pretix icon indicating copy to clipboard operation
pretix copied to clipboard
verified publisher icon pretix

OpenID Connect support for customer accounts

Open raphaelm opened this issue 3 years ago • 1 comments

  • [x] pretix as a relying party (RP)
    • [x] data model
    • [x] provider settings
    • [x] auto-discovery
    • [x] basic login
    • [x] allow to disable native auth
    • [x] integrate with checkout flow
      • [ ] test with widget
    • [x] support cross-domain auth
      • [ ] manual testing
    • [x] block password and email change
    • [x] think about email validation requirements
    • [x] REST API?
    • [x] Tests
  • [x] pretix as a openid connect provider (OP)
    • [x] Client registration
    • [x] Authorization Code Flow
    • [x] Implicit Flow
    • [x] Hybrid Flow
    • [x] UserInfo endpoint
    • [x] Discovery
      • [x] well-known endpoint
      • [x] keys endpoint
    • [x] Tests and conformance checks
      • [x] Comprehensive test coverage
      • [x] Check against https://openid.net/specs/openid-connect-core-1_0.html#ServerMTI
      • [x] Check against https://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf
      • [x] Test with https://www.certification.openid.net/login.html
  • [ ] Docs

raphaelm avatar Jul 11 '22 10:07 raphaelm

Codecov Report

Merging #2718 (f771fa9) into master (4b99324) will increase coverage by 0.06%. The diff coverage is 82.56%.

:exclamation: Current head f771fa9 differs from pull request most recent head 77ab245. Consider uploading reports for the commit 77ab245 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2718      +/-   ##
==========================================
+ Coverage   77.84%   77.91%   +0.06%     
==========================================
  Files         390      392       +2     
  Lines       50831    51710     +879     
==========================================
+ Hits        39569    40288     +719     
- Misses      11262    11422     +160
Impacted Files Coverage Δ
src/pretix/base/settings.py 89.62% <ø> (ø)
src/pretix/control/logdisplay.py 32.63% <ø> (ø)
src/pretix/control/navigation.py 82.89% <0.00%> (-2.25%) :arrow_down:
src/setup.py 0.00% <ø> (ø)
src/pretix/control/views/organizer.py 75.92% <55.97%> (-2.35%) :arrow_down:
src/pretix/base/models/fields.py 71.01% <63.63%> (-2.43%) :arrow_down:
src/pretix/presale/checkoutflow.py 80.84% <73.91%> (-0.25%) :arrow_down:
src/pretix/presale/views/customer.py 87.73% <82.03%> (-2.24%) :arrow_down:
src/pretix/control/forms/organizer.py 87.22% <85.71%> (-0.28%) :arrow_down:
src/pretix/base/models/customers.py 80.15% <86.41%> (+2.68%) :arrow_up:
... and 10 more

codecov[bot] avatar Jul 11 '22 11:07 codecov[bot]

Looks good, only moinor comments/questions!

All resolved :)

One general question: when a SSO-provider is deactivated, would it make sense to logout all currently logged in users/customers assigned to that SSO-provider? Or make this an option, when deactivating a SSO-provider?

Yes, sounds like a good idea, fixed as well.

raphaelm avatar Sep 19 '22 14:09 raphaelm