Merge branch 'dev' into federate

README.rst

@@ -10,8 +10,14 @@ CAS Server
 .. image:: https://img.shields.io/pypi/l/django-cas-server.svg
     :target: https://www.gnu.org/licenses/gpl-3.0.html
 
+.. image:: https://api.codacy.com/project/badge/Grade/255c21623d6946ef8802fa7995b61366
+    :target: https://www.codacy.com/app/valentin-samir/django-cas-server
+
+.. image:: https://api.codacy.com/project/badge/Coverage/255c21623d6946ef8802fa7995b61366
+    :target: https://www.codacy.com/app/valentin-samir/django-cas-server
+
 CAS Server is a Django application implementing the `CAS Protocol 3.0 Specification
-<https://jasig.github.io/cas/development/protocol/CAS-Protocol-Specification.html>`_.
+<https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html>`_.
 
 By defaut, the authentication process use django internal users but you can easily
 use any sources (see auth classes in the auth.py file)
@@ -37,6 +43,15 @@ Features
 
 Quick start
 -----------
+0. If you want to make a virtualenv for ``django-cas-server``, you will need the following
+   dependencies on a bare debian like system::
+
+    virtualenv build-essential python-dev libxml2-dev libxslt1-dev zlib1g-dev
+
+   If you want to use python3 instead of python2, replace ``python-dev`` with ``python3-dev``.
+
+   If you intend to run the tox tests you will also need ``python3.4-dev`` depending of the current
+   version of python3 on your system.
 
 1. Add "cas_server" to your INSTALLED_APPS setting like this::
 
@@ -70,7 +85,7 @@ Quick start
 4. You should add some management commands to a crontab: ``clearsessions``,
    ``cas_clean_tickets`` and ``cas_clean_sessions``.
 
- * ``clearsessions``:  please see `Clearing the session store <https://docs.djangoproject.com/en/1.9/topics/http/sessions/#clearing-the-session-store>`_.
+ * ``clearsessions``:  please see `Clearing the session store <https://docs.djangoproject.com/en/stable/topics/http/sessions/#clearing-the-session-store>`_.
  * ``cas_clean_tickets``: old tickets and timed-out tickets do not get purge from
    the database automatically. They are just marked as invalid. ``cas_clean_tickets``
    is a clean-up management command for this purpose. It send SingleLogOut request
@@ -122,14 +137,14 @@ Template settings:
 
 Authentication settings:
 
-*  ``CAS_AUTH_CLASS``: A dotted path to a class implementing ``cas_server.auth.AuthUser``.
-   The default is ``"cas_server.auth.DjangoAuthUser"``
+*  ``CAS_AUTH_CLASS``: A dotted path to a class or a class implementing
+  ``cas_server.auth.AuthUser``. The default is ``"cas_server.auth.DjangoAuthUser"``
 
 *  ``SESSION_COOKIE_AGE``: This is a django settings. Here, it control the delay in seconds after
    which inactive users are logged out. The default is ``1209600`` (2 weeks). You probably should
    reduce it to something like ``86400`` seconds (1 day).
 
-* ``CAS_PROXY_CA_CERTIFICATE_PATH``: Path to certificates authority file. Usually on linux
+* ``CAS_PROXY_CA_CERTIFICATE_PATH``: Path to certificate authorities file. Usually on linux
   the local CAs are in ``/etc/ssl/certs/ca-certificates.crt``. The default is ``True`` which
   tell requests to use its internal certificat authorities. Settings it to ``False`` should
   disable all x509 certificates validation and MUST not be done in production.
@@ -162,7 +177,7 @@ Tickets validity settings:
   application. The default is ``60``.
 * ``CAS_PGT_VALIDITY``: Number of seconds the proxy granting tickets are valid.
   The default is ``3600`` (1 hour).
-* ``CAS_TICKET_TIMEOUT``: Number of seconds a ticket is kept is the database before sending
+* ``CAS_TICKET_TIMEOUT``: Number of seconds a ticket is kept in the database before sending
   Single Log Out request and being cleared. The default is ``86400`` (24 hours).
 
 Tickets miscellaneous settings:
@@ -184,12 +199,12 @@ Tickets miscellaneous settings:
 * ``CAS_SERVICE_TICKET_PREFIX``: Prefix of service tickets. The default is ``"ST"``.
   The CAS specification mandate that service tickets MUST begin with the characters ST
   so you should not change this.
-* ``CAS_PROXY_TICKET_PREFIX``: Prefix of proxy ticket. The default is ``"ST"``.
+* ``CAS_PROXY_TICKET_PREFIX``: Prefix of proxy ticket. The default is ``"PT"``.
 * ``CAS_PROXY_GRANTING_TICKET_PREFIX``: Prefix of proxy granting ticket. The default is ``"PGT"``.
 * ``CAS_PROXY_GRANTING_TICKET_IOU_PREFIX``: Prefix of proxy granting ticket IOU. The default is ``"PGTIOU"``.
 
 
-Mysql backend settings. Only usefull is you use the mysql authentication backend:
+Mysql backend settings. Only usefull if you are using the mysql authentication backend:
 
 * ``CAS_SQL_HOST``: Host for the SQL server. The default is ``"localhost"``.
 * ``CAS_SQL_USERNAME``: Username for connecting to the SQL server.
@@ -200,8 +215,29 @@ Mysql backend settings. Only usefull is you use the mysql authentication backend
   The username must be in field ``username``, the password in ``password``,
   additional fields are used as the user attributes.
   The default is ``"SELECT user AS usersame, pass AS password, users.* FROM users WHERE user = %s"``
-* ``CAS_SQL_PASSWORD_CHECK``: The method used to check the user password. Must be
-  ``"crypt"`` or ``"plain``". The default is ``"crypt"``.
+* ``CAS_SQL_PASSWORD_CHECK``: The method used to check the user password. Must be one of the following:
+
+    * ``"crypt"`` (see <https://en.wikipedia.org/wiki/Crypt_(C)>), the password in the database
+      should begin this $
+    * ``"ldap"`` (see https://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html)
+      the password in the database must begin with one of {MD5}, {SMD5}, {SHA}, {SSHA}, {SHA256},
+      {SSHA256}, {SHA384}, {SSHA384}, {SHA512}, {SSHA512}, {CRYPT}.
+    * ``"hex_HASH_NAME"`` with ``HASH_NAME`` in md5, sha1, sha224, sha256, sha384, sha512.
+      The hashed password in the database is compare to the hexadecimal digest of the clear
+      password hashed with the corresponding algorithm.
+    * ``"plain"``, the password in the database must be in clear.
+
+  The default is ``"crypt"``.
+
+
+Test backend settings. Only usefull if you are using the test authentication backend:
+
+* ``CAS_TEST_USER``: Username of the test user. The default is ``"test"``.
+* ``CAS_TEST_PASSWORD``: Password of the test user. The default is ``"test"``.
+* ``CAS_TEST_ATTRIBUTES``: Attributes of the test user. The default is
+  ``{'nom': 'Nymous', 'prenom': 'Ano', 'email': 'anonymous@example.net',
+  'alias': ['demo1', 'demo2']}``.
+
 
 Authentication backend
 ----------------------
@@ -209,8 +245,8 @@ Authentication backend
 ``django-cas-server`` comes with some authentication backends:
 
 * dummy backend ``cas_server.auth.DummyAuthUser``: all authentication attempt fails.
-* test backend ``cas_server.auth.TestAuthUser``: username is ``test`` and password is ``test``
-  the returned attributes for the user are: ``{'nom': 'Nymous', 'prenom': 'Ano', 'email': 'anonymous@example.net'}``
+* test backend ``cas_server.auth.TestAuthUser``: username, password and returned attributes
+  for the user are defined by the ``CAS_TEST_*`` settings.
 * django backend ``cas_server.auth.DjangoAuthUser``: Users are authenticated agains django users system.
   This is the default backend. The returned attributes are the fields available on the user model.
 * mysql backend ``cas_server.auth.MysqlAuthUser``: see the 'Mysql backend settings' section.
@@ -222,7 +258,7 @@ Logs
 ----
 
 ``django-cas-server`` logs most of its actions. To enable login, you must set the ``LOGGING``
-(https://docs.djangoproject.com/en/dev/topics/logging) variable is ``settings.py``.
+(https://docs.djangoproject.com/en/stable/topics/logging) variable in ``settings.py``.
 
 Users successful actions (login, logout) are logged with the level ``INFO``, failures are logged
 with the level ``WARNING`` and user attributes transmitted to a service are logged with the level ``DEBUG``.