From 649db054a6e3154749336167dbb3954e5222af01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Apr 2021 08:26:10 +0200 Subject: [PATCH 01/45] build(deps): bump boto3 from 1.17.53 to 1.17.54 (#762) --- Pipfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 4e705873b..5710a5415 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -116,18 +116,18 @@ }, "boto3": { "hashes": [ - "sha256:1d26f6e7ae3c940cb07119077ac42485dcf99164350da0ab50d0f5ad345800cd", - "sha256:3bf3305571f3c8b738a53e9e7dcff59137dffe94670046c084a17f9fa4599ff3" + "sha256:1e55df93aa47a84e2a12a639c7f145e16e6e9ef959542d69d5526d50d2e92692", + "sha256:eab42daaaf68cdad5b112d31dcb0684162098f6558ba7b64156be44f993525fa" ], "index": "pypi", - "version": "==1.17.53" + "version": "==1.17.54" }, "botocore": { "hashes": [ - "sha256:d5e70d17b91c9b5867be7d6de0caa7dde9ed789bed62f03ea9b60718dc9350bf", - "sha256:e303500c4e80f6a706602da53daa6f751cfa8f491665c99a24ee732ab6321573" + "sha256:20a864fc6570ba11d52532c72c3ccabab5c71a9b4a9418601a313d56f1d2ce5b", + "sha256:37ec76ea2df8609540ba6cb0fe360ae1c589d2e1ee91eb642fd767823f3fcedd" ], - "version": "==1.20.53" + "version": "==1.20.54" }, "cachetools": { "hashes": [ @@ -1106,10 +1106,10 @@ }, "s3transfer": { "hashes": [ - "sha256:35627b86af8ff97e7ac27975fe0a98a312814b46c6333d8a6b889627bcd80994", - "sha256:efa5bd92a897b6a8d5c1383828dca3d52d0790e0756d49740563a3fb6ed03246" + "sha256:af1af6384bd7fb8208b06480f9be73d0295d965c4c073a5c95ea5b6661dccc18", + "sha256:f3dfd791cad2799403e3c8051810a7ca6ee1d2e630e5d2a8f9649d892bdb3db6" ], - "version": "==0.3.7" + "version": "==0.4.0" }, "sentry-sdk": { "hashes": [ From 5db3409efc9d6ce0a88d87922a5d2a889f2e1d59 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 09:13:36 +0200 Subject: [PATCH 02/45] web: bump lingui Signed-off-by: Jens Langhammer --- web/package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/package.json b/web/package.json index 4e5bd2601..d8b82f33a 100644 --- a/web/package.json +++ b/web/package.json @@ -41,9 +41,9 @@ "@babel/preset-env": "^7.13.15", "@babel/preset-typescript": "^7.13.0", "@fortawesome/fontawesome-free": "^5.15.3", - "@lingui/cli": "^3.8.9", - "@lingui/core": "^3.8.9", - "@lingui/macro": "^3.8.9", + "@lingui/cli": "^3.8.10", + "@lingui/core": "^3.8.10", + "@lingui/macro": "^3.8.10", "@patternfly/patternfly": "^4.96.2", "@polymer/iron-form": "^3.0.1", "@polymer/paper-input": "^3.2.1", From e20bb7d6367799f4db8ca1240c5dda0d43f79154 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 09:15:07 +0200 Subject: [PATCH 03/45] release: 2021.4.3 --- .bumpversion.cfg | 2 +- .github/workflows/release.yml | 14 +++++++------- authentik/__init__.py | 2 +- docker-compose.yml | 6 +++--- helm/Chart.yaml | 2 +- helm/README.md | 2 +- helm/values.yaml | 2 +- outpost/pkg/version.go | 2 +- web/nginx.conf | 2 +- web/src/constants.ts | 2 +- website/docs/installation/docker-compose.md | 2 +- website/docs/installation/kubernetes.md | 2 +- .../docs/outposts/manual-deploy-docker-compose.md | 2 +- website/docs/outposts/manual-deploy-kubernetes.md | 14 +++++++------- 14 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 363bab7c1..6d27e9887 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 2021.4.2 +current_version = 2021.4.3 tag = True commit = True parse = (?P\d+)\.(?P\d+)\.(?P\d+)\-?(?P.*) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index afea61725..3ab8e727c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,11 +18,11 @@ jobs: - name: Building Docker Image run: docker build --no-cache - -t beryju/authentik:2021.4.2 + -t beryju/authentik:2021.4.3 -t beryju/authentik:latest -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik:2021.4.2 + run: docker push beryju/authentik:2021.4.3 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik:latest build-proxy: @@ -48,11 +48,11 @@ jobs: cd outpost/ docker build \ --no-cache \ - -t beryju/authentik-proxy:2021.4.2 \ + -t beryju/authentik-proxy:2021.4.3 \ -t beryju/authentik-proxy:latest \ -f proxy.Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-proxy:2021.4.2 + run: docker push beryju/authentik-proxy:2021.4.3 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-proxy:latest build-static: @@ -72,11 +72,11 @@ jobs: cd web/ docker build \ --no-cache \ - -t beryju/authentik-static:2021.4.2 \ + -t beryju/authentik-static:2021.4.3 \ -t beryju/authentik-static:latest \ -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-static:2021.4.2 + run: docker push beryju/authentik-static:2021.4.3 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-static:latest test-release: @@ -110,5 +110,5 @@ jobs: SENTRY_PROJECT: authentik SENTRY_URL: https://sentry.beryju.org with: - tagName: 2021.4.2 + tagName: 2021.4.3 environment: beryjuorg-prod diff --git a/authentik/__init__.py b/authentik/__init__.py index 48be121bd..e0a2c582d 100644 --- a/authentik/__init__.py +++ b/authentik/__init__.py @@ -1,3 +1,3 @@ """authentik""" -__version__ = "2021.4.2" +__version__ = "2021.4.3" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" diff --git a/docker-compose.yml b/docker-compose.yml index 49838df91..72c78d695 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: networks: - internal server: - image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} + image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.3} restart: unless-stopped command: server environment: @@ -48,7 +48,7 @@ services: env_file: - .env worker: - image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} + image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.3} restart: unless-stopped command: worker networks: @@ -68,7 +68,7 @@ services: env_file: - .env static: - image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.2} + image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.3} restart: unless-stopped networks: - internal diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 9924f6a21..e8f64aedb 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -4,7 +4,7 @@ name: authentik home: https://goauthentik.io sources: - https://github.com/BeryJu/authentik -version: "2021.4.2" +version: "2021.4.3" icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg dependencies: - name: postgresql diff --git a/helm/README.md b/helm/README.md index 167a1a484..9284b8eb8 100644 --- a/helm/README.md +++ b/helm/README.md @@ -4,7 +4,7 @@ |-----------------------------------|-------------------------|-------------| | image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | -| image.tag | 2021.4.2 | Image tag | +| image.tag | 2021.4.3 | Image tag | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | serverReplicas | 1 | Replicas for the Server deployment | | workerReplicas | 1 | Replicas for the Worker deployment | diff --git a/helm/values.yaml b/helm/values.yaml index f911a53b5..dfa303441 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -5,7 +5,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.4.2 + tag: 2021.4.3 pullPolicy: IfNotPresent serverReplicas: 1 diff --git a/outpost/pkg/version.go b/outpost/pkg/version.go index 74e4aa4a0..a996328c6 100644 --- a/outpost/pkg/version.go +++ b/outpost/pkg/version.go @@ -1,3 +1,3 @@ package pkg -const VERSION = "2021.4.2" +const VERSION = "2021.4.3" diff --git a/web/nginx.conf b/web/nginx.conf index e992b7ce6..f8926675a 100644 --- a/web/nginx.conf +++ b/web/nginx.conf @@ -81,7 +81,7 @@ http { location /static/ { expires 31d; add_header Cache-Control "public, no-transform"; - add_header X-authentik-version "2021.4.2"; + add_header X-authentik-version "2021.4.3"; add_header Vary X-authentik-version; } diff --git a/web/src/constants.ts b/web/src/constants.ts index e726de6e7..9028f6cca 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success"; export const ERROR_CLASS = "pf-m-danger"; export const PROGRESS_CLASS = "pf-m-in-progress"; export const CURRENT_CLASS = "pf-m-current"; -export const VERSION = "2021.4.2"; +export const VERSION = "2021.4.3"; export const PAGE_SIZE = 20; export const EVENT_REFRESH = "ak-refresh"; export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle"; diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index 5d22d804a..72be5c194 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -16,7 +16,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env` -To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.2 >> .env` +To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.3 >> .env` If this is a fresh authentik install run the following commands to generate a password: diff --git a/website/docs/installation/kubernetes.md b/website/docs/installation/kubernetes.md index ca8311e15..eaafb1513 100644 --- a/website/docs/installation/kubernetes.md +++ b/website/docs/installation/kubernetes.md @@ -38,7 +38,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.4.2 + tag: 2021.4.3 serverReplicas: 1 workerReplicas: 1 diff --git a/website/docs/outposts/manual-deploy-docker-compose.md b/website/docs/outposts/manual-deploy-docker-compose.md index 90d5ca658..5e8816e40 100644 --- a/website/docs/outposts/manual-deploy-docker-compose.md +++ b/website/docs/outposts/manual-deploy-docker-compose.md @@ -11,7 +11,7 @@ version: "3.5" services: authentik_proxy: - image: beryju/authentik-proxy:2021.4.2 + image: beryju/authentik-proxy:2021.4.3 ports: - 4180:4180 - 4443:4443 diff --git a/website/docs/outposts/manual-deploy-kubernetes.md b/website/docs/outposts/manual-deploy-kubernetes.md index 20e29e265..852c82d7a 100644 --- a/website/docs/outposts/manual-deploy-kubernetes.md +++ b/website/docs/outposts/manual-deploy-kubernetes.md @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 name: authentik-outpost-api stringData: authentik_host: "__AUTHENTIK_URL__" @@ -29,7 +29,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 name: authentik-outpost spec: ports: @@ -54,7 +54,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 name: authentik-outpost spec: selector: @@ -62,14 +62,14 @@ spec: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 template: metadata: labels: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 spec: containers: - env: @@ -88,7 +88,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: beryju/authentik-proxy:2021.4.2 + image: beryju/authentik-proxy:2021.4.3 name: proxy ports: - containerPort: 4180 @@ -110,7 +110,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.2 + app.kubernetes.io/version: 2021.4.3 name: authentik-outpost spec: rules: From 299931985e52fa34328374923149de72212ae22a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 11:27:56 +0200 Subject: [PATCH 04/45] web: fix mis-matched package-lock file Signed-off-by: Jens Langhammer --- web/package-lock.json | 115 ++++++++---------------------------------- 1 file changed, 22 insertions(+), 93 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index bdcbda6d8..e8ef43882 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -1336,86 +1336,28 @@ } }, "@lingui/babel-plugin-extract-messages": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/babel-plugin-extract-messages/-/babel-plugin-extract-messages-3.8.9.tgz", - "integrity": "sha512-zPpSl89nvUrLyGHfVosZHCP9fylfCfkEMc29wGdjE6f0U+frJ59NRLilWMy7xaE8uz97cD5vkhYaaF1wnavhxA==", + "version": "3.8.10", + "resolved": "https://registry.npmjs.org/@lingui/babel-plugin-extract-messages/-/babel-plugin-extract-messages-3.8.10.tgz", + "integrity": "sha512-16EnNRb1HXNjdDLMY3xS7jh0wKA00x21LC1CIKRAki80u92jvkSMOJYk+lD6yhdrcl0dH5OMAbdluAm1+rpEPw==", "requires": { "@babel/generator": "^7.11.6", "@babel/runtime": "^7.11.2", - "@lingui/conf": "^3.8.9", + "@lingui/conf": "^3.8.10", "mkdirp": "^1.0.4" - }, - "dependencies": { - "@lingui/conf": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz", - "integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==", - "requires": { - "@babel/runtime": "^7.11.2", - "@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2", - "chalk": "^4.1.0", - "cosmiconfig": "^7.0.0", - "jest-validate": "^26.5.2", - "lodash.get": "^4.4.2" - } - }, - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "requires": { - "color-convert": "^2.0.1" - } - }, - "chalk": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz", - "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" - }, - "has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" - }, - "supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "requires": { - "has-flag": "^4.0.0" - } - } } }, "@lingui/cli": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/cli/-/cli-3.8.9.tgz", - "integrity": "sha512-UccLtfwrTjXrZcTxpqA4ggYhuUMbXZtzbUVks8nDVt3emVqU56C3VMvVD8WKXLL8Qmq9cEDXPwIZy7IKRL4mEQ==", + "version": "3.8.10", + "resolved": "https://registry.npmjs.org/@lingui/cli/-/cli-3.8.10.tgz", + "integrity": "sha512-YLkT5e6JRwVcXEwLD0++/m1p/wvRQbLj/+m8geXfrcFfrsQyT3uhHNZRFK0GdsjyDslSqJYbalYibJUbgC2sOA==", "requires": { "@babel/generator": "^7.11.6", "@babel/parser": "^7.11.5", "@babel/plugin-syntax-jsx": "^7.10.4", "@babel/runtime": "^7.11.2", "@babel/types": "^7.11.5", - "@lingui/babel-plugin-extract-messages": "^3.8.9", - "@lingui/conf": "^3.8.9", + "@lingui/babel-plugin-extract-messages": "^3.8.10", + "@lingui/conf": "^3.8.10", "babel-plugin-macros": "^3.0.1", "bcp-47": "^1.0.7", "chalk": "^4.1.0", @@ -1442,19 +1384,6 @@ "ramda": "^0.27.1" }, "dependencies": { - "@lingui/conf": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz", - "integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==", - "requires": { - "@babel/runtime": "^7.11.2", - "@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2", - "chalk": "^4.1.0", - "cosmiconfig": "^7.0.0", - "jest-validate": "^26.5.2", - "lodash.get": "^4.4.2" - } - }, "ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", @@ -1531,9 +1460,9 @@ } }, "@lingui/conf": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz", - "integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==", + "version": "3.8.10", + "resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.10.tgz", + "integrity": "sha512-4KdH+23WXZ5g+LRlvvise3z3mdd41zLgqSJ/PUCMGk60RfElvTrTdxpnm2tOF/2hr+OyGCQEy6kLq606y639qw==", "requires": { "@babel/runtime": "^7.11.2", "@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2", @@ -1589,9 +1518,9 @@ } }, "@lingui/core": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/core/-/core-3.8.9.tgz", - "integrity": "sha512-QmEfgukR7w/4/4USZT0LGNt7Yq/RgirFl4088wEta0vgroidxaCRgUXr8RXcdFVjTdtG5dc86JTEj4inZECKvg==", + "version": "3.8.10", + "resolved": "https://registry.npmjs.org/@lingui/core/-/core-3.8.10.tgz", + "integrity": "sha512-1OzZW8iP5yAXxz49pY/WZ1acLvkekd6HgDh8zH3jMA2Hbig2jk6VGVERMO7lwEwJiyEuxaQpe8fRrhCTB7wA3A==", "requires": { "@babel/runtime": "^7.11.2", "make-plural": "^6.2.2", @@ -1599,12 +1528,12 @@ } }, "@lingui/macro": { - "version": "3.8.9", - "resolved": "https://registry.npmjs.org/@lingui/macro/-/macro-3.8.9.tgz", - "integrity": "sha512-9LhlbkJ9wOtOLhlaVRLHCRL55S5wOFyyqEhUM+ujUmCskTmMmXzjnRsw5f11nJTK1JJETMT/VlUB5/p7D7Edkw==", + "version": "3.8.10", + "resolved": "https://registry.npmjs.org/@lingui/macro/-/macro-3.8.10.tgz", + "integrity": "sha512-oZZ/F7HsNQkDsnHFroxzGFuEIXM624H72RIj8j2ClpR64nt+xYDxXYC6TYFicQLtBGcKKBTBoM+zbDaoIv74qQ==", "requires": { "@babel/runtime": "^7.11.2", - "@lingui/conf": "^3.8.9", + "@lingui/conf": "^3.8.10", "ramda": "^0.27.1" } }, @@ -2921,9 +2850,9 @@ } }, "date-fns": { - "version": "2.20.1", - "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.20.1.tgz", - "integrity": "sha512-8P5M8Kxbnovd0zfvOs7ipkiVJ3/zZQ0F/nrBW4x5E+I0uAZVZ80h6CKd24fSXQ5TLK5hXMtI4yb2O5rEZdUt2A==" + "version": "2.21.1", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.21.1.tgz", + "integrity": "sha512-m1WR0xGiC6j6jNFAyW4Nvh4WxAi4JF4w9jRJwSI8nBmNcyZXPcP9VUQG+6gHQXAmqaGEKDKhOqAtENDC941UkA==" }, "debug": { "version": "4.3.1", From 34a191f21692d9f31591af3606cf4bb0b1ff4aaa Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 16:35:15 +0200 Subject: [PATCH 05/45] web/admin: fix link to providers on overview page Signed-off-by: Jens Langhammer --- web/src/pages/admin-overview/AdminOverviewPage.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/pages/admin-overview/AdminOverviewPage.ts b/web/src/pages/admin-overview/AdminOverviewPage.ts index e05535309..b2aef7046 100644 --- a/web/src/pages/admin-overview/AdminOverviewPage.ts +++ b/web/src/pages/admin-overview/AdminOverviewPage.ts @@ -44,7 +44,7 @@ export class AdminOverviewPage extends LitElement { - + From dc75d7b7f0abd5d9bccd0ac73227a9b5bf9e7aef Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 17:04:19 +0200 Subject: [PATCH 06/45] sources/oauth: fix error whilst fetching user profile when source uses fixed URLs Signed-off-by: Jens Langhammer --- authentik/sources/oauth/clients/base.py | 15 +++++++++------ authentik/sources/oauth/clients/oauth1.py | 8 ++++---- authentik/sources/oauth/clients/oauth2.py | 2 +- .../pages/sources/oauth/OAuthSourceViewPage.ts | 4 ++-- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/authentik/sources/oauth/clients/base.py b/authentik/sources/oauth/clients/base.py index 533411ad0..c62bb285e 100644 --- a/authentik/sources/oauth/clients/base.py +++ b/authentik/sources/oauth/clients/base.py @@ -40,8 +40,11 @@ class BaseOAuthClient: def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]: "Fetch user profile information." + profile_url = self.source.type.profile_url or "" + if self.source.type.urls_customizable and self.source.profile_url: + profile_url = self.source.profile_url try: - response = self.do_request("get", self.source.profile_url, token=token) + response = self.do_request("get", profile_url, token=token) response.raise_for_status() except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc) @@ -60,16 +63,16 @@ class BaseOAuthClient: args.update(additional) params = urlencode(args) LOGGER.info("redirect args", **args) - base_url = self.source.type.authorization_url - if self.source.authorization_url: - base_url = self.source.authorization_url - if base_url == "": + authorization_url = self.source.type.authorization_url or "" + if self.source.type.urls_customizable and self.source.authorization_url: + authorization_url = self.source.authorization_url + if authorization_url == "": Event.new( EventAction.CONFIGURATION_ERROR, source=self.source, message="Source has an empty authorization URL.", ).save() - return f"{base_url}?{params}" + return f"{authorization_url}?{params}" def parse_raw_token(self, raw_token: str) -> dict[str, Any]: "Parse token and secret from raw token response." diff --git a/authentik/sources/oauth/clients/oauth1.py b/authentik/sources/oauth/clients/oauth1.py index 5be26c5cc..771f4cbc5 100644 --- a/authentik/sources/oauth/clients/oauth1.py +++ b/authentik/sources/oauth/clients/oauth1.py @@ -28,8 +28,8 @@ class OAuthClient(BaseOAuthClient): if raw_token is not None and verifier is not None: token = self.parse_raw_token(raw_token) try: - access_token_url: str = self.source.type.access_token_url or "" - if self.source.access_token_url: + access_token_url = self.source.type.access_token_url or "" + if self.source.type.urls_customizable and self.source.access_token_url: access_token_url = self.source.access_token_url response = self.do_request( "post", @@ -51,8 +51,8 @@ class OAuthClient(BaseOAuthClient): "Fetch the OAuth request token. Only required for OAuth 1.0." callback = self.request.build_absolute_uri(self.callback) try: - request_token_url: str = self.source.type.request_token_url or "" - if self.source.request_token_url: + request_token_url = self.source.type.request_token_url or "" + if self.source.type.urls_customizable and self.source.request_token_url: request_token_url = self.source.request_token_url response = self.do_request( "post", diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py index c6a6f4248..27443de2b 100644 --- a/authentik/sources/oauth/clients/oauth2.py +++ b/authentik/sources/oauth/clients/oauth2.py @@ -57,7 +57,7 @@ class OAuth2Client(BaseOAuthClient): return None try: access_token_url = self.source.type.access_token_url or "" - if self.source.access_token_url: + if self.source.type.urls_customizable and self.source.access_token_url: access_token_url = self.source.access_token_url response = self.session.request( "post", diff --git a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts index f49619f98..7b011fcd8 100644 --- a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts +++ b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -99,7 +99,7 @@ export class OAuthSourceViewPage extends LitElement { ${t`Authorization URL`}
-
${this.source.authorizationUrl}
+
${this.source.type?.authorizationUrl || this.source.authorizationUrl}
@@ -107,7 +107,7 @@ export class OAuthSourceViewPage extends LitElement { ${t`Token URL`}
-
${this.source.accessTokenUrl}
+
${this.source.type?.accessTokenUrl || this.source.accessTokenUrl}
From a8998a6356c703b2e49ea9e3bfe865f3e2224815 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 17:27:52 +0200 Subject: [PATCH 07/45] sources/oauth: handle error in auzre_ad when ID Can't be extracted Signed-off-by: Jens Langhammer --- authentik/sources/oauth/types/azure_ad.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index 1e23516d4..fbd81f08f 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -1,5 +1,5 @@ """AzureAD OAuth2 Views""" -from typing import Any +from typing import Any, Optional from uuid import UUID from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection @@ -10,8 +10,11 @@ from authentik.sources.oauth.views.callback import OAuthCallback class AzureADOAuthCallback(OAuthCallback): """AzureAD OAuth2 Callback""" - def get_user_id(self, source: OAuthSource, info: dict[str, Any]) -> str: - return str(UUID(info.get("objectId")).int) + def get_user_id(self, source: OAuthSource, info: dict[str, Any]) -> Optional[str]: + try: + return str(UUID(info.get("objectId")).int) + except TypeError: + return None def get_user_enroll_context( self, From 5955394c1d33d2687cc264a4d58f427e4a3fc8c0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 17:32:38 +0200 Subject: [PATCH 08/45] web: send response info when response is thrown Signed-off-by: Jens Langhammer --- web/src/api/Sentry.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/web/src/api/Sentry.ts b/web/src/api/Sentry.ts index 8b3f304d1..ed772a2c6 100644 --- a/web/src/api/Sentry.ts +++ b/web/src/api/Sentry.ts @@ -19,10 +19,14 @@ export function configureSentry(): Promise { ], tracesSampleRate: 0.6, environment: config.errorReportingEnvironment, - beforeSend(event: Sentry.Event, hint: Sentry.EventHint) { + beforeSend: async (event: Sentry.Event, hint: Sentry.EventHint): Promise => { if (hint.originalException instanceof SentryIgnoredError) { return null; } + if (hint.originalException instanceof Response) { + const body = await hint.originalException.json(); + event.message = `${hint.originalException.status} ${hint.originalException.url}: ${JSON.stringify(body)}` + } if (event.exception) { me().then(user => { Sentry.showReportDialog({ From 76131e40ecd29f5022ee72b9acec3373b4338573 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 18:48:01 +0200 Subject: [PATCH 09/45] tests/e2e: monkey patch OAuth1 test instead of setting URLs manually Signed-off-by: Jens Langhammer --- authentik/sources/oauth/views/base.py | 12 +++++++++--- tests/e2e/test_source_oauth.py | 28 +++++++++++++++++++++++---- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/authentik/sources/oauth/views/base.py b/authentik/sources/oauth/views/base.py index bfdd73faa..0ab379301 100644 --- a/authentik/sources/oauth/views/base.py +++ b/authentik/sources/oauth/views/base.py @@ -2,12 +2,15 @@ from typing import Optional, Type from django.http.request import HttpRequest +from structlog.stdlib import get_logger from authentik.sources.oauth.clients.base import BaseOAuthClient from authentik.sources.oauth.clients.oauth1 import OAuthClient from authentik.sources.oauth.clients.oauth2 import OAuth2Client from authentik.sources.oauth.models import OAuthSource +LOGGER = get_logger() + # pylint: disable=too-few-public-methods class OAuthClientMixin: @@ -22,6 +25,9 @@ class OAuthClientMixin: if self.client_class is not None: # pylint: disable=not-callable return self.client_class(source, self.request, **kwargs) - if source.request_token_url: - return OAuthClient(source, self.request, **kwargs) - return OAuth2Client(source, self.request, **kwargs) + if source.type.request_token_url or source.request_token_url: + client = OAuthClient(source, self.request, **kwargs) + else: + client = OAuth2Client(source, self.request, **kwargs) + LOGGER.debug("Using client for oauth request", client=client) + return client diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth.py index c3646a7f7..faeeea221 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth.py @@ -4,6 +4,7 @@ from sys import platform from time import sleep from typing import Any, Optional from unittest.case import skipUnless +from unittest.mock import Mock, patch from django.test import override_settings from docker.models.containers import Container @@ -22,12 +23,31 @@ from authentik.providers.oauth2.generators import ( generate_client_secret, ) from authentik.sources.oauth.models import OAuthSource +from authentik.sources.oauth.types.manager import SourceType +from authentik.sources.oauth.types.twitter import TwitterOAuthCallback from tests.e2e.utils import SeleniumTestCase, apply_migration, object_manager, retry CONFIG_PATH = "/tmp/dex.yml" # nosec LOGGER = get_logger() +class OAUth1Type(SourceType): + """Twitter Type definition""" + + callback_view = TwitterOAuthCallback + name = "Twitter" + slug = "twitter" + + request_token_url = "http://localhost:5000/oauth/request_token" # nosec + access_token_url = "http://localhost:5000/oauth/access_token" # nosec + authorization_url = "http://localhost:5000/oauth/authorize" + profile_url = "http://localhost:5000/api/me" + urls_customizable = False + + +SOURCE_TYPE_MOCK = Mock(return_value=OAUth1Type()) + + @skipUnless(platform.startswith("linux"), "requires local docker") class TestSourceOAuth2(SeleniumTestCase): """test OAuth Source flow""" @@ -291,10 +311,6 @@ class TestSourceOAuth1(SeleniumTestCase): authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, provider_type="twitter", - request_token_url="http://localhost:5000/oauth/request_token", - access_token_url="http://localhost:5000/oauth/access_token", - authorization_url="http://localhost:5000/oauth/authorize", - profile_url="http://localhost:5000/api/me", consumer_key=self.client_id, consumer_secret=self.client_secret, ) @@ -304,6 +320,10 @@ class TestSourceOAuth1(SeleniumTestCase): @apply_migration("authentik_flows", "0008_default_flows") @apply_migration("authentik_flows", "0009_source_flows") @apply_migration("authentik_crypto", "0002_create_self_signed_kp") + @patch( + "authentik.sources.oauth.types.manager.SourceTypeManager.find_type", + SOURCE_TYPE_MOCK, + ) @object_manager def test_oauth_enroll(self): """test OAuth Source With With OIDC""" From 7ccf8bcdc85247041113d3bf92ad05d975a7d008 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 20:32:47 +0200 Subject: [PATCH 10/45] web/admin: only pre-select items when creating a new object Signed-off-by: Jens Langhammer --- web/src/pages/sources/oauth/OAuthSourceForm.ts | 4 ++-- web/src/pages/sources/saml/SAMLSourceForm.ts | 6 +++--- .../authenticator_static/AuthenticatorStaticStageForm.ts | 2 +- .../stages/authenticator_totp/AuthenticatorTOTPStageForm.ts | 2 +- web/src/pages/stages/password/PasswordStageForm.ts | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/src/pages/sources/oauth/OAuthSourceForm.ts b/web/src/pages/sources/oauth/OAuthSourceForm.ts index ff3201a79..6b898e4d9 100644 --- a/web/src/pages/sources/oauth/OAuthSourceForm.ts +++ b/web/src/pages/sources/oauth/OAuthSourceForm.ts @@ -196,7 +196,7 @@ export class OAuthSourceForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.source?.authenticationFlow === flow.pk; - if (!this.source?.authenticationFlow && flow.slug === "default-source-authentication") { + if (!this.source?.pk && !this.source?.authenticationFlow && flow.slug === "default-source-authentication") { selected = true; } return html``; @@ -216,7 +216,7 @@ export class OAuthSourceForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.source?.enrollmentFlow === flow.pk; - if (!this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { + if (!this.source?.pk && !this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { selected = true; } return html``; diff --git a/web/src/pages/sources/saml/SAMLSourceForm.ts b/web/src/pages/sources/saml/SAMLSourceForm.ts index 87de1617e..2fc1dfc28 100644 --- a/web/src/pages/sources/saml/SAMLSourceForm.ts +++ b/web/src/pages/sources/saml/SAMLSourceForm.ts @@ -227,7 +227,7 @@ export class SAMLSourceForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.source?.preAuthenticationFlow === flow.pk; - if (!this.source?.preAuthenticationFlow && flow.slug === "default-source-pre-authentication") { + if (!this.source?.pk && !this.source?.preAuthenticationFlow && flow.slug === "default-source-pre-authentication") { selected = true; } return html``; @@ -247,7 +247,7 @@ export class SAMLSourceForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.source?.authenticationFlow === flow.pk; - if (!this.source?.authenticationFlow && flow.slug === "default-source-authentication") { + if (!this.source?.pk && !this.source?.authenticationFlow && flow.slug === "default-source-authentication") { selected = true; } return html``; @@ -267,7 +267,7 @@ export class SAMLSourceForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.source?.enrollmentFlow === flow.pk; - if (!this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { + if (!this.source?.pk && !this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { selected = true; } return html``; diff --git a/web/src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts b/web/src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts index 1ee32055f..b160d5056 100644 --- a/web/src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts +++ b/web/src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts @@ -78,7 +78,7 @@ export class AuthenticatorStaticStageForm extends Form }).then(flows => { return flows.results.map(flow => { let selected = this.stage?.configureFlow === flow.pk; - if (!this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { + if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { selected = true; } return html``; diff --git a/web/src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts b/web/src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts index 4ca56ad86..51b14400f 100644 --- a/web/src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts +++ b/web/src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts @@ -84,7 +84,7 @@ export class AuthenticatorTOTPStageForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.stage?.configureFlow === flow.pk; - if (!this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { + if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { selected = true; } return html``; diff --git a/web/src/pages/stages/password/PasswordStageForm.ts b/web/src/pages/stages/password/PasswordStageForm.ts index 38de2f949..149effb44 100644 --- a/web/src/pages/stages/password/PasswordStageForm.ts +++ b/web/src/pages/stages/password/PasswordStageForm.ts @@ -94,7 +94,7 @@ export class PasswordStageForm extends Form { }).then(flows => { return flows.results.map(flow => { let selected = this.stage?.configureFlow === flow.pk; - if (!this.stage?.configureFlow && flow.slug === "default-password-change") { + if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-password-change") { selected = true; } return html``; From 1f783dfc015a830aa04330c32b664cf16092c964 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 20:47:33 +0200 Subject: [PATCH 11/45] stages/user_login: add default backend closes #763 Signed-off-by: Jens Langhammer --- authentik/sources/saml/processors/response.py | 2 +- authentik/stages/user_login/stage.py | 10 +++--- authentik/stages/user_login/tests.py | 33 ------------------- 3 files changed, 5 insertions(+), 40 deletions(-) diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py index 74793ba8d..8ecb62e95 100644 --- a/authentik/sources/saml/processors/response.py +++ b/authentik/sources/saml/processors/response.py @@ -39,13 +39,13 @@ from authentik.sources.saml.processors.constants import ( from authentik.sources.saml.processors.request import SESSION_REQUEST_ID from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT +from authentik.stages.user_login.stage import DEFAULT_BACKEND LOGGER = get_logger() if TYPE_CHECKING: from xml.etree.ElementTree import Element # nosec CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s" -DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend" class ResponseProcessor: diff --git a/authentik/stages/user_login/stage.py b/authentik/stages/user_login/stage.py index bc9601066..13881d073 100644 --- a/authentik/stages/user_login/stage.py +++ b/authentik/stages/user_login/stage.py @@ -11,6 +11,7 @@ from authentik.lib.utils.time import timedelta_from_string from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND LOGGER = get_logger() +DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend" class UserLoginStageView(StageView): @@ -23,12 +24,9 @@ class UserLoginStageView(StageView): messages.error(request, message) LOGGER.debug(message) return self.executor.stage_invalid() - if PLAN_CONTEXT_AUTHENTICATION_BACKEND not in self.executor.plan.context: - message = _("Pending user has no backend.") - messages.error(request, message) - LOGGER.debug(message) - return self.executor.stage_invalid() - backend = self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] + backend = self.executor.plan.context.get( + PLAN_CONTEXT_AUTHENTICATION_BACKEND, DEFAULT_BACKEND + ) login( self.request, self.executor.plan.context[PLAN_CONTEXT_PENDING_USER], diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py index b2e636802..98da7ab45 100644 --- a/authentik/stages/user_login/tests.py +++ b/authentik/stages/user_login/tests.py @@ -12,7 +12,6 @@ from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK from authentik.flows.views import SESSION_KEY_PLAN -from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.user_login.models import UserLoginStage @@ -38,9 +37,6 @@ class TestUserLoginStage(TestCase): flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user - plan.context[ - PLAN_CONTEXT_AUTHENTICATION_BACKEND - ] = "django.contrib.auth.backends.ModelBackend" session = self.client.session session[SESSION_KEY_PLAN] = plan session.save() @@ -82,32 +78,3 @@ class TestUserLoginStage(TestCase): "type": ChallengeTypes.NATIVE.value, }, ) - - @patch( - "authentik.flows.views.to_stage_response", - TO_STAGE_RESPONSE_MOCK, - ) - def test_without_backend(self): - """Test a plan with pending user, without backend, resulting in a denied""" - plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] - ) - plan.context[PLAN_CONTEXT_PENDING_USER] = self.user - session = self.client.session - session[SESSION_KEY_PLAN] = plan - session.save() - - response = self.client.get( - reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) - ) - - self.assertEqual(response.status_code, 200) - self.assertJSONEqual( - force_str(response.content), - { - "component": "ak-stage-access-denied", - "error_message": None, - "title": "", - "type": ChallengeTypes.NATIVE.value, - }, - ) From b40afb9b7db0060cd4af94cf2df14ba483065136 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 21:45:14 +0200 Subject: [PATCH 12/45] stages/identification: ignore inactive users Signed-off-by: Jens Langhammer --- authentik/stages/identification/stage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py index 87f416789..a09aa689c 100644 --- a/authentik/stages/identification/stage.py +++ b/authentik/stages/identification/stage.py @@ -60,7 +60,7 @@ class IdentificationStageView(ChallengeStageView): def get_user(self, uid_value: str) -> Optional[User]: """Find user instance. Returns None if no user was found.""" current_stage: IdentificationStage = self.executor.current_stage - query = Q() + query = Q(is_active=True) for search_field in current_stage.user_fields: model_field = search_field if current_stage.case_insensitive_matching: From 73950b72e51bcc47b103e6aa2b2295ff786be21d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 23:16:17 +0200 Subject: [PATCH 13/45] web/admin: improve phrasing for Policy bindings Signed-off-by: Jens Langhammer --- web/src/locales/en.po | 87 ++++++++++--------- web/src/locales/pseudo-LOCALE.po | 83 +++++++++--------- .../pages/applications/ApplicationViewPage.ts | 2 +- web/src/pages/events/RuleListPage.ts | 2 +- web/src/pages/flows/BoundStagesList.ts | 2 +- web/src/pages/flows/FlowViewPage.ts | 4 +- .../sources/oauth/OAuthSourceViewPage.ts | 2 +- .../pages/sources/saml/SAMLSourceViewPage.ts | 2 +- 8 files changed, 95 insertions(+), 89 deletions(-) diff --git a/web/src/locales/en.po b/web/src/locales/en.po index cb5893738..119421eaa 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -64,7 +64,7 @@ msgstr "API Requests" msgid "API request failed" msgstr "API request failed" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:87 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:88 msgid "Access Key" msgstr "Access Key" @@ -293,7 +293,7 @@ msgid "Authorization Code" msgstr "Authorization Code" #: src/pages/sources/oauth/OAuthSourceForm.ts:66 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:95 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:96 msgid "Authorization URL" msgstr "Authorization URL" @@ -405,7 +405,7 @@ msgstr "Cached Flows" msgid "Cached Policies" msgstr "Cached Policies" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:79 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:80 msgid "Callback URL" msgstr "Callback URL" @@ -472,7 +472,7 @@ msgstr "Change your password" #: src/pages/providers/proxy/ProxyProviderViewPage.ts:135 #: src/pages/providers/saml/SAMLProviderViewPage.ts:129 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:113 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:132 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:133 #: src/pages/sources/saml/SAMLSourceViewPage.ts:119 #: src/pages/users/UserViewPage.ts:185 msgid "Changelog" @@ -660,8 +660,8 @@ msgstr "Consumer secret" #: src/pages/events/EventInfo.ts:79 #: src/pages/events/EventInfo.ts:148 #: src/pages/events/EventInfo.ts:167 -#: src/pages/policies/PolicyTestForm.ts:74 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:63 +#: src/pages/policies/PolicyTestForm.ts:75 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:65 msgid "Context" msgstr "Context" @@ -1032,7 +1032,7 @@ msgstr "Each provider has a different issuer, based on the application slug." #: src/pages/providers/saml/SAMLProviderViewPage.ts:121 #: src/pages/sources/SourcesListPage.ts:82 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:105 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:124 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:125 #: src/pages/sources/saml/SAMLSourceViewPage.ts:111 #: src/pages/stages/StageListPage.ts:98 #: src/pages/stages/prompt/PromptListPage.ts:75 @@ -1702,10 +1702,10 @@ msgstr "Loading" #: src/pages/policies/PolicyBindingForm.ts:156 #: src/pages/policies/PolicyBindingForm.ts:172 #: src/pages/policies/PolicyBindingForm.ts:188 -#: src/pages/policies/PolicyTestForm.ts:70 +#: src/pages/policies/PolicyTestForm.ts:71 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:59 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:61 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:194 @@ -1803,7 +1803,7 @@ msgid "Members" msgstr "Members" #: src/pages/events/EventInfo.ts:174 -#: src/pages/policies/PolicyTestForm.ts:43 +#: src/pages/policies/PolicyTestForm.ts:44 #: src/pages/system-tasks/SystemTaskListPage.ts:80 msgid "Messages" msgstr "Messages" @@ -1889,7 +1889,7 @@ msgstr "Monitor" #: src/pages/sources/ldap/LDAPSourceForm.ts:54 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:64 #: src/pages/sources/oauth/OAuthSourceForm.ts:100 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:63 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:64 #: src/pages/sources/saml/SAMLSourceForm.ts:54 #: src/pages/sources/saml/SAMLSourceViewPage.ts:66 #: src/pages/stages/StageListPage.ts:65 @@ -1943,7 +1943,7 @@ msgstr "New version available!" #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/policies/BoundPoliciesList.ts:118 -#: src/pages/policies/PolicyTestForm.ts:38 +#: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/tokens/TokenListPage.ts:56 #: src/pages/user-settings/tokens/UserTokenList.ts:83 @@ -2199,7 +2199,7 @@ msgstr "Outposts are deployments of authentik components to support different en #: src/pages/providers/proxy/ProxyProviderViewPage.ts:56 #: src/pages/providers/saml/SAMLProviderViewPage.ts:58 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:56 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:55 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:56 #: src/pages/sources/saml/SAMLSourceViewPage.ts:58 #: src/pages/users/UserViewPage.ts:74 msgid "Overview" @@ -2219,7 +2219,7 @@ msgid "Pass policy?" msgstr "Pass policy?" #: src/pages/events/EventInfo.ts:173 -#: src/pages/policies/PolicyTestForm.ts:35 +#: src/pages/policies/PolicyTestForm.ts:36 msgid "Passing" msgstr "Passing" @@ -2270,13 +2270,16 @@ msgstr "Policies without binding exist." msgid "Policy" msgstr "Policy" +#: src/pages/applications/ApplicationViewPage.ts:134 +#: src/pages/flows/FlowViewPage.ts:101 +msgid "Policy / Group / User Bindings" +msgstr "Policy / Group / User Bindings" + #: src/pages/policies/BoundPoliciesList.ts:36 msgid "Policy / User / Group" msgstr "Policy / User / Group" -#: src/pages/applications/ApplicationViewPage.ts:134 -#: src/pages/flows/FlowViewPage.ts:101 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:143 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:144 #: src/pages/sources/saml/SAMLSourceViewPage.ts:150 msgid "Policy Bindings" msgstr "Policy Bindings" @@ -2399,7 +2402,7 @@ msgid "Provider" msgstr "Provider" #: src/pages/applications/ApplicationListPage.ts:61 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:71 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:72 msgid "Provider Type" msgstr "Provider Type" @@ -2556,7 +2559,7 @@ msgid "Resources" msgstr "Resources" #: src/pages/events/EventInfo.ts:171 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:34 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:36 msgid "Result" msgstr "Result" @@ -2761,7 +2764,7 @@ msgstr "Set a custom HTTP-Basic Authentication header based on values from authe #: src/pages/groups/GroupForm.ts:139 #: src/pages/outposts/OutpostForm.ts:109 #: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73 -#: src/pages/policies/PolicyTestForm.ts:78 +#: src/pages/policies/PolicyTestForm.ts:79 #: src/pages/users/UserForm.ts:81 msgid "Set custom attributes using YAML or JSON." msgstr "Set custom attributes using YAML or JSON." @@ -3089,8 +3092,8 @@ msgstr "Successfully imported flow." msgid "Successfully imported provider." msgstr "Successfully imported provider." -#: src/pages/policies/PolicyTestForm.ts:29 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:29 +#: src/pages/policies/PolicyTestForm.ts:30 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:31 msgid "Successfully sent test-request." msgstr "Successfully sent test-request." @@ -3305,31 +3308,31 @@ msgstr "The URL \"{0}\" was not found." msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgstr "The policy takes a random time to execute. This controls the minimum time it will take." +#: src/pages/flows/BoundStagesList.ts:102 +msgid "These bindings control if this stage will be applied to the flow." +msgstr "These bindings control if this stage will be applied to the flow." + #: src/pages/events/RuleListPage.ts:109 msgid "" -"These policies control upon which events this rule triggers. Bindings to\n" +"These bindings control upon which events this rule triggers. Bindings to\n" "groups/users are checked against the user of the event." msgstr "" -"These policies control upon which events this rule triggers. Bindings to\n" +"These bindings control upon which events this rule triggers. Bindings to\n" "groups/users are checked against the user of the event." -#: src/pages/flows/BoundStagesList.ts:102 -msgid "These policies control when this stage will be applied to the flow." -msgstr "These policies control when this stage will be applied to the flow." +#: src/pages/flows/FlowViewPage.ts:103 +msgid "These bindings control which users can access this flow." +msgstr "These bindings control which users can access this flow." + +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:146 +#: src/pages/sources/saml/SAMLSourceViewPage.ts:152 +msgid "These bindings control which users can access this source." +msgstr "These bindings control which users can access this source." #: src/pages/applications/ApplicationViewPage.ts:136 msgid "These policies control which users can access this application." msgstr "These policies control which users can access this application." -#: src/pages/flows/FlowViewPage.ts:103 -msgid "These policies control which users can access this flow." -msgstr "These policies control which users can access this flow." - -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:145 -#: src/pages/sources/saml/SAMLSourceViewPage.ts:152 -msgid "These policies control which users can access this source." -msgstr "These policies control which users can access this source." - #: src/pages/stages/invitation/InvitationStageForm.ts:53 msgid "This stage can be included in enrollment flows to accept invitations." msgstr "This stage can be included in enrollment flows to accept invitations." @@ -3370,7 +3373,7 @@ msgid "Token" msgstr "Token" #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:103 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:104 msgid "Token URL" msgstr "Token URL" @@ -3492,7 +3495,7 @@ msgstr "Up-to-date!" #: src/pages/providers/saml/SAMLProviderViewPage.ts:111 #: src/pages/sources/SourcesListPage.ts:69 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:95 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:114 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:115 #: src/pages/sources/saml/SAMLSourceViewPage.ts:101 #: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/prompt/PromptListPage.ts:67 @@ -3541,7 +3544,7 @@ msgstr "Update Notification Rule" msgid "Update Notification Transport" msgstr "Update Notification Transport" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:117 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:118 msgid "Update OAuth Source" msgstr "Update OAuth Source" @@ -3625,8 +3628,8 @@ msgstr "Use global settings" #: src/pages/events/EventListPage.ts:44 #: src/pages/policies/PolicyBindingForm.ts:140 #: src/pages/policies/PolicyBindingForm.ts:176 -#: src/pages/policies/PolicyTestForm.ts:60 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:49 +#: src/pages/policies/PolicyTestForm.ts:61 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:51 #: src/pages/tokens/TokenListPage.ts:45 #: src/pages/user-settings/tokens/UserTokenList.ts:72 #: src/pages/users/UserListPage.ts:88 @@ -3870,7 +3873,7 @@ msgstr "X509 Subject" #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/policies/BoundPoliciesList.ts:118 -#: src/pages/policies/PolicyTestForm.ts:38 +#: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/tokens/TokenListPage.ts:56 #: src/pages/user-settings/tokens/UserTokenList.ts:83 diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 9b4f58a1d..499ee989d 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -64,7 +64,7 @@ msgstr "" msgid "API request failed" msgstr "" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:87 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:88 msgid "Access Key" msgstr "" @@ -289,7 +289,7 @@ msgid "Authorization Code" msgstr "" #: src/pages/sources/oauth/OAuthSourceForm.ts:66 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:95 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:96 msgid "Authorization URL" msgstr "" @@ -401,7 +401,7 @@ msgstr "" msgid "Cached Policies" msgstr "" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:79 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:80 msgid "Callback URL" msgstr "" @@ -468,7 +468,7 @@ msgstr "" #: src/pages/providers/proxy/ProxyProviderViewPage.ts:135 #: src/pages/providers/saml/SAMLProviderViewPage.ts:129 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:113 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:132 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:133 #: src/pages/sources/saml/SAMLSourceViewPage.ts:119 #: src/pages/users/UserViewPage.ts:185 msgid "Changelog" @@ -654,8 +654,8 @@ msgstr "" #: src/pages/events/EventInfo.ts:79 #: src/pages/events/EventInfo.ts:148 #: src/pages/events/EventInfo.ts:167 -#: src/pages/policies/PolicyTestForm.ts:74 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:63 +#: src/pages/policies/PolicyTestForm.ts:75 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:65 msgid "Context" msgstr "" @@ -1024,7 +1024,7 @@ msgstr "" #: src/pages/providers/saml/SAMLProviderViewPage.ts:121 #: src/pages/sources/SourcesListPage.ts:82 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:105 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:124 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:125 #: src/pages/sources/saml/SAMLSourceViewPage.ts:111 #: src/pages/stages/StageListPage.ts:98 #: src/pages/stages/prompt/PromptListPage.ts:75 @@ -1694,10 +1694,10 @@ msgstr "" #: src/pages/policies/PolicyBindingForm.ts:156 #: src/pages/policies/PolicyBindingForm.ts:172 #: src/pages/policies/PolicyBindingForm.ts:188 -#: src/pages/policies/PolicyTestForm.ts:70 +#: src/pages/policies/PolicyTestForm.ts:71 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:59 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:61 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:194 @@ -1795,7 +1795,7 @@ msgid "Members" msgstr "" #: src/pages/events/EventInfo.ts:174 -#: src/pages/policies/PolicyTestForm.ts:43 +#: src/pages/policies/PolicyTestForm.ts:44 #: src/pages/system-tasks/SystemTaskListPage.ts:80 msgid "Messages" msgstr "" @@ -1881,7 +1881,7 @@ msgstr "" #: src/pages/sources/ldap/LDAPSourceForm.ts:54 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:64 #: src/pages/sources/oauth/OAuthSourceForm.ts:100 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:63 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:64 #: src/pages/sources/saml/SAMLSourceForm.ts:54 #: src/pages/sources/saml/SAMLSourceViewPage.ts:66 #: src/pages/stages/StageListPage.ts:65 @@ -1935,7 +1935,7 @@ msgstr "" #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/policies/BoundPoliciesList.ts:118 -#: src/pages/policies/PolicyTestForm.ts:38 +#: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/tokens/TokenListPage.ts:56 #: src/pages/user-settings/tokens/UserTokenList.ts:83 @@ -2191,7 +2191,7 @@ msgstr "" #: src/pages/providers/proxy/ProxyProviderViewPage.ts:56 #: src/pages/providers/saml/SAMLProviderViewPage.ts:58 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:56 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:55 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:56 #: src/pages/sources/saml/SAMLSourceViewPage.ts:58 #: src/pages/users/UserViewPage.ts:74 msgid "Overview" @@ -2211,7 +2211,7 @@ msgid "Pass policy?" msgstr "" #: src/pages/events/EventInfo.ts:173 -#: src/pages/policies/PolicyTestForm.ts:35 +#: src/pages/policies/PolicyTestForm.ts:36 msgid "Passing" msgstr "" @@ -2262,13 +2262,16 @@ msgstr "" msgid "Policy" msgstr "" +#: src/pages/applications/ApplicationViewPage.ts:134 +#: src/pages/flows/FlowViewPage.ts:101 +msgid "Policy / Group / User Bindings" +msgstr "" + #: src/pages/policies/BoundPoliciesList.ts:36 msgid "Policy / User / Group" msgstr "" -#: src/pages/applications/ApplicationViewPage.ts:134 -#: src/pages/flows/FlowViewPage.ts:101 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:143 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:144 #: src/pages/sources/saml/SAMLSourceViewPage.ts:150 msgid "Policy Bindings" msgstr "" @@ -2391,7 +2394,7 @@ msgid "Provider" msgstr "" #: src/pages/applications/ApplicationListPage.ts:61 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:71 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:72 msgid "Provider Type" msgstr "" @@ -2548,7 +2551,7 @@ msgid "Resources" msgstr "" #: src/pages/events/EventInfo.ts:171 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:34 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:36 msgid "Result" msgstr "" @@ -2753,7 +2756,7 @@ msgstr "" #: src/pages/groups/GroupForm.ts:139 #: src/pages/outposts/OutpostForm.ts:109 #: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73 -#: src/pages/policies/PolicyTestForm.ts:78 +#: src/pages/policies/PolicyTestForm.ts:79 #: src/pages/users/UserForm.ts:81 msgid "Set custom attributes using YAML or JSON." msgstr "" @@ -3081,8 +3084,8 @@ msgstr "" msgid "Successfully imported provider." msgstr "" -#: src/pages/policies/PolicyTestForm.ts:29 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:29 +#: src/pages/policies/PolicyTestForm.ts:30 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:31 msgid "Successfully sent test-request." msgstr "" @@ -3297,29 +3300,29 @@ msgstr "" msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgstr "" +#: src/pages/flows/BoundStagesList.ts:102 +msgid "These bindings control if this stage will be applied to the flow." +msgstr "" + #: src/pages/events/RuleListPage.ts:109 msgid "" -"These policies control upon which events this rule triggers. Bindings to\n" +"These bindings control upon which events this rule triggers. Bindings to\n" "groups/users are checked against the user of the event." msgstr "" -#: src/pages/flows/BoundStagesList.ts:102 -msgid "These policies control when this stage will be applied to the flow." +#: src/pages/flows/FlowViewPage.ts:103 +msgid "These bindings control which users can access this flow." +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:146 +#: src/pages/sources/saml/SAMLSourceViewPage.ts:152 +msgid "These bindings control which users can access this source." msgstr "" #: src/pages/applications/ApplicationViewPage.ts:136 msgid "These policies control which users can access this application." msgstr "" -#: src/pages/flows/FlowViewPage.ts:103 -msgid "These policies control which users can access this flow." -msgstr "" - -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:145 -#: src/pages/sources/saml/SAMLSourceViewPage.ts:152 -msgid "These policies control which users can access this source." -msgstr "" - #: src/pages/stages/invitation/InvitationStageForm.ts:53 msgid "This stage can be included in enrollment flows to accept invitations." msgstr "" @@ -3360,7 +3363,7 @@ msgid "Token" msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:103 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:104 msgid "Token URL" msgstr "" @@ -3482,7 +3485,7 @@ msgstr "" #: src/pages/providers/saml/SAMLProviderViewPage.ts:111 #: src/pages/sources/SourcesListPage.ts:69 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:95 -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:114 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:115 #: src/pages/sources/saml/SAMLSourceViewPage.ts:101 #: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/prompt/PromptListPage.ts:67 @@ -3531,7 +3534,7 @@ msgstr "" msgid "Update Notification Transport" msgstr "" -#: src/pages/sources/oauth/OAuthSourceViewPage.ts:117 +#: src/pages/sources/oauth/OAuthSourceViewPage.ts:118 msgid "Update OAuth Source" msgstr "" @@ -3615,8 +3618,8 @@ msgstr "" #: src/pages/events/EventListPage.ts:44 #: src/pages/policies/PolicyBindingForm.ts:140 #: src/pages/policies/PolicyBindingForm.ts:176 -#: src/pages/policies/PolicyTestForm.ts:60 -#: src/pages/property-mappings/PropertyMappingTestForm.ts:49 +#: src/pages/policies/PolicyTestForm.ts:61 +#: src/pages/property-mappings/PropertyMappingTestForm.ts:51 #: src/pages/tokens/TokenListPage.ts:45 #: src/pages/user-settings/tokens/UserTokenList.ts:72 #: src/pages/users/UserListPage.ts:88 @@ -3858,7 +3861,7 @@ msgstr "" #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/policies/BoundPoliciesList.ts:118 -#: src/pages/policies/PolicyTestForm.ts:38 +#: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/tokens/TokenListPage.ts:56 #: src/pages/user-settings/tokens/UserTokenList.ts:83 diff --git a/web/src/pages/applications/ApplicationViewPage.ts b/web/src/pages/applications/ApplicationViewPage.ts index 796ae9ca4..898a9b5f2 100644 --- a/web/src/pages/applications/ApplicationViewPage.ts +++ b/web/src/pages/applications/ApplicationViewPage.ts @@ -134,7 +134,7 @@ export class ApplicationViewPage extends LitElement { -
+
${t`These policies control which users can access this application.`}
diff --git a/web/src/pages/events/RuleListPage.ts b/web/src/pages/events/RuleListPage.ts index 4a2741de8..1d7fb74e2 100644 --- a/web/src/pages/events/RuleListPage.ts +++ b/web/src/pages/events/RuleListPage.ts @@ -108,7 +108,7 @@ export class RuleListPage extends TablePage { return html`
-

${t`These policies control upon which events this rule triggers. Bindings to +

${t`These bindings control upon which events this rule triggers. Bindings to groups/users are checked against the user of the event.`}

diff --git a/web/src/pages/flows/BoundStagesList.ts b/web/src/pages/flows/BoundStagesList.ts index 798802027..f54a8b9c0 100644 --- a/web/src/pages/flows/BoundStagesList.ts +++ b/web/src/pages/flows/BoundStagesList.ts @@ -100,7 +100,7 @@ export class BoundStagesList extends Table {
-

${t`These policies control when this stage will be applied to the flow.`}

+

${t`These bindings control if this stage will be applied to the flow.`}

diff --git a/web/src/pages/flows/FlowViewPage.ts b/web/src/pages/flows/FlowViewPage.ts index 0736ba981..af1e12a28 100644 --- a/web/src/pages/flows/FlowViewPage.ts +++ b/web/src/pages/flows/FlowViewPage.ts @@ -104,9 +104,9 @@ export class FlowViewPage extends LitElement {
-
+
-
${t`These policies control which users can access this flow.`}
+
${t`These bindings control which users can access this flow.`}
diff --git a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts index 7b011fcd8..c4c65bde5 100644 --- a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts +++ b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -146,7 +146,7 @@ export class OAuthSourceViewPage extends LitElement {
-
${t`These policies control which users can access this source.`}
+
${t`These bindings control which users can access this source.`}
diff --git a/web/src/pages/sources/saml/SAMLSourceViewPage.ts b/web/src/pages/sources/saml/SAMLSourceViewPage.ts index 3cf2cccee..571fca861 100644 --- a/web/src/pages/sources/saml/SAMLSourceViewPage.ts +++ b/web/src/pages/sources/saml/SAMLSourceViewPage.ts @@ -154,7 +154,7 @@ export class SAMLSourceViewPage extends LitElement {
-
${t`These policies control which users can access this source.`}
+
${t`These bindings control which users can access this source.`}
From fec098a8231cfd3439a7cd8acc90fd1c8acc8a9b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 20 Apr 2021 23:30:37 +0200 Subject: [PATCH 14/45] web/admin: only allow policies to be bound to sources as users/groups cannot be checked Signed-off-by: Jens Langhammer --- web/src/locales/en.po | 107 +++++++++--------- web/src/locales/pseudo-LOCALE.po | 103 +++++++++-------- web/src/pages/policies/BoundPoliciesList.ts | 9 +- web/src/pages/policies/PolicyBindingForm.ts | 68 ++++++----- .../sources/oauth/OAuthSourceViewPage.ts | 5 +- .../pages/sources/saml/SAMLSourceViewPage.ts | 5 +- 6 files changed, 162 insertions(+), 135 deletions(-) diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 119421eaa..b78789d03 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -13,7 +13,7 @@ msgstr "" "Language-Team: \n" "Plural-Forms: \n" -#: src/pages/policies/BoundPoliciesList.ts:55 +#: src/pages/policies/BoundPoliciesList.ts:59 msgid "-" msgstr "-" @@ -714,9 +714,9 @@ msgstr "Copy Key" #: src/pages/outposts/OutpostListPage.ts:109 #: src/pages/outposts/ServiceConnectionListPage.ts:110 #: src/pages/outposts/ServiceConnectionListPage.ts:119 -#: src/pages/policies/BoundPoliciesList.ts:158 -#: src/pages/policies/BoundPoliciesList.ts:185 -#: src/pages/policies/BoundPoliciesList.ts:206 +#: src/pages/policies/BoundPoliciesList.ts:162 +#: src/pages/policies/BoundPoliciesList.ts:189 +#: src/pages/policies/BoundPoliciesList.ts:210 #: src/pages/policies/PolicyListPage.ts:124 #: src/pages/policies/PolicyListPage.ts:133 #: src/pages/property-mappings/PropertyMappingListPage.ts:113 @@ -747,10 +747,10 @@ msgstr "Create" msgid "Create Application" msgstr "Create Application" -#: src/pages/policies/BoundPoliciesList.ts:161 -#: src/pages/policies/BoundPoliciesList.ts:166 -#: src/pages/policies/BoundPoliciesList.ts:209 -#: src/pages/policies/BoundPoliciesList.ts:214 +#: src/pages/policies/BoundPoliciesList.ts:165 +#: src/pages/policies/BoundPoliciesList.ts:170 +#: src/pages/policies/BoundPoliciesList.ts:213 +#: src/pages/policies/BoundPoliciesList.ts:218 msgid "Create Binding" msgstr "Create Binding" @@ -786,7 +786,7 @@ msgstr "Create Notification Transport" msgid "Create Outpost" msgstr "Create Outpost" -#: src/pages/policies/BoundPoliciesList.ts:176 +#: src/pages/policies/BoundPoliciesList.ts:180 msgid "Create Policy" msgstr "Create Policy" @@ -819,7 +819,7 @@ msgstr "Create provider" #: src/pages/applications/ApplicationForm.ts:123 #: src/pages/flows/BoundStagesList.ts:149 #: src/pages/outposts/ServiceConnectionListPage.ts:122 -#: src/pages/policies/BoundPoliciesList.ts:188 +#: src/pages/policies/BoundPoliciesList.ts:192 #: src/pages/policies/PolicyListPage.ts:136 #: src/pages/property-mappings/PropertyMappingListPage.ts:125 #: src/pages/providers/ProviderListPage.ts:119 @@ -895,7 +895,7 @@ msgid "Delete Authorization Code" msgstr "Delete Authorization Code" #: src/pages/flows/BoundStagesList.ts:91 -#: src/pages/policies/BoundPoliciesList.ts:145 +#: src/pages/policies/BoundPoliciesList.ts:149 msgid "Delete Binding" msgstr "Delete Binding" @@ -1043,15 +1043,15 @@ msgid "Edit" msgstr "Edit" #: src/pages/flows/BoundStagesList.ts:79 -#: src/pages/policies/BoundPoliciesList.ts:133 +#: src/pages/policies/BoundPoliciesList.ts:137 msgid "Edit Binding" msgstr "Edit Binding" -#: src/pages/policies/BoundPoliciesList.ts:92 +#: src/pages/policies/BoundPoliciesList.ts:96 msgid "Edit Group" msgstr "Edit Group" -#: src/pages/policies/BoundPoliciesList.ts:77 +#: src/pages/policies/BoundPoliciesList.ts:81 msgid "Edit Policy" msgstr "Edit Policy" @@ -1059,7 +1059,7 @@ msgstr "Edit Policy" msgid "Edit Stage" msgstr "Edit Stage" -#: src/pages/policies/BoundPoliciesList.ts:107 +#: src/pages/policies/BoundPoliciesList.ts:111 msgid "Edit User" msgstr "Edit User" @@ -1104,8 +1104,8 @@ msgstr "Enable Static Tokens" msgid "Enable TOTP" msgstr "Enable TOTP" -#: src/pages/policies/BoundPoliciesList.ts:37 -#: src/pages/policies/PolicyBindingForm.ts:198 +#: src/pages/policies/BoundPoliciesList.ts:41 +#: src/pages/policies/PolicyBindingForm.ts:199 #: src/pages/sources/ldap/LDAPSourceForm.ts:69 #: src/pages/sources/oauth/OAuthSourceForm.ts:115 #: src/pages/sources/saml/SAMLSourceForm.ts:69 @@ -1421,8 +1421,8 @@ msgstr "Go to previous page" #: src/pages/events/RuleForm.ts:65 #: src/pages/groups/GroupListPage.ts:75 -#: src/pages/policies/PolicyBindingForm.ts:132 -#: src/pages/policies/PolicyBindingForm.ts:160 +#: src/pages/policies/PolicyBindingForm.ts:125 +#: src/pages/policies/PolicyBindingForm.ts:161 msgid "Group" msgstr "Group" @@ -1442,7 +1442,7 @@ msgstr "Group object filter" msgid "Group users together and give them permissions based on the membership." msgstr "Group users together and give them permissions based on the membership." -#: src/pages/policies/BoundPoliciesList.ts:49 +#: src/pages/policies/BoundPoliciesList.ts:53 msgid "Group {0}" msgstr "Group {0}" @@ -1699,9 +1699,9 @@ msgstr "Loading" #: src/pages/outposts/OutpostForm.ts:96 #: src/pages/outposts/ServiceConnectionDockerForm.ts:87 #: src/pages/outposts/ServiceConnectionDockerForm.ts:104 -#: src/pages/policies/PolicyBindingForm.ts:156 -#: src/pages/policies/PolicyBindingForm.ts:172 -#: src/pages/policies/PolicyBindingForm.ts:188 +#: src/pages/policies/PolicyBindingForm.ts:157 +#: src/pages/policies/PolicyBindingForm.ts:173 +#: src/pages/policies/PolicyBindingForm.ts:189 #: src/pages/policies/PolicyTestForm.ts:71 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 @@ -1942,7 +1942,7 @@ msgstr "New version available!" #: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:118 +#: src/pages/policies/BoundPoliciesList.ts:122 #: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/tokens/TokenListPage.ts:56 @@ -1960,7 +1960,7 @@ msgstr "No Applications available." msgid "No Events found." msgstr "No Events found." -#: src/pages/policies/BoundPoliciesList.ts:151 +#: src/pages/policies/BoundPoliciesList.ts:155 msgid "No Policies bound." msgstr "No Policies bound." @@ -1989,7 +1989,7 @@ msgstr "No form found" msgid "No matching events could be found." msgstr "No matching events could be found." -#: src/pages/policies/BoundPoliciesList.ts:153 +#: src/pages/policies/BoundPoliciesList.ts:157 msgid "No policies are currently bound to this object." msgstr "No policies are currently bound to this object." @@ -2161,8 +2161,8 @@ msgstr "Optionally set the 'FriendlyName' value of the Assertion attribute." #: src/pages/flows/BoundStagesList.ts:38 #: src/pages/flows/StageBindingForm.ts:110 -#: src/pages/policies/BoundPoliciesList.ts:38 -#: src/pages/policies/PolicyBindingForm.ts:203 +#: src/pages/policies/BoundPoliciesList.ts:42 +#: src/pages/policies/PolicyBindingForm.ts:204 #: src/pages/stages/prompt/PromptForm.ts:119 #: src/pages/stages/prompt/PromptListPage.ts:49 msgid "Order" @@ -2264,8 +2264,9 @@ msgstr "Policies" msgid "Policies without binding exist." msgstr "Policies without binding exist." -#: src/pages/policies/PolicyBindingForm.ts:124 -#: src/pages/policies/PolicyBindingForm.ts:147 +#: src/pages/policies/PolicyBindingForm.ts:108 +#: src/pages/policies/PolicyBindingForm.ts:117 +#: src/pages/policies/PolicyBindingForm.ts:148 #: src/pages/policies/PolicyListPage.ts:108 msgid "Policy" msgstr "Policy" @@ -2275,7 +2276,7 @@ msgstr "Policy" msgid "Policy / Group / User Bindings" msgstr "Policy / Group / User Bindings" -#: src/pages/policies/BoundPoliciesList.ts:36 +#: src/pages/policies/BoundPoliciesList.ts:40 msgid "Policy / User / Group" msgstr "Policy / User / Group" @@ -2284,7 +2285,7 @@ msgstr "Policy / User / Group" msgid "Policy Bindings" msgstr "Policy Bindings" -#: src/pages/policies/BoundPoliciesList.ts:138 +#: src/pages/policies/BoundPoliciesList.ts:142 msgid "Policy binding" msgstr "Policy binding" @@ -2295,7 +2296,7 @@ msgstr "Policy binding" msgid "Policy engine mode" msgstr "Policy engine mode" -#: src/pages/policies/BoundPoliciesList.ts:46 +#: src/pages/policies/BoundPoliciesList.ts:50 msgid "Policy {0}" msgstr "Policy {0}" @@ -2974,7 +2975,7 @@ msgid "Successfully created application." msgstr "Successfully created application." #: src/pages/flows/StageBindingForm.ts:39 -#: src/pages/policies/PolicyBindingForm.ts:72 +#: src/pages/policies/PolicyBindingForm.ts:64 msgid "Successfully created binding." msgstr "Successfully created binding." @@ -3102,7 +3103,7 @@ msgid "Successfully updated application." msgstr "Successfully updated application." #: src/pages/flows/StageBindingForm.ts:36 -#: src/pages/policies/PolicyBindingForm.ts:69 +#: src/pages/policies/PolicyBindingForm.ts:61 msgid "Successfully updated binding." msgstr "Successfully updated binding." @@ -3326,8 +3327,12 @@ msgstr "These bindings control which users can access this flow." #: src/pages/sources/oauth/OAuthSourceViewPage.ts:146 #: src/pages/sources/saml/SAMLSourceViewPage.ts:152 -msgid "These bindings control which users can access this source." -msgstr "These bindings control which users can access this source." +msgid "" +"These bindings control which users can access this source.\n" +"You can only use policies here as access is checked before the user is authenticated." +msgstr "" +"These bindings control which users can access this source.\n" +"You can only use policies here as access is checked before the user is authenticated." #: src/pages/applications/ApplicationViewPage.ts:136 msgid "These policies control which users can access this application." @@ -3357,8 +3362,8 @@ msgstr "Time offset when temporary users should be deleted. This only applies if msgid "Time-based One-Time Passwords" msgstr "Time-based One-Time Passwords" -#: src/pages/policies/BoundPoliciesList.ts:39 -#: src/pages/policies/PolicyBindingForm.ts:209 +#: src/pages/policies/BoundPoliciesList.ts:43 +#: src/pages/policies/PolicyBindingForm.ts:210 #: src/pages/stages/email/EmailStageForm.ts:101 msgid "Timeout" msgstr "Timeout" @@ -3483,10 +3488,10 @@ msgstr "Up-to-date!" #: src/pages/groups/GroupListPage.ts:62 #: src/pages/outposts/OutpostListPage.ts:67 #: src/pages/outposts/ServiceConnectionListPage.ts:76 -#: src/pages/policies/BoundPoliciesList.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:84 -#: src/pages/policies/BoundPoliciesList.ts:99 -#: src/pages/policies/BoundPoliciesList.ts:125 +#: src/pages/policies/BoundPoliciesList.ts:68 +#: src/pages/policies/BoundPoliciesList.ts:88 +#: src/pages/policies/BoundPoliciesList.ts:103 +#: src/pages/policies/BoundPoliciesList.ts:129 #: src/pages/policies/PolicyListPage.ts:77 #: src/pages/property-mappings/PropertyMappingListPage.ts:66 #: src/pages/providers/ProviderListPage.ts:73 @@ -3515,7 +3520,7 @@ msgstr "Update" msgid "Update Application" msgstr "Update Application" -#: src/pages/policies/BoundPoliciesList.ts:128 +#: src/pages/policies/BoundPoliciesList.ts:132 msgid "Update Binding" msgstr "Update Binding" @@ -3528,7 +3533,7 @@ msgid "Update Flow" msgstr "Update Flow" #: src/pages/groups/GroupListPage.ts:65 -#: src/pages/policies/BoundPoliciesList.ts:87 +#: src/pages/policies/BoundPoliciesList.ts:91 msgid "Update Group" msgstr "Update Group" @@ -3580,7 +3585,7 @@ msgstr "Update Stage binding" msgid "Update Token" msgstr "Update Token" -#: src/pages/policies/BoundPoliciesList.ts:102 +#: src/pages/policies/BoundPoliciesList.ts:106 #: src/pages/users/UserListPage.ts:71 #: src/pages/users/UserViewPage.ts:142 msgid "Update User" @@ -3592,7 +3597,7 @@ msgstr "Update details" #: src/pages/flows/BoundStagesList.ts:56 #: src/pages/outposts/ServiceConnectionListPage.ts:79 -#: src/pages/policies/BoundPoliciesList.ts:67 +#: src/pages/policies/BoundPoliciesList.ts:71 #: src/pages/policies/PolicyListPage.ts:80 #: src/pages/property-mappings/PropertyMappingListPage.ts:69 #: src/pages/providers/ProviderListPage.ts:76 @@ -3626,8 +3631,8 @@ msgstr "Use global settings" #: src/elements/events/UserEvents.ts:36 #: src/pages/events/EventInfo.ts:83 #: src/pages/events/EventListPage.ts:44 -#: src/pages/policies/PolicyBindingForm.ts:140 -#: src/pages/policies/PolicyBindingForm.ts:176 +#: src/pages/policies/PolicyBindingForm.ts:133 +#: src/pages/policies/PolicyBindingForm.ts:177 #: src/pages/policies/PolicyTestForm.ts:61 #: src/pages/property-mappings/PropertyMappingTestForm.ts:51 #: src/pages/tokens/TokenListPage.ts:45 @@ -3670,7 +3675,7 @@ msgstr "User object filter" msgid "User password writeback" msgstr "User password writeback" -#: src/pages/policies/BoundPoliciesList.ts:52 +#: src/pages/policies/BoundPoliciesList.ts:56 #: src/pages/users/UserViewPage.ts:63 msgid "User {0}" msgstr "User {0}" @@ -3872,7 +3877,7 @@ msgstr "X509 Subject" #: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:118 +#: src/pages/policies/BoundPoliciesList.ts:122 #: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/tokens/TokenListPage.ts:56 diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 499ee989d..0b5529203 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -13,7 +13,7 @@ msgstr "" "Language-Team: \n" "Plural-Forms: \n" -#: src/pages/policies/BoundPoliciesList.ts:55 +#: src/pages/policies/BoundPoliciesList.ts:59 msgid "-" msgstr "" @@ -708,9 +708,9 @@ msgstr "" #: src/pages/outposts/OutpostListPage.ts:109 #: src/pages/outposts/ServiceConnectionListPage.ts:110 #: src/pages/outposts/ServiceConnectionListPage.ts:119 -#: src/pages/policies/BoundPoliciesList.ts:158 -#: src/pages/policies/BoundPoliciesList.ts:185 -#: src/pages/policies/BoundPoliciesList.ts:206 +#: src/pages/policies/BoundPoliciesList.ts:162 +#: src/pages/policies/BoundPoliciesList.ts:189 +#: src/pages/policies/BoundPoliciesList.ts:210 #: src/pages/policies/PolicyListPage.ts:124 #: src/pages/policies/PolicyListPage.ts:133 #: src/pages/property-mappings/PropertyMappingListPage.ts:113 @@ -741,10 +741,10 @@ msgstr "" msgid "Create Application" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:161 -#: src/pages/policies/BoundPoliciesList.ts:166 -#: src/pages/policies/BoundPoliciesList.ts:209 -#: src/pages/policies/BoundPoliciesList.ts:214 +#: src/pages/policies/BoundPoliciesList.ts:165 +#: src/pages/policies/BoundPoliciesList.ts:170 +#: src/pages/policies/BoundPoliciesList.ts:213 +#: src/pages/policies/BoundPoliciesList.ts:218 msgid "Create Binding" msgstr "" @@ -780,7 +780,7 @@ msgstr "" msgid "Create Outpost" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:176 +#: src/pages/policies/BoundPoliciesList.ts:180 msgid "Create Policy" msgstr "" @@ -813,7 +813,7 @@ msgstr "" #: src/pages/applications/ApplicationForm.ts:123 #: src/pages/flows/BoundStagesList.ts:149 #: src/pages/outposts/ServiceConnectionListPage.ts:122 -#: src/pages/policies/BoundPoliciesList.ts:188 +#: src/pages/policies/BoundPoliciesList.ts:192 #: src/pages/policies/PolicyListPage.ts:136 #: src/pages/property-mappings/PropertyMappingListPage.ts:125 #: src/pages/providers/ProviderListPage.ts:119 @@ -889,7 +889,7 @@ msgid "Delete Authorization Code" msgstr "" #: src/pages/flows/BoundStagesList.ts:91 -#: src/pages/policies/BoundPoliciesList.ts:145 +#: src/pages/policies/BoundPoliciesList.ts:149 msgid "Delete Binding" msgstr "" @@ -1035,15 +1035,15 @@ msgid "Edit" msgstr "" #: src/pages/flows/BoundStagesList.ts:79 -#: src/pages/policies/BoundPoliciesList.ts:133 +#: src/pages/policies/BoundPoliciesList.ts:137 msgid "Edit Binding" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:92 +#: src/pages/policies/BoundPoliciesList.ts:96 msgid "Edit Group" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:77 +#: src/pages/policies/BoundPoliciesList.ts:81 msgid "Edit Policy" msgstr "" @@ -1051,7 +1051,7 @@ msgstr "" msgid "Edit Stage" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:107 +#: src/pages/policies/BoundPoliciesList.ts:111 msgid "Edit User" msgstr "" @@ -1096,8 +1096,8 @@ msgstr "" msgid "Enable TOTP" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:37 -#: src/pages/policies/PolicyBindingForm.ts:198 +#: src/pages/policies/BoundPoliciesList.ts:41 +#: src/pages/policies/PolicyBindingForm.ts:199 #: src/pages/sources/ldap/LDAPSourceForm.ts:69 #: src/pages/sources/oauth/OAuthSourceForm.ts:115 #: src/pages/sources/saml/SAMLSourceForm.ts:69 @@ -1413,8 +1413,8 @@ msgstr "" #: src/pages/events/RuleForm.ts:65 #: src/pages/groups/GroupListPage.ts:75 -#: src/pages/policies/PolicyBindingForm.ts:132 -#: src/pages/policies/PolicyBindingForm.ts:160 +#: src/pages/policies/PolicyBindingForm.ts:125 +#: src/pages/policies/PolicyBindingForm.ts:161 msgid "Group" msgstr "" @@ -1434,7 +1434,7 @@ msgstr "" msgid "Group users together and give them permissions based on the membership." msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:49 +#: src/pages/policies/BoundPoliciesList.ts:53 msgid "Group {0}" msgstr "" @@ -1691,9 +1691,9 @@ msgstr "" #: src/pages/outposts/OutpostForm.ts:96 #: src/pages/outposts/ServiceConnectionDockerForm.ts:87 #: src/pages/outposts/ServiceConnectionDockerForm.ts:104 -#: src/pages/policies/PolicyBindingForm.ts:156 -#: src/pages/policies/PolicyBindingForm.ts:172 -#: src/pages/policies/PolicyBindingForm.ts:188 +#: src/pages/policies/PolicyBindingForm.ts:157 +#: src/pages/policies/PolicyBindingForm.ts:173 +#: src/pages/policies/PolicyBindingForm.ts:189 #: src/pages/policies/PolicyTestForm.ts:71 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 @@ -1934,7 +1934,7 @@ msgstr "" #: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:118 +#: src/pages/policies/BoundPoliciesList.ts:122 #: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/tokens/TokenListPage.ts:56 @@ -1952,7 +1952,7 @@ msgstr "" msgid "No Events found." msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:151 +#: src/pages/policies/BoundPoliciesList.ts:155 msgid "No Policies bound." msgstr "" @@ -1981,7 +1981,7 @@ msgstr "" msgid "No matching events could be found." msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:153 +#: src/pages/policies/BoundPoliciesList.ts:157 msgid "No policies are currently bound to this object." msgstr "" @@ -2153,8 +2153,8 @@ msgstr "" #: src/pages/flows/BoundStagesList.ts:38 #: src/pages/flows/StageBindingForm.ts:110 -#: src/pages/policies/BoundPoliciesList.ts:38 -#: src/pages/policies/PolicyBindingForm.ts:203 +#: src/pages/policies/BoundPoliciesList.ts:42 +#: src/pages/policies/PolicyBindingForm.ts:204 #: src/pages/stages/prompt/PromptForm.ts:119 #: src/pages/stages/prompt/PromptListPage.ts:49 msgid "Order" @@ -2256,8 +2256,9 @@ msgstr "" msgid "Policies without binding exist." msgstr "" -#: src/pages/policies/PolicyBindingForm.ts:124 -#: src/pages/policies/PolicyBindingForm.ts:147 +#: src/pages/policies/PolicyBindingForm.ts:108 +#: src/pages/policies/PolicyBindingForm.ts:117 +#: src/pages/policies/PolicyBindingForm.ts:148 #: src/pages/policies/PolicyListPage.ts:108 msgid "Policy" msgstr "" @@ -2267,7 +2268,7 @@ msgstr "" msgid "Policy / Group / User Bindings" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:36 +#: src/pages/policies/BoundPoliciesList.ts:40 msgid "Policy / User / Group" msgstr "" @@ -2276,7 +2277,7 @@ msgstr "" msgid "Policy Bindings" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:138 +#: src/pages/policies/BoundPoliciesList.ts:142 msgid "Policy binding" msgstr "" @@ -2287,7 +2288,7 @@ msgstr "" msgid "Policy engine mode" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:46 +#: src/pages/policies/BoundPoliciesList.ts:50 msgid "Policy {0}" msgstr "" @@ -2966,7 +2967,7 @@ msgid "Successfully created application." msgstr "" #: src/pages/flows/StageBindingForm.ts:39 -#: src/pages/policies/PolicyBindingForm.ts:72 +#: src/pages/policies/PolicyBindingForm.ts:64 msgid "Successfully created binding." msgstr "" @@ -3094,7 +3095,7 @@ msgid "Successfully updated application." msgstr "" #: src/pages/flows/StageBindingForm.ts:36 -#: src/pages/policies/PolicyBindingForm.ts:69 +#: src/pages/policies/PolicyBindingForm.ts:61 msgid "Successfully updated binding." msgstr "" @@ -3316,7 +3317,9 @@ msgstr "" #: src/pages/sources/oauth/OAuthSourceViewPage.ts:146 #: src/pages/sources/saml/SAMLSourceViewPage.ts:152 -msgid "These bindings control which users can access this source." +msgid "" +"These bindings control which users can access this source.\n" +"You can only use policies here as access is checked before the user is authenticated." msgstr "" #: src/pages/applications/ApplicationViewPage.ts:136 @@ -3347,8 +3350,8 @@ msgstr "" msgid "Time-based One-Time Passwords" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:39 -#: src/pages/policies/PolicyBindingForm.ts:209 +#: src/pages/policies/BoundPoliciesList.ts:43 +#: src/pages/policies/PolicyBindingForm.ts:210 #: src/pages/stages/email/EmailStageForm.ts:101 msgid "Timeout" msgstr "" @@ -3473,10 +3476,10 @@ msgstr "" #: src/pages/groups/GroupListPage.ts:62 #: src/pages/outposts/OutpostListPage.ts:67 #: src/pages/outposts/ServiceConnectionListPage.ts:76 -#: src/pages/policies/BoundPoliciesList.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:84 -#: src/pages/policies/BoundPoliciesList.ts:99 -#: src/pages/policies/BoundPoliciesList.ts:125 +#: src/pages/policies/BoundPoliciesList.ts:68 +#: src/pages/policies/BoundPoliciesList.ts:88 +#: src/pages/policies/BoundPoliciesList.ts:103 +#: src/pages/policies/BoundPoliciesList.ts:129 #: src/pages/policies/PolicyListPage.ts:77 #: src/pages/property-mappings/PropertyMappingListPage.ts:66 #: src/pages/providers/ProviderListPage.ts:73 @@ -3505,7 +3508,7 @@ msgstr "" msgid "Update Application" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:128 +#: src/pages/policies/BoundPoliciesList.ts:132 msgid "Update Binding" msgstr "" @@ -3518,7 +3521,7 @@ msgid "Update Flow" msgstr "" #: src/pages/groups/GroupListPage.ts:65 -#: src/pages/policies/BoundPoliciesList.ts:87 +#: src/pages/policies/BoundPoliciesList.ts:91 msgid "Update Group" msgstr "" @@ -3570,7 +3573,7 @@ msgstr "" msgid "Update Token" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:102 +#: src/pages/policies/BoundPoliciesList.ts:106 #: src/pages/users/UserListPage.ts:71 #: src/pages/users/UserViewPage.ts:142 msgid "Update User" @@ -3582,7 +3585,7 @@ msgstr "" #: src/pages/flows/BoundStagesList.ts:56 #: src/pages/outposts/ServiceConnectionListPage.ts:79 -#: src/pages/policies/BoundPoliciesList.ts:67 +#: src/pages/policies/BoundPoliciesList.ts:71 #: src/pages/policies/PolicyListPage.ts:80 #: src/pages/property-mappings/PropertyMappingListPage.ts:69 #: src/pages/providers/ProviderListPage.ts:76 @@ -3616,8 +3619,8 @@ msgstr "" #: src/elements/events/UserEvents.ts:36 #: src/pages/events/EventInfo.ts:83 #: src/pages/events/EventListPage.ts:44 -#: src/pages/policies/PolicyBindingForm.ts:140 -#: src/pages/policies/PolicyBindingForm.ts:176 +#: src/pages/policies/PolicyBindingForm.ts:133 +#: src/pages/policies/PolicyBindingForm.ts:177 #: src/pages/policies/PolicyTestForm.ts:61 #: src/pages/property-mappings/PropertyMappingTestForm.ts:51 #: src/pages/tokens/TokenListPage.ts:45 @@ -3660,7 +3663,7 @@ msgstr "" msgid "User password writeback" msgstr "" -#: src/pages/policies/BoundPoliciesList.ts:52 +#: src/pages/policies/BoundPoliciesList.ts:56 #: src/pages/users/UserViewPage.ts:63 msgid "User {0}" msgstr "" @@ -3860,7 +3863,7 @@ msgstr "" #: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/outposts/ServiceConnectionListPage.ts:64 -#: src/pages/policies/BoundPoliciesList.ts:118 +#: src/pages/policies/BoundPoliciesList.ts:122 #: src/pages/policies/PolicyTestForm.ts:39 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/tokens/TokenListPage.ts:56 diff --git a/web/src/pages/policies/BoundPoliciesList.ts b/web/src/pages/policies/BoundPoliciesList.ts index 27f499d3f..bf93ec5b5 100644 --- a/web/src/pages/policies/BoundPoliciesList.ts +++ b/web/src/pages/policies/BoundPoliciesList.ts @@ -25,6 +25,9 @@ export class BoundPoliciesList extends Table { @property() target?: string; + @property({type: Boolean}) + policyOnly = false; + apiEndpoint(page: number): Promise> { return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsList({ target: this.target || "", @@ -125,7 +128,7 @@ export class BoundPoliciesList extends Table { ${t`Update Binding`} - + +
`; + } + return html` +
+ +
+ +
+ +
+ +
+ +
`; + } + renderForm(): TemplateResult { return html`
-
- -
- -
- -
- -
- -
+ ${this.renderModeSelector()}