website: codespell with custom dictionary and CI (#5062)

This commit is contained in:
Jens L 2023-03-24 00:24:55 +01:00 committed by GitHub
parent 5b9f35a4a1
commit 5d84f2a079
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 42 additions and 27 deletions

View file

@ -15,3 +15,6 @@ indent_size = 2
[*.go]
indent_style = tab
[Makefile]
indent_style = tab

1
.github/codespell-dictionary.txt vendored Normal file
View file

@ -0,0 +1 @@
authentic->authentik

View file

@ -29,6 +29,7 @@ jobs:
- bandit
- pyright
- pending-migrations
- codespell
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

View file

@ -4,6 +4,20 @@ UID = $(shell id -u)
GID = $(shell id -g)
NPM_VERSION = $(shell python -m scripts.npm_version)
CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \
-I .github/codespell-words.txt \
-S 'web/src/locales/**' \
authentik \
internal \
cmd \
web/src \
website/src \
website/blog \
website/developer-docs \
website/docs \
website/integrations \
website/src
all: lint-fix lint test gen web
test-go:
@ -26,14 +40,7 @@ test:
lint-fix:
isort authentik tests scripts lifecycle
black authentik tests scripts lifecycle
codespell -I .github/codespell-words.txt -S 'web/src/locales/**' -w \
authentik \
internal \
cmd \
web/src \
website/src \
website/docs \
website/developer-docs
codespell -w $(CODESPELL_ARGS)
lint:
pylint authentik tests lifecycle
@ -172,6 +179,9 @@ ci-pylint: ci--meta-debug
ci-black: ci--meta-debug
black --check $(PY_SOURCES)
ci-codespell: ci--meta-debug
codespell $(CODESPELL_ARGS) -s
ci-isort: ci--meta-debug
isort --check $(PY_SOURCES)

View file

@ -38,7 +38,7 @@ We have a roadmap with several new features, and we want to hear your opinions o
Roadmapped features include:
- **RBAC**
- Currently theres only the option of users to be superusers or regular users, and superusers can edit everything, including all authentic objects. This goes against the security principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), and as such goes against our security-focused mantra. Role-based access control (RBAC) restricts CRUD rights on authentik objects based on a specific _role,_ providing even more fine-grained control.
- Currently theres only the option of users to be superusers or regular users, and superusers can edit everything, including all authentik objects. This goes against the security principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), and as such goes against our security-focused mantra. Role-based access control (RBAC) restricts CRUD rights on authentik objects based on a specific _role,_ providing even more fine-grained control.
- **UX improvements**
- Ease of use and clear, intuitive UIs is always one of our main goals, and were now focusing yet more on making the experience of using authentik even better. Less jumping around in the UI and more helpful context actions, suggestions, and recommendations.
- **Push-notification multifactor authentication** (Enterprise)
@ -66,7 +66,7 @@ The following offerings are described in detail on the new page (coming soon!) i
Our forever-free offering, the open source authentik project, has been active for over 5 years, and now has the support of Authentik Security. For self-hosted environments, works using all major authentication protocols (OAuth2/OpenID Connect, SAML, LDAP, and proxy authentication), with an advanced, customizable policy engine, and community support.
- Enterprise Self-hosted:
Our Enterprise Self-hosted plan offers all of the features of open source authentic (and is still source-available), plus releases with long-term-support (LTS), an enterprise-level support plan, and additional features for larger organizations such as AI-based risk assessment and multifactor authentication (MFA) with push notification.
Our Enterprise Self-hosted plan offers all of the features of open source authentik (and is still source-available), plus releases with long-term-support (LTS), an enterprise-level support plan, and additional features for larger organizations such as AI-based risk assessment and multifactor authentication (MFA) with push notification.
- Enterprise Cloud:
The Enterprise Cloud plan provides the convenience of our enterprise-level product as a SaaS offering, hosted and managed by Authentik Security. For many organizations, the benefits of decreased operational costs and universal data access (no VPN, servers, and network configuration required) make SaaS the best choice. With the cloud offering, the same enterprise-level support plan is included, and migrating to self-hosted is always an option.

View file

@ -95,7 +95,7 @@ SAML2_GROUP_ATTRIBUTE=http://schemas.xmlsoap.org/claims/Group
SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
# Identity Provider entityID URL
SAML2_IDP_ENTITYID=METADATAURL
# Auto-load metatadata from the IDP
# Auto-load metadata from the IDP
# Setting this to true negates the need to specify the next three options
SAML2_AUTOLOAD_METADATA=true

View file

@ -51,9 +51,9 @@ The following placeholders will be used:
- `StartTLS`: Unchecked
- `Skip SSL/TLS Verification`:
- If using a certificate issued by a certificate authority Jellyfin trusts, leave this unchecked.
- If you're using a self signed certifcate, check this box.
- If you're using a self signed certificate, check this box.
- `Allow password change`: Unchecked
- Since authentik already has a frontend for password resets, its not nessessary to include this in Jellyfin, especially since it requires bind user to have privileges.
- Since authentik already has a frontend for password resets, its not necessary to include this in Jellyfin, especially since it requires bind user to have privileges.
- `Password Reset URL`: Empty
- `LDAP Bind User`: Set this to a the user you want to bind to in authentik. By default the path will be `ou=users,dc=company,dc=com` so the LDAP Bind user will be `cn=ldap_bind_user,ou=users,dc=company,dc=com`.
- `LDAP Bind User Password`: The Password of the user. If using a Service account, this is the token.

View file

@ -68,7 +68,7 @@ Group based permissions are not implemented in the below example
Use npm to install passport-openidconnect
Navigate to the node-red `node_modules` directory, this is dependant on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container.
Navigate to the node-red `node_modules` directory, this is dependent on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container.
Run the command `npm install passport-openidconnect`

View file

@ -45,7 +45,7 @@ Now restart your container:
**Provider**
In authentik, go to the Admin Interface and click _Applications/Providers_.
Create a Proxy Provider. Give it a name (e.g. `Paperless Proxy`), then choose explicit or implicit consent (whether you want authentic to show a button to proceed to Paperless after login, or to just go there).
Create a Proxy Provider. Give it a name (e.g. `Paperless Proxy`), then choose explicit or implicit consent (whether you want authentik to show a button to proceed to Paperless after login, or to just go there).
Choose Forward Auth (single application), then add the External host: `https://paperless.company`

View file

@ -57,7 +57,7 @@ In authentik, create an outpost (under _Applications/Outposts_) of type `LDAP` t
- Name: LDAP
- Type: LDAP
## pfSense unsecure setup (without SSL)
## pfSense insecure setup (without SSL)
:::caution
This setup should only be used for testing purpose, because passwords will be sent in clear text to authentik.

View file

@ -13,7 +13,7 @@ QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attach
Connecting a QNAP NAS to an LDAP Directory is a little bit special
as it is **not** (well) documented what really is done behind the scenes of QNAP.
## Preperation
## Preparation
The following placeholders will be used:

View file

@ -16,7 +16,7 @@ It provides full functionality you expect from an email client, including MIME s
This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account.
The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately.
## Preperation
## Preparation
The following placeholders will be used:

View file

@ -87,7 +87,7 @@ Change the following fields
- LDAP Filter: &(objectClass=user)
- Username Field: mail
:::note
Setting the Username fieled to mail is recommended in order to ensure the usernameisunique. See https://snipe-it.readme.io/docs/ldap-sync-login
Setting the Username field to mail is recommended in order to ensure the usernameisunique. See https://snipe-it.readme.io/docs/ldap-sync-login
:::
- Allow unauthenticated bind: **unticked**
- Last Name: sn

View file

@ -17,7 +17,7 @@ a consequence, it cannot be used to provide automount or sudo
configuration nor can it provide netgroups or services to `nss`.
Kerberos is also not supported.
## Preperation
## Preparation
The following placeholders will be used:

View file

@ -9,7 +9,7 @@ title: TrueNAS TrueCommand
From https://www.truenas.com/truecommand/
:::note
What is TrueCommand?
TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storag
TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage
e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti
me when resolving issues.
:::

View file

@ -53,6 +53,6 @@ To avoid that all users get admin access to Uptime Kuma create a group in authen
## Uptime Kuma
Disble auth from Uptime Kuma, go to `Settings` > `Advanced` > `Disable Auth`
Disable auth from Uptime Kuma, go to `Settings` > `Advanced` > `Disable Auth`
To access the dashboard, open `https://uptime-kuma.company/dashboard`, this will start the login with authentik. You can also set this address as the Launch URL for the application.

View file

@ -75,7 +75,7 @@ return request.user.email
## Weblate configuration
The variables bellow need to be set, depending on if you deploy in a container or not you can take a look at the following links
The variables below need to be set, depending on if you deploy in a container or not you can take a look at the following links
- https://docs.weblate.org/en/latest/admin/config.html#config
- https://docs.weblate.org/en/latest/admin/install/docker.html#docker-environment
@ -96,4 +96,4 @@ Should you wish to only allow registration and login through Authentik, you shou
- REQUIRE_LOGIN: `1`
- NO_EMAIL_AUTH: `1`
Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as enviornment variables
Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as environment variables

View file

@ -61,7 +61,7 @@ In authentik, create an application (under _Resources/Applications_) with these
## zammad Setup
Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activiate `Authentication via SAML` and change the following fields:
Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activate `Authentication via SAML` and change the following fields:
- Display name: authentik
- IDP SSO target URL: https://authentik.company/application/saml/ticketsystem-seatable/sso/binding/init/

View file

@ -13,7 +13,7 @@ From https://zulip.com
With Zulip, you can catch up on important conversations while ignoring irrelevant ones.
:::
## Preperation
## Preparation
The following placeholders will be used:

View file

@ -136,7 +136,7 @@ module.exports = {
items: [
{
type: "category",
label: "Directory syncronization",
label: "Directory synchronization",
items: [
"sources/active-directory/index",
"sources/freeipa/index",