diff --git a/.editorconfig b/.editorconfig index b80ea6f1a..62ca398ae 100644 --- a/.editorconfig +++ b/.editorconfig @@ -15,3 +15,6 @@ indent_size = 2 [*.go] indent_style = tab + +[Makefile] +indent_style = tab diff --git a/.github/codespell-dictionary.txt b/.github/codespell-dictionary.txt new file mode 100644 index 000000000..b4db7d877 --- /dev/null +++ b/.github/codespell-dictionary.txt @@ -0,0 +1 @@ +authentic->authentik diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index bce84bcbf..b17149528 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -29,6 +29,7 @@ jobs: - bandit - pyright - pending-migrations + - codespell runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 diff --git a/Makefile b/Makefile index 681617b84..2eb33c7eb 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,20 @@ UID = $(shell id -u) GID = $(shell id -g) NPM_VERSION = $(shell python -m scripts.npm_version) +CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \ + -I .github/codespell-words.txt \ + -S 'web/src/locales/**' \ + authentik \ + internal \ + cmd \ + web/src \ + website/src \ + website/blog \ + website/developer-docs \ + website/docs \ + website/integrations \ + website/src + all: lint-fix lint test gen web test-go: @@ -26,14 +40,7 @@ test: lint-fix: isort authentik tests scripts lifecycle black authentik tests scripts lifecycle - codespell -I .github/codespell-words.txt -S 'web/src/locales/**' -w \ - authentik \ - internal \ - cmd \ - web/src \ - website/src \ - website/docs \ - website/developer-docs + codespell -w $(CODESPELL_ARGS) lint: pylint authentik tests lifecycle @@ -172,6 +179,9 @@ ci-pylint: ci--meta-debug ci-black: ci--meta-debug black --check $(PY_SOURCES) +ci-codespell: ci--meta-debug + codespell $(CODESPELL_ARGS) -s + ci-isort: ci--meta-debug isort --check $(PY_SOURCES) diff --git a/website/blog/2023-03-23-whats-new-with-authentik-march-2023/item.md b/website/blog/2023-03-23-whats-new-with-authentik-march-2023/item.md index a3c959b7f..3f33df3be 100644 --- a/website/blog/2023-03-23-whats-new-with-authentik-march-2023/item.md +++ b/website/blog/2023-03-23-whats-new-with-authentik-march-2023/item.md @@ -38,7 +38,7 @@ We have a roadmap with several new features, and we want to hear your opinions o Roadmapped features include: - **RBAC** - - Currently there’s only the option of users to be superusers or regular users, and superusers can edit everything, including all authentic objects. This goes against the security principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), and as such goes against our security-focused mantra. Role-based access control (RBAC) restricts CRUD rights on authentik objects based on a specific _role,_ providing even more fine-grained control. + - Currently there’s only the option of users to be superusers or regular users, and superusers can edit everything, including all authentik objects. This goes against the security principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), and as such goes against our security-focused mantra. Role-based access control (RBAC) restricts CRUD rights on authentik objects based on a specific _role,_ providing even more fine-grained control. - **UX improvements** - Ease of use and clear, intuitive UIs is always one of our main goals, and we’re now focusing yet more on making the experience of using authentik even better. Less jumping around in the UI and more helpful context actions, suggestions, and recommendations. - **Push-notification multifactor authentication** (Enterprise) @@ -66,7 +66,7 @@ The following offerings are described in detail on the new page (coming soon!) i Our forever-free offering, the open source authentik project, has been active for over 5 years, and now has the support of Authentik Security. For self-hosted environments, works using all major authentication protocols (OAuth2/OpenID Connect, SAML, LDAP, and proxy authentication), with an advanced, customizable policy engine, and community support. - Enterprise Self-hosted: - Our Enterprise Self-hosted plan offers all of the features of open source authentic (and is still source-available), plus releases with long-term-support (LTS), an enterprise-level support plan, and additional features for larger organizations such as AI-based risk assessment and multifactor authentication (MFA) with push notification. + Our Enterprise Self-hosted plan offers all of the features of open source authentik (and is still source-available), plus releases with long-term-support (LTS), an enterprise-level support plan, and additional features for larger organizations such as AI-based risk assessment and multifactor authentication (MFA) with push notification. - Enterprise Cloud: The Enterprise Cloud plan provides the convenience of our enterprise-level product as a SaaS offering, hosted and managed by Authentik Security. For many organizations, the benefits of decreased operational costs and universal data access (no VPN, servers, and network configuration required) make SaaS the best choice. With the cloud offering, the same enterprise-level support plan is included, and migrating to self-hosted is always an option. diff --git a/website/integrations/services/bookstack/index.md b/website/integrations/services/bookstack/index.md index 42b73f0c6..4e72efb81 100644 --- a/website/integrations/services/bookstack/index.md +++ b/website/integrations/services/bookstack/index.md @@ -95,7 +95,7 @@ SAML2_GROUP_ATTRIBUTE=http://schemas.xmlsoap.org/claims/Group SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname # Identity Provider entityID URL SAML2_IDP_ENTITYID=METADATAURL -# Auto-load metatadata from the IDP +# Auto-load metadata from the IDP # Setting this to true negates the need to specify the next three options SAML2_AUTOLOAD_METADATA=true diff --git a/website/integrations/services/jellyfin/index.md b/website/integrations/services/jellyfin/index.md index 267209620..6db9b0697 100644 --- a/website/integrations/services/jellyfin/index.md +++ b/website/integrations/services/jellyfin/index.md @@ -51,9 +51,9 @@ The following placeholders will be used: - `StartTLS`: Unchecked - `Skip SSL/TLS Verification`: - If using a certificate issued by a certificate authority Jellyfin trusts, leave this unchecked. - - If you're using a self signed certifcate, check this box. + - If you're using a self signed certificate, check this box. - `Allow password change`: Unchecked - - Since authentik already has a frontend for password resets, its not nessessary to include this in Jellyfin, especially since it requires bind user to have privileges. + - Since authentik already has a frontend for password resets, its not necessary to include this in Jellyfin, especially since it requires bind user to have privileges. - `Password Reset URL`: Empty - `LDAP Bind User`: Set this to a the user you want to bind to in authentik. By default the path will be `ou=users,dc=company,dc=com` so the LDAP Bind user will be `cn=ldap_bind_user,ou=users,dc=company,dc=com`. - `LDAP Bind User Password`: The Password of the user. If using a Service account, this is the token. diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md index 5312fa99c..aa6650dbc 100644 --- a/website/integrations/services/node-red/index.md +++ b/website/integrations/services/node-red/index.md @@ -68,7 +68,7 @@ Group based permissions are not implemented in the below example Use npm to install passport-openidconnect -Navigate to the node-red `node_modules` directory, this is dependant on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container. +Navigate to the node-red `node_modules` directory, this is dependent on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container. Run the command `npm install passport-openidconnect` diff --git a/website/integrations/services/paperless-ng/index.md b/website/integrations/services/paperless-ng/index.md index 5d1fd366b..f7672470b 100644 --- a/website/integrations/services/paperless-ng/index.md +++ b/website/integrations/services/paperless-ng/index.md @@ -45,7 +45,7 @@ Now restart your container: **Provider** In authentik, go to the Admin Interface and click _Applications/Providers_. -Create a Proxy Provider. Give it a name (e.g. `Paperless Proxy`), then choose explicit or implicit consent (whether you want authentic to show a button to proceed to Paperless after login, or to just go there). +Create a Proxy Provider. Give it a name (e.g. `Paperless Proxy`), then choose explicit or implicit consent (whether you want authentik to show a button to proceed to Paperless after login, or to just go there). Choose Forward Auth (single application), then add the External host: `https://paperless.company` diff --git a/website/integrations/services/pfsense/index.md b/website/integrations/services/pfsense/index.md index 2db4fdc13..5e523239d 100644 --- a/website/integrations/services/pfsense/index.md +++ b/website/integrations/services/pfsense/index.md @@ -57,7 +57,7 @@ In authentik, create an outpost (under _Applications/Outposts_) of type `LDAP` t - Name: LDAP - Type: LDAP -## pfSense unsecure setup (without SSL) +## pfSense insecure setup (without SSL) :::caution This setup should only be used for testing purpose, because passwords will be sent in clear text to authentik. diff --git a/website/integrations/services/qnap-nas/index.md b/website/integrations/services/qnap-nas/index.md index 7580dab95..5a444da31 100644 --- a/website/integrations/services/qnap-nas/index.md +++ b/website/integrations/services/qnap-nas/index.md @@ -13,7 +13,7 @@ QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attach Connecting a QNAP NAS to an LDAP Directory is a little bit special as it is **not** (well) documented what really is done behind the scenes of QNAP. -## Preperation +## Preparation The following placeholders will be used: diff --git a/website/integrations/services/roundcube/index.md b/website/integrations/services/roundcube/index.md index 9dc87bdd4..aa52d57a7 100644 --- a/website/integrations/services/roundcube/index.md +++ b/website/integrations/services/roundcube/index.md @@ -16,7 +16,7 @@ It provides full functionality you expect from an email client, including MIME s This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account. The mail server must support XOAUTH2 for both SMTPD and IMAP/POP. Postfix SMTP server can also use Dovecot for authentication which provides Postfix with xoauth2 capability without configuring it separately. -## Preperation +## Preparation The following placeholders will be used: diff --git a/website/integrations/services/snipe-it/index.md b/website/integrations/services/snipe-it/index.md index efcd6653f..f108a65be 100644 --- a/website/integrations/services/snipe-it/index.md +++ b/website/integrations/services/snipe-it/index.md @@ -87,7 +87,7 @@ Change the following fields - LDAP Filter: &(objectClass=user) - Username Field: mail :::note - Setting the Username fieled to mail is recommended in order to ensure the usernameisunique. See https://snipe-it.readme.io/docs/ldap-sync-login + Setting the Username field to mail is recommended in order to ensure the usernameisunique. See https://snipe-it.readme.io/docs/ldap-sync-login ::: - Allow unauthenticated bind: **unticked** - Last Name: sn diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md index 631132c61..37e8067e7 100644 --- a/website/integrations/services/sssd/index.md +++ b/website/integrations/services/sssd/index.md @@ -17,7 +17,7 @@ a consequence, it cannot be used to provide automount or sudo configuration nor can it provide netgroups or services to `nss`. Kerberos is also not supported. -## Preperation +## Preparation The following placeholders will be used: diff --git a/website/integrations/services/truecommand/index.md b/website/integrations/services/truecommand/index.md index ddff63582..784c46981 100644 --- a/website/integrations/services/truecommand/index.md +++ b/website/integrations/services/truecommand/index.md @@ -9,7 +9,7 @@ title: TrueNAS TrueCommand From https://www.truenas.com/truecommand/ :::note What is TrueCommand? -TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storag +TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage e uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable ti me when resolving issues. ::: diff --git a/website/integrations/services/uptime-kuma/index.md b/website/integrations/services/uptime-kuma/index.md index 0d5a725ba..eecc8557e 100644 --- a/website/integrations/services/uptime-kuma/index.md +++ b/website/integrations/services/uptime-kuma/index.md @@ -53,6 +53,6 @@ To avoid that all users get admin access to Uptime Kuma create a group in authen ## Uptime Kuma -Disble auth from Uptime Kuma, go to `Settings` > `Advanced` > `Disable Auth` +Disable auth from Uptime Kuma, go to `Settings` > `Advanced` > `Disable Auth` To access the dashboard, open `https://uptime-kuma.company/dashboard`, this will start the login with authentik. You can also set this address as the Launch URL for the application. diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md index 8dde0b033..e1a8d8ab9 100644 --- a/website/integrations/services/weblate/index.md +++ b/website/integrations/services/weblate/index.md @@ -75,7 +75,7 @@ return request.user.email ## Weblate configuration -The variables bellow need to be set, depending on if you deploy in a container or not you can take a look at the following links +The variables below need to be set, depending on if you deploy in a container or not you can take a look at the following links - https://docs.weblate.org/en/latest/admin/config.html#config - https://docs.weblate.org/en/latest/admin/install/docker.html#docker-environment @@ -96,4 +96,4 @@ Should you wish to only allow registration and login through Authentik, you shou - REQUIRE_LOGIN: `1` - NO_EMAIL_AUTH: `1` -Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as enviornment variables +Should you wish to deploy this in a container prefix all the variables with `WEBLATE_` and set them as environment variables diff --git a/website/integrations/services/zammad/index.md b/website/integrations/services/zammad/index.md index d2e772678..65ccb8e8f 100644 --- a/website/integrations/services/zammad/index.md +++ b/website/integrations/services/zammad/index.md @@ -61,7 +61,7 @@ In authentik, create an application (under _Resources/Applications_) with these ## zammad Setup -Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activiate `Authentication via SAML` and change the following fields: +Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activate `Authentication via SAML` and change the following fields: - Display name: authentik - IDP SSO target URL: https://authentik.company/application/saml/ticketsystem-seatable/sso/binding/init/ diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md index 603ae3c9e..fb185c6a2 100644 --- a/website/integrations/services/zulip/index.md +++ b/website/integrations/services/zulip/index.md @@ -13,7 +13,7 @@ From https://zulip.com With Zulip, you can catch up on important conversations while ignoring irrelevant ones. ::: -## Preperation +## Preparation The following placeholders will be used: diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index 98f0d7ecb..c2f32ab2c 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -136,7 +136,7 @@ module.exports = { items: [ { type: "category", - label: "Directory syncronization", + label: "Directory synchronization", items: [ "sources/active-directory/index", "sources/freeipa/index",