62654a) ldap: make user_attributes.from_ldap case insensitive (#50528)
  * (ade4c6) registration: restore paragraph/bold style in completion message
    (#50700)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 08 Feb 2021 16:12:07 +0100

authentic2 (2.89) trixie-eobuilder; urgency=low

  * (8e191d) misc: add migration to fix absence of immutable_unaccent() (#50462)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 28 Jan 2021 22:40:53 +0100

authentic2 (2.88) trixie-eobuilder; urgency=low

  * (51bece) api_views: order users as free_text_search() when `q` is used (#50536)
  * (4c029a) api_views: order users as in the model (#49899)
  * (9cec4c) manager: remove default ordering for user's table (#50534)
  * (95e35f) manager: order link column by last_name first (#50535)
  * (ab7d3d) manager: load jquery first (#49872)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 27 Jan 2021 11:40:37 +0100

authentic2 (2.87) trixie-eobuilder; urgency=low

  * (1ff879) settings: decrease A2_DUPLICATES_THRESHOLD to 0.2 (#50445)
  * (e306d5) add missing string in previous translation update

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 25 Jan 2021 12:04:33 +0100

authentic2 (2.86) trixie-eobuilder; urgency=low

  * (04224c) translation update
  * (961403) use honeypot field to detect robots on registration form (#50108)
  * (ab6638) custom_user: specialize free_text_search for common search terms
    (#49957)
  * (f4908a) tests: use pytest style (#49957)
  * (c98b0f) authentic2: add full text search to AttributeValue (#49957)
  * (3cb60a) custom_user: index User.username and User.email (#49957)
  * (511d1d) api_views: prevent crash with statistics and old DRF (#49447)
  * (230cec) idp_oidc: fix MissingParameter initialization (#50217)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 22 Jan 2021 12:19:54 +0100

authentic2 (2.85) trixie-eobuilder; urgency=low

  * (78dff6) manager: do not wrap journal timestamps (#50055)
  * (09c68b) manager: check permissions before showing add user button (#49893)
  * (081a4e) utils: fix subscript checking for python 3.9 (#49608)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 12 Jan 2021 14:33:28 +0100

authentic2 (2.84) trixie-eobuilder; urgency=low

  * (ae5a9c) translation update
  * (1d0969) manager: do without disabled add user button on users page (#45338)
  * (a6eb71) build: update to use origin/main
  * (f904f0) do not store username in password reset tokens (#49131)
  * (71183a) misc: add autocompletion support for separated number and street fields
    (#48918)
  * (69b9e7) tests: adapt test_massive_role_parenting to change in Operation
    (#49592)
  * (9eb526) restore password reset only for active users (#49131)
  * (1f2ea1) Add A2_RESET_PASSWORD_ID_LABEL parameter (#49131)
  * (fd248e) Allow users to provide their email or username for password reset
    process (#49131)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 04 Jan 2021 12:13:12 +0100

authentic2 (2.83) trixie-eobuilder; urgency=low

  * (02f00a) translation update
  * (d098a6) api_views: allow dates in statistics datetime filters (#49485)
  * (12fd24) django_rbac: replace Operation.name by a registry (#49142)
  * (32de73) csv_import: use absolute URL for password reset (#49479)
  * (ea62c3) tests: update test_check_and_repair_managers_of_roles (#48372)
  * (95b452) misc: remove update_roles_admins post_migrate (#48372)
  * (bdb80f) misc: add checks and repairs on admin roles permissions and ou (#48372)
  * (c0c98c) misc: fix check of manager's roles ou (#48372)
  * (e7a647) misc: format long line (#48372)
  * (09c7bd) misc: move check of manager's roles (#48372)
  * (00d2f2) misc: does not check global email uniqueness (#48372)
  * (42b3ab) misc: change registration of check-and-repair methods (#48372)
  * (4a3696) api: small adjustements to statistics endpoints (#49174)
  * (f48d3b) style: show all password rules on one line (#49263)
  * (52d0d7) jenkins: make tox verbose
  * (e231c9) misc: ignore name argument for compatibility with DRF==3.4 (#49110)
  * (a8fa85) translation update
  * (1687d1) idp_oidc: make access_token validity depends on expiration or session
    existence (#48889)
  * (847411) idp_oidc: replace secrets.compare_digest() for python<3.6 (#47900)
  * (4b9be7) idp_oidc: simplify oidc_client fixture (#47900)
  * (380215) idp_oidc: implement correct error reporting in user_info (#47900)
  * (213639) idp_oidc: add a simple oidc client fixture (#47900)
  * (34e8ca) idp_oidc: correctly load session in OIDCCode and OIDCAccessToken
    (#47900)
  * (a82141) idp_oidc: improve error reporting in token endpoint (#47900)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 15 Dec 2020 15:26:43 +0100

authentic2 (2.82) trixie-eobuilder; urgency=low

  * (d91570) translation update
  * (e8d20c) misc: decode bytes in User.set_random_password() (#49072)
  * (be38c3) tox.ini: only show warnings from authentic2
  * (2cc198) api: add statistics endpoints (#48845)
  * (206fec) tests: fix indentation (#47943)
  * (550e5d) manage: ensure created users have a password (#47943)
  * (9fe6ce) misc: use set_random_password() in csv_import (#47943)
  * (4a2305) misc: add User.set_random_password() (#47943)
  * (8c3902) misc: do not modify email when marking users as deleted (#48264)
  * (c1345a) journal: add event type statistics (#47467)
  * (5371f9) backends: define a total ordering for user's querysets (#49009)
  * (fda0fe) misc: don't display "Manually enter..." checkbox on disabled widget
    (#48953)
  * (c5d925) misc: remove references to deprecated menu module (#48906)
  * (a888b1) misc: remove references to deprecated dashboard module (#48906)
  * (ed055e) authentic2_idp_oidc: verify next url againts clients redirect_uris
    (#48739)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Dec 2020 08:28:06 +0100

authentic2 (2.81) trixie-eobuilder; urgency=low

  * (1a995c) translation update
  * (08827a) api: check and normalize phone numbers (#48350)
  * (b2f926) auth_oidc: handle case of multiple users with same email but email
    should be unique (#48339)
  * (7fdf86) debian: restore use of launch-authentic2.sh in authentic2 package
    (#48701)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 Nov 2020 23:43:20 +0100

authentic2 (2.80) trixie-eobuilder; urgency=low

  * (60c182) misc: cleanup remaining tables from django-admin-tools (#48614)
  * (015316) misc: remove check on sync-metadata --source option (#48500)
  * (f89842) misc: add more checks on email address localpart (#48133)
  * (9dea38) misc: clean LDAP accounts of deleted users (#48168)
  * (5ece39) auth_saml: clean accounts of deleted users (#48168)
  * (0e24a3) auth_fc: clean accounts of deleted users (#48168)
  * (c56e4d) auth_oidc: clean accounts of deleted users (#48168)
  * (9b135f) misc: emit signals on DeletedUser creations (#48168)
  * (7e0139) misc: set unusable password on federated users (#48136)
  * (8b89b7) auth_oidc: normalize unicode strings (#48174)
  * (5d28c9) auth_oidc: make account unique on (provider, user) and (provider, sub)
    (#48174)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 17 Nov 2020 16:39:56 +0100

authentic2 (2.79) trixie-eobuilder; urgency=low

  * (0dac93) translation update
  * (a0f106) auth_fc: misc django 2 compatibility (#48158)
  * (1cc2fd) misc: defer null-character check in api to submodule initialization
    (#48114)
  * (8d6b46) auth_saml: reorganize and fix tests (#48117)
  * (7b002f) auth_oidc: use a signed state (#47825)
  * (6cd84a) auth_saml: always add mapping as MappingError details (#47760)
  * (d47bc8) misc: prevent internal URL leak in browser history (#47302)
  * (dcb4b4) misc: add registration redirect URL to whitelist (#47302)
  * (e5e560) misc: coding style (#47302)
  * (7a3be2) validators: work around lack of NULL char check in forms.CharField
    (#46625)
  * (d3c962) misc: check null characters in query-string and form data (#46625)
  * (2600bf) auth_fc: update first_name and last_name only when required (#47566)
  * (cbd43d) auth fc: make fc_display_name more resilient (#47566)
  * (4e0be8) auth_fc: add tests on login with minimal user_info (#47566)
  * (e28713) tests: simplify FranceConnect tests (#48042)
  * (9f08f5) auth saml: put newly created user in default OU (#46484)
  * (79045b) api: allow anonymous requests to address autocomplete endpoint (#48031)
  * (976dec) idp_oidc: make ending slash optional (#47918)
  * (b4b23c) debian: disable write exception in uwsgi.ini (#47809)
  * (d2d037) auth_saml: rename toggle-role action to add-role (#46857)
  * (f72283) misc: add caption before external ids in check-and-repair (#42179)
  * (89814b) misc: fix admin role bad permissions using get_admin_role (#42179)
  * (7c4f72) a2_rbac: do not break unicity when get-or-creating admin role (#42179)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 02 Nov 2020 22:38:46 +0100

authentic2 (2.78) trixie-eobuilder; urgency=low

  * (45a93b) manage: hide journal app whose icon is missing (#47891)
  * (911f84) test_journal: add missing make_naive (#47872)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 21 Oct 2020 14:04:27 +0200

authentic2 (2.77) trixie-eobuilder; urgency=low

  * (1fc76f) misc: don't expose journal in publik menu (#47813)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 19 Oct 2020 09:42:41 +0200

authentic2 (2.76) trixie-eobuilder; urgency=low

  * (e8fa64) MANIFEST.in: add templates from journal
  * (db0789) translation update (#47773)
  * (13bb51) misc: modify strings for translation (#47773)
  * (11869f) profile: fix address autocomplete JS loading (#47796)
  * (4fed27) auth_saml: raise error when no saml attribute value received (#47706)
  * (8487d3) misc: integration of journal in manager (#47155)
  * (1cc04e) misc: integration of journal authentic views (#47155)
  * (9a1631) misc: add journal application (#47155)
  * (8899d2) manager: use selected ou by default in add roles form (#46643)
  * (8ae42a) manager: look for duplicates on user creation (#45419)
  * (41ef79) models: add missing migration (#47627)
  * (721617) models: order AttributeValue according to corresponding attribute
    (#47627)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 17 Oct 2020 09:13:10 +0200

authentic2 (2.75) trixie-eobuilder; urgency=low

  * (c05902) translation update
  * (89be5e) auth oidc: update user sub when linking existing user during SSO
    (#47544)
  * (5f7ae0) jenkins: create parent directory if necessary
  * (7b130d) profile_views: address autocomplete field (#41919)
  * (3b6d2c) manager: add a generic template for user roles (#47240)
  * (9c812a) manager: remind OU in user roles breadcrumb (#47240)
  * (9c00b3) manager: remind OU in user consent breadcrumb (#47238)
  * (69ec66) manager: allow role slug edition (#46656)
  * (233b28) manager: correct model field on tables (#47408)
  * (03f2b8) manager: allow ou slug edition (#46655)
  * (9a07dc) manager: move and rename consents button (#47266)
  * (bb4284) manager: hide authorizations page if no oidc service defined (#47305)
  * (6c231a) misc: prevent cleaning of unused LDAP and OIDC accounts (#47387)
  * (ed6be9) tox: limit mock version for compatibility with python 3.5

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 13 Oct 2020 11:26:30 +0200

authentic2 (2.74) trixie-eobuilder; urgency=low

  * (361511) translation update
  * (b6b665) custom_user: exclude deleted users from duplicates (#47353)
  * (29e7b8) api_views: publik compliant return form for find_duplicates api
    (#47351)
  * (d0f26f) migrations: create immutable_unaccent in public schema (#47339)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 05 Oct 2020 17:28:21 +0200

authentic2 (2.73) trixie-eobuilder; urgency=low

  * (37209c) translation update (#47207)
  * (d542d3) manager: add context to "Consent management" title (#47291)
  * (358a3f) translations: fix error message to use a real sentence
  * (7a94dc) tests: simplify deterministic encryption test
  * (6731cf) tests: mark stress test as slow
  * (d1df5a) tests: mark concurrency test as slow
  * (e6b2e5) api: add find duplicate users endpoint (#46424)
  * (458712) tests: add a large_userbase fixture (#46988)
  * (9d9e34) ci: add a --slow options to also run slow tests (#46988)
  * (dbf605) idp_oidc: ensure client is in an ou when authz is by ou (#47159)
  * (e52ebd) manager: remove dubious non-breakable spaces in translatable strings
    (#47206)
  * (1b9b01) manager: simplify user's authorizations view (#47203)
  * (65cc6b) manager: add context to "Consent management" title (#47204)
  * (b6f471) misc: expose HTTP headers in authenticators conditions (#47084)
  * (7e3834) manager: remove comment on table template (#47093)
  * (e4cc91) misc: adopt hobo way of generating the request_id (#47023)
  * (85c85b) misc: reuse and factorize conversion of int to base64 (#47013)
  * (6913ba) misc: rewrite x509utils using modern API (#46984)
  * (5a135f) misc: fix use of openssl cli (#46984)
  * (ea5998) tests: test authentic2.saml.x509utils (#46984)
  * (c37db0) manager: remove unused test on table templates (#47057)
  * (14f37a) manager: add a page to manage users authorized services (#46182)
  * (c636b1) a2_rbac: add manage_authorizations permission to custom_user (#46182)
  * (771c0f) manager: remove django <1.10 FormMixin compatibility (#46881)
  * (3ba066) manager: use selected ou by default in import roles form (#46642)
  * (9cb195) ci: run with latest pytest and pytest-django versions
  * (d2f84c) ci: add build/ to .gitignore
  * (6d0aa4) ci: choose launched tests depending on context (#47048)
  * (3b5ec1) tox.ini: fix coverage source target (bis)
  * (24580e) tox.ini: fix coverage source target
  * (8fa14b) ldap: add server URI in user lookup log messages (#47029)
  * (55021c) translations: fix spelling in user instructions in case of error
  * (7184ac) views: do not serialize missing attributes (#46906)
  * (1193c6) tests: autouse the media fixture (#46868)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 03 Oct 2020 10:35:55 +0200

authentic2 (2.72) trixie-eobuilder; urgency=low

  * (3f95f8) translation fix
  * (612778) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 22 Sep 2020 09:18:58 +0200

authentic2 (2.71) trixie-eobuilder; urgency=low

  * (6a781c) translations: misc fixes in custom po file
  * (79dcd7) translations: misc fixes in saml po file
  * (430d33) translations: misc fixes in a2_rbac po file
  * (735744) translations: improve typography in idp/saml po file
  * (1ee204) translations: misc typo fix in idp po file
  * (c244b5) translations: misc typo fixes in manager po file
  * (2a77a8) translations: improve typography in idp_oidc po file
  * (b831f0) translations: improve typography in idp_cas po file
  * (d242fc) translations: misc typo fixes in django_rbac po file
  * (13a155) translations: misc typo fixes in main po file
  * (d10937) translations: fix typos & spelling
  * (536ecc) translations: improve typography (non-breaking spaces, ’ and «»)
  * (bf5df4) api: handle multiple objects returned in get-or-create mixin (#44301)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 21 Sep 2020 16:42:15 +0200

authentic2 (2.70) trixie-eobuilder; urgency=low

  * (d305dd) translation update
  * (1e6831) login: add an option to hide cancel button (#41122)
  * (10625b) misc: remove closing tag from template translation block (#46765)
  * (f64c4b) api_views: provide a default slug for roles (#22251)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 18 Sep 2020 09:57:56 +0200

authentic2 (2.69) trixie-eobuilder; urgency=low

  * (f41c11) api_views: provide a default slug for ous (#22250)
  * (41aa37) misc: provide origin service in template context (#20699)
  * (19d892) urls: remove legacy URL routing (#46151)
  * (df4c10) authentic2_auth_fc: rely on get_plugins for beeing discovered (#46474)
  * (f190c6) authentic2_idp_oidc: rely on get_plugins for beeing discovered (#46474)
  * (e600e3) authentic2_idp_cas: rely on get_plugins for beeing discovered (#46474)
  * (7e496a) authentic2_auth_oidc: rely on get_plugins for beeing discovered
    (#46474)
  * (33cfc9) idp.saml: rely on get_plugins for beeing discovered (#46474)
  * (0d4feb) misc: load plugins through django's application registry when possible
    (#46474)
  * (6c01f7) delete authentic2-provisionning-ldap plugin (#44334)
  * (1cc56c) idp_oidc: validate redirect uri query and fragment (#44593)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 17 Sep 2020 11:46:32 +0200

authentic2 (2.68) trixie-eobuilder; urgency=low

  * (4fc945) manager: deactivate link for un-viewable roles in user details (#41733)
  * (644728) templates: improve unused account html mail body (#46417)
  * (e0d12a) debian: remove call to "init-script update" in postinst (#46595)
  * (13af58) debian: update init.d script for uwsgi (#46568)
  * (38dd42) manager: move service "edit" action from sidebar to appbar (#46008)
  * (756a4c) manager: fix import roles crash when single ou (#46448)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 14 Sep 2020 16:17:55 +0200

authentic2 (2.67) trixie-eobuilder; urgency=low

  * (b31754) debian: use uwsgi to serve app (#29297)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Sep 2020 16:23:25 +0200

authentic2 (2.66) trixie-eobuilder; urgency=low

  * (a13763) misc: add command check-and-repair (#42190)
  * (8499df) log_filter: make force debug filter work for real (#46127)
  * (41b97f) misc: validate and use a real identifier for services (#45672)
  * (ebbd51) profile_views: remove orphan html tag (#46227)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Sep 2020 11:57:33 +0200

authentic2 (2.65) trixie-eobuilder; urgency=low

  * (34c912) translation update
  * (3df3bf) views: set request.token at registration (#46248)
  * (0d2ea8) tox: tell setuptools to use distutils from stdlib (#46252)
  * (4d4abc) Jenkinsfile: use python3-venv
  * (4f3c6a) manager: add ou and role imports (#45082)
  * (7c1e2e) manager: open import site form in popup (#45082)
  * (bd4b8b) manager: enable title overriding in import template (#45082)
  * (621a5e) manager: clearer semantics and interface for export (#45082)
  * (057084) ou_views: fix typo (#45082)
  * (affa37) profile_views: provide a more general message in oidc-authz page
    (#45651)
  * (2033b7) misc: update password checking code for new form markup (#46150)
  * (5a9c40) manager: style sections of service page (#46009)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 01 Sep 2020 18:27:14 +0200

authentic2 (2.64) trixie-eobuilder; urgency=low

  * (2f5575) translation update
  * (f55332) Jenkinsfile: use .take() instead of .substr()
  * (3e1976) a2_rbac: change self admin permission to manage_members (#42086)
  * (384eb0) Jenkinsfile: do not strip BUILD_NUMBER from BUILD_TAG
  * (9461c3) js: declare variable for email domain hint div (#45984)
  * (56ffb5) js: handle undefined domain when looking for suggestions (#45984)
  * (632069) tests: add more checks in registration test (#41792)
  * (4f831f) views: warn user before generating new token (#41792)
  * (7d9e65) views: use one-time token for password reset (#41792)
  * (f7e5ad) views: use one-time token for registration (#41792)
  * (024e23) manager: group roles by OU on user page (#24397)
  * (21e0a3) check-migrations: use mktemp instead of tempfile

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 24 Aug 2020 18:27:54 +0200

authentic2 (2.63) trixie-eobuilder; urgency=low

  * (d537ad) manager: don't follow row URL on right click (#45839)
  * (a2f430) manager: ignore row clicks when an input was clicked (#45839)
  * (5d32b8) misc: add setting to set secure flag on opened session cookie (#45938)
  * (a0eeae) templates: use with_template template tag to render forms (#40159)
  * (7c2c6d) misc: set a default authentication backend priority (#45808)
  * (a66093) jenkins: shorten temporary test dir name (#45637)
  * (7d630f) manager: remove username field from view/edit pages if configured so
    (#45674)
  * (079102) misc: unserialize attribute in registration view (#45710)
  * (d1b30f) check-migrations: use bash instead of dash

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Aug 2020 08:38:31 +0200

authentic2 (2.61) trixie-eobuilder; urgency=low

  * (565028) translation update
  * (4a1e0c) idp_oidc: display authorization request errors (#40851)
  * (7fecf1) idp_oidc: deactivate service authz page according to setting (#45649)
  * (4baa83) manager: add sidebar info on users linked to FC (#27392)
  * (6c4128) manager: use a proper sidebar in user detail view (#28114)
  * (d1dda9) manager: display parent roles OU on the role members page (#43269)
  * (9a6958) manager: don't manually handle clicks when parent is a link (#45726)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 04 Aug 2020 15:13:08 +0200

authentic2 (2.60) trixie-eobuilder; urgency=low

  * (392e0a) translation update
  * (fa8082) manager: replace "is_active" column by an explicit mention (#45337)
  * (0aa845) misc: improve invalid login error message (#19944)
  * (a33013) hashers: fix drupal password hasher (#45576)
  * (069daa) translations: spelling fix
  * (292f99) manager: open in new tab on ctrl/middle-click on row (#45339)
  * (b64232) kinds: add inputmode=numeric to post code & siret widgets (#45152)
  * (bd9d06) manager: expose all OU options in /manage/ (#45542)
  * (3a13de) manager: remove username column of role members table if configured so
    (#45423)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 03 Aug 2020 13:49:56 +0200

authentic2 (2.59) trixie-eobuilder; urgency=low

  * (75f3fd) translation update
  * (9ea1fd) account: don't display authorization management link unless services
    (#45635)
  * (2117a1) manager: wait for onload before running switch-user js (#42294)
  * (3d2b51) manager: increase click zone of delete icons in tables (#45093)
  * (1a3bd4) profile_views: add a profil page to manage authorized oauth services
    (#45200)
  * (5db2ca) misc: remove deprecated py2-compatibility decorator (#45228)
  * (00366b) oidc: add title to authorization consent page (#45464)
  * (7ac1fb) Manage LDAP extra attributes (#19365)
  * (43d20a) manager: ignore select2 request if no user is logged (#45310)
  * (757b82) manager: replace "verified email" column by a checkmark next to email
    (#45335)
  * (89323a) misc: restore sniffing of csv dialect (#44016)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 31 Jul 2020 11:44:52 +0200

authentic2 (2.58) trixie-eobuilder; urgency=low

  * (9ce726) utils: remove obsolete timestamp_from_datetime (#45256)
  * (e00e88) auth_fc: make model representation py3 compliant (#45224)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 18 Jul 2020 15:54:51 +0200

authentic2 (2.57) trixie-eobuilder; urgency=low

  * (aed2c0) manager: replace None values with a marker (#44805)
  * (5c9bc2) manager: center cell values in import report (#44805)
  * (dc255b) csv_import: ignore empty values when checking uniqueness (#44805)
  * (8029d7) csv_import: ignore uncommitted users when checking uniqueness (#44805)
  * (eb3cab) manager: show user import errors inline (#44803)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Jul 2020 15:21:34 +0200

authentic2 (2.56) trixie-eobuilder; urgency=low

  * (f7010a) translation update
  * (988bca) Jenkinsfile: add pylint to normal run
  * (1480ed) Jenkinsfile: run all environments only with the timer trigger (#45070)
  * (4ede4a) manager: show indirect members of roles real roles (#44927)
  * (c429e7) manager: raise PermissionDenied if user has no add user permission
    (#45009)
  * (0dcb03) tests: move users manager tests (#45009)
  * (61c6d4) misc: remove authentic2_auth_fc from plugin system (#44369)
  * (2ae771) misc: remove authentic2_idp_oidc from plugin system (#44331)
  * (63ae59) misc: remove authentic2_auth_cas from plugin system (#44329)
  * (6fbd4e) misc: remove authentic2_auth_oidc from plugin system (#44322)
  * (0439d9) misc: remove authentic2_auth_saml from plugin system (#44320)
  * (d55edd) auth_saml: define templates base page (#40350)
  * (229566) misc: allow authenticator autorun if only one available (#28216)
  * (0bfc41) commands: send account deletion notifications to real email (#45054)
  * (df5969) Jenkinsfile: do not build hotfix only for stretch
  * (d52961) remove idp.saml from plugin system (#44319)
  * (9d377b) manager: use correct manage members flag name (#44939)
  * (9a2bb3) idp_oidc: remove unused import (#44589)
  * (13c23e) idp_oidc: check length of authorize's redirect_uri (#44589)
  * (049a37) idp_oidc: change type of OIDCCode.redirect_uri (#44589)
  * (4ff53e) tox.ini: stop testing with py2

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 13 Jul 2020 18:25:06 +0200

authentic2 (2.55) trixie-eobuilder; urgency=low

  * (308953) debian: use shell script to load /etc/authentic2/authentic.conf in
    systemd service file (#44960)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 09 Jul 2020 10:01:37 +0200

authentic2 (2.54) trixie-eobuilder; urgency=low

  * (8b70a9) translation update
  * (4300e0) saml: remove unexisting provider attributes in admin (#44910)
  * (c574d3) tests: fix missing encoding declaration (#44915)
  * (5b5501) Jenkinsfile: remove constraint on virtualenv and importlib-resources
  * (648da7) misc: remove all uses of map() (#44878)
  * (cfe067) tests: test profile display (#44878)
  * (9d2a79) auth_oidc: use correct names in attribute select field (#44829)
  * (ecd2cf) saml: remove unused LibertyProvider fields (#16313)
  * (e090ad) misc: implement customized date search for birthdate attribute (#44656)
  * (a67989) manager: decode base64 content as ASCII (#44802)
  * (d48939) py3: do not expect Exception.message (#44810)
  * (a0a6c3) fix typo in translation
  * (2aa8d4) misc: inject TEMPLATE_VARS in mail template context (#43469)
  * (0e3551) manager: use gadjo to render form (#39580)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 08 Jul 2020 10:02:46 +0200

authentic2 (2.53) trixie-eobuilder; urgency=low

  * (9004e2) crypto: accept ASCII str in aes_base64_decrypt (#44741)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Jul 2020 15:30:37 +0200

authentic2 (2.52) trixie-eobuilder; urgency=low

  * (441276) debian: adapt authentic2 package scripts for python3
  * (7ef148) python3: adapt debian packaging (#40372)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 02 Jul 2020 13:44:52 +0200

authentic2 (2.51) trixie-eobuilder; urgency=low

  * (95fa3f) test: sync test with messages
  * (018d3c) views: pass service parameter to show evaluation context (#42370)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 01 Jul 2020 11:41:35 +0200

authentic2 (2.50) trixie-eobuilder; urgency=low

  * (0b57aa) translation update
  * (8db35c) csv_import: ignore BOM (#43627)
  * (2ab4d7) auth_fc: set default priority to -1 (#44393)
  * (8fa965) mics: apply xframe_options_deny to views (#44435)
  * (442dc7) misc: use long duration cookie to check for cookie support in browser
    (#44055)
  * (47ee64) tests: ensure testserver is used as host name in all tests (#44055)
  * (862673) idp_oidc: validate sector identifier for pairwise identifier policies
    (#44164)
  * (7337b7) idp_oidc: make get_sector_identifier() a method of OIDCClient (#44164)
  * (27e8f2) user_import: do not use contextlib.nested() (#44356)
  * (c9a6f1) misc: use unicode strings in lazy_join (#43287)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 01 Jul 2020 08:34:42 +0200

authentic2 (2.49) trixie-eobuilder; urgency=low

  * (b31c6e) translation update
  * (dc7bce) misc: allow email domains suggestions (#40166)
  * (162a98) views: fix password change code (#43862)
  * (cc3b90) auth_fc: check current user is authenticated (#43970)
  * (8ee155) setup.py: limit django-filter to <2.3 (#43874)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Jun 2020 21:14:47 +0200

authentic2 (2.48) trixie-eobuilder; urgency=low

  * (4c9b1f) auth_fc: disable authenticator if improperly configured (#43653)
  * (7d5031) auth_fc: provide blank default client id and secret (#43653)
  * (6bf952) tox: limit django-filter to <2.3 (#43723)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 08 Jun 2020 11:58:57 +0200

authentic2 (2.47) trixie-eobuilder; urgency=low

  * (bc5b70) translation update
  * (a8f244) saml: soap_call takes two arguments (#43537)
  * (48e198) saml: support encoding variations in metadata validator (#43534)
  * (0d8ea4) manager: forbid changing role members when synced from ldap (#37187)
  * (ffb04c) tests: check for actual widget choices (#41939)
  * (80bb97) tests: add select2 test helper (#41939)
  * (707825) misc: send unused account alerts using translations (#43466)
  * (f50553) authenticators: delete test cookie when authentication is successful
    (#43473)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Jun 2020 08:14:20 +0200

authentic2 (2.46) trixie-eobuilder; urgency=low

  * (5ce3ef) franceconnect: add reverse-tabnabbing protection (#43217)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 22 May 2020 14:44:33 +0200

authentic2 (2.45) trixie-eobuilder; urgency=low

  * (c9b099) translation update
  * (a38a84) misc: hide disabled attributes and values (#42963)
  * (8dee69) tests: work around bytes/str usage in webtest (#43074)
  * (f3f837) misc: simplify ValidatedEmailField (#43074)
  * (bee749) manager: set created user's OU in clean() (#43074)
  * (d37e8f) misc: let User model validate identifiers and uniqueness (#43074)
  * (018e27) misc: validate emails in Model.clean (#43074)
  * (ab6954) tests: add tests on user creation trough manager (#43074)
  * (15aae1) misc: use SystemRandom to generate passwords (#43154)
  * (484ed1) idp_saml2: make list of an iterator (#43038)
  * (6a5fe2) manager: display csv import flag icons on their own line (#43067)
  * (af5708) tox.ini: add modifier to disable --sw
  * (6c8091) admin: activate SessionAdmin with mellon backend (#42852)
  * (dc2b43) admin: add DeletedUserAdmin (#41933)
  * (2b8d5e) misc: move cleanupauthentic command (#41933)
  * (bda672) misc: add a DeletedUser model to keep metadata about deleted users
    (#41933)
  * (5c6fd5) misc: remove server_error() view (#42821)
  * (640286) misc: remove LoggingCollectorMiddleware (#42821)
  * (54d11f) debian: add clean-unused-account to crontab (#42995)
  * (cd5877) auth_fc: check request and session exist in hooks (#42982)
  * (05ba0a) misc: add settings to propagate exceptions in hooks (#42982)
  * (eb83ca) auth_fc: do not resolve next url (#42822)
  * (dce9dc) dj22: decode response.content (#42950)
  * (ef144f) validators: close smtp socket after email rcpt check (#41791)
  * (4722ed) misc: use translatable labels for SAML homepage actions (#42643)
  * (148642) misc: show deleted attribute in UserAdmin (#41930)
  * (0f241a) misc: re-use logout view in deletion view (#41930)
  * (5b07d4) backends: prevent authentication by deleted user (#41930)
  * (9f0aa6) misc: replace DeletedUser model by attribute deleted on User (#41930)
  * (dd154d) widgets: use "date" input for dates (#41605)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 22 May 2020 14:39:47 +0200

authentic2 (2.44) trixie-eobuilder; urgency=low

  * (a5d843) tests: add __init__ files (#41930)
  * (9aea57) debian: set logrotate user to authentic2 (#42673)
  * (a35be9) admin: force is_locked() to False in UserChangeForm (#42694)
  * (a3bf1c) misc: completely remove use of allow_lazy (#42694)
  * (ce42f4) tests: prevent loading of a2 settings by rbac tests (#42694)
  * (ce943b) tests: add verified attributes in User admin view test (#42694)
  * (340268) tests: add test on Attribute admin view (#42694)
  * (ca39de) idp_saml2: complete test with role's attributes (#42657)
  * (985459) debian/authentic2.service: use full path in ExecStart
  * (816d4d) translations: adjust some apostrophes
  * (38ed34) remove commented translations (#42666)
  * (9cfb24) translation update (#42666)
  * (f56b01) idp_saml2: add test of add_attributes() with all kind of attributes
    (#42657)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 13 May 2020 20:01:43 +0200

authentic2 (2.43) trixie-eobuilder; urgency=low

  * (bbffe1) saml: convert querysets to proper lists (#42656)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 08 May 2020 10:55:27 +0200

authentic2 (2.42) trixie-eobuilder; urgency=low

  * (1c7ce1) saml: deal with set attributes (#42646)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 May 2020 23:33:12 +0200

authentic2 (2.41) trixie-eobuilder; urgency=low

  * (e882fb) translation update
  * (9fadcd) tests: GET the login page before POST, to prevent cookies message
    (#42280)
  * (1a0e3d) remove extra set_test_cookie (#42280)
  * (a5e372) misc: test cookies are working in login view (#42280)
  * (3ab7b2) data_transfer: use unicode_literals pragma (#42584)
  * (63a9e9) misc: remove computed_targeted_id attribute source (#42020)
  * (8b44f6) idp_saml2: produce edupersontargetedid attribute (#42020)
  * (012cb6) idp_saml2: factorize handling of XML attribute values (#42020)
  * (5e8729) idp_saml2: do not force text on attribute tuples values (#42020)
  * (c0e6d5) idp_saml2: add helpers to make eduPersonTargetedId (#42020)
  * (4b6804) idp_saml2: do not thread metadata path around (#42020)
  * (37294a) saml: make migration 0018 elidable and reversible (#42486)
  * (0dd9c2) tox.ini: ignore warning between Django 1.11 and Python 3.8 (#42504)
  * (e0526c) idp_oidc: fix order of ALGO_CHOICES in migrations (#42504)
  * (609916) django_rbac: fix path of get_hex_uuid function (#42504)
  * (1bbe96) saml: fix order of NAME_ID_FORMATS (#42504)
  * (89f7c0) misc: use NullBooleanField for BooleanField(null=True) with Django<2
    (#42504)
  * (226f1f) misc: add missing base_manager declarations to migrations (#42504)
  * (6e18d5) misc: add missing blank=True to BooleanField in migrations (#42504)
  * (89ca44) misc: remove byte strings in migrations (#42504)
  * (ddc710) custom_user: remove permission view_user (#42504)
  * (986a0b) tox.ini: add a check-migrations.sh script to check migrations on each
    run (#42504)
  * (f04e7b) oidc idp: fix link between "do not ask again" checkbox and label
    (#42489)
  * (a5d319) tox.ini: use python from environment in manage env
  * (053200) manager: add missing field validation (#37159)
  * (272e3f) manager: add FormNeedsRequest mixin (#37159)
  * (bc8437) manager: remove unused RoleForm (#37159)
  * (57d885) debian: converge packaging between authentic2 and -multitenant packages
    (#42305)
  * (4382dc) settings: set database to pgsql named authentic2 (#42305)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 07 May 2020 21:18:23 +0200

authentic2 (2.40) trixie-eobuilder; urgency=low

  * (7e13e3) translation update
  * (ea5d25) manager: fix declaration of jsi18n URL (#42174)
  * (612559) misc: do not try to support old KeyValue values (#42173)
  * (5de83b) misc: make OIDCUser.is_authenticated callable (#42172)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 Apr 2020 10:08:08 +0200

authentic2 (2.39) trixie-eobuilder; urgency=low

  * (5c2c4f) dj22: use_for_related_fields is deprecated[2] (#41238)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 28 Apr 2020 00:17:46 +0200

authentic2 (2.38) trixie-eobuilder; urgency=low

  * (b43959) auth_fc: make user and sub relatively unique (#19959)
  * (466604) tests: use migration fixture in idp_oidc migration's tests (#19959)
  * (a1b527) tests: add a migration fixture (#19959)
  * (df3e0e) tox: add django 2.2 / DRF 3.4 / DRF 3.9 test venv (#41238)
  * (dd80c4) tests: fix warning about regexp syntax (#41238)
  * (1c14ad) misc: fix deprecation warning from django-filter (#41238)
  * (c41e57) misc: fix deprecation warning (#41238)
  * (1be25f) csv_import: fix python-attr deprecation warning (#41238)
  * (4d5743) setup.py: allow DRF 3.9 (#41238)
  * (b5e213) misc: prevent leak of file descriptor in CsvImporter.run() (#41238)
  * (7f4094) misc: prevent leak of file descriptors in commands (#41238)
  * (0fd28c) tests: fix warnings in tests (#41238)
  * (7ed991) tests: rename skipUnless to skipif (#41238)
  * (d2b6f6) py3: fix warning about inspect.getargspec (#41238)
  * (b886f8) misc: limit imports at plugin loading time (#41238)
  * (b884c1) drf: verify authenticate_credentials() signature (#41238)
  * (bdeb86) drf: implement action decorator for version 3.4 (#41238)
  * (9aa91e) dj22: use_for_related_fields is deprecated (#41238)
  * (5d70e3) drf: make test less dependent on DRF error message (#41238)
  * (b4e7a0) allow for django 2.2 in setup file (#41238)
  * (f84353) a2_rbac: fix UniqueBooleanField prep value for db lookup (#41238)
  * (1237d7) auth_migrations: drop obsolete & broken unicity constraint (#41238)
  * (d44226) auth_fc: fix inconsistency in password-reset testing (#41238)
  * (0e4d0e) auth: fix backends' authn method signature (#41238)
  * (286309) import_export_site: disable prompt confirmation testing (#41238)
  * (c68258) setup: more recent django-filter version (#41238)
  * (d6a27a) idp_oidc: error message variations in tests (#41238)
  * (6ac5e1) auth_fc: http util signature variation (#41238)
  * (1e86d7) dj2.2: discard unexisting Media.add_js method (#41238)
  * (1da538) dj2.2: user.is_authenticated is not a callable anymore (#41238)
  * (d178b2) dj2.2: user.is_anonymous is not a callable anymore (#41238)
  * (c0b3df) dj2.2: proper use of lazy decorator (#41238)
  * (400b76) api: do not exclude declared readonly fields from serializer (#41238)
  * (926ab0) drf: allow for more recent drf version (#41238)
  * (67725c) drf: handle api changes in authn class (#41238)
  * (eb9f4e) dj2.2: handle widget.render signature changes (#41238)
  * (a0bb0d) misc: add missing import (#41238)
  * (35c8fd) dj2.2: admin site urls inclusion (#41238)
  * (852617) dj2.2: use i18n javascript catalog cbv (#41238)
  * (6c3b3f) dj2.2: use compat django auth CBVs (#41238)
  * (bcda3a) dj2.2: handle api change in django.db.models.options (#41238)
  * (9f3705) dj2.2: avoid direct assignment on m2m (#41238)
  * (7be097) dj2.2: kwarg fix on field initialization (#41238)
  * (5836e2) dj2.2: remove duplicate auth_migration module (#41238)
  * (4897a2) dj2.2: do not set temporary PKs as nullable ever (#41238)
  * (a1d3af) drf: use 'action' decorator (#41238)
  * (ca4d16) dj2.2: handle 'allow_lazy' import variations (#41238)
  * (8804de) dj2:2: fix 'reverse' import (#41238)
  * (bfbb22) dj2.2: cascade on delete (#41238)
  * (a8ff46) dj2.2: middleware compatibility (#41238)
  * (265db4) misc: use base64 to store PickledObjectField content (#41235)
  * (4df5a6) tests: add non-ASCII chars case for PickledObjectField (#41235)
  * (7efb84) idp_saml2: fix type mismatch when using ctree.fromstring (#41235)
  * (1f3fae) idp_saml2: convert dumps to unicode for uniformity (#41235)
  * (93bde7) tests: add data to test handling of UTF-8 in lasso dumps (#41235)
  * (9ba7bb) misc: remove dead import (#41142)
  * (3c2e06) misc: pass login-hint in authenticators condition context (#41142)
  * (cc0242) idp_oidc: set login-hint in session when requesting login (#41142)
  * (f5e033) idp_saml2: set login-hint in session when requesting login (#41142)
  * (142f6e) idp_saml2: add get_login_hints_extension accessor (#41142)
  * (52a333) idp_saml2: add a get_extensions accessor (#41142)
  * (e04b8b) misc: add login_hint parameter to login_require (#41142)
  * (2af833) tox.ini: add coverage for py3
  * (adaf0a) manager: use new manage_members permission (#20513)
  * (382715) a2_rbac: update role admins using post_migrate signal (#20513)
  * (599555) a2_rbac: add manage members permission for role admins (#20513)
  * (d9f387) Revert "manager: do not use has_any_perm() to get add permission on
    roles (fixes #20512)"
  * (afcec6) views: ratelimit email form views (#41489)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 Apr 2020 18:09:03 +0200

authentic2 (2.37) trixie-eobuilder; urgency=low

  * (a11402) idp_saml: fix missing cast to list (#41879)
  * (87b0ea) tests: add tests on SAML add_attributes (#41879)
  * (ca62cf) tox.ini: use develop

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 23 Apr 2020 11:29:01 +0200

authentic2 (2.36) trixie-eobuilder; urgency=low

  * (70c632) ldap: decode decrypted password (#41875)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 Apr 2020 15:06:55 +0200

authentic2 (2.35) trixie-eobuilder; urgency=low

  * (a89c9a) remove UTF-8 encoding of LDAP session's data (#41875)
  * (0d42dd) tests: add cache clearance autouse fixture (#41813)
  * (8b8470) fc: indent insee communes json file on multiple lines (#41839)
  * (382fef) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 Apr 2020 11:19:03 +0200

authentic2 (2.34) trixie-eobuilder; urgency=low

  * (795a2f) translation update
  * (acfe66) Revert "python3: adapt debian packaging (#40372)"
  * (1b6a85) misc: clean dead imports (#41342)
  * (673557) misc: move lazy_label in a2.utils.lazy (#41342)
  * (30439c) tests: remove unused variable (#41342)
  * (52ab85) data_transfer: validate models before updating/creating them (#41342)
  * (8f5aad) data_transfer: use ValidationError instead of DataImportError (#41342)
  * (7b8ed4) utils: add a lazy_join function (#41342)
  * (1da7f1) translation update
  * (8d5e7f) templates: remove empty action attributes (#41753)
  * (c3903a) auth_fc: add created and modified on FcAccount (#41777)
  * (978306) tox.ini: add "manage" environment
  * (ac89d2) drop deprecated python-raven sentry client config (#40372)
  * (4e3c28) python3: adapt debian packaging (#40372)
  * (1c0727) csv_import: document @registration email option (#41292)
  * (7c9b70) templates: fix login's page block name typo (#41729)
  * (441ffd) manager: make select2 fields use direct widget references (#41017)
  * (fd0401) auth_oidc: add ecdsa support (#41346)
  * (ef6897) auth_oidc: no need to extract key from keyset (#41346)
  * (ab59ef) idp_oidc: add ecdsa support (#26253)
  * (644698) misc: accept / in phone numbers (#41082)
  * (7e15de) templates: add extension blocks to registration completion form
    (#41338)
  * (3fd70b) templates: add class to registration completion form (#40158)
  * (62d15a) misc: use HTML5 type=tel for phone number input fields (#41333)
  * (ac0b50) templates/a11y: put login action links in a list (#41138)
  * (c7d51d) translation typo fix

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 17 Apr 2020 14:23:27 +0200

authentic2 (2.33) trixie-eobuilder; urgency=low

  * (a0d16d) translation update
  * (2f3320) templates: fixes in unused account emails (#41281)
  * (7ab92c) misc: do no clear last_account_deletion_start on login (#41284)
  * (426891) misc: simplify logging in clean-unused-accounts (#41284)
  * (f2f80d) misc: style, PEP8 (#41284)
  * (a8bd20) debian: remove dead pydist-overrides (#41221)
  * (d67fea) misc: remove dead files (#41221)
  * (cd175c) misc: use django-import-export >=1,<2 (#41273)
  * (2b46ed) auth_oidc: render templated claim values during authn (#37871)
  * (556f3e) auth_oidc: add id token 'as_dict' method (#37871)
  * (7991c4) auth_oidc: select from existing attributes in admin provider page
    (#37871)
  * (c4636a) auth_oidc: use custom widget in claim mapping admin form (#37871)
  * (dccf9a) auth_oidc: extend mapping claim max length (#37871)
  * (82b137) commands: send html unused account alert with link (#40522)
  * (edab05) commands: human duration in unused account email (#40521)
  * (047b27) templates: better account deletion request message (#39980)
  * (ba85c7) commands: misc improvements in clean-unused-accounts (#26909)
  * (5a8fbd) commands: per-OU unused user accounts cleaning policy (#26909)
  * (7ff5d1) a2_rbac: add missing migration (#26909)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Apr 2020 17:19:20 +0200

authentic2 (2.32) trixie-eobuilder; urgency=low

  * (2621cb) translation update
  * (989a7c) tox: restrict django-appconf version for py2 venvs (#41200)
  * (46b58e) idp_cas: drop length limit to service urls (#24022)
  * (e07cd1) csv_import: allow setting user password and sending mail (#35774)
  * (ecb4a1) utils: handle per ou template in send_templated_mail (#35774)
  * (d1c4ca) views: remove login blocks' "is_hidden" attribute (#41140)
  * (79134e) auth_fc: log transport format/errors as errors (#40862)
  * (702feb) validators: use only dnspython to resolve domains (#40989)
  * (5d8c23) python3: build ajax response using text content (#40733)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 01 Apr 2020 18:56:03 +0200

authentic2 (2.31) trixie-eobuilder; urgency=low

  * (56132b) idp_saml2: handle RelayState on posted AuthnRequest (#40722)
  * (db3201) tests: use media fixture when profile_image attribute is used (#40722)
  * (cbe383) tests: check relaystate forwarding (#40722)
  * (6df028) python3: use Django encoding module in SAML IdP (#40508)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 Mar 2020 17:55:29 +0100

authentic2 (2.30) trixie-eobuilder; urgency=low

  * (a2d7f9) translation update
  * (afa8e4) idp_oidc: render templated claims in user-info-creation utilities
    (#37884)
  * (6803bc) add a template module, copycatting wcs.qommon.template (#37884)
  * (139e9f) idp_oidc: use custom widget in client admin page (#37884)
  * (307987) forms: add a datalist textinput widget (#37884)
  * (2ca1a8) tests: apply trivial typo fix (#40749)
  * (786e4c) trivial: fix typo in phone number validation message (#40749)
  * (77cda8) auth_fc: set session to expire at browser close on login (#40479)
  * (1ca817) settings: update deprecated DjangoFilterBackend import path (#40410)
  * (b8cecb) update .gitignore
  * (3043ff) misc: allow authenticators display conditions (#28215)
  * (c10af8) manager: indent JSON exports (#40458)
  * (56f486) misc: use email domain validation (#40200)
  * (41d91e) custom_user: remove broken email validation (#40200)
  * (6703e4) translations: adjust some apostrophes

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 Mar 2020 21:13:19 +0100

authentic2 (2.29) trixie-eobuilder; urgency=low

  * (2290f8) python3: add a py3 pytest environment in tox.ini (#28276)
  * (ce3d8a) python3: load distribution before loading entry points (#28276)
  * (352a7c) python3: use // to force integer result (#28276)
  * (1b1a8b) python3: force vals to bytes in LDAP tests (#28276)
  * (a99d6a) python3: use monkeypatch in ldap tests (#28276)
  * (275756) python3: force ldap modify list vals to be list (#28276)
  * (41af68) python3: force use of protocol=0 in PickledObjectField (#28276)
  * (782004) python3: encoding variations in test_auth_fc (#28276)
  * (399119) python3: encoding variations in auth_fc.utils (#28276)
  * (92ff8c) python3: encoding variations in auth_fc.models (#28276)
  * (a0ad78) auth_fc: do not assert depending on dict elements' order (#28276)
  * (17cae7) python3: add new type of authorized node in condition validator
    (#28276)
  * (fa6cd9) python3: a number of queries in user export test should be an integer
    (#28276)
  * (2eb111) python3: create explicit list of user csv-exported attributes (#28276)
  * (bd0242) python3: handle http responses' payload as str in test_user_manager
    (#28276)
  * (f9139e) python3: absolute imports in manager.user_views cbv methods (#28276)
  * (17860e) python3: encoding variations in test_role_manager (#28276)
  * (9657e7) python3: open user-import pickle-dumping files as binary data (#28276)
  * (b3b033) python3: import site json from file content (#28276)
  * (8c2734) python3: explicit list of export keys in role manager testing (#28276)
  * (a5638b) python3: explicit list of export keys in ou manager testing (#28276)
  * (9f9ca8) python3: encoding variations in test_manager (#28276)
  * (026688) python3: json.loads takes str as input (#28276)
  * (1c66f4) python3: force text on ldap user's cached password (#28276)
  * (12e675) ldap_backend: do not crash on missing ldap data entries (#28276)
  * (338478) python3: ldap encrypted binddn must be a string type (#28276)
  * (5c53a1) python3: encoding variations in ldap testing (#28276)
  * (06670a) python3: greedy retrieval of ldap mapped-attributes' value (#28276)
  * (0ed93b) python3: user-id generation in user_import (#28276)
  * (e3f026) python3: encoding variations in auth_fc testing (#28276)
  * (009d16) python3: monkeypatching variations in import-export site cmd testing
    (#28276)
  * (a6dbdb) python3: encoding variations in tests.test_idp_saml2 (#28276)
  * (0f9f08) python3: encoding variations in saml base code (#28276)
  * (775bff) python3: variations encoding in idp.saml.saml2_endpoints (#28276)
  * (79505f) python3: remove various deprecated dict iteration functions (#28276)
  * (607219) make ExponentialRetryTimeout.seconds_to_wait always return an int
    (#28276)
  * (79e474) python3: encoding variations in idp_oidc testing (#28276)
  * (c43cc6) python3: encoding variations in idp_oidc (#28276)
  * (d5982c) python3: encoding variations in hashers (#28276)
  * (75154f) python3: fix inner iterator classes of csv_import (#28276)
  * (586f32) python3: explicit delimiter and quotechar in csv import (#28276)
  * (c297ed) python3: encoding variations in csv importer (#28276)
  * (8106e2) python3: encodinging variations in authentic2.crypto aes testing
    (#28276)
  * (b19521) python3: encoding variations in authentic.crypto aes utilities (#28276)
  * (667c11) python3: auth_oidc mocked endpoint jwt encoding (#28276)
  * (dc58fe) python3: use url-parsing utilities from django (#28276)
  * (e7bdde) tests: test invalid kid in id_token (#39136)
  * (85fc42) tests: pep8ness (#39136)
  * (556626) auth_oidc: use simple strings in exceptions (#39136)
  * (064906) jenkins: correct importlib-resources version number
  * (dfb6a9) jenkins: limit importlib-resources to 1.0.2
  * (fcaea2) oidc: always gives integer for expires_in values (#40273)
  * (d3d34e) jenkins: limit virtualenv to 20.0.5
  * (22d50a) franceconnect: update about URL to new recommended value (#40255)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 03 Mar 2020 22:34:17 +0100

authentic2 (2.28) trixie-eobuilder; urgency=low

  * (7c26a3) saml: display translation of "request has expired" (#40172)
  * (f1dcac) translations: end account activation intro text with a period
  * (9a5884) tox: limit enum34 to 1.1.6, for python 2 compatibility

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 25 Feb 2020 11:27:17 +0100

authentic2 (2.27) trixie-eobuilder; urgency=low

  * (0ef77f) translation update
  * (b1f4f8) translations: adapt "Force password change on next login" (#19675)
  * (77a6c7) manager: don't list users being removed (#20185)
  * (7ca8ff) translation typo fix
  * (ee8b54) idp_oidc: add "do not ask again" authorization checkbox (#39552)
  * (85fdc9) csv_import: explicit utf-8 encoding choice (#37901)
  * (e0f35d) misc: change translation of "active" user attribute (#27386)
  * (dfd0fd) auth fc: use <button> in unlink page (#39451)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 21 Feb 2020 13:03:32 +0100

authentic2 (2.26) trixie-eobuilder; urgency=low

  * (4e35e3) misc: use one-time tokens instead of cache (#39745)
  * (3d55b1) misc: add one-time token model (#39745)
  * (208dd0) misc: clean dead imports (#39745)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 12 Feb 2020 17:14:23 +0100

authentic2 (2.25) trixie-eobuilder; urgency=low

  * (ddba66) translation update
  * (8820ac) python3: base64-url-encoding returns bytes (#31171)
  * (98425a) python3: handle AES padding variations (#31171)
  * (185e59) python3: struct-unpack C strings into Python bytes (#31171)
  * (c1c8ca) python3: struct-packed C strings are Python bytes (#31171)
  * (a6dba1) python3: oidc client jwk secret encoding in tests (#32447)
  * (a78d51) python3: deprecate django.utils.encoding.smart_unicode (#31155)
  * (124409) adjust site title variable in manager base template (#31155)
  * (26ebbb) utils: verify next_url without encoding it
  * (45ef11) python3: encode oidc authn test claims (#32452)
  * (1f19c3) python3: ascii-decode user credentials for register API testing
    (#32451)
  * (1bbe76) python3: enforce text type on django's HttpResponse.content (#32450)
  * (f63bd3) python3: reduce needs proper six import (#32449)
  * (ac65fa) python3: explicit file opening mode (#32448)
  * (89f1a4) idp_oidc: py3-compliant authn header encoding in tests (#32446)
  * (9c9db9) python3: define a base64 decoding exception (#31180)
  * (a54565) translation fix
  * (2c3d0e) idp_oidc: add ou selection on ropc grant (#39383)
  * (929535) manager: remove unused widgets (#39380)
  * (86fe3b) manager: replace invalid widget split term operator (#39380)
  * (64abfd) auth2_fc: set novalidate on unlink cancel button (#39445)
  * (f03e3a) ldap: do not fail if Role.MultipleObjectsReturned is raised (#39274)
  * (82532d) tests: disable kerberos plugin that coud be parallel-installed (#39393)
  * (81c09b) ldap: update description of keep_password/clean_external_id_on_update
    (#39389)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Feb 2020 08:50:49 +0100

authentic2 (2.24) trixie-eobuilder; urgency=low

  * (b94ce1) translation update
  * (d6c874) idp_oidc: fix typo in authz view warning msg, introduced in #35205
  * (27f4e2) auth2_fc: set default scopes to profile and email (#39231)
  * (fdc809) auth_oidc: custom login template (#39260)
  * (dda27f) idp_oidc: support oauth2 resource owner password credential grant
    (#35205)
  * (ba597c) auth_saml: allow custom template for each idp login block (#39154)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 27 Jan 2020 18:21:02 +0100

authentic2 (2.23) trixie-eobuilder; urgency=low

  * (8f15b8) translation update
  * (abed3f) views: better display password reset instructions (#38054)
  * (8e4831) translation update
  * (c3d61e) manager: keep gadjo style for widgets in dialogs (#38904)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 15 Jan 2020 17:06:53 +0100

authentic2 (2.22) trixie-eobuilder; urgency=low

  * (c56165) auth2_fc: display an error message on misc error code (#38748)
  * (811f47) translation update
  * (a2c3bc) auth_saml: separate idps blocks on login page (#38248)
  * (3b2da0) misc: limit django-model-utils version to a version supporting django
    1.11

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Jan 2020 11:55:32 +0100

authentic2 (2.21) trixie-eobuilder; urgency=low

  * (1928ac) translation update
  * (ad3f27) registration: show only email address in post-registration message
    (#37923)
  * (f17dad) registration: simplify post-registration message (#38053)
  * (f28ad2) Jenkinsfile: use mergeJunitResults() (#38297)
  * (afe09e) jenkins: don't assume presence of optional data in test results
    (#38266)
  * (211262) tox.ini: use pytest's junit legacy format
  * (1b7803) templates: add django blocks around login/registration templates
    (#38262)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 11 Dec 2019 15:06:30 +0100

authentic2 (2.20) trixie-eobuilder; urgency=low

  * (94f4ec) authenticators: add easy accesible OU based on service's ACL (#36783)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 05 Dec 2019 12:30:09 +0100

authentic2 (2.19) trixie-eobuilder; urgency=low

  * (1a2cdb) translation update
  * (7005cd) misc: refactor login url build for OIDC providers (#38125)
  * (e6d046) auth_fc: add css class to links block (#38086)
  * (216323) auth: separate OIDC providers in blocks on login page (#31259)
  * (0fc5a9) crypto: use pycrytodomex, replace Crypto with Cryptodome (#38017)
  * (84b8f3) csv_import: use flag default value (#37900)
  * (f713d6) translation fix
  * (2cc2cf) tests: drop partial sqlite support
  * (6d064a) auth_oidc: drop now-redundant django-jsonfield dependency
  * (cef04c) Revert "add compatibility layer for support of Django native JSONField
    (fixes #29193)"
  * (722cc7) translation update
  * (fba5f1) manager: clearer error message on invalid csv import file (#37374)
  * (2936f2) csv_import: display error message on bad encoding (#37374)
  * (55ec20) saml: ensure LibertyProvider.metadata is always unicode
  * (3d3df4) models: lock user model when changing multiple attribute values
    (#37390)
  * (173f63) api: work around ambiguous time error on DST change (#37238)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 Dec 2019 17:19:36 +0100

authentic2 (2.18) trixie-eobuilder; urgency=low

  * (9d8572) adapt registration test to template changes (#37390)
  * (c8ce9f) debian: discard deprecated pycrypto dependency (#35584)
  * (072f36) crypto: key-derivation must have at least one iteration (#35584)
  * (5f3589) crypto: ensure that aes cipher salts are bytes (#35584)
  * (8879c1) delete old values when set new multiple attribute values (#32025)
  * (e3bf97) user: replace use of Attribe.set_value in concurrency test (#32025)
  * (ba2704) user: handle user.attributes getter for multiple attributes (#32025)
  * (653e82) user: handle user.attributes setter for multiple attributes (#32025)
  * (da5e60) templates: remove note about link validitity in registration message
    (#37359)
  * (5aa3bc) debian: remove wheezy support (#15966)
  * (7f6385) update translations (#35773)
  * (f12353) csv_import: allow adding roles (#35773)
  * (64157d) csv_import: make sure has_errors is toggled (#35773)
  * (50657e) translation update
  * (e448aa) i18n: use proper syntax for multiple-parameter strings (#37056)
  * (4cc456) oidc authn: verify id token signature (#31862)
  * (e47224) csv_import: display all row errors (#36832)
  * (b07653) python3: 'hex' is not an encoding anymore (#36995)
  * (20a967) python3: basic authz header encoding in tests (#31175)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 31 Oct 2019 18:18:20 +0100

authentic2 (2.17) trixie-eobuilder; urgency=low

  * (1f73b6) translation update
  * (b65fc2) views: fix a bad format in a logger.info string (#36978)
  * (6438cf) api: allow patch/put API to empty a role (#36918)
  * (da9857) manager: show user deletion status (#36788)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 Oct 2019 11:23:36 +0200

authentic2 (2.16) trixie-eobuilder; urgency=low

  * (66e5bb) debian: don't set syslog handlers for django_select2 if undefined
    (#36787)
  * (8a3161) fix typo in translation

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 08 Oct 2019 17:47:40 +0200

authentic2 (2.15) trixie-eobuilder; urgency=low

  * (dcbc62) translation update
  * (d177f4) data_transfer: fail importing on empty role uuid (#31083)
  * (9159c4) django_rbac: always prevent empty uuid (#31083)
  * (5b8b62) set upper bound on django-import-export dependency version (#36774)
  * (cdc2cf) idp_oidc: check client is not None (#36720)
  * (9e0b32) api: handle wrong payload types in role memberships direct definition
    (#36727)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 08 Oct 2019 16:46:30 +0200

authentic2 (2.14) trixie-eobuilder; urgency=low

  * (5adef1) translation update
  * (1cedef) api: role members direct definition (#36377)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Oct 2019 19:01:20 +0200

authentic2 (2.13) trixie-eobuilder; urgency=low

  * (a93c66) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 Oct 2019 14:47:22 +0200

authentic2 (2.12) trixie-eobuilder; urgency=low

  * (05340b) api: extend DRF date field to accept empty string (#36365)
  * (96f853) api: returns no user if service-slug is unknown (#35189)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Oct 2019 16:11:33 +0200

authentic2 (2.11) trixie-eobuilder; urgency=low

  * (27add2) debian: fix typo in control file dependency (#36655)
  * (d9918e) api: filter users based on OIDC client authorized roles (#35191)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Oct 2019 12:07:39 +0200

authentic2 (2.10) trixie-eobuilder; urgency=low

  * (a61d2b) jenkins: use ci@enttrouvert.org for notification
  * (2349e2) adapt manager tests (#34133)
  * (f93c71) tests: add tests on a2_rbac post_migrate handlers (#34133)
  * (a31315) update translation (#34133)
  * (968a6e) a2_rbac: add default role of service administrator (#34133)
  * (4115e6) debian: do not use unnecessary pre-dependencies (#36433)
  * (c5625c) end django 1.8 support (#36429)
  * (62441e) accounts: send validation email before self-triggered account deletion
    (#27823)
  * (588dcf) misc: consider all roles prefixed with _ as internals (#36504)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 02 Oct 2019 13:27:13 +0200

authentic2 (2.9) trixie-eobuilder; urgency=low

  * (b7b0b9) Copy attribute's DRF field kwargs before use (#36098)
  * (6a3a1c) csv_import: import cleaned fields (#35800)
  * (e18a48) misc: ignore non-request objects in log filters (#35629)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 13 Sep 2019 11:14:41 +0200

authentic2 (2.7) trixie-eobuilder; urgency=low

  * (288423) auth_fc: differentiate registration login block with a class (#29227)
  * (beb832) a2_rbac: add ROLE_ADMIN_RESTRICT_TO_OU_USERS setting (fixes #35391)
  * (5133e0) a2_rbac: use bulk update of admin_role permissions (#35391)
  * (43cb2f) a2_rbac: remove unused argument to Role.get_admin_role() (#35391)
  * (4c9fcc) a2_rbac: validate uniqueness of Role.slug (#35767)
  * (1a8783) a2_rbac: move tests (#35767)
  * (7a7da5) authenticators: select default OU based on service's ACL (#35213)
  * (6d1731) api: add non blank validation on required attributes (#35647)
  * (c98f24) api: add a hashed_password attribute for user api (#35482)
  * (ba6e88) views: sign next parameter in logout() (#35782)
  * (bc3ef6) utils: add signed next_url support to make_url() (#35782)
  * (cb0215) custom_user: user DRF field to serializer custom attributes to JSON
    (#24401)
  * (ba721d) api: factorize making a DRF field for an attribute (#24401)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 09 Sep 2019 13:48:30 +0200

authentic2 (2.6) trixie-eobuilder; urgency=low

  * (58f1c5) update french translation
  * (870ab1) misc: mark template-in-code string for translation (#32794)
  * (837c5d) emails: always provide a site variable (#32789)
  * (aa584a) api: recreate get/update_or_create mixin at the view level (#35710)
  * (7669f2) auth_oidc: make OIDCProvider.jwkset always be a jwcrypto JWKSet obj
    (#35346)
  * (900c8d) Revert "Revert "misc: remove auth2_ssl entrypoint (#35418)""
  * (c8bce8) Revert "misc: remove auth2_ssl entrypoint (#35418)"
  * (595f31) migrations: remove dependency on auth2_ssl (#35418)
  * (40307f) auth_saml: add more mapping actions in A2_ATTRIBUTE_MAPPING (#35302)
  * (94486a) utils: add module to evaluate condition expressions safely (#35302)
  * (5cb847) create authentic2.utils package (#35302)
  * (0f17a5) log_filters: get user and ip from record if present (#35302)
  * (e9897c) misc: remove auth2_ssl entrypoint (#35418)
  * (983eb2) build: limit to django-jsonfield<1.3, for Python 2 support
  * (8e4a5e) forms: mark fields expecting a new password (#26385)
  * (5732f2) a2_rbac: rename role's admin role on role's rename (#34774)
  * (d6fbfa) a2_rbac: do not use lazy string in model name (#34774)
  * (4a28ed) a2_rbac: remove unused symbol (#34774)
  * (d79de5) api: prevent password change on get_or_create (#34950)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 04 Sep 2019 15:26:18 +0200

authentic2 (2.5) trixie-eobuilder; urgency=low

  * (e274ba) auth_oidc: properly redirect to authz endpoint when logging in (#35294)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 07 Aug 2019 16:22:33 +0200

authentic2 (2.4) trixie-eobuilder; urgency=low

  * (21257d) auth_saml: implement attribute provisionning after first login (#35283)
  * (0fd980) remember 5 last selected ous on login form (#35209)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 07 Aug 2019 14:42:46 +0200

authentic2 (2.3) trixie-eobuilder; urgency=low

  * (ab5ee3) translation update

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 19 Jul 2019 09:11:17 +0200

authentic2 (2.2) trixie-eobuilder; urgency=low

  * (b9caa4) add new switch-user tool (#34308)
  * (6b39c1) remove switch_back view (#34308)
  * (6f0b83) manager: use l10n for state name of import (#34750)
  * (6fa101) manager: csv import, translation row action (#34748)
  * (0bcd0a) manager: use change_user permission for "me" view (#15264)
  * (ca239e) a11y: don't hide focus ring on focused franceconnect button (#34815)
  * (a62b43) templates: use gadjo to render account edit form (#26546)
  * (b77bf5) manager: add opacity transition when refresh is in progress (#8543)
  * (8aaa47) saml: do not propose normal users to add a service provider (#5836)
  * (1b5e53) manager: add a me/ view (#15264)
  * (14d0a3) tests: add tests to check for role's admin role cleanup (#34774)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 16 Jul 2019 12:24:42 +0200

authentic2 (2.1.82) trixie-eobuilder; urgency=low

  * (01880f) fix mispelling in translation

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 11 Jul 2019 08:32:51 +0200

authentic2 (2.1.81) trixie-eobuilder; urgency=low

  * (3bb74a) tests: fix test on role creation (#34704)
  * (f7e5f2) api: adapt validation to get/update_or_create (#34619)
  * (b9962e) update translations (#34570)
  * (cb42e4) manager: mark csv import example strings for translation (#34569)
  * (5b324d) manager: add margin to csv import help section (#34567)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 09 Jul 2019 20:14:05 +0200

authentic2 (2.1.80) trixie-eobuilder; urgency=low

  * (26be52) whitelist send_registration_email_next_url using HMAC signature
    (#34115)
  * (7e3fad) misc: move account related messages into templates (#21017)
  * (7be25f) views: validates logout next URL (#33087)
  * (1c6fd8) a2_rbac: add partial unique index on Role's name (#33944)
  * (df6ceb) manager: always check role's name uniqueness (#33944)
  * (adc021) idp_oidc: add more freedom for matching redirect_uri (#33516)
  * (bc18f5) idp_oidc: use \n as separator between redirect_uri (#33516)
  * (00aae0) auth_fc: force acr_values to eidas1 (#34448)
  * (ef31bc) manager: add help on users imports (#34238)
  * (8d68c3) tests: don't send http post json payload on role membership creation
    (#33443)
  * (97e2aa) views: validates EditProfile next_url (#33084)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 04 Jul 2019 17:17:05 +0200

authentic2 (2.1.79) trixie-eobuilder; urgency=low

  * (904b58) manager: wrap csv import in provisionning context manager (#34458)
  * (a4339f) jenkins: add support for hotfix releases (#34485)
  * (27702e) add request as first argument to all backends (#33992)
  * (8bb83c) remove auth2_ssl (#33992)
  * (83fe68) manager: move page title in page_title (#34233)
  * (dc93a5) ldap: do not block check_password and get_attributes if LDAP is down
    (#34316)
  * (00fb03) tox.ini: remove sqlite from default environments (#34296)
  * (40a8d1) admin: allow OU user_can_reset_password flag to be edited (#33604)
  * (f149bd) MANIFEST.in: add missing authentic2_auth_saml template (#34426)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 02 Jul 2019 15:21:49 +0200

authentic2 (2.1.78) trixie-eobuilder; urgency=low

  * (e1838e) manager: add accessor to report state (#34235)
  * (b50cd0) manager: update translation (#34234)
  * (1e492f) manager: translate state names (#34234)
  * (09b7ae) manager: update translation (#34236)
  * (4dd3e9) manager: use ngettext (#34237)
  * (fd2639) csv_import: report line of the first value seen on duplicate (#34270)
  * (8cdd0c) tox.ini: require django-model-utils<3.2 for django 1.8
  * (0908e7) translations: fix spelling in password login form (#34300)
  * (a78e5c) manager: use <th> for header cells in user import tables (#34241)
  * (446ada) manager: use correct closing tag for legend title (#34240)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 27 Jun 2019 09:34:04 +0200

authentic2 (2.1.77) trixie-eobuilder; urgency=low

  * (c8e005) csv_import: do not create userexternalid on update (#34258)
  * (1ecaa8) csv_import: set ou of created users (#34253)
  * (06b729) setup.py: add requirement on attrs

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 24 Jun 2019 11:57:25 +0200

authentic2 (2.1.76) trixie-eobuilder; urgency=low

  * (2ff175) require python-attr>17

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 22 Jun 2019 21:30:55 +0200

authentic2 (2.1.75) trixie-eobuilder; urgency=low

  * (90b410) tests: adapt test to string change
  * (9e9bdc) Revert "clear warnings on missing migrations with Django 1.11 (#34232)"

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 22 Jun 2019 20:41:52 +0200

authentic2 (2.1.74) trixie-eobuilder; urgency=low

  * (1dca7e) translation update
  * (e8171a) modify strings to ease translation
  * (e0071f) add script to update locales
  * (751afd) clear warnings on missing migrations with Django 1.11 (#34232)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 22 Jun 2019 20:31:45 +0200

authentic2 (2.1.73) trixie-eobuilder; urgency=low

  * (dc3582) manager: add user import views (fixes #32833)
  * (fe0895) add csv import framework (#32833)
  * (8c06ed) custom_user: rename clean_fields to validate_unique (#32833)
  * (853140) add unique constraint to UserExternalId (#32833)
  * (ac45c5) manager: don't include bullets in radio fields (#28164)
  * (6691d5) forms: implement locked fields by renaming and widget change (#32954)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 22 Jun 2019 13:06:01 +0200

authentic2 (2.1.72) trixie-eobuilder; urgency=low

  * (de917d) franceconnect: use rel=noopener for links opening in new tabs (#34038)
  * (c20b10) misc: fix spelling in French message (#34117)
  * (ed932c) misc: update French translation to use "réinitialiser", no dash
    (#34116)
  * (64a13a) misc: adjust password reset log messages (#34126)
  * (b25f37) fc: use gettext for unknown INSEE code error message (#33602)
  * (231458) python3: deprecate file builtin (#32815)
  * (a516e0) python3: define a FileType in tests/test_commands.py (#32815)
  * (246e0d) py3: use XMLParser not XMLTreeBuilder (#32818)
  * (d2abe8) manager: allow word breaking in users tables (#33822)
  * (d5a55f) saml: don't error when logging a 8bit artifact response (#32795)
  * (e28e30) manager: hide the username column (#33971)
  * (407f4c) show synced LDAP users with verbosity > 2 (#33870)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 19 Jun 2019 15:26:22 +0200

authentic2 (2.1.71) trixie-eobuilder; urgency=low

  * (66b96a) translation update
  * (0bffa2) translation update
  * (a083fb) auth_saml: add missing mellon base template (#33743)
  * (4d18e9) misc: remove "you have been logged out" message (#33703)
  * (b960e1) misc: redirect user to homepage after password reset (#33611)
  * (bedcbc) registration: add a note about spams (#27097)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Jun 2019 14:56:43 +0200

authentic2 (2.1.70) trixie-eobuilder; urgency=low

  * (59c913) static: track password change with "input" event (#33571)
  * (7eda05) integrate authentic2-auth-fc in packaging (#20852)
  * (30dc69) views: do not set password on unlink for LDAP users (#24710)
  * (11dcce) show change password link after user unlink (fixes #32953)
  * (95d59c) views: clean FranceConnect session variable on unlink (#32953)
  * (1c40ec) adapts to spring cleaning in authentic (#32866)
  * (338b02) py3ize obviously non-compatible code (#32866)
  * (8d2771) improve code style (#32866)
  * (72d48a) add copyright headers (#32866)
  * (3ca5c4) apps: hide password management link when FC authenticated (#27083)
  * (ffc66b) misc: rename authentication "frontend" to "authenticator" (#14475)
  * (a8c355) templates: add alt texts to image links (#29408)
  * (2ea59c) tests: adjust not to find link by label (#29228)
  * (4fbe55) improve markup of login_registration template (#29228)
  * (052553) views: search email case insensitively (fixes #29007)
  * (483b0d) lock first name and last name (fixes #27044)
  * (d082fb) utils: apply mapping to custom attributes before static ones (#27044)
  * (517dad) center explanation text (#27182)
  * (1b8ee0) launch tests with Django 1.11 (fixes #27095)
  * (929b58) views: pass service field to fc login post registration (fixes #21908)
  * (18ce5d) css: do not force button height (#25763)
  * (d3c163) add missing close tag (#21908)
  * (a9823e) update french translation (#21908)
  * (a041be) keep authentication context (fixes #21908)
  * (06d4e9) don't alter can_reset_password flag for users without an FC account
    (#25655)
  * (c4eade) remove use of context_instance (fixes #25532)
  * (e78fbb) implement AppConfig.a2_hook_user_can_reset_password (fixes #25535)
  * (54edc1) do not set a password on FranceConnect users (#25535)
  * (87e2a5) don't load authentic2 template tags (#25393)
  * (126dbd) templates: merge duplicated class attributes (#25353)
  * (3340c5) misc: don't use addtoblock to insert fc.css (#25356)
  * (b8efc1) tests: add tests on new password related functions (#24835)
  * (90eefd) app_settings: set password to random value by default (#24835)
  * (199589) views: ask for new passord on unlink only if logged using FC (#24835)
  * (2522e7) utils: fix typo in warning log (#24835)
  * (c7521d) utils: add special case for mapping the User.password (fixes #24835)
  * (58a10d) use REQUESTS_PROXIES instead of A2_FC_REQUESTS_PROXIES (#24929)
  * (6b424d) add fc requests proxies support (#24713)
  * (e688ba) views: prevent None success URL in unlink view (fixes #24708)
  * (db85ba) utils: fix access to verified property of mappings (fixes #23271)
  * (5ea505) remove url patterns to support django 1.11 (#23270)
  * (21b4f9) do not allow unauthenticated access to unlink page (fixes #22405)
  * (1008eb) api: add franceconnect information to user's API when ?full is used
    (fixes #21962)
  * (10337a) locale: update french translations for release 0.10 (fixes #21874)
  * (c0f2d4) views: show warning to users with a mail linked to another FC account
    (fixes #21292)
  * (a8cc9c) retry HTTP requests 3 times (fixes #21783)
  * (e4a6e5) add support for service slugs on login
  * (7fb822) fix login with a non-unique email where an account linked to another FC
    account already exists
  * (b5b174) augment timeout on POST to FC to 10 seconds (fixes #21596)
  * (7a76b9) add request to fc-link hook (fixes #20288)
  * (6bce73) call a2 hooks for linking and unlinking events (fixes #20228)
  * (5da884) update french translations (#20078)
  * (359446) views: change messages levels (#20078)
  * (8c3387) views: do not permit linking if the user has already a link to FC
    (#20078)
  * (387252) views: forbid automatic linking based on email if multiples users are
    found or if target user has already a link (fixes #20078)
  * (ccffde) backends: make sub parameter non optional in authenticate()
  * (ccb4db) always unlink from all FC accounts (fixes #19947)
  * (2de20a) update FC logos (#19585)
  * (8cae4f) update login and register buttons images (#19162)
  * (42bc28) replace logo image for account linking (#17391)
  * (4894bb) views: force fc-register to always redirect post registration to fc-
    login-or-link (fixes #19270)
  * (8a5d97) utils: allow a mapping to depend from another using tags (fixes #19251)
  * (ee2a82) utils: add an if-empty modifier to only set a value from FC if the
    existing value is empty (fixes #19250)
  * (6d0114) utils: normalize mapping in apply_user_info_mappings (#19250)
  * (a55a6f) views: block DisplayMessageBeforeRedirectMiddleware on redirect to FC
    (fixes #19247)
  * (7a289d) utils: add a notempty transformation for attribute mappings (fixes
    #19233)
  * (2b333e) django 1.9 compatibility
  * (1c5b76) backends: always create new accounts in the default OU (fixes #18764)
  * (20de25) views: automatically link user with existing email if email is unique
    (fixes #18763)
  * (fbb562) models: check issuer using only URL scheme and netloc (fixes #18766)
  * (922cea) tests: test with non ASCII characters
  * (ea0a25) utils: do not set absent references to None, ignore them instead (fixes
    #18765)
  * (e1b125) style: switch to extra-body-class for custom body class (#17983)
  * (219e0c) views: remove dead code
  * (3c189a) utils: allow referencing a sub object of user_info in attribute mapping
  * (c05bb4) views: add setting for FC scopes
  * (22c88a) backends: fix logging of unicode strings
  * (7723df) utils: fix mapping of user attributes
  * (be4a82) indicate registration URL is coming from france connect module
  * (e11e14) redirect to auth_logout if no post logout redirect URI is found
  * (a08604) fix typo introduced in commit a7677f4bc0aa (#17331)
  * (860c57) templates: use different ids for link and its container (#17421)
  * (f06b34) allow fc unlinking through api (#15297)
  * (fecfd3) do not logout from local session on unlink (bis #17331)
  * (21ca2b) do not logout from local session on unlink (fixes #17331)
  * (ad43f1) fix issuer check
  * (5a8bf4) use only underscores in session variables to allow access from
    templates
  * (673dde) improve reporting of error on access token requests
  * (f94461) validate id_token
  * (7d34d1) use state as nonce and check nonce returned in id_token
  * (f3671f) add missing data files insee-communes.json and insee-countries.json
  * (b32567) pep8ness
  * (17ff1e) generate a random state linked to the session
  * (642782) set confirm_data="required" when auto_register is used (fixes #16771)
  * (115b55) redirect to logout on unlink
  * (ded531) do not log an error for normal oauth2 errors
  * (ce4dba) improve mapping of FC attributes to A2 attributes (#10062)
  * (4d08e8) pep8ness
  * (becc4f) always return to /logout/ after FC logout (fixes #15223)
  * (51950e) update french translation
  * (2f325c) use authentic2.utils.login instead of django.contrib.auth.login (fixes
    #14338)
  * (805a5d) fix deprecation warning about get_cache()
  * (d10b35) style: don't let button oversize its container (#13216)
  * (dd2fb7) add a brief explanation after "what is franceconnect?" (#13174)
  * (83dc1a) add initial migration (#13077)
  * (33db4a) Update official about link.
  * (788818) Move registration frontend method to the Frontend (fixes #11351).
  * (5262af) Hide linking button on profile frontend if the user is already linked
    (fixes #11328).
  * (797689) Add email in linking message (fixes #10912).
  * (da6949) Improve wording on unlinking page.
  * (7a8568) Fix bad translation.
  * (1cad60) Prevent to add a link with an FC account already linked with another
    user (fixes #10791).
  * (032a39) Remove obsolete setting.
  * (9b9f5a) Hide unlinking link if the user has no password and can't set it (fixes
    #10775).
  * (6b45d6) Prevent unlinking if the user has no password and can't set it (fixes
    #10775).
  * (0fb6d4) Update login or create account message.
  * (44a62e) Ask password at unlinking when the user has no usable password (fixes
    #10524) (ter).
  * (86f20d) Ask password at unlinking when the user has no usable password (fixes
    #10524) (bis).
  * (eb2ea0) Ask password at unlinking when the user has no usable password (fixes
    #10524).
  * (e80db2) Define a registration frontend and manage account creation with FC data
    (fixes #10621).
  * (32e71f) Add a registration view (fixes #10621).
  * (ba11f6) Display on the login page a button for quick account creation (fixes
    #10510).
  * (56fb0f) Add new scopes at login (fixes #10510).
  * (315f06) Remove deprecated idp info form the unicode of an FCAccount (fixes
    #10628).
  * (6d2c46) New image for the linking button and style refined.
  * (635267) New images for the login button and style refined.
  * (5ee5db) Remove title from profile frontend.
  * (f4fceb) Inactive users can not authenticate (fixes #10312).
  * (15ca4e) Return URL at logout from unlink is not a named url anymore.
  * (1c4a33) Set an explicit return URL at logout from unlink in app settings.
  * (b7012a) Redirection ending logout return un url, not named url.
  * (5f1c7b) Add some debug logs.
  * (d28fd5) Change default value of settings CREATE and LOGOUT_WHEN_UNLINK
  * (8d2fbe) Implement prefilling of registration form (fixes #10267).
  * (968981) Really clean session at logout.
  * (3abb7e) Update message at account linking.
  * (0b931d) translation: fix a typo
  * (2b8a0b) Refine data provider management.
  * (f4ddbd) Handle ressource resolution failure and fail sso in that case.
  * (51f7ad) Handle errors in access token call as for ressource resolution.
  * (c9d8f8) Use a single logger declaration.
  * (f16139) Enhance messages and update translations.
  * (703ca6) Use the official images and about link (fixes #9718).
  * (4f1843) Add a setting for about page url set in the frontend contexts.
  * (584d92) Add missing logger declaration (from 89f3efd15f0b).
  * (a86f61) Refactor logout at unlinking.
  * (84d1b3) Add a setting to enable unlinking when account creation is activated.
  * (9d19fb) Handle token response connexion errors.
  * (e48415) Do not create a new user if the user is already authenticated.
  * (7be7f9) Handle token response errors.
  * (06a995) Add log at user creation.
  * (b00491) Move logout url building to a utils file.
  * (170d36) POST data for the token request is not in json.
  * (e421f6) Plugin method for logout by redirection and no more logout in an iframe
  * (28571c) No logout from unlink view when not logged on FC.
  * (d083aa) Logout after unlinking.
  * (be2e57) logout_list returns a uri for redirect, string for iframe.
  * (26ff01) New app settings.
  * (48d8ae) Add a callback view for logout.
  * (d8ac2b) Remove js popup class for linking for now.
  * (6ef3a5) Update translations.
  * (d55a62) Update style for a small FC button.
  * (2679bb) Add link creation button from frontend profile template.
  * (ae646d) Add translation tag to frontend connecting template.
  * (dbf844) FranceConnect does not take space separator.
  * (1c603d) Load i18n tag in frontend connecting template.
  * (728174) add load tags in frontend linking template.
  * (ec32f9) Enhance FC button style.
  * (1ed0e1) Adapt templating structure for stylesheet including and display a FC
    button.
  * (a311dd) Bits of style for a FC button.
  * (c33538) Add new FC image.
  * (b49311) Update translations.
  * (19b819) Modify unicode of FcAccount Model.
  * (24ba87) Add unlink links on account management page.
  * (954249) Add csrf token and unlink explanations to unlink page.
  * (566891) End unlink view.
  * (81ce1b) Name unlink url.
  * (713f77) add an unlink view
  * (9649f4) Use same template as msp plugin for login page.
  * (b0b808) Update translations.
  * (8c6cd9) Display FC logo with the login template.
  * (aa407e) Add FC logo.
  * (2f1cb5) Remove trailling whitespaces.
  * (dc4b39) Add linking content with the frontend profile method.
  * (181998) Add data provider requesting.
  * (00b0f4) Add settings to define data providers.
  * (db8f62) Set FcAccount user_info field at login.
  * (d5e241) Add user_info field to FcAccount model.
  * (3c150e) Finish logout, it would be better to do it after logout from all SPs
  * (4a12ab) First working implementation, logout is not finished
  * (f1abc8) app_settings: rename enabled to enable
  * (2d740a) remove __version__ and dependency on sekizai
  * (9e252f) views: add debug logs, improve info log, copy id_token and user-info
    into session
  * (e46274) auth_frontends: remove profile() method
  * (590063) Remove static files
  * (a5c11d) Remove unused templates
  * (6f6493) pep8ness
  * (c4ccd5) Fix JWT payload extraction
  * (b40414) Keep only the LoginOrLinkView
  * (177995) Rename MSP plugin as FC plugin
  * (d37985) Fix source package name in changelog
  * (2d28df) Initial packaging
  * (2f8f19) Use reference to the custom user model
  * (9ce5e1) bump release to 1.0.5
  * (35baf7) Update french locale
  * (ac648a) bump release to 1.0.4
  * (b010e4) Fix production URLs for token and APIs web-services
  * (dbb4ca) bump release to 1.0.3
  * (640276) Fix unclosed tag in linking.html template
  * (1cf162) bump release to 1.0.2
  * (412765) Fix escaping of URL as a javacsript string
  * (aadcdc) Hide the MSP block when the nomsp parameter is present in the URL (old
    behaviour broken)
  * (559193) bump release to 1.0.1
  * (a91ccf) bump release to 1.0.0
  * (b1425e) Set default URL for MSP production endpoints in app_settings
  * (e2814a) Delete MSP links on account deletion cron job and also when the
    DeletedUser object is created
  * (6884f3) Implement the authentication frontend using the new API
  * (ecdc5b) Add custom CSS to add some margin on top of MSP dialogs
  * (51d929) Load popup javascript at end of page
  * (74ce53) Fix template paths
  * (7ebaec) Log when an existing link AGC is changed
  * (3425cf) When creating a new link or changing an existing link, delete existing
    ones to the same AGC
  * (0e7240) Improve logging
  * (98d9ee) Fix import of ImproperlyConfigured in app_settings
  * (a939f2) Refactorize application to make it an authentic2 plugin (2/2)
  * (8754c0) Refactorize application to make it an authentic2 plugin (1/2)
  * (23ed19) Create MspAccountManager with a cleanup() method to cleanup obsolete
    MSP link when the cleanupauthentic command is run (refs #5573)
  * (5e7d39) Make MspAccount.user nullable (refs #5573)
  * (15138c) Add an api_call method to the MspAccount model (refs #5573)
  * (2213fb) Do not initialize the logger globally in msp models (refs #5573)
  * (97c923) msp: pass error from MSP to authorization requester
  * (31ff98) msp: remove debugging statement
  * (5bf0c7) apps/msp: add support for getElementsByClassName on all browsers
  * (e596a3) msp: fix app path in urls.py
  * (375a23) msp: make login-or-link the default behaviour also for connexion from
    the login page
  * (de1aef) msp: log when deleting stale msp accounts
  * (0f727c) msp/views: fix missing variable cache
  * (bc2aac) msp: always ask for the DEL_AGC scope with the GET_AGC scope
  * (85443e) templates: fix wording
  * (3a9a18) msp: replace PARTENAIRE in MSP templates by 'compte citoyen'
  * (ee8960) msp: use all graphical and html resources from MSP
  * (476129) msp: integrate msp theme
  * (8e4f66) msp: do no throw an unicity constraint error when user try to create a
    new link when an existing still exist
  * (a9de94) msp: allow the authorization view to display in cross-domain iframes
  * (c200d2) msp: argument next_url of redirect_and_come_back should support query
    strings
  * (2b0bb8) msp: hide the connection box when nomsp is in the query string
  * (014549) msp: update fr translation
  * (bbd70b) msp: in link creation from msp workflow, add message to incite the user
    to authenticate
  * (922ca7) msp: add a refresh token method to MspAccount models to verify if the
    account link is alive
  * (239b00) msp: when creating a new link, save the access token
  * (11a47c) msp: preserve access token in callback views after call to the token
    web service
  * (2ec1c5) msp: update fr translations
  * (14cbec) msp: store access token in account association object
  * (1d000b) msp: cleanup
  * (e9be4c) msp: add login-or-link view
  * (ef5048) msp: remove dead code
  * (a9c593) msp: add redirect_and_come_back() for redirect to another page and then
    coming back to the current one
  * (827595) msp: add a next_url argument to the redirect() method it overrides
    default computation of the redirect URL
  * (2d6e22) msp: clean unused imports
  * (69100f) msp: fix authn context name
  * (d1e84d) msp: fix missing self argument
  * (09dd4e) msp: msp authentication is equivalent to password authentication over
    HTTPs for SAML 2.0
  * (8bd986) msp: add OAuth2 and rest proxy endpoints
  * (226344) msp/locale: fix syntax error
  * (c86a1f) msp/locale: fix grammatical error, use mon.Service-Public.fr as MSP
    name everywhere
  * (10a3e9) msp: add missing static files
  * (2c5f4d) msp/views: remove remaining reference to SSOViewMixin
  * (0016d5) msp: remove SSOViewMixin and reduce scope required for sso views
  * (986b6d) add msp integration application
  * (b7cf6e) utils: use proper view name for homepage in unauthorized message
    (#33593)
  * (dd72a9) custom_user: return early on empty search terms (#33586)
  * (19e606) templates: add django blocks to password login form template (#33576)
  * (bd0947) a2_rbac: fix RoleParenting.__str__ magic method (#33328)
  * (d0908c) style: don't use sometimes broken ex units in password validation
    (#33385)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 31 May 2019 15:03:20 +0200

authentic2 (2.1.69) trixie-eobuilder; urgency=low

  * (d03f4f) api: accept get/update_or_create parameter to user and role creation
    endpoint (fixes #22376)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 21 May 2019 15:59:47 +0200

authentic2 (2.1.68) trixie-eobuilder; urgency=low

  * (f685bb) manager: import django_select2.conf before running
    hobo.multitenant.apps.MultitenantAppConfig.ready() (#33258)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 20 May 2019 15:42:38 +0200

authentic2 (2.1.67) trixie-eobuilder; urgency=low

  * (696823) auth: let LoginPassword frontend handle registration (#31218)
  * (92c829) hashers: convert salt to bytes before concatenation (#33226)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 18 May 2019 18:59:57 +0200

authentic2 (2.1.66) trixie-eobuilder; urgency=low

  * (9fbbf0) spring cleaning (#32934)
  * (7a0d57) tox.ini: run pylint (#32961)
  * (9c3951) Jenkinsfile: do not activate virtualenv (#32961)
  * (20e0f6) tox: generate only one coverage and junit file (#32961)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 14 May 2019 16:19:25 +0200

authentic2 (2.1.65) trixie-eobuilder; urgency=low

  * (b7d0c6) utils: add function get_authentication_events (#32780)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 07 May 2019 14:00:18 +0200

authentic2 (2.1.64) trixie-eobuilder; urgency=low

  * (eeb809) translation update
  * (69f9cc) utils: pass user to account deletion email template (#32793)
  * (8be2e0) templates: share translable strings between txt and html email parts
    (#32791)
  * (a5fc1d) i18n: make sure account deletion email is properly translatable
    (#32790)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 06 May 2019 15:51:52 +0200

authentic2 (2.1.63) trixie-eobuilder; urgency=low

  * (27cbf3) translation update (#32645)
  * (a5cc14) ldap: add representation of LDAP exceptions to log (#32768)
  * (895131) manager: change site export to be downloaded by default (#32779)
  * (de0b31) use utils.can_change_password() everywhere (#32760)
  * (67ab51) python3: use DjangoWebtestResponse.text in test_change_email
  * (a52794) python3: remove dict.iterkeys
  * (066341) python3: oidc authn test jwk encoding
  * (b4ae98) python3: oidc authn backend jwk encoding
  * (0e923b) oidc authn: include a status code in httmock responses
  * (43769f) python3: py2 unicode compatible __str__ magid methods (#31184)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 05 May 2019 15:43:24 +0200

authentic2 (2.1.62) trixie-eobuilder; urgency=low

  * (edece0) auth_oidc: fix log template in backends.py (fixes #32505)
  * (8d91ba) saml: use RSA-SHA256 signature method (#32011)
  * (2864f5) python3: use DjangoWebtestResponse.text in test_idp_oidc (#32445)
  * (52edd3) manager: replace $UUID pattern in next parameter of UserAddView (fixes
    #32140)
  * (354a21) manager: accept a cancel_url parameter on UserAddView (#32140)
  * (bddada) utils: allow string replacement in next parameters (#32140)
  * (16aa68) utils: allow overriding REDIRECT_FIELD_NAME in select_next_url()
    (#32140)
  * (279788) tests: code style and PEP8 (#32140)
  * (901d40) python3: ascii-encode json dumps while testing site imports (#31185)
  * (2af185) python3: ascii-encode saml provider id before hashing it (#31183)
  * (4c9a43) python3: add getlasso3 script to MANIFEST.in (#32402)
  * (c8249b) python3: idp cas service urls getter (#32400)
  * (e6ddc1) python3: retrieve python-ldap major version number (#32399)
  * (d71b75) python3: deprecate __metaclass__ attribute (#31182)
  * (f7d2fb) python3: use binascii's hexadecimal encoding "hexlify" (#31163)
  * (00db0f) debian: bump debhelper compatibility level (#32260)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 19 Apr 2019 20:01:54 +0200

authentic2 (2.1.61) trixie-eobuilder; urgency=low

  * (05d68a) auth_oidc: compare token_type case insensitively (fixes #32281)
  * (532e5b) jenkins.sh: use fsync=off and allocate a port manually for
    pg_virtualenv (fixes #32218)
  * (c67491) tests: adapt to new gadjo version (fixes #32238)
  * (9d945a) tox.ini: use --random-group instead of --random with pytest
  * (3ead3d) utils: use ou slug in template names for mails (fixes #32236)
  * (e2ad31) tests: add oidc tests on claim's default values (#31749)
  * (57fc51) idp_oidc: use empty string as default value for known claims (#31749)
  * (32daf2) idp_oidc: only set default_value for claims requested by the scopes
    (#31749)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 15 Apr 2019 11:50:32 +0200

authentic2 (2.1.60) trixie-eobuilder; urgency=low

  * (56dd85) user: fix hasattr() on attributes (fixes #32040)

 -- eobuilder <eobuilder@entrouvert.com>  Sun, 07 Apr 2019 16:18:12 +0200

authentic2 (2.1.59) trixie-eobuilder; urgency=low

  * (ff92cb) user: replace all uses of Attribute.set_value() (#31937)
  * (1079ac) user: add command to fix storage of first_name/last_name attributes
    (#31937)
  * (b72b11) user: fix cache errors on first_name/last_name handling (fixes #31937)
  * (085a1b) code style (#31937)
  * (0d74af) pep8 (#31937)
  * (475669) python3: make the exp retry timeout 'seconds_to_wait' return an int
    (#31166)
  * (6d856a) python3: remove "execfile", which isn't a builtin anymore (#31145)
  * (e2d868) oidc authn: test id token required claims (#31863)
  * (8ece5c) import site: show proper option help message (#31709)
  * (360b05) python3: PIL.Image.open takes a file path as first paramater (#31179)
  * (8be5cc) python3: use six.binary_type in saml PickledObject base field (#31178)
  * (50ca3f) python3: make OIDC sub generation functions return text objects
    (#31170)
  * (12ebfd) python3: handle minor encoding variation in test_api (#31176)
  * (66ab1d) python3: compare test strings against DjangoWebtestResponse.text
    (#31169)
  * (f42b35) python3: encode pickle-cached data (#31174)
  * (f2d9f0) ldap_backend: skip authentication on wrong user filter (#31590)
  * (130062) python3: same encoding and unquoting on two compared urls in tests
    (#31168)
  * (7c38ea) python3: fix credential encoding in main unit test file (#31167)
  * (59d5f2) python3: use django.utils.six.moves.reduce (#31165)
  * (907c1f) remove unused threading library import (#31164)
  * (34a2aa) python3: adapt to uuid module interface change (#31162)
  * (7e49eb) python3: restrict pytest version for tox (#31160)
  * (a55e3e) warn user after account self-deletion (#26910)
  * (b9fa40) python3: remove deprecated basestring builtin (#31159)
  * (67b3c9) remove unused import of httplib (#31156)
  * (d46d94) python3: use django.utils.six.BytesIO (#31152)
  * (cb10c4) python3: remove deprecated unicode builtin (#31151)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Apr 2019 13:08:31 +0200

authentic2 (2.1.58) trixie-eobuilder; urgency=low

  * (b89986) api: do not check for email unicity if no change is made (fixes #31822)
  * (ebee7a) tests: check update user with same email (#31822)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 28 Mar 2019 17:12:39 +0100

authentic2 (2.1.57) trixie-eobuilder; urgency=low

  * (3988b6) ldap: set default timeout to 5 seconds (fixes #29386)
  * (a31a99) settings: move LDAP authentication backend after model (#29386)
  * (31dc47) Jenkinsfile: move cleaning action in post/cleanup section (#31437)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 25 Mar 2019 17:07:00 +0100

authentic2 (2.1.56) trixie-eobuilder; urgency=low

  * (4c0418) misc: fix authenticator var name (#31607)
  * (eba733) python3: add a getlasso3.sh script (#31161)
  * (7000c4) python3: discard tabs in python source files (#31158)
  * (af95b1) python3: encode oidc secret before calling crypto primitives (#31172)
  * (e06405) python3: use django.utils.six.moves builtins (#31153)
  * (bd268e) python3: remove deprecated string.letters (#31150)
  * (b836b8) python3: remove dict.iteritems in py files and django templates
    (#31149)
  * (b623aa) python3: 'object' builtin class constructor takes no parameter (#31147)
  * (01d49e) users api: unset verified flag on a modified email address (#30740)
  * (13766a) manager: unset verified flag on a modified email address (#30740)
  * (9ff75d) tests: allocate slapd TCP port using bind and SO_REUSEADDR (fixes
    #31339)
  * (a278da) idp_saml: fix unused parameter in log call (#30963)
  * (43b3f5) Jenkinsfile: use pg_virtualenv to isolate test database (#31437)
  * (d36108) Jenkinsfile: use a TMPDIR for tox (#31437)
  * (6964b0) idp_oidc: export claim even if source attribute is absent (fixes
    #27540)
  * (ce1b79) idp_oidc: use force_bytes/text and six.text_type instead of smart_bytes
    and unicode (#27540)
  * (d856fc) js: keep last selected ou on login form (fixes #31329)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 20 Mar 2019 18:10:20 +0100

authentic2 (2.1.55) trixie-eobuilder; urgency=low

  * (eac443) misc: rename authentication "frontend" to "authenticator" (#14475)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 19 Mar 2019 09:36:43 +0100

authentic2 (2.1.54) trixie-eobuilder; urgency=low

  * (14361e) manager: remove some unused code (#31222)
  * (26dd7e) manager: update translations (#31222)
  * (df8cc6) manager: access context through table object bis (#31222)
  * (4a69ac) idp_oidc: set default algorithm to HMAC (fixes #28249)
  * (5a9f70) idp_saml: set most logs to debug level and errors to warnings (fixes
    #30963)
  * (6ea5b7) tests: adapt to markup change (#31493)
  * (2e52a5) templates: mark cancel buttons to skip HTML5 form validation (#31493)
  * (12c4ab) tox: limit django-jsonfield version to keep django 1.8 compatibility
    (#31482)
  * (5e4e05) oidc authn: do not set the provider fixture's id (#31296)
  * (89d0b7) oidc authn: use correct hmac signature magic constant (#31296)
  * (b9d986) oidc authn: add issuer registration testing (#31296)
  * (4aef07) Jenkinsfile: disable concurrent builds (fixes #31338)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 18 Mar 2019 16:55:53 +0100

authentic2 (2.1.53) trixie-eobuilder; urgency=low

  * (fe345e) tests: improve ldap tests with non ASCII characters in uid (#31273)
  * (b475f6) ldap: encode string before using urlparse.quote() on them (#31273)
  * (0f0c07) ldap: only wrap LDAPObject.result4 (#31273)
  * (2bb6f8) ldap: do not return referrals in _convert_results_to_unicode (#31273)
  * (ebab17) ldap: do not hardcode bytes_mode argument (#31273)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 11 Mar 2019 20:49:34 +0100

authentic2 (2.1.52) trixie-eobuilder; urgency=low

  * (9ec79b) ldap: ignore undecodable attribute values (fixes #31232)
  * (8a68af) ldap: do not retrieve any attribute when looking for user DNs (#31232)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 08 Mar 2019 22:22:08 +0100

authentic2 (2.1.51) trixie-eobuilder; urgency=low

  * (3f0257) solve migration conflit (#31214)
  * (595d05) add missing translation strings (#31213)
  * (934d61) python3: use django.utils.six url-parsing functions (#31139)
  * (9768e8) OU attribute to hide username on user add (#25669)
  * (6bb479) python3: remove call parameters for 'int' initializer (#31144)
  * (20bcf5) python3: fix implicit relative submodule imports (#31143)
  * (f6fa7f) python3: adapt exception raising and handling (#31137)
  * (54d01c) python3: use __future__.print_function (#31140)
  * (4a5311) idp cas: adapt migration to changes in the service model (#30959)
  * (97c12b) manager: add settings for password section options on user add (#25666)
  * (274196) access context through table object (#31092)
  * (c63b9f) tests: adapt oidc authorization code sso to new default timeout value
    (#30939)
  * (a48658) idp_oidc: set default frontchannel_timeout to 300ms (fixes #30939)
  * (fae901) support ou selector in backends and forms (fixes #30252)
  * (fdc295) forms: add ou selector to login form (#30252)
  * (f44735) utils: add a lazy_label helper (#30252)
  * (4599df) tests: add copyright header (#30252)
  * (34f42d) backends: PEP8ness, style (#30252)
  * (f29496) forms: PEP8ness, style (#30252)
  * (bc6892) ldap: subclass LDAPObject to provide uniform unicode support (fixes
    #30577)
  * (93a093) ldap: use current password if we already know it (#30577)
  * (75025a) ldap: use PASSWD command if old password is known (#30577)
  * (e3e03d) tests: non regression tests (#30577)
  * (de82c3) tox.ini: add testing with python-ldap<3 (#30577)
  * (1b9f11) tox.ini: set default environment to python2.7 (#30577)
  * (506df5) auth_saml: remove useless credentials param and add optional request
    (#30543)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 08 Mar 2019 11:23:25 +0100

authentic2 (2.1.50) trixie-eobuilder; urgency=low

  * (d28a6b) ldap: allow provisionning of all user attributes (fixes #30535)
  * (9d9627) tests: PEP8ness and style on test_ldap (#30535)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 12 Feb 2019 11:49:04 +0100

authentic2 (2.1.49) trixie-eobuilder; urgency=low

  * (086117) update django_rbac translations (#26156)
  * (b8209c) update authentic2_auth_oidc french translations (#26156)
  * (2ac3f0) translation update (#26156)
  * (8ee1c2) tox.ini: limit to pytest-django<3.4.6
  * (8efca7) manager: add ous export (#29162)
  * (6f2b7f) manager: add roles export (fixes #29162)
  * (a26417) tests: accept view name with login() (#29162)
  * (002dff) data_transfer: add export context (#29162)
  * (581554) tests: fix typo (#29162)
  * (6a8eed) utils: add hook to decide if user can change/set password (fixes
    #28848)
  * (109733) setup.py: adopt a more PEP440 process to create version (fixes #29918)
  * (c52e23) manager: use get_table_data() to get queryset in ExportMixin (fixes
    #9414)
  * (fa28c5) tests: do not use override_settings() at the class level
  * (870bc6) user export csv : exclude disabled attributes (#30103)
  * (c7f80a) user export csv compatiblity with tablib < 0.11 (#30091)
  * (7e1f2c) debian: declare systemd service (#30016)
  * (72dd32) apps: let router control JSON columns post migrations (fixes #29926)
  * (275b7c) compat: ignore error on checking db vendor (fixes #29926)
  * (a44d45) data_transfer: save object in update_model (fixes #29545)
  * (ce72b9) data_transfer: fix indentation/whitespaces (#29545)
  * (53b9f7) data_transfer: move update_model (#29545)
  * (75e0b3) tests: simplify import_site tests (#29545)
  * (c60ed8) compat: support pre 1.0 django-jsonfield (fixes #29917)
  * (44d248) python3 compatibility on setup.py (fixes #28278)
  * (000f68) compat: handle case of Django 1.11 without psycopg2 (fixes #29193)
  * (d730db) add compatibility layer for support of Django native JSONField (fixes
    #29193)
  * (b03a76) manager: use and operator to combine terms (fixes #28952)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 06 Feb 2019 10:22:14 +0100

authentic2 (2.1.48) trixie-eobuilder; urgency=low

  * (a855c8) debian: add missing dh-sytemd dependency (#29839)
  * (f71dfa) allow redirect after user edition (#28779)
  * (0ad3bf) cancel user add: set correct location (#29181)
  * (93c52a) custom attributes prefetching (#29531)
  * (56c72c) use directly tablib instead of django-export-export (#29531)
  * (29eb82) views: thread ?next= through pre-registration views (fixes #29242)
  * (c39e84) utils: ignore URL parameters with a None value (#29242)
  * (5095f9) utils: use iri_to_uri/uri_to_iri to manipulate URLs in make_url (fixes
    #28935)
  * (c5a273) Revert "tox: limit pytest version to a version compatible with pytest-
    cov"
  * (e966f1) debian: sync gunicorn timeout of systemd unit with init.d script
    (#29533)
  * (277afc) tox: limit pytest version to a version compatible with pytest-cov
  * (849155) jenkins: publish results earlier (#29442)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 17 Jan 2019 09:57:31 +0100

authentic2 (2.1.47) trixie-eobuilder; urgency=low

  * (3fe0a9) misc: add support for passwords hashed by Plone (#29430)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Jan 2019 17:01:07 +0100

authentic2 (2.1.46) trixie-eobuilder; urgency=low

  * (5cb0cb) api: manage verified attributes (fixes #28962)
  * (7d2840) api: replace unicode by force_text (#28962)
  * (dabfc1) api: pep8ness (#28962)
  * (3f5821) api: remove unused function (#28962)
  * (205b99) pep8ness
  * (506de3) manager: dont require username or email for passwordless accounts
    (fixes #28916)
  * (5a4dbd) tox.ini: limit pylint and pylint-django versions (#29170)
  * (b4110b) auth_oidc: verify and store id_token nonce  (fixes #29009)
  * (0e3400) manager: keep querystring while performing default ou user creation
    (#28897)
  * (f48147) user post-creation redirect based on 'next' keyword (#28931)
  * (bc26ab) remove vendored dpam library (fixes #29085)
  * (2182f8) debian: add systemd service unit for authentic2-multitenant (#16807)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 18 Dec 2018 17:39:18 +0100

authentic2 (2.1.45) trixie-eobuilder; urgency=low

  * (09b618) manager: remove json export (fixes #28669)
  * (b61088) data_transfer: check that import is a dictionnary
  * (fa960a) tox.ini: filter warnings
  * (13ec5e) debian: don't reference undefined STATICFILES_DIRS (#28727)
  * (32418d) tox.ini: use psycopg2-binary instead of psycopg2
  * (07d1fc) settings: remove default STATICFILES_DIRS (fixes #28667)
  * (bf734f) idp_oidc: fix name of verified claims (fixes #27538)
  * (f95cf0) tests: use a certificate for localhost.entrouvert.org
  * (00d8d0) tests: set CN to localhost in cert.pem
  * (e86a87) tests: add missing TLS certificate
  * (acb282) ldap: fix setting client TLS certificate (fixes #28570)
  * (977455) idp_oidc: hide RSA algorithms if no JWKSET is defined (fixes #28249)
  * (b4036d) idp_oidc: put HMAC algo before RSA (#28249)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 07 Dec 2018 15:32:10 +0100

authentic2 (2.1.44) trixie-eobuilder; urgency=low

  * (2d54ac) change jquery dependencies version (#28342)
  * (df9e4d) misc: add count of visible blocks to login view context (#28370)
  * (0876d2) api: free text search on users (#15736)
  * (2bde2b) delete unused functions (#28223)
  * (ceb683) backoffice: support next url after user creation (#26652)
  * (d8c6ba) natural_key: fix ct_field of GenericForeignKey when looking for natural
    keys (fixes #28229)
  * (4c4587) idp_oidc: never use an invalid redirect_uri (fixes #28029)
  * (e176de) idp_oidc: remove unused import

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 27 Nov 2018 17:12:33 +0100

authentic2 (2.1.43) trixie-eobuilder; urgency=low

  * (f9a5a3) manager: redirect users/add to user creation in default OU (#28106)
  * (59b22c) debian: fix reference to system configuration file (#27985)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 19 Nov 2018 10:06:40 +0100

authentic2 (2.1.42) trixie-eobuilder; urgency=low

  * (4db669) ldap: don't crash on duplicated users (#27697)
  * (422bd6) misc: switch external user id source attribute to a charfield (#27692)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 07 Nov 2018 13:57:14 +0100

authentic2 (2.1.41) trixie-eobuilder; urgency=low

  * (c4bf11) misc: set profile image file selector to suggest image files (#27646)
  * (ace807) misc: give profile images a .jpeg extension (#27645)
  * (90ff2d) misc: automatically resize profile image (#27644)
  * (a5d652) support avatar picture in user profile (#26022)
  * (e71b65) manager: don't expose ods export as it's too slow (#26450)
  * (b45882) tests: adjust performance test to pass on new jenkins host (#27661)
  * (d90e06) ldap: add external_id's case-insensitive comparison (#27147)
  * (ff10b2) auth_oidc: keep previous value when building authorization_claims (bis)
    (#26565)
  * (fd5a15) auth_oidc: keep previous value when building authorization_claims
    (#26565)
  * (103b58) auth_oidc: adjust new migration number (#26565)
  * (68f870) auth_oidc: add support for "claims" parameter (fixes #26565)
  * (cc8ec1) misc: don't display password reset view when disabled (#27318)
  * (3f409f) debian: bump required jwcrypto version for multitenant package (#26324)
  * (2b5627) jenkins: update job name to authentic (#27121)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 30 Oct 2018 10:23:11 +0100

authentic2 (2.1.40) trixie-eobuilder; urgency=low

  * (18034b) translation update
  * (75e9bc) enforce birthdate > 1900 through UI and API (fixes @26867)
  * (3e339b) a2_idp_oidc: fix code model repr special method (#26196)
  * (f70ebc) auth oidc: add slug to provider model (#26813)
  * (90cc7c) correctly translate "name" (#26812)
  * (e6d1fa) misc: bump djangorestframework requirement to <3.5 (#26405)
  * (649ca7) debian: allow installation with newer django
  * (6bcc96) misc: increase allowed length of name attributes (#26698)
  * (7d2c18) tox: limit Markdown version

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 03 Oct 2018 14:43:22 +0200

authentic2 (2.1.39) trixie-eobuilder; urgency=low

  * (307ddf) translation update
  * (1a4fe2) manager: adjust modify button on user page to mention roles (#20539)
  * (a79169) translations: adjust OU deletion confirmation message (#20533)
  * (2fe04c) rename folder debian-jessie to debian (#26038)
  * (e5a90b) adapt jenkins with new eobuilder behavior (#26019)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 18 Sep 2018 11:36:02 +0200

authentic2 (2.1.38) trixie-eobuilder; urgency=low

  * (e1d736) api: fix case of boolean user's attributs (fixes #26113)
  * (da31b8) update french translation for remember me feature (fixes #26144)
  * (dffc87) allow custom authentication method in registration view (fixes #25623)
  * (4ebe9d) saml: don't crash on empty multi select field (#25965)
  * (ae47fb) manager: style "send reset password email" checkbox like others
    (#25668)
  * (4dafd5) manager: make sure floating fields are cleared in new user page
    (#25662)
  * (3b88db) manager: update appbar actions to new markup (#25960)
  * (8000a0) manager: add media files to site import view (#25959)
  * (fc25bf) manager: force sending email for new users with a generated password
    (#25664)
  * (91120a) more polite french error message (#25744)
  * (c9eadd) translation: fix typo in "couriel"

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Sep 2018 11:31:41 +0200

authentic2 (2.1.37) trixie-eobuilder; urgency=low

  * (7aa503) misc: pass request when rendering email subject and text/plain part
    (#25683)
  * (dac6d3) manager: use full page to edit roles (#25675)
  * (d4d4aa) idp oidc: set user identifier as preferred username claim (#23900)
  * (2c2083) django 1.11: keep an inactive user authenticated (#25567) (#21489)
  * (0de3c5) django 1.11: avoid premature username creation (#25468) (#21489)
  * (db9b90) django 1.11: ensure compatibility with recent django-tables2 (#21489)
  * (e696f9) django 1.11: handle form creation through get_context_data (#21489)
  * (716c9e) django 1.11: adapt PickledObjectField lookups (#21489)
  * (a3943e) django 1.11: adapt PickerWidgetMixin (#21489)
  * (d53765) django 1.11: delete ambiguous arguments in authenticate (#21489)
  * (54eb9e) django 1.11: update redirect location checks (#21489)
  * (89b774) django 1.11: update ALLOWED_HOSTS in test settings (#21489)
  * (836695) django 1.11: fix some imports (#21489)
  * (f1668b) django 1.11: adapt migration and model (#21489)
  * (c6e263) django 1.11: adapt tox.ini and setup.py (#21489)
  * (06c139) manager: add paginate_by attribute required by django-tables2 < 1.2.1
    (#25622)
  * (620d51) api: expose boolean user attributes as booleans (#25632)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 16 Aug 2018 15:43:28 +0200

authentic2 (2.1.36) trixie-eobuilder; urgency=low

  * (031db4) add jquery to password widgets medias (#24439)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 06 Aug 2018 11:49:54 +0200

authentic2 (2.1.35) trixie-eobuilder; urgency=low

  * (99a7b1) add a remember me button (fixes #25579)
  * (7cdda3) fix warning in test_clean_unused_account
  * (6c3740) return to manager after logout (fixes #25581)
  * (748768) use new password widget for password change (fixes #25045)
  * (6c1def) use new password widget in manager (#25045)
  * (1f6791) use new password widget in login form (#25045)
  * (c80f93) prevent double loading of jQuery (#25045)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Aug 2018 18:52:22 +0200

authentic2 (2.1.34) trixie-eobuilder; urgency=low

  * (d87d00) translation update
  * (135b81) use explicit in lookup (#25557)
  * (38e2d6) use a python2 compatible pylint-django (#25568)
  * (64766b) don't use context_instance in rendering functions (#25346)
  * (cecdc9) delete addtoblock and renderblock tags (#25361)
  * (ddcabf) delete superfluous template tag call (#25518)
  * (d02451) use explicit in lookup (#25502)
  * (d7a2af) allow overriding User.can_reset_password by hooks (fixes #25534)
  * (eeb93e) custom_user: remove base_user (fixes #23272)
  * (5088c1) use django.template.context_processors (#25372)
  * (b84794) ldap: warn about missing users on password reset (fixes #25530)
  * (ce90ea) settings: set all Lasso logs at the DEBUG level (fixes #22880)
  * (3dc6b4) api: mark all fields of OrganizationalUnit for serializer (#25405)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 03 Aug 2018 13:12:01 +0200

authentic2 (2.1.33) trixie-eobuilder; urgency=low

  * (69cc0a) misc: adjust width of ok checkmarks (#25404)
  * (b69eb9) misc: adjust style of new password help texts (#25404)
  * (8754e9) tests: add proper fix for test of validation error message (#25403)
  * (9705ae) tests: fix test folowing change in validation error message (#25403)
  * (584126) update translation with new password error message
  * (aa7d3d) misc: use fixed error message for invalid passwords (#25403)
  * (8ecae2) update french translation (#22225)
  * (b6e41d) templates: change wording for password change (fixes #22225)
  * (ab267d) translation: adjust matching password messages (#25409)
  * (1020d5) update french translation (#24439)
  * (c46822) use new password fields in registration form (fixes #24439)
  * (f36b48) add new widget and fields for passwords (#24439)
  * (6a44c5) move all password related functions in authentic2.passwords (#24439)
  * (d3655c) move authentic2.widgets to authentic2.forms.widgets (#24439)
  * (4663e2) create authentic2.forms package (#24439)
  * (e32621) api: allow empty password in validate-password (#24439)
  * (93457e) api: do not do CSRF check on validate-password API (#24439)
  * (da0ab0) templates: output form.media in base template (#24439)
  * (c5c076) use django.forms.utils (#25317)
  * (8ed0be) ldap: do not validate session stored settings (fixes #25369)

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 Jul 2018 16:14:22 +0200

authentic2 (2.1.32) trixie-eobuilder; urgency=low

  * (e87ba0) misc: don't use addtoblock to add js_seconds_until.js (#25346)
  * (6235bc) backends/ldap: convert to iterable before type checking (#25327)
  * (773b9c) tests: fix NameError (introduced by #25182)
  * (d11d86) backends/ldap: don't set a default value for group{su,staff,active}
    (#25327)
  * (f3a806) update french translation (#24833)
  * (291dc5) convert password validation code to new API (#24833)
  * (35b313) add new API to validate passwords (fixes #24833)
  * (103acb) use stdlib OrderedDict (#25319)
  * (38298c) api: add parameters to filter users by allowed services (fixes #22377)
  * (835e0c) replace django.utils.timezone.UTC by utc (#25313)
  * (2f0ae6) idp_oidc: fix synchronization API calls when OIDC client use UUID
    identifier policy (fixes #25182)
  * (24c35c) backends/ldap: revert setting a default value for url (#23698)
  * (7d53bf) delete some django < 1.8 compatiblity code (#25097)
  * (5afd36) quiet some RemovedInDjango19Warning warnings (#25222)
  * (af036b) don't use SubfieldBase (#24869)
  * (30708c) test custom fields using SubfieldBase (#24869)
  * (70ee9c) fix french translation (fixes #25015)
  * (038697) idp/saml2: do not accept logout request missing a NameID (fixes #24214)
  * (700786) idp/saml: do not modify absent response on
    ProfileInvalidProtocolprofileError (fixes #24189)
  * (26d39e) tests: adapt test to new organization name (#20731)
  * (49420b) removed django-admin-tools (#22626)
  * (0445ba) backends/ldap: apply force_bytes inside all structured settings (fixes
    #23698)
  * (f2c5b1) backends/ldap: improve style of error logging (#23698)
  * (a22a79) backends/ldap: convert all use of unicode/str to force_text/force_bytes
    (#23698)
  * (2c816d) backends/ldap: convert all use of smart_bytes/texts to their force_
    equivalent (#23698)
  * (d01ded) backends/ldap: remove unused settings from defaults (#23698)
  * (195b12) backends/ldap: set proper default for iterable and strings (#23698)
  * (18c4ab) tests: convert ldap test ot use only unicode in settings (#23698)
  * (93b2cf) disable password change for LDAP backend without
    user_can_change_password (fixes #20731)
  * (6aaa19) switch from optparse to argparse for cli (#24866)
  * (a6e24b) test some management commands (#24866)
  * (82f4dc) misc: add raw attributes & values to ProfileView context (#25195)
  * (fb42e8) api: fix message raised to unauthorized user trying to remove a role
    (#25096)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 19 Jul 2018 08:35:31 +0200

authentic2 (2.1.31) trixie-eobuilder; urgency=low

  * (260143) translation update
  * (632f81) registration: special case activation link being valid for 1 day
    (#25075)
  * (b17c41) translations: fix spelling error
  * (0f36a9) tox.ini: add a reusedb target
  * (df8109) use TEMPLATES settings (#24880)
  * (06dd93) use override_settings in tests (#/24863)
  * (724660) remove deprecated template tag loading (#24858)
  * (96d628) dont' import everything from global_settings (#24081)
  * (88ae29) remove get_field_by_name calls (#24857)
  * (a4a74e) remove django.conf.urls.patterns calls (#24852)
  * (42428a) delete report directories when job starts (#24805)
  * (bf14ff) user jenkins-lib master (#24805)
  * (7bc89d) create jenkins pipeline job (#24805)
  * (1bf0e7) manager: disable delete link on default OU (fixes #20927)
  * (d0bcf4) remove authentic2_idp_openid (fixes #23515)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 05 Jul 2018 16:44:27 +0200

authentic2 (2.1.30) trixie-eobuilder; urgency=low

  * (ad4b1f) middleware: do not emit A2_OPENED_SESSION cookie on API requests (fixes
    #24407)
  * (eb4530) tests: non regressions test for opened session cookie on API calls
    (#24407)
  * (2de814) api: fix register API when no email validation is asked (fixes #24420)
  * (93fe68) utils: accept OU object in build_activation_url() ou parameter (#24420)
  * (35528e) middlware: fix AttributeError in CollectIPMiddleware (fixes #24511)
  * (f259b0) middleware: collect IP adresses only for non-empty sessions (fixes
    #24419)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 14 Jun 2018 10:47:39 +0200

authentic2 (2.1.29) trixie-eobuilder; urgency=low

  * (183c0c) translation update
  * (6de4c8) misc: put full URLs in menu.json (#24303)
  * (3014c4) translations: fix translation of "oidc provider is down" message
    (#24280)
  * (90d1a8) manager: implement menu_json using new homepage entries mechanism
    (#24229)
  * (d89664) manager: fix permissions on homepage entries (#24229)
  * (c0f3b5) manager: dynamically produce homepage menu (fixes #24229)

 -- eobuilder <eobuilder@entrouvert.com>  Sat, 09 Jun 2018 12:09:09 +0200

authentic2 (2.1.28) trixie-eobuilder; urgency=low

  * (eeae1f) rollback when DataImportError is raised (#23938)
  * (0d4e12) wrap import role in transaction (#23922)
  * (818737) natural_key: fix get_by_natural_key_json for objects with partial
    unique indexes (fixes #23857)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 30 May 2018 14:21:53 +0200

authentic2 (2.1.27) trixie-eobuilder; urgency=low

  * (07865e) manager: order user's roles by OU (fixes #23843)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 16 May 2018 14:59:38 +0200

authentic2 (2.1.26) trixie-eobuilder; urgency=low

  * (d16801) translation update
  * (465df3) idp oidc: skip unset attributes in user-info (#23643)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 09 May 2018 06:59:47 +0200

authentic2 (2.1.25) trixie-eobuilder; urgency=low

  * (74c29b) pin django-webtest (#23611)
  * (184cb7) add UI messages (#23210)
  * (623c64) add UI for import/export site (#23210)
  * (df942e) custom_user: cache attribute list during a request (#13587)
  * (19b00d) manager: export all user attributes (fixes #13587)
  * (7a6ce7) tests: add test of CSV export of users (#13587)
  * (cc101e) manager: add a default implementation of ExportMixin.get_data()
    (#13587)
  * (516cb4) utils: add a batch_queryset method to load large prefetched queryset
    without exhausting memory (#13587)
  * (896430) manager: allow overriding resource class in export views (#13587)
  * (0bf7fe) manager: clean resources file (#13587)
  * (918c50) tox: do not restrain psycopg2 version
  * (f06900) idp oidc: add extra attributes configuration (#21870)
  * (87bcb4) make attribute engine properly return user ou data
  * (1aa16b) auth_oidc: only update user's fields if they changed (fixes #21560)
  * (067e51) ldap: force dn to unicode in get_ldap_attributes() (fixes #22848)
  * (b140cb) app_settings: rename ACCEPT_EMAIL_AUTHENTICATION to
    A2_ACCEPT_EMAIL_AUTHENTICATION (fixes #23514)
  * (47d324) manager: don't use gadjo default behaviour of loading style.css
    (#23512)
  * (5eccb6) manager: add a title to "edit user roles" page (#23453)
  * (18dddf) ldap: change default user filter if A2_ACCEPT_EMAIL_AUTHENTICATION is
    enabled (fixes #22349)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 04 May 2018 16:01:39 +0200

authentic2 (2.1.24) trixie-eobuilder; urgency=low

  * (f7d3de) add minimalistic logging for login failures (#23407)
  * (cb9298) misc: return 404 on registration page if registration is disabled
    (#20709)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 25 Apr 2018 14:31:54 +0200

authentic2 (2.1.23) trixie-eobuilder; urgency=low

  * (cf54fb) translation update
  * (507f48) mark minimal gadjo version (#22440)
  * (dbed99) manager: switch to gadjo sidebar (#22440)
  * (17dd1b) create 'import_site' and 'export_site' commands (#16514)
  * (a63827) implement more natural natural keys (#16514)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 17 Apr 2018 10:40:49 +0200

authentic2 (2.1.22) trixie-eobuilder; urgency=low

  * (dc1741) registration: always mark new accounts as active (#23058)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 10 Apr 2018 13:13:28 +0200

authentic2 (2.1.21) trixie-eobuilder; urgency=low

  * (33ffd4) fix UnicodeDecodeError in PickerWidgetMixin (fixes #23055)
  * (b3f891) return to account_management view if edit-profile form does not receive
    a next_url parameter (fixes #23049)
  * (85545e) misc: switch form buttons to <button> markup (#22438)
  * (a2c89a) translation update
  * (71a2d6) manager: remove unbalanced </div> from role page (#22744)
  * (18fe2a) idp oidc: include : in translatable label (#22709)
  * (81778d) admin: show disabled attributes (fixes #22893)
  * (ce78c8) urls: restore support for django-debug-toolbar (fixes #22872)
  * (7bb909) manager: load django-select2 configuration early (#22864)
  * (ef736f) middlewares: clean stored request on exceptions (#22864)
  * (bbb341) debian-jessie: restrain to python-django-filters<2 (fixes #22351)
  * (ae35e2) setup.py: restrain to django-filter<2 (#22351)
  * (722db4) debian: create /etc/authentic2-multitenant/settings.d directory (fixes
    #22781)
  * (bcf5b9) tox.ini: use pytest-random
  * (eb8f90) saml: fix typo in logout_synchronous_other_backends (#22600)
  * (da636d) misc: fix typo in nonce creation error handling (#22599)
  * (04b4b5) translation update
  * (441002) templates: use "submit" as button label on account edit page (#22568)
  * (508039) kinds: use explicit help text for birthdate widget (#22557)
  * (3bb3dd) idp_oidc: implement front-channel logout (fixes #22483)
  * (20b829) allow a post registration landing page (fixes #22378)
  * (c80166) translation update
  * (7e519f) views: define a title for the "password change" view (#22407)
  * (2bc22e) views: define titles for self servicing views (#22407)
  * (19c3da) views: look for scope-specific template for edit page (#22401)
  * (6fd389) idp_oidc: add a roles scope in create_user_info (fixes #22337)
  * (ac1410) api: Role should be looked-up using the uuid as the slug is not unique
  * (04bb00) api: Role does not have a description field
  * (1c898e) api: make Role.ou default value a CreateOnlyDefault value
  * (85da1b) add role-creation API (#20706)
  * (eef27f) rename role membership API class (pre-#20706)
  * (163f35) pass ACCOUNT_ACTIVATION_DAYS to registration_complete template (fixes
    #22056)
  * (aa70d7) alter existing migrations to integrate choices and verbose_name changes
    (fixes #22132)
  * (463c6d) idp_oidc: handle state parameter on logout (fixes #22180)
  * (2b9767) jenkins: install django so pylint can run (fixes #22186)
  * (c6832a) registration: handle MultipleObjectsReturned when checking uniqueness
    (fixes #22141)
  * (22a885) tests: disable cache decorators by default (fixes #22227)
  * (f52c74) tests: fix PASSWORD_HASHERS setting to work with RBAC tests (fixes
    #22199)
  * (b7274d) auth_oidc: add hook to modify user before login (fixes #22209)
  * (9eb98f) auth_oidc: fix missing definition for base64url_encode (#22209)
  * (ce363a) filter attributes on edit-profile page by scope (fixes #21769)
  * (fcc3a9) add a scope attribute to Attribute (#21769)
  * (93cc7e) add a next_url parameter to edit-profile view (#21769)
  * (8ae642) tests: add more coverage for tests of next_url checking (#21769)
  * (09dab1) saml: implement a2_hook_good_next_url for SAML 2.0 SPs (#21769)
  * (06c37b) utils: add hook a2_hook_good_next_url (#21769)
  * (f6ff45) tests: do not clobber all hashing algorithms (fixes #22199)
  * (d645e3) manager: don't show a message if email is not changed (fixes #21814)
  * (65769a) tests: change default password to accelerate tests (fixes #22199)
  * (2c71cf) auth_oidc: fix typo when logging a warning (#22185)
  * (a9d62a) translation fix (#9538)
  * (666d01) allow redirect /accounts/ to an external page (fixes #21770)
  * (740b0a) manager: pass queryset to user's role views search filter form (fixes
    #21940)
  * (9b4cb6) manager: fix French translation of change user email button (#21813)
  * (08253f) manager: send new email in the email change verification mail (fixes
    #20564)
  * (f2e420) Revert "tox: limit to pytest < 3.4 for now (#21610)"
  * (61e9b0) attribute_kinds: add a birthdate field kind (fixes #21691)
  * (38bb35) auth_oidc: log token revocation at the INFO level to make test pass
    (fixes #21610)
  * (ac6f1a) declare form.media in registration/registration_completion_form.html
    (fixes #21690)
  * (5c8eb8) declare form.media in authentic2/accounts_edit.html (fixes #20600)
  * (7c2b5f) tox: limit to pytest < 3.4 for now (#21610)
  * (9201de) manager: remove broken export to HTML (#21197)
  * (bafb9d) idp oidc: log invalid request's response error (#19837)
  * (fe64b1) translation update
  * (edd9e8) misc: remove useless comma in authorization template (#21187)
  * (d639f7) idp_oidc: add a client and global setting for the idtoken duration
    (fixes #21232)
  * (c2e229) oidc: fix minor errors in translation (#21186)
  * (acc2b3) manage: never allow sorting by "via" (#21210)
  * (fd6f2a) fix syntax error in the local_settings example file (#21140)
  * (7642c0) manager: use gadjo template for pagination (#14939)
  * (619cd6) manager: mark Delete button with dedicated CSS class (#20929)
  * (c3f8fd) manager: make clicks on rows in roles view go to user detail view
    (#20928)
  * (ac7cdb) translation: fix typo
  * (cb5cf7) manager: rely on gadjo for user-info block contents (#20883)
  * (75d730) successfully-modified email addresses always set as verified (#20563)
  * (8cc3f0) idp_oidc: add token and id_token in the openid_configuration file
    (fixes #20807)
  * (184dc2) fix plural form in translation
  * (b1d41b) manager: remove All ou choice from ou selector on user's roles view
    (fixes #20519)
  * (e9aa43) logging: only filter message which are strings (fixes #20551)
  * (97a6ee) manager: show a disabled role add link instead of nothing (fixes
    #20514)
  * (197207) manager: do not use has_any_perm() to get add permission on roles
    (fixes #20512)
  * (855be9) django_rbac: enlarge Operation.name field (fixes #20549)
  * (fe760e) manager: show direct link to roles and users in the same OU in
    breadcrumb (fixes #20524)
  * (0a89e8) manager: do substring full text search on user's attributes (fixes
    #20542)
  * (57588c) manager: show all role's OUs visible to user (fixes #20511)
  * (ed0402) manager: hide ou field when there is only one ou (fixes #20248)
  * (02d91e) a2_rbac: order organizational units by name only (#20248)
  * (360434) manager: override select styling from jquery-ui in dialogs (fixes
    #20510)
  * (c9206e) manager: add field validate_emails in OUEditForm (#19716)
  * (42a6f6) utils: always encode next_url to ASCII before using it (fixes #20181)
  * (572f59) tests: add non-regression test (#20181)
  * (d4aded) utils: allow same_domain() to compare None values (fixes #20544)
  * (15878f) manager: add a change email action on users (fixes #19716)
  * (bbb4b9) utils: factorize sending of email change verification email (#19716)
  * (25e8ca) a2_rbac: add a validate_emails flag to OU model (#19716)
  * (a9229e) manager: always activate add user link if only one collectivity is
    possible (fixes #20504)
  * (3db29f) manager: hide role's ou name when there is only one (fixes #20247)
  * (fa30f4) manager: keep space on the right only for forms in the main content
    (fixes #20509)
  * (f89c1c) translation spelling fix (#20103)
  * (dfaefa) trivial: typo (#14882)
  * (ec4a74) profile_forms: log reset password requests with no user found (fixes
    #20506)
  * (fda076) profile_forms: strip email before looking for users to reset password
    (fixes #20505)
  * (cf400b) ldap_backend: groups to A2 roles mapping (#16523)
  * (13390a) ldap_backend: remove imprecise role creation capability (#20454)
  * (b9d03c) manager: use full width for user's add and edit (fixes #20159)
  * (335bb7) debian: run additional settings snippets (fixes #20456)
  * (e37bb4) profile_forms: apply login-password user filters to the password-reset
    form (fixes #20455)
  * (645f5b) tests: move test on password-reset functionality (#20455)
  * (ef9e9f) translation fix
  * (d547f3) forms: only compute seconds_to_wait if there is a username (fixes
    #20405)
  * (29a101) forms: show real waiting time in authentication form (fixes #20352)
  * (233ef1) manager: remove all search forms titles (fixes #20164)
  * (307da1) manager: log error when select field is empty due to missing
    permissions (#20372)
  * (b7e525) profile_forms: add setting for random reset of password on reset
    password requests (fixes #20127)
  * (a210f4) manager: fix call to manager-delete-user event's hooks (fixes #20339)
  * (84e2ec) rework use of exponential_retry_timeout by login form (fixes #20323)
  * (8d6c19) tox.ini: force pytest>=3.3.0 remove pytest-catchlog (fixes #20326)
  * (06fdf0) update french translations (#19681)
  * (18212c) manager: show generic error message in front of forms if there are
    field errors (fixes #19681)
  * (8d8dcd) views: add setting to redirect authenticated users to homepage on
    access to login page (fixes #20257)
  * (f11d6f) manager: allow setting a site title for the manager (#20242)
  * (a1417c) attribute_kinds: remove +33 from french translation of phone number
    example (fixes #20238)
  * (508983) ldap_backend: paginate ldap search results (fixes #20129)
  * (f33b01) manager: review all page titles (fixes #20126)
  * (1c1400) update french translation (#19416)
  * (8c67ef) registration: pep8ness (#19416)
  * (9a5bc1) registration: send a registration success email (fixes #19416)
  * (da3957) registration: factorize registration success (#19416)
  * (c46c13) manager: fix typo in role_views (fixes #20183)
  * (39c8cb) views: fix bug introduced in EmailChangeVerifyView by 16afddc6b9a47
    (fixes #20186)
  * (95add8) tests: factorize extraction of links from outbound mails (#20186)
  * (6b762f) manager: fix removal of user's OU field from edit form (fixes #20126)
  * (e654a4) manager: re-initialize select2 fields after an ajax update (fixes
    #20161)
  * (173325) misc: move javascript out of logout.html content block (fixes #9197)
  * (d16c32) saml/admin L10N : SAML provider metadata fields (#16314)
  * (1a7336) saml/admin I18N : SAML provider metadata fields (#16314)
  * (988e3b) password reset request l10n (#16298)
  * (f3131e) profile_views: help message for password reset requests (#16298)
  * (e4e1bc) manager: hide roles informations in user detail view if useless (fixes
    #20128)
  * (711389) update french translation (#19712)
  * (16afdd) views: enforce A2_EMAIL_IS_UNIQUE on email change (fixes #19712)
  * (2ad841) forms: validate new email is different from current one (#19712)
  * (d11bfb) profile_urls: call event hook password-change (fixes #20141)
  * (c8a6d0) manager: deprecate ROLES_SHOW_PERMISSIONS (fixes #20130)
  * (a1d9f7) tests: fix hooks fixture (#20100)
  * (52610a) misc: oidc remove useless sub creation (#20049)
  * (4be465) debian: suggests postgresql instead of recommend it (#20000)
  * (3d2117) French translation update (#20102)
  * (5e2d4d) improve password creation help message (#20102)
  * (8605f8) settings: get select2 from local xstatic copy (#16814)
  * (7a53f3) do not apply user filters to delegated authentications (fixes #19597)
  * (05a778) auth_ssl: clean code (#19597)
  * (4aec4f) add settings to filter user authorized to authenticate (fixes #19597)
  * (1c68e6) idp_oidc: change french translation (#20107)
  * (2df5e4) add a service field to login and registration view (fixes #20100)
  * (704432) tests: add fixture to test hooks (#20100)
  * (71f3af) auth_frontends: apply exponential retry timeout only if it's more than
    2 seconds (fixes #19921)
  * (c48993) saml: fix return of soap faults (#20088)
  * (94edd3) add global event hook (fixes #20066)
  * (a7d375) tests: clear has_providers.cache in auth_oidc tests
  * (305cbf) views: add allow_password_change setting to account view context
    (#19986)
  * (031711) manager: fix ou search for administrators with visibility only on OUs
    (fixes #19992)
  * (d1f403) manager: catch TypeError when checking ou field in OUSearchForm (fixes
    #19992)
  * (49aebd) auth_oidc: allow hiding a provider from the login page (bis) (fixes
    #19449)
  * (43e5a9) idp_oidc: handle interaction betwen A2_EMAIL_IS_UNIQUE and
    STRATEGY_CREATE (fixes #19974)
  * (0d54ed) set content_type=text/plain on all HttpResponse returning simple text
    (fixes #19976)
  * (eef12b) manager: add all and none OU filters to the user search form (fixes
    #19228)
  * (40b8aa) manager: disable add user link (fixes #19646)
  * (5f1d5a) manager: update french translation (#19228, #19644)
  * (1d0850) manager: show users' count when search is mandatory (fixes #19644)
  * (4711da) manager: add by uuid URL for user detail view (#19873)
  * (b5117f) idp_oidc: fix UnicodeDecodeError in OIDCClient.__repr__
  * (22d588) tests: clear OU cache in test_auth_oidc (#18486)
  * (4ff2d7) auth_oidc: set user.ou based on a claim (fixes #18486)
  * (eea1fe) a2_rbac: add a global cache of organizational units (#18486)
  * (9e8771) remove unused module authentic2.cache (#18486)
  * (f3078a) allow reset password for LDAP users (fixes #13384)
  * (421d7d) ldap: add a can_reset_password setting (#13384)
  * (ebe592) ldap: fix set_password when old_password is missing on the user object
    (#13384)
  * (b30614) templates: set max-width instead of width in activation mail (fixes
    #19572)
  * (1c6594) auth_oidc: add strategy to find user by UUID (fixes #19434)
  * (8e12af) auth_oidc: pep8ness (#19434)
  * (2404b4) ldap_backend: add setting connect_with_user_credentials
  * (397b8e) ldap_backend: detect failure to create a username (#19482)
  * (527ff0) ldap_backend: fail login if attribute retrieval fails (#19482)
  * (602113) oidc: fix and update translation of error message (#19507)
  * (7e9d1a) auth_oidc: allow hiding a provider from the login page (fixes #19449)
  * (1a3f55) decorators: fix CacheDecoratorBase.key() (#19449)
  * (4303b9) idp_oidc: add authorization mode NONE (fixes #16855)
  * (2a409c) manager: remove Search caption from users listing sidebar (fixes
    #19259)
  * (fd8832) manager: set a /manage/ specific login url (fixes #19429)
  * (937456) tox.ini: force use of pip > 9
  * (a5560d) registration: fix revalidation of email during registration (fixes
    #19421)
  * (3525b8) tests: move registrations tests from test_all.py to test_registation.py
    (#19421)
  * (d78b6e) manager: rename column "Member count" to "Direct member count" (fixes
    #16948)
  * (a36e6b) update french translation (fixes #18626)
  * (c1a706) update french translations about registration (fixes #19355)
  * (2ffb93) registration: reword pre-registration landing page (#19355)
  * (7890fc) registration: block registration of email patterns (fixes #18886)
  * (e4f324) tests: fix test broken by evolution #19193
  * (161454) manager: queryset in modelchoicefield should be filtered on the search
    permission, not the view permission (fixes #19274)
  * (d11cf3) middleware: do not display messages if response.display_message is
    False (fixes #19246)
  * (f99565) registration: display a message on automatic account creation (fixes
    #19193)
  * (894fed) tests: remove is_superuser and is_staff from user "admin" to improve
    test coverage
  * (00d8de) registration: display a message on account creation (fixes #19193)
  * (c7d06b) manager: fix AttributeError on get_title() in RoleAddChildView and
    RoleAddParentView (fixes #19183)
  * (20706b) registration: add hook front_modify_form to RegistrationCompletionView
    (fixes #19093)
  * (569673) authentic2: update french translations
  * (0684c9) attribute_kinds: add help text to french postcode field (#18967)
  * (c10c2f) attribute_kinds: add help text to phone number fields (#18969)
  * (e90f76) attribute_kinds: pep8ness
  * (421740) attribute_kinds: limit string attribute form fields to 256 characters
    (fixes #19035)
  * (88bdd2) attribute_kinds: limit phone numbers to 20 digits and 30 characters
    (#18969)
  * (58cd56) manager: declare body.with-actions class in user_detail.html (fixes
    #19011)
  * (50ea3e) manager: add bodyclasses block to base.html (#19011)
  * (3f1af4) profile_views: pass next_url to send_password_reset_mail() (fixes
    #18997)
  * (4ff50d) attribute_kinds: allow empty string values for phone_number and
    fr_postcode  (#18969)
  * (ee895b) api: allow delete unrequired user's attributes or setting them to the
    empty string unless forbidden (fixes #18983)
  * (db2ff6) attribute_kinds: add phone_number kind (fixes #18969)
  * (8ebdad) authentic2: update french translation
  * (083583) authentic2: update french translation
  * (a47b5a) authentic2_idp_oidc: update french translation
  * (7be116) attribute_kinds: add fr_postcode kind (fixes #18967)
  * (e413e7) authentic2: update french translations
  * (31447b) manager: update french translations
  * (16dab4) registration: keep email in session after validation or pre-
    registration (fixes #18903)
  * (e54698) api: honor unique email constraints on user creation/modification
    (fixes #18546)
  * (5a10f4) manager: fix ul.errorlist in form.html (fixes #18545)
  * (7ae90b) manager: honor unique email constraint on back-office creation (fixes
    #18543)
  * (e29340) manager: fix permissions in ou views (#18901)
  * (b8a654) manager: allow a do method on actions (#18901)
  * (711886) manager: add a specific template for UserAddView (#18901)
  * (17ddb7) manager: do not use a popup for adding users (#18901)
  * (c91c5d) manager: replace explicit query for OU count by get_ou_count() in
    HideOUFieldMixin (#18901)
  * (68646a) manager: only show ou's name of a role if there are multiple ous
    (#18901)
  * (b2303d) manager: show ou information if there are multiple ous (#18901)
  * (471d49) manager: add a get_ou_count() utility function (#18901)
  * (50f8b9) manager: rework use of TitleMixin and get_title() (#18901)
  * (b97cad) manager: add hook to collect user's extra data (#18901)
  * (be3db1) manager: add email_verified information to user's detail view (#18901)
  * (bc64e5) manager: rename user's deactivate action to 'Suspend' (#18901)
  * (4b9412) manager: fix password reset action permission (#18901)
  * (48ffab) manager: fix user's edit view breadcrumb and title (#18901)
  * (fa8aec) manager: show user's creation date, last login date and last
    modification date (#18901)
  * (c380d1) manager: move user's data before roles in sidebar (#18901)
  * (ef1d18) manager: rework ou views (#18901)
  * (dbcb2a) manager: handle visible/non-visible fields in form.html (#18901)
  * (04191d) manager: add an option to send a password reset email on user's
    creation (#18901)
  * (9c4333) manager: only alert on missing username or email if username or email
    are available fields (#18901)
  * (9c6e46) manager: filter other_actions list with a hook in views.py (#18901)
  * (cb602d) manager: make all Action fields optional and declare them at the class
    level (#18901)
  * (0f19ed) manager: get other_actions from Class.other_actions first (#18901)
  * (c3151b) manager: import hooks in user_views (#18901)
  * (5c7e7b) manager: add a USER_SEARCH_MINIMUM_CHARS setting (#18901)
  * (9cc8fb) manager: allow disabling filtering of table objects by view permission
    (#18901)
  * (93535b) manager: add hook on table views (#18901)
  * (b3457a) manager: force created user's ou from user's search form (#18901)
  * (765c0a) manager: move initialization of detail form in BaseDetailView (#18901)
  * (a4125b) manager: allow searching roles by collectivity name (#18901)
  * (0fa88b) manager: add collectivity name before role name in role selectors
    (#18901)
  * (a28c98) manager: add import hooks in views.py (#18901)
  * (91ada6) manager: reorder name and ou fields in RoleSearchForm (#18901)
  * (ef7573) manager: do not show role's admin roles in user's roles view (#18901)
  * (20f097) manager: when ou selector is disabled force a value as the field is
    required (#18901)
  * (40d49c) manager: optimize number of SQL queries in UserEditForm (#18901)
  * (f888cb) manager: add a need_request flag to FormWithRequest mixin (#18901)
  * (9f56ab) manager: limit roles to same ou roles in UserRolesView when
    ROLE_MEMBERS_FROM_OU is enforced (#18901)
  * (369f75) manager: add setting to always show internal roles (#18901)
  * (9bc5cf) manager: return to user's detail view on creation (#18901)
  * (e3294f) manager: change Name by Free text on user search form (#18901)
  * (4f825b) manager: change ServicesView permission to authentic2.search_service
    (#18901)
  * (d79434) manager: add a UserDetailView (#18901)
  * (2fc887) manager: only use popup for action links if there is a popup relation
    (#18901)
  * (96ac81) manager: add a buttons block to form.html (#18901)
  * (ed7918) manager: add missing closing tag (#18901)
  * (0891e3) manager: change UsersView permission to custom_user.search_user
    (#18901)
  * (b6c96a) manager: show link to user in user's table only if user has a view
    permission on the object (#18901)
  * (565387) manager: change permission of RolesView to a2_rbac.search_role (#18901)
  * (6a2193) manager: use search permission to decide to show a management page
    (#18901)
  * (a4a41d) manager: add fields popup and permission to Action objects (#18901)
  * (9e613b) manager: implement a BaseDetailView (#18901)
  * (9669c5) manager: replace permission to filter visible objects in querysets
    (#18901)
  * (9d336c) manager: replace default PermissionMixin.authorize() implementation
    (#18901)
  * (92d4bd) manager: set permission for UserChangePasswordView to
    change_password_user (#18901)
  * (3897db) manager: add a user delete view (#18901)
  * (4e8b82) manager: user search permission to show users and roles pages (#18901)
  * (26d946) manager: only show visible OU in OU selectors (#18901)
  * (6f5844) manager: filter OU in user edit form by permissions of the user
    (#18901)
  * (bcafb0) manager: fix permission on role permission page (#18901)
  * (bd8328) manager: implement removal of permissions from roles (#18901)
  * (547410) manager: pep8ness on views (#18901)
  * (570f18) manager: add docstrings to mixin and base view classes (#18901)
  * (2d7e19) manager: replace default authorize implementations by permissions
    (#18901)
  * (a4302f) manager: prevent single-object class based view to clober the user
    template variable (#15761)
  * (e104a9) manager: allow forcing role members to be in the role's ou (fixes
    #16712)
  * (6ca73b) manager: allow searching user by attributes (fixes #15739)
  * (4e8142) registration: add prefilling form pre-registration form (fixes #18671)
  * (bd1267) registration: refactor registration views
  * (18009e) tests: fix registration test to make sure there's no disclosure
    (#18736)
  * (561b93) registration: do not check uniqueness of email in the registration form
    (fixes #16227)
  * (0542c4) registration: always set registered users in the default OU (fixes
    #16227)
  * (bb707d) registration: only initialize model fields when registration form
    prefilling is used (fixes #15610)
  * (7b5853) registration: if confirm_data is 'required', only check for filling of
    required fields (fixes #15609)
  * (26796d) factorize login code using simulate_authentication (bis)
  * (42def6) factorize login code using simulate_authentication
  * (45ad8d) utils: rename simulate_login to simulate_authentication
  * (f539e2) utils: reset user password in build_reset_password_url (fixes #18643)
  * (7d2933) utils: add a simulate_login function
  * (d4dcc3) utils: use the new build_reset_password_url in send_password_reset_mail
    (fixes #18639)
  * (37dc37) utils: add build_reset_password_url() -> URL, token (fixes #18639)
  * (f953d3) authentication: control OIDCClient DRF authentication with
    has_api_access (fixes #18638)
  * (c92d28) idp_oidc: add OIDCClient.has_api_access field (fixes #18638)
  * (da2cb3) idp_oidc: implement reversible pairwise sub (fixes #18637)
  * (c2cc20) idp_oidc: scope authorizations by ou if needed (fixes #18636)
  * (dcf417) idp_oidc: add hook idp_oidc_modify_user_info to modify user_info (fixes
    #18635)
  * (05fd92) api: add hook to modify serializer after validation (fixes #18634)
  * (e39cea) api: add hook to modify view or request in get_object (fixes #18633)
  * (a2bb2e) api: add filter on user listing for ou__slug (fixes #18632)
  * (1fbcdc) api: add hook to modify UsersAPI queryset (fixes #18631)
  * (f8bf7e) api: add a change email endpoint (fixes #18630)
  * (7ca224) views: refactor EmailChangeView to extract email sending (#18630)
  * (875b2c) api: only prefetch user attributes on GET requests (fixes #18629)
  * (3f96ce) api: add HookMixin to UsersAPI (#18627)
  * (af69c3) api: forbid ou=null in user serializer (fixes #18628)
  * (645d93) api: add a HookMixin to allow api_modify_serializer hook to modify
    serializer (fixes #18627)
  * (e9275d) views: apply HookMixin to EditProfile view (#18625)
  * (375ac1) cbv: add a hook mixin for frontoffice views (fixes #18625)
  * (a7dba1) views: add hook modify_context_data on ProfileView (fixes #18624)
  * (2af0d6) models: add an order field to Attribute (fixes #18623)
  * (17a57c) auth_frontends: pep8ness
  * (f142fb) login: pass registration_url in login page context (fixes #18622)
  * (d622c9) a2_rbac: modify default ordering of OUs (fixes #18621)
  * (dc1887) a2_rbac: inherit unique constraint on RoleParenting (fixes #17234)
  * (0943ff) views: make the homepage view class-based (fixes #18620)
  * (9d715c) models: remove unused FederatedId model
  * (7fddf2) idp_saml: pep8ness
  * (909c58) idp_saml: improve listing of services on homepage (fixes #18619)
  * (66bb0a) settings: set TEMPLATE_DEBUG to False (fixes #18618)
  * (d697cf) rbac: add an ous_with_perm() method to user mixin (fixes #18617)
  * (2e618f) rbac: replace QuerySet.empty() by QuerySet.none() (fixes #18616)
  * (cc5a4d) models: add a searchable flag to attributes (fixes #15739)
  * (46601c) add module to call hooks in external applications (fixes #17553)
  * (40221b) ldap_backend: fix typo when storing passwords (fixes #17484)
  * (ba60ed) custom_user: change default ordering to last_name, first_name (fixes
    #17470)
  * (da22c6) custom_user: pep8ness
  * (28c049) decorators: in SessionCache set the modified flag when cache is
    modified (fixes #18605)
  * (9f2b2b) manager: remove ad-hoc override of User.save (fixes #18592)
  * (d0473a) oidc: fix encoding of client secret when using HMAC signatures (fixes
    #18170)
  * (94e9b9) saml: keep latest authnRequest in session (#18449)
  * (d78dfd) oidc: fix encoding of client secret when using HMAC signatures (fixes
    #18170)
  * (9acc65) decorators: add a clear operation on cache objects (fixes #18524)
  * (2aca22) decorators: store cache on cached functions (fixes #18523)
  * (79ef7e) authentic2_auth_saml: do not fail if logout response is not a redirect
    (fixes #18432)
  * (40058d) widgets: use localized format for datetime widgets (#17935)
  * (0b763a) idp oidc: fix acr values to be a string (bis) (#18164)
  * (66a3c1) auth_oidc: fix handling of non-RSA tokens (#18166)
  * (26eaf4) oidc: fix acr to be a string (#18164)
  * (658b69) translation update
  * (b19ff6) custom_user: fix name attribute post_migrate handler (#17948)
  * (ba58b0) tests: remove dead statement
  * (49bb78) django_rbac: make migration 0003 useless (fixes #17979)
  * (e674c6) auth_frontends: reset login on exponential backoff only during POST
    (fixes #17947)
  * (5c684f) js: remove need for jQuery in js_seconds_until.js (fixes #17944)
  * (76d093) attribute_kinds: enlarge default width for default REST field of
    attributes (fixes #17929)
  * (6a04b5) custom_user: convert migration 0011 to a post_migrate signal (fixes
    #17948)
  * (0eb65d) attribute_kinds: add a rest_framework_field_kwargs field (fixes #17929)
  * (9a1c2c) crypto: fix typo in remove_padding()
  * (46da7e) tests: fix ldap/test_get_users assertion to really check
  * (b27432) tests: vary number of save() operations depending on presence of
    migrations
  * (97ce8d) utils: extract a same_domain() function from same_origin()
  * (3fab8c) crypto: add more checks when removing padding
  * (3c57bb) api: allow setting a specific requiredness for fields on user's API
    (fixes #17736)
  * (34ddc1) crypto: add HMAC signature to encrypted pseudonymous (#17537)
  * (1db190) widgets: make picker widget compliant with different form renderers
    (#17607)
  * (818fbf) misc: do not use _verified as prefix when aggregating attributes
    (#17641)
  * (ce60f1) crypto: add deterministic encryption (fixes #17537)
  * (1a970c) models: fix update of modified field when setting attributes (fixes
    #17600)
  * (4b900a) custom_user: improve performance of User.attributes (fixes #17599)
  * (60f965) custom_user: add accessors to verified attributes (fixes #17598)
  * (e28b4b) custom_user: restore username as the USERNAME_FIELD (fixes #17593)
  * (e5b031) custom_user: add an email_verified field (fixes #17554)
  * (55fcc0) settings: fix RBAC operation inheritance for users (fixes #17592)
  * (7621c3) registration: prevent reuse of deleted accounts (fixes #17469)
  * (74d089) saml: enlarge LibertyProvider.entity_id as much as metadata_url (fixes
    #17507)
  * (a76a13) manager: revert part of 418b86d7f1cef
  * (097779) misc: fix failing test (#15296)
  * (b8178e) add user password reset with token api (#15296)
  * (b7e672) api: allow all characters but / in member UUIDs (#17196)
  * (d70e24) translation update
  * (bd6821) api: fix propagation of required fields to BaseUserSerializer (fixes
    #16872)
  * (f4d502) api: improve performance of user's api by preloading attributes
  * (c0ecf5) api: make PUT equivalent to PATCH on users (fixes #17179)
  * (a8753b) api: uniformize return from RolesAPI
  * (df37e6) api: uniformize and simplify permissions
  * (47d2c8) api: encapsulate API exceptions payload
  * (883655) api: propagate required fields to BaseUserSerializer (fixes #16872)
  * (fb12c9) api: set random password on user creation with registration mail sent
    (fixes #15676)
  * (3799ba) utils: use a2.utils.login() in switch_user() (fixes #14875)
  * (1136ca) ldap: use smart_bytes/text instead of manual decoding/encoding (#16666)
  * (c5e527) setting an Attribute to None is to delete it (fixes #15615)
  * (195df7) manager: fix view permissions (fixes #15614)
  * (5ba806) idp_oidc: make OIDCCode.{nonce,state} nullable (fixes #15612)
  * (4c15c8) ldap: encode password as utf-8 before encryption (fixes #16666)
  * (82d483) idp_oidc: add setting for list of scopes (fixes #15611)
  * (aac6fa) manager: add support for user's uuid in URLs (fixes #16773)
  * (c7d433) utils: add a function to compute the "next" url from the request and a
    default value (fixes #16942)
  * (5c520d) utils: implement same_origin for compatibility with Django > 1.8 (fixes
    #16941)
  * (5d6f4b) utils: add a whitelist of redirect URLs (fixes #16793)
  * (e9092c) api: set permission for synchronization endpoint to search_user
    (#16770)
  * (d5608d) rbac: add new operations for controling permission on user actions
    (fixes #16763)
  * (8fd02e) django_rbac: add method to list OUs covered by a permission (fixes
    #16653)
  * (1fa1c0) django_rbac: add an accessor method for the permission cache (#16653)
  * (ecd995) django_rbac: make the permission hierarchy customizable (#16653)
  * (2de800) idp_oidc: fill id_token also with user's info (#16854)
  * (ab0d7e) setup.py: force jquery-ui < 1.12 as 1.12 is incompatible with gadjo
    (fixes #16651)
  * (88b990) idp_oidc: fix bug when building symmetric keys from client_secret
    (fixes #16864)
  * (22e3f0) remove use of request.REQUEST (fixes #16860)
  * (4da95a) debian: restore API's basic and session authentication packaging (fixes
    #16862)
  * (1d856a) manager: fix queryset of derived select2 widget (fixes #16819)
  * (dfd544) add check password api (#16583)
  * (183aab) add drf OIDC authentication class (#16580)
  * (c087a7) debian: update patch for hiding oidc plugins
  * (ca10b6) manager: fix role widgets to only allow non-technical roles (#16821)
  * (6a858f) debian: adapt to new django-select2>=5 requirement (#16812)
  * (3d70ff) manager: fix sizing of select2 in dialogs (#16818)
  * (e5fc8e) manager: update access control empty label to be meaningful (#16795)
  * (acf018) manager: fix role selection in access control view (#16820)
  * (0444bf) manager: adjust styles to new select2 markup (#16815)
  * (892aa4) api: use default OU for inviting new users via the registration API
    (fixes #16791)
  * (c0d7bd) api: add a synchronization web service (fixes #16770)
  * (418b86) migrate to Django-Select2>5 (fixes #15604)
  * (6a23cb) cbv: fix use of ensure_csrf_cookie decorator (fixes #16774)
  * (1dd11b) manager: fix role selectors (fixes #16710)
  * (143bbb) manage sp federation only when allowed (#15456)
  * (2f28bc) add front office management interface (#15456)
  * (5820d4) saml2: check if user is authorized through the client (#15456)
  * (7d6a94) oidc: check if user is authorized through the client (#15456)
  * (6b24c6) cas: check if user is authorized through the client (#15456)
  * (fceb69) add authorized roles and unauthorized url field to Service (#15456)
  * (f5749c) add ServiceAccessMiddleware (#15456)
  * (5b5079) add redirect to unauthorized page function (#15456)
  * (7f462e) css: let gadjo style django.contrib.messages (#16627)
  * (d3b67d) authentic2_idp_oidc: update migrations for code's nonce and state after
    d8a588c
  * (11afb5) tests: readd custom user tests, erroneously removed (#16323)
  * (c422c7) remove old test cases, support module not available anymore
  * (070d6c) tests: move custom user tests to tests/ directory (#16323)
  * (1b7e44) tests: move manager rbac tests to tests/ directory (#16322)
  * (c1248f) fix role link 404 in Service management view (#16248)
  * (1e64f4) tests: use sqlite3 backend if none defined in env
  * (33ed5f) backends/ldap_backend: assign mandatory roles (#15221)
  * (7dce0d) misc: include "continue" link in a <div> (#16159)
  * (e961a3) fix typo in French translation (#16158)
  * (4389ca) debian: update oidc patch for wheezy
  * (7fbfbb) misc: update compatibility django-jsonfield to also support 1.0
    (#15963)
  * (a3763d) login: fix bug in user of registration URL (fixes #15924)
  * (a85ecb) manager/user_views: CBV ctx object naming (#15761)
  * (4b6b64) setup.py: require django-filter > 1 (fixes #15751)
  * (6a992c) idp_cas: allow more schemes for CAS services URLs (fixes #15785)
  * (7df83e) idp_cas: fix PGT parameter name on CAS ServiceValidate request (#15785)
  * (1b6c4a) idp_cas: add proxy field in CAS services admin view and make proxy
    field optional (#15785)
  * (88c087) debian-wheezy: update patch to hide oidc plugins
  * (7f8df7) api: augment default pagination page size to 100 (fixes #15622)
  * (f7923a) api: do not set allow_blank=True on all attribute fields (fixes #15621)
  * (7c401f) debian-wheezy: update patch to hide oidc plugins
  * (cb8e5a) api: use cursor pagination for users browsing (#15620)
  * (e1c5bc) api: add more filtering possibility to users API (fixes #15620)
  * (facf91) custom_user: add modified field (fixes #15617)
  * (7950af) use get_user_model() in clean-unused-account command (fixes #15616)
  * (132dad) add a date attribute kind (fixes #10606)
  * (aae469) add bootstrap based date and datetime fields (#10606)
  * (151777) api: add support for custom rest_framework fields to attribute kinds
    (fixes #15608)
  * (037246) change serialization format for attribute kind string, title and
    boolean (fixes #15607)
  * (b11665) fix SAMLBackend signature (fixes #15606)
  * (2ca916) setup.py: make version PEP440 compliant (fixes #15605)
  * (0feee3) idp_oidc: allow post_logout_redirect_uris to be blank (fixes #15671)
  * (49d40d) auth_oidc: call oidc_login() instead of a2.utils.login() (fixes #15648)
  * (bececb) api: do not return all roles if user has none (#15641)
  * (8cf366) tests: restore check for count key in users API
  * (fe85a8) admin: list_select_related must contain only foreign key fields (fixes
    #15566)
  * (e010a7) tests: adapt to change in django-webtest
  * (22922b) pep8ness
  * (da6793) tox.ini: replace python-capturelog by python-catchlog
  * (f3bc4a) tests: use new password constraints (#15478)
  * (651fc4) increase password minimall length policy (#15434)
  * (480c23) jenkins: remove django 1.7 support
  * (90596a) unsupport django 1.7
  * (9a5a7d) tests/oidc: adapt to django-webtest 1.9.1 change of server name
  * (6ef780) tests/profile: adapt to django-webtest 1.9.1 change of server name
  * (45abd5) tests/oidc: adapt to django-webtest 1.9.1 change in signatures
  * (02b5f8) tests: adapt to django-webtest 1.9.1 change in signatures
  * (70a19b) tests: adapt to django-webtest 1.9.1 change of server name
  * (c7138e) api: add email in filter fields for api/users (#15386)
  * (c39ec7) auth_saml: use utils.login() for loging in users (fixes #15300)
  * (314cf3) oidc: fix invalid_request call on expired code (#15013)
  * (e609e3) tox: limit psycopg to <2.7, for postgresql 9.1 compatibility (#15243)
  * (0d9140) idp_oidc: remove realm from preferred_username (fixes #14887)
  * (a7d2d2) update french translations
  * (985d29) idp_oidc: do not delete all authorizations in
    OIDCExpiredManager.cleanup() (fixes #14786)
  * (1fda65) fix template path
  * (fd36e1) add lifetime to change email notification (fixes #14771)
  * (088ddf) manager: do not show internal (_a2) roles by default (#14717)
  * (40ebd2) setup.py: bypasses a pep440 problem with gadjo version (#13954)
  * (465923) ldap: handle connection error on admin bind (fixes #14725)
  * (34d36b) idp_oidc: implement logout (fixes #14725)
  * (90b059) login: fix quotes around "register" link (#14629)
  * (139180) idp_oidc: set issuer to root URL (fixes #14582)
  * (5e3e5c) auth_saml: do not authenticate if plugin is not enabled (#14536)
  * (c0b3a5) setup.py: walk all source directories searching for locales
  * (da9331) add french translation file to authentic2_idp_oidc (fixes #14052)
  * (1c79ca) add other verified mode to --claim-mapping option of command oidc-
    register-issuer (fixes #14294)
  * (a0eada) add --ou-slug option to oidc-register-issuer (fixes #14293)
  * (3e8d5c) change french message for mail registration (fixes #9467)
  * (3074d5) api: do not let OU API override users API endpoint (#12497)
  * (c42ed9) api: add base support for organizatinal units API (#12497)
  * (0f7b85) debian: direct cronjob output to root (#13893)
  * (24f8ee) manager: don't repeat service name in summary (#13944)
  * (0201ba) manager: include service name in service page title (#13944)
  * (b3406e) authentic2_auth_oidc: implement rfc7009 - OAuth2 Token Revocation
    during SLO (fixes #14198)
  * (54d76a) authentic2_auth_oidc: forward logout to OIDC providers (fixes #14117)
  * (bc214c) tests: remove print statements
  * (ec0d13) use utils.login() for logging in at registration (fixes #14065)
  * (246526) manager: adjust input/select widths to match (#13943)
  * (ea5d3a) manager: order services by organization unit first (#13942)
  * (095d46) debian: remove dependency on python-jwcrypto on Wheezy (#13925)
  * (bd16ed) tests: set ou to default ou on oidc provider fixture
  * (e726ef) debian: hide oidc plugins in wheezy builds (fixes #13925)
  * (4f8e0e) authentic2_idp_oidc: add client_secret_post authentication
  * (09a1ad) authentic2_idp_oidc: clean expired authorizations, codes and access
    tokens
  * (d8a588) authentic2_idp_oidc: set default values for code's nonce and state
  * (d11202) authentic2_idp_oidc: check validity of codes before accepting them
  * (28562e) authentic2_idp_oidc: allow POST on user_info
  * (dfa130) authentic2_idp_oidc: allow http:// redirect URIs
  * (ccf229) authentic2_idp_oidc: remove empty state from authorization response
    (#6982)
  * (80b270) authentic2_idp_oidc: remove openid scope when passing scopes to
    template (#6982)
  * (b26330) authentic2_idp_oidc: fix variable interpolation (#6982)
  * (287c3a) jenkins.sh: remove junit files before each run
  * (ae5111) authentic2_auth_oidc: remove default value on OIDCProvider.ou
  * (7cf18e) authentic2_idp_oidc: add templates (#6982)
  * (5009b6) add OpenID Connect IdP plugin (fixes #6982)
  * (59b973) utils: add accessor for last authentication event in session (#6982)
  * (46ee55) utils: add time to authentication event in session (#6982)
  * (5de2ae) tests: set HTTP_HOST to localhost instead of localhost:80 (#6982)
  * (b5a1fb) auth_oidc: convert timestamp to datetime in UTC timezone (#6982)
  * (da28c7) tests: add utils.logout (#6982)
  * (8939d3) MANIFEST.in: exclude .pyc files from tests
  * (4efb2b) add OpenID Connect authentication plugin (fixes #13714)
  * (6686b5) utils: add function to convert aware datetime to Unix timestamp
    (#13714)
  * (0f5672) utils: add function to check next URL has same origin as request
    (#13714)
  * (7c6dfa) utils: add resolve parameter to redirect (#13714)
  * (862aa0) tests: add context manager to check content of logs (#13714)
  * (13a58b) saml: make message more translatable
  * (0ed5ab) a2_rbac: make get_default_ou() failure less
  * (b55b31) utils: make datetime_to_utc compatible with django < 1.8 (#13810)
  * (803b6c) misc: add cancel buttons to account management pages (#13768)
  * (8ac615) registration: allow spaces from copy/paste errors in token (#13542)
  * (dad6a4) debian: typo in authentic2-multitenant.postinst
  * (6ae75f) tests: pep8ize and pytest-ize RBAC tests
  * (2e74b9) add hasher for Joomla passwords (fixes #13301)
  * (0e516c) tests: move hashers tests into their own module (#13301)
  * (fcc253) fix user admin form with custom attributes (fixes #13332)
  * (aaa278) debian: set constraint on django-model-utils as in setup.py
  * (280c51) make all logging settings converge (fixes #13364)
  * (a2142a) partial indexes cannot be created on SQLite (fixes #13363)
  * (544ea8) tests: close connection after concurrency test
  * (56a101) add User.attribute_values generic relation (fixes #13362)
  * (db38e9) jenkins.sh: run tests with migrations at night
  * (1f8b82) debian: add authentic2-multitenant.triggers (fixes #13361)
  * (8e71ce) add Attribute.disabled field (fixed #13234)
  * (fa9a9b) remove non-editables fields from EditProfile view (#13330)
  * (c99973) make SAMLFrontend.id a simple string (fixes #13339)
  * (89ca90) misc: add class to required fields of model forms (#13229)
  * (087577) wait for loading of images on logout (fixes #13179)
  * (562148) do not raise field errors in User.clean() (fixes #13138)
  * (8f4a80) fix missing import of ValidationError
  * (382c33) registration: add comment to explain redirect on POST
  * (6ce0cb) sync-metadata: truncate name and slug when creating a new
    LibertyProvider (fixes #13131)
  * (a6861b) jenkins: aggregate test results from correct file names
  * (a786ba) custom user: create contenttype entry if missing (#13080)
  * (581e43) fix first_name/last_name custom user migration (fixes #12993)
  * (5027d8) profile: don't overwrite verified attributes (#12981)
  * (4db8ba) fix PEP8ness
  * (7f388b) fix missing dependency in migration (#12960)
  * (002eef) jenkins: fix coverage support (#12970)
  * (0ac253) profile: prefer AttributeValue over builtin model field (#12960)
  * (57af2f) custom_user: add AttributeValues for first and last name fields
    (#12960)
  * (ac573e) custom_user: add has_verified_attributes utility method (#12959)
  * (ba42b6) tests: adapt ldif fixtures to conform to accepted python-ldap LDIF
    grammar
  * (7fd37c) templates: don't include gadjo appmenu in frontoffice (#12656)
  * (31f009) manager: include title on top of roles and services listing pages
    (#12504)
  * (718c09) manager: order rows in services table (#12499)
  * (498bce) manager: hide "ou" column in services view if there's only one (#12498)
  * (75c4f3) manager: update <select> style to match gadjo changes (#11352)
  * (efcb47) registration: use a different template if there's an existing account
    (#12611)
  * (c85f65) don't overwrite verified attributes in registration completion form
    (#12610)
  * (4f266d) api: don't require 'ou' arg when calling to update user (#12597)
  * (0e4d74) fix uniqueness checking on users (fixes #12570)
  * (4a70a3) limit django-rest-framework to version <3.4
  * (207d57) hide temporary LDAP disconnection using ReconnectLDAPObject (fixes
    #12541)
  * (af3b13) fix test_login_inactive_user with django 1.8
  * (c841ec) check password of inactive users last (fixes #12474)
  * (609371) stop crashing when receiving a POST without a content-type on SAML
    endpoints (fixes #12529)
  * (accc74) add test of the DeletedUserManager.cleanup() method
  * (e3d190) debian: call multitenant jobs with correct uid (#12486)
  * (8f9e92) pep8ize authentic2.managers
  * (290e9c) only pass session parameter to get_user() if it supports it (fixes
    #12375)
  * (67a21b) fix use of LDAP users with CAS IdP since encrypted_bindpw has been
    implemented (fixes #12375)
  * (42b52b) ignore invalid next parameter (fixes #11583)
  * (e32a3e) django_rbac: add command and manager methods to cleanup permissions and
    roles (fixes #11589)
  * (48f820) a2_rbac: clean permissions and roles when generic fk object is removed
    (fixes #11589)
  * (d77b9d) django_rbac: fix Role.all_members() (fixes #11592)
  * (3ac482) add meta SAML attribute to pass name of verified attributes (fixes
    #11231)
  * (4907f3) ldap: encrypt bind password while it is stored in the session (fixes
    #11590)
  * (ee2941) crypto: add a raise_on_error option to aes_base64_decrypt (#11590)
  * (98fa04) django_rbac: fix bugs in permissions' natural key methods (#11461)
  * (bd0dbc) attributes: add "boolean" kind (fixes #11411)
  * (d25cef) trivial: PEP8 formatting
  * (5fd2a1) debian: can use django 1.8 on jessie (#11490)
  * (eb1b5a) trivial: remove warning about PasswordReset.user
  * (dae472) serializers: fix failure when generic fk has a value but is None
  * (d7c16e) use ou's and service's natural keys in role's natural key (fixes
    #11461)
  * (70e7e5) change natural key for OrganizationalUnit (use slug) (#11461)
  * (0e04f3) add a natural key to Service (#11461)
  * (575bd4) a2_rbac: improve natural key of Role (fixes #11461)
  * (c237f5) Enhance get backends helper function and registration frontend
    management (fixes #11324).
  * (d70c7e) remove all remaining uses of urllib2.urlopen (fixes #11388)
  * (cd6bd1) debian: remove conflict between authentic2 and authentic2-multitenant
  * (c4f476) misc: require user to be logged in to access password change view
    (#11318)
  * (513889) convert all lasso logs to debug logs
  * (639d0f) monkeypatch DjangoLogger on the root logger
  * (32c736) debian: move postgresql from Pre-Depends to Recommends (fixes #11196)
  * (68c4fd) tests: update expected attribute value to have a verified key
  * (c7311d) don't try marking as readonly fields that do not exist (#11164)
  * (9e14e8) add support for settings verified attribute value (#11165)
  * (9cdee7) start support for verified attribute values (#11160)
  * (7431fb) ldap: rename LDAPUser.backend to ldap_backend (fixes #11159)
  * (72a397) saml2: when logout response endpoint is missing, redirect to homepage
    (fixes #11157)
  * (d08992) debian: deprecate usage of /etc/init.d/authentic2 manage (fixes #11008)
  * (e1e555) profile: fix display of attribute title when there's no value (#11147)
  * (31d4f9) registration: add new known keys to token activation
  * (e17896) auth_saml: allow provisionning all attributes from SAML attributs
    (fixes #10599)
  * (e7248a) allow plugin to provide attribute kinds (fixes #10783)
  * (412d09) add helper to collect data from plugins (#10783)
  * (bd41cb) use HTTP 307 for logout response redirects (fixes #10844)
  * (b81212) If the user has no password, don't ask one at email modification and
    account deletion. (fixes #10802)
  * (c97289) registration: fix check for email unicity (#10866)
  * (a49ca1) debian: fix do_migrate in authentic2-multitenant init
  * (597c22) debian: fix typo in postinst
  * (051234) debian: fix typo in pydist-overrides
  * (213b69) debian: add django-mellon and ldaptools to pydist-overrides
  * (009127) never allow editing email through the EditProfile view (fixes #10782)
  * (4e0c85) debian: only execute migrate and collectstatic in postinst
  * (2ba494) Adapt account management when the user has no password (fixes #10658).
  * (549898) debian: add logrotate settings for gunicorn logs (fixes #10767)
  * (d80263) replace custom Slapd class by using the ldaptools package
  * (c6cb35) tox.ini: add a fast option
  * (1174f1) debian: fix logging settings for monotenant packaging
  * (5d0c77) prevent deprecation warnings about firstof
  * (3e5398) prevent removing parents of internal roles (fixes #10732)
  * (3a88f0) set encryption mode on loaded providers based on the policy (fixes
    #10719)
  * (850d26) add missing import for uuid
  * (dfe6a2) skip users/services warning when removing an entity if there are none
    (#8747)
  * (cf0b7f) saml: return a 405 response if SOAP methods are not called with POST
    (#6782)
  * (ef8b27) misc: add a setting to include empty fields on profile page (#10677)
  * (310860) initialize frontend.name in ProfileView (fixes #10644)
  * (62e132) return users to homepage when nonce is expired (fixes #10620)
  * (375f83) Add predefined data to the token built in the RegistrationForm (fixes
    #10607).
  * (99b069) Add frontends from backends and plugins to the registration page (fixes
    #10526).
  * (601885) Add valid_email and confirm_data to RegistrationCompletionView (fixes
    #10508).
  * (84ae07) At registration, add a token parameter to use a form without passwords
    fields (fixes #10602).
  * (746c71) Add a registration form without password (fixes #10602).
  * (a66a14) Allow legacy template names in send_registration_mail (fixes #10635).
  * (e0bfd2) misc: ship authentic2_auth_saml templates (#10595)
  * (714a17) fix storage of LDAPUser.dn in sessions (fixes #10532)
  * (ea7960) debian: do not override syslog format string from hobo, add cleaning
    filter to all handlers
  * (687c7f) fix login with LDAP account when user is already logged (fixes #10310)
  * (e91c02) debian: use request_context filter from hobo
  * (b29402) tox.ini: choose a better default for toxworkdir
  * (8ad53c) jenkins.sh: upgrade pylint and install pylint_django (#10462)
  * (a34f62) apply add_to_blocks fix to ProfileView (fixes #10436)
  * (b35a72) compatibility fix to use of add_to_blocks with Django > 1.8 (fixes
    #10436)
  * (8c2d08) allow settting a specific user filter for LDAP synchronization (fixes
    #10437)
  * (190440) decorate edit_profile and change_email with login_required (fixes
    #10420)
  * (9c01db) use repr on NameID content and format extract from assertion before
    logging them (fixes #10404)
  * (8db04e) Add frontend name to blocks_by_id.
  * (555051) add a django_user_full_name attribute (fixes #10344)
  * (6fe171) make utils.get_user_from_session_key() works with LDAPUser (fixes
    #10343)
  * (1b5ae8) debian: do not compile for python 2.6 on jessie
  * (f3417c) debian: remove pycompat
  * (197233) debian: add dh-python to Build-Depends
  * (59d2c7) constraint version of django-table2 to <1.1
  * (f669f0) debian: fix syntax error
  * (cf5ab8) revert removal of LDAP attributes mapping
  * (678e73) pep8ness
  * (22656e) tests: make a fixture of the slapd object
  * (99037a) debian: refactor sentry support
  * (0c02f4) Get prefilling data from backends for the registration form (fixes
    #10267).
  * (ebadac) authentic2_auth_saml: remove unused imports
  * (091473) add login_required() decorator to /accounts/ view (fixes #10266)
  * (e1260c) Attach self-admin permission to roles using get_or_create() (fixes
    #10255)
  * (b8c3bf) ldap: do not traceback when _auth_user_id references no user (fixes
    #10239)
  * (2daf89) store LDAP data in session instead of replacing LDAPUser.pk by a pickle
    object (#7150)
  * (f491b9) move StoreRequestMiddleware earlier in the middleware queue (fixes
    #10230)
  * (b08870) prevent exception in a2_processor() when session has not been
    initialized (fixes #10229)
  * (756cac) ldap: directly call LDAPUser.keep_password in return_django_user
    (#7150)
  * (573f2b) ldap: factorize keep_password initialization (#7150)
  * (dd5a62) completely remove transient user support (#7150)
  * (74e744) override pre-Django 1.8 PasswordResetTokenGenerator (#7150)
  * (c481e9) copy AbstractUser from django.contrib.auth for Django 1.8 compatibility
    (#7150)
  * (909b17) backends: remove dead code
  * (e27056) api: pass registration data to build_activation_url() (fixes #10215)
  * (1b1b2c) use ou filter if available when checking for email uniqueness at
    registration (fixes #10214)
  * (e70647) setup.py: update dependency upon django-restframework>=3.3 (#10206)
  * (dce802) attribute_kinds: make a lazy iterator from get_title_choices() (fixes
    #10200)
  * (402871) authentic2_auth_saml2: fix unconditional logout try
  * (1b9838) setup.py: add missing dependency upon django-mellon
  * (a9eec8) Implement beta version of SAML authentication using django-mellon
    (fixes #10107)
  * (9f8e5c) tox.ini: add checker target
  * (f854a0) tests: fix failing test
  * (234792) pep8ness: api_views.py
  * (3e6419) api: fix user creation with uuid (#10088)
  * (8284e0) Revert "api: fix user creation with uuid (#10088)"
  * (5262c3) simplify tox.ini, move remaining tests to root test directories (fixes
    #1156)
  * (254afa) authentic2.views: fix dict building compliant with python 2.6 (#10113)
  * (0481bc) api: fix user creation with uuid (#10088)
  * (7bdff6) api: allow defining user uuid (#10088)
  * (0b5a97) allow a frontend to hide itself (if for example it just wants to run
    some JS)
  * (fec654) ldap: make get_ldap_attributes_names() return a list
  * (130cd2) setup.py: fix recursive call in sdist
  * (3de68e) ldap: store old password temporarily in LDAPUser.check_password() so
    that PasswordChangeForm always works (fixes #10080)
  * (b64029) setup.py: pep8ness, cleaning
  * (7b633f) Add in profile template context a dictionnary of frontend blocks (fixes
    #8843).
  * (04415d) api: use BaseUserSerializer to return user serialization in
    /api/register/ (fixes #10071)
  * (6baea9) api: set first_name and last_name to empty string when absent (fixes
    #10063)
  * (d0ca80) api_views: finish implementing the registration API with no mail
    validation (fixes #8480)
  * (89a122) tests_api: pep8ness, cleaning
  * (02bded) utils.py: pep8ness
  * (74405b) tox.ini: use posargs to change parameters to py.test
  * (250cc8) a2_rbac: use get_or_create() to associate permissions to admin roles
    (fixes #10047)
  * (5ae41f) multitenant/debian_config.py: uncondtionnaly use PublikAuthentication
    (fixes #10046)
  * (5066d1) doc: update "enable CAS" settings name
  * (b14ad6) remove authentication classes from APIView (#9812)
  * (74df07) add indirection for attributes accessors (#9954)
  * (3084ca) debian: set default login's form username label to Email when using
    multitenant (#10003)
  * (a4cecf) emails: add missing old_email variable to email change notification
    (#9906)
  * (6d7ba1) emails: use utils.send_templated_mail to send email change notification
    (#9907)
  * (3230bd) ldap: refactor LDAPBackend to ease subclassing
  * (8c03f6) tests: skip test on sqlite3 < 3.8 if it needs partial indexes support
  * (3607c3) forms: use AttributeValueQuerySet with_owner() method
  * (81dda3) simplify user's API key-value attributes handling (fixes #9954)
  * (6545cd) add accessors for key-value attributes of users (#9954)
  * (c5d71c) support mutiple-valued attribute in Attribute.get_value, add
    Attribute.set_value (#9954)
  * (bda3fe) add partial indexes to AttributeValue to enforce uniqueness of single-
    valued attributes (fixes #9947)
  * (1b06c3) support any where clause in CreatePartialIndexes (#9947)
  * (cb56b4) tox.init: run tests with migrations on postgres and sqlite *files*
    (fixes #9951)
  * (a6a3fd) settings: move contenttypes before auth (fixes #9952)
  * (e7856d) add uniqueness index on column admin_scope_ct_id and admin_scope_id of
    role's table (fixes #9926)
  * (e635f4) LDAP entries must be normalized before using them in get_users()
    (#9645)
  * (f15e60) update user only when they change in sync-ldap-users (fixes #9645)
  * (867791) tox.ini: pass positional args to py.test
  * (03e7d8) remove debugging coin
  * (98c23f) ldap: do not force is_active to True in ldap_init (#9645)
  * (eb2d04) typo fix in parent role add view (#9915)
  * (316740) Fix template name in send_password_reset_mail (#9875)
  * (e730aa) makes context override RequestContext in send_templated_mail (fixes
    #9896)
  * (9b41cb) update french translation (#9538)
  * (5a3b1e) use payload data instead of API user in template (#9875)
  * (6eb6c5) fix template names for password reset email send by user creation API
    (#9875)
  * (ff1af5) fix site_name in password reset templates (#9875)
  * (19a22a) update french translations (fixes #9875)
  * (a9a248) send reset_password emails when registration is done through create
    user API (#9875)
  * (acc8a0) add force_password_reset field to users' API (#9875)
  * (a171b8) make password field optional in users API
  * (610ac5) pass password to templates in user's API registration mail (#9875)
  * (a06ee2) use send_password_reset_mail to implement action_password_reset (#9875)
  * (a98f61) use send_password_reset_mail to implement PasswordResetForm (#9875)
  * (709b60) add send_password_reset_mail() (#9875)
  * (0c67f7) add support for legacy templates to send_templated_mail (#9875)
  * (18e992) add request parameter to send_templated_mail (#9875)
  * (072439) pep8ize utils.py
  * (40b513) pop send_registration_mail from payload in user's update API (#9875)
  * (e0091e) add unique index to PasswordReset.user (#9875)
  * (c154e0) jenkins.sh: again
  * (6c97f7) jenkins.sh: constraint virtualenv version
  * (17f2d1) jekins.sh: try something else
  * (c0ed0b) jenkins.sh: try to fix SNI support in pip
  * (da2c00) Set a nameId format in saml requests when not defined.
  * (51671d) jenkins.sh: use pip<8
  * (8e51c4) send registration mails thourgh user creation API (fixes #9526)
  * (91cc85) make ctx optional in send_registration_mail() (#9526)
  * (6c8788) define anonymous service user class for REST authentication
  * (0d0daa) update french translations (#9731)
  * (76b070) refactor role's user and role managers views (fixes #9731)
  * (6759ee) normalize DOM event when a part of the page is updated (#9731)
  * (15d386) use RolesFormForChange in RoleAddParentView (#9731)
  * (f16689) use RolesForm inr RoleAddChildView (#9731)
  * (d80e41) add new form to select many roles with change permission (#9731)
  * (8cb47a) add new form to select many roles (#9731)
  * (dded7c) add new form to select many users (#9731)
  * (21f01a) add new field to select many roles with change permission (#9731)
  * (be3e8b) add field to select many roles (#9731)
  * (495d36) add new field to select many users (#9731)
  * (2f1b72) fix SecurityCheckMixin permissions computations (#9731)
  * (47adf0) add get_title to RoleMembersView (#9731)
  * (648d55) add TitleMixin to BaseSubTableView (#9731)
  * (ae4d5d) debian: install publik authentication classes for REST API (#9806)
  * (1c8fae) use uuid as identifier for the user's REST API (fixes #9808)
  * (c2c847) registration: translate 'Email' field in registration form (#9777)
  * (24be3e) update translation for new string (#9776)
  * (518349) templates: add a few explanation words to the change email template
    (#9776)
  * (e2e6cd) debian: handle hobo-redeploy trigger (fixes #9765)
  * (60b012) fix typo
  * (c41308) configure logger django to prevent disabling of django.request
  * (9ae460) Handle logout by redirection from plugins (fixes #9195).
  * (9dd157) add translation marker (#9694)
  * (1e6ec1) fix traceback on missing keep_password_in_session in saved LDAP
    settings (fixes #9697)
  * (8133e9) add link to role's member view on user's roles (#9694)
  * (b106a0) add role description as tooltip in user's role list (#9694)
  * (aa87ce) update french translation (#9695)
  * (d29aae) show user's roles in edit view (fixes #9694)
  * (5432b1) add username to title of user edit view (fixes #9695)
  * (d6b2a1) allow ordering user's roles table by the member column (fixes #9662)
  * (ad0c1a) allow using all attributes in group filter (#9583)
  * (79f1a0) pass attributes to get_ldap_group_dns (#9583)
  * (8fd389) add formatter for LDAP dn (#9583)
  * (b203f8) add support for posixGroup to the LDAP testing framework (#9538)
  * (6cc72f) translation: fix usage of "mail" in French (#9683)
  * (b3b4b1) add password change notification templates (#9538)
  * (9dc042) send notification mail when password is changed (fixes #9538)
  * (346d48) use StoreRequestMiddleware to pass RequestContext to email templates
    (fixes #9673)
  * (74dfa5) prefer email to full name in User.__unicode__
  * (9e51fd) update french translations (#9538)
  * (83c510) set temporary password when password reset is set for an user (#9538)
  * (f5d9b3) allow admin to send reset password emails to user with unusable
    password (#9538)
  * (3a862b) allow user with unusable password to login using tokens sent by email
    (#9538)
  * (0bed53) does not allow setting the same password as before (#9538)
  * (b25e4a) show message on successful password change (#9538)
  * (b8d768) does not allow changing the password of an account missing one (#9538)
  * (44c38d) update french translation
  * (682146) add introductory text to password_change_form.html (#9538)
  * (f7e445) make old_password the first field in PasswordChangeForm (#9538)
  * (18c1ff) revert messages changes from previous commit
  * (179b8c) LDAP WHOAMI operator is not supported everywhere (fixes #9648)
  * (65eaa0) encrypt LDAP password in sessions (fixes #9666)
  * (332dbc) add simple crypto module using pycrypto (#9666)
  * (d5c6bb) add setting to prevent keeping LDAP passwords (fixes #9665)
  * (2bb5fb) a2_rbac: do not delete roles as part of update_ous_admin_roles() (fixes
    #9600)
  * (21cd4e) setup.py: prevent using django-filter 0.12
  * (f1e5d3) tests: force locale to english
  * (be8ce9) improve delete account view (fixes #9532)
  * (c04cce) update french translation (fixes #9531)
  * (12eac8) Remove use of the profile word and rename it 'account data' (#9531)
  * (90611f) login form: make username label customizable (fixes #8600)
  * (bd9a77) manager: use checkbox UI for users' roles in mono-ou situations (fixes
    #9502)
  * (724c11) manager: genericize hiding ou column when listing is filtered by ou
    (fixes #9501)
  * (0aa2dd) api_views: handle user attributes whose kind is not "string" (fixes
    #9511)
  * (8c9342) manager: show fields' help text (fixes #9512)
  * (e9dced) a2_rbac: delete permissions first in OrganizationalUnit.delete() (fixes
    #9504)
  * (a6d8ba) trivial: remove a typo in french translation
  * (742a5c) manager: improve performance of user export (fixes #9402)
  * (a6e0fa) setup.py: hide DJANGO_SETTINGS_MODULE value when calling
    compilemessages
  * (d2deb0) idp/saml: do not store logger in global variable
  * (fcb8b0) idp/saml: set SessionNotOnAfter on AuthnStatement from
    session.get_expiry_date() (fixes #9141)
  * (853275) utils: add method to convert datetime to UTC and to xs:datetime strings
    (using UTC timezone) (#9141)
  * (3e6a04) log_filters: fix bug when REMOTE_ADDR is missing from wsgi tenvironment
    (fixes #8971)
  * (a9e3a2) ldap: do not copy LDAP attributes directly on the user object (fixes
    #9162)
  * (838777) migrations: add IF EXISTS to DROP INDEX in partial index backward
    migration (fixes #9335)
  * (8a23dc) a2_rbac: add a partial index to prevent duplicate permissions (fixes
    #9234)
  * (ff9299) rbac: handle slug construction in manager forms (fixes #9260)
  * (4419a5) django_rbac: fix naming of get_natural_key method (fixes #9292)
  * (e8e072) manager: fix logout links (#9274)
  * (6311b5) django_rbac: remove underscore from automatically produced slugs
  * (21e7f9) managre: use role.has_self_administration() as condition for the
    Managers link (#9250)
  * (9580f0) a2_rbac: only build self-administered admin roles for role's admin
    roles (fixes #9250)
  * (fb4a03) manager: add predicate for internal roles, hide editing actions (fixes
    #9231)
  * (9a7819) manager: hide ou management page from menu.json if user has not change
    or add permission (fixes #9235)
  * (d483f3) manager: hide add ou link when user lacks the permission (fixes #9232)
  * (d7b7be) manager: directly inherit from gadjo.html (#9216)
  * (295d9d) tests: remove debugging statement
  * (6e02e7) tests: fix LDAP tests broken by theme change (#9200_
  * (e2e4bf) use gadjo for the basic theme(fixes #9200)
  * (c55af3) tests: move CAS tests in tests/ directory
  * (6b1499) tests: aggregates all API tests
  * (f61d2f) CAS: limit size of accepted service URL and allow for any size in
    Ticket model (fixes #9206)
  * (8bdafb) hide LDAP_AUTH_SETTINGS from debug tracebacks as it can contain
    passwords (fixes #9207)
  * (cee8ec) revert debugging change to logout page, introduced in 21bff6
  * (21bff6) trivial: use three dots in logout messages, not four (#9199)
  * (c336e8) misc: use <h2> in all templates for first title (#9198)
  * (0cacd7) setup.py: django-model-utils 2.4 breaks authentic (fixes #9192)
  * (ecc1dc) locale: fix french translation
  * (33d3c7) middleware: iterate message storage only if messages are consumed
    (fixes #9191)
  * (b6ee09) Merge branch 'master' of repos.entrouvert.org:authentic into
    api_role_member
  * (fd6da0) fixing user_api tests issues
  * (606cf6) profile: use request context to send password reset email (#9166)
  * (ebf28d) registration_backend: use RequestContext to send activation email
    (#9165)
  * (f9f510) roles-api-add_remove-members-#8234
  * (0b1e83) improving role api tests #8234
  * (313e17) roles add/remeve member api #8234
  * (9c5db6) tests: fix user listing API tests (#7862)
  * (eae498) add missing utils.py (fixes #7862)
  * (e99733) add new API tests (fixes #7862)
  * (34354e) api: new user API (#7862)
  * (85d235) api_views: pep8ness (#7862)
  * (0e2b71) api_urls: fix regexs (#7862)
  * (a6bd4f) improve AJAX/JSONP support in decorators.json (fixes #8937)
  * (c0aa1f) ldap_backend: do not traceback on synchronization (fixes #8885)
  * (ca7b9e) debian: redirect output from which
  * (80de8c) setup.py: fix versions of django-admin-tools
  * (65e8a9) trivial: fix typo
  * (a5aeb3) debian: cron.hourly job for authentic2-multtitenant
  * (7fab78) debian: add cron.hourly job for authentic-multitenant (fixes #8855)
  * (addc41) debian: add skeletons setting for multitenant (fixes #8850)
  * (c65d2b) plugins: remove debugging statement
  * (e9ca9f) migrations: adapt CreatePartialIndexes operation to Django 1.8
  * (3b9a21) manager: columns "via" and "member" of OuUserRolesTable are not
    orderable
  * (7d6b19) models: Service.__repr__ should not return UTF-8
  * (41b24a) serializers: do not treat all virtual fields as GenericForeignKey in
    deserializer
  * (0ab642) Model is serializable as JSON (#8602)
  * (ecb683) tests: add test of /api/user/ API (#8603)
  * (2f8809) a2_rbac: modify Role.to_json() to list all roles visible to the service
    (fixes #8603)
  * (f8fc45) models: modify Role.to_json() and Service.to_json() to list ou
    attributes (fixes #8602)
  * (eda42f) update french l10n
  * (52ce6f) manager: add AjaxFormViewMixin to parent/child add views
  * (96f7ec) manager: change caption "Modify description" to "Edit" (fixes #8535,
    changeme!)
  * (5c9ebd) a2_rbac: do not validate if slug starts with an undercore in
    Role.clean() (fixes #8620)
  * (352f1d) profile_views,profile_forms: fix unicode error in log string (fixes
    #8609)
  * (493940) ldap: put LDAP users in the default ou, or an ou specified in the
    settings (fixes #8584)
  * (2cb9c0) custom_user: User.__repr__ should return ASCII strings (fixes #8586)
  * (55c570) a2_rbac: fix undefined variables errors (fixes #8558)
  * (b286fb) views: fix homepage redirect with multitenant settings (fixes #8563)
  * (a058c2) a2_rbac/management: remove broken optimization in
    update_ous_admin_roles (fixes #8558)
  * (b07baf) debian-*: fix depends field (#8429)
  * (015d82) setup.py,debian-*: restricts django-select2 version to < 5.0 (fixes
    #8429)
  * (64c8ec) registration_backend: fix adding the registration realm to usernames
    (fixes #8426)
  * (fbf9e7) utils: pass unicode strings as log formatting strings
  * (46ecb3) utils: handle all kinds of iterable but strings in
    normalize_attribute_values (fixes #8390)
  * (8c2010) setup.py: define curdir before the try/except block
  * (be2734) attributes_ng: add attribute a2_service_ou_role_uuids (fixes #8389)
  * (35535e) MANIFEST.in: fix typo
  * (d7bfb1) django_rbac: rename test file so that py.test can find it
  * (52313b) tests: distribute ldif fixtures
  * (4e2b3d) setup.py: restore current workind directory if translation compilation
    fails
  * (57b7d2) tox.ini: removed dead environments from envlist
  * (40d688) middleware: fix typo on A2_OPENED_SESSION_COOKIE_DOMAIN
  * (6391a3) middleware: fix activation of OpenedSessionCookieMiddleware (fixes
    #8378)
  * (62c28f) attributes_ng: add new attribute 'Role slugs/names from same ou as the
    service' (fixes #8365)
  * (932b78) Revert "Rename role attributes (fixes #7666)"
  * (ff4745) manager: in HideOUFieldMixin when the ou field is hidden, set it to the
    default OU (fixes #8380)
  * (b65365) manager: use the same form class for RoleEditView and RoleAddView
    (fixes #8379)
  * (e08ccf) ldap: ignore referrals returned by Active Directory (fixes #8363)
  * (d1d5c7) ldap: define a default certificate store file by searching for known
    paths (fixes #8370)
  * (9c7606) ldap_utils: prevent cleaning multiple times
  * (1fc57c) tox.ini: declare /bin/mv in whitelist of commands
  * (b1c0cd) ldap: add tests of the LDAP backend (#8361)
  * (9a047e) ldap: improve support for TLS options (fixes #8360)
  * (0e9f94) ldap: rename get_connection to get_connections, and use it in
    authenticate_block (fixes #8357)
  * (6c97d3) debian: do not overwrite LOGGING setting from hobo (fixes #8339)
  * (6c2665) idp/saml2: prevent silent asserts from producing producing a gettext
    header (fixes #8327)
  * (8f81aa) jenkins: add scripts to merge coverage and junit reports produced by
    pytest
  * (22566d) tox.ini: use pytest to run tests
  * (c2c9cc) .coveragerc: fix omit paths
  * (fa9157) add a .coveragerc to ignore .tox in coverage scan
  * (1ea33f) manager: do not override disabled link styling from gadjo (#8280)
  * (f88377) manager: modify label of link column in user's table (#8280)
  * (cb21b8) manager: modify style on plus and minus buttons for inheriting from
    roles (#8280)
  * (078848) manager: update french translations (#8280)
  * (4b56a1) manager: improve tooltip for disabled links on role members view
    (#8280)
  * (52b802) manager: add non-breakable space to field labels before the colon in
    french translation (#8280)
  * (5fa3da) manager: modify label of inherited roles display (#8280)
  * (75ff4b) fix typo in french translations (#8280)
  * (0e63df) add missing templates (#8180)
  * (13a5c5) update french translation (#8280)
  * (9fe47f) manager: modify ou edit form (#8280)
  * (c1bc52) manager: add direct management of role children and parents on the role
    members page (#8280)
  * (79c7ce) manager: align role's members table on users' table (#8280)
  * (043676) manager: normalize untranslated section names (#8280)
  * (2a7bab) manager: normalize labels and fix appbar for ous and roles (#8280)
  * (7d7535) manager: hide slug field on edit role form (#8280)
  * (feca73) manager: align "add role" link to the right (#8280)
  * (2f46f1) manager: expose more fields of the OrganizationalUnit model (fixes
    #7986)
  * (403f98) manager: hide the role's permissions view (fixes #8130)
  * (326f93) a2_rbac: add view of organizational units to all managers (#8280)
  * (25cb90) manager: improve UI and especially the one for user's roles management
    (#8280)
  * (c5c452) manager: hide users' table ou column when there can be only one (#8280)
  * (999b29) manager: change verbose name of members_counts in roles tables to
    "member count" (#8280)
  * (06e238) manager: remove service column from roles tables (#8141)
  * (60168a) manager: rename roles table name column to "label" (#8280)
  * (bb1cd2) manager: remove dead extra_scripts blocks (#8280)
  * (c08c4a) manager: improve user label in select2 typehead for homonyms (fixes
    #8129)
  * (87a5e5) manager: ignore ordering of terms and columns when searching a user
    (#8280)
  * (225025) manager: factorize the search form template (#8280)
  * (2c74ed) manager: order user table by user name by default (#8280)
  * (55a7ce) manager: reorder columns of the user table (#8280)
  * (83d966) manager: remove date joined column (#8280)
  * (fd3763) manager: replace user table link on uuid by a link on full name (#8280)
  * (a3a09e) manager: align user table columns to the left (but boolean ones)
    (#8280)
  * (bee4a8) manager: remove searching roles by service (#8141)
  * (c902a4) manager: remove dead method in fields.py
  * (54f796) clean git rebase marks (fixes #8284)
  * (95a6b2) remove attribute_aggregator and remnants of authsaml2 (fixes #8276)
  * (8e205a) import firstof from future to get the escaping behaviour (fixes #8277)
  * (8baa70) saml: add migrations linked to change of NAME_ID_FORMATS (#8257)
  * (8895bf) settings: remove useless override of TEST_RUNNER (fixes #8278)
  * (fed464) setup.py: run compile_translations as part of sdist (fixes #8279)
  * (4c8290) saml: the username nid format should fill the NameID with the username
    not the UUID (fixes #8257)
  * (a41c86) add get_saml2_authn_context method to model backends (fixes #8258)
  * (51781c) manager: allow overrding role form class (fixes #8253)
  * (24d253) add a basic OpenLDAP sock/shell backend (fixes #8215)
  * (caa199) templates: show link to manager based on real permissions, not
    user.is_staff (fixes #8214)
  * (3f7a6b) tests: fix test to comply with change in template (#8200)
  * (222a08) middleware: in display_message_and_continue.html template, redirect
    user after 3 seconds (fixes #8200)
  * (7e85f6) views: use DisplayMessageBeforeRedirectMiddleware in logout (fixes
    #8199)
  * (6cbf04) update french translations
  * (8f005b) add a switch-user feature (fixes #8142)
  * (451a11) django_rbac: superusers are always authorized (fixes #8152)
  * (8d1ae2) reduce required version for the six package (fixes #8138)
  * (1cf758) debian: bump python-six dependency to match setup.py (#8138)
  * (aca24b) debian: bump python-six dependency to match setup.py (fixes #8138)
  * (041be8) setup.py: also reduce required version for dnspython and Markdown
  * (8ae5b4) debian: lower required versions for python-dnspython and python-
    markdown
  * (a9bc15) custom_user: set default ordering for User to first name, last name,
    email then username
  * (ba3f05) Order organizational units by default field then by name (fixes #8005)
  * (ab63fc) Connect @update_service_role_ou@ post_save handler for the Service
    model (fixes #8012)
  * (037fb7) saml: fix call to error_page in single logout return page (#8087)
  * (391a05) debian: allow overriding locales from /var/lib/authentic2/locale
  * (5f5072) post_form.html: do not wait for the onload event to submit the form
    (fixes #8029)
  * (6a88fe) Honor OrganizationalUnit.email_is_unique in RegistrationCompletionView
    (fixes #8026)
  * (6e2b49) manager: change accessor of name LinkColumn of role tables (fixes
    #8013)
  * (05c784) custom_user: fix left join query to get user roles and direct
    relationship status (fixes #8030)
  * (863ff0) update minimum dependencies versions
  * (6e9de8) a2_rbac: expose more fields of the OrganizationalUnit model in admin
    (fixes #7886)
  * (0bb880) use a special logger to make DEBUG log activation dynamic (fixes #8028)
  * (dd3587) manager: improve test on user creations (#7861)
  * (7cd145) manager: remove disabledness of the entity field in user creation form
    for superusers (fixes #7861)
  * (1b5a1d) authentic2_idp_cas: accept URL without the trailing slashes to conform
    to the specification (fixes #7822)
  * (8d6b0a) Move check of SAML2 settings in the a2.idp.saml package
  * (a166dc) make tox run tests of new application authentic2_provisionning_ldap
    (#6596)
  * (1f087f) add new application authentic2_provisionning_ldap (fixes #6596)
  * (deac10) utils: add a helper function to convert a dictionnary of list into a
    dictionnary of sets (#6596)
  * (ea1b29) utils: add helper function to lowercase the keys of a dictionnary
    (#6596)
  * (a0068d) utils: add an helper function to cut an iterable as batch iterable of
    fixed sizes (#6596)
  * (9d85cf) attributes_ng: lower level of log to debug when topological sort fails
    (#6596)
  * (66629f) django_rbac: augment timeout for massive role parenting test
  * (3d4e76) manager: do not clobber the json module with the json decorator
  * (63de63) add missing migrations
  * (0d7af4) templates: test if add_to_blocks exist in the renderblock templatetag
    (fixes #7809)
  * (5ed139) api_views: add a user API endpoint (fixes #7806)
  * (a5a58a) manager: use new json decorator on menu_json (#7805)
  * (fdbb3e) add support for CORS request by JSON or JSONP (fixes #7805)
  * (1fd9f5) decorators: add SessionCache decorator to cache function's values in
    session (fixes #7808)
  * (e82c73) decorators: allow cache decorators to vary the key on a subset of args
    or kwargs (fixes #7807)
  * (6e5d15) update translations
  * (9899d2) a2_rbac: do not create management roles for the Service content type
    (fixes #7803)
  * (31a9ac) a2_rbac: move connection of post_migrate_update_rbac in the management
    module (fixes #7802)
  * (e3a7b2) django_rbac: use assertLess to compare timings (#7747)
  * (353690) a2_rbac: initialize management roles with their translated name (fixes
    #7801)
  * (37148e) manager: improve stylesheet for dialog boxes (fixes #7800)
  * (ff649b) manager: improve user's experience when there is 1 OU (fixes #7788)
  * (22dff1) update translations (#7787)
  * (910dfd) a2_rbac: do not create OU management roles when there is less than 2
    OUs (fixes #7793)
  * (553887) a2_rbac: allow limiting permissions of OU managers (fixes #7787)
  * (58c5fe) manager: override the authorize() method in BaseDeleteView (fixes
    #7792)
  * (c22f34) manager: add permission restriction to all service's roles view and all
    role members and administrators views (fixes #7758)
  * (5b4a23) a2_rbac: pep8ness
  * (ff6ca4) a2_rbac: give view user permissions to role administrators (fixes
    #7759)
  * (e7ceee) a2_rbac: allow specifying extra permissions when building an admin role
    (#7759)
  * (113d64) manager: show role's service in the role search field (fixes #7761)
  * (078b4a) Add a warning when using default SAML certificates (fixes #6976)
  * (e24e8e) a2_rbac: fix missing definition of Permission (fixes #7791)
  * (999401) django_rbac: add scope to Permission unicode value (fixes #7799)
  * (f43b75) django_rbac: rename Permission.role related manager to .roles (#7799)
  * (3617c3) django_rbac: add a proper hierarchy between operations (#7799)
  * (c482c5) django_rbac: fix hiding of exceptions by decorator
    defer_update_transitive_closure (fixes #7790)
  * (0b89a8) Fix wrong count in tests update in 918c5d19d
  * (634635) Add missing template (#7741)
  * (918c5d) tests: fix to comply with a9233953 and cd6b32295
  * (2a59a7) update translations
  * (5b0157) update translation (fixes #7750)
  * (7db3c0) utils: in login() store the user last login in session (#7750)
  * (a92339) decorators: when a cache must vary by hostname and hostname is
    unavailable we don't use it (fixes #7749)
  * (8f42fe) utils: add absolute parameter to make_url (fixes #7748)
  * (07836e) manager: improve sizing of select elements (fixes #7745)
  * (07de77) Make XForwardedForMiddleware a new style class (fixes #7746)
  * (cd6b32) Add middleware to show user messages before redirecting to another
    domain (fixes #7741)
  * (3333e0) manager/role_views: fix ou field in RoleAddView and RoleEdit view
    (fixes #7730)
  * (8c82b8) manager: use the new authorize() method in BaseAddView and BaseEditView
    (#7730)
  * (789e5c) manager: add an authorize() method to PermissionMixin  (#7730)
  * (3944bb) django_rbac: use assertLess to compare timings (fixes #7747)
  * (338429) manager: add header and footer to html export, to set the content
    charset (fixes #7735)
  * (8fe21a) manager: improves exports of users and roles (fixes #7751)
  * (d2a057) manager: fix role members export (fixes #7752)
  * (de242f) manager: add empty_text meta option to all tables (fixes #7734)
  * (234702) manager: align m2m add form elements (#7739)
  * (f0cf2d) update translations
  * (c3af8f) debian: import fix of commit 69076a2 into debian_config.py (fixes
    #7699)
  * (ce09d7) Log email change requests and confirmations (fixes #7697)
  * (f6427c) Log password reset confirmations (#7697)
  * (7cc3af) Log password reset requests (#7697)
  * (40fe68) api_views: make the check for email uniqueness on registration case
    insensitive (fixes #7694)
  * (ac0480) sync-metadata: load AttributeConsumingService sections of SAML 2.0
    metadata files (fixes #6847)
  * (713701) sync-metadata: load attribute filters only for service providers
    (#6847)
  * (b5e590) sync-metadata: set a friendly on attribute buit from Shibboleth
    attribute filters (#6847)
  * (fb77c8) sync-metadata: make it compatible with Django 1.7 by using
    authentic2.compat.atomic (#6847)
  * (65571f) django_rbac: remove GlobalCache from get_operation() (fixes #7691)
  * (23ea3b) ldap: do not traceback on TLS error, but report it in the logs (fixes
    #6807)
  * (6c7c4b) Make links of all first table's column in the manager (fixes #7594)
  * (dc34b3) Fix ordering by service in the user's roles table (fixes #7634)
  * (21826a) Show service roles in the role management views (fixes #7662)
  * (b330ec) Remove unused RolesField
  * (33e312) style: do not indent form elements (labels, buttons, selects) (fixes
    #7660)
  * (19b898) Rename role attributes (fixes #7666)
  * (3630bf) Fix generic role attributes (fixes #7595)
  * (103df8) Fix service role attribute source get_attributes()
  * (ed2369) Attach the update_rbac_on_ou_save to subclasses of Service (fixes
    #7647)
  * (66e4d0) NameIDPolicy is optional in AuthnRequest (fixes #7612)
  * (8f5498) update translation (#7625)
  * (a4a001) api_views: check uniqueness of email or username on ou which requires
    it (fixes #7625)
  * (f7596c) update translations (#7625)
  * (25d480) add fields to OrganizationalUnit to check uniqueness of email and
    username (#7625)
  * (ba3c06) Adapt tox commands to work with python 2.7.10
  * (540587) Always recreate tox environment
  * (ba9e8b) update french translation (#6805)
  * (00d4fa) report all password requirements at once on password input (fixes
    #6805)
  * (ce84e0) Save resetted passwords (fixes #7621)
  * (5b3455) manager: give the "add user/role" select2 all the available space
    (fixes #7599)
  * (33abc5) Revert "Do not unconditionnaly dump the NameIDPolicy node as it is
    optional (#7612)"
  * (9ac2a1) Fix PasswordResetView tests (fixes #7617)
  * (aa0b2e) Use a SetPasswordForm using the password validator (fixes #7616)
  * (55941e) Fix typo in translations
  * (95457c) Remove unused template iframe.html
  * (7148da) Fix next URL in the CAS logout view (fixes #7613)
  * (fdce37) Make CAS IdP pass the nonce directly in the continue URL (fixes #7514)
  * (fde8ff) Do not unconditionnaly dump the NameIDPolicy node as it is optional
    (fixes #7612)
  * (a3b5b2) Remove action url in password_reset_confirm.html (fixes #7615)
  * (f69a74) In SAML IdP makes need_login() directly set the nonce parameter in the
    return url (#7614)
  * (073e96) translation: typo fix
  * (88a841) custom_user: rewrite migration 0007 to first initialize last_login to
    date_joined when it is NULL
  * (53af53) If login has a next URL, pass it to the registration page (fixes #7610)
  * (0089c2) If login page has a next URL, pass it to the password reset view
    (#7610)
  * (a98ec3) update french translations (#7610)
  * (154bc9) add templates for password reset emails, include next url in link
    (#7610)
  * (84fe5f) saml: split migration 0013
  * (ea6df0) debian-wheezy: use collectstatic -l
  * (7b2830) manager: use default logout view in base.html
  * (8a4830) saml: prevent creation of duplicate LibertySessionDump (fixes #7559)
  * (671fff) cbv: add a TemplateNamesMixin to allow multiple template names (fixes
    #7592)
  * (61ea61) manager/form.hml: only render messages inside the form element if the
    request is ajax (fixes #7591)
  * (fe958e) manager/views: add SuccessMessageMixin to BaseEditView (fixes #7590)
  * (65a617) forms: replace fields by [] if fields is None (fixes #7584)
  * (846c42) manager: add date joined to user table (fixes #7573)
  * (093766) update french translation
  * (740b9f) Hide the edit profile view if no attribute can be edited (fixes #7593)
  * (35b244) use a private namespace to store jQuery in manager.js (fixes #7598)
  * (934c75) allow plugins to have attribute backends (fixes #7597)
  * (94cc09) attributes_ng/engine.py: use import_module_or_class (#7597)
  * (bec8e2) utils: add the possibility to import a module to import_class (#7597)
  * (492f53) utils: rename get_form_class() to import_class() (#7597)
  * (38dd99) add autoescape=off to all email text templates (fixes #7583)
  * (e56ccc) manager/form.html: support multipart encoding (fixes #7585)
  * (9a9064) manager/fields.py: filter on roles on linked service name (fixes #7545)
  * (c9d4fa) cbv: add RedirectToNextURLViewMixin
  * (9cc366) manager/service_views: add flag to allow service roles in role views
    (fixes #7530)
  * (4ca7d1) saml: review logging calls in common.py for unicode correctness (fixes
    #7527)
  * (76e29e) custom_user/models: restore default value of User.last_login (fixes
    #7525)
  * (963b73) tests: add a PasswordResetTest (#7518)
  * (329ea4) utils: in make_url() do not encode slash characters in query string
    values (#7518)
  * (104774) profile_views: rewrite password reset views as a cbv (#7518)
  * (91c4dd) cbv: add NextURLViewMixin (#7518)
  * (9f06b2) utils: add a status parameter to redirect() (#7518)
  * (c5979d) saml: load public key or certificate into lasso.Server objects (fixes
    #7524)
  * (325b3c) tests: fix choice of credentials in APITest.register_with_user() (fixes
    #7523)
  * (311f5c) tests: in APITest sets override_settings on register_with_user() (fixes
    #7523)
  * (3e371b) debian/init: start after syslog and postgresql (#7547, #7548)
  * (a5fec0) debian/multitenant: init start after postgresql (#7548)
  * (2b05b7) debian/multitenant: init required syslog to be started (#7547)
  * (6de876) attributes_ng/sources: service_roles source does not get inherited
    service roles (fixes #7546)
  * (f841fd) registration: use messages framework to display errors (#7533)
  * (331b1f) settings: set NON_FIELD_ERRORS_KEY setting to __all__
  * (f1acac) api: add password-change api
  * (ead238) tests: pep8ness
  * (dfc548) tests: add non passing test of authorization for registration API
  * (766455) api_views: move ou registration authorization inside the validate()
    method of the serializer
  * (982c19) debian-wheezy/control: add dependencies for api views
  * (3d0549) update french translations (fixes #7363)
  * (eabebf) templates: homogeneize activation email templates (#7363)
  * (0e3bd5) api_views: add a registration API (#7363)
  * (1ae8fd) registration_backend/views: if an ou key is in the token, use it to
    initialize the user ou field (#7363)
  * (543809) registration_backend/views: allow creating user directly from the
    registration token (#7363)
  * (0c7710) setup.py: add markdown to install_requires (#7363)
  * (bb810a) setup.py: add dependency on djangorestframework (#7363)
  * (75d307) utils: add a send_registration_mail method (#7363)
  * (d04c1c) utils: allow multiple template names in send_templated_mail (#7363)
  * (2cb978) django_rbac: give all permissions to superusers, and none to inactive
    users (fixes #7504)
  * (1d0ae2) django_rbac: add an .has_ou_perm() method to check if an user has a
    permission in a specific ou (#7363)
  * (dab5d2) a2_rbac: fix default slug for the default organizational unit (fixes
    #7503)
  * (4f16af) manager: use new breadcrumb block from gadjo (#7493)
  * (17799d) manager: adapt tests to new icon class names (#7490)
  * (dc3abb) manager: adapt to new icon class names from gadjo (#7490)
  * (7c9c0e) views: make redirection to A2_HOMEPAGE_URL transient
  * (09c263) locale: fix translation of « Resetting password »
  * (66b31f) Merge tag 'v2.1.20'
  * (8241a1) manager/app_settings: remove LOGOUT_URL setting (refs #7476)
  * (b25b41) remove settings.py
  * (1aa08b) manager/css: set display style of is_superuser field label as inline
    (fixes #7477)
  * (ea3967) manager/views: move conditional adding of the is_superuser field in
    UserEditView and UserAddView (fixes #7477)
  * (176a5e) manager/views: remove ManagerMixin, as the logout URL is hardcoded in
    the template now (fixes #7476)
  * (fa7fe0) registration_backend/views: remove next_url parameter to the delete
    account view (fixes #7475)
  * (f96ab6) views: keep ordering of authentication frontends when building the
    login forms (fixes #7474)
  * (0091f6) manager: allow setting a different homepage for the manager (fixes
    #7463)
  * (58078a) Rewrite some logging calls to be sure that arguments are unicode or
    ASCII strings (fixes #7447)
  * (d155ec) django_rbac: returns only ascii in AbstractBase.__repr__
  * (c8d2e0) debian: fix collected static files directory path in nginx-example.com
  * (d814be) templates: set "Authentic2 - <hostname>" as default title
  * (53a7ce) fix displaying custom user attributes in forms (#7386)
  * (fd396a) tests: user edit profile attributes.
  * (326efc) auth2_ssl: SSL backend import fix
  * (720b0a) manager/templates: replace unicode(user) by user.get_full_name() in
    header
  * (6a1146) manager: extend gadjo extrascripts block (#7442)
  * (3f6e12) manager/templates: fix tooltip on delete organizational unit delete
    button
  * (b2bf91) manager: set authentic2 homepage as homepage of the manager if
    manager_homepage_url is not defined
  * (f6c0cc) templates: rename idp/homepage.html to authentic2/homepage.html
  * (8dda50) idp/saml: convert the authorization refusal message to unicode before
    logging it, and set it on the SAML responses as the StatusMessage
  * (3fe736) saml/common.py: allow setting a statusMessage on SAML responses using
    set_saml2_response_responder_status_code()
  * (656143) utils: fix deletion of authentication events by
    find_authentication_event()
  * (44d743) tests: adapt to new behaviour in the JSON serializer
  * (3581f6) a2_rbac/management: during migrate only update administrative role of
    ou lacking an admin permission
  * (3e2468) a2_rbac/management.py: log updating actions in update_ous_admin_roles()
    to show that things are moving forward during a migrate
  * (b6876f) a2_rbac/management: do not list content types in
    update_ou_admin_roles()
  * (f3279f) a2_rbac/signal_handlers: improve performance of
    post_migrate_update_rbac
  * (00d668) django_rbac: implement a context manager to defer running the
    update_transitive_closure() when working on roles relations
  * (5729d8) utils: use make_url() and settings.LOGIN_REDIRECT_URL in
    get_registration_url()
  * (8c7df5) templates/authentic2/base.html: declare renderblock outside of the
    extra_scripts block
  * (d32428) forms: customize forms for all subclasses of the User model
  * (7b72fc) settings: set USE_TZ to True
  * (da08c5) a2_rbac: improve creation of administrative roles
  * (b1f51e) django_rbac/utils.py: cache result of get_operation
  * (bded56) decorators: add a GlobalCache decorator
  * (e941b3) auth_frontends: build next URL passed to registration by adding the
    nonce
  * (898acc) a2_rbac: use a private namespace for administrative role's slugs
  * (993eca) setup.py: django-select2 proper name is Django-Select2
  * (8cbac5) manager/views: allow Action object to have a full URL instead of an
    url_name
  * (cf08d1) manager/templates: allow user of form.html to place content before and
    after fields
  * (4294b1) manager/forms.py: do not override ou field class if it's not in the
    form
  * (151f43) 403.html: make it translatable, add button to go back to homepage
  * (f0df8c) attributes_ng/django_user: add user's roles names, slugs and uuids to
    Django user attribute source
  * (53113d) update french translations
  * (56c5f2) manager: finish service roles views, improve form display (#5541)
  * (6786b2) forms: if not form class is given to modelform_factory() on User model,
    user BaseUserForm (fixes #7391)
  * (1db336) models: make Service.ou not mandatory
  * (b245cd) templates: update 404/500 error templates to use authentic2/base-
    page.html
  * (9bd13a) templates: add an intermediary template, for easier theming (#7409)
  * (ee596b) templates: change root template to be authentic2/base.html
  * (998ece) manager: add menu.json entry point (#7366)
  * (ea9adc) edit profile page title fix
  * (af848e) migrations: do not run CreatePartialIndexes if router.allow_migrate()
    is False (fixes #7392)
  * (81922b) debian-wheezy: advance dependencies on django-tables2 and django-
    import-export
  * (eda129) custom_user: add missing migration (fixes #7150)
  * (64b870) tox.ini: remove install command customization
  * (0d84e3) migrations: do not create partial indexes on sqlite < 3.8 (fixes #7380)
  * (293ff3) Django 1.8 compatibility (again, fixes #7150)
  * (a8ee65) Django 1.8 compatibility (fixes #7150)
  * (a753ba) setup.py: raise requirement on django-tables to >1.0 for Django 1.7 and
    1.8 support (#7150)
  * (a4a0cf) tests: remove debugging print statements
  * (cec723) manager: start implementing service management views (#5541)
  * (2306aa) manager: fix breadcrumb and page title in organizational unit listing
    view (fixes #7362)
  * (702d4f) manager/role_views: fix duplicate implementation of form_valid() in
    RoleManagersView (fixes #7361)
  * (8c7691) manager: improve linking from rows in table.html (fixes #7360)
  * (bc1cfc) manager.js: support rel="popup" on button elements (fixes #7359)
  * (f19373) forms: set a default base model for forms built with modelform_factory
    (fixes #7358)
  * (22a1d5) a2_rbac: add a related_name to Role.service foreign key (#5541)
  * (71be94) managers: make ServiceManager an InheritanceQuerySetMixin and usable by
    related fields (#5541)
  * (996b97) models,a2_rbac/models: add partial indexes on models linked to ou or
    services (fixes #7357)
  * (0423a0) decorators: add errorcollector() decorator, to help in creating clean()
    methods
  * (446a7b) a2_rbac/signal_handlers: add missing .objects accessor (fixes #7353)
  * (b96ece) models,managers: add a ServiceManager as default manager for Service
    (#5541)
  * (a49461) registration_backend/views: set the required flag on admin defined
    fields (#7364)
  * (74c8d7) manager: call super clean method in UserAddForm.clean (fixes #7342)
  * (005dc3) templates: set administration link on homepage to the new manager
  * (7cedcd) manager: do not protect with login_required "js i18n catalog" and
    django-select2 views
  * (ed6b04) manager: wording&update french translations (fixes #7335)
  * (cba59b) custom_user: migration for User.ou verbose_name modification
  * (1bac9c) manager: improve users management views
  * (265442) custom_user: remove clean() check on the presence of an ou
  * (88d797) custom_user: add User.roles_and_parents() method (#7339)
  * (2a11a6) manager: use Role.is_direct() instead of Role.direct field (#7339)
  * (19c2a9) django_rbac: add a Role.is_direct() method, to interpret annotations
    put by .children() and .parents() methods (#7339)
  * (68ab47) backends/models_backend: remove now useless ProxyUserModel
  * (d9d054) manager/css: truncate uuid column using CSS instead of doing it server
    side
  * (a44c2e) manager: remove group management
  * (913e3a) sync-metadata: fix verbosity check (#7318)
  * (b46b09) manager/tests: fix typo (#7316)
  * (754901) manager/tests: modify test case since roles from the global level are
    seen
  * (835169) manager: display administrative role of organizational units in
    RolesView
  * (06ccd3) a2_rbac: forbid removing the default flag on organizational unit
  * (a0a0ef) a2_rbac: order organizational units by name
  * (58ed62) django_rbac: the aggregate function max(boolean) does not exist on
    postgres, only sqlite
  * (fb7457) saml2_endpoints: initialize saml:Attribute node even if there is no
    values for it
  * (c66945) saml2_endpoints: fix initialization of attributes dictionnary from
    existing SAML attributes
  * (c6600c) manager: pep8ness improvements
  * (e4fcb8) admin: add ou field to AddLibertyProviderFromUrlForm
  * (55e8f2) manager/templates: unbreak display condition of pagination links
  * (a16170) manager: simplify RoleTable.name and fix ordering for RoleTable.service
  * (7e8f76) admin: integrate RBAC changes in model admin classes
  * (485903) manager: return 404 if the export format is unknown
  * (6d6f55) manager: unbreak export views
  * (d842b6) manager: improve SQL performance of RolesView using select_related()
  * (d10f82) models: set verbose_name of ou field on Service and User models
  * (a6490c) authentic2_idp_cas: Service.clean must call its parent method
  * (c920b5) admin: fix password change link
  * (f6a46c) a2_rbac: add external_id field to Role object
  * (da2a39) README: --dependency-links is no more required for django-tables2
  * (5f4d47) remove false example settings.py
  * (056ae2) signal_handlers: do not execute post_migrate signals if allow_migrate
    returns False
  * (a86346) manager: fix typo
  * (238f68) manager: fix permission checking in UserAdd and UserEdit views
  * (f3e989) manager: in PermissionMixin fix name of the add permission
  * (c7bad2) manager: finish fixing permission checking in role members and role
    children templates
  * (1918c1) manager: returns 404 when accessing the role managers page of an admin
    role
  * (9a63ad) managers: hide role managers link for admin roles
  * (09abfa) MANIFEST.in: distribute localization for custom_user, django_rbac and
    a2_rbac
  * (5a485a) update french translation
  * (7e7e99) manager: add tests
  * (25ad91) manager: rewrite manager using RBAC for authorization and limiting view
    of models
  * (8d6a4b) tox.ini: run tests for RBAC and CAS idp
  * (7a6bb2) idp/saml: add simple sso test (fixes #7116)
  * (fc4332) attributes_ng: add new source of role attributes for services
  * (c9915b) a2_rbac: integrate django_rbac in authentic2
  * (e9b72a) utils: add get_fk_model to retrieve related model
  * (c030a4) django_rbac: add an RBAC engine (#6994)
  * (d65195) custom_user: add new permission on groups, change_permissions_group
  * (152f1a) custom_user: add view permission to user and group model
  * (3e21d4) custom_user: override default changepassword
  * (d29f03) custom_user: email is a better username than full name
  * (cedb8d) views: fix cancel action on login (fixes #7042)
  * (24f395) saml: when looking for the NameID formats identifier only check the
    authorized ones (fixes #7118)
  * (c056a3) jenkins.sh: link to system lasso library
  * (238c28) tox.ini: add csselect dependency for test on html contents
  * (cc99b6) tox.ini: prepare environment for testing on Django 1.8 (#7150)
  * (a4453c) tox.ini: add lxml to dependencies of tox environment (#7116)
  * (298fab) idp/saml2: add name to endpoints (#7116)
  * (faffde) tests: do not ignore blank parameters when comparing query strings
    (#7116)
  * (37f163) tests: add special value '*' to match any parameter in assertEqualsURL
    (#7116)
  * (d3a33e) registration: use BaseUserForm as base class for the
    RegistrationCompletionForm
  * (8712f8) admin: use BaseUserForm as bases classes for user model forms
  * (9955c4) forms: do not force BaseUserForm upon user model forms if another base
    form is given
  * (7141a9) forms: fix modelform_factory for non-user models
  * (2133b1) passwords: add a function to generate password
  * (44d27f) utils: add a send templated mail function
  * (69076a) settings.py: make a special handler for DB logs as the request_context
    filter could create infinite loops
  * (f84343) debian: remove config.d as a way of configuring authentic2
  * (f08e9b) authentic2_idp_cas: fix namespace of attributes element
  * (a3c511) tests: refactor assertEqualXML into assertXPathConstraints
  * (38c9e1) idp/saml: allow attributes to contain sets
  * (43270b) auth_migrations: prevent collision with related names
  * (e9a64a) tests: complete attribute kinds tests
  * (6b1977) custom_user: fix initial migration
  * (5ae756) setup.py: allow Django 1.8
  * (668158) templates: replace use of sekizai by our own template tags
  * (0c991f) saml: fix grammatical error in french translation
  * (e31e3f) authentic_idp_cas/views: fix utf-8 encoding name (fixes #7204)
  * (82a653) attribute_kinds: fix title choices (#7191)
  * (554912) debian-wheezy/control: depends on python-django >= 1.7.6
  * (a26e81) debian-wheezy/control: python-authentic2 depends on Django >= 1.7.6
  * (4b7208) authentic2-multitenant.init: we need to set a shell for su commands
    (#7072)
  * (471f9e) authentic2-multitenant.init: render gunicorn workers configurable
  * (4f7982) debian multitenant: rewrite nginx-example and put it to the right place
  * (505a7a) multitenant: rewrite default configuration file (#7199)
  * (a64a3c) attribute_kinds: add person title (fixes #7191)
  * (167db8) attribute_kinds: compute attribute kinds dictionnary on demand (fixes
    #7188)
  * (8b8950) authenic2-multitenant: depends on django-tenant-schemas >= 1.5.2.1
  * (907cdd) debian: python-authentic2 depends on python-django-select2 >= 4.3.0
  * (1aa5f1) Merge tag 'v2.1.19'
  * (cab716) debian-wheezy: rename collected-static to collectstatic
  * (65bdfa) tests: in test_registration check creation and automatic login of the
    new user
  * (06c8e6) registration_backend: set the password of the new user before saving it
    (fixes #7098)
  * (f342b7) registration_backend: fix unmodified calls to redirect() (fixes #7097)
  * (0219d2) views: fix typo in login_password_profile (fixes #7094)
  * (bdce39) user_login_failure: pass identifier to smart_bytes() for computing its
    md5 hash (#7089)
  * (409847) Remove south_migrations as only Django 1.7 is supported now (bis)
    (#7043)
  * (0a8377) debian: add a reload action to authentic2-multitenant init script
    (fixes #7078)
  * (5d6738) Merge tag 'v2.1.17'
  * (876863) setup.py: remove dependency link on django-select2, require 4.3.1
  * (76858b) Merge branch 'release-2.1.16'
  * (0d275d) attributes_ng: fix django_user source, username can be NULL now (fixes
    #7064)
  * (f20b18) Remove south_migrations as only Django 1.7 is supported now (fixes
    #7043)
  * (8453e2) fix appconfig path
  * (4c69ae) fix declaration of authentic2 appconfig class
  * (bac19e) tox.ini: cutomize the install_command to process dependency_links in
    setup.py
  * (e7a1fe) admin: improve user admin view for the new custom user model
  * (8a08f2) manager: fix integration of django-select2 in template, use template
    tag to load django-select2 staticfiles
  * (f5fa6c) setup.py: add a dependency link for django-select2 as the current
    release (4.2.2) is incompatible with Django 1.7
  * (f498d0) manager: change label of user edit form's groups field
  * (355332) manager: set groups as part of user edit form fields
  * (975e34) manager: show uuid in user edition form
  * (118d90) manager: add uuid to user table's columns
  * (cb463c) manager: use get_full_name instead of username in role removal
    confirmation dialog
  * (9f025d) manager: update french translation (fixes #7011)
  * (dca1e5) manager: improve confirmation dialog message when removing an user from
    a role (#7011)
  * (b1e2c2) saml: explode migration into two migrations to separate data from
    schema migrations (bis)
  * (0ee3a4) Merge branch 'release-2.1.15'
  * (4f5a24) saml: explode migration into two migrations to separate data from
    schema migrations
  * (fe7bf3) debian-wheezy: add pydist-overrides
  * (19151a) Merge branch 'release-2.1.15'
  * (f92788) Merge remote-tracking branch 'origin/release-2.1.14'
  * (57d635) setup.py: bump minimal Django version to 1.7.6 (fixes #7025)
  * (60ea66) Revert "debian-wheezy: add custom_user app to the SHARED_APPS setting
    in the multitenant settings (#7018)"
  * (3beb58) debian-wheezy: add custom_user app to the SHARED_APPS setting in the
    multitenant settings (#7018)
  * (12c404) saml: improve migration 0007, continue even if old and new primary keys
    overlap
  * (469388) authentic2-multitenant.postinst: fixes secret_key access
  * (e2cb28) debian authentic2-multitenant: generate secret key
  * (5a27b1) manager: return user to manager home page after password change (fixex
    #7014)
  * (775a46) manager: update french translation (fixes #6690)
  * (c1610c) manager: add a link to the manager homepage even if
    manager_homepage_url is defined (#6690)
  * (83619b) decorators: add a cache decorator using the Django cache framework
    (fixes #7012)
  * (52b7b6) decorators: make the cache decorator vary by hostname (fixes #7013)
  * (ae937e) debian: use debian_config_common.py from hobo (#7010)
  * (89dacf) registration: fix redirect when posting on the registration completion
    view and email is already used (fixes #6971)
  * (b3da3a) utils: remove our copy of django.shortcuts.resolve_url (fixes #6970)
  * (015704) Update french translations (#6969)
  * (b307ba) saml: migrate liberty provider model to use authentic2.Service as a
    base model (fixes #6969)
  * (98d68b) Update french translations (#6968)
  * (3b26d1) CAS: migrate service model to use authentic2.Service as a base class
    (fixes #6968)
  * (385b7f) auth_migrations: make the last migration run after first migrations in
    app depending from the user model (fixes #6967)
  * (27ab07) Update french translations (#6958)
  * (095c03) Create a new Service model, as a base model for all Service models
    (fixes #6958)
  * (dc86e7) settings: do not set handlers in django.db and django_select2 domains,
    they would be sent to the console twice (fixes #6966)
  * (65530b) attributes_aggregator/ldifs: remove all translations markers from
    parsed schemas (fixes #6965)
  * (7642c9) Remove requirements.txt
  * (af5af8) doc: update required django version in README file
  * (e4288d) trivial: update required django version in requirements.txt
  * (87bd2e) provide Django 1.7 migrations for django-admin-tools third party app
    (fixes #6956)
  * (25f5af) app_settings: make all list settings immutable by using tuples (fixes
    #6955)
  * (700fc9) Refactor all model forms on the User model (fixes #6950)
  * (96500d) Create a custom user model (fixes #6919)
  * (f3e8c8) admin: remove group member editing through the group change form (fixes
    #6951)
  * (018289) admin.py: fix wrong next parameter building in login and logout view
    (fixes #6952)
  * (e450be) tests: fix error message on bad email in registration tests
  * (db2009) cas/forms.py: fix deprecation warning by adding a `fields` attribute to
    the Meta class (fixes #6953)
  * (03d479) manager: fix logout on users and roles pages (fixes #6954)
  * (01d6a0) Remove support for Django < 1.7 (#6919)
  * (89d9de) registration: fix activation url in the HTML part of activation email
    (#6935)
  * (fa1b3a) jenkins: only pylint src/authentic2 for now
  * (cf76bb) jenkins: update pylint to look in src/
  * (23fdbb) jenkins: update to pylint 1.4.0
  * (c3bdfd) produce a coverage report when running tests (#6934)
  * (2f9ba8) registration_backend/forms.py: fix passing of the HTML template to the
    send_mail function
  * (cae8db) Change default logging configuration (fixes #6922)
  * (d4aa33) Set a request id on all requests (#6922)
  * (e35acb) Add a XForwardedForMiddleware middleware (#6922)
  * (4932c0) idp/saml/backend.py: refactor logging
  * (96d882) views.py: log a message on logout
  * (9d75ed) utils.py: log a message on login
  * (4c97f2) forms.py: change NextUrlFormMixin's field "next_url" to be optional
    (fixes #6917)
  * (a8cdd1) adapt debian_config.py to match new TENANT_SETTINGS_LOADERS name
    (#6836)
  * (434e3e) saml: use get_or_create() in save_key_values (fixes #6883)
  * (bb1788) idp/saml: collapse attribute values (fixes #6378)
  * (d8facb) Add 'debian-wheezy/' from commit
    '6fa4a2fc2f13d00d403aea596bd695c3d24dfb9a'
  * (6ceeff) idp/saml: collapse attribute values (fixes #6378)
  * (034e55) Add a merge migration to the saml application
  * (8d8edc) Modify federation storage so that we can store federation relative to
    the provider model (fixes #5530)
  * (ed8ba6) override default migrations for django.contrib.auth in order to resize
    the username end email fields (#6633)
  * (eaa6e2) validators: verify that email's domain idna encoding succeed before
    validating it (#6800)
  * (d3f4aa) missing attribute_kinds import fix (#6857)
  * (8a285a) Fix typo in get_sp_options_policy_default() (fixes #6858)
  * (0280ff) accounts: use Django naming for password related views, keep previous
    name for retrocompatibility with already deployed themes (#6851)
  * (77813c) attribute_aggregator: fix oid for eduOrg attributes
  * (db0f5a) manager: rewrite action_password_reset to work with Django 1.7
  * (6fa4a2) Add --noinput when calling migrate
  * (2caa66) Fix handling of the SENTRY_DSN environment variable
  * (b97335) remove dead imports
  * (94868b) Merge branch 'release-2.1.13'
  * (3cdad4) Remove last remaining version symbols, and update setup.py in pluygin
    example (finished #6675)
  * (f73c56) Unset choices on Attribute.kind, only set choices in model forms
  * (f89faf) saml: add index on boolean field to improve performance of service
    listing on homepage and profile page
  * (5f8bf2) README: change version number of first Django 1.7 supporting release
  * (5a016d) Optimize queries in SamlBackend.service_list()
  * (699b03) In get_sp_options_policy() and get_idp_options_policy() cache query for
    default and all queries
  * (66660a) Add decorator to cache function results in request
  * (4b463e) debian/authentic2.init: rename $CTL to $MANAGE_SCRIPT
  * (b6babc) Revert "debian: support mono tenant hobo agent"
  * (1e86f0) Make UserEditForm of the manager handle custom attributes (fixes #6766)
  * (1590f6) Work around regression with model forms when a non-model form is passed
    to modelform_factory by the django.contrib.admin (refs #6766)
  * (a8f65f) use python-request instead of pycurl or M2Crypto (#6540)
  * (7ded8b) attribute_kinds: since Django 1.7 allow_lazy() seems to need an
    explicit return value type
  * (a641de) README: add warning about upgrading before 2.1.13
  * (4bd749) multitenant: update packaging to new hobo.multitenant middleware
    (#6749)
  * (334409) control: depends on django >= 1.7 and remove south dependency
  * (efbee3) setup.py: remove south from requirements
  * (f34ac2) django 1.7 is now mandatory
  * (34cde6) tests: do no launch test from django apps, they are not made for this
  * (60f22b) add Django 1.7 migrations
  * (1e22d2) cas: convert lambda to normal function to help makemigrations
  * (280171) debian: support mono tenant hobo agent
  * (15e2fe) authentic2-multitenant.postinst: don't load debconf
  * (1e4074) authentic2-multitenant: fix permissions on collected-static
  * (21c52b) add missing #DEBHELPER# codes
  * (af586e) Pootle is not my name
  * (a6b82d) multitenant: add hobo.middleware.context.TemplateVarsMiddleware
  * (01112e) manage script renamed
  * (9ca14d) multitenant: manage script doing schemas migrations updated
  * (2bfa02) multitenant: template and locale paths point to multitenant dir
  * (fc85f1) multitenant: static files collecting on initialization (#6562)
  * (b3be6b) multitenant: packaging refactored according to our packagind guide
  * (82cd8d) django-admin-tools dependency updated
  * (0ad9c6) authentic2-multitenant: migrate_schemas command restored
  * (6e54f9) authentic2-multitenant: runs with version 1.7 or higher of django
  * (f8acf0) authentic2-multitenant: init script fix
  * (3702ea) authentic2-multitenant: package config updated to use hobo instead of
    djommon
  * (53de41) Remove initialization of a cache directory
  * (517c0b) Adapt init scripts for django >= 1.7
  * (cec10a) Chown /var/lib/authentic2 to authentic
  * (419b18) Remove django-registration from explicit dependencies
  * (a6038c) Adapt to rename of the README file
  * (bc2f8e) Update dependencies
  * (05354d) Add a custom value for ADMINS for Debian
  * (e4f794) Add a custom logging configuration for Debian
  * (aecf2f) Warn if DEFAULT_FROM_EMAIL has not been changed
  * (5235b0) Adapt to rename of DJANGO_CONFIG_FILE environment variable
  * (8d877e) Synchronize with LDAP directories every hour
  * (128656) multitenant package fixes
  * (d96ba4) convert settings as lists to tuples
  * (1e4309) sample config filename fixed
  * (a7d766) Multitenant package
  * (df6542) Use `basename $DAEMON` to pass as the name argument to start-stop-
    daemon
  * (b9c0a6) Change the name variable to make reload work
  * (9d4d16) Export the DJANGO_CONFIG_FILE in the init file
  * (e9fe99) Make sure INSTALLED_APPS is a tuple before modifying it
  * (93ec53) Move away from configuration based on environment variables
  * (a67743) control: authentic2 always depends on the last python-authentic2
    version
  * (90806e) debian/authentic2.init: don't use symlinks on collectstatic
  * (bc4ced) debian/authentic2.init: render BIND option fully configurable in
    default file
  * (384130) Add python-django-import-export to dependencies
  * (67e493) Add python-django-tables2 dependency
  * (0d0b45) Add python-gadjo to dependencies
  * (f542dd) cron.hourly script needs a shebang
  * (70051e) debian: add a cron.hourly file
  * (6ff0ea) rules: restore dh_install override
  * (12f311) authentic2.init: add missing variable $CTL
  * (92a269) debian: add manage command, do collectstatic on all starts
  * (843baa) authentic.conf: authentic use SENTRY_DSN and not RAVEN_CONFIG_DSN
  * (383412) authentic.postinst: generate key material at install
  * (a55d85) debian/authentic2.init: fix missing end of case
  * (ead37d) debian/authentic2.init: activate reload command
  * (b19c61) debian/authentic2.dirs: add /var/lib/authentic2/templates
  * (060060) create directory /var/cache/authentic2
  * (73fa09) add python-dnspython to dependencies
  * (3918df) control: depends on python-django-registration >= 1.0
  * (906674) authentic2.init: create cache directory
  * (351fab) postinst: stop linking static file
  * (2d95c6) authentic.conf : USE_MEMCACHED instead of USE_MEMCACHE
  * (261f81) authentic.conf: add option USE_MEMCACHE
  * (3e6f22) debian/authentic2.init: fix wrong user and group for the /var/run dir
  * (811595) debian: disable debconf when it's useless
  * (065a7f) authentic2.postinst: add debhelper tag
  * (5ef3e2) control: force python-django < 1.6
  * (234cfb) init: improving migrations management
  * (0e0026) authentic2.postinst: creating file if NOT exist
  * (9d460d) authentic2.postinst: set NAME variable
  * (138ecb) authentic2.postinst: fix syntax error
  * (302201) automatically generete Django SECRET KEY
  * (9bed36) Cleaning configuration file
  * (134f2b) debian: add RAVEN_CONFIG_DSN option
  * (481d85) init: apply sql migrations before start
  * (91fb37) control: change maintainer and improve dependencies
  * (995cd7) Debconf doesn't like message on stdout
  * (9cc902) activate full debugging
  * (236a41) Move config files into folders
  * (a13d78) authentic2.postrm: purge everething about configdb
  * (adf7e2) purge /etc/dbconfig-common/authentic2.conf
  * (448f26) authentic2.postinst: remove amue
  * (2c4978) dbconfig: restart from amue configuration
  * (cf8060) dbconfig: use generic sourcing not only psql
  * (0d5254) enable debconf and dbc debug
  * (8aede5) authentic2.config: set a default username and database
  * (13de53) authentic2.postinst: fix permissions
  * (769f7b) Improve dbconfig support
  * (4ddc2b) authentic2.postrm: uninstall db conf
  * (633a3d) authentic.conf: test if db.con exists
  * (d62dc8) authentic2.postrm: fix
  * (2ce4c0) authentic2: improve purge
  * (d1fb9f) depends on dbconfig-common
  * (913702) authentic2.config: add dbconfig configuration
  * (a039b9) authentic2.init: another try to fix EXTRA_CONFIG
  * (bddebe) authentic2.postinst: create database latter
  * (79a0aa) init: fix init
  * (ebbd51) authentic2.dirs: add /etc/authentic2/config.d
  * (ef03e3) switches to dbconfig, update configurations and dependencies
  * (5af962) authentic2: fix postinst
  * (387a7e) authentic2.init: allow extra configuration files, allowing other
    packages to add configuration to authentic
  * (4ac823) debian/authentic2.postinst: migrate when doing --syncdb
  * (350766) debian/authentic2.postinst: fix AUTHENTIC_HOME variable
  * (63e8e5) debian/authentic2.init: fix descriptions fields
  * (c640ca) debian/authentic2-ctl: use sudo when possible
  * (e83621) debian/authentic2-ctl: use "$@" not $* to expand arguments
  * (30015a) debian: use source format 3.0 quilt
  * (544b3a) debian: remove now useless git dependency
  * (43a967) Update to last master commit
  * (b22d72) Update to last master commit
  * (871534) Update to last master commit
  * (5f287c) Update to last master commit
  * (bfcae2) debian: update to last master commit
  * (1d416d) debian: update configurations (apache and authentic)
  * (075896) debain: complete apache example and config file
  * (604557) adding debian/python-authentic2.dirs file
  * (dd7d66) debian: move manage.py to /usr/lib/authentic2
  * (517a93) debian; replace ENGINE by DATABASE_ENGINE
  * (de259a) debian: depends on south 0.7 or 0.8
  * (0f937e) debian: split package into two packages and cleaning debian folder
  * (68e7b0) debian: update to last upstream commit
  * (26a50d) debian: fix postinst
  * (d8a64d) debian: add adduser dependency
  * (70ba77) debian: initial import
  * (4df402) manage: remove dead sys.path manipulations
  * (1c1e59) settings: take main settings from environment
  * (6bf401) ctl: add dev settings and use them for the control script
  * (19133d) settings: fix prod settings
  * (367b32) rename manage.py to authentic2-ctl
  * (bfc777) Merge branch 'master' of repos.entrouvert.org:authentic
  * (0a3eae) Merge remote-tracking branch 'remotes/origin/attribute-mgmt'
  * (1159aa) Merge branch 'master' into attribute-mgmt
  * (94f2b1) Merge branch 'profile'
  * (35d837) Merge branch 'idp-cas'
  * (522f9c) Merge branch 'master' of repos.entrouvert.org:authentic
  * (f6b4dd) Merge branch 'master' of git@dev.entrouvert.org:authentic
  * (81b6ee) Merge branch 'master' of repos.entrouvert.org:authentic
  * (984e01) Merge branch 'master' of repos.entrouvert.org:authentic
  * (471036) Merge branch 'oath'
  * (8bb694) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (7fb2b2) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (504b4d) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (67aa60) Merge branch 'master' of
    ssh://dev.entrouvert.org:10322/var/git/authentic
  * (b1fec4) Merge branch 'master' of
    ssh://dev.entrouvert.org:10322/var/git/authentic
  * (351497) Initial import

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 10 Apr 2018 09:49:18 +0200

authentic2 (2.1.20) trixie-eobuilder; urgency=low

  * (1086a2) admin: import flatten_fieldsets() from django.contrib.admin.util for
    pre Django 1.7 compatibility
  * (4c1b2b) templates: replace use of sekizai by our own template tags
  * (9550fe) saml: fix grammatical error in french translation
  * (d2c6d4) fix_user_model: delay formatting of username field's help_text (fixes
    #7123)

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 26 May 2015 16:22:00 +0200

authentic2 (2.1.19) trixie-eobuilder; urgency=low

  * (e7feee) debian-wheezy: rename collected-static to collectstatic
  * (695dbd) debian authentic2-multitenant: generate secret key

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 30 Apr 2015 11:46:25 +0200

authentic2 (2.1.18) trixie-eobuilder; urgency=low

  * (848487) debian-wheezy: import multitenant/debian_config.py from master to use
    hobo's debian_config_common.py
  * (3237a9) registration_backend/forms: if username is part of the registration,
    check its uniqueness
  * (0aa54d) registration_backend/forms: do not overwrite the username if it's a
    field of the form

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 30 Apr 2015 10:32:00 +0200

authentic2 (2.1.17) trixie-eobuilder; urgency=low

  * (246843) attribute_kinds: since Django 1.7 allow_lazy() seems to need an
    explicit return value type
  * (d0a691) use python-request instead of pycurl or M2Crypto (#6540)

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 29 Apr 2015 10:14:50 +0200

authentic2 (2.1.16) trixie-eobuilder; urgency=low

  * (0bea1f) manager: update french translation (fixes #7011)
  * (3a03f5) manager: improve confirmation dialog message when removing an user from
    a role (#7011)
  * (d20a7c) Work around regression with model forms when a non-model form is passed
    to modelform_factory by the django.contrib.admin (refs #6766)

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 24 Apr 2015 18:02:13 +0200

authentic2 (2.1.15) trixie-eobuilder; urgency=low

  * (bd6c95) debian-wheezy: add pydist-overrides
  * (06fe6b) accounts: use Django naming for password related views, keep previous
    name for retrocompatibility with already deployed themes (#6851)
  * (5232d1) views: in logout() show the intermediate page when next_url is not the
    default next URL (fixes #7031)
  * (d550f4) manager: fix permission names in view restrictions (fixes #7030)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 23 Apr 2015 13:16:58 +0200

authentic2 (2.1.14) trixie-eobuilder; urgency=low

  * (1f0650) Add --noinput when calling migrate
  * (3504b3) adapt debian_config.py to match new TENANT_SETTINGS_LOADERS name
    (#6836)
  * (538ea4) forms.py: change NextUrlFormMixin's field "next_url" to be optional
    (fixes #6917)
  * (10e38a) validators: verify that email's domain idna encoding succeed before
    validating it (#6800)
  * (9fc5a6) manager: fix logout on users and roles pages (fixes #6954)
  * (181025) admin: remove group member editing through the group change form (fixes
    #6951)
  * (83d839) registration_backend/forms.py: fix passing of the HTML template to the
    send_mail function
  * (c8e10d) Change default logging configuration (fixes #6922)
  * (59f536) Set a request id on all requests (#6922)
  * (4f3359) Add a XForwardedForMiddleware middleware (#6922)
  * (e867d7) idp/saml/backend.py: refactor logging
  * (7289e4) views.py: log a message on logout
  * (3ce559) utils.py: log a message on login
  * (649103) saml: use get_or_create() in save_key_values (fixes #6883)
  * (5d6723) attribute_aggregator: fix oid for eduOrg attributes
  * (3b604e) Fix typo in get_sp_options_policy_default() (fixes #6858)
  * (45b82c) Add debian directory from 2.1.13 release

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 17 Apr 2015 14:31:50 +0200

authentic2 (2.1.13) trixie-eobuilder; urgency=low

  * (dc3e09) Prepare release 2.1.13
  * (2d8fbd) ldap: update block saved in LDAP users objects with default values
    (#6784)
  * (22d382) Optimize queries in SamlBackend.service_list()
  * (96ab51) In get_sp_options_policy() and get_idp_options_policy() cache query for
    default and all queries
  * (d69eec) Add decorator to cache function results in request

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 23 Mar 2015 17:25:46 +0100

authentic2 (2.1.12) trixie-eobuilder; urgency=low

  * (9b2361) Fix missing distribution of locales and tempaltes for
    authentic2_idp_cas
  * (e878ad) Prepare release 2.1.12
  * (dba9e5) Generate version only from git tags
  * (e30917) Reorder migrations of the saml application
  * (dc70e9) ldap: fix logging call
  * (7a9423) Do not pass homepage url through settings, use variables set in the
    template context by a template context processor (refs #6690)
  * (f41a12) login label updated when email authentication enabled (6669)
  * (6b9606) Support variable MANAGER_HOMEPAGE_URL and MANAGER_HOMEPAGE_TILE for the
    first element of the manager breadcrumb (fixes #6690)
  * (c38ee5) Add created filed to SamlKeyValue to permit expiration of stored values
    (fixes #5639)
  * (d5675f) Add an ExpireManager to share common code around expiration of models
    (refs #5639)
  * (1d6a4d) Remove LibertyFederation model (refs #5639)
  * (4df0d0) Add missing newline in translations that broke msgfmt
  * (6f4c04) Deactivate custom csrf view for tests
  * (5907b8) update French translation
  * (f25737) Use new CSRF cookie validation on login view (refs #5617)
  * (8fd544) Update french translation (fixes #5617)
  * (0baa91) Use new mixin on registration view to show a form error on CSRF token
    validation error instead of a redirect (refs #5617)
  * (31c743) Allow validation of CSRF cookie to be done in view using a CBV mixin or
    an helper function (refs #5617)
  * (25ef99) Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF
    failure, instead redirect them to the same page and display a warning (refs
    #5617)
  * (28a158) registration tests updated to new settings (#6661)
  * (7de4f8) email authentication enabled by default
  * (4b7466) locale: french translation for registration backend
  * (8a97dd) typo fix on login choices page (#6634)
  * (a02541) first and last names mandatory on registration (#6653)
  * (433737) user fullname prefixed by account number on login choices page (#6634)
  * (105162) auth model backend path fix (#6635)
  * (e9d673) limit username to 30 chars (#6636)
  * (a838d0) Only remove the opened session cookie when the feature is activated
    (#6265)
  * (ab50dc) Use a valid python identifier for lable of SAML 2.0 IdP AppConfig
    (#6518)
  * (6b48ab) Fix OpenID 2.0 IdP migrations since the application was renamed
  * (5f018c) Fix use of the logout view by SAML 2.0 IdP
  * (976ab8) Remove Ticket.identifier from the admin, the field has been removed
  * (9b958d) Add a CAS IdP module
  * (b8716b) Makes make_url() accepts a fragment in the base url
  * (e927fa) Makes registration tests pass without network
  * (69df37) Add helper methods to normalize attributes values
  * (a73ada) Move to_list() and to_iter() in utils.py
  * (ab3dd5) Add a helper method to retrieve the user from a session given the
    session key
  * (8dd988) Make compile_translations target of setup.py compatible with Django 1.7
  * (4d1550) Add helper method check_session_key() to verify that session is still
    valid
  * (e0db63) Refactor SAML 2.0 SP initiated slo to use the refactored logout view
  * (15d87d) Rename idp/logout.html template to authentic2/logout.html
  * (ef5935) Refactor the logout view
  * (581f34) Add check_referer() helper method to check that referer match the
    current domain
  * (0bee14) Create a ModelAdmin mixin for adding a default cleanup action to any
    model admin
  * (9f796c) Add test method to check XML contents for some properties
  * (09e8a6) Create a base class for tests providing 2 new helper methods
  * (e2d3f0) With Django >= 1.7 activate ATOMIC_REQUESTS on the default db
  * (cfac91) Add new helper method redirect_to_logout
  * (15d4dd) Adapt SAML 2.0 IdP to new authentication events recording
  * (45da54) Refactor testing for fresh authentication by storing the nonce in the
    session
  * (3d8102) password change view restored
  * (783977) misc: add a settings option to disable https ssl checks (#6539)
  * (f8543c) misc: raise an urllib2.HTTPError if get_url returns a non 200 response
    (#6539)
  * (c0c070) style: add non-prefixed css properties (#6510)
  * (d6156b) At least install tox and pylnt
  * (358a8e) Just use tox
  * (4d6237) jenkins.sh: just install authentic2 using pip
  * (c687a8) [django-1.7] SortedDict.insert() method was removed
  * (fe4f44) Rename README.rst to README to supress a warning
  * (4a3c9b) Fix typo in setup.py
  * (5ac3c8) [django-1.7] Rename all migrations/ directories to south_migrations/
  * (40850e) [django-1.7] tox: adapt settings and commands
  * (f328f6) [django-1.7] Monkey patch default Django user model for Django 1.7
  * (db95cc) [django-1.7] Prevent Django 1.7 showing a warning about test suites
    initialized before Django 1.6
  * (252476) [django-1.7] Natural primary key support have been added to Django 1.7,
    we only need natural generic foreign key support now
  * (cbdcf5) [django-1.6] Not settings Meta.fields or Meta.exclude has been
    deprecated
  * (0a4acf) [django-1.6] Add missing default value to AttributePolicy.enabled field
  * (db8dc5) [django-1.7] Use allow lazy to apply string tranformation to
    translatable string in models definitions
  * (af4ea6) [django-1.7] Use application configuration to rename the SAML 2.0 idp
    application and prevent name collision
  * (6000fe) [django-1.7] Use new application config ready() method to fix user
    models
  * (3d24f7) [django-1.7] User profiles were deprecated in django 1.5, partially
    remove the functionnality from our copy of AbstractUser
  * (32d1c6) [django-1.7] Declare authentic2 compatible with django 1.7
  * (f7bdd5) Simplify default logging settings
  * (fcae7f) OpenID IdP: raise ImproperlyConfigured if it is enabled but python-
    openid is not installed
  * (883701) Update local_settings.py.example
  * (c43721) Rename environment variable DJANGO_CONFIG_FILE to AUTHENTIC2_CONFIG
  * (31927d) Move test_settings in the tests/ subdirectory
  * (4be3b6) Make a plugin from the OpenID 2.0 IdP
  * (4fbcbe) tests: Add templates
  * (72c324) Remove include of gadjo files
  * (2949cf) Move authentic2 into src/
  * (e2f03e) Remove init scripts not used anymore
  * (4e01ad) test fix
  * (809f8b) registration: custom save method added
  * (ec69ab) removed modules import fixed
  * (a8fd23) Merge branch 'wip/registration'
  * (3a83a6) remove cache on metadata view (#6487)
  * (262a8a) boolean attributes convertered to unicode and lower-cased and the other
    converted to unicode
  * (6a168d) middleware: allow other view restrictions from plugins
  * (6ba68b) ldap_backend: add a new backend LDAPBAckendPasswordLost for use by lost
    passwords views
  * (98ddc4) ldap_backend: move all initialization of the password in
    LDAPUser.ldap_init()
  * (8aebe1) ldap_backend: ignore `user_basedn` if it's empty or None
  * (7c3ef4) ldap_backend: remove the uri parameter to the return*user class of
    functions
  * (6359ac) ldap_password: if no password is stored, LDAPUser.get_connection()
    should return the default connection
  * (70aaa6) ldap_backend: do not raise if LDAPUser.get_password() fails, returns
    None
  * (5c07c3) ldap_backend: reimplement password change
  * (954de2) models_backend: abandon if username if empty or None
  * (dd0334) manager: add missing template user_edit.html
  * (6adba0) auth_frontends: add an exponential retry timeout after authentication
  * (39a9d4) implement an object to compute exponential retry timeout
  * (9a6224) utils: add form_add_error an helper method to set a global error on a
    form
  * (984f98) backends: signal if login with an account failed more than n times
  * (901487) middleware: permit logout event a view restriction is applied
  * (d98d55) locale: update french translation
  * (c516ca) manager: add buttons to force user to reset its password on next login
  * (6cf91d) middleware: implement restriction to the password change view when
    password reset is requested
  * (d8ffea) registration: add a next URL parameter to the password change view
  * (a6d7e9) forms: new form mixin to store next URL parameter in forms
  * (3dd310) utils: new helper method redirect_and_come_back to redirect to a view
    passing it the current URL as the next parameter
  * (597d76) admin: register PasswordReset in the admin application
  * (91a1f0) models: add __unicode__ method to PasswordReset
  * (59f3e1) fix_user_model: dispatch monkey patching of user related models and
    forms in their respective files
  * (3c61e0) tests: add tests on the password validator
  * (62de75) validators: make possible to validate password using a regular
    expression
  * (43d9d4) validators: add digits as a character class when validating passwords
  * (b0b5bc) ctl: do not consider --help as an invalid option
  * (5d74ae) Fix error in call to parent implementation
  * (81ca01) handling metadata from the web
  * (a89df5) In the admin allow filtering provider by their policy, remove protocol
    conformance column from the listing
  * (1823cb) Set on_delete attribute on foreign keys of the saml application's
    models
  * (7b066c) Fix missing import
  * (ba4d5e) ldap: remove reference to undefined variable
  * (d2a356) ldap: do not retrieve attributes in the base search for users
  * (c7ab42) LDAP attribute can be multivalued, any reference to a mono-valued
    attribute must be suffixed with [0]
  * (eafe34) Fix app_settings of SAML and OpenID IdP, they forced their prefix on
    all access to the settings module
  * (ed4be3) Come back to explicit path for LOGIN_URL and LOGOUT_URL and it break
    compatibility with Django 1.5
  * (f30c35) Replace use of authentic2.idp.saml.common.redirect_to_login by
    authentic2.utils.login_require
  * (53c23d) Add a next_url parameter to login_require to come back to another URL
    than the current one
  * (7ee6f4) Do not change the type of INSTALLED_APPS keep it as a tuple
  * (1a3440) Remove unused imported symbols
  * (6b96d6) Change default external_id_tuple to use uid as the primary key with the
    LDAP server
  * (2e939d) user's account history information display updated
  * (461c3e) username is uuid, not viewable or editable by user
  * (33e7c8) user full name and account creation, last login date displayed on login
    choices
  * (14ca8a) login page text fix
  * (302712) account creation and login urls refactored
  * (c6a996) on user multiple accounts propose to log in with one of them or create
    a new
  * (efa430) Registration refactored: email validation done first and registration
    process
  * (717c7e) ldap to database users synchronization command.
  * (c98443) ldap_backend: username computed from uid by default
  * (0ab673) Set DJANGO_CONFIG_FILE only if local_settings.py exists
  * (e3082f) Adapt tox tests to cleaned settings
  * (50c473) Make authentic2-ctl default to load the local_settings.py file in the
    current directory
  * (e4c936) Improve test on the login_require helper function
  * (1f979f) Fix assertEqualsURL, query string is index 3 in a splitted URL
  * (7ae6ff) Add new --config flag to authentic2-ctl (fixes #5960)
  * (b47b15) Simplify settings, remove all extraction from environment (refs #5960)
  * (3addec) Remove caching of server object in SAML 2.0 IdP, it's incompatible with
    multi-tenant (refs #5960)
  * (97d4e1) Remove the PUSH_PROFILE_UPDATES feature (refs #5960)
  * (155f89) Use app_settings to set default value for TEMPLATE_VARS settings (refs
    #5960)
  * (1892fe) Remove loading of debug toolbar in urls.py (refs #5960)
  * (655677) Refactor default settings for the SAML 2.0 IdP (refs #5960)
  * (e7535f) Do not cache settings in disco_responder use late binding (refs #5960)
  * (f3481b) Remove IDP_OPENID setting, rename it A2_IDP_OPENID_ENABLE and store
    default in an app_settings.py file (refs #5960)
  * (54d03a) Convert urls.py in OpenID IdP for direct import of views (refs #5960)
  * (f3e884) Add a feature to force users to change before using the IdP
  * (7f8aef) Add helper function to compare URLs in tests
  * (8d8cb9) In utils.make_url if the target URL contains a query string, extract it
    and use it as a base for building the new query string (fixes #6314)
  * (7766d6) Add a default value for the user_basedn setting
  * (383093) Do not traceback when request is too old during SAML login or logout
    request handling (fixes #6306)
  * (76dff5) Add missing start_tls_s() in the LDAP authentication code
  * (6ffa1a) Try to not overflow the limit on SQL statement length by doing
    filtering client side instead of using a NOT IN clause
  * (f1a41e) Remove SSL registration view as it's not working anymore, must be
    redone using new registration views
  * (62e351) Update idp_openid with new redirect helpers
  * (841240) Remove legacy redirect_to_login helper method
  * (d58ddf) Use new helper methods in decorators
  * (822ab9) Use new helper methods in default login/password authentication
    frontend
  * (e86916) Use new helper method in auth2_ssl
  * (6c72ed) Add helper method to require a login
  * (67e2c2) Add helper method for logging in an user doing all needed bookkeeping
  * (b9f5b1) Add helper method to record an authentication event
  * (072df7) Add helper method to redirect user to next URL
  * (c1dd77) Add helper method to request a login, copying nonce and next parameters
  * (2676e6) Add new utilities to help building URLs with parameters
  * (e57015) Make the logout set a cookie to let other views know that a logout
    occured recently
  * (65058b) Distribute locale for SAML 2.0 IdP
  * (3ea847) Default to use starttls on ldap:// connections, also allow to set
    python-ldap options locally or globally (fixes #6097)
  * (0b2e5c) Fix error logging when an exception occur during admin bind in LDAP
    backend (fixes #6036)
  * (7a7870) Use a second field for confirmation of emails, not a special widget
  * (542c80) idp/saml: use get_sp_options_policy() to get the policy in
    get_attribute_definitions
  * (7ba960) trivial: fix typo in error message (#6203)
  * (b564e1) Always show the login page
  * (72f643) Validate email domain containing non ASCII characters
  * (58d827) Add Django 1.7 environment to tox configuration
  * (bf4754) Run tox as part of the continuous integration script, stop the script
    on any error
  * (0c3644) Add default value to test_setting to accomodate needs of Django tests
  * (c498ab) Add setting A2_VALIDATE_EMAIL_DOMAIN to completely disable email domain
    checking
  * (956a52) Create a base_no_sekizai.html base template for 404 and 500 templates
    as they are used by Django tests which do not install django-sekizai
  * (a17812) changed mimetype to content_type as per django1.5 deprecation rules.
  * (8cb6fa) changed .raw_post_data to .body as per django1.4 deprecation rules.
  * (e2213b) Added tox as a test-runner.
  * (242815) [django-1.6] add default value to all BooleanField missing it
  * (266e6e) [django-1.6] LDAPUser application cannot be deduced without a
    Meta.app_label
  * (f72155) [django-1.6] authentication backends import path must match the
    canonical __module__.__class__
  * (010b92) [django-1.6] use ATOMIC_REQUESTS setting instead of
    TransactionMiddleware
  * (b3def6) [django-1.6] middleware: do not store set() object in sessions only
    lists
  * (e031ca) [django-1.6] adapt to API change on EmailValidator
  * (c2e98e) [django-1.6] fix import path of FieldDoesNotExist exception
  * (9f3773) documentation: fix block of code displays in quick ldap backend file.
  * (92edfa) misc: minor change to French translation (#6124)
  * (95d9e4) Fix bug introduced in commit 52f380d
  * (6e3622) documentation: update mapping subject of attribute management.
  * (92af1f) Prevent circular imports of settings
  * (ed8bab) NEw experimental attribute source computed_targeted_id to create
    eduPersonTargetedId like values from existing attributes
  * (7467d3) Do not block on failure of the topological sort of attribute sources by
    their dependencies
  * (52f380) Refactor SAML 2.0 IdP and attributes engine interface

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 13 Mar 2015 16:10:11 +0100

authentic2 (2.1.11) trixie-eobuilder; urgency=low

  * (7b43fa) bump release to 2.1.11
  * (d69777) Override User.check_password() in LDAPUser
  * (398e3a) Override has_usable_password() in LDAPuser to let the LDAP
    configuration decide if an user can change its password
  * (2a3874) Log search for users when authenticating against LDAP, fix log of error
    during search, fix building DN from template and fix logs of errors during bind
  * (e97bca) Fix bad use of set_password() and set_unusable_password() in commits
    8546afda7 and f3e8a5db
  * (8546af) In LDAP backend save user object after setting or reseting the password
  * (f3e8a5) Do not set default to keep LDAP password in Django user, only
    synchronize password on first login and on request by the user
  * (dd00cf) Fix grammar in french translations
  * (dd540f) Use SPOptionsIdPPolicy.authn_request_signed to remove signature check
    on logout requests (bis)
  * (df4dbb) Use SPOptionsIdPPolicy.authn_request_signed to remove signature check
    on logout requests
  * (860c46) Fix saml migration 0046, use get_sp_options_policy to get the default
    policy
  * (ea63f7) Fix documentation URL in README
  * (8f8192) Enlarge AuthenticationEvent.how attribute as it cannot hold the value
    password-on-https
  * (e5a1a9) Remove the LibertyProviderPolicy model and copy its defaults to
    existing SPOptionsIdPPolicy
  * (af6ddf) Migrate LibertyProviderPolicy.authn_request_signature_check_hint to
    SPOptionsIdPPolicy.authn_request_signed
  * (f19b30) Fix UnboundLocalError when logging-in a ldap user belonging to no group
  * (4f5203) In refactored login view share cancel, can_reset_password and
    registration_authorized variable between templates

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 05 Dec 2014 14:27:10 +0100

authentic2 (2.1.10) trixie-eobuilder; urgency=low

  * (d46a4c) bump release to 2.1.10
  * (a66816) Make LDAP backend default to synchronize LDAP users with Django users
  * (7f5a89) Refactor login view by using new authentication frontend API, sekizai
    and gadjo
  * (54f036) Use python-six when testing string types, start aiming for Python 3
    compat
  * (c3f8d5) documentation: remove old documentation files (refs #5455)
  * (cea799) documentation: update README (#5455).
  * (e5ebc6) documentation: refactor documentation (refs #5455).
  * (19d812) Remove the default cache setting based on the FileBasedCache
    implementation
  * (cbbedc) Set default level for root logger to WARNING and only activate DEBUG
    logging on authentic2 loggers when DEBUG is True
  * (c41c09) Add a lasso_required() view decorator and use it on SAML 2.0 IdP views
  * (7d295e) Add an unless() view decorator and rewrite the settings_enabled()
    decorator with it
  * (18d355) Load lasso through the authentic2.compat module and provide an mock
    object to allow authentic2 to launch
  * (c14ec4) Set default for DEBUG to True
  * (9fc8c3) Revert "Rename saml migration with an existing serial number"
  * (7e3517) Rewrite some migrations to support custom user models (fixes #5640)
  * (e3686c) bugfix : do not longer fail silently on importerror in
    local_settings.py
  * (c8ec7f) Update NEWS
  * (1a4eff) Share the same context instance when rendering frontends blocks on the
    profile page
  * (2e8798) Do not show login block if frontend is disabled (with new login() API)
  * (044bef) Update french translations for SAML and SAML IdP
  * (49cfc5) Remove input field in name column of LibertyProvider listing page
  * (0219bc) Save metadata URL when creating a new SAML provider
  * (55e1f8) Fix lenthening of the username field in User model related forms
  * (f3faa4) Implement updating SAML metadata by URL on the LibertyProvider model
  * (ad9c97) Add data migration to copy entity_id of liberty provider to the new
    metadata_url field
  * (65b7cd) Add field metadata_url to the LibertyProvider object
  * (aff886) Share the same context during rendering of the login page
  * (a7a34b) Install django-sekizai
  * (e336b7) Make saml migration 0043 compatible with custom user model
  * (edebb8) Add a nonce parameter to ok.png URL to make logout URLs uncacheable
  * (e0b49b) Allow frontends to handle completely their content
  * (54d26d) Rename saml migration with an existing serial number
  * (136ad8) Remove debugging statements
  * (f13379) variable name typo fix

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 03 Dec 2014 18:17:00 +0100

authentic2 (2.1.9) trixie-eobuilder; urgency=low

  * (fce611) bump release to 2.1.9
  * (2f41db) Update french translations (refs #5925)
  * (de22b9) Add federation management to profile page (fixes #5925)
  * (b606fe) Move all idp templates to authentic2 templates (refs #5925)
  * (c5aa50) Add field LibertyServiceProvider.users_can_manage_federations (refs
    #5925)
  * (359816) Add settings key A2_PROFILE_CAN_MANAGE_FEDERATION (refs #5925)
  * (5c65b6) Load the LDAP backend before the model backend
  * (c429cd) Remove useless check on references in attribute templates
  * (3a5d5e) Enlarge SAMLAttribute.name from 64 chars to 128
  * (f29518) Support 'unspecified' attribute name format in SAMLAttribute
  * (37a2e5) In LDAP_AUTH_SETTINGS convert keys to str before lowercasing them
  * (f4047b) Add option --create-disabled to sync-metadata so that new service
    providers are disabled by default
  * (692d29) Make attribute_mappings contribute to the list of LDAP attribtues
  * (70093c) Add a generic relation from LibertyProvider to SAMLAttribute
  * (0841de) Control verbosity in sync-metadata and add more messages
  * (226a6a) Add LDAP attribute definitions schacHomeOrganization and
    schacHomeOrganizationType
  * (85c5a2) Normalize attribute names to the short name
  * (55681a) Add 2 new options to sync-metadata for loading Shibboleth attribute
    filter policies
  * (f4ec5e) Add missing SUPANN attribute mailForwardingAddress
  * (ccf6c5) Contrary to expectation givenName is the short name and gn is the long
    one
  * (581b55) Add parser for simple Shibboleth attribute filter policies
  * (896e4e) Only send values for enabled SAMLAttribute to service providers
  * (636e3d) Add an enabled field to SAMLAttribute
  * (b4c4c4) Add migration 0040 on SAMLAttribute missing from commit 5a42a0a447d
  * (daaee9) Remove upper limit on south version
  * (6bc887) Accept multiple %s in LDAP user_filter setting
  * (b86bf9) Lowercase LDAP settings external_id_tuples and attribute_mappings as
    they also contain attribute names
  * (00ffa6) Do not set limit_to_realm by default to True as it blocks login using
    email
  * (952e3a) Fix typo in SAMLAttribute.name_format_uri()
  * (afac8d) Fix typo in LDAPBackend.get_blocks()

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 14 Nov 2014 15:12:47 +0100

authentic2 (2.1.8) trixie-eobuilder; urgency=low

  * (db5014) bump release to 2.1.8
  * (e80c8a) Distribute the plugin example
  * (b9c43d) Revert "Remove AbstractUser from models as we do not distribute a
    custom user model anymore (fixes #5753)"
  * (c0a169) Lowercase all LDAP attribute names extracted from settings
  * (5a42a0) Add natural key support to SAMLAttribute model
  * (711fc1) Add natural key support to SAML SPOptionsIdPPolicy
  * (e2e30a) Add natural key support to model SAML IdPOptionsSPPolicy
  * (70f5db) Add natural key support to saml.LibertyProviderPolicy
  * (1815d3) Gitignore egg-info and compiled i18n
  * (73650c) Allows to disable the password changing feature via setting
  * (36cfab) Add set_mandatory_groups to _DEFAULTS in ldap backend so that we do not
    raise ImproperlyConfigured when it's used
  * (364157) Remove AbstractUser from models as we do not distribute a custom user
    model anymore (fixes #5753)
  * (b2dc3d) Do not crash when UserAttributeProfile.data is empty
  * (8d28bf) Revert "Registration process refactored, django-registration removed."
  * (381f10) Revert "urls not involved in registration process removed from
    registration backend"
  * (bed731) Revert "automatically authenticating user on account activation"
  * (37fe38) Revert "user data passed directly to activate email templates"
  * (b23711) Revert "django.contrib.sites removed from registration backend"
  * (746050) Revert "next_url param propagated from service provider to registration
    form."
  * (eb9388) LibertyProvider's natural key retrieving improved
  * (af9557) next_url param propagated from service provider to registration form.
  * (fd89af) django.contrib.sites removed from registration backend
  * (9b8fd4) user data passed directly to activate email templates
  * (e49d5c) automatically authenticating user on account activation
  * (0fd781) urls not involved in registration process removed from registration
    backend
  * (bf8eec) Registration process refactored, django-registration removed.
  * (cb264b) Use absolute positionning for other actions block in manager popups
  * (a53e60) In JSON serializer resolve natural primary keys inside a generator so
    that previous objects are already loaded
  * (396755) make use of setting_enabled decorator to disable edit profile and
    change email views refs
  * (38da5e) Validate the LDAP config attributes keys
  * (590131) Use reverse to redirect to login
  * (0083ff) Honor A2_REGISTRATION_CAN_DELETE_ACCOUNT in ui as well
  * (1e0406) do not display "password" title in profile if the password cannot be
    changed
  * (e4e9e2) Add app settings to disable profile editing and email changing
  * (78e421) Update french translation
  * (e586a6) Replace default email field in registration form by an email field with
    validation
  * (1300eb) Add widget and fields to implement fields with validation
  * (288262) Do not reuse Django EmailValidator in our own validator
  * (aacab8) Plug custom EmailValidator in model's EmailField and form's EmailField
  * (5ca50f) Remove auth2_openid as django-authopenid is not supported anymore
  * (68bd3f) In SAML IdP continue_sso(), do not traceback when nonce has expired or
    has been already used, instead log and display a warning (fixes #5493)
  * (298aa2) In SAML IdP handle isPassive flag by returning NoPassive status code
    when no user is logged
  * (109072) In SAML IdP, fix log assert not passing request to the wrapped function
  * (84050d) In SAML IdP idp_sso(), fix wrong reference to user_id
  * (5f3c36) Hide disabled frontends in profile view (fixes #5665)
  * (893db1) In SAML IdP remove the possibility to pass user_id or name_id_format in
    the URL path (fixes #5652)
  * (9f110f) In SAML IdP idp_sso(), use error_redirect() (fixes #5652)
  * (79ce83) In SAML IdP idp_sso(), check for the service provider policy early
    (refs #5652)
  * (d0a4e9) In SAML IdP idp_sso(), move information log later (refs #5652)
  * (b960a1) In SAML IdP check_destination(), simplify call to logger.warning()
    (refs
  * (08294e) In SAML IdP return_logout_error(), log errors as warnings (refs #5652)
  * (fd2941) In SAML IdP, improve warning logged when request is denied (refs #5652)
  * (8311f6) In SAML IdP SLO, error_redirect() to log warningsi (refs #5652)
  * (25f826) In SAML IdP, log most errors with level WARNING (refs #5652)
  * (ff990b) In SAML IdP method remove double logging with error_page() (refs #5652)
  * (a32777) In SAML IdP log most errors with from WARNING
  * (f14f33) In SAML IdP, log AssertionError as warnings (refs #5652)
  * (d8ece8) Add decorator to convert AssertionError to warnings (refs #5652)
  * (13e3ab) Add error_redirect() to log then display translated warnings
  * (a25fab) Log function name after module name (refs #5652)
  * (da78e6) Prevent lasso errors from being propagated to sentry
  * (427eac) Adapt AttributeAggregator ldap source to new ldap backend
  * (c4db40) Improve exception handling in attribute_aggregator
  * (fcf691) Rename ldap_backends.unicode_dict_of_list() to normalize_ldap_results
    amd make it return a fresh dictionnary with lowercase keys and base64 encode
    attributes which are not UTF-8 decodable
  * (3b4351) Use local login and logout page for login and logout in the admin
    (fixes #5557)
  * (186b68) Fix default LOGOUT_URL
  * (0578a8) Add handling of natural keys for generic foreign keys (fixes #5599)
  * (e31e90) Add natural key support to AttributeValue model (refs #5599)
  * (3e67ce) Add user export feature based on django-import-export (fixes #5624)
  * (2f9904) Add PUSH_PROFILE_UPDATES to app_settings and use it from there in views
    (fixes #5611)
  * (25eb9f) Fix AddLibertyProviderFromUrlForm bad initialization of foreign key
  * (ea520c) Initialize sp or idp provider object when creating a new SAML provider
    from an URL (fixes #5438)
  * (2737e2) Add missing app_settings file for the SAML idp plugin
  * (e95a73) Store LDAP users passwords in request.session instead of using the
    Django cache (fixes #5399)
  * (dbbd1a) Add middleware to keep request in thread local storage (refs #5281,
    refs #5399)
  * (015cae) Filter STATICFILES_DIRS for absent directories (fixes #5439)
  * (d98f16) Make SAML 2.0 a plugin
  * (8679ac) Load login/password authentication frontend unconditionnaly and use the
    enabled() hook instead to desactive it
  * (bb207b) Load LDAP authentication backend unconditionnaly
  * (508991) Use new setting_enabled and required decorators in plugin sample
  * (b471fb) Make auth2_ssl an authentic2 plugin
  * (3ef2a9) Add decorator to wrap all views in url patterns with a decorator or a
    list of
  * (16e5b4) Add decorator to enable a view based on settings
  * (a4195a) Remove requirement on django-debug-toolbar because it's optional
  * (97574c) Upgrade needed django-debug-toolbar to >= 1.2, < 1.3 (fixes #5388)
  * (7b8c65) Export authentic2 version in the context processor (fixes #5407)
  * (cd7cfb) auth_ssl: replace all use of next by next_url, next is a keyword (fixes
    #5278)
  * (4a965f) Use a custom setting for activating console logging (fixes #5400)
  * (915718) Remove emmbedded gadjo project
  * (0283a7) Fix typo in cleanupauthentic command (fixes #3458)
  * (432f79) Log tracebacks in cleaning commands (fixes #3458)
  * (2976ab) Replace existing example for creating authentic2 plugins (fixes #5275)
  * (ce1e7b) Add margin around paginator link boxes
  * (baa51f) Improve sizing of search input in manager
  * (9f9583) Block some redirections when dialog is done in manager (fixes #5307)
  * (d75096) Create SAML AttributeValue node inside the values iterating loop
  * (39bc7a) Do not allow to deactivate your own user using the manager
  * (215b7f) Fix gadjo inclusion
  * (7c47c4) Print warnings to stderr using the warnings module (fixes #5324)
  * (c8416c) saml: continue to next server when SLO fails to find provider
  * (ddea93) Comply with gadjo update (fix #5311)
  * (26d510) Initiate SAML IDP SSO using GET requests (fixes #5302)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Nov 2014 10:59:16 +0100

authentic2 (2.1.7) trixie-eobuilder; urgency=low

  * (d0915c) bump release to 2.1.7
  * (2cf8fc) update l10n (fixes #5280)
  * (e637c1) Remove raise blocking clean logging of an LDAP exception
  * (0305ce) Change base url for manager to manage/
  * (b0d313) MANIFEST.in: add authentic2/manager files
  * (bb3cbc) update l10n (refs #5103)
  * (96da0c) registration_backend: simple password policy validation (fixes #5103)
  * (777712) backends/models_backend: match simple username before username with
    domains
  * (bc5e4c) saml/forms: when adding provider from url, only validate when all
    fields are present
  * (5f08fd) manager: l10n (refs #5180)
  * (e9aeb2) manager: implement all views (refs #5180)
  * (13a500) manager: add gadjo as a submodule (refs #5180)
  * (cecc9f) js: add purl.js (refs #5180)
  * (92f831) js: add jquery.form (refs #5180)
  * (3191a2) saml: modify inline form for SAMLAttribute to persistent caching of
    attribute names (fixes #5260)
  * (674c73) saml: fix copy error in breackcrumb of add_from_url.html template
  * (9f5fc2) saml: update french l10n
  * (56c296) saml: replace all occurrence of liberty by SAML in verbose names
  * (eeda05) saml: set notOnOrAfter on the Conditions tag (required by Dropbox)
    (fixes #5249)
  * (f3b459) make it possible to disable password authentication (fixes #5250)
  * (601fdb) validators: only check email using DNS, make SMTP check optional

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 21 Aug 2014 11:17:25 +0200

authentic2 (2.1.6) trixie-eobuilder; urgency=low

  * (4826a6) bump release to 2.1.6
  * (69b4da) settings: do not produce duplicate log when using DEBUG_LOG setting
  * (599073) settings: uniformize use of to_boolean for boolean settings
  * (bcc592) settings: add support for y, yes, n, no values to the to_boolean()
    parser
  * (8fcbcd) backends/ldap_backend: do not fail when LDAP_AUTH_SETTINGS is not
    defined
  * (fed533) backends/ldap_backend: convert attributes name to str
  * (7aa533) attributes_ng/sources: add an ldap source
  * (6f2fc9) models: fix AttributeError in UserExternalId.__repr__
  * (493022) compat: add work-around for Django < 1.8 and commit_on_success
  * (e8a1f0) auth2_auth/migrations: protect data modifying code with "if not
    db.dry_run"
  * (bdcf55) backends/ldap_backend: add legacy field mapping to attributes to import
  * (6cb560) settings: don't print "Debugging mode is active"
  * (adda44) settings: allow to override field names in A2_PROFILE_FIELDS and
    A2_REGISTRATION_FIELDS
  * (e3135d) settings: set LOCALE_PATHS
  * (b056b2) views: if A2_PROFILE_FIELDS is empty, use A2_REGISTRATION_FIELDS
    completed with extra attributes
  * (c48796) views: in profile view filter out empty attribute values
  * (9ae759) backends/models_backend: filter user email case-insensitively
  * (d2ccb7) views: refactor profile view, use CBV, and honor A2_PROFILE_FIELDS
  * (e8c49e) views: return to profile page after validating an email change
  * (c3fa0a) views: return to profile after requesting an email change
  * (867326) saml: SAMLAttribute.attribute_name must not be constrained at the model
    level
  * (3a25eb) saml/models: add natural key to LibertyFederation
  * (eeec70) saml/models: add natural keys to LibertyServiceProvider and
    LibertyIdentityProvider
  * (1c3c92) settings: import A2_ACCEPT_EMAIL_AUTHENTICATION from environment
  * (45135f) settings: load all custom password hashers
  * (8f0db6) hashers: always convert OpenLDAP hash algo to uppercase
  * (ce67ec) commands: add new command load-ldif
  * (34778e) saml/admin: fix missing blank value for SAMLAttribute.attribute_name
  * (e025d5) l10n: change translation of "Account activation failed" (#5144)
  * (93ab27) views: do not use django.contrib.sites in the email change view

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 05 Aug 2014 14:02:43 +0200

authentic2 (2.1.4) trixie-eobuilder; urgency=low

  * (0b1e9b) bump release to 2.1.4
  * (d30a8f) hashers: add hashers compatible with OpenLDAP

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 15 Jul 2014 16:20:27 +0200

authentic2 (2.1.3) trixie-eobuilder; urgency=low

  * (9ee8a2) bump release to 2.1.3
  * (a2c2ad) registration_backend/views: fix registration of new users
  * (aedcb8) management: add missing __init__.py files
  * (720e2d) middleware: fixes OpenedSessionCookieMiddleware middleware
  * (df8075) saml: do not configure choice for attribute names at the model level as
    it breaks model validation before running migrations
  * (ed7684) management: add new command clean-unused-accounts
  * (02f3a2) forms: allow ordering of fields on profile page
  * (56592e) middleware: do not reset root logger to level 0
  * (69514f) run.sh: do not make DEBUG=1 a default
  * (ad4d83) settings: do not disable existing loggers, it's clear now that it is
    wrong
  * (6c20a1) ldap_backend: replace dn lookup by an external_id lookup
  * (2383d8) ldap_backend: fail cleanly when attribute retrieval fails and log an
    error
  * (a5172a) ldap_backend: add dn to the attribute dict
  * (7dcd2a) ldap_backend: remove redefinition of LDAPBackendError
  * (a53515) models: add string cast to UserExternalId
  * (79e6f3) registration_backend/forms: use A2_REGISTRATION_FIELDS to reorder
    fields in the registration form
  * (383b77) idp/locale: update french translations
  * (d65501) locale: grammar correction
  * (c1a4f9) admin: show attribute name in listing of attribute definitions
  * (33f533) attribute_kinds: remove siret attribute which is too specific
  * (d870b2) attribute_kinds: pick attribute kinds from settings
  * (c86342) compat: add settings to add user model fields to the registration form
  * (4c2ca1) settings: load /etc/authentic2/config.py if available
  * (95e407) context_processors: add settings.TEMPLATE_VARS in template context
  * (83a0d4) fix_user_model: fix username length check also in overriden forms
  * (fcd225) fix_user_model: fix widget maxlength attribute
  * (b50e22) fix_user_model: fix also username length in user change and creation
    forms
  * (85c24a) middleware: add a middleware to install a cookie when the user has an
    open session
  * (9b878e) templates: fix back link closing tag
  * (f4fdc4) saml: use GET binding when the HTTP method is HEAD
  * (5d3b80) fix_user_model: patch directly the user model
  * (fa5372) fix_user_model: importing django.contrib.auth.forms inside a function
    does not work
  * (a26d3a) fix_user_model: also fix admin forms when changing validation regex for
    username
  * (1fcee4) views: add a logged-in jsonp web service
  * (b0af1b) idp/saml/saml2_endpoints: fix typo
  * (74765b) idp/saml/saml2_endpoints: in add_attributes add debug log of attribute
    values
  * (080f5b) idp/saml/saml2_endpoints: in add_attributes() fix query for
    SAML2Attribute objects
  * (0ecad2) attributes_ng/source/django_user: add missing attribute
    django_user_identifier
  * (a4dbd4) saml/admin: explicitely list fields to show on change form
  * (df00c9) idp/saml: add attribute to assertions based on new attribute
    definitions
  * (20362c) saml/admin: add inline admin forms for SAML attribute definitions
  * (0fb368) saml: add attribute definition model
  * (0965fb) start new attributes-ng subproject
  * (97b819) attribute_aggregator/user_profile: only set attributes from user model
    fields if get_attributes() did not return an equivalent value
  * (203e7a) fix_user_model: allow overriding django User model username regex
    validator and help text
  * (e48714) makes sure msg is defined before asserting on it
  * (5008e2) registration/views: fix n-th misuse by me of get_or_create()
  * (e23a70) add setting A2_REGISTRATION_GROUPS to affect default groups to self-
    registered users
  * (f18931) models: change UserExternalId definition
  * (1b7148) decorators: add to_iter() decorator to transform any generator into an
    iterable object
  * (eba089) models: make LogoutUrlAbstract.get_logout_url() take a request object
  * (d84a21) models: fix typo in LogoutUrlAbstract.get_logout_url()
  * (1a822a) settings: set special formatter for syslog
  * (64b53f) attribute_aggregator/user_profile: fix initialization of a variable
  * (c8a75a) attribute_aggregator/user_profile: if user has a get_attributes()
    method, ignore legacy mapping
  * (a0f481) settings: fix typo
  * (6cd91c) settings: extract PASSWORD_HASHERS setting from environment
  * (cd883f) settings: fix typo
  * (3a6f01) settings: add A2_HOMEPAGE_URL
  * (0d83d6) ldap_backend: do not convert to string before testing for nullity
  * (2be7bd) jenkins.sh: restrict pylint to version 1.1.0 which raised less warnings
  * (a60505) validators: accept email when greylisting is used
  * (74507b) ldap_backend: escape the user DN before interpolating it into the group
    filter
  * (706342) ldap_backend: force the username template to be unicode as the result
    must be
  * (391e59) ldap_backend: escape string used to build the user DN when using a DN
    template
  * (bd68fe) setup.py: remove dependency link to fork of django-registration
  * (00a896) models_backend: use a dynamic proxy user model
  * (2a3a16) idp/saml: improve handling of lasso errors on processing of
    AuthnRequest
  * (f54291) saml,idp/saml: if NameQualifier or SPNameQualifier is missing, use
    implicit knowledge of the IdP or SP identities
  * (a9aa56) attribute_aggregator/user_profile: add support for relations use it to
    fix the role attribute
  * (562aee) idp/saml: when a provider is missing, propose to add it directly
  * (5c5222) ldap_backend: if LDAP is configured but the ldap module is missing,
    raise ImproperlyConfigured
  * (89feb7) ldap_backend: if no LDAP config exists, returns None
  * (233fd6) ldap_backend: do not break if an attribute is not UTF-8 (jpegPhoto ?)
  * (6dbfbd) templates: add a default registration/registration_closed.html template
  * (49c13f) fix_user_model: add validation of email domains to user model
  * (e8ae07) rename fix_username_length module to fix_user_model
  * (da6405) add validators module with a first email validator
  * (1c9f0a) backends/ldap: when mapping attribute names, convert original name to
    string first
  * (4845d6) backends/ldap: convert attributes to unicode on input
  * (15479b) settings: user ldap backend before model backend
  * (8c860e) backends/ldap: add option to pass all realms to an LDAP backend (bis)
  * (1ba9df) backends/ldap: add option to pass all realms to an LDAP backend
  * (a92e80) admin: add email to user editable fields
  * (635735) backends/ldap: when creating the UserExternalId, verify that the user
    exists in the database
  * (6bfbaf) backends/ldap: remove dead import
  * (e78854) idp/saml/saml2_endpoints: request failure because the requested NameID
    format is not supported are not an error but a warning
  * (bc95b3) update french translation
  * (500ef9) admin: add a clear expired sessions action
  * (4765b6) admin: fix SessionAdmin.user method, does not assume there is always a
    user set in a session
  * (aefccd) settings: use Django specific raven/sentry configuration
  * (dc360f) backends/ldap: fix missing definition of the User model
  * (830529) admin,dashboard: show see technical models admin pages even if DEBUG is
    False
  * (361c13) dashboard: show session admin in debug panel
  * (e4790a) admin: in the Session admin, show user and ips
  * (da52fe) add a new middleware to collect ips in the session
  * (510c39) backends/ldap: add lookup by username, make password change work with
    Django models
  * (e8ec5a) backends/ldap: add an option to update username on all login
  * (83cc9f) backends/ldap: improve log
  * (ef9fe7) backends/ldap: improve logs
  * (e1ae3b) backends: in LDAPBackend allow the user query to return multiple
    records
  * (890717) settings: add loading from YAML files
  * (995aac) update french translation
  * (d0497f) settings: if LOG_DEBUG is present, do not set level to DEBUG on root
    logger
  * (4ddd6c) admin: customize admin for technical models
  * (370e72) admin: activate Session model admin also when the engine is cached_db
  * (c143ff) admin: add filter on whether an use has an external identifier or not
  * (dbfafc) dashboard: expose DeletedUser model
  * (372b45) models: complete verbose_name attributes
  * (9f41f0) remove dead application auth2_user
  * (6202e4) backends/ldap: fix lookup of UserExternalId missing in commit
    6fde3843bdfa
  * (6b1761) idp: fix renamed authentication backend reference (bis)
  * (45b450) idp: fix renamed authentication backend reference
  * (8437ad) update french translation
  * (d627a4) forms: fix user edition on group admin form
  * (692a19) authentic2-ctl: do not set DEBUG=1 in the environment
  * (8f9ae8) settings: set syslog log level to DEBUG, and reset handlers on
    django.db logger
  * (b6cd5d) settings: display a message when DEBUG is on
  * (5685b3) settings: add a DEBUG_LOG setting to limit debugging log to certain
    domains
  * (e71728) settings: remove useless LANGUAGES setting
  * (4531ce) settings: improve naming of path related settings
  * (08ca44) run.sh: run with debugging on
  * (8a4fd0) settings: remove redefinition of VAR_DIR
  * (7a7318) templates: fix typo in password_reset_email.html
  * (fb9b1d) style.css: make help text display under form fields
  * (9e1518) admin: register the Session model if the db session engine is used
  * (e1657c) backends/ldap: populate the user.attributes dictionary for transient
    users
  * (640b6a) backends/ldap: remove remaining catchall except blocks
  * (8cc48f) admin: in user list view add filter on realms
  * (a3cde8) app_settings,backends/model: add REALMS setting to aggregate realm from
    all sources
  * (b352b0) backends/ldap: move configuration check in get_config()
  * (f5a9d7) backends: rename module models to models_backend to prevent collision
    in imports
  * (ab20be) backends/models: if the login form pass a realm use it
  * (6fde38) backends/ldap: add setting username_template for building usernames
  * (dfd51e) backend/ldap: add a realm attribute defaulting to ldap
  * (f10650) backends: in the model backend try to lookup user also by appending
    known realms
  * (1eb2e1) registration_backend: allow a default realm for self-registrated
    accounts
  * (db1b76) settings: unique email for accounts should not be the default
  * (a7d4b9) settings: django.contrib.sites is not necessary
  * (d4df5f) idp/saml: remove wrong backend class
  * (b68320) idp/saml2: add decorator never_cache to all views
  * (c7771d) idp/saml/saml2_endpoints: add new model backend to supported backends
  * (cefa5d) backends: add new ModelBackend handling multiple matching users and
    email as username
  * (0159f7) backends/ldap_backend: fix import path
  * (250941) backends: rename ldap backend module to fix collision with global
    namespace
  * (b2783e) serializers: fix missing import and not handled case of new models
  * (c17927) add a backends directory, mv LDAP backend into backends/ldap.py
  * (31a7b0) add serializer supporting natural primary keys
  * (64c1bc) move User.username length fix outside of __init__.py as it breaks
    loading of wsgi application
  * (edb77e) managers: extract GetBySlugQuerySet/Manager from saml.managers
  * (6cb51c) app_settings: fix typo
  * (f6ebdc) models,managers: add a custom manager to AttributeValue model
  * (12ce6c) admin: only use authentic user admin if the classic user model is used
  * (846fac) migrations: add migration to add Attribute and AttributeValue
  * (982395) admin: unregister the user model only if it's already registered
  * (0e1801) admin,dashboard: add support for custom user model
  * (5750fe) models: add natural key support to model Attribute
  * (e2086b) commit missing file from the custom attribute support commit
  * (06a9e3) authentic2: only patch User.username if this field exists
  * (d4fd5b) dashboard: show internal models when DEBUG is True
  * (7c4b9b) update french locale
  * (b9c0f7) add custom attributes support to Django user model
  * (7de5f1) decorators: add decorator to_list() to make a list returning function
    from a generator
  * (a09abf) managers: fix filter in with_federation() and without_federation()
  * (6ef54c) idp/saml2: fix path for the redirect_to_logout view
  * (98f7d2) authentic2/idp/static was move into authentic2/static
  * (bb413c) models: patch Django user-model username max_length to be 255
    characters
  * (856bb9) move static files at root of python packages
  * (471034) ignore ./static not all static directories
  * (cdd695) settings: apply new standard layout for system static and template
    directories
  * (31059e) app_settings: add key AUTH_FRONTENDS
  * (37c761) use getattr for getting AUHT_OPENID, DISCO_SERVICE and AUTH_SSL
    settings
  * (b72dc3) app_settings,utils: move IDP_BACENDS default value into app_settings
  * (559493) app_settings: fix capitalisation of username field on registration page
  * (75422c) settings.py: add option USE_MEMCACHE
  * (c1fd14) models: initialize plugins there
  * (4c21a7) saml/managers: add method to convert LibertySession queryset to
    LassoSession dump
  * (d40889) saml/models: LibertySession.federation and assertion can be blank
    (=NULL)
  * (4a31b1) settings: load authentication backends, auth frontends and idp backends
    from plugins
  * (fb669c) plugins: define a DEFAULT_GROUP_NAME and use it in as default group
    name in functions
  * (41f02e) remove AUTH_OATH setting description
  * (386bb6) auth2_ssl/backend: do not clutter saml2_endpoints with authncontext
    declaration, use authentication backend hook
  * (478939) settings.py: add a default configuration for a file based cache
  * (466d1b) saml/common.py: use assertion for checking if a message is a SOAP one
  * (d38dc8) saml/models: set LibertyProvider manager to LibertyProviderManager
  * (21dc8c) saml/managers.py: remove dead import
  * (3529ec) saml/managers.py: add helper method to LibertyProviderQuerySet
  * (dc346d) remove the CAS idp, as it is now out of tree
  * (94d52b) models: FederationId, a generic model to store federation identifiers
  * (8653ed) models: LogoutUrl, new generic model to store logout urls of providers
  * (0fa832) utils: in accumulate_from_backends, ask also to plugins
  * (9cc17b) middleware: add a new LogCollector middleware
  * (8781eb) saml/models: move all managers to their own module
  * (e90a4a) saml/common: in soap_call return the original exception through
    SOAPException
  * (770ef7) saml/common: SOAPException does not need any specialization
  * (8c8445) saml/common: add assertion on presence of a name_id in parameters of
    add_federation
  * (0f980e) saml/common: add more debugging log
  * (9564cc) saml/common: change provider_id to entity_id in load_provider to
    uniformize vocabulary
  * (0214e2) saml/common: add assertion and debug logging in SAML2 message
    extraction functions
  * (c38112) saml/saml2utils: simplify log messages in authnresponse_checking
  * (662356) saml/common: simplify debug log in soap_call
  * (f049de) saml/common: add debug log to return_saml2
  * (974515) saml/common: add a logger
  * (ecc560) views: simplify server_error view
  * (2e0e3e) remove authsaml2, it's reborn as plugin authentic2-auth-saml2
  * (833191) auth2_ssl: simplify and adapt for nginx
  * (dc16ce) frontends: remove the next parameter to the profile view,
  * (f29db4) urls: if DEBUG is True, serve static files
  * (5ae30c) auth2_ssl: refactoring [module reorg]
  * (dbab28) move all content of the auth2_auth module into authentic2 module
    [module reorg]~
  * (9dd8a6) remove dead import
  * (2f7eeb) auth2_auth: remove dead admin module
  * (92e53b) fix import error on NONCE_FIELD_NAME
  * (21b4e1) auth2_ssl: refactoring [module reorg]
  * (e0e065) auth2_ssl: consolidat urls in an urls module [module reorg]
  * (c651f6) move constant NONCE_FIELD_NAME in module authentic.constants [module
    reorg]
  * (2aa09a) idp/urls: do not assume IDP_CAS or IDP_SAML are defined
  * (82544a) idp: refactoring [module reorg]
  * (9ee9d1) remove dead view error_ssl
  * (c79b2a) move login view from auth2_auth to idp [module reorg]
  * (9fa353) auth2_auth/views: remove unused view password_change
  * (1ee99e) idp/urls: refer to interaction views by name, attribute global name
    [module reorg]
  * (1a68a6) registration_backend/forms.py: validate that username is not already
    taken
  * (9c6e23) registration_backend/views.py: call the user model clean() method when
    creating temporary user on registration
  * (34ad76) registration_backend/forms.py: validate that passwords match on
    registration
  * (d02d90) registration_backend/forms.py: copy validators from user model to form
  * (4a950f) settings: extract any environment var named SETTING_
  * (ed5ba7) settings: load middleware from plugins
  * (0f8942) dashboard: load admin modules from plugins
  * (fdf03e) utils: add IterableFactory to make fresh iterable from generators
  * (8f9df5) settings: add environment setting SECURE_PROXY_SSL_HEADER
  * (dde300) plugins: set a default group_name for plugins
  * (51cf99) admin: allow editing group's users from the group change form
  * (835759) urls: import django.contrib.admin directly
  * (43d6ce) settings: restore normal order of applications in INSTALLED_APPS
  * (44e958) backends: in LDAPBackend fix missing variable reference in string
    template
  * (a31e6d) backends: remove referral results from results before counting found
    user records
  * (2e1738) backends: remove 1s default timeout for LDAP requests
  * (7c8bbb) backends: in LDAPBackend do not follow LDAP referrals by default
  * (9cddce) add a plugin system
  * (3c1ce8) auth2_auth: fix bug in auth_ssl urls
  * (20ebab) backends: do not force flags on LDAP users
  * (478dad) attribute_aggregator/core: simplify load_or_create_user_profile() using
    Model.get_or_create() to remove a race condition
  * (f25626) setup.py: adapt to change in Django compilemessages
  * (560518) auth2_auth/views: allow staff to see the login page even when logged
  * (dfbbe0) auth2_auth/urls: use the auth_login name for the login view
  * (e5567b) setup.py: force version of django-admin-tools to >= 0.5
  * (dd7794) fix wrong commit count in NEWS
  * (c552e9) idp/saml/saml2_endpoints: use the new
    SPOptionsIdPPolicy.http_method_for_slo_request field when initializing a new SLO
    request
  * (7883fa) saml/models: add field SPOptionsIdPPolicy.http_method_for_slo_request

 -- eobuilder <eobuilder@entrouvert.com>  Tue, 15 Jul 2014 13:06:31 +0200

authentic2 (2.1.2) trixie-eobuilder; urgency=low

  * (8c4225) release 2.1.2
  * (ba4675) registration_backend: do not mark all fields as required on
    registration form
  * (67a296) update NEWS file for release 2.1.2
  * (521e43) registration_backend: implement a complete RegistrationView to support
    custom user models
  * (2dc6ee) jenkins.sh: install optional dependency django-authopenid
  * (c79874) jenkins.sh: upgrade setuptools first, allow external and unverified
    sources for django-admin-tools
  * (b1c56e) setup.py: bump django-registration requirement to release 1.0
  * (8f7bf2) registration_backend: pass set_password_form to password_reset_confirm
  * (6e47e5) requirements.txt: allow fetching django-admin-tools from unverified
    sources
  * (e1e574) migrate code to use django-registration 1.0
  * (14418f) forms: removed unused argument user form UserProfileForm
  * (e5caca) saml/sync-metadata: Add support for mdui:DisplayName (fix #4181)
  * (e7c9d2) saml/sync-metadata: forge unique slug (fix #4192)
  * (837558) fix french l10n for email_change_body.txt
  * (ec775c) add idp saml templates
  * (209e26) idp/saml: send logout using iframe or img tags depending upong the sp
    option policy
  * (4a6789) saml: add field to sp option policys to control the way logout is sent,
    using iframe or img tags
  * (16b1ce) idp/saml: use a templat to render logout fragments
  * (b0d727) saml/common: in load_federation, pass missing template variable
  * (21dfe1) saml/common: only initialize qualifier if they are present
  * (7a5781) raise dependency on south to version 0.8.4
  * (37d117) update NEWS file
  * (01fcba) secure email_change view
  * (f6651b) bump release to 2.1.1
  * (c0b9a6) setup.py: add missing dependency django-admin-tools

 -- eobuilder <eobuilder@entrouvert.com>  Wed, 08 Jan 2014 17:37:29 +0100

authentic2 (2.1.0) trixie-eobuilder; urgency=low

  * (c7230c) release 2.1.0
  * (59bba9) distribute locale files of disco_service application
  * (09294b) saml: fix verbose name of defederation field of options policy models.
  * (988831) authsaml2: reply valid slo error message, provider to load is idp.
  * (7c1cae) templates: in logout.html block loading indefinitely to allow iframe to
    finish loading
  * (34e328) fix typo in last commit
  * (bb9bcf) log page url in logout console log of iframe_count
  * (08f61f) Revert "templates: define default console object in base.html"
  * (333692) log all modifications to the iframe_count
  * (406be1) templates: define default console object in base.html
  * (d928c5) authsaml2: use redirect_next helper function (bis).
  * (451350) idp/saml: change misleading log, process_logout_response used by soap
    and redirect.
  * (abe7dd) authsaml2: add missing back url from idp logout treatment.
  * (4577a2) authsaml2: factorize common treatment when receiving a slo and use idp
    logout treatment with redirect.
  * (7e7760) authsaml2: really handle the SLO return by redirect.
  * (06ef13) authsaml2: we do not need a view for local logout.
  * (39d8c3) authsaml2: merge processing functions for SLO return by redirect.
  * (ae6180) authsaml2: add missing relay state initialisation.
  * (7b2173) authsaml2: use redirect_next helper function.
  * (c7b760) authsaml2: remove logout view made to be called directly from the UI.
  * (f0bcff) idp/saml: use redirect_next helper function.
  * (f0d849) idp/saml: better manage sp options in service list generation.
  * (981389) saml/common: better federation creation and session key param added in
    session deletion functions.
  * (f4c775) saml: restore LibertyFederation.name_id_qualifier and
    LibertyFederation.name_id_sp_name_qualifier
  * (52e20c) app_settings: do not cache value from settings, access it directly
  * (6daa25) add settings to hide the password reset link on login page
  * (6a69f7) allow hiding the registration link in login page
  * (eba88a) saml: add function nameid2kwargs_federation only for use with
    LibertyFederation
  * (072fb9) saml/models: restore extraction of name_id_qualifier and
    name_id_sp_name_qualifier in nameid2kwargs
  * (d5cca1) idp/saml: in build_session_dump() add missing closing &gt; in XML dump
  * (9fe711) idp/saml: build_session_dump() do not add name_id_qualifier and
    name_id_sp_name_qualifier if they are empty
  * (9c8f8d) idp/saml: add missing property AssertionID when building session dump
  * (f5da02) saml/common: fix typos in session dump building.
  * (ea222c) authsaml2,idp/saml: rewrite build_session_dump to use thin sessions
    (session dumps without assertions)
  * (46a66e) authsaml2: use utils function to flush a django session in
    singleLogoutSOAP.
  * (3538b0) utils: helper function to get session store and flush a django session.
  * (d78a85) idp/saml: remove unused link from session to federation and storage of
    assertions
  * (4bb618) settings: do not force cached_db session engine, it can only used with
    a shared cache
  * (e44754) idp: wait for all iframe onload event before doing local logout
  * (f87568) Revert "idp/saml: add a utils module, start with session saving/loading
    functions"
  * (17d233) Revert "idp/saml: replace old session loading an saving by new
    functions local to the idp application"
  * (45d94d) idp/saml: only load/save federations if the nid_format used needs it
  * (b33196) idp/saml: replace old session loading an saving by new functions local
    to the idp application
  * (25ad16) idp/saml: add a utils module, start with session saving/loading
    functions
  * (cc0914) saml: clean unused import
  * (5c1587) settings: set default session engine to cached_db
  * (443c4f) settings: use cached template loader unless DEBUG is True
  * (c537e2) idp/saml, authsaml2: fix lasso method name to process logout response.
  * (0d6b05) idp: local logout only need to set a correct next page parameter (fixes
    #3859).
  * (b83da0) idp: reuse parametrable redirection timeout in logout template.
  * (a9bb69) idp/saml2_endpoints: load attributes once in sso_after_process_request
    (fixes #3377).
  * (7db38b) idp/saml2_endpoints: load attributes sooner and send them in decision
    signal.
  * (1f0845) idp/saml2_endpoints: don't use the same variable name for the two kinds
    of policies.
  * (03a74d) authsaml2: restore use of
    LibertyIdpOptionsPolicy.want_force_authn_request in setAuthnrequestOptions
  * (f08dfc) authsaml2: do not force the assertionConsumerServiceIndex in
    setAuthnrequestOptions
  * (d50616) settings: set logging level to DEBUG in the syslog handler when DEBUG
    is True
  * (c02b89) attribute_aggregator: fix bug where a dictionary is reused in
    user_profile module
  * (c094b7) attribute_aggregator: fix loop error in user_profile module
  * (e3d075) backends: convert ldap attribute names to str
  * (600ebf) backends: store password and ldap attribute for one full day
  * (61eac6) backends: ldap search function only accepts str not unicode
  * (69d60e) attribute_aggregator: if user object has a get_attributes method, try
    to import those attributes
  * (8ae900) backends: add new settings for LDAP servers: attributes,
    attribute_mappings and attributes_mandatory_values
  * (9a6345) attribute_aggregator: add accessors to retrieve all aliases of a
    definition and to test if a name is defined
  * (889eb9) attribute_aggreator: insert a hack in the attribute signal so that
    request.user can be accessed from the user profile attribute loader
  * (3737ea) attribute_aggregator: try/except block to prevent UserProfile linked
    exceptions has become useless
  * (42f008) idp/saml: only save federation when nid_format is persistent, prevent
    double federation creation when using eduPersonTargetedId
  * (fcdca8) update fr translation
  * (186139) templates: add templates for the email change view
  * (f72807) update fr translation
  * (d4c0cf) views: improve and fix messages around email change
  * (7903fa) update fr translations
  * (ec9a55) idp: add a link to the email change page on the account management page
  * (c2177b) update french translations
  * (20062b) add email change forms and views with email validation
  * (517574) views: refer to get_object_or_404 throught its module
  * (d3aadb) saml/common: in load_federation() remove useless debug logs
  * (881e02) saml/common: in load_federation() user is mandatory, so add an
    assertion
  * (fa14d4) forms: in UserProfileForm() do not allow editing the email field, it's
    sensitive
  * (d67b7f) forms: in UserProfileForm only mark present field as required
  * (8e2f18) setup.py: do not refuser to run when workdir is dirty
  * (434e82) backends: handle ldap server connection errors and log them
  * (93b477) saml: remove obsolete todo
  * (011dc5) saml: add the edupersontargetedid NameID format
  * (3a910c) saml: add the username NameID format
  * (73f215) idp/saml2/saml2_endpoints: simplify fill_assertion
  * (08b549) idp/utils: add a get_username method to adapt to new custom user models
  * (6ed15a) idp: restrict cleanup to authentic2 models, rename cleanup to
    cleanupauthentic
  * (666a3b) cleanup for 'empty' federations emitting a signal 'federation_delete'
  * (79804d) idp_openid/models: fix name collision in NonceManager.cleanup()
  * (a9e23b) saml: in SessionLinkedManager.cleanup() never clean django sessions
  * (e8d23c) idp_openid: allow to add actions in service list directly with a
    template.
  * (53cbb3) auth2_openid: fix last commit.
  * (389cfa) auth2_openid: message passed to on_failure is a list.
  * (fca344) auth2_openid: fix dissociation page, deprecated message_set and
    undeclared redirect_to shortcut.
  * (f082e7) auth2_openid: minor changes in few templates and bits of translation.
  * (7f59a5) auth_openid: Add a backlink on association management page.
  * (99b7a3) idp_openid: manage openid services with backend, do not use federation
    processor anymore.
  * (0e38d2) idp_openid: add links with RPs in context, allow to unlink from profile
    page.
  * (9367c0) attribute_aggregator/user_profile: link displayName ldap attribute to
    the get_full_name() accessor of user models
  * (2b0ef8) idp/saml/saml2_endpoints: compute attributes nearer to their point of
    use
  * (33fb91) idp/openid: normalize urls.py regexp
  * (4ec03e) idp/saml: do not log unkown provider message at the error level, it's
    just a warning
  * (274e76) saml: pass missing context variable redir_timeout to the error template
  * (fca162) saml: raise a validation error if lasso cannot parse the metadatas
  * (5cca9a) attribute_aggregator/user_profile: use operator.attrgetter to allows
    lookup for user profile sub-fields
  * (aa1bc9) attribute_aggregator: do not limit profile fields lookup look for all
    which have a definition declared
  * (9a31a9) attribute_aggregator/user_profile: remove method name from log messages
  * (1c4f73) attribute_aggregator/user_profile: profile fields can match many
    definitions now
  * (8d7d8e) attribute_aggregator: create an index of definitions by profile field
  * (eee4ac) attribute_aggregator: last migration depend on the last migration in
    idp
  * (647f1e) idp: fix migration 0011, it should send signal to new create new
    content types for the attribute aggregator application
  * (b0677b) Add OpenID IdP urls in not_hompage_patterns.
  * (7c439d) saml: fix deprecated import.
  * (499004) settings: set SENTRY_DSN default value to None
  * (db9a5e) idp_openid, auth2_openid: the syntax of 'url' changed in Django 1.5.
  * (6e2799) attribute_aggregator/mapping: mail is the standard LDAP attribute for
    mail not email
  * (3f21c2) settings: configure loggers after loading the local_settings file
  * (0feff3) saml/forms: remove debugging statements
  * (93e548) dashboard: fix paths to AttributeList and AttributeItem models
  * (f1fd43) backends: if ldap credentials are absent, just continue
  * (e4e6ee) attribute_aggregator: only load the LDAP source if activated
  * (6b5fae) dashboard: show all django.contrib.auth models im the "Users and
    groups" block
  * (2ade14) idp/saml/saml2_endpoints: fix call to backend.get_saml2_authn_context
  * (cb2b82) idp/idp_openid: Allow restriction of openid RPs.
  * (4fc119) idp/idp_openid: fix bad function parameter.
  * (090a01) idp/idp_openid: add missing import of settings.
  * (70f00c) idp/saml/saml2_endpoints: fix undefined orm query in
    sso_after_process_request
  * (f3cf5f) idp/saml: catch precise exceptions
  * (7811dc) attribute_aggregator: add empty migration to inform south that
    AttributeList and AttributeItem are now part of attribute_aggregator
  * (f08d8d) idp: add migratoin to migrate table for AttributeList and AttributeItem
    to the attribute aggregator
  * (0df455) idp/saml: only catch DoesNotExist exception in
    need_consent_for_federation
  * (3165fa) idp/saml: reduce log level for destination error to warning
  * (083975) idp/saml: removed unimplemented and unused functions
  * (b777ab) auth2_auth: remove unused signals
  * (e5ee53) idp/saml: remove catchall except
  * (0b9198) idp/saml: does not log user.username as the field could not be present
  * (d0b026) saml: do not directly access user.username as the field could not be
    there
  * (37700f) auth2_auth/backends: truncate username before saving it in the
    AuthenticationEvent
  * (f62137) auth2_auth/views: remove unused form WithNonceAuthenticationForm
  * (462a8b) auth2_auth/backend: adapt default login form to custom user models
  * (26e7fa) backends: add an USERNAME_FIELD to LDAPUser
  * (556da3) idp: fix migrations 0004
  * (c0cf59) dashboard: remove feed block from dashboard, as it forces an HTTP get
    to an Entr'ouvert server
  * (0cf207) backends: fix undefined variable errors
  * (c1cb0e) attribute_aggregator: add a simple source, which just call a method on
    the user model if it can
  * (e0bbc3) idp/saml/saml2_endpoints: remove method name from log messages
  * (9fd07b) AUTHORS: update
  * (f3ce35) idp/saml: add an urls.py file to conform to standard practices
  * (fe571d) idp,attribute_aggregator: move AttributeItem and AttributeList into
    attribute_aggregator
  * (dba00e) attribute_aggregator/models: simplify imports
  * (029610) idp: remove unused import
  * (2ba554) idp: remove unused UserConsentAttributes model
  * (01b760) compat: add variable use_attribute_aggregator to see if
    attribute_aggregator is being used
  * (f1775c) adapt recent migration scripts for support of custom user models
  * (955239) idp,saml: remove explicite import betwen models modules
  * (7d48e7) idp,attribute_aggregator: move a2.idp.attributes into the
    attribute_aggregator package
  * (de0e91) app_settings: add A2_HOMEPAGE_URL to add a no-homepage mode to
    authentic2 (like shibboleth)
  * (b42587) settings: use /dev/log as address of the syslog daemon, as not every
    syslog daemon is listening on the UDP port (rsyslog for example)
  * (becee1) settings: extract CACHE setting from environment
  * (294b8b) backends: after parsing json content, convert unicode string to byte
    strings
  * (c57042) settings: set log level to DEBUG when DEBUG is True
  * (121f7e) settings: set a default value for LDAP_AUTH_SETTINGS
  * (effae6) settings: add missing import for json
  * (009b5c) models: add source and updated field to UserExternalId
  * (b9902d) saml: add a new sp policy option, federation_mode
  * (9d5909) saml: add an app_settings module
  * (1707f4) idp/saml/saml2_endpoints: automatically convert password authentication
    context to password protected transport autn context when https is used
  * (b558d3) backends: support Active Directory, had mode where ldap users are not
    backed by a Django model user
  * (c139ce) update french translation
  * (8bb2e8) template: change welcome string for authenticated users in base
    template
  * (837208) cache: new module for utility methods with cache
  * (842cd9) settings: activate sentry logger based on the environment
  * (7070e2) settings: get LDAP settings from environment, activate LDAP backend
    when there are LDAP settings
  * (18895d) backends: add a bind_to_username option for LDAPBackend
  * (b99382) models: add UserExternalId to store external id linked to users
  * (4f1731) settings: remove local file handler, add mail_admins and syslog as
    default
  * (316506) fix default change password form (fix #3955)
  * (599b55) settings: allow more DATABASES keys to be set from environment
  * (3288d9) idp/saml/saml2_endpoints: log request content when receiving an invalid
    HTTP-Redirect request
  * (b4bac3) saml: update translation
  * (282c50) saml/admin: add a create from URL action for liberty providers
  * (f03e4c) authsaml2/backends,saml2_endpoints: use the system random generator for
    more security
  * (c46735) auth2_ssl: reorganize url conf
  * (f798e1) auth2_auth: fix wrong regexp in url conf
  * (6261a7) translation fix
  * (493c89) auth2_oath: comletely remove this module, as it does not depend
    entirely on Entr'ouvert copyright
  * (b67842) Fix erroneous title and copyright in file headers.
  * (12a513) saml/templates: in post-form.html wrap the send button with the
    <noscript/> tag
  * (5f2082) authsaml2: return from locallogout
  * (098f57) authsaml2: all errors does not have an url attribute
  * (a7d3ec) authsaml2: when using transient as persistent, also set nameQualifier
  * (43caea) authsaml2: fix undefined identifier
  * (429ad8) saml/sync-metadata: handle file with only one EntityDescriptor
  * (f3a4bd) saml/sync-metadata: setup the slug and name fields of newly created
    providers
  * (635758) saml/models: LibertyFederation.{sp,idp} fields can be blank
  * (98a1b5) saml2_endpoints: as Lasso 2.4.0 is still not release do not used
    ProfileRequestDeniedError
  * (b36c53) templates: on the logout page waits 300ms before redirecting to login
    page
  * (a0a935) idp/views: do not forget ending slash
  * (780f49) idp/saml: fix use of unicode characters in non utf-8 source code
  * (05700a) saml2_endpoints: change titles of redirection page
  * (4dea1f) idp/views: do not compute the logout list when doing local logout
  * (ef0748) idp: fix UnicodeDecodeError for attributes
  * (304a5b) saml2_endpoints: only raise a warning when continue_sso() view does not
    find a nonce paramter in its query string
  * (03926f) forms: define default USER_PROFILE list of field for the default user
    model
  * (0e60b6) saml: start indexing endpoints at 0 to work around bug in lasso in
    artifact constructions (the artifact endpoint index is always 0)
  * (50d63c) saml: start indexing endpoints at 0 to work around bug in lasso in
    artifact constructions (the artifact endpoint index is always 0)
  * (5d8250) forms: do not add related fields to the user profile form, only proper
    fields
  * (772825) start.sh: apply migration as they work now, fix django version
    requirement string
  * (fda942) nonce: really fix cleanup in NonceManager
  * (8b23e8) nonce: fix cleanup in NonceManager
  * (2a3568) MANIFEST.in: include MANIFEST.in
  * (a03bae) setup.py sdist: store version into the archive
  * (625399) setup.py: remove use_setuptools which install stuff inside current
  * (7f2a92) setup.py: don't depend on django during the setup
  * (51cfb0) saml: in migration 33 do not use the ORM when db.dry_run is True
  * (a6ad42) saml: fix migration from commit bb9ef6278
  * (2b09e1) idp_cas/views: fix indentation error introduced in commit 7ab2405a
  * (e9bb9d) idp/saml: simplify links() method
  * (ce06ae) authsaml2: implement persistent federation management with identifier
    in attributes.
  * (2bf62c) authsaml2/utils: register nameID in session at account linking.
  * (0a852e) saml: add identifier attribute field of idp options policy to admin.
  * (bb9ef6) saml: add south migration script for previous commit.
  * (5d7ad6) saml: add identifier attribute field to idp options policy.
  * (d01145) fix all misuses of naive datetime
  * (4b281d) registration_backend: allow overriding of set and change password forms
  * (035db3) saml: show slug field in admin
  * (00edd6) saml: fix typo in admin.py
  * (e752b7) saml: add slug field to LibertyProvider, use it as a natural key
  * (2f18b5) locale: modify some french translations
  * (849b21) models: fix typo in __unicode__ method
  * (8fbe4f) views: add a prefix to the edit profile form (refs #3249)
  * (ff113d) authsaml2: fix missing pk of transient model fixes #3353.
  * (b858c1) idp/models: use mapping variables now defined in loader file.
  * (390e9d) idp/attributes: use attribute aggregator evolutions for attrs provided
    at sso
  * (adaa17) attribute aggregator: Many changes, ldap, attribute processing begins
  * (4f9b96) attribute_aggregator: choose the core attribute mapping file.
  * (2f3c90) utils: add helper function to import from a module giving a string.
  * (77bf5b) saml: update fr translation
  * (3bfa24) README.rst: add paragraph on compilation of translations
  * (91c9e0) setup.py: update compile_translations command for new organization of
    translations files
  * (9c5bcf) locale,templates: dispatch templates and locale files to sub
    applications
  * (b8ff8b) remove dead application admin_log_view
  * (2305df) forms: get fields from model if no USER_PROFILE.
  * (0d1749) backends: check if ldap settings key exists is necessary at saving.
  * (a3fead) backends: add one mising default value in the ldap settings dict.
  * (090e80) saml: when no custom certificat chain is given for validating SOAP
    endpoints, prefer using urllib instead of the custom code written around httplib
  * (f32deb) views: ALLOW_ACCOUNT_DELETION setting was renamed
    A2_REGISTRATION_CAN_DELETE_ACCOUNT
  * (193ffe) idp_cas: legacy cas clients only accept cas: as a prefix for XML cas
    tickets
  * (7ab240) idp_cas: when the service url already contains a ? character, use a &
    instead of ? to add new parameters
  * (667245) authsaml2: fix url pointing to the delete federation view in templates
  * (5e73d2) authsaml2: fix bad use of load_federation_temsp() after its signature
    changed
  * (757985) saml,authsaml2: fix source code not adapted to new shema for liberty
    federations models
  * (4d29f9) templates: add missing csrf tokens in the totp_profile.html template
  * (3768b8) templates: comment out use of the autopenid special change password
    view
  * (abd977) saml/common: adapt lookup_federation_by_name_id_and_provider_id() to
    new LibertyFederation model
  * (fde1c9) saml: adapt common.get_provider_of_active_session() to new
    LibertyFederation model
  * (b4cb1b) saml: adapt common.add_federation to new LibertyFederation model
  * (fbc8f9) idp: remove unused model UserProfile
  * (a1f05a) idp/migrations: restore complete description of the schema, it blocks
    the automatic creation of new migrations
  * (2d932d) locale: update french translation
  * (e92033) saml.admin: add variable names in a translated format string
  * (24d89f) disco_server: add variable names in translated format message
  * (030f10) attribute_aggregator: remove translation of the empty string
  * (fc5333) idp/saml2: use %r to report dump of logout message in logs
  * (34d6ce) saml: remove unicity constraints on liberty federation models
  * (bd93ce) make scripts cwd blind
  * (f3ff3a) change project mailing list email
  * (e4fe77) migrations: adapt all migrations to Django 1.5 custom user models
  * (ab0c47) auth2_oath: adapt migrations to Django 1.5 custom user models
  * (a19448) auth2_auth: clean migrations
  * (dec409) migrations: undo rename as it breaks logs of already executed
    transactions
  * (3d83ac) migrations: remove dependency upon a now empty migration
  * (3ffc05) stay compatible with Django 1.4, remove all direct uses of
    get_user_model
  * (46166c) models: create new app around model authentic2.User
  * (4b0155) README.rst: fix installation instructions from pypi
  * (37e960) registration_backend: overload register() method to copy all user
    fields from the registration form
  * (1675b4) add developper scripts
  * (32e7d7) add a real registration backend
  * (3ac51e) jenkins.sh: chmod +x
  * (d34ed3) add jenkins script
  * (d69bca) saml remove LibertyIdentityDump and related dead code
  * (b5c6ae) saml: fix reference to authentic2.User in migrations
  * (0932f7) saml: fix migrations, site field was never added
  * (b50f12) saml: remove LibertyArtifact.django_session_key whic is clearly useless
  * (b1c8a1) saml: fix wrong schema declaration in migration
  * (e68d8e) saml: remove idff12 code, it was never finished anyway
  * (be2f28) saml: remove debugging print
  * (cde538) setup: bump minimal south version required
  * (430c1b) add documentation on how to write migration working with a custom user
    model
  * (3edfac) add missing file from commit 67ce861
  * (16c930) settings: move ALLOW_ACCOUNT_DELETION to app_settings.py
  * (67ce86) views: add a delete_account view on /accounts/delete
  * (892502) settings: set a reasonable log format
  * (4e64a8) saml: fix SamlBackend.links
  * (321a01) settings: add more settings take from environment
  * (41b7e0) Removing debian directory (will be add in debian branch)
  * (106d34) manage: remove dead sys.path manipulations
  * (452fd0) settings: take main settings from environment
  * (fd54b9) setup: complete MANIFEST.in with missing binary translation files
  * (8e4fdf) saml: improve admin panel for libertyfederation objects
  * (1c1c56) saml: really implement LibertyFederation.__unicode__
  * (83206a) remove dead imports
  * (9f6080) authsaml2: replace federation deletion by setting the user attribute to
    NULL
  * (a3360e) saml: add a LibertyFederation.termination_notified field
  * (88816c) saml: allow LibertyFederation.user to be null
  * (0fadbd) saml: add fields LibertyFederation .creation and .last_modification
  * (500702) saml: simplify LibertyFederation model, only store foreign to
    providers, not their entity ids
  * (57708a) debian: fixes add local_settings and fix install
  * (5ddda2) setup.py: cancel commit 3d6e0b61
  * (d1e4ef) debian: begin new version for squeeze
  * (3d6e0b) setup.py: fix new get_version
  * (840988) wsgi: add a wsgi file into authentic2
  * (182ebb) settings: to converge with other project, move default db path at the
    root of the project
  * (fa9e17) dashboard: fix broken model paths
  * (7bdff4) saml: set verbose_name and ordering of LibertyProvider model
  * (e3d7fd) add missing module authentic2.menu
  * (e4de2c) views: add a view to impersonate any user, use it for debugging
  * (d702af) admin: add custom menu
  * (1ab114) admin: customize admin forms for user models
  * (d946bf) admin: use django-admin-tool for authentic2 administration
  * (8098de) forms: fix wrong attribute name
  * (7e2475) ctl: add dev settings and use them for the control script
  * (01c55f) setup.py: add django to setup_requires
  * (0d3d14) forms: remove debugging statements
  * (0318df) attribute_aggregator: don't call loading function if nothing to load.
  * (cf7028) settings: fix project root path
  * (3dbff0) settings: fix prod settings
  * (f5cc27) settings: remove production settings from the common setting module
  * (91aa51) urls: django.conf.urls.defaults is deprecated since Django 1.5
  * (46802f) idp_saml: does not log an exception for a logout response with status
    RequestDenied
  * (f4050c) forms: forbid editing username in the profile form
  * (e62203) urls: fix bad import of settings
  * (353709) settings: integrate auth and idp backend configuration to prod setting
    file
  * (47e026) settings: remove obsolete STATIC_SERVE setting
  * (57e148) settings: add missing __init__.py
  * (f3f3e8) settings: reorganize them (bis)
  * (ac1ecc) settings: reorganize them
  * (cad465) models: add missing migration
  * (d8206b) fix wrongly removed import of regexp module
  * (706953) forms: mark required fields as such in registration form, change css
    class for required fields and fields with errors
  * (c63ef7) adapt all applications to Django 1.5 custom user model
  * (1b74b8) saml: fix __unicode__ method of LibertyProviderPolicy
  * (9844b2) forms: add css class for required or erronous fields on user profile
    form
  * (d95fec) forms: use user model REQUIRED_FIELDS list to set required field on the
    user profile form
  * (1f7c58) settings: do not run migration when running tests
  * (9fd720) hashers: add tests
  * (9bb9dc) hashers: allow password digest without salt in the generic hashlib
    hasher
  * (e21574) saml: change length of SPOptionsIdPPolicy.accepted_name_id_format and
    default_name_id_format
  * (c07065) replace ugettext by ugettext_lazy in all models.py
  * (05a5e3) idp_cas: add attribute provisionning through CAS tickets
  * (5d3bbf) hashers: add SHA256PasswordHasher
  * (98a4fa) setup.py: update get_version
  * (46338e) change needed version of django-registration
  * (f1300e) urls: fix url patterns
  * (9f72f1) attribute_aggregator: handle tuple in USER_PROFILE field list
  * (2b081e) setup.py: use get_version() to generate the version string
  * (0e212c) remove check-sdist.sh, comparable functionnality is in the python-
    entrouvert package
  * (586675) distribute local_settings.py.example
  * (3a14d0) distribute test files
  * (6ed525) translation: spelling fix
  * (ea7f64) fix a french translation
  * (6351f2) saml: move iso8901 function to saml2utils to be called without
    dependency on Django.
  * (7dbcd1) authsaml2: move to saml utils authnresponse checking and attribute
    extraction.
  * (b53474) settings: fix root logger setting
  * (913373) admin: only expose the user model if it is used
  * (5d362e) attribute_aggregator: fix user profile fields discovery without caption
    (removed in 293256).
  * (3ae50b) views: in EditProfile view, do not use get_success_url() to launch the
    synchronization thread
  * (78c9e9) fix indentation errors spotted by pylint
  * (2f06f7) add a local_settings.py.example
  * (293256) models: improve profile form and profile display
  * (98c853) Revert "models: use our own PermissionMixin to set the related name on
    Permission and Group objects"
  * (4e39fb) settings: add CsrfView middleware
  * (e78552) remove unused imports (test)
  * (c305e9) add scripts declaration to setup.py
  * (65283e) rename manage.py to authentic2-ctl
  * (effee8) models: use our own PermissionMixin to set the related name on
    Permission and Group objects
  * (1ec7c6) fix dependent version on django-registration (last try)
  * (b1ea83) fix dependent version on django-registration (bis)
  * (120307) fix dependent version on django-registration (bis)
  * (5fdb70) fix dependent version on django-registration
  * (b57096) setup.py: update dependencies and dependecy_links
  * (be6a04) fix LOCALE_PATHS setting
  * (1f2e03) context_processors: change signature of the UserFederations object
  * (9721e8) saml: enlarge SPOptionsIdPPolicy.default_name_id_format and
    accepted_name_id_format
  * (095982) forms: remove useless meta declaration in profile form
  * (a0f273) templates: logout only when all endpoints have responded
  * (54239c) saml: log as debug loaded identity dump
  * (ca4643) models: enlarge email field to user model
  * (6a8e74) forms: add check for duplicate username to registration form
  * (9a3e5c) registration_backend: adapt simple registration backend for custom user
    model with required fields
  * (0733ed) saml: build identity dump from federation objects, no more from
    identity dumps
  * (e44350) Adapt translation.
  * (369ab1) saml: simplify user message when redirected with a post.
  * (4767f6) hashers: transform passwords into bytes
  * (81631d) hashers: fix Drupal7PasswordHasher
  * (ea88a0) idp: Enhance consent
  * (d0949b) forms: adapt profile edit form to custom user model
  * (261476) README: update instructions on first install
  * (2d3c1f) context_processors: convert defaultdict to dict before return
  * (540ac1) context_processors: add a new context processor exporting a federations
    variable for fetching federations of users
  * (e82eb5) logout: do not log unicode value as simple strings (bis)
  * (07ea91) logout: do not log unicode value as simple strings
  * (df78f1) logout: fix sp initiated logout with more thant one sp logged
  * (b6ad46) views: only push to service providers having a federation
  * (17d844) views: when faking sso exchange for pushing attributes, do not save
    session
  * (c43549) fix typo in last commit
  * (1d109b) saml: use name to refer to SAML post form, as its order in the template
    cannot be garanteed
  * (62705f) interactions: add missing {% csrf_token %} tags
  * (e32a4a) idp/saml: add missing csrf_exempt decorators
  * (dc4ecc) urls: separate homepage from other views in main url file
  * (2bf0b7) update copyright year in base template
  * (10f7c8) saml: enlarge more fields
  * (86f9cd) idp/saml: set signature verify hint when verifying logout responses
  * (7a7165) idp/saml: simplify
  * (35ad1b) idp: fix wrong class reference
  * (c8c86d) saml: add accessor for liberty provider policy
  * (abf6ea) saml: add generic method to get policies
  * (cb8720) backends: improve error recovery
  * (ce583f) registration: use the simple backend (bis)
  * (0855e3) remove old way to include registration urls
  * (9a61db) registration: use the simple backend
  * (8a6e13) fix last commit
  * (57d1c8) saml2: use authn_request_signature_verify_hint as setting for logout
    request signature verify hint
  * (1d6c79) backends: use filter and not templates to find users
  * (ab1aaf) saml2: log unknown slo errors
  * (eb31d4) views: use a background thread to push attributes
  * (a984f8) Revert "[idp] Add method that returns a dict from a user profile."
  * (6a8526) Revert "[idp] Connect attribute filling signal to profile to dic
    function."
  * (b5c06a) idp: fix formatting of roles in account management view
  * (2665d5) views: switch to python-requests for pushing attributes
  * (3e1b41) add requests to requirements.txt
  * (a51ef2) hashers: add hasher class for Drupal 7
  * (bce318) [idp] SSO idp initiated with all SP at profile updating.
  * (f62f89) [idp] Connect attribute filling signal to profile to dic function.
  * (3e799f) [settings] Add a switch to activate push attributes at profile
    updating.
  * (258bef) [idp] Add method that returns a dict from a user profile.
  * (9c73f5) [idp/saml2] idp_sso may return lasso login and fix protocol binding
    setting.
  * (9ff5cd) Deactivate OpenID IdP feature by default.
  * (aa8060) [authsaml2] Use our User model in backend.
  * (5d45ed) migrations: fix migrations applied after the custom user migration
  * (e07538) saml: enlarge provid id field in LibertyFederation model
  * (24a204) backends: add mandatory group setting for LDAP directories
  * (0f5052) remove debugging statements
  * (887b8e) saml2_endpoints: in idp initiated endpoint, set allowCreate to True on
    faked AuthnRequest
  * (71cdab) profiles: add caption to profiles, improve handling of multi-values
    attributes
  * (ccb8d2) urls: add missing ending slash to profile/ url
  * (fc1748) attribute_aggregator: allow the user model to specify its exported
    fields
  * (9c299e) authentic2: expose User model in admin
  * (008226) backends: fix import of groups
  * (d91942) attribute_aggregator: create a role attribute to map groups
  * (64e9e3) backends: add mapping of LDAP group to Django groups
  * (cd7d80) attribute_aggregator: simplify user profile source
  * (3125ba) attribute_aggregator: change mapping of uid to username
  * (732f94) fix typo in last commit
  * (e505bd) idp/saml: if not request.id exists generate a nonce
  * (90f8a8) saml: enlarge KeyValue key field
  * (bb8010) saml: add adapter code for postgresql
  * (6b9c5c) saml: enlarge EntityID field in the LibertySession model
  * (35afb5) backends: add method to find the SAML2 AuthnContext from the backend
  * (440637) attribute_aggregator: replace user.get_profile() by user in the user
    profile source
  * (16617e) models: remove UserProfile, directly use the User model
  * (9fa1a5) backends: convert ldap_data before trying to compare it against unicode
    values
  * (429cf9) backends: decode value extracted from LDAP before passing them to User
    model
  * (0e48dc) settings: add TransactionMiddleware
  * (7efb28) backends: use group of names to set the superuser group
  * (23d25f) backends: in LDAPBackend only save user when returning it
  * (d71c72) profiles: improve edit profile form
  * (81c049) store backend in user model, update attributes in LDAP
  * (27ffa3) auth2_auth: do not overload /accounts/password/change/
  * (a22bed) fix error in last commit
  * (08b91f) adapt ldap backend to custom user model
  * (7ac1e3) adapt manage.py to django 1.4
  * (459727) attribute_aggregator: map classic "uid" attribute to the get_short_name
    method of the custom user model
  * (2122c1) models: in the custom user model build shortname using the username
  * (d38814) attribute_aggreator: in user_profile source allow field to be callable
  * (78cec0) attribute_aggregator: in user_profile also extract attributes from user
    object
  * (475800) backends: add multi-ldap authentication backend
  * (49971e) use custom user model from Django 1.5
  * (99a092) auth2_ssl: fix error_ssl view name
  * (17fee0) views: replace password_change_done by a redirect to the profile page
  * (f69f32) fix userprofile edition/creation forms
  * (b57cef) style.css: add style for the messages block
  * (7c1e23) templates: move messages block into the base template
  * (96d002) settings: set default to only use the login/password backend
  * (58bb5d) fix correct dependencies versions in setupt.py and requirements.txt
  * (6d9ab5) remove the included django-registration
  * (1fe993) do some cleaning
  * (ee61e6) adapt to django 1.5 removal of function based generic views
  * (47349d) templates: use new syntax for the {% url %} tag
  * (e137f7) idp,saml: add missing dependencies toward other migrations
  * (318667) idp_openid: add missing migration
  * (987932) fix typo in COPYING file
  * (710137) coin
  * (ea2004) requirements.txt: start a requirements file
  * (b9656d) manage.py: move it to root of the project
  * (93a4c1) settings: do not load the auth2_openid and auth2_ssl applications if
    not needed
  * (3529f1) settings: do not block on missing debug toolbar when DEBUG is True
  * (5f0f35) saml2_endpoints: default to transient if no default name id format has
    been set
  * (12c9e8) Only check the AuthnRequest destination if the request is signed
  * (9b785a) Fix typo.
  * (8fe235) [disco_service] Capture all exceptions at service provider lookup.
  * (f2f09e) [disco_service] Responder part of the discovery service.
  * (797074) [authsaml2/saml] Add requester discovery service support to authsaml2.
  * (e819eb) element tree node can be equivalent to False, add explicit None test
  * (20ee37) [idp] Prevent access of transient users to profile views.
  * (73f599) Update README.
  * (f7f681) Update release version in documentation header.

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 12 Dec 2013 18:50:07 +0100

authentic2 (2.0.2) trixie-eobuilder; urgency=low

  * (8b6ae3) Release 2.0.2
  * (94d342) Update release version
  * (5446cc) [doc] Update installation part of the documentation.
  * (b31952) Distributable package of Authentic2 manage with Setuptools.
  * (03bc20) [http_utils] prefer using pycurl instead of M2Crypto to retrieve HTTPs
    URLS as it supports server name indication
  * (4b23a2) [idp/saml] Remove unecessary line.
  * (b7b715) [doc] Fix typo.
  * (bbf67a) Update in README a remaining reference to GPL to AGPL.

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 11 May 2012 17:53:13 +0200

authentic2 (2.0.1) trixie-eobuilder; urgency=low

  * (865bd1) Release 2.0.1
  * (afaaa8) Update release version.
  * (adbd86) Update package files for distribution.
  * (26652c) Update documentation version.
  * (35b524) Filter private key of Lasso Dumps before logging.
  * (8a8776) Remind that collectstatic is not necessary in debug mode.
  * (8515e6) get_and_delete_messages() was deprecated in Django 1.2 and removed in
    Django 1.4, fix that
  * (d87322) [idp/idp_openid] Don't display secret of associations in admin.
  * (d8c751) [idp/idp_openid] Remove vim instruction in prologue.
  * (f38ddc) [idp/idp_openid] Remove auto_now_add.
  * (c43e5c) [idp_openid] Disable HTML encoding of openid metadata.
  * (2a3765) [doc] Add a word about the SAML SP protocol policy.
  * (c2132a) Use csrf token in each form.
  * (172f31) CsrfMiddleware removed and CsrfViewMiddleware by default.
  * (dfaecf) Update settings with LOCALE_PATHS.
  * (7ff08a) README and doc updated, dependency on Django 1.4.
  * (a3ee9c) ADMIN_MEDIA_PREFIX in settings deprecated with Django 1.4.
  * (e9c367) [doc] Update part on the debug-toolbar-dependency.
  * (0ca26b) [doc] Update download page.
  * (2cf3fb) [doc] Authentic 2 SAML2 SP, how a transient nameID can be handled.
  * (49f03a) [doc] Fix inconsistency on the SAML2 SP and IdP configuration.
  * (ccc0d0) [utils] fix bug in cache_and_validate
  * (d6929f) Remove dependency on openid in the base template (bis)
  * (cc70ed) Remove dependency on openid in the base template
  * (e77b33) [idp][saml] pep review on saml2_endpoints.
  * (5ba8ab) [authsaml2] pep8 review on saml2_endpoints.
  * (7b3607) [authsaml2] Remove uncessary if statement.
  * (52d311) [authsaml2] Allow to reask for authentication when a transient nameID
    is received.
  * (2edb7a) [idp][saml] Don't ask user consent for federation when a transient
    nameID is served.
  * (cb002e) [doc] Aword on debug mode by default, statics and the debug toolbar.
  * (bd9698) The debug-toolbar dependency in DEBUG mode.
  * (156eb5) [idp] Don't try to add data to profile when not found.
  * (643a99) [idp] Remove useless OrderedDict.
  * (e4f164) Fix authentic2.idp.saml.backend.SamlBackend.service_list()
  * (7434bd) [setup.py] remove requires
  * (516df8) Enable debug mode by default.
  * (9a39d2) Fix typo.
  * (577249) [attribute_aggregator] Fix error at profile creation with transient
    users.
  * (d8ec3b) Remove endline space in settings.
  * (609b9c) Disable debug by default
  * (461e39) Reference deb.entrouvert.org for installing Lasso
  * (7b34bd) Remove instruction about installing django-registration as it is
    included in authentic2
  * (070b42) Add instructions about python-ldap when install django_auth_ldap
  * (601151) [idp&attribute_aggrator] limit dependency on python-ldap
  * (f5e9e5) Update translations.
  * (a4097d) [attribute_aggregator] Enhance display name in mapping.
  * (2570a6) [attribute_aggregator] Remove unnecessary extensive use of ugettext.
  * (39c940) [attribute_aggregator] Remove unnecessary parenthesis in syntax values.
  * (92e7c3) [doc] Missing installation instruction.

 -- eobuilder <eobuilder@entrouvert.com>  Fri, 27 Apr 2012 14:03:10 +0200

authentic2 (2.0.0) trixie-eobuilder; urgency=low

  * (95b0ef) Release 2.0.0
  * (098681) Add missing static files.
  * (a40c0c) Preparation for release 2.0.0
  * (c3e33c) Fix typo
  * (150158) add an AUTHORS.txt file
  * (c15f4b) [doc] Use Lasso 2.3.6.
  * (d5421f) [doc] remove link to PDF file.
  * (5535a3) Use the latest Lasso release 2.3.6.
  * (01830e) [doc] Prepare documentation for the release.
  * (0e596f) [doc] Fix title underline too short.
  * (4cacd2) [doc] Fix title underline too short.
  * (f346bd) Use name Authentic 2
  * (c08956) Use name Authentic 2
  * (947d38) Use name Authentic 2
  * (492aff) [doc] Use name Authentic 2
  * (8ef4fd) [doc] Add a page about settings.py.
  * (bd7f68) Ignore compiled FR language file.
  * (b187a3) Bits of traduction.
  * (43e915) [templates] Change content in header.
  * (ec0525) [templates] Missing traduction tags in oath login form.
  * (9d9844) [saml] Don't show unused model in admin.
  * (13ca80) [saml] Add missing verbose names of model fields.
  * (99df51) [idp] Add missing verbose names of model fields.
  * (d8b6e7) [authsaml2] Remove typo in error message.
  * (21704a) [attribute_aggregator] Add missing verbose names of model fields.
  * (1361e2) [idp] change service_list() interface
  * (fd894d) [saml2] in idp_slo, send all known session indexes for the current
    session and the given provider
  * (013da0) [saml2] make transient NameID persistent for a session duration
  * (fe81ab) [saml2] fix typo in idp_slo
  * (046595) [saml2] add if case for OATHOTP backend when creating
    authncontextlclassref from backends
  * (9629f7) remove debugging print statements
  * (cb527b) [saml] do not filter on an absent field of LibertyProvider
  * (46c3d6) remove useless line of code
  * (57fc07) Bits of traduction.
  * (9de7dc) Fix static images path in the openid js library
  * (a533d0) [saml2] forward oath-totp authentication as TimeSyncToken
    AuthenticationContextClassRef
  * (6fa51b) [auth2_oath] rename security level from oath-otp to oath-totp
  * (1e4ba4) remove debugging print statements
  * (ed247a) [auth2_ssl] Fix lost next parameter
  * (09ca6e) [authsaml2] Give provider in GET parameter to sp_slo
  * (b22def) [idp] Always return next or icon in idp_slo
  * (65e379) [authsaml2] Encode in utf-8 the session dump
  * (24f8de) Ignore static directory.
  * (2e5bf6) [doc] Consent management doc page.
  * (80b468) [idp] Always send prior if there is an existing federation.
  * (b2f8bb) [idp] Enhance consent management on the IdP side.
  * (70a32a) [authsaml2] Accept prior consent for account linking.
  * (0d1037) [authsaml2] Enhance consent management on the SP side.
  * (c2e58e) [idp] Consent page with attribute selection or all-or-nothing.
  * (da3942) [idp]  Add an attribute selection page.
  * (008592) Merge branch 'master' of repos.entrouvert.org:authentic
  * (65f782) [doc] Update index, center images, add logo.
  * (3081e0) [doc] Single logout management.
  * (b8faf5) [auth2_oath] add a google-authenticator like QRcode display
  * (55394c) Move to Django 1.3 way of handling static files
  * (f8f34e) [doc] Link for the documentation in PDF on the project website.
  * (efb9a9) Revert "[doc] Add a repository with a readable documentation."
  * (7c4cab) [idp] Add policy option to not forward SLO to a SP.
  * (50e8e5) [idp] Policy option to accept slo requests coming from an SP (really
    concluded).
  * (1f0699) [idp] Policy option to accept slo requests coming from an SP
    (concluded).
  * (db4237) [idp] Policy option to accept slo requests coming from an SP.
  * (5344da) [idp] Add policy option to not forward SLO to an IdP.
  * (e1f808) [authsaml2] Policy option to accept slo requests coming from an IdP.
  * (0f6a87) Remove deprecated has_key() statement.
  * (5f7df1) [saml] Unicode method for LibertyFederation model.
  * (97fc51) [saml] Remove unnecessary for statements.
  * (ced0fe) [idp] Remove unnecessary import.
  * (da311d) [authsaml2] Remove unnecessary for statements.
  * (f220c9) [idp] Call local logout with an iframe
  * (fdbf33) [doc] Link in the html doc on the pdf version.
  * (d730d7) [doc] Add a repository with a readable documentation.
  * (64f904) [doc] remove documentation building files from the repository.
  * (68fd23) [git] ignore documentation building files.
  * (f63cb2) [saml] Bugfix in session deletion.
  * (035e5c) [saml] Accept SOAP message with the charset in the content type.
  * (535555) [idp] Improve Single Logout management.
  * (c575c3) [authsaml2] Handle the Single Logout proxying.
  * (45333a) [authsaml2] Consider that all kinds of nameId not transient are
    persistent.
  * (95335c) [authsaml2] Better manage attribute extraction from assertion.
  * (36fd58) [saml2] add a check_id_and_issue_instant method to prevent replay
    attacks
  * (baecdc) [nonce] add a new Django app for nonce storage and management
  * (f079c8) [auth] add needed class variable to authentication backends
  * (d3e643) [idp saml2] when failing AuthnRequest validation for a missing public,
    show a message
  * (5c3464) [attribute_aggregator] Remove expensive unicode method
  * (308778) [attribute_aggregator] Fix absolute path
  * (9aa547) [idp] Update SSL backend path at assertion filling
  * (eea9e2) [attribute_aggregator] Fix missing absolute path
  * (f21137) Fix missing absolute path
  * (d23bb1) [idp] Attribute policies can now be managed with global policies.
  * (42a602) [idp] Hide namespace field of LdapSource model, always Default.
  * (12efb6) [idp] Extract oid from urn of names of attribute with URI name format.
  * (f2ab22) [idp] With the URI name format, the attribute name is an oid formatted
    as a urn.
  * (01d47b) [idp] Default attribute name format is now URI, not BASIC.
  * (7febf7) [idp] Better display of attribute policy name.
  * (937e6b) [doc] New bits of documentation
  * (960ae6) [idp] Handle new dictionnary of saml assertions provided by authsaml2
  * (cb6d66) [authsaml2] Load more data about assertion in session
  * (5f69bc) [doc] Update documentation built
  * (0c6ebc) [doc] New bits of documentation.
  * (717828) [saml][authsaml2] Modify SP configuration and add SP SAML2 options
    policies
  * (eae644) [authsaml2] Remove obsolete file.
  * (ee3656) First bits of documentation using Sphinx.
  * (d28263) Merge remote-tracking branch 'remotes/origin/attribute-mgmt'
  * (532299) [idp][saml] Handle unicode in artifacts
  * (213fc5) Merge branch 'master' into attribute-mgmt
  * (e4db38)   [idp] Conctenate values of differente sources
  * (a48e58) [authsaml2] set session expiry time in sso_after_response if assertion
    has a SessionNotOnOrAfter attribute (fixes #737)
  * (4a834d) [saml] add get_session_not_on_or_after method (refs #737)
  * (4bd1b3) [authsaml2] cleanup admin and urls module
  * (dd3a5b) [authsaml2] cleanup utils module
  * (64a7e5) [authsaml2] cleanup saml2_endpoints module
  * (3b1bb6) [readme] add reference to pam module author, document setting variable
    to define the PAM service name
  * (579815) compute backend path from local informations
  * (08b464) clean authsaml2.models
  * (09fb62)   [authsaml2] Load attributes in session once again.
  * (be2023) [idp] No signal name modifications but profile management removed
  * (873dd7)   [idp] Support profile loading and extraction according to sp policy
  * (185fbf) [idp] Add new models to model administration interface
  * (0d76e1)   [saml] Add a field to SAML SP class for an attribute policy
  * (a87c43)   [idp] New model for attribute policy for pushing attributes to SP
  * (d81131)   [idp] Add attribute aggregator application
  * (19154f) add the license from the django-pam code (MIT like)

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 22 Dec 2011 22:03:26 +0100

authentic2 (univnautes.2) trixie-eobuilder; urgency=low

  * (b1fe60) add the forgotten external module for PAM backend
  * (5b3fa8) [saml2 idp] handle ElementTree attribute value as XML inline content to
    embed in a saml:AttributeValue tag
  * (75c7c0) add pam authentication backend

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 03 Oct 2011 16:36:04 +0200

authentic2 (univnautes.1) trixie-eobuilder; urgency=low

  * (83206e) add decorator to cache dynamically generated data inside a view
    function
  * (f7fe8d) [idp saml2] use smart_unicode to encode attribute values
  * (6057e8) [saml] change format initial data fixture from YAML to JSON
  * (6fc3be) fix typo in sync-metadata
  * (dea777) [saml] initialize default and accepted NameID formats when loading
    metadata in bulk
  * (c373be) [idp] Handle adding of attributes with a friendly name
  * (3a2c6b) in add_user_profile_attributes handle SiteProfileNotAvailable as
    advised by django documentation
  * (a9eb81) Add a module to perform HTTP GET with proper certificate checks
  * (eff4ca) [authsaml2] show the service provider display name in the logout page
  * (401bd0) [idp saml2] only set signature_verify_hint when a service provider is
    found
  * (5c97ab) [saml common] add logging to metadata WKL handling
  * (13e40d) [settings] do not filter ImportError not related to finding the
    local_settings module
  * (48dc38) Fix symbols imported from the wrong module
  * (625a17) Add external dependency django-registration
  * (1fd5a0) Update COPYING for external modules or derived from external module
    distributed with authentic2
  * (63f5b6) [idp] remove unused imports, remove * imports, remove long lines
  * (431456) [saml] remove unused imports, remove * imports
  * (35d500) [idp] remove unused imports, remove * imports, remove long lines
  * (77ffa4) [idp views] remove unused imports
  * (5b76c4) [README] add django dependency, add dependencies needed versions
  * (31aab9) [saml admin] add an updata_metadata command on LibertyProvider object
  * (9367e3) [settings] use Django 1.3 way to setup loggers
  * (53757c) Adapt to 1.3 signature for fields methods
  * (207a9b) [setup] fix setup.py after running pylint
  * (2f7a44) [idp.saml2] handle the 'cancel' return from login pages by return
    RequestDenied
  * (bb89ac) Switch to AGPL3.
  * (c95c3d) [settings] add SIGNATURE to the key name for SAML public and private
    key settings
  * (2a68b7) [authsaml2] Add a debug log
  * (839e98) [authsaml2] Missing debug log
  * (07f46a) [authsaml2] Add setting option to display message
  * (231931) [idp] remove initial_data fixture
  * (35d5bd) [idp saml2] set signature verify hint from the service provider policy
    setting
  * (f1b0ad) [saml] add a policy model for liberty service providers
  * (c9aa26) [Registration] Display success page after registration
  * (5aa992) [idp] Backend not recognized by registration app when upgrading to
    django1.2.5
  * (5b58e7) [saml] move redirect_next into saml.common
  * (3a5b66) [authsaml2] use iso8601_to_datetime to parse notBefore value
  * (faff81) [authsaml2] fix NameError in errorpage call

 -- eobuilder <eobuilder@entrouvert.com>  Mon, 12 Sep 2011 16:15:53 +0200

authentic2 (1.9.1) trixie-eobuilder; urgency=low

  * (e2e773) Release 1.9.1
  * (f8c049) [idp] add a default attribute provider using the user profile
  * (7c8fd1) [saml] remove authorization and attribute callback test implementations
  * (ee76fa) [saml] fix retrieve_metedata_and_create, implement missing
    IdentityProvider initialization
  * (00fd22) [authsaml2] allow autoloading of identity providers in the POST
    assertion consumer
  * (6b044a) [authsaml2] import missing symbol redirect_next()
  * (cbf4a0) [saml] in load_provider() call full_clean() no just clean()
  * (13ece9) [saml] LibertyProvider: metadata validity is already checked in
    clean_fields()
  * (05d8a6) [saml] do not import datetime.datetime
  * (1a4326) [idp saml] fix log statement
  * (54bbb2) [idp saml2] work around bug in lasso dump/load code for the LassoLogin
    object
  * (3da0f4) [saml] do not allow autoloading of saml providers from anywhere
  * (b48fb8) [saml] separate session dump from the sp and the idp side
  * (680157) [idp saml] clean comments in the backend module
  * (7c4593) Remove useless Makefile since we use south
  * (2f21a5) [authsaml2] hide profile section when federations and identity
    providers are absent
  * (a87a27) [idp cas] fix typo in cleanup() method of the NonceManager
  * (5b38b7) [idp] remove the AdminBackend, add an explicit link into the homepage
    instead
  * (66c3a3) [README] add a feature section
  * (beb911) [idp saml2] remove ID-FF 1.2 urls
  * (6ebcec) [core] add templates for the profile pages
  * (b8c006) [idp] overload django cleanup management command to clean all cleanable
    models
  * (0b8bc5) [settings] reorder settings keys, make all idp and authentication
    backends optional
  * (6af7a2) [settings] remove obsolete IFRAME setting
  * (f89a61) Merge branch 'profile'
  * (1d8b8a) [authsaml2] Slo idp init and logging
  * (f01ba6) [idp][saml] Slo idp init and logging
  * (ec3fff) [idp] Do not show services to transient users
  * (942b65) [authsaml2] redirect on root when sso is IdP initiated
  * (408b90) [idp][saml] Idp initiated by post
  * (6c38c9) [idp][saml] Modify parameters given by service_list
  * (8ff124) [saml] Add a bit of logging
  * (51f5b1) Complete the LDAP section of the README file
  * (5d10d7) [idp] extend the account management page with a profile section
  * (05abd3) [core] plug profile editing page in the url dispatcher
  * (d5de1b) [settings] configure the profile class
  * (1df382) [core] add execute mod bit to manage.py
  * (18807a) [idp] new user profile model
  * (46968f) [idp][saml] add logger to error page
  * (50c713) [authsaml2] Modify logging message when an error page is returned
  * (a8dd18) [saml] Remove unecessary lines
  * (a71e5a) [settings] Modify logging formatter
  * (4ecfe5) [idp][saml] Add logging messages
  * (cc29bf) [authsaml2] Moodify logging messages
  * (425bb3) [saml] display federation_source in the liberty provider editing page
  * (880ac9) [saml] remove unicity constraint on the LibertyProvider.name field
  * (b01e83) [idp] Missing files for the consent
  * (9a998a) [authsaml2] Remove cancle link from login form
  * (905d69) [idp][saml][idff] interaction modifications
  * (87e9d8) [idp] add back link to account management page
  * (0c8d1c) [idp] Consent mangement for federation
  * (d5bb4d) [authsaml2] SAML2TransientUser object more conform
  * (a7f1a2) [authsaml2] Push attributes in assertion in session
  * (912a55) [idp][saml] Display attributes to the consent form
  * (0424bd) [idp][saml] Signals and consent in progress.
  * (a53558) [idp] Define new signals
  * (8d5310) [saml] add RelayState hidden field in the post_form template
  * (90789a) [idp] fix typo in template
  * (22dec7) [authsaml2] Better handle provider loading
  * (8ac746) [auth2_ssl] Translation in template
  * (4ad87d) [idp] Begin to deal with the user consent for federation
  * (3552ba) Enclose redirect by post in a <div>
  * (f280a8) [idp] Remove debug print
  * (82accc) [saml] soap_call function does not handle a not accepted client
    certificate
  * (68b279) [idp] Fix redirect function
  * (3d9653) [authsaml2] Manage logout from the backend
  * (ed5c5a) [authsaml2][saml] cleaning
  * (b4f1f0) [idp] Don't display account management link with transient users
  * (500c0b) [idp] Post forms to frontends for the profile mangement.
  * (9d1afd) [authsaml2] Account management
  * (120bea) [common] Handle idp_id parameter of LibertyFederation objects
  * (7898c0) [auth2_ssl] cleaning and pep
  * (e25c1a) [auth2_ssl] Account management
  * (ff7de7) [Feature #271] : Make SSLAuth a good citizen of Authentic2 - cleaning
  * (f14b59) [auth2_auth] Bugfix
  * (e85361) [authentic2] Configure settings for the auth2_ssl application
  * (3c83b4) [Feature #271]: Make SSLAuth a good citizen of Authentic2
  * (3fefcc) [README.rst] add a Roadmap section
  * (1fdc20) Merge branch 'idp-cas'
  * (fdd839) [idp] add a CAS 1.0 and 2.0 IdP implementation
  * (09af3a) [sslauth] pass the nonce parameter to the sslauth view
  * (1e60b4) [auth2_auth] enlarge the nonce field in the AuthenticationEvent model
  * (3bf5db) [auth2_auth] in normal login and OAth login, log the username not the
    user id
  * (2a59ac) Improve python packaging for release 1.9.1
  * (0d1579) Remove README from idp_openid, append it to root README.rst file
  * (864d14) Fix login forms div's id for OAth and SSL
  * (725e23) Remove symlinks in media/ks
  * (13b701) Remove symlinks in media/img
  * (a91e17) Fix syntax error
  * (389c78) [settings] remove django-debug-toolbar requirement, make south a
    requirement
  * (89fcc4) Add a script which tell version of library dependencies
  * (5c0817) Move templates and manage.py into authentic2 module directory
  * (303c5a) Move admin file into auth2_auth module directory
  * (f85c9e) [README] add easy_install command lines, fix django-south module name
  * (d06753) Change projet URL in setup.py
  * (251a52) [README] add command line to install all python modules using pip
  * (08ce13) [README] simplify the syncdb/migrate command lines
  * (6ed8cc) [README] django south is required
  * (011d45) [saml] in the POST form, check the relaystate fragment is not None
  * (93c6fb) [authsaml][common] Manage authorization based on attributes with
    signals
  * (709bb4) [templates] Allow timed redirection on error page
  * (a72727) [saml] authorization and policy management enhancements
  * (8c321c) [authsaml2] Authorization enhancement and better policy management
  * (126f9a) [idp openid] no more manage your openid identities page
  * (b96f6b) [saml] track provider sources 3/3: change load-metadata into sync-
    metadata
  * (309a0d) [saml track provider sources 2/3: add a --source option to the load-
    metadata management command
  * (43d7eb) [saml] track provider sources 1/3 : add new federation_source field to
    LibertyProvider
  * (f07bd7) [core] integrate the South db migration library
  * (5a52f7) Add auth2 prefix to all authentication applications
  * (ea22d9) Add auth2 prefix to all authentication applications
  * (1ab5db) Remove django_openid_provider module
  * (5fa2d5) [authsaml2] fix bad path for symbol get_idp_list_sorted
  * (6ce403) [media] add the openid logo
  * (2d6274) [templates] explain in the ssl template that authentic2 support sel-
    asserted certificates
  * (a3142c) [auth] prefers relative URLs for redirects
  * (66083d) [auth] allows to delegate context building to the frontend class
  * (e77d4b) [idp openid views] add more logging
  * (689dbf) [saml] improve PickledObjectField to be dumped to JSON
  * (a29460) [settings] configure loggers
  * (6ce276) [auth] add templatetags for fully urlencoding a string (even slashes)
  * (a276ab) [idp openid] add template for the discovery page
  * (98a5fb) [auth openid] in the user consent page separate required and optional
    attributes
  * (353d9f) [idp] remove logging framework initialization
  * (f84b1d) [authsaml2] add a get_context method to the frontend class
  * (f0e395) [auth] plug the oath login template in the frontend class
  * (a4b314) [auth] add an OATH specific login template
  * (b3a4a1) [idp openid] improve interoperability with http://test-id.org
  * (a9eaed) [idp openid] cleaned_data is not a dict
  * (c31f2c) [idp openid] fix decide template, fix template path
  * (141d4b) [idp openid] fix the decide page
  * (800196) [idp openid] add missing models import
  * (9b490f) [auth views] if already logged but a POST is being sent, keep going
  * (10d3ba) [idp openid] add OpenIDStore implementation based on Django models
  * (79f1f4) [idp openid] add middlewre which announce our XRDS file
  * (10ccd3) [settings] remove the IDPOI_PATH setting, replace
    authentic2.django_openid_provider by authentic2.idp.openid
  * (c5e07a) [urls] include urls patterns from the idp.openid module
  * (4d0b6b) [idp openid] simplify openid provider, only support directed identity,
    add attribute selection to consent page
  * (09ec76) [idp openid] remove the server template
  * (540e87) [idp openid] add method to convert openid response to django response
    to utils
  * (798322) [idp openid] remove OpenID model, anchor TrustedRoot to user id, not
    user object
  * (2ae8f4) [idp openid] update models registration in admin site
  * (9d364d) [auth views] in login() if nonce is not None, show the login forms
  * (25fb60) [auth views] add a custom redirect to login page
  * (926b18) [authsaml2] add a cancel button
  * (b9f9f3) [templates] add openid meta declaration to the base template
  * (6b634d) [idp views] remove unused imports
  * (f79c48) [idp openid] add template tag to display html meta header to link to
    the xrds file
  * (fcf5ab) [idp openid] improve PEP8-ness
  * (baaf24) [idp openid] add an OpenIDStore using the Django ORM
  * (8a0ee5) [idp openid] import of the django_openid_provider projet code
  * (89c98d) [auth totp] only show totp profile options for real users
  * (387a42) [authsaml2] Do not display to users the error details
  * (8bfc87) [authsaml2] Record in the django session - remove extra code
  * (caae62) [authsaml2] Better register the request id in the extended session
  * (445ac3) [authsaml2] Better manage django session extension
  * (198df9) [authsaml2] Fix null model attributes
  * (4d9789) [authsaml2] Remove endlines
  * (6f340f) [authsaml2] More logs
  * (6ad49b) [authsaml2] Breaking lines...
  * (07394e) [authsaml2] Breaking lines continue...
  * (0198c3) [authsaml2] Clean the code
  * (04548c) [authsaml2] Generic next parameter.
  * (ba301a) [saml] Logger in parameter to error page function
  * (a0757a) [authsaml2] Manage federation
  * (23b79e) [authsaml2] Bugfixes
  * (328393) [authsaml2] Add option for account management with transient nameID.
  * (f8ec45) [templates] Missing jquery script
  * (6821ce) [authsaml2] Check attribute values before log in.
  * (efb4b5) [idp saml2] fix typo
  * (e49f86) [django_openid_provider] fix typo
  * (9cddca) [django_openid_provider] simplify format checking of new openid
    identifiers
  * (811ebc) [django_openid_provider] for HTTPS checking just lookup the variable
    name in the environment
  * (42f9bd) [django_openid_provider views] fix undefined variable in match
  * (7cf7bb) [django_openid_provider] remove useless code
  * (641095) [django_openid_provider] copy get_base_uri implementation from old
    version of django_openid_provider
  * (74de7f) [django_openid_provider] copy django_response implementation from old
    version of django_openid_provider
  * (372fc1) [authsaml2] remove user logged case in the assertion consumer
  * (1805d8) [saml] improve load-metadata command, shows whether we are creating a
    provider record or updating it

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 03 Mar 2011 18:14:14 +0100

authentic2 (1.9.0) trixie-eobuilder; urgency=low

  * (ebad61) Add note to the README file about using the SAMLv2 IdP
  * (047028) Add file from included external dependencies to MANIFEST.in
  * (8d0ee2) Remove reference to ID-FF 1.2 from the README
  * (7665fc) [vendor totp_js] update from upstream
  * (f170cf) Add a script to control content of the built distribution tarballs
  * (606899) Distribute authentic2/locale not locale
  * (cbe9c7) Add MANIGEST to .gitignore
  * (bea866) Add javascript files from the totp_js package
  * (0254cc) Move LDAP use instructions to the main README file
  * (64cac4) [idp saml2] add support for the LDAP backend as a login/password
    authentication
  * (8e8c8f) [authsaml2] fix typo
  * (756c3d) Fix badly placed end of list marker
  * (d17dcf) Add README explaining how to use LDAP with authentic
  * (5d39f2) [authsaml2] keep the issuer and nameid inside a specially named
    attribute
  * (9a0b00) [saml] do not check sys.argv but the args processed by django
  * (526144) [homepage] remove unused template parameters
  * (ec44a0) [django_openid_provider] fix bad module path
  * (297b5f) [saml] make default NameID format be None
  * (f0e4a8) [authsaml2] make authentication the django way
  * (384e69) [saml management] move commit() to top level to commit also when
    loading an unique provider
  * (609b27) [authsaml2] add model to represent user authenticated through a
    transient NameID
  * (feee61) [saml] make add_federation accept a simple NameID object
  * (4f91e5) [authsaml2] remove the need for the SAML2_BACKEND setting
  * (b6a9f1) [auth] remove ULX modifications from main template
  * (097206) [saml] accelerate metadata bulk loading by only committing when
    finished
  * (f2cbb6) [saml management] remove debugging statement
  * (caac70) [authsaml2] make federation termination take an URL parameter
  * (840ff1) [authsaml2] rectify url dispatch file
  * (a63e6d) [auth openid] remove useless auth openid middleware
  * (f95230) [saml] improve retrieving of the IdP to use only one SQL query
  * (71bafc) [authsaml2] cache the idp_list inside the frontend object to limit SQL
    requests
  * (97cbdf) [authsaml2] directly use the sso endpoint, remove selectProvider, use
    URL parameters and true forms
  * (8960bb) [auth] does not pass list of idp to basic login template
  * (b58086) [auth] Handle authsaml2 changes on templates and urls.
  * (71e90f) [authsaml2] Clean templates and remove unecessary selectProvider
    function.
  * (7cd7e7) [authsaml2] fix wrong field and variable names in commit 4265999a88ce
  * (426599) [authsaml2] extract attributes from assertions, compact values as
    string containing XML content
  * (eee275) [authsaml2] add missing argument sp_or_idp to all call to load_provider
  * (7f7b4e) [authsaml2] change header of log messages in POST AssertionConsumer
  * (e5e9e6) Updated setup.py.
  * (0ff414) [authsaml2] Unchanged logout signals.
  * (03add8) [authsaml2] Modify login and logout signals.
  * (b084e3) [saml common] bugfix syntax error
  * (43145b) [saml common] make get_http_binding more resilient
  * (0172ef) [authsaml2] fix typo
  * (775d36) [authsaml2] Activate signals on login.
  * (be4109) [authsaml2] load remote provider as an idp in singleSignOnArtifact
  * (0155a2) [idp saml2] authorize POST binding for SingleSignOnService
  * (8ee471) [authsaml2] obey ordering of service endpoint when choosing the SSO
    service binding
  * (5cd0c6) [authsaml2] in singleSignOnArtifact add support GET and POST HTTP verbs
  * (08e812) [authsaml2] Bugfix: syntax error.
  * (b89c97) [authsaml2] A bit of comments about how the SSO is handled.
  * (0c873e) Merge branch 'master' of repos.entrouvert.org:authentic
  * (1d9d36) [idp selection] Modify integration of the ULX mockup.
  * (8d8492) [saml] updated get_idp_list to always return a list
  * (5a7a77) [authsaml2] fix name of the field for the SAML artifact
  * (337414) [authsaml2] in singleSignOnArtifact find the provider to load using the
    SAMLArtifact
  * (7e6720) Update the makefile target to upgrade db schemas
  * (cad09f) [saml] add entity_id_sha1 to displayed fields
  * (945856) [saml] add method to query providers by artifact
  * (a4ddfa) [authsaml2] add support for POSTed AuthnRequest in the main SSO code
    path
  * (d9c10f) [authsaml2] remove debugging statement
  * (1e2891) [authsaml2] does not load all providers, catch ProviderNotFound
    exception then use load_provider
  * (d4f4bb) [authsaml2] restore reseting of the spNameQualifier to work-around bug
    in lasso
  * (8c6f56) [authsaml2] fix querying of the db in setAuthnrequestOptions
  * (955c23) [utils] a memoize with timeout decorator
  * (16b85f) [saml] simplify signature of saml.common.retrieve_metadata_and_create
  * (a717f0) [settings] remove authsaml2 context processor
  * (3858e6) [saml] fix missing RequestContext in return_(saml2/idff12) family of
    methods
  * (0cc292) [authsaml2] remove the context processor
  * (08d76c) Merge branch 'master' of git@dev.entrouvert.org:authentic
  * (4db696) [saml] in load-metadata command only load services supporting SAMLv2
  * (43148a) Merge branch 'master' of repos.entrouvert.org:authentic
  * (36a9ea) [authsaml2] Sort list of IdP.
  * (7d99ca) [saml] lookup display name and name when loading service in bulk
  * (ecf608) [load-metadata] Correct organization node parsing.
  * (c1e8be) [ULX mockup] Active zone better centered
  * (4c1bd2) [load-metadata] Make it more verbose.
  * (bc0318) [load-metadata] Make it more verbose.
  * (0d62b0) [Authsaml2] IdP selection enhanced
  * (c75294) [authsaml2] Add ULX mockup for SAML2 IdP selection.
  * (71bc66) Modify function to set authn request options
  * (77ebf9) [authsaml2] Function to set authn request configuration.
  * (2a3316) [authsaml2] Add support of identity provider configuration policies.
  * (8f548d) [saml] for load-metadata command set the name from the OrganizationName
  * (050605) [saml] add a load-metadata command
  * (ac40df) Do not return None when multiple service providers objects are existing
  * (a0ac9a) [saml common] fix iso8601_to_datetime
  * (06500c) [authsaml2] improve check of time limits on received assertions
  * (226c64) [saml common] add function iso8601_to_datetime
  * (561a1f) [authsaml2] remove debugging statements
  * (a23063) [authsaml2] use constants from lasso instead of magic constants
  * (d39b42) [authsaml2] complete use of saml.common.load_provider
  * (29e89a) [saml common] encode metadata to utf8 before giving them to lasso
  * (d5bcd6) [authsaml2] use a specific logger, log error when calling an artifact
    resolver
  * (6eb318) [authsaml2] use load_provider in sso
  * (3cac91) [authsaml2] add docstring to sso
  * (192404) [saml] change the signature of load_provider
  * (941ae2) [oath] log exceptions from the oath library
  * (95cad3) [saml common] use settings.SAML_PRIVATE_KEY in when building the
    lasso.Server
  * (6fdd83) [authsaml2] in saml2_endpoints use get_saml2_post_response
  * (daac11) [authsaml2] make is_passive and force_authn parameters of the sso view
  * (a6e02f) [saml] add get_saml2_post_response
  * (a6897d) [saml2utils] fix generic KeyDescriptor
  * (994e73) [saml2] change signing_key for key which does signing and encryption
  * (c06dee) [saml2] add a default certificate and aSAML_SIGNING_KEY setting
  * (af61d9) [authsaml2] Add the support to the default service provider policy.
  * (b347b2) [authsaml2] Better options management for the IdP configuration of the
    service provider.
  * (906400) [saml] Add options on nameId Policy to the Liberty identity providers
  * (075190) [authsaml2] Shibboleth testings
  * (1db353) [authsaml2] Shibboleth tests.
  * (5fca86) Merge branch 'master' of repos.entrouvert.org:authentic
  * (5fd319) [authsaml2] Shibboleth testing
  * (589dc9) Merge branch 'oath'
  * (7bd184) [authsaml2] move template to auth/saml2 subdirectory
  * (039a69) [authsaml2] remove unused import
  * (242303) [locale] update translations
  * (73dced) [auth] add new authentication method based on OTP scheme by the OATH
    project
  * (da0d8e) [vendor] add copy of totp-js and oath modules
  * (cc24b5) [auth] in login/password auth frontend user get_user_id() instead of
    get_user() from Login form
  * (23e85d) [auth] add profile view to login/password auth frontend
  * (27ddf9) [settings] add openid auth as a django application
  * (16ee1c) [auth openid] add account management page for OpenID auth mechanism
  * (35d184) [idp logout] Remove redundant message from logout page template
  * (99ad31) [idp] move logout link to right of currently logged user status
  * (224c16) [idp] add an account management page
  * (e6225e) [auth] change backend for frontend
  * (8310f5) utf8 encode unicode strings passed to lasso
  * (2192bf) [authsaml2] Deal with empty public key field, lasso accept None, not
    empty string.
  * (5f8d91) [idp] Remove remaining calls to signals.
  * (d6c60c) Fix wrong import of settings
  * (648f3e) Move openid identities to the /o8 subpath
  * (e83b42) [auth] remove flash when activating jquery tabs
  * (38266c) [auth] fix memorization of the last selected tab
  * (23576f) Initialize new sub-module for vendor modules
  * (d3812b) [auth] remember the selected tabs in a cookie
  * (877576) [idp saml2] do not quote the argument to idp_sso and idp_slo
  * (2cd77d) [authsaml2] add missing import
  * (90f646) [authsaml2] add missing import
  * (ee0536) [authsaml2] fix typo
  * (37b5e4) [auth] do not switch tabs when mouse is over
  * (dc8262) [auth] add new method to authentication frontend protocol
  * (f7f810) [auth] fix empty list bug, generator cannot be iterated two times
  * (a10b6f) [auth] add code to only enabled SAML 2 authentication frontend when an
    idp is available
  * (b1d9bb) [auth views] remove debugging print
  * (a20191) [auth] add frontend class for SAML 2.0
  * (974beb) [auth] add frontend for SSL authentication
  * (5e804a) [auth] make authentication forms modular, use jquery tabs
  * (1366c0) Change error message for invalidity in registration form's username
    field
  * (f1e4f2) Adjust redirect view to handle local redirect
  * (32979b) replace error 500 view to support context processors
  * (8abe36) remove debugging print
  * (f8fb9d) [auth&sslauth] add support of nonce field to sslauth
  * (7395c5) [theme] add styling for error user messages
  * (bfe487) [templates] remove double output of errors on login page
  * (190861) [sslauth] improve login_ssl view
  * (e34914) [sslauth models] allows blank subject in ClientCertificate
  * (d57ace) [sslauth] prefer logging to exception in the SSLAuthBackend
  * (4b0b5a) [templates] add missing activation_comnplete.html
  * (06cbd7) [auth openid] quit the popup when showing a registration page
  * (70a21b) Make the popup mode for OpenID optional
  * (70fd5f) [django_openid_provider] fix syntax error
  * (a000b4) OpenID popup
  * (123d6a) add a redirect view able to escape from iframe popup
  * (6036ee) [idp] Remove link from homepage for defederation (not yet implemented).
  * (3f7998) [authsaml2] Bad correction intoduced in the last commit.
  * (ef8799) [idp] [auth_ssl] Update of notes on SSL deployment.
  * (542e95) [idp] [auth_ssl] Add messages on failed login.
  * (a6f3ba) [authsaml2] Return instruction forgotten.
  * (d39920) [saml] add a back link to the generic error page
  * (eab029) [idp] [auth_ssl] Notes waiting for a documentation.
  * (624a00) [idp] [auth_ssl]
  * (15872c) [idp] [auth_ssl] Redirect on SP after SSL successful authentication.
  * (1e392c) [idp] [auth_ssl] Add support of the X509 authn context.
  * (f831fb) [authsaml2] Handle error with a failed SOAP call which does not raise
    an exception.
  * (b2a21f) [authsaml2]
  * (9318fc) [auth_ssl] Return error page with correct parameters.
  * (62dfb4) [auth_ssl]
  * (6d0471) [wsgi] Set path in settings to db and log file to make Authentic run
    with wsgi.
  * (620c4a) [idp] Update to the last commit.
  * (30764f) Remove unused authentic2.core package
  * (fb138f) Creat auth application, move openid consumer inside
  * (1a4952) [authsaml2] move authsaml2_login_page context processor in authsaml2
    package
  * (b14b7e) [idp saml2] fix removal of sessions during SP intiated logout for the
    requesting provider
  * (8341b4) [idp] in logout views, extract next argument in all cases
  * (185585) [authSAML2] Add signals module support.
  * (6c667f) [authsaml2]
  * (94c045) [idp] [saml]
  * (06f886) [idp] [common] Remove bad update for session dump deletion.
  * (9e8fa9) [saml] add metadata autoloading for service providers
  * (f20c35) [templates] fix error.html template
  * (9d9d90) Add commands through a makefile to facilitate model modification
  * (30e227) [saml admin] limit metadata files textarea width
  * (6f4def) Extract organization name from metadata, use it to initialize provider
    name
  * (68de74) [saml] fix syntax error introduced in last commit
  * (0deba8) Adapt to new column type for LibertyProvider.metadata field
  * (30c008) [saml] modify file fields to store data inside the db
  * (051997) [idp][common]
  * (9ec6e3) [idp][saml] Catch exception of buildResponseMsg() in SLO Redirect SP
    initiated.
  * (4d322e) [authsaml2] Handle of new precise notBefore, notOnOrAfter parameters.
  * (a18032) [idp][saml]
  * (2d61f7) [idp] Correct bug raised with empty login form fields.
  * (2135e7) [AuthSAML2] A bit of forgotten readme.
  * (fdd110) Complete MANIFEST.in with database files for test and packages datas
  * (541d65) Simplify setup.py by using only distutils
  * (67231c) [idp saml2] restore normal behaviour when idp_slo fails
  * (802d73) Remove ez_setup.py since I do not know what it is for
  * (1f830a) Restore DEBUG = True in settings.py
  * (360fdd) [idp] create an admin user when initializing the database
  * (35a32e) Change global package name for authentic2
  * (f81d56) [media] add icon from silk theme, they are un CC Attribution 2.5
    Licence
  * (0c6e3a) [idp saml2] add logout endpoints
  * (ccad27) [idp views] make redirection timeout on logout page customizable
  * (edf700) [idp templates] logout fragment are safe HTML strings
  * (dab481) [urls] use full module path, without it reverse() does not work
  * (6cc16a) [idp saml] add temporary single SP logout links
  * (731447) [idp saml] add logout page generation code for SAML backend
  * (379458) [saml common] add a soap fault view
  * (ff66c9) [saml common] add status code for missing Destination node and internal
    server error
  * (9b536d) [idp] add midleware to print exception to the console when DEBUG is
    true
  * (90f10a) [idp saml2] logout first part
  * (e5c74f) [saml common] fix set_saml2_response_responder_status_code
  * (dd5f33) [saml common] move error_page to saml.common from authsaml2.utils
  * (6f22ff) [idp saml2] move log_authn_request in the helper section
  * (8725ef) [idp saml2] factorize liberty session creation and assertion logging
    into new method
  * (273da7) [idp saml2] add support for ssl backend with authentication events in
    build_assertion
  * (62acd3) [idp saml2] make authncontext generation customizable (by session, or
    by authentication event)
  * (9b73b8) [idp saml2] make delta for notOnOrAfter and notBefore customizable
  * (e66e2a) [idp saml2] assert unreachable code path in fill_assertion
  * (7cc1b9) [idp saml] declare the idp backend as supporting synchronous logout
    (SOAP)
  * (8f11ac) [saml common] add a method to send SOAP request from profiles
  * (6deba8) [saml common] add authentic specific SAMLv2 status codes
  * (dc3396) [saml common] add method to only get message for asynchronous bindings
  * (02d54b) [saml common] use get_soap_message in get_saml2_soap_request
  * (2e9a9a) [idp samlv2] when building assertion, persist session, federation and
    assertion into persistent storage
  * (1a85e6) [saml models] complete session models for supporting SAMLv2 logout
  * (0bfdf9) [saml models] use unused argument in metadata_field
  * (e1d418) [idp saml2] fix create_server
  * (50fdb5) [idp saml2] remove print 'coin'
  * (3d7825) [saml common] make get_saml2_metadata takes a map arguement instead of
    hardcoding it
  * (f54e0d) [idp views] add method to redirect to logout page
  * (f3d864) [idp] install a minimal log handler to log to output if no handler is
    present
  * (4424b1) [authsaml2] PEP8 reordering of imports
  * (5a69c1) [idp saml] conserver also the nidformat when redirecting to the logging
    page
  * (dc2676) [idp saml] add method to kill django sessions
  * (22a1a3) [nosetests] Fix password in test_00 file.
  * (d6dd78) [nosetests] Fix import error.
  * (bbf5ca) [nosetests] Avoid duplication of settings by overridding DATABASES.
  * (80786d) [nosetests] Add some basics for integration testing.
  * (2e7c3d) [idp] add a logout framework
  * (52a7c5) Remove service list registry, instead use an IDP_BACKENDS list in
    settings
  * (9e5bbc) [idp saml2] mark slo as unimplemented using an exception
  * (47ade0) [idp saml2] add idp initiated sso
  * (4ac8d8) [idp saml2] log details about POST or redirect to the sp
    assertionConsumer
  * (96b25f) [idp saml] quote the slash characters when passing provider id to idp
    sso
  * (b1f74e) [idp saml2] support policies on name id format for service providers
  * (09e0a8) [saml common] add simple function to SAMLv2 error status
  * (1f174d) [saml models] add accepted_name_id_format for LibertyServiceProvider
  * (c8567e) [saml models] reduce length of default_name_id_format column in
    LibertyServiceProvider
  * (a9e8b6) [saml models] add choice to user default from metadata, in
    default_name_id_format field for service providers
  * (f48b48) [saml fields] add multiple choice field type
  * (8a088c) [saml models] move name id formats into a constant
  * (bc2e77) [saml] add a fields module, move PickleField there
  * (dbe0b3) [authsaml2] Restrict user interface to manage a unique SSO session.
  * (24e863) [idp] Fix some typos
  * (5839cb) [idp] return an (empty) list when adding "admin" as a service, if not
    staff
  * (1bee55) [authsaml2] Better error and log management.
  * (e8f8f3) [idp saml] add working artifact and post sso for samlv2
  * (4f54dd) [saml common] rewrite session/identity dump loading and saving
  * (b2377f) [saml admin] add KeyValue to admin panel
  * (92c1e3) [saml models] make key the representable value for KeyValue object
  * (f52858) [saml models] add a pickled object field
  * (cb5cbc) [saml] remove duplicate get_soap_message
  * (11e152) [saml saml2utils] improve support for indexed endpoints
  * (693c3b) [saml] add artifact resolver to idp metadata file
  * (fe66b6) [saml] fix support for the POST binding
  * (6a75f6) [saml models] add a creation date to LibertyArtifact objects
  * (5c87ed) [templates] adapt login template to id -> class transition
  * (6afb1b) [locale] updated translation talking about "your" account
  * (e9d8ac) [templates] remove extraneous line breaks
  * (1b9e11) [templates] simplifying markup
  * (9bb275) [media] position the "you are logged as foobar" at right, just after
    the header
  * (a122cc) [templates] make the header clickable, and remove the breadcrumbs
  * (caaad3) [templates] Improve OpenId text
  * (07a6f9) [templates] replaced fieldset legend by proper titles in openid
    templates
  * (67f860) [media] style main titles
  * (bb65bf) [templates] uniformed usage of h2 for titles in main content
  * (bd66af) [templates] use a span instead of h2 in header subtitle
  * (90ddbb) [media] extra image for CSS decorations
  * (8d7ba8) [templates] move javascript snippets to the blocks where they are used
  * (409cfb) [template] do not include "Services" section if there are none
  * (0e6c9e) [locale] Fixed a translated string to also begin with a newline
  * (9f168e) [saml] Add on identity provider model options on authnrequests.
  * (524ad2) [idp] add admin page link to service list for staff users
  * (606f46) [idp] Debugging saml 2.0 sso and beginning of the slo
  * (0f54eb) [idp] add __unicode__ method to AuthenticationEvent, add date browsing
    in Admin view
  * (27d983) [idp] make nonce field optional in login form
  * (3a3737) [idp] overload default AuthenticationForm to add a nonce field
  * (05cdab) [idp] add an AuthenticationEvent model
  * (8f728b) [locale] Do not construct sentences
  * (2e73ad) [locale] More of French translation, ignoring 3rdparty/ and .git/
  * (a6c0aa) [locale] a little bit of French translation
  * (e80707) Do not pass logged messages through gettext
  * (e03930) [idp] add consent page to idp urls.py
  * (a1627d) [idp saml] add common file
  * (df333a) [idp saml] advance on saml2 sso support
  * (03d142) [authsaml2] fixed a few gettext calls
  * (e901d2) [template] translate "You are authenticated as..."
  * (61199e) [media] insure some margin after the breadcrumb
  * (de5423) [authsaml2] Add support of Redirect federation termination IdP
    initiated.
  * (b33412) [authsaml2]
  * (db30f2) [media] slightly smaller breadcrumb, and a bit closer to the top header
  * (dac81e) [media] indent css using tabs
  * (0ec80f) Remove unnecessary forced line breaks after breadcrumb
  * (7c1f3e) Fixed capitalisation of Home breadcrumb link
  * (ad5006) Don't add extraneous non breaking spaces in breadcrumbs
  * (b8fc54) [saml] add user_consent field to model LibertyServiceProvider
  * (ff77bb) [idp saml] factorize consent ui page
  * (48dbb1) [saml] Fix saml2 IdP metadata creation
  * (5c33e0) [authsaml2] Add support of SOAP and Redirect federation termination SP
    initiated.
  * (ce602d) [authsaml2] Adding support of SLO IdP initiated SOAP and Redirect
  * (ccb0aa) Import LibertyServiceProvider only as needed
  * (7b2c8c) Allow LOG_FILENAME to be empty
  * (3a9bf5) [authsaml2] Fix mistakes
  * (e1b6ac) [authsaml2] Cleaning
  * (344c01) [authsaml2] Add SSO IdP initiated support
  * (16cec4) [authsaml2] Add support for service provider binding requirements.
  * (708609) [saml] Add support for service provider binding and http method
    requirements
  * (248495) Remove registration signals, enable OpenID authentification and add
    dependencies in setup.py
  * (fd9d15) [SAML tools] Fix comment in model for LibertyServiceProvider
  * (cf7401) converting line endings to UNIX format
  * (8cf264) Add details about origin of breadcrumbs.py
  * (3e62d9) Revert "[idp] Improve template by adding a button to go back to the
    home"
  * (900849) [authsaml2] Clean admin - Comments
  * (0a77b5) [auth-openid] Fix when OpenID is not supported.
  * (51b9cb) [authsaml2] Bug fix
  * (9744e1) [authopenid] Fix a template bug in the footer
  * (d27da6) [openid_provider] Exclude some word word from the openid identifier
  * (2c97d6) [idp] Adding a breadcrumb
  * (cb1858) [idp] Improve template by adding a button to go back to the home
  * (e81f9c) [openid_provider] Fix the OpenID resolution
  * (d98600) [authopenid] Put a proper title
  * (281883) [authopenid] Fix template for associate an OpenID account
  * (5b69ee) [openid_provider] Correct the regex for serving xrds file
  * (5ce1e8) [openid_provider] Improve template to manage openid account
  * (cfd524) [openid_provider] Adding the login_required decorator
  * (d51da3) [openid_provider] Improving template for the OpenID account creation
  * (80d7af) [openid_provider] Improving the page in the end point location
    (/openid)
  * (d9a136) [authopenid] Dissociate an openid account from the authentic account
  * (c8ff94) [authopenid] Improving the feature to associate an openid
  * (e45395) [openid_provider] Improving templating to manage openid account
  * (952be1) [authopenid] Correct change password to properly set password
  * (6849f4) [openid_provider] Changing the path for the openid account
  * (470266) [openid_provider] Correcting the signal to create an openid account
    when registered
  * (b710a7) [idp] Session expire at browser close or after 10h
  * (12aaf1) [openid_provider] Fix the addopendid bug and improve template for
    manageid page
  * (3f2460) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (e5ffb2) [authopenid] Fixes issue 179 "No error message when register with
    OpenID"
  * (39a1e5) [authopenid] Fixes issue 179 "No error message when register with
    OpenID"
  * (8ce82c) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (71a359) Fixes bug #178 "Log out don't redirect to the homepage"
  * (085854) Fixes bug #178 "Log out don't redirect to the homepage"
  * (2422bf) Fix Bug #172 "Remove "change password" for openid account"
  * (dac407) [authopenid] Remove Technorati from the openid list
  * (02cf96) [authopenid] Fix the js to login with an Flickr openid
  * (710aea) Add title for these different templates
  * (5a45b4) [authopenid] Increase the size of the inputbox on the OpenID signin
    page
  * (b74f8b) [authopenid] Fix the js to login with an AOL openid
  * (fcf2a0) [authopenid] Fix the js to login with an yahoo openid
  * (bbbc9a) [openid_provider] Support the PAPE extension max_auth_age
  * (b23fc5) [authopenid] Add the required js/css/images for OpenID support
  * (fef263) [openid_provider] Fix the creation of an openid
  * (4b98f2) Merge branch 'master' of
    git+ssh://dev.entrouvert.org:10322/var/git/authentic
  * (f96300) [openid_provider] Fix error message return to relying party
  * (cf4d64) [openid_provider] Fix the OpenID Provider validation of the return to
  * (fbcdd9) [openid_provider] Fix the OpenID Provider validation of the return to
  * (eb6072) [openid-provider] Reject no-encryption association sessions over http
  * (78f548) [authopenid] Fix a KeyError which can appear during a openid log in
  * (caa851) [authopenid] Fix CSRF error
  * (b3aeef) [openid-provider] Use the css with the templates
  * (fa5003) [openid-provider] Fix a template error and improve some template
  * (8986f2) [openid-provider] Adding a page to manage trustroot
  * (f43738) [openid-provider] Adding a page to manage identities
  * (0ff4af) [openid-provider] Create an openid url for the new user register
  * (08d20b) [openid-provider] Adding the application to provider an openid provider
  * (8966a8) [Authentic] Import an exception that can be throw during the discover
    phase
  * (e4b989) [Logger] Improve the sentence for the log
  * (35cfbc) [Authentic] Loggin for signin with OpenID
  * (478198) [Authentic] Add a signal for login with OpenID
  * (29a6c7) [saml] Remove prints on stderr
  * (ae1f2a) [Authentic] Add service provider part relying on AuthSAML2
  * (dcd4a9) [saml] Add of common saml functions
  * (c02268) [AuthSAML2] Add AuthSAML2 Application to project
  * (6783e6) Correct the Error: "No module named admin_log_view.models" by adding
    the
  * (243947) Add a link in the default page to associate the account with an OpenID
  * (861e6b) Review the view of the loggin to reverse logs and put in bold error
  * (0de634) Add middleware to log request
  * (076c78) move connections to signals in the idp module
  * (69b0c5) Add auth_backend in idp, to add the possibility to log the logging
  * (2fcccb) Add the module admin_log_view in the installed_apps
  * (bdc6ae) Add the view for admin_log_view in the admin
  * (469801) Add the model for the admin_log_view module, with function to
  * (171c92) template for the admin_log_view module
  * (f10dc0) Add the url and the settings for the loggin module
  * (87b4b9) Handle of the session index for the service provider.
  * (f190c9) Federation management functions
  * (ef2432) Restore django.contrib.sites application
  * (44b387) ID-FFv1.2 idp: add idp.saml.idff12_endpoints.idp_sso to initiate idp
    sso
  * (2d3cbf) SAML common: add possibility to load federation from another user
  * (f67700) SAML common: change the way endpoints base path is computed
  * (20333b) SAML common: fix return_idff12_{response,request}
  * (09fe86) SAML common: make load_provider return the provider object, and load
    provider for a specific role
  * (3ac02d) SAML common: only show dump tables when debugging
  * (07f764) SAML common: add a prefered protocol profile configuration to services
    providers
  * (1e2fd4) SAML idp: implement SAML listing of services on homepage
  * (892e77) IDP: change homepage view
  * (4b4b0c) IDP: add a simple service registry for showing on user homepage
  * (5d857c) SAML common: add TODO and doc strings in models.py
  * (82b9bd) SAML common: add enabled field to service and identity provider models
  * (410469) ID-FFv1.2 idp: remove debugging print
  * (3679c5) SAML common: add translation markers for UI strings
  * (25e90c) ID-FFv1.2: start view function for idp initiated sso
  * (9869bd) ID-FFv1.2: fix doc string for build_assertion
  * (fd7f44) SAML common: change inline view for Identity and Service providers to
    stacked
  * (795f95) SAML common: move storage of metadata files into their own directory
  * (88dc43) [saml] Remove references to constants only available in an unrelased
    Lasso
  * (54e5d6) [saml] don't fail on missing metadata file
  * (ec584d) SAML common: in admin.py add inline views for Service and Identity
    Provider to the main provider view
  * (ad1ff4) SAML common: move {load/save}_{federation/session} to common module
  * (1603bf) SAML common: make attribute maps optional for providers
  * (e864c7) SAML common: add choices for attribute map format
  * (e672e4) ID-FFv1.2 idp: use relative urls for redirects
  * (8367b1) SAML common: re-add LibertySession, LibertyIdentityDump and
    LibertyService Provider to admin
  * (9769df) SAML common: make LibertyServiceProvider and LibertyIdentityProvider
    one-to-one mapping of LibertyProvider
  * (6a3c3d) SAML common: in models.py remove all editable = False constraints
  * (4a4288) SAML common: add customization to LibertyProvider admin view
  * (f25d10) SAML common: move models to saml standalone application
  * (f0827b) [css] border on submit buttons
  * (b18bce) [css] Do not alter location of all buttons, just the login one
  * (057cf0) ID-FFv1.2 idp: prepare finish_artifact_resolve for the case of an
    unfound artifact
  * (ce7583) ID-FFv1.2 idp: fix bad target for call to processRequestMsg in
    artifact_resolve
  * (6c3af4) ID-FFv1.2 idp: QuerySet.get takes the same arguments as filter
  * (9a8111) ID-FFv1.2 idp: add informational logging to artifact resolver
  * (82138d) ID-FFv1.2 idp: load the provider referred by the artifact in the
    artifact resolver
  * (bd270d) SAML common: raise an exception if server construction fails
  * (6bd1f9) SAML common: add missing import of HttpResponse
  * (df8941) ID-FFv1.2 idp: implement artifact resolver for login requests
  * (0ffa5e) ID-FFv1.2 idp: exemplt sso and soap from csrf protection
  * (87224f) ID-FFv1.2 idp: in idff12_endpoints.sso for invalid message, return
    explicit message with HTTP error
  * (25a290) ID-FFv1.2 idp: replace HttpResponseForbidden by an AuthnResponse for
    signature errors
  * (d1eb40) ID-FFv1.2 idp: factorize idff12_endpoints.sso response returning in
    finish_sso
  * (58dc14) ID-FFv1.2 idp : add debug tracing of received message to
    idff12_endpoints.sso
  * (4bea66) ID-FFv1.2 idp: fix load_session
  * (44150d) SAML common: factorize soap response returning
  * (d8f644) User get instead of filter in idff12_endpoints.load_provider
  * (a7dbc1) Add unique constraint to LibertyProvider.entity_id
  * (2776b6) ID-FFv1.2 idp: allow to load and save another session than the current
  * (50691d) Redirect some parent but non existing pages to the top
  * (f666b2) Update OpenID templates to match the CSS classes used in other places
  * (853eb4) Move OpenID stuff under /accounts/openid/
  * (2ab085) Force a sans serif font
  * (348cb5) Restore display of login errors on login page
  * (ab77ab) Add an appropriate title to the OpenID signin page
  * (18082a) Light arrangements to the OpenID signin layout
  * (260b76) ID-FFv1.2 idp: start of soap endpoint and artifact resolver
    implementation
  * (5f1a3a) SAML common: add a get_soap_message method
  * (ad1da2) ID-FFv1.2: remove explicit loading in sso and use load_provider instead
  * (e4b0ce) ID-FFv1.2 idp: add a load_provider method
  * (cb4617) Add wsgi script and apache configuration snippet to .deb
  * (27b9b5) ID-FFv1.2 idp: remove debugging print
  * (ee501a) First complete implementation of singleSignOn endpoint for ID-FFv1.2
  * (c0b90e) Add SAMLv2 and ID-FFv1.2 helper methods, fix base url getter
  * (1fee40) Make entity_id visible in model LibertyProvider
  * (c873b8) SAML models: complete LibertyArtifact model for ID-FFv1.2
  * (528b9b) SAML models: add lasso and identity dump records
  * (529ae3) Add source attribution to theme
  * (2d32cf) New theme, with a little more colour
  * (13bfb8) Ignore vim swap files
  * (5668b7) Remove vim swap file
  * (d759ee) Moved openid icon files in a subdirectory
  * (b3be06) Ship media gif and ico files
  * (a9faef) SSL Support: Add comments.
  * (661fb8) Merge branch 'master' of
    ssh://dev.entrouvert.org:10322/var/git/authentic
  * (a67b5d) SSL Support: Admin interface for models
  * (305ed8) Add the required js/css/images for OpenID support
  * (6638dd) Add a placeholder for additional javascripts
  * (ce1131) Do not duplicate / in URL
  * (bae8e6) Correct urls.py indentation
  * (b8e981) Merge branch 'master' of
    ssh://dev.entrouvert.org:10322/var/git/authentic
  * (277e23) SSL Support: Better session and login management
  * (7f72c0) A little bit of i18n love for the OpenID part
  * (c19ac6) Newline at end of file
  * (9008de) SSL Support: Display on login page if activated.
  * (43f622) Update idp.saml urlpatterns to be more specific
  * (5d056e) Start of the ID-FFv1.2 IdP endpoints
  * (b7d967) Add ID-FFv1.2 methods for creating metadata files and Server objects
  * (b58e59) Fix rename get_metadata -> get_saml2_metadata
  * (312438) SAML Common: add ID-FF 1.2 bindings helper methods
  * (1853b8) Add module to generate SAML 1.1 compatible metadata files
  * (d74013) SAML2 Utils: improve NamespacedTreeBuilder, factorize KeyInfo
    generation and int_to_b64
  * (940315) Add a generic post form for liberty
  * (ec67e9) SSL Support: Error page not reachable.
  * (d9c57e) Don't overwrite accounts/ url scheme with OpenID
  * (25c4b9) Remove trailing spaces
  * (b97de9) Only add openid middleware/app if openid support is enabled
  * (3ce99d) Remove reference to admin_log_view app
  * (2a649a) Reput authentic.idp.saml instead of idp.liberty
  * (d7e54a) SSL Support: Title of error page corrected.
  * (a7878d) SSL Support: Error page when authentication has failed.
  * (9920fb) SSL Support
  * (eab472) Add template for django_authopenid
  * (c6f663) Correct the url for openid and the installed_apps
  * (5d90e2) Fixed the possibility to run without OpenID enabled
  * (d244f3) Handle invalid msg in idp.saml.saml2_endpoints.sso
  * (145a3d) Move saml2utils and x509utils to saml common module
  * (baf5aa) Put OpenID and SAML configuration option before the local_settings
    import
  * (5a2269) Add settings for disabled OpenID auth and SAML idps
  * (201136) Change import name for SAML IdP in urls.py
  * (ce9678) Fix import SAML idp
  * (d2ecc3) Add dependencies in the README
  * (a5013a) Stop blocking redirection when the debug toolbar is enable
  * (8daaa0) Change name of SAML idp directory
  * (5f4a5f) SAMLv2: in utils fix long lines, remove trailing blanks
  * (09fc66) Add SAMLv2 endpoints
  * (78be2f) Add SAML common module
  * (0ba4e4) SAMLv2: remove endpoints.py
  * (e48742) IdP: add an urls.py file for the idp application
  * (0d587b) SAMLv2: add liberty models to the admin pages
  * (83283f) Add idp to mapped urls
  * (c06845) SAMLv2: in saml2utils fix generation of IDP role descriptor
  * (f22101) SAMLv2: validate metadata when adding a provider, extract the entityID
  * (eb8966) Add util module to manipulate SAMLv2 metadata files
  * (85983a) Add util module to manipulate keys
  * (24cc22) Add endpoints for ID-FF 1.2
  * (f82566) Revert "Add the module django-authopenid and his template"
  * (5b4912) Add the url for use openid, and a link to login with openid
  * (942fc3) Add the module django-authopenid and his template
  * (2fe929) Merge input and textarea styles, force bg/fg colours
  * (d8c643) Remove bullets from items in error lists
  * (7b9a43) Autofocus the login form on the username field
  * (51a837) Changed to light headers
  * (ee89c0) Fixed i18n of texts on login page
  * (b439d0) Include titles in some registration templates
  * (0d8740) Ignore local_settings.py file
  * (d7fbfe) Add error pages
  * (b2d072) Some minimalistic design
  * (a71c76) Remove always-on auth header; links moved to the homepage
  * (6496f1) Require the user to be logged in to get to the index page
  * (64d7fb) Move pages from registration to accounts/
  * (79908f) Ignore authentic.egg-info, created by setup.py
  * (4aef24) Initial debian packaging
  * (7b5f02) Liberty: add a LibertyArtifact model
  * (270075) Liberty: add __unicode__ methods to some models
  * (4d9840) Liberty: change LibertyProvider.metadata_url to entity_id
  * (f094dc) Add a setup.py installation/packaging script
  * (8d7923) Add default name id format option to service provider model
  * (e0f76d) Complete liberty model
  * (d9353e) Change INSTALL to more like a general README file
  * (3ac27f) Use reStructuredText syntax for "code" blocks
  * (e41b94) Start a model for the liberty application
  * (8b79f9) Specify character set
  * (1d2019) Localisation and internationalisation framework
  * (6365b3) Include, and style, a footer
  * (928f07) Let registration pages set an appropriate <title>
  * (77c6a4) A little bit of form styling
  * (51f987) Some minimalistic styling
  * (8ed0ca) Indent base.html template, and remove link to admin
  * (9b72bb) Layout for media files, with an empty stylesheet at the moment
  * (9add66) Remove instructional comments
  * (9a564e) Remove unused database parameters from settings.py
  * (b424fd) Get database from project directory, not current working directory
  * (191c83) Basic implementation of the registration
  * (bad962) Look for local_settings.py, for local settings changes
  * (395863) Add support for the django debug toolbar
  * (1408cc) Add .pyo and .db files in gitignore
  * (f6e3cc) Customize administration base template to mention Authentic
  * (ecd08f) Remove the sites application
  * (142ae8) createsuperuser is not required, syncdb will ask for it
  * (8e7b97) ignore .pyc files
  * (bdb1fc) Add an INSTALL file
  * (2f5e89) Add idp application and enable admin module
  * (a32fcc) Set Sqlite3 database by default
  * (8f846a) Add a COPYING file
  * (d5899c) Initial import

 -- eobuilder <eobuilder@entrouvert.com>  Thu, 06 Jan 2011 09:08:16 +0100
