From c8d9771640825ce816c7554930219e28be39046d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Jun 2021 09:58:06 +0200 Subject: [PATCH 01/42] build(deps): bump @patternfly/patternfly from 4.108.2 to 4.115.2 in /web (#1075) Bumps [@patternfly/patternfly](https://github.com/patternfly/patternfly) from 4.108.2 to 4.115.2. - [Release notes](https://github.com/patternfly/patternfly/releases) - [Changelog](https://github.com/patternfly/patternfly/blob/master/RELEASE-NOTES.md) - [Commits](https://github.com/patternfly/patternfly/compare/prerelease-v4.108.2...prerelease-v4.115.2) --- updated-dependencies: - dependency-name: "@patternfly/patternfly" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 14 +++++++------- web/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 2cbb3c248..7cf3fcdf3 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -18,7 +18,7 @@ "@lingui/cli": "^3.10.2", "@lingui/core": "^3.10.4", "@lingui/macro": "^3.10.2", - "@patternfly/patternfly": "^4.108.2", + "@patternfly/patternfly": "^4.115.2", "@polymer/iron-form": "^3.0.1", "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", @@ -2120,9 +2120,9 @@ } }, "node_modules/@patternfly/patternfly": { - "version": "4.108.2", - "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.108.2.tgz", - "integrity": "sha512-z0VB+1CXcH+eoClYQABwapX5FURSvm1nPr6asLWwg/Z4Wuxs0RjZpC6Gb+KRm8nGQwSAcMKZY1jLfPqVnznQnw==" + "version": "4.115.2", + "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.115.2.tgz", + "integrity": "sha512-7hbJ4pRmj+rlXclD2F/UwceO6fS+9flGsgHc4eUc7NyTN2GXl6PLcqrjE2CtiKEPV90+KwsGQGJXZj8bz9HweA==" }, "node_modules/@polymer/font-roboto": { "version": "3.0.2", @@ -9482,9 +9482,9 @@ } }, "@patternfly/patternfly": { - "version": "4.108.2", - "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.108.2.tgz", - "integrity": "sha512-z0VB+1CXcH+eoClYQABwapX5FURSvm1nPr6asLWwg/Z4Wuxs0RjZpC6Gb+KRm8nGQwSAcMKZY1jLfPqVnznQnw==" + "version": "4.115.2", + "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.115.2.tgz", + "integrity": "sha512-7hbJ4pRmj+rlXclD2F/UwceO6fS+9flGsgHc4eUc7NyTN2GXl6PLcqrjE2CtiKEPV90+KwsGQGJXZj8bz9HweA==" }, "@polymer/font-roboto": { "version": "3.0.2", diff --git a/web/package.json b/web/package.json index 3df620040..3fce948fb 100644 --- a/web/package.json +++ b/web/package.json @@ -47,7 +47,7 @@ "@lingui/cli": "^3.10.2", "@lingui/core": "^3.10.4", "@lingui/macro": "^3.10.2", - "@patternfly/patternfly": "^4.108.2", + "@patternfly/patternfly": "^4.115.2", "@polymer/iron-form": "^3.0.1", "@polymer/paper-input": "^3.2.1", "@rollup/plugin-babel": "^5.3.0", From efbbd0adcfab42acd6b58d2ae8ddc508a23e5fa3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Jun 2021 09:58:14 +0200 Subject: [PATCH 02/42] build(deps): bump @types/codemirror from 5.60.0 to 5.60.1 in /web (#1074) Bumps [@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror) from 5.60.0 to 5.60.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror) --- updated-dependencies: - dependency-name: "@types/codemirror" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 14 +++++++------- web/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 7cf3fcdf3..957b8ee8c 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -27,7 +27,7 @@ "@sentry/browser": "^6.7.2", "@sentry/tracing": "^6.7.2", "@types/chart.js": "^2.9.32", - "@types/codemirror": "5.60.0", + "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", "@typescript-eslint/eslint-plugin": "^4.28.0", "@typescript-eslint/parser": "^4.28.0", @@ -2451,9 +2451,9 @@ } }, "node_modules/@types/codemirror": { - "version": "5.60.0", - "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.0.tgz", - "integrity": "sha512-xgzXZyCzedLRNC67/Nn8rpBtTFnAsX2C+Q/LGoH6zgcpF/LqdNHJMHEOhqT1bwUcSp6kQdOIuKzRbeW9DYhEhg==", + "version": "5.60.1", + "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.1.tgz", + "integrity": "sha512-yV14LQ5VvghnW0uSuCw2bEfZC6NvxHQEckl2w3dEk5l0yPGzQh14dCaWvG5KD/2l3cgFSifR+6nIUD7LDLdUTg==", "dependencies": { "@types/tern": "*" } @@ -9797,9 +9797,9 @@ } }, "@types/codemirror": { - "version": "5.60.0", - "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.0.tgz", - "integrity": "sha512-xgzXZyCzedLRNC67/Nn8rpBtTFnAsX2C+Q/LGoH6zgcpF/LqdNHJMHEOhqT1bwUcSp6kQdOIuKzRbeW9DYhEhg==", + "version": "5.60.1", + "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.1.tgz", + "integrity": "sha512-yV14LQ5VvghnW0uSuCw2bEfZC6NvxHQEckl2w3dEk5l0yPGzQh14dCaWvG5KD/2l3cgFSifR+6nIUD7LDLdUTg==", "requires": { "@types/tern": "*" } diff --git a/web/package.json b/web/package.json index 3fce948fb..47ff4448f 100644 --- a/web/package.json +++ b/web/package.json @@ -56,7 +56,7 @@ "@sentry/browser": "^6.7.2", "@sentry/tracing": "^6.7.2", "@types/chart.js": "^2.9.32", - "@types/codemirror": "5.60.0", + "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", "@typescript-eslint/eslint-plugin": "^4.28.0", "@typescript-eslint/parser": "^4.28.0", From eaaeaccf5d195d1dc73bb04f5203792a160284bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Jun 2021 09:58:23 +0200 Subject: [PATCH 03/42] build(deps): bump boto3 from 1.17.98 to 1.17.99 (#1076) Bumps [boto3](https://github.com/boto/boto3) from 1.17.98 to 1.17.99. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.17.98...1.17.99) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Pipfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 59747ff6b..7e19a8209 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:2c2f70608934b03f9c08f4cd185de223b5abd18245dd4d4800e1fbc2a2523e31", - "sha256:fccfa81cda69bb2317ed97e7149d7d84d19e6ec3bfbe3f721139e7ac0c407c73" + "sha256:67b4b89c8f7304c75b8a478ecf90a6f7a53ad929fe3e546fc34f6b7c25882b53", + "sha256:f91e8609b7f4cd2814b3208234a7251e6d8653ae45ea9f74b8bcd1056c8c62b7" ], "index": "pypi", - "version": "==1.17.98" + "version": "==1.17.99" }, "botocore": { "hashes": [ - "sha256:b2a49de4ee04b690142c8e7240f0f5758e3f7673dd39cf398efe893bf5e11c3f", - "sha256:b955b23fe2fbdbbc8e66f37fe2970de6b5d8169f940b200bcf434751709d38f6" + "sha256:683c7cc7d01c94a6e593694d1d7bcdd3ea5f59c00421fa7e34500458175b9346", + "sha256:a236bb890e2b25f0db1b9bb4dd49e2d825b051ba953830c7cd7be7200f5aecbf" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.20.98" + "version": "==1.20.99" }, "cachetools": { "hashes": [ @@ -1565,7 +1565,7 @@ "sha256:83510593e07e433b77bd5bff0f6f607dbafa06d1a89022616f02d8b699cfcd56", "sha256:8e2c107091cfec7286bc0f68a547d0ba4c094d460b732075b6fba674f1035c0c" ], - "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", + "markers": "python_version < '4' and python_full_version >= '3.6.1'", "version": "==5.9.1" }, "lazy-object-proxy": { From 6930c844259f4f19935407d959194d0197aa0d52 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 24 Jun 2021 13:01:41 +0200 Subject: [PATCH 04/42] events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry Signed-off-by: Jens Langhammer --- authentik/events/middleware.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py index 684121171..1543fb8ef 100644 --- a/authentik/events/middleware.py +++ b/authentik/events/middleware.py @@ -13,6 +13,7 @@ from authentik.core.models import User from authentik.events.models import Event, EventAction, Notification from authentik.events.signals import EventNewThread from authentik.events.utils import model_to_dict +from authentik.lib.sentry import before_send from authentik.lib.utils.errors import exception_to_string @@ -62,12 +63,13 @@ class AuditMiddleware: if settings.DEBUG: return - thread = EventNewThread( - EventAction.SYSTEM_EXCEPTION, - request, - message=exception_to_string(exception), - ) - thread.run() + if before_send({}, {"exc_info": (None, exception, None)}) is not None: + thread = EventNewThread( + EventAction.SYSTEM_EXCEPTION, + request, + message=exception_to_string(exception), + ) + thread.run() @staticmethod # pylint: disable=unused-argument From 0d81eaffff212098429f118207f4a3ef521d5897 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 24 Jun 2021 19:30:16 +0200 Subject: [PATCH 05/42] web/admin: fix text color on pf-c-card Signed-off-by: Jens Langhammer --- web/src/authentik.css | 1 + web/src/pages/events/EventInfoPage.ts | 8 ++------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/web/src/authentik.css b/web/src/authentik.css index bb409f2f1..312af5a08 100644 --- a/web/src/authentik.css +++ b/web/src/authentik.css @@ -139,6 +139,7 @@ body { /* Card */ .pf-c-card { --pf-c-card--BackgroundColor: var(--ak-dark-background-light); + color: var(--ak-dark-foreground); } .pf-c-card__title, .pf-c-card__body { diff --git a/web/src/pages/events/EventInfoPage.ts b/web/src/pages/events/EventInfoPage.ts index 069e5ef3f..51d14904a 100644 --- a/web/src/pages/events/EventInfoPage.ts +++ b/web/src/pages/events/EventInfoPage.ts @@ -1,5 +1,5 @@ import { t } from "@lingui/macro"; -import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; import { EventsApi } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; import { EventWithContext } from "../../api/Events"; @@ -27,11 +27,7 @@ export class EventInfoPage extends LitElement { event!: EventWithContext; static get styles(): CSSResult[] { - return [PFBase, PFPage, PFContent, PFCard, AKGlobal].concat(css` - .pf-c-card { - color: var(--ak-dark-foreground); - } - `); + return [PFBase, PFPage, PFContent, PFCard, AKGlobal]; } render(): TemplateResult { From c9ad87d419d2c1dc64f6f883c192cd252ffb2a00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Jun 2021 10:59:40 +0200 Subject: [PATCH 06/42] build(deps): bump boto3 from 1.17.99 to 1.17.100 (#1077) Bumps [boto3](https://github.com/boto/boto3) from 1.17.99 to 1.17.100. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.17.99...1.17.100) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Pipfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 7e19a8209..c26f1907b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:67b4b89c8f7304c75b8a478ecf90a6f7a53ad929fe3e546fc34f6b7c25882b53", - "sha256:f91e8609b7f4cd2814b3208234a7251e6d8653ae45ea9f74b8bcd1056c8c62b7" + "sha256:0cdb443db72787eff296138952f952529d49dba00d67d5652017d2584daab33a", + "sha256:ab767dffc34e3093d4c4d0b40a6387129661e24de2ae06a8eaefb92739447ad9" ], "index": "pypi", - "version": "==1.17.99" + "version": "==1.17.100" }, "botocore": { "hashes": [ - "sha256:683c7cc7d01c94a6e593694d1d7bcdd3ea5f59c00421fa7e34500458175b9346", - "sha256:a236bb890e2b25f0db1b9bb4dd49e2d825b051ba953830c7cd7be7200f5aecbf" + "sha256:1331c6a9aafa1a893b20d9ee71abdb52c9bb4e5f7197e82153c371e1856e645d", + "sha256:55da43d99d1ed5f51fa65d71f30ecdfb5f9d8b0874c0c3e63264121bd88e0cab" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.20.99" + "version": "==1.20.100" }, "cachetools": { "hashes": [ From bb776c27107dad990036a3dbdb7f27406db5658e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 25 Jun 2021 11:54:35 +0200 Subject: [PATCH 07/42] outposts: check docker container ports match Signed-off-by: Jens Langhammer --- authentik/outposts/controllers/docker.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py index c85276471..fc1e78557 100644 --- a/authentik/outposts/controllers/docker.py +++ b/authentik/outposts/controllers/docker.py @@ -53,6 +53,21 @@ class DockerController(BaseController): return True return False + def _comp_ports(self, container: Container) -> bool: + """Check that the container has the correct ports exposed. Return true if container needs + to be rebuilt.""" + # {'6379/tcp': [{'HostIp': '127.0.0.1', 'HostPort': '6379'}]} + for port in self.deployment_ports: + key = f"{port.inner_port or port.port}/{port.protocol}" + if key not in container.ports: + return True + host_matching = False + for host_port in container.ports[key]: + host_matching = host_port.get("HostPort") == port.port + if not host_matching: + return True + return False + def _get_container(self) -> tuple[Container, bool]: container_name = f"authentik-proxy-{self.outpost.uuid.hex}" try: @@ -98,6 +113,11 @@ class DockerController(BaseController): ) self.down() return self.up() + # Check container's ports + if self._comp_ports(container): + self.logger.info("Container has mis-matched ports, re-creating...") + self.down() + return self.up() # Check that container values match our values if self._comp_env(container): self.logger.info("Container has outdated config, re-creating...") From a3ff7cea23bc11fdd7de0e309595323c7e4805a5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 25 Jun 2021 11:55:00 +0200 Subject: [PATCH 08/42] providers/oauth2: fix usage of timedelta.seconds Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/models.py | 2 +- authentik/providers/oauth2/views/authorize.py | 6 +++--- authentik/providers/oauth2/views/token.py | 16 ++++++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index a9b82bf84..5ee94bfe2 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -474,7 +474,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel): now = int(time.time()) iat_time = now exp_time = int( - now + timedelta_from_string(self.provider.token_validity).seconds + now + timedelta_from_string(self.provider.token_validity).total_seconds() ) # We use the timestamp of the user's last successful login (EventAction.LOGIN) for auth_time auth_events = Event.objects.filter( diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 5319ce40d..3728c92b5 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -374,9 +374,9 @@ class OAuthFulfillmentStage(StageView): query_fragment["code"] = code.code query_fragment["token_type"] = "bearer" - query_fragment["expires_in"] = timedelta_from_string( - self.provider.token_validity - ).seconds + query_fragment["expires_in"] = int( + timedelta_from_string(self.provider.token_validity).total_seconds() + ) query_fragment["state"] = self.params.state if self.params.state else "" return query_fragment diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index c0d85a345..7c78eed16 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -215,9 +215,11 @@ class TokenView(View): "access_token": refresh_token.access_token, "refresh_token": refresh_token.refresh_token, "token_type": "bearer", - "expires_in": timedelta_from_string( - self.params.provider.token_validity - ).seconds, + "expires_in": int( + timedelta_from_string( + self.params.provider.token_validity + ).total_seconds() + ), "id_token": refresh_token.provider.encode(refresh_token.id_token.to_dict()), } @@ -258,9 +260,11 @@ class TokenView(View): "access_token": refresh_token.access_token, "refresh_token": refresh_token.refresh_token, "token_type": "bearer", - "expires_in": timedelta_from_string( - refresh_token.provider.token_validity - ).seconds, + "expires_in": int( + timedelta_from_string( + refresh_token.provider.token_validity + ).total_seconds() + ), "id_token": self.params.provider.encode(refresh_token.id_token.to_dict()), } From b8bdf7a03534123d61ea9efca0d018417d26fe51 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 25 Jun 2021 15:15:18 +0200 Subject: [PATCH 09/42] outposts: fix outpost being re-created when in host mode Signed-off-by: Jens Langhammer --- authentik/outposts/controllers/docker.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py index fc1e78557..aa7a6781e 100644 --- a/authentik/outposts/controllers/docker.py +++ b/authentik/outposts/controllers/docker.py @@ -56,9 +56,15 @@ class DockerController(BaseController): def _comp_ports(self, container: Container) -> bool: """Check that the container has the correct ports exposed. Return true if container needs to be rebuilt.""" + # with TEST enabled, we use host-network + if settings.TEST: + return False + # When the container isn't running, the API doesn't report any port mappings + if container.status != "running": + return False # {'6379/tcp': [{'HostIp': '127.0.0.1', 'HostPort': '6379'}]} for port in self.deployment_ports: - key = f"{port.inner_port or port.port}/{port.protocol}" + key = f"{port.inner_port or port.port}/{port.protocol.lower()}" if key not in container.ports: return True host_matching = False From 2543b075be9e75bd7d07b7d893b9a9b117b03c9d Mon Sep 17 00:00:00 2001 From: linogics <85334233+linogics@users.noreply.github.com> Date: Sat, 26 Jun 2021 15:07:43 +0200 Subject: [PATCH 10/42] outposts/ldap: fixed IsActive and IsSuperuser returning swapped incorrect values (#1078) IsActive and IsSuperuser attributes were interchanged. --- outpost/pkg/ldap/instance_search.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/outpost/pkg/ldap/instance_search.go b/outpost/pkg/ldap/instance_search.go index c385068a0..0e459e03e 100644 --- a/outpost/pkg/ldap/instance_search.go +++ b/outpost/pkg/ldap/instance_search.go @@ -99,15 +99,15 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { } if *u.IsActive { - attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}}) + attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}}) } else { - attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}}) + attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}}) } if u.IsSuperuser { - attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}}) - } else { attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}}) + } else { + attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}}) } attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)}) From 63a28ca1e9d41d98535db35fa2c348822fe2eec2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 19:33:20 +0200 Subject: [PATCH 11/42] web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form Signed-off-by: Jens Langhammer --- web/src/pages/tenants/TenantForm.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/pages/tenants/TenantForm.ts b/web/src/pages/tenants/TenantForm.ts index 07b4f895f..200c3619e 100644 --- a/web/src/pages/tenants/TenantForm.ts +++ b/web/src/pages/tenants/TenantForm.ts @@ -150,7 +150,7 @@ export class TenantForm extends ModelForm { ${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({ ordering: "pk", - designation: FlowsInstancesListDesignationEnum.Recovery, + designation: FlowsInstancesListDesignationEnum.Unenrollment, }).then(flows => { return flows.results.map(flow => { const selected = this.instance?.flowUnenrollment === flow.pk; From 3fe0483dbff63cfb8fd152b6fdaa084223f26596 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 20:20:09 +0200 Subject: [PATCH 12/42] core: fix flow background not correctly loading on initial draw Signed-off-by: Jens Langhammer --- authentik/core/templates/if/flow.html | 2 +- authentik/core/templates/login/base_full.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/core/templates/if/flow.html b/authentik/core/templates/if/flow.html index b1435d2f6..8b1a381a7 100644 --- a/authentik/core/templates/if/flow.html +++ b/authentik/core/templates/if/flow.html @@ -13,7 +13,7 @@ {% endblock %} diff --git a/authentik/core/templates/login/base_full.html b/authentik/core/templates/login/base_full.html index 8750fb341..cfeecb855 100644 --- a/authentik/core/templates/login/base_full.html +++ b/authentik/core/templates/login/base_full.html @@ -10,7 +10,7 @@ {% block head %} {% endblock %} From 9bd613a31d96bfa325066177bc14eb5cca715cca Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 20:48:53 +0200 Subject: [PATCH 13/42] stages/authenticator_duo: fix component not being set in API Signed-off-by: Jens Langhammer --- authentik/stages/authenticator_duo/stage.py | 2 +- web/src/pages/providers/ldap/LDAPProviderViewPage.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/stages/authenticator_duo/stage.py b/authentik/stages/authenticator_duo/stage.py index abca61479..96c5908c6 100644 --- a/authentik/stages/authenticator_duo/stage.py +++ b/authentik/stages/authenticator_duo/stage.py @@ -63,7 +63,7 @@ class AuthenticatorDuoStageView(ChallengeStageView): "type": ChallengeTypes.NATIVE.value, "activation_barcode": enroll["activation_barcode"], "activation_code": enroll["activation_code"], - "stage_uuid": stage.stage_uuid, + "stage_uuid": str(stage.stage_uuid), } ) diff --git a/web/src/pages/providers/ldap/LDAPProviderViewPage.ts b/web/src/pages/providers/ldap/LDAPProviderViewPage.ts index 548ba82bd..ea0af89e0 100644 --- a/web/src/pages/providers/ldap/LDAPProviderViewPage.ts +++ b/web/src/pages/providers/ldap/LDAPProviderViewPage.ts @@ -102,7 +102,7 @@ export class LDAPProviderViewPage extends LitElement { + .instancePk=${this.provider.pk}> +
+ ${t`Export flow`} +
+
+ +
diff --git a/web/src/pages/flows/StageBindingForm.ts b/web/src/pages/flows/StageBindingForm.ts index ecce2cd6d..b669752c9 100644 --- a/web/src/pages/flows/StageBindingForm.ts +++ b/web/src/pages/flows/StageBindingForm.ts @@ -123,7 +123,7 @@ export class StageBindingForm extends ModelForm {

- ${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with this option disabled, policies are **not** evaluated.`} + ${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`}

diff --git a/website/docs/releases/v2021.6.md b/website/docs/releases/v2021.6.md index 22af5446d..d20a46f49 100644 --- a/website/docs/releases/v2021.6.md +++ b/website/docs/releases/v2021.6.md @@ -116,6 +116,20 @@ slug: "2021.6" - web/admin: handle elements in slot=form not being forms - web/admin: sort inputs on authenticator validation stage form +## Fixed in 2021.6.3 + +- core: fix flow background not correctly loading on initial draw +- events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry +- expressions: fix regex_match result being inverted +- outposts: check docker container ports match +- outposts/ldap: fixed IsActive and IsSuperuser returning swapped incorrect values (#1078) +- providers/oauth2: fix exp of JWT when not using seconds +- sources/ldap: improve error handling when checking for password complexity on non-ad setups +- stages/authenticator_duo: fix component not being set in API +- web/admin: fix deletion of authenticator not reloading the state correctly +- web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form +- web/admin: fix text color on pf-c-card + ## Upgrading This release does not introduce any new requirements. From 4ec5df6b12b8ee9c60b93d1afba942c628bdd520 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 22:30:33 +0200 Subject: [PATCH 17/42] web/admin: fix linting error Signed-off-by: Jens Langhammer --- web/src/locales/en.po | 10 ++++++++++ web/src/locales/pseudo-LOCALE.po | 7 +++++++ .../pages/policies/reputation/ReputationPolicyForm.ts | 5 +++++ web/src/pages/user-settings/UserSettingsPage.ts | 6 +++--- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 908a4565e..d53b44033 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -3821,6 +3821,16 @@ msgstr "The external URL you'll authenticate at. Can be the same domain as authe msgid "The following objects use {objName}" msgstr "The following objects use {objName}" +#: src/pages/policies/reputation/ReputationPolicyForm.ts +msgid "" +"The policy passes when the reputation score is above the threshold, and\n" +"doesn't pass when either or both of the selected options are equal or less than the\n" +"threshold." +msgstr "" +"The policy passes when the reputation score is above the threshold, and\n" +"doesn't pass when either or both of the selected options are equal or less than the\n" +"threshold." + #: src/pages/policies/dummy/DummyPolicyForm.ts msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgstr "The policy takes a random time to execute. This controls the minimum time it will take." diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index b708ce2f4..5d623fb18 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -3813,6 +3813,13 @@ msgstr "" msgid "The following objects use {objName}" msgstr "" +#: +msgid "" +"The policy passes when the reputation score is above the threshold, and\n" +"doesn't pass when either or both of the selected options are equal or less than the\n" +"threshold." +msgstr "" + #: msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgstr "" diff --git a/web/src/pages/policies/reputation/ReputationPolicyForm.ts b/web/src/pages/policies/reputation/ReputationPolicyForm.ts index 045308c06..0ff3d1796 100644 --- a/web/src/pages/policies/reputation/ReputationPolicyForm.ts +++ b/web/src/pages/policies/reputation/ReputationPolicyForm.ts @@ -44,6 +44,11 @@ export class ReputationPolicyForm extends ModelForm {
${t`Allows/denys requests based on the users and/or the IPs reputation.`}
+
+ ${t`The policy passes when the reputation score is above the threshold, and + doesn't pass when either or both of the selected options are equal or less than the + threshold.`} +
; - @property() + @property({attribute: false}) sourceSettings?: Promise; constructor() { @@ -49,7 +49,7 @@ export class UserSettingsPage extends LitElement { }); } - firstUpdated() { + firstUpdated(): void { this.userSettings = new StagesApi(DEFAULT_CONFIG).stagesAllUserSettingsList(); this.sourceSettings = new SourcesApi(DEFAULT_CONFIG).sourcesAllUserSettingsList(); } From 60c3cf890a944923709ce28561aaca58f5ac52d3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 23:37:03 +0200 Subject: [PATCH 18/42] events: add ability to create events via API Signed-off-by: Jens Langhammer --- authentik/events/api/event.py | 11 +- authentik/outposts/models.py | 5 +- authentik/root/settings.py | 1 + schema.yml | 220 +++++++++++++++++++++++++++++----- 4 files changed, 195 insertions(+), 42 deletions(-) diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py index 10069999e..570559a42 100644 --- a/authentik/events/api/event.py +++ b/authentik/events/api/event.py @@ -6,11 +6,11 @@ from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import OpenApiParameter, extend_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action -from rest_framework.fields import CharField, DictField, IntegerField +from rest_framework.fields import DictField, IntegerField from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import ReadOnlyModelViewSet +from rest_framework.viewsets import ModelViewSet from authentik.core.api.utils import PassiveSerializer, TypeCreateSerializer from authentik.events.models import Event, EventAction @@ -19,11 +19,6 @@ from authentik.events.models import Event, EventAction class EventSerializer(ModelSerializer): """Event Serializer""" - # Since we only use this serializer for read-only operations, - # no checking of the action is done here. - # This allows clients to check wildcards, prefixes and custom types - action = CharField() - class Meta: model = Event @@ -96,7 +91,7 @@ class EventsFilter(django_filters.FilterSet): fields = ["action", "client_ip", "username"] -class EventViewSet(ReadOnlyModelViewSet): +class EventViewSet(ModelViewSet): """Event Read-Only Viewset""" queryset = Event.objects.all() diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 9276becdf..b12292309 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -405,7 +405,10 @@ class Outpost(models.Model): def get_required_objects(self) -> Iterable[Union[models.Model, str]]: """Get an iterator of all objects the user needs read access to""" - objects: list[Union[models.Model, str]] = [self] + objects: list[Union[models.Model, str]] = [ + self, + "authentik_events.add_event", + ] for provider in ( Provider.objects.filter(outpost=self).select_related().select_subclasses() ): diff --git a/authentik/root/settings.py b/authentik/root/settings.py index f832299e8..d9977031c 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -153,6 +153,7 @@ SPECTACULAR_SETTINGS = { "url": "https://github.com/goauthentik/authentik/blob/master/LICENSE", }, "ENUM_NAME_OVERRIDES": { + "EventActions": "authentik.events.models.EventAction", "ChallengeChoices": "authentik.flows.challenge.ChallengeTypes", "FlowDesignationEnum": "authentik.flows.models.FlowDesignation", "PolicyEngineMode": "authentik.policies.models.PolicyEngineMode", diff --git a/schema.yml b/schema.yml index 8e85f84f7..f7e65eafb 100644 --- a/schema.yml +++ b/schema.yml @@ -3572,6 +3572,37 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' + post: + operationId: events_events_create + description: Event Read-Only Viewset + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/EventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' /api/v2beta/events/events/{event_uuid}/: get: operationId: events_events_retrieve @@ -3600,6 +3631,106 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' + put: + operationId: events_events_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/EventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + patch: + operationId: events_events_partial_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + delete: + operationId: events_events_destroy + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + security: + - authentik: [] + - cookieAuth: [] + responses: + '204': + description: No response body + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' /api/v2beta/events/events/actions/: get: operationId: events_events_actions_list @@ -19242,7 +19373,7 @@ components: type: object additionalProperties: {} action: - type: string + $ref: '#/components/schemas/EventActions' app: type: string context: @@ -19266,6 +19397,34 @@ components: - app - created - pk + EventActions: + enum: + - login + - login_failed + - logout + - user_write + - suspicious_request + - password_set + - secret_view + - invitation_used + - authorize_application + - source_linked + - impersonation_started + - impersonation_ended + - policy_execution + - policy_exception + - property_mapping_exception + - system_task_execution + - system_task_exception + - system_exception + - configuration_error + - model_created + - model_updated + - model_deleted + - email_sent + - update_available + - custom_ + type: string EventMatcherPolicy: type: object description: Event Matcher Policy Serializer @@ -19296,7 +19455,7 @@ components: readOnly: true action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -19314,34 +19473,6 @@ components: - pk - verbose_name - verbose_name_plural - EventMatcherPolicyActionEnum: - enum: - - login - - login_failed - - logout - - user_write - - suspicious_request - - password_set - - secret_view - - invitation_used - - authorize_application - - source_linked - - impersonation_started - - impersonation_ended - - policy_execution - - policy_exception - - property_mapping_exception - - system_task_execution - - system_task_exception - - system_exception - - configuration_error - - model_created - - model_updated - - model_deleted - - email_sent - - update_available - - custom_ - type: string EventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer @@ -19355,7 +19486,7 @@ components: will be logged. By default, only execution errors are logged. action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -19375,7 +19506,7 @@ components: type: object additionalProperties: {} action: - type: string + $ref: '#/components/schemas/EventActions' app: type: string context: @@ -24429,7 +24560,7 @@ components: will be logged. By default, only execution errors are logged. action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -24441,6 +24572,29 @@ components: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. + PatchedEventRequest: + type: object + description: Event Serializer + properties: + user: + type: object + additionalProperties: {} + action: + $ref: '#/components/schemas/EventActions' + app: + type: string + context: + type: object + additionalProperties: {} + client_ip: + type: string + nullable: true + expires: + type: string + format: date-time + tenant: + type: object + additionalProperties: {} PatchedExpressionPolicyRequest: type: object description: Group Membership Policy Serializer From 7d9c74ce04aa4514e6d4e6672277869a18dc0d89 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 26 Jun 2021 23:38:32 +0200 Subject: [PATCH 19/42] tenants: include all default flows in current_tenant Signed-off-by: Jens Langhammer --- authentik/tenants/api.py | 3 +++ schema.yml | 6 ++++++ web/src/pages/events/EventInfo.ts | 32 +++++++++++++++---------------- 3 files changed, 25 insertions(+), 16 deletions(-) diff --git a/authentik/tenants/api.py b/authentik/tenants/api.py index e5b7cc957..673373f8d 100644 --- a/authentik/tenants/api.py +++ b/authentik/tenants/api.py @@ -54,6 +54,9 @@ class CurrentTenantSerializer(PassiveSerializer): default=CONFIG.y("footer_links", []), ) + flow_authentication = CharField(source="flow_authentication.slug", required=False) + flow_invalidation = CharField(source="flow_invalidation.slug", required=False) + flow_recovery = CharField(source="flow_recovery.slug", required=False) flow_unenrollment = CharField(source="flow_unenrollment.slug", required=False) diff --git a/schema.yml b/schema.yml index f7e65eafb..761f424f9 100644 --- a/schema.yml +++ b/schema.yml @@ -18890,6 +18890,12 @@ components: name: Documentation - href: https://goauthentik.io/ name: authentik Website + flow_authentication: + type: string + flow_invalidation: + type: string + flow_recovery: + type: string flow_unenrollment: type: string required: diff --git a/web/src/pages/events/EventInfo.ts b/web/src/pages/events/EventInfo.ts index 38ca07072..439ff763c 100644 --- a/web/src/pages/events/EventInfo.ts +++ b/web/src/pages/events/EventInfo.ts @@ -1,7 +1,7 @@ import { t } from "@lingui/macro"; import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; import { until } from "lit-html/directives/until"; -import { EventMatcherPolicyActionEnum, FlowsApi } from "authentik-api"; +import { EventActions, FlowsApi } from "authentik-api"; import "../../elements/Spinner"; import "../../elements/Expand"; import { PFSize } from "../../elements/Spinner"; @@ -189,14 +189,14 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)} return html``; } switch (this.event?.action) { - case EventMatcherPolicyActionEnum.ModelCreated: - case EventMatcherPolicyActionEnum.ModelUpdated: - case EventMatcherPolicyActionEnum.ModelDeleted: + case EventActions.ModelCreated: + case EventActions.ModelUpdated: + case EventActions.ModelDeleted: return html`

${t`Affected model:`}

${this.getModelInfo(this.event.context?.model as EventModel)} `; - case EventMatcherPolicyActionEnum.AuthorizeApplication: + case EventActions.AuthorizeApplication: return html`

${t`Authorized application:`}

@@ -213,17 +213,17 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.EmailSent: + case EventActions.EmailSent: return html`

${t`Email info:`}

${this.getEmailInfo(this.event.context)} `; - case EventMatcherPolicyActionEnum.SecretView: + case EventActions.SecretView: return html`

${t`Secret:`}

${this.getModelInfo(this.event.context.secret as EventModel)}`; - case EventMatcherPolicyActionEnum.SystemException: + case EventActions.SystemException: return html` ${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.PropertyMappingException: + case EventActions.PropertyMappingException: return html`

${t`Exception`}

@@ -252,7 +252,7 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.PolicyException: + case EventActions.PolicyException: return html`

${t`Binding`}

@@ -271,7 +271,7 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.PolicyExecution: + case EventActions.PolicyExecution: return html`

${t`Binding`}

@@ -299,10 +299,10 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.ConfigurationError: + case EventActions.ConfigurationError: return html`

${this.event.context.message}

${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.UpdateAvailable: + case EventActions.UpdateAvailable: return html`

${t`New version available!`}

`; // Action types which typically don't record any extra context. // If context is not empty, we fall to the default response. - case EventMatcherPolicyActionEnum.Login: + case EventActions.Login: if ("using_source" in this.event.context) { return html`
@@ -321,11 +321,11 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
`; } return this.defaultResponse(); - case EventMatcherPolicyActionEnum.LoginFailed: + case EventActions.LoginFailed: return html`

${t`Attempted to log in as ${this.event.context.username}`}

${this.defaultResponse()}`; - case EventMatcherPolicyActionEnum.Logout: + case EventActions.Logout: if (this.event.context === {}) { return html`${t`No additional data available.`}`; } From 5431e7fe9d01b46b30cde9f5f70ada0c9bcdc8a8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 27 Jun 2021 13:02:43 +0200 Subject: [PATCH 20/42] tenants: fix tests Signed-off-by: Jens Langhammer --- authentik/tenants/tests.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/authentik/tenants/tests.py b/authentik/tenants/tests.py index 15fbfd7a8..4eab392c4 100644 --- a/authentik/tenants/tests.py +++ b/authentik/tenants/tests.py @@ -20,6 +20,8 @@ class TestTenants(TestCase): "branding_title": "authentik", "matched_domain": "authentik-default", "ui_footer_links": CONFIG.y("footer_links"), + "flow_authentication": "default-authentication-flow", + "flow_invalidation": "default-invalidation-flow", }, ) From 3b2b3262d7287e74ccf63e0a83d0cd8d42bce599 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 27 Jun 2021 18:47:04 +0200 Subject: [PATCH 21/42] flows: add FlowStageBinding to flow plan instead of just stage Signed-off-by: Jens Langhammer --- authentik/flows/markers.py | 28 ++++++++----- authentik/flows/planner.py | 36 ++++++++-------- authentik/flows/tests/test_planner.py | 4 +- authentik/flows/tests/test_views.py | 41 ++++++++++--------- authentik/flows/views.py | 20 ++++++--- authentik/providers/oauth2/views/authorize.py | 2 +- authentik/stages/captcha/tests.py | 6 ++- authentik/stages/consent/tests.py | 14 ++++--- authentik/stages/deny/tests.py | 6 ++- authentik/stages/email/tests/test_sending.py | 8 ++-- authentik/stages/email/tests/test_stage.py | 12 +++--- authentik/stages/invitation/tests.py | 12 +++--- authentik/stages/password/tests.py | 16 ++++---- authentik/stages/prompt/tests.py | 16 ++++---- authentik/stages/user_delete/tests.py | 8 ++-- authentik/stages/user_login/tests.py | 10 +++-- authentik/stages/user_logout/tests.py | 6 ++- authentik/stages/user_write/tests.py | 14 ++++--- 18 files changed, 151 insertions(+), 108 deletions(-) diff --git a/authentik/flows/markers.py b/authentik/flows/markers.py index e0b773982..d5bc297f1 100644 --- a/authentik/flows/markers.py +++ b/authentik/flows/markers.py @@ -6,7 +6,7 @@ from django.http.request import HttpRequest from structlog.stdlib import get_logger from authentik.core.models import User -from authentik.flows.models import Stage +from authentik.flows.models import FlowStageBinding from authentik.policies.engine import PolicyEngine from authentik.policies.models import PolicyBinding @@ -22,11 +22,14 @@ class StageMarker: # pylint: disable=unused-argument def process( - self, plan: "FlowPlan", stage: Stage, http_request: Optional[HttpRequest] - ) -> Optional[Stage]: + self, + plan: "FlowPlan", + binding: FlowStageBinding, + http_request: Optional[HttpRequest], + ) -> Optional[FlowStageBinding]: """Process callback for this marker. This should be overridden by sub-classes. If a stage should be removed, return None.""" - return stage + return binding @dataclass @@ -37,13 +40,16 @@ class ReevaluateMarker(StageMarker): user: User def process( - self, plan: "FlowPlan", stage: Stage, http_request: Optional[HttpRequest] - ) -> Optional[Stage]: + self, + plan: "FlowPlan", + binding: FlowStageBinding, + http_request: Optional[HttpRequest], + ) -> Optional[FlowStageBinding]: """Re-evaluate policies bound to stage, and if they fail, remove from plan""" LOGGER.debug( "f(plan_inst)[re-eval marker]: running re-evaluation", - stage=stage, - binding=self.binding, + binding=binding, + policy_binding=self.binding, ) engine = PolicyEngine(self.binding, self.user) engine.use_cache = False @@ -53,10 +59,10 @@ class ReevaluateMarker(StageMarker): engine.build() result = engine.result if result.passing: - return stage + return binding LOGGER.warning( - "f(plan_inst)[re-eval marker]: stage failed re-evaluation", - stage=stage, + "f(plan_inst)[re-eval marker]: binding failed re-evaluation", + binding=binding, messages=result.messages, ) return None diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py index 9edb719fa..9f4174a12 100644 --- a/authentik/flows/planner.py +++ b/authentik/flows/planner.py @@ -13,7 +13,7 @@ from authentik.core.models import User from authentik.events.models import cleanse_dict from authentik.flows.exceptions import EmptyFlowException, FlowNonApplicableException from authentik.flows.markers import ReevaluateMarker, StageMarker -from authentik.flows.models import Flow, FlowStageBinding, Stage +from authentik.flows.models import Flow, FlowStageBinding from authentik.lib.config import CONFIG from authentik.policies.engine import PolicyEngine from authentik.root.monitoring import UpdatingGauge @@ -52,33 +52,37 @@ class FlowPlan: flow_pk: str - stages: list[Stage] = field(default_factory=list) + bindings: list[FlowStageBinding] = field(default_factory=list) context: dict[str, Any] = field(default_factory=dict) markers: list[StageMarker] = field(default_factory=list) - def append(self, stage: Stage, marker: Optional[StageMarker] = None): + def append(self, binding: FlowStageBinding, marker: Optional[StageMarker] = None): """Append `stage` to all stages, optionall with stage marker""" - self.stages.append(stage) + self.bindings.append(binding) self.markers.append(marker or StageMarker()) - def insert(self, stage: Stage, marker: Optional[StageMarker] = None): + def insert(self, binding: FlowStageBinding, marker: Optional[StageMarker] = None): """Insert stage into plan, as immediate next stage""" - self.stages.insert(1, stage) + self.bindings.insert(1, binding) self.markers.insert(1, marker or StageMarker()) - def next(self, http_request: Optional[HttpRequest]) -> Optional[Stage]: + def next(self, http_request: Optional[HttpRequest]) -> Optional[FlowStageBinding]: """Return next pending stage from the bottom of the list""" if not self.has_stages: return None - stage = self.stages[0] + binding = self.bindings[0] marker = self.markers[0] if marker.__class__ is not StageMarker: - LOGGER.debug("f(plan_inst): stage has marker", stage=stage, marker=marker) - marked_stage = marker.process(self, stage, http_request) + LOGGER.debug( + "f(plan_inst): stage has marker", binding=binding, marker=marker + ) + marked_stage = marker.process(self, binding, http_request) if not marked_stage: - LOGGER.debug("f(plan_inst): marker returned none, next stage", stage=stage) - self.stages.remove(stage) + LOGGER.debug( + "f(plan_inst): marker returned none, next stage", binding=binding + ) + self.bindings.remove(binding) self.markers.remove(marker) if not self.has_stages: return None @@ -89,12 +93,12 @@ class FlowPlan: def pop(self): """Pop next pending stage from bottom of list""" self.markers.pop(0) - self.stages.pop(0) + self.bindings.pop(0) @property def has_stages(self) -> bool: """Check if there are any stages left in this plan""" - return len(self.markers) + len(self.stages) > 0 + return len(self.markers) + len(self.bindings) > 0 class FlowPlanner: @@ -161,7 +165,7 @@ class FlowPlanner: plan = self._build_plan(user, request, default_context) cache.set(cache_key(self.flow, user), plan, CACHE_TIMEOUT) GAUGE_FLOWS_CACHED.update() - if not plan.stages and not self.allow_empty_flows: + if not plan.bindings and not self.allow_empty_flows: raise EmptyFlowException() return plan @@ -218,7 +222,7 @@ class FlowPlanner: ) marker = ReevaluateMarker(binding=binding, user=user) if stage: - plan.append(stage, marker) + plan.append(binding, marker) HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug) self._logger.debug( "f(plan): finished building", diff --git a/authentik/flows/tests/test_planner.py b/authentik/flows/tests/test_planner.py index 9eb60a112..8e185da58 100644 --- a/authentik/flows/tests/test_planner.py +++ b/authentik/flows/tests/test_planner.py @@ -182,8 +182,8 @@ class TestFlowPlanner(TestCase): planner = FlowPlanner(flow) plan = planner.plan(request) - self.assertEqual(plan.stages[0], binding.stage) - self.assertEqual(plan.stages[1], binding2.stage) + self.assertEqual(plan.bindings[0], binding) + self.assertEqual(plan.bindings[1], binding2) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], ReevaluateMarker) diff --git a/authentik/flows/tests/test_views.py b/authentik/flows/tests/test_views.py index fee5ff259..6b25ff970 100644 --- a/authentik/flows/tests/test_views.py +++ b/authentik/flows/tests/test_views.py @@ -52,8 +52,9 @@ class TestFlowExecutor(TestCase): designation=FlowDesignation.AUTHENTICATION, ) stage = DummyStage.objects.create(name="dummy") + binding = FlowStageBinding.objects.create(target=flow, stage=stage) plan = FlowPlan( - flow_pk=flow.pk.hex + "a", stages=[stage], markers=[StageMarker()] + flow_pk=flow.pk.hex + "a", bindings=[binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -163,7 +164,7 @@ class TestFlowExecutor(TestCase): # Check that two stages are in plan session = self.client.session plan: FlowPlan = session[SESSION_KEY_PLAN] - self.assertEqual(len(plan.stages), 2) + self.assertEqual(len(plan.bindings), 2) # Second request, submit form, one stage left response = self.client.post(exec_url) # Second request redirects to the same URL @@ -172,7 +173,7 @@ class TestFlowExecutor(TestCase): # Check that two stages are in plan session = self.client.session plan: FlowPlan = session[SESSION_KEY_PLAN] - self.assertEqual(len(plan.stages), 1) + self.assertEqual(len(plan.bindings), 1) @patch( "authentik.flows.views.to_stage_response", @@ -213,8 +214,8 @@ class TestFlowExecutor(TestCase): plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding.stage) - self.assertEqual(plan.stages[1], binding2.stage) + self.assertEqual(plan.bindings[0], binding) + self.assertEqual(plan.bindings[1], binding2) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], ReevaluateMarker) @@ -267,9 +268,9 @@ class TestFlowExecutor(TestCase): self.assertEqual(response.status_code, 200) plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding.stage) - self.assertEqual(plan.stages[1], binding2.stage) - self.assertEqual(plan.stages[2], binding3.stage) + self.assertEqual(plan.bindings[0], binding) + self.assertEqual(plan.bindings[1], binding2) + self.assertEqual(plan.bindings[2], binding3) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], ReevaluateMarker) @@ -281,8 +282,8 @@ class TestFlowExecutor(TestCase): plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding2.stage) - self.assertEqual(plan.stages[1], binding3.stage) + self.assertEqual(plan.bindings[0], binding2) + self.assertEqual(plan.bindings[1], binding3) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], StageMarker) @@ -338,9 +339,9 @@ class TestFlowExecutor(TestCase): self.assertEqual(response.status_code, 200) plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding.stage) - self.assertEqual(plan.stages[1], binding2.stage) - self.assertEqual(plan.stages[2], binding3.stage) + self.assertEqual(plan.bindings[0], binding) + self.assertEqual(plan.bindings[1], binding2) + self.assertEqual(plan.bindings[2], binding3) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], ReevaluateMarker) @@ -352,8 +353,8 @@ class TestFlowExecutor(TestCase): plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding2.stage) - self.assertEqual(plan.stages[1], binding3.stage) + self.assertEqual(plan.bindings[0], binding2) + self.assertEqual(plan.bindings[1], binding3) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], StageMarker) @@ -364,7 +365,7 @@ class TestFlowExecutor(TestCase): plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding3.stage) + self.assertEqual(plan.bindings[0], binding3) self.assertIsInstance(plan.markers[0], StageMarker) @@ -438,10 +439,10 @@ class TestFlowExecutor(TestCase): plan: FlowPlan = self.client.session[SESSION_KEY_PLAN] - self.assertEqual(plan.stages[0], binding.stage) - self.assertEqual(plan.stages[1], binding2.stage) - self.assertEqual(plan.stages[2], binding3.stage) - self.assertEqual(plan.stages[3], binding4.stage) + self.assertEqual(plan.bindings[0], binding) + self.assertEqual(plan.bindings[1], binding2) + self.assertEqual(plan.bindings[2], binding3) + self.assertEqual(plan.bindings[3], binding4) self.assertIsInstance(plan.markers[0], StageMarker) self.assertIsInstance(plan.markers[1], ReevaluateMarker) diff --git a/authentik/flows/views.py b/authentik/flows/views.py index 499338d97..c527d1b16 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -37,7 +37,13 @@ from authentik.flows.challenge import ( WithUserInfoChallenge, ) from authentik.flows.exceptions import EmptyFlowException, FlowNonApplicableException -from authentik.flows.models import ConfigurableStage, Flow, FlowDesignation, Stage +from authentik.flows.models import ( + ConfigurableStage, + Flow, + FlowDesignation, + FlowStageBinding, + Stage, +) from authentik.flows.planner import ( PLAN_CONTEXT_PENDING_USER, PLAN_CONTEXT_REDIRECT, @@ -107,6 +113,7 @@ class FlowExecutorView(APIView): flow: Flow plan: Optional[FlowPlan] = None + current_binding: FlowStageBinding current_stage: Stage current_stage_view: View @@ -159,11 +166,12 @@ class FlowExecutorView(APIView): request.session[SESSION_KEY_GET] = QueryDict(request.GET.get("query", "")) # We don't save the Plan after getting the next stage # as it hasn't been successfully passed yet - next_stage = self.plan.next(self.request) - if not next_stage: + next_binding = self.plan.next(self.request) + if not next_binding: self._logger.debug("f(exec): no more stages, flow is done.") return self._flow_done() - self.current_stage = next_stage + self.current_binding = next_binding + self.current_stage = next_binding.stage self._logger.debug( "f(exec): Current stage", current_stage=self.current_stage, @@ -293,10 +301,10 @@ class FlowExecutorView(APIView): ) self.plan.pop() self.request.session[SESSION_KEY_PLAN] = self.plan - if self.plan.stages: + if self.plan.bindings: self._logger.debug( "f(exec): Continuing with next stage", - remaining=len(self.plan.stages), + remaining=len(self.plan.bindings), ) kwargs = self.kwargs kwargs.update({"flow_slug": self.flow.slug}) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 3728c92b5..1d0704c5d 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -468,7 +468,7 @@ class AuthorizationFlowInitView(PolicyAccessView): # OpenID clients can specify a `prompt` parameter, and if its set to consent we # need to inject a consent stage if PROMPT_CONSNET in self.params.prompt: - if not any(isinstance(x, ConsentStageView) for x in plan.stages): + if not any(isinstance(x.stage, ConsentStageView) for x in plan.bindings): # Plan does not have any consent stage, so we add an in-memory one stage = ConsentStage( name="OAuth2 Provider In-memory consent stage", diff --git a/authentik/stages/captcha/tests.py b/authentik/stages/captcha/tests.py index 3579438e5..8c863e2ee 100644 --- a/authentik/stages/captcha/tests.py +++ b/authentik/stages/captcha/tests.py @@ -36,12 +36,14 @@ class TestCaptchaStage(TestCase): public_key=RECAPTCHA_PUBLIC_KEY, private_key=RECAPTCHA_PRIVATE_KEY, ) - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_valid(self): """Test valid captcha""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan diff --git a/authentik/stages/consent/tests.py b/authentik/stages/consent/tests.py index d395af6a0..728b61649 100644 --- a/authentik/stages/consent/tests.py +++ b/authentik/stages/consent/tests.py @@ -39,9 +39,11 @@ class TestConsentStage(TestCase): stage = ConsentStage.objects.create( name="consent", mode=ConsentMode.ALWAYS_REQUIRE ) - FlowStageBinding.objects.create(target=flow, stage=stage, order=2) + binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2) - plan = FlowPlan(flow_pk=flow.pk.hex, stages=[stage], markers=[StageMarker()]) + plan = FlowPlan( + flow_pk=flow.pk.hex, bindings=[binding], markers=[StageMarker()] + ) session = self.client.session session[SESSION_KEY_PLAN] = plan session.save() @@ -69,11 +71,11 @@ class TestConsentStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) stage = ConsentStage.objects.create(name="consent", mode=ConsentMode.PERMANENT) - FlowStageBinding.objects.create(target=flow, stage=stage, order=2) + binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2) plan = FlowPlan( flow_pk=flow.pk.hex, - stages=[stage], + bindings=[binding], markers=[StageMarker()], context={PLAN_CONTEXT_APPLICATION: self.application}, ) @@ -110,11 +112,11 @@ class TestConsentStage(TestCase): stage = ConsentStage.objects.create( name="consent", mode=ConsentMode.EXPIRING, consent_expire_in="seconds=1" ) - FlowStageBinding.objects.create(target=flow, stage=stage, order=2) + binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2) plan = FlowPlan( flow_pk=flow.pk.hex, - stages=[stage], + bindings=[binding], markers=[StageMarker()], context={PLAN_CONTEXT_APPLICATION: self.application}, ) diff --git a/authentik/stages/deny/tests.py b/authentik/stages/deny/tests.py index 0df3d9bfd..9a15181ce 100644 --- a/authentik/stages/deny/tests.py +++ b/authentik/stages/deny/tests.py @@ -26,12 +26,14 @@ class TestUserDenyStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = DenyStage.objects.create(name="logout") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_valid_password(self): """Test with a valid pending user and backend""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan diff --git a/authentik/stages/email/tests/test_sending.py b/authentik/stages/email/tests/test_sending.py index 9b12201f5..5467999b4 100644 --- a/authentik/stages/email/tests/test_sending.py +++ b/authentik/stages/email/tests/test_sending.py @@ -34,12 +34,14 @@ class TestEmailStageSending(TestCase): self.stage = EmailStage.objects.create( name="email", ) - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_pending_user(self): """Test with pending user""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -67,7 +69,7 @@ class TestEmailStageSending(TestCase): def test_send_error(self): """Test error during sending (sending will be retried)""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session diff --git a/authentik/stages/email/tests/test_stage.py b/authentik/stages/email/tests/test_stage.py index ae499b05b..541e21750 100644 --- a/authentik/stages/email/tests/test_stage.py +++ b/authentik/stages/email/tests/test_stage.py @@ -35,12 +35,14 @@ class TestEmailStage(TestCase): self.stage = EmailStage.objects.create( name="email", ) - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_rendering(self): """Test with pending user""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -56,7 +58,7 @@ class TestEmailStage(TestCase): def test_without_user(self): """Test without pending user""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -71,7 +73,7 @@ class TestEmailStage(TestCase): def test_pending_user(self): """Test with pending user""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -102,7 +104,7 @@ class TestEmailStage(TestCase): # Make sure token exists self.test_pending_user() plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan diff --git a/authentik/stages/invitation/tests.py b/authentik/stages/invitation/tests.py index 509e5fcb8..72e9f93bf 100644 --- a/authentik/stages/invitation/tests.py +++ b/authentik/stages/invitation/tests.py @@ -35,7 +35,9 @@ class TestUserLoginStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = InvitationStage.objects.create(name="invitation") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) @patch( "authentik.flows.views.to_stage_response", @@ -44,7 +46,7 @@ class TestUserLoginStage(TestCase): def test_without_invitation_fail(self): """Test without any invitation, continue_flow_without_invitation not set.""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO @@ -75,7 +77,7 @@ class TestUserLoginStage(TestCase): self.stage.continue_flow_without_invitation = True self.stage.save() plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO @@ -103,7 +105,7 @@ class TestUserLoginStage(TestCase): def test_with_invitation_get(self): """Test with invitation, check data in session""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -143,7 +145,7 @@ class TestUserLoginStage(TestCase): ) plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PROMPT] = {INVITATION_TOKEN_KEY: invite.pk.hex} session = self.client.session diff --git a/authentik/stages/password/tests.py b/authentik/stages/password/tests.py index 846360421..5a653451f 100644 --- a/authentik/stages/password/tests.py +++ b/authentik/stages/password/tests.py @@ -39,7 +39,9 @@ class TestPasswordStage(TestCase): self.stage = PasswordStage.objects.create( name="password", backends=[BACKEND_DJANGO] ) - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) @patch( "authentik.flows.views.to_stage_response", @@ -48,7 +50,7 @@ class TestPasswordStage(TestCase): def test_without_user(self): """Test without user""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -84,7 +86,7 @@ class TestPasswordStage(TestCase): ) plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -101,7 +103,7 @@ class TestPasswordStage(TestCase): def test_valid_password(self): """Test with a valid pending user and valid password""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -129,7 +131,7 @@ class TestPasswordStage(TestCase): def test_invalid_password(self): """Test with a valid pending user and invalid password""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -148,7 +150,7 @@ class TestPasswordStage(TestCase): def test_invalid_password_lockout(self): """Test with a valid pending user and invalid password (trigger logout counter)""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -189,7 +191,7 @@ class TestPasswordStage(TestCase): """Test with a valid pending user and valid password. Backend is patched to return PermissionError""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py index 125b54bcc..cf485a2ef 100644 --- a/authentik/stages/prompt/tests.py +++ b/authentik/stages/prompt/tests.py @@ -102,12 +102,14 @@ class TestPromptStage(TestCase): hidden_prompt.field_key: hidden_prompt.placeholder, } - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_render(self): """Test render of form, check if all prompts are rendered correctly""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -125,7 +127,7 @@ class TestPromptStage(TestCase): def test_valid_challenge_with_policy(self) -> PromptChallengeResponse: """Test challenge_response validation""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) expr = "return request.context['password_prompt'] == request.context['password2_prompt']" expr_policy = ExpressionPolicy.objects.create( @@ -142,7 +144,7 @@ class TestPromptStage(TestCase): def test_invalid_challenge(self) -> PromptChallengeResponse: """Test challenge_response validation""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) expr = "False" expr_policy = ExpressionPolicy.objects.create( @@ -159,7 +161,7 @@ class TestPromptStage(TestCase): def test_valid_challenge_request(self): """Test a request with valid challenge_response data""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -196,7 +198,7 @@ class TestPromptStage(TestCase): def test_invalid_password(self): """Test challenge_response validation""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) self.prompt_data["password2_prompt"] = "qwerqwerqr" challenge_response = PromptChallengeResponse( @@ -215,7 +217,7 @@ class TestPromptStage(TestCase): def test_invalid_username(self): """Test challenge_response validation""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) self.prompt_data["username_prompt"] = "akadmin" challenge_response = PromptChallengeResponse( diff --git a/authentik/stages/user_delete/tests.py b/authentik/stages/user_delete/tests.py index 897194398..e1e357d61 100644 --- a/authentik/stages/user_delete/tests.py +++ b/authentik/stages/user_delete/tests.py @@ -30,7 +30,9 @@ class TestUserDeleteStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = UserDeleteStage.objects.create(name="delete") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) @patch( "authentik.flows.views.to_stage_response", @@ -39,7 +41,7 @@ class TestUserDeleteStage(TestCase): def test_no_user(self): """Test without user set""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -66,7 +68,7 @@ class TestUserDeleteStage(TestCase): def test_user_delete_get(self): """Test Form render""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py index f5538e9b7..ebcb90569 100644 --- a/authentik/stages/user_login/tests.py +++ b/authentik/stages/user_login/tests.py @@ -30,12 +30,14 @@ class TestUserLoginStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = UserLoginStage.objects.create(name="login") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_valid_password(self): """Test with a valid pending user and backend""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -61,7 +63,7 @@ class TestUserLoginStage(TestCase): self.stage.session_duration = "seconds=2" self.stage.save() plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user session = self.client.session @@ -92,7 +94,7 @@ class TestUserLoginStage(TestCase): def test_without_user(self): """Test a plan without any pending user, resulting in a denied""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan diff --git a/authentik/stages/user_logout/tests.py b/authentik/stages/user_logout/tests.py index 9f706ba5d..2472fc7cc 100644 --- a/authentik/stages/user_logout/tests.py +++ b/authentik/stages/user_logout/tests.py @@ -28,12 +28,14 @@ class TestUserLogoutStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = UserLogoutStage.objects.create(name="logout") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) def test_valid_password(self): """Test with a valid pending user and backend""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO diff --git a/authentik/stages/user_write/tests.py b/authentik/stages/user_write/tests.py index 4d3b2767d..bd8fea12c 100644 --- a/authentik/stages/user_write/tests.py +++ b/authentik/stages/user_write/tests.py @@ -37,7 +37,9 @@ class TestUserWriteStage(TestCase): designation=FlowDesignation.AUTHENTICATION, ) self.stage = UserWriteStage.objects.create(name="write") - FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) + self.binding = FlowStageBinding.objects.create( + target=self.flow, stage=self.stage, order=2 + ) self.source = Source.objects.create(name="fake_source") def test_user_create(self): @@ -48,7 +50,7 @@ class TestUserWriteStage(TestCase): ) plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PROMPT] = { "username": "test-user", @@ -92,7 +94,7 @@ class TestUserWriteStage(TestCase): for _ in range(8) ) plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = User.objects.create( username="unittest", email="test@beryju.org" @@ -135,7 +137,7 @@ class TestUserWriteStage(TestCase): def test_without_data(self): """Test without data results in error""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session session[SESSION_KEY_PLAN] = plan @@ -167,7 +169,7 @@ class TestUserWriteStage(TestCase): def test_blank_username(self): """Test with blank username results in error""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session plan.context[PLAN_CONTEXT_PROMPT] = { @@ -204,7 +206,7 @@ class TestUserWriteStage(TestCase): def test_duplicate_data(self): """Test with duplicate data, should trigger error""" plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] ) session = self.client.session plan.context[PLAN_CONTEXT_PROMPT] = { From ba9edd6c447a6f3640b0e6d55665e0481be3ea11 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 27 Jun 2021 19:08:04 +0200 Subject: [PATCH 22/42] flows: handle possible errors with FlowPlans received from cache Signed-off-by: Jens Langhammer --- authentik/core/sources/flow_manager.py | 2 +- authentik/flows/planner.py | 10 +++++++--- authentik/flows/tests/test_views.py | 2 +- authentik/flows/views.py | 10 ++++++++++ authentik/providers/oauth2/views/authorize.py | 4 ++-- authentik/providers/saml/views/sso.py | 2 +- authentik/sources/saml/views.py | 2 +- authentik/stages/authenticator_validate/stage.py | 2 +- 8 files changed, 24 insertions(+), 10 deletions(-) diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py index 173064822..399f24933 100644 --- a/authentik/core/sources/flow_manager.py +++ b/authentik/core/sources/flow_manager.py @@ -213,7 +213,7 @@ class SourceFlowManager: planner = FlowPlanner(flow) plan = planner.plan(self.request, kwargs) for stage in self.get_stages_to_append(flow): - plan.append(stage) + plan.append_stage(stage=stage) self.request.session[SESSION_KEY_PLAN] = plan return redirect_with_qs( "authentik_core:if-flow", diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py index 9f4174a12..269ae2612 100644 --- a/authentik/flows/planner.py +++ b/authentik/flows/planner.py @@ -13,7 +13,7 @@ from authentik.core.models import User from authentik.events.models import cleanse_dict from authentik.flows.exceptions import EmptyFlowException, FlowNonApplicableException from authentik.flows.markers import ReevaluateMarker, StageMarker -from authentik.flows.models import Flow, FlowStageBinding +from authentik.flows.models import Flow, FlowStageBinding, Stage from authentik.lib.config import CONFIG from authentik.policies.engine import PolicyEngine from authentik.root.monitoring import UpdatingGauge @@ -56,14 +56,18 @@ class FlowPlan: context: dict[str, Any] = field(default_factory=dict) markers: list[StageMarker] = field(default_factory=list) + def append_stage(self, stage: Stage, marker: Optional[StageMarker] = None): + """Append `stage` to all stages, optionall with stage marker""" + return self.append(FlowStageBinding(stage=stage), marker) + def append(self, binding: FlowStageBinding, marker: Optional[StageMarker] = None): """Append `stage` to all stages, optionall with stage marker""" self.bindings.append(binding) self.markers.append(marker or StageMarker()) - def insert(self, binding: FlowStageBinding, marker: Optional[StageMarker] = None): + def insert_stage(self, stage: Stage, marker: Optional[StageMarker] = None): """Insert stage into plan, as immediate next stage""" - self.bindings.insert(1, binding) + self.bindings.insert(1, FlowStageBinding(stage=stage, order=0)) self.markers.insert(1, marker or StageMarker()) def next(self, http_request: Optional[HttpRequest]) -> Optional[FlowStageBinding]: diff --git a/authentik/flows/tests/test_views.py b/authentik/flows/tests/test_views.py index 6b25ff970..4b15726c0 100644 --- a/authentik/flows/tests/test_views.py +++ b/authentik/flows/tests/test_views.py @@ -52,7 +52,7 @@ class TestFlowExecutor(TestCase): designation=FlowDesignation.AUTHENTICATION, ) stage = DummyStage.objects.create(name="dummy") - binding = FlowStageBinding.objects.create(target=flow, stage=stage) + binding = FlowStageBinding(target=flow, stage=stage, order=0) plan = FlowPlan( flow_pk=flow.pk.hex + "a", bindings=[binding], markers=[StageMarker()] ) diff --git a/authentik/flows/views.py b/authentik/flows/views.py index c527d1b16..34c14ff07 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -4,6 +4,7 @@ from typing import Any, Optional from django.conf import settings from django.contrib.auth.mixins import LoginRequiredMixin +from django.core.cache import cache from django.http import Http404, HttpRequest, HttpResponse, HttpResponseRedirect from django.http.request import QueryDict from django.shortcuts import get_object_or_404, redirect @@ -276,6 +277,15 @@ class FlowExecutorView(APIView): planner = FlowPlanner(self.flow) plan = planner.plan(self.request) self.request.session[SESSION_KEY_PLAN] = plan + try: + # Call the has_stages getter to check that + # there are no issues with the class we might've gotten + # from the cache. If there are errors, just delete all cached flows + _ = plan.has_stages + except Exception: # pylint: disable=broad-except + keys = cache.keys("flow_*") + cache.delete_many(keys) + return self._initiate_plan() return plan def _flow_done(self) -> HttpResponse: diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 1d0704c5d..635c7d307 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -474,8 +474,8 @@ class AuthorizationFlowInitView(PolicyAccessView): name="OAuth2 Provider In-memory consent stage", mode=ConsentMode.ALWAYS_REQUIRE, ) - plan.append(stage) - plan.append(in_memory_stage(OAuthFulfillmentStage)) + plan.append_stage(stage) + plan.append_stage(in_memory_stage(OAuthFulfillmentStage)) self.request.session[SESSION_KEY_PLAN] = plan return redirect_with_qs( "authentik_core:if-flow", diff --git a/authentik/providers/saml/views/sso.py b/authentik/providers/saml/views/sso.py index 4eb76af68..732d582aa 100644 --- a/authentik/providers/saml/views/sso.py +++ b/authentik/providers/saml/views/sso.py @@ -79,7 +79,7 @@ class SAMLSSOView(PolicyAccessView): PLAN_CONTEXT_CONSENT_PERMISSIONS: [], }, ) - plan.append(in_memory_stage(SAMLFlowFinalView)) + plan.append_stage(in_memory_stage(SAMLFlowFinalView)) request.session[SESSION_KEY_PLAN] = plan return redirect_with_qs( "authentik_core:if-flow", diff --git a/authentik/sources/saml/views.py b/authentik/sources/saml/views.py index 2685e3df4..d85496d3f 100644 --- a/authentik/sources/saml/views.py +++ b/authentik/sources/saml/views.py @@ -90,7 +90,7 @@ class InitiateView(View): planner.allow_empty_flows = True plan = planner.plan(self.request, kwargs) for stage in stages_to_append: - plan.append(stage) + plan.append_stage(stage) self.request.session[SESSION_KEY_PLAN] = plan return redirect_with_qs( "authentik_core:if-flow", diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py index 6312bfbc4..719115512 100644 --- a/authentik/stages/authenticator_validate/stage.py +++ b/authentik/stages/authenticator_validate/stage.py @@ -148,7 +148,7 @@ class AuthenticatorValidateStageView(ChallengeStageView): stage = Stage.objects.get_subclass(pk=stage.configuration_stage.pk) # plan.insert inserts at 1 index, so when stage_ok pops 0, # the configuration stage is next - self.executor.plan.insert(stage) + self.executor.plan.insert_stage(stage) return self.executor.stage_ok() return super().get(request, *args, **kwargs) From 2b1356bb912e0c03184a607e18cb4fbb1a3baab9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 27 Jun 2021 23:57:42 +0200 Subject: [PATCH 23/42] flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses closes #1079 Default value of `retry` behaves like previous version. `restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage. Signed-off-by: Jens Langhammer --- authentik/flows/api/bindings.py | 1 + authentik/flows/markers.py | 15 ++-- ...lowstagebinding_invalid_response_action.py | 22 +++++ authentik/flows/models.py | 19 +++++ authentik/flows/planner.py | 2 +- authentik/flows/stage.py | 31 ++++++- authentik/flows/tests/test_views.py | 85 ++++++++++++++++++- authentik/flows/views.py | 14 +++ authentik/policies/reputation/models.py | 8 +- authentik/stages/identification/stage.py | 12 +++ schema.yml | 39 +++++++++ web/src/locales/en.po | 20 +++++ web/src/locales/pseudo-LOCALE.po | 20 +++++ web/src/pages/flows/StageBindingForm.ts | 19 ++++- 14 files changed, 291 insertions(+), 16 deletions(-) create mode 100644 authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py diff --git a/authentik/flows/api/bindings.py b/authentik/flows/api/bindings.py index 74b97ca99..13fd04887 100644 --- a/authentik/flows/api/bindings.py +++ b/authentik/flows/api/bindings.py @@ -25,6 +25,7 @@ class FlowStageBindingSerializer(ModelSerializer): "re_evaluate_policies", "order", "policy_engine_mode", + "invalid_response_action", ] diff --git a/authentik/flows/markers.py b/authentik/flows/markers.py index d5bc297f1..e545cf89b 100644 --- a/authentik/flows/markers.py +++ b/authentik/flows/markers.py @@ -5,7 +5,6 @@ from typing import TYPE_CHECKING, Optional from django.http.request import HttpRequest from structlog.stdlib import get_logger -from authentik.core.models import User from authentik.flows.models import FlowStageBinding from authentik.policies.engine import PolicyEngine from authentik.policies.models import PolicyBinding @@ -25,7 +24,7 @@ class StageMarker: self, plan: "FlowPlan", binding: FlowStageBinding, - http_request: Optional[HttpRequest], + http_request: HttpRequest, ) -> Optional[FlowStageBinding]: """Process callback for this marker. This should be overridden by sub-classes. If a stage should be removed, return None.""" @@ -37,24 +36,26 @@ class ReevaluateMarker(StageMarker): """Reevaluate Marker, forces stage's policies to be evaluated again.""" binding: PolicyBinding - user: User def process( self, plan: "FlowPlan", binding: FlowStageBinding, - http_request: Optional[HttpRequest], + http_request: HttpRequest, ) -> Optional[FlowStageBinding]: """Re-evaluate policies bound to stage, and if they fail, remove from plan""" + from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER + LOGGER.debug( "f(plan_inst)[re-eval marker]: running re-evaluation", binding=binding, policy_binding=self.binding, ) - engine = PolicyEngine(self.binding, self.user) + engine = PolicyEngine( + self.binding, plan.context.get(PLAN_CONTEXT_PENDING_USER, http_request.user) + ) engine.use_cache = False - if http_request: - engine.request.set_http_request(http_request) + engine.request.set_http_request(http_request) engine.request.context = plan.context engine.build() result = engine.result diff --git a/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py b/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py new file mode 100644 index 000000000..1c0add77f --- /dev/null +++ b/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py @@ -0,0 +1,22 @@ +# Generated by Django 3.2.4 on 2021-06-27 16:20 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0020_flow_compatibility_mode"), + ] + + operations = [ + migrations.AddField( + model_name="flowstagebinding", + name="invalid_response_action", + field=models.TextField( + choices=[("retry", "Retry"), ("continue", "Continue")], + default="retry", + help_text="Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor while CONTINUE continues with the next stage.", + ), + ), + ] diff --git a/authentik/flows/models.py b/authentik/flows/models.py index 6e9663882..df713dba2 100644 --- a/authentik/flows/models.py +++ b/authentik/flows/models.py @@ -27,6 +27,14 @@ class NotConfiguredAction(models.TextChoices): CONFIGURE = "configure" +class InvalidResponseAction(models.TextChoices): + """Configure how the flow executor should handle invalid responses to challenges""" + + RETRY = "retry" + RESTART = "restart" + RESTART_WITH_CONTEXT = "restart_with_context" + + class FlowDesignation(models.TextChoices): """Designation of what a Flow should be used for. At a later point, this should be replaced by a database entry.""" @@ -201,6 +209,17 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel): help_text=_("Evaluate policies when the Stage is present to the user."), ) + invalid_response_action = models.TextField( + choices=InvalidResponseAction.choices, + default=InvalidResponseAction.RETRY, + help_text=_( + "Configure how the flow executor should handle an invalid response to a " + "challenge. RETRY returns the error message and a similar challenge to the " + "executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT " + "restarts the flow while keeping the current context." + ), + ) + order = models.IntegerField() objects = InheritanceManager() diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py index 269ae2612..ed1373601 100644 --- a/authentik/flows/planner.py +++ b/authentik/flows/planner.py @@ -224,7 +224,7 @@ class FlowPlanner: "f(plan): stage has re-evaluate marker", stage=binding.stage, ) - marker = ReevaluateMarker(binding=binding, user=user) + marker = ReevaluateMarker(binding=binding) if stage: plan.append(binding, marker) HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug) diff --git a/authentik/flows/stage.py b/authentik/flows/stage.py index 8502a42c6..93461ce42 100644 --- a/authentik/flows/stage.py +++ b/authentik/flows/stage.py @@ -16,6 +16,7 @@ from authentik.flows.challenge import ( HttpChallengeResponse, WithUserInfoChallenge, ) +from authentik.flows.models import InvalidResponseAction from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER from authentik.flows.views import FlowExecutorView @@ -69,7 +70,13 @@ class ChallengeStageView(StageView): """Return a challenge for the frontend to solve""" challenge = self._get_challenge(*args, **kwargs) if not challenge.is_valid(): - LOGGER.warning(challenge.errors, stage_view=self, challenge=challenge) + LOGGER.warning( + "f(ch): Invalid challenge", + binding=self.executor.current_binding, + errors=challenge.errors, + stage_view=self, + challenge=challenge, + ) return HttpChallengeResponse(challenge) # pylint: disable=unused-argument @@ -77,6 +84,21 @@ class ChallengeStageView(StageView): """Handle challenge response""" challenge: ChallengeResponse = self.get_response_instance(data=request.data) if not challenge.is_valid(): + if self.executor.current_binding.invalid_response_action in [ + InvalidResponseAction.RESTART, + InvalidResponseAction.RESTART_WITH_CONTEXT, + ]: + keep_context = ( + self.executor.current_binding.invalid_response_action + == InvalidResponseAction.RESTART_WITH_CONTEXT + ) + LOGGER.debug( + "f(ch): Invalid response, restarting flow", + binding=self.executor.current_binding, + stage_view=self, + keep_context=keep_context, + ) + return self.executor.restart_flow(keep_context) return self.challenge_invalid(challenge) return self.challenge_valid(challenge) @@ -126,5 +148,10 @@ class ChallengeStageView(StageView): ) challenge_response.initial_data["response_errors"] = full_errors if not challenge_response.is_valid(): - LOGGER.warning(challenge_response.errors) + LOGGER.warning( + "f(ch): invalid challenge response", + binding=self.executor.current_binding, + errors=challenge_response.errors, + stage_view=self, + ) return HttpChallengeResponse(challenge_response) diff --git a/authentik/flows/tests/test_views.py b/authentik/flows/tests/test_views.py index 4b15726c0..3ccf58f0d 100644 --- a/authentik/flows/tests/test_views.py +++ b/authentik/flows/tests/test_views.py @@ -11,15 +11,23 @@ from authentik.core.models import User from authentik.flows.challenge import ChallengeTypes from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.markers import ReevaluateMarker, StageMarker -from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding +from authentik.flows.models import ( + Flow, + FlowDesignation, + FlowStageBinding, + InvalidResponseAction, +) from authentik.flows.planner import FlowPlan, FlowPlanner from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, StageView from authentik.flows.views import NEXT_ARG_NAME, SESSION_KEY_PLAN, FlowExecutorView from authentik.lib.config import CONFIG from authentik.policies.dummy.models import DummyPolicy from authentik.policies.models import PolicyBinding +from authentik.policies.reputation.models import ReputationPolicy from authentik.policies.types import PolicyResult +from authentik.stages.deny.models import DenyStage from authentik.stages.dummy.models import DummyStage +from authentik.stages.identification.models import IdentificationStage, UserFields POLICY_RETURN_FALSE = PropertyMock(return_value=PolicyResult(False)) POLICY_RETURN_TRUE = MagicMock(return_value=PolicyResult(True)) @@ -513,3 +521,78 @@ class TestFlowExecutor(TestCase): stage_view = StageView(executor) self.assertEqual(ident, stage_view.get_pending_user(for_display=True).username) + + def test_invalid_restart(self): + """Test flow that restarts on invalid entry""" + flow = Flow.objects.create( + name="restart-on-invalid", + slug="restart-on-invalid", + designation=FlowDesignation.AUTHENTICATION, + ) + # Stage 0 is a deny stage that is added dynamically + # when the reputation policy says so + deny_stage = DenyStage.objects.create(name="deny") + reputation_policy = ReputationPolicy.objects.create( + name="reputation", threshold=-1, check_ip=False + ) + deny_binding = FlowStageBinding.objects.create( + target=flow, + stage=deny_stage, + order=0, + evaluate_on_plan=False, + re_evaluate_policies=True, + ) + PolicyBinding.objects.create( + policy=reputation_policy, target=deny_binding, order=0 + ) + + # Stage 1 is an identification stage + ident_stage = IdentificationStage.objects.create( + name="ident", + user_fields=[UserFields.E_MAIL], + ) + FlowStageBinding.objects.create( + target=flow, + stage=ident_stage, + order=1, + invalid_response_action=InvalidResponseAction.RESTART_WITH_CONTEXT, + ) + exec_url = reverse( + "authentik_api:flow-executor", kwargs={"flow_slug": flow.slug} + ) + # First request, run the planner + response = self.client.get(exec_url) + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + force_str(response.content), + { + "type": ChallengeTypes.NATIVE.value, + "component": "ak-stage-identification", + "flow_info": { + "background": flow.background_url, + "cancel_url": reverse("authentik_flows:cancel"), + "title": "", + }, + "password_fields": False, + "primary_action": "Log in", + "sources": [], + "user_fields": [UserFields.E_MAIL], + }, + ) + response = self.client.post( + exec_url, {"uid_field": "invalid-string"}, follow=True + ) + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + force_str(response.content), + { + "component": "ak-stage-access-denied", + "error_message": None, + "flow_info": { + "background": flow.background_url, + "cancel_url": reverse("authentik_flows:cancel"), + "title": "", + }, + "type": ChallengeTypes.NATIVE.value, + }, + ) diff --git a/authentik/flows/views.py b/authentik/flows/views.py index 34c14ff07..39c9a1662 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -288,6 +288,20 @@ class FlowExecutorView(APIView): return self._initiate_plan() return plan + def restart_flow(self, keep_context=False) -> HttpResponse: + """Restart the currently active flow, optionally keeping the current context""" + planner = FlowPlanner(self.flow) + default_context = None + if keep_context: + default_context = self.plan.context + plan = planner.plan(self.request, default_context) + self.request.session[SESSION_KEY_PLAN] = plan + kwargs = self.kwargs + kwargs.update({"flow_slug": self.flow.slug}) + return redirect_with_qs( + "authentik_api:flow-executor", self.request.GET, **kwargs + ) + def _flow_done(self) -> HttpResponse: """User Successfully passed all stages""" # Since this is wrapped by the ExecutorShell, the next argument is saved in the session diff --git a/authentik/policies/reputation/models.py b/authentik/policies/reputation/models.py index 305a33832..5a52241e2 100644 --- a/authentik/policies/reputation/models.py +++ b/authentik/policies/reputation/models.py @@ -33,21 +33,21 @@ class ReputationPolicy(Policy): def passes(self, request: PolicyRequest) -> PolicyResult: remote_ip = get_client_ip(request.http_request) - passing = True + passing = False if self.check_ip: score = cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0) - passing = passing and score <= self.threshold + passing += passing or score <= self.threshold LOGGER.debug("Score for IP", ip=remote_ip, score=score, passing=passing) if self.check_username: score = cache.get_or_set(CACHE_KEY_USER_PREFIX + request.user.username, 0) - passing = passing and score <= self.threshold + passing += passing or score <= self.threshold LOGGER.debug( "Score for Username", username=request.user.username, score=score, passing=passing, ) - return PolicyResult(passing) + return PolicyResult(bool(passing)) class Meta: diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py index dc50b4624..88248e76c 100644 --- a/authentik/stages/identification/stage.py +++ b/authentik/stages/identification/stage.py @@ -85,6 +85,18 @@ class IdentificationChallengeResponse(ChallengeResponse): identification_failed.send( sender=self, request=self.stage.request, uid_field=uid_field ) + # We set the pending_user even on failure so it's part of the context, even + # when the input is invalid + # This is so its part of the current flow plan, and on flow restart can be kept, and + # policies can be applied. + self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User( + username=uid_field, + email=uid_field, + ) + if not current_stage.show_matched_user: + self.stage.executor.plan.context[ + PLAN_CONTEXT_PENDING_USER_IDENTIFIER + ] = uid_field raise ValidationError("Failed to authenticate.") self.pre_user = pre_user if not current_stage.password_stage: diff --git a/schema.yml b/schema.yml index 761f424f9..40a26b97d 100644 --- a/schema.yml +++ b/schema.yml @@ -4572,6 +4572,18 @@ paths: schema: type: string format: uuid + - in: query + name: invalid_response_action + schema: + type: string + enum: + - restart + - restart_with_context + - retry + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. - in: query name: order schema: @@ -19810,6 +19822,13 @@ components: minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. required: - order - pk @@ -19840,6 +19859,13 @@ components: minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. required: - order - stage @@ -20185,6 +20211,12 @@ components: - api - recovery type: string + InvalidResponseActionEnum: + enum: + - retry + - restart + - restart_with_context + type: string Invitation: type: object description: Invitation Serializer @@ -24662,6 +24694,13 @@ components: minimum: -2147483648 policy_engine_mode: $ref: '#/components/schemas/PolicyEngineMode' + invalid_response_action: + allOf: + - $ref: '#/components/schemas/InvalidResponseActionEnum' + description: Configure how the flow executor should handle an invalid response + to a challenge. RETRY returns the error message and a similar challenge + to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT + restarts the flow while keeping the current context. PatchedGroupRequest: type: object description: Group Serializer diff --git a/web/src/locales/en.po b/web/src/locales/en.po index d53b44033..406594bce 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -698,6 +698,10 @@ msgstr "Configure how long refresh tokens and their id_tokens are valid for." msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." +#: src/pages/flows/StageBindingForm.ts +msgid "Configure how the flow executor should handle an invalid response to a challenge." +msgstr "Configure how the flow executor should handle an invalid response to a challenge." + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "Configure how the issuer field of the ID Token should be filled." msgstr "Configure how the issuer field of the ID Token should be filled." @@ -1881,6 +1885,10 @@ msgstr "Internal host" msgid "Internal host SSL Validation" msgstr "Internal host SSL Validation" +#: src/pages/flows/StageBindingForm.ts +msgid "Invalid response action" +msgstr "Invalid response action" + #: src/pages/flows/FlowForm.ts msgid "Invalidation" msgstr "Invalidation" @@ -2847,6 +2855,18 @@ msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html msgid "Publisher" msgstr "Publisher" +#: src/pages/flows/StageBindingForm.ts +msgid "RESTART restarts the flow from the beginning, while keeping the flow context." +msgstr "RESTART restarts the flow from the beginning, while keeping the flow context." + +#: src/pages/flows/StageBindingForm.ts +msgid "RESTART restarts the flow from the beginning." +msgstr "RESTART restarts the flow from the beginning." + +#: src/pages/flows/StageBindingForm.ts +msgid "RETRY returns the error message and a similar challenge to the executor." +msgstr "RETRY returns the error message and a similar challenge to the executor." + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "RS256 (Asymmetric Encryption)" msgstr "RS256 (Asymmetric Encryption)" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 5d623fb18..15917a8a8 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -692,6 +692,10 @@ msgstr "" msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." msgstr "" +#: +msgid "Configure how the flow executor should handle an invalid response to a challenge." +msgstr "" + #: msgid "Configure how the issuer field of the ID Token should be filled." msgstr "" @@ -1873,6 +1877,10 @@ msgstr "" msgid "Internal host SSL Validation" msgstr "" +#: +msgid "Invalid response action" +msgstr "" + #: msgid "Invalidation" msgstr "" @@ -2839,6 +2847,18 @@ msgstr "" msgid "Publisher" msgstr "" +#: +msgid "RESTART restarts the flow from the beginning, while keeping the flow context." +msgstr "" + +#: +msgid "RESTART restarts the flow from the beginning." +msgstr "" + +#: +msgid "RETRY returns the error message and a similar challenge to the executor." +msgstr "" + #: msgid "RS256 (Asymmetric Encryption)" msgstr "" diff --git a/web/src/pages/flows/StageBindingForm.ts b/web/src/pages/flows/StageBindingForm.ts index b669752c9..81a4563cc 100644 --- a/web/src/pages/flows/StageBindingForm.ts +++ b/web/src/pages/flows/StageBindingForm.ts @@ -1,4 +1,4 @@ -import { FlowsApi, FlowStageBinding, PolicyEngineMode, Stage, StagesApi } from "authentik-api"; +import { FlowsApi, FlowStageBinding, InvalidResponseActionEnum, PolicyEngineMode, Stage, StagesApi } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; @@ -135,6 +135,23 @@ export class StageBindingForm extends ModelForm {

${t`Evaluate policies before the Stage is present to the user.`}

+ + +

${t`Configure how the flow executor should handle an invalid response to a challenge.`}

+
Date: Mon, 28 Jun 2021 08:52:21 +0200 Subject: [PATCH 24/42] build(deps): bump urllib3 from 1.26.5 to 1.26.6 (#1084) --- Pipfile.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index c26f1907b..0592cc3e7 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -76,11 +76,11 @@ }, "asgiref": { "hashes": [ - "sha256:92906c611ce6c967347bbfea733f13d6313901d54dcca88195eaeb52b2a8e8ee", - "sha256:d1216dfbdfb63826470995d31caed36225dcaf34f182e0fa257a4dd9e86f1b78" + "sha256:05914d0fa65a21711e732adc6572edad6c8da5f1435c3f0c060689ced5e85195", + "sha256:d36fa91dd90e3aa3c81a6bd426ccc8fb20bd3d22b0cf14a12800289e9c3e2563" ], "markers": "python_version >= '3.6'", - "version": "==3.3.4" + "version": "==3.4.0" }, "async-timeout": { "hashes": [ @@ -130,11 +130,11 @@ }, "botocore": { "hashes": [ - "sha256:1331c6a9aafa1a893b20d9ee71abdb52c9bb4e5f7197e82153c371e1856e645d", - "sha256:55da43d99d1ed5f51fa65d71f30ecdfb5f9d8b0874c0c3e63264121bd88e0cab" + "sha256:2c56644dc1fdfc3f7cc5c690371d0770d8e6b9edb3f4e15f206e5bc27422dcd6", + "sha256:f7a44fab1a3739ca54e7f72e8625b71574f8218f05349e59d3b871c887444edd" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.20.100" + "version": "==1.20.101" }, "cachetools": { "hashes": [ @@ -1167,11 +1167,11 @@ "secure" ], "hashes": [ - "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", - "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" + "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", + "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" ], "index": "pypi", - "version": "==1.26.5" + "version": "==1.26.6" }, "uvicorn": { "extras": [ @@ -1565,7 +1565,7 @@ "sha256:83510593e07e433b77bd5bff0f6f607dbafa06d1a89022616f02d8b699cfcd56", "sha256:8e2c107091cfec7286bc0f68a547d0ba4c094d460b732075b6fba674f1035c0c" ], - "markers": "python_version < '4' and python_full_version >= '3.6.1'", + "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", "version": "==5.9.1" }, "lazy-object-proxy": { @@ -1838,11 +1838,11 @@ "secure" ], "hashes": [ - "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", - "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" + "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", + "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" ], "index": "pypi", - "version": "==1.26.5" + "version": "==1.26.6" }, "wrapt": { "hashes": [ From b4c8dd6b91520d89e7af722101c1624146a4f772 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jun 2021 08:52:31 +0200 Subject: [PATCH 25/42] build(deps): bump boto3 from 1.17.100 to 1.17.101 (#1083) --- Pipfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 0592cc3e7..f5f95a4e4 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,11 +122,11 @@ }, "boto3": { "hashes": [ - "sha256:0cdb443db72787eff296138952f952529d49dba00d67d5652017d2584daab33a", - "sha256:ab767dffc34e3093d4c4d0b40a6387129661e24de2ae06a8eaefb92739447ad9" + "sha256:77ebaa3645ae153978a0f2c492502fef3804fe0e693abc7dc74620e4884afe67", + "sha256:a9beeb6f1be835ced95e90e93e5ac35b972a0fc35b71e6a1edc01abdc87932d4" ], "index": "pypi", - "version": "==1.17.100" + "version": "==1.17.101" }, "botocore": { "hashes": [ From 5e724e42995bf2bcd8f9809cc674407bbc7a1068 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jun 2021 08:52:54 +0200 Subject: [PATCH 26/42] build(deps): bump chart.js from 3.3.2 to 3.4.0 in /web (#1082) --- web/package-lock.json | 14 +++++++------- web/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 957b8ee8c..6b8a5f82d 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -35,7 +35,7 @@ "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", "base64-js": "^1.5.1", - "chart.js": "^3.3.2", + "chart.js": "^3.4.0", "chartjs-adapter-moment": "^1.0.0", "codemirror": "^5.62.0", "construct-style-sheets-polyfill": "^2.4.16", @@ -3316,9 +3316,9 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, "node_modules/chart.js": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.3.2.tgz", - "integrity": "sha512-H0hSO7xqTIrwxoACqnSoNromEMfXvfuVnrbuSt2TuXfBDDofbnto4zuZlRtRvC73/b37q3wGAWZyUU41QPvNbA==" + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.4.0.tgz", + "integrity": "sha512-mJsRm2apQm5mwz2OgYqGNG4erZh/qljcRZkWSa0kLkFr3UC3e1wKRMgnIh6WdhUrNu0w/JT9PkjLyylqEqHXEQ==" }, "node_modules/chartjs-adapter-moment": { "version": "1.0.0", @@ -10461,9 +10461,9 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, "chart.js": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.3.2.tgz", - "integrity": "sha512-H0hSO7xqTIrwxoACqnSoNromEMfXvfuVnrbuSt2TuXfBDDofbnto4zuZlRtRvC73/b37q3wGAWZyUU41QPvNbA==" + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.4.0.tgz", + "integrity": "sha512-mJsRm2apQm5mwz2OgYqGNG4erZh/qljcRZkWSa0kLkFr3UC3e1wKRMgnIh6WdhUrNu0w/JT9PkjLyylqEqHXEQ==" }, "chartjs-adapter-moment": { "version": "1.0.0", diff --git a/web/package.json b/web/package.json index 47ff4448f..446ee3b3e 100644 --- a/web/package.json +++ b/web/package.json @@ -64,7 +64,7 @@ "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", "base64-js": "^1.5.1", - "chart.js": "^3.3.2", + "chart.js": "^3.4.0", "chartjs-adapter-moment": "^1.0.0", "codemirror": "^5.62.0", "construct-style-sheets-polyfill": "^2.4.16", From 90b457c5eeb3265ad6a4682379888ffa80bd52f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jun 2021 08:53:07 +0200 Subject: [PATCH 27/42] build(deps-dev): bump prettier from 2.3.1 to 2.3.2 in /website (#1081) --- website/package-lock.json | 14 +++++++------- website/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index 1b62bb300..2fb988e12 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -20,7 +20,7 @@ "react-toggle": "^4.1.2" }, "devDependencies": { - "prettier": "2.3.1" + "prettier": "2.3.2" } }, "node_modules/@algolia/autocomplete-core": { @@ -10376,9 +10376,9 @@ } }, "node_modules/prettier": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.1.tgz", - "integrity": "sha512-p+vNbgpLjif/+D+DwAZAbndtRrR0md0MwfmOVN9N+2RgyACMT+7tfaRnT+WDPkqnuVwleyuBIG2XBxKDme3hPA==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.2.tgz", + "integrity": "sha512-lnJzDfJ66zkMy58OL5/NY5zp70S7Nz6KqcKkXYzn2tMVrNxvbqaBpg7H3qHaLxCJ5lNMsGuM8+ohS7cZrthdLQ==", "dev": true, "bin": { "prettier": "bin-prettier.js" @@ -22886,9 +22886,9 @@ "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=" }, "prettier": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.1.tgz", - "integrity": "sha512-p+vNbgpLjif/+D+DwAZAbndtRrR0md0MwfmOVN9N+2RgyACMT+7tfaRnT+WDPkqnuVwleyuBIG2XBxKDme3hPA==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.2.tgz", + "integrity": "sha512-lnJzDfJ66zkMy58OL5/NY5zp70S7Nz6KqcKkXYzn2tMVrNxvbqaBpg7H3qHaLxCJ5lNMsGuM8+ohS7cZrthdLQ==", "dev": true }, "pretty-error": { diff --git a/website/package.json b/website/package.json index 19bcd3411..9f5906000 100644 --- a/website/package.json +++ b/website/package.json @@ -35,6 +35,6 @@ ] }, "devDependencies": { - "prettier": "2.3.1" + "prettier": "2.3.2" } } From c6e60c0ebcb2781fa6571b7670526fd0294ac23a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jun 2021 08:53:15 +0200 Subject: [PATCH 28/42] build(deps): bump rollup from 2.52.2 to 2.52.3 in /web (#1080) --- web/package-lock.json | 14 +++++++------- web/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 6b8a5f82d..2167bedb6 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -48,7 +48,7 @@ "lit-html": "^1.4.1", "moment": "^2.29.1", "rapidoc": "^9.0.0", - "rollup": "^2.52.2", + "rollup": "^2.52.3", "rollup-plugin-commonjs": "^10.1.0", "rollup-plugin-copy": "^3.4.0", "rollup-plugin-cssimport": "^1.0.2", @@ -6770,9 +6770,9 @@ } }, "node_modules/rollup": { - "version": "2.52.2", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.2.tgz", - "integrity": "sha512-4RlFC3k2BIHlUsJ9mGd8OO+9Lm2eDF5P7+6DNQOp5sx+7N/1tFM01kELfbxlMX3MxT6owvLB1ln4S3QvvQlbUA==", + "version": "2.52.3", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.3.tgz", + "integrity": "sha512-QF3Sju8Kl2z0osI4unyOLyUudyhOMK6G0AeqJWgfiyigqLAlnNrfBcDWDx+f1cqn+JU2iIYVkDrgQ6/KtwEfrg==", "bin": { "rollup": "dist/bin/rollup" }, @@ -13200,9 +13200,9 @@ } }, "rollup": { - "version": "2.52.2", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.2.tgz", - "integrity": "sha512-4RlFC3k2BIHlUsJ9mGd8OO+9Lm2eDF5P7+6DNQOp5sx+7N/1tFM01kELfbxlMX3MxT6owvLB1ln4S3QvvQlbUA==", + "version": "2.52.3", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.3.tgz", + "integrity": "sha512-QF3Sju8Kl2z0osI4unyOLyUudyhOMK6G0AeqJWgfiyigqLAlnNrfBcDWDx+f1cqn+JU2iIYVkDrgQ6/KtwEfrg==", "requires": { "fsevents": "~2.3.2" } diff --git a/web/package.json b/web/package.json index 446ee3b3e..aab8bf1d2 100644 --- a/web/package.json +++ b/web/package.json @@ -77,7 +77,7 @@ "lit-html": "^1.4.1", "moment": "^2.29.1", "rapidoc": "^9.0.0", - "rollup": "^2.52.2", + "rollup": "^2.52.3", "rollup-plugin-commonjs": "^10.1.0", "rollup-plugin-copy": "^3.4.0", "rollup-plugin-cssimport": "^1.0.2", From fe069c5e55fbd0d20eca73e67c75cad181098d88 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 19:51:55 +0200 Subject: [PATCH 29/42] website/docs: fix use of escaped_request_uri in standalone nginx Signed-off-by: Jens Langhammer --- website/docs/outposts/proxy/forward_auth.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/outposts/proxy/forward_auth.mdx b/website/docs/outposts/proxy/forward_auth.mdx index 8550f82f8..176112771 100644 --- a/website/docs/outposts/proxy/forward_auth.mdx +++ b/website/docs/outposts/proxy/forward_auth.mdx @@ -57,7 +57,7 @@ import TabItem from '@theme/TabItem'; location @akprox_signin { internal; add_header Set-Cookie $auth_cookie; - return 302 /akprox/start?rd=$escaped_request_uri; + return 302 /akprox/start?rd=$request_uri; } location / { From 262a8b5ae8205b73f8f0cf413a4b34283903c2d7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 20:13:08 +0200 Subject: [PATCH 30/42] api: use partition instead of split for token Signed-off-by: Jens Langhammer --- authentik/api/authentication.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/api/authentication.py b/authentik/api/authentication.py index 1d38fc9e5..ee423bf59 100644 --- a/authentik/api/authentication.py +++ b/authentik/api/authentication.py @@ -19,7 +19,7 @@ def token_from_header(raw_header: bytes) -> Optional[Token]: auth_credentials = raw_header.decode() if auth_credentials == "" or " " not in auth_credentials: return None - auth_type, auth_credentials = auth_credentials.split() + auth_type, _, auth_credentials = auth_credentials.partition(" ") if auth_type.lower() not in ["basic", "bearer"]: LOGGER.debug("Unsupported authentication type, denying", type=auth_type.lower()) raise AuthenticationFailed("Unsupported authentication type") From 5d3931c12896a210e7bf94e28cb338bf7933f6c3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 20:15:00 +0200 Subject: [PATCH 31/42] events: ignore notification non-existent in transport Signed-off-by: Jens Langhammer --- authentik/events/tasks.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index 6ce94fa90..48879a45e 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -105,7 +105,9 @@ def notification_transport( """Send notification over specified transport""" self.save_on_success = False try: - notification: Notification = Notification.objects.get(pk=notification_pk) + notification: Notification = Notification.objects.filter(pk=notification_pk).first() + if not notification: + return transport: NotificationTransport = NotificationTransport.objects.get( pk=transport_pk ) From 94300492e737a8434940079aef4f37dbd33e1bf6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 20:27:22 +0200 Subject: [PATCH 32/42] website/docs: update release notes Signed-off-by: Jens Langhammer --- website/docs/releases/v2021.6.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/website/docs/releases/v2021.6.md b/website/docs/releases/v2021.6.md index d20a46f49..2053142ec 100644 --- a/website/docs/releases/v2021.6.md +++ b/website/docs/releases/v2021.6.md @@ -118,14 +118,21 @@ slug: "2021.6" ## Fixed in 2021.6.3 +- api: use partition instead of split for token - core: fix flow background not correctly loading on initial draw +- events: add ability to create events via API +- events: ignore notification non-existent in transport - events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry - expressions: fix regex_match result being inverted +- flows: add FlowStageBinding to flow plan instead of just stage +- flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses +- flows: handle possible errors with FlowPlans received from cache - outposts: check docker container ports match - outposts/ldap: fixed IsActive and IsSuperuser returning swapped incorrect values (#1078) - providers/oauth2: fix exp of JWT when not using seconds - sources/ldap: improve error handling when checking for password complexity on non-ad setups - stages/authenticator_duo: fix component not being set in API +- tenants: include all default flows in current_tenant - web/admin: fix deletion of authenticator not reloading the state correctly - web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form - web/admin: fix text color on pf-c-card From 6f5ec7838fb3d2c97c1f71e401afb6e8118d3d22 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 20:57:28 +0200 Subject: [PATCH 33/42] events: fix linting Signed-off-by: Jens Langhammer --- authentik/events/tasks.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index 48879a45e..8ab4f8662 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -105,7 +105,9 @@ def notification_transport( """Send notification over specified transport""" self.save_on_success = False try: - notification: Notification = Notification.objects.filter(pk=notification_pk).first() + notification: Notification = Notification.objects.filter( + pk=notification_pk + ).first() if not notification: return transport: NotificationTransport = NotificationTransport.objects.get( From fea1f3be6f64eed3f4b86dd2e3bc286a3cb340bf Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 22:29:36 +0200 Subject: [PATCH 34/42] stages/prompt: ensure hidden and static fields keep the value they had set Signed-off-by: Jens Langhammer --- authentik/stages/prompt/stage.py | 8 ++++++++ authentik/stages/prompt/tests.py | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/authentik/stages/prompt/stage.py b/authentik/stages/prompt/stage.py index 960d2dac4..7479ca4a2 100644 --- a/authentik/stages/prompt/stage.py +++ b/authentik/stages/prompt/stage.py @@ -90,6 +90,14 @@ class PromptChallengeResponse(ChallengeResponse): raise ValidationError(_("Passwords don't match.")) def validate(self, attrs: dict[str, Any]) -> dict[str, Any]: + # Check if we have any static or hidden fields, and ensure they + # still have the same value + static_hidden_fields: QuerySet[Prompt] = self.stage.fields.filter( + type__in=[FieldTypes.HIDDEN, FieldTypes.STATIC] + ) + for static_hidden in static_hidden_fields: + attrs[static_hidden.field_key] = static_hidden.placeholder + # Check if we have two password fields, and make sure they are the same password_fields: QuerySet[Prompt] = self.stage.fields.filter( type=FieldTypes.PASSWORD diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py index cf485a2ef..cc33e2acd 100644 --- a/authentik/stages/prompt/tests.py +++ b/authentik/stages/prompt/tests.py @@ -78,6 +78,12 @@ class TestPromptStage(TestCase): required=True, placeholder="HIDDEN_PLACEHOLDER", ) + static_prompt = Prompt.objects.create( + field_key="static_prompt", + type=FieldTypes.STATIC, + required=True, + placeholder="static", + ) self.stage = PromptStage.objects.create(name="prompt-stage") self.stage.fields.set( [ @@ -88,6 +94,7 @@ class TestPromptStage(TestCase): password2_prompt, number_prompt, hidden_prompt, + static_prompt, ] ) self.stage.save() @@ -100,6 +107,7 @@ class TestPromptStage(TestCase): password2_prompt.field_key: "test", number_prompt.field_key: 3, hidden_prompt.field_key: hidden_prompt.placeholder, + static_prompt.field_key: static_prompt.placeholder, } self.binding = FlowStageBinding.objects.create( @@ -232,3 +240,17 @@ class TestPromptStage(TestCase): ] }, ) + + def test_static_hidden_overwrite(self): + """Test that static and hidden fields ignore any value sent to them""" + plan = FlowPlan( + flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()] + ) + self.prompt_data["hidden_prompt"] = "foo" + self.prompt_data["static_prompt"] = "foo" + challenge_response = PromptChallengeResponse( + None, stage=self.stage, plan=plan, data=self.prompt_data + ) + self.assertEqual(challenge_response.is_valid(), True) + self.assertNotEqual(challenge_response.validated_data["hidden_prompt"], "foo") + self.assertNotEqual(challenge_response.validated_data["static_prompt"], "foo") From c19da839b15cce9f7a9e34e9888df80a2f57239d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 23:24:54 +0200 Subject: [PATCH 35/42] stages/user_write: add create_users_as_inactive flag close #1086 Signed-off-by: Jens Langhammer --- authentik/stages/user_write/api.py | 2 +- ...userwritestage_create_users_as_inactive.py | 21 +++++++++++++++++++ authentik/stages/user_write/models.py | 6 ++++++ authentik/stages/user_write/stage.py | 4 +++- schema.yml | 9 ++++++++ web/src/locales/en.po | 9 ++++++++ web/src/locales/pseudo-LOCALE.po | 9 ++++++++ .../stages/user_write/UserWriteStageForm.ts | 18 ++++++++++++++++ website/docs/releases/v2021.6.md | 2 ++ .../enrollment-email-verification.akflow | 4 +++- 10 files changed, 81 insertions(+), 3 deletions(-) create mode 100644 authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py diff --git a/authentik/stages/user_write/api.py b/authentik/stages/user_write/api.py index 5acaa6ae1..9abac9ef2 100644 --- a/authentik/stages/user_write/api.py +++ b/authentik/stages/user_write/api.py @@ -12,7 +12,7 @@ class UserWriteStageSerializer(StageSerializer): class Meta: model = UserWriteStage - fields = StageSerializer.Meta.fields + fields = StageSerializer.Meta.fields + ["create_users_as_inactive"] class UserWriteStageViewSet(UsedByMixin, ModelViewSet): diff --git a/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py b/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py new file mode 100644 index 000000000..5ca410291 --- /dev/null +++ b/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py @@ -0,0 +1,21 @@ +# Generated by Django 3.2.4 on 2021-06-28 20:31 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_stages_user_write", "0002_auto_20200918_1653"), + ] + + operations = [ + migrations.AddField( + model_name="userwritestage", + name="create_users_as_inactive", + field=models.BooleanField( + default=False, + help_text="When set, newly created users are inactive and cannot login.", + ), + ), + ] diff --git a/authentik/stages/user_write/models.py b/authentik/stages/user_write/models.py index eb37a89f6..be5b8d1d0 100644 --- a/authentik/stages/user_write/models.py +++ b/authentik/stages/user_write/models.py @@ -1,6 +1,7 @@ """write stage models""" from typing import Type +from django.db import models from django.utils.translation import gettext_lazy as _ from django.views import View from rest_framework.serializers import BaseSerializer @@ -12,6 +13,11 @@ class UserWriteStage(Stage): """Writes currently pending data into the pending user, or if no user exists, creates a new user with the data.""" + create_users_as_inactive = models.BooleanField( + default=False, + help_text=_("When set, newly created users are inactive and cannot login."), + ) + @property def serializer(self) -> BaseSerializer: from authentik.stages.user_write.api import UserWriteStageSerializer diff --git a/authentik/stages/user_write/stage.py b/authentik/stages/user_write/stage.py index 61f3eb275..554cd36d6 100644 --- a/authentik/stages/user_write/stage.py +++ b/authentik/stages/user_write/stage.py @@ -35,7 +35,9 @@ class UserWriteStageView(StageView): data = self.executor.plan.context[PLAN_CONTEXT_PROMPT] user_created = False if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: - self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User() + self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User( + is_active=not self.executor.current_stage.create_users_as_inactive + ) self.executor.plan.context[ PLAN_CONTEXT_AUTHENTICATION_BACKEND ] = class_to_path(ModelBackend) diff --git a/schema.yml b/schema.yml index 40a26b97d..026a7f49a 100644 --- a/schema.yml +++ b/schema.yml @@ -25778,6 +25778,9 @@ components: type: array items: $ref: '#/components/schemas/FlowRequest' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. PatchedWebAuthnDeviceRequest: type: object description: Serializer for WebAuthn authenticator devices @@ -28272,6 +28275,9 @@ components: type: array items: $ref: '#/components/schemas/Flow' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. required: - component - name @@ -28288,6 +28294,9 @@ components: type: array items: $ref: '#/components/schemas/FlowRequest' + create_users_as_inactive: + type: boolean + description: When set, newly created users are inactive and cannot login. required: - name ValidationError: diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 406594bce..a4ff46ed9 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -945,6 +945,10 @@ msgstr "Create User" msgid "Create provider" msgstr "Create provider" +#: src/pages/stages/user_write/UserWriteStageForm.ts +msgid "Create users as inactive" +msgstr "Create users as inactive" + #: src/pages/applications/ApplicationForm.ts #: src/pages/flows/BoundStagesList.ts #: src/pages/outposts/ServiceConnectionListPage.ts @@ -2151,6 +2155,10 @@ msgstr "Logs" msgid "Long-running operations which authentik executes in the background." msgstr "Long-running operations which authentik executes in the background." +#: src/pages/stages/user_write/UserWriteStageForm.ts +msgid "Mark newly created users as inactive." +msgstr "Mark newly created users as inactive." + #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts msgid "Match created events with this action type. When left empty, all action types will be matched." msgstr "Match created events with this action type. When left empty, all action types will be matched." @@ -3384,6 +3392,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri #: src/pages/stages/password/PasswordStageForm.ts #: src/pages/stages/prompt/PromptStageForm.ts #: src/pages/stages/user_login/UserLoginStageForm.ts +#: src/pages/stages/user_write/UserWriteStageForm.ts msgid "Stage-specific settings" msgstr "Stage-specific settings" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 15917a8a8..b5dab2646 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -939,6 +939,10 @@ msgstr "" msgid "Create provider" msgstr "" +#: +msgid "Create users as inactive" +msgstr "" + #: #: #: @@ -2143,6 +2147,10 @@ msgstr "" msgid "Long-running operations which authentik executes in the background." msgstr "" +#: +msgid "Mark newly created users as inactive." +msgstr "" + #: msgid "Match created events with this action type. When left empty, all action types will be matched." msgstr "" @@ -3376,6 +3384,7 @@ msgstr "" #: #: #: +#: msgid "Stage-specific settings" msgstr "" diff --git a/web/src/pages/stages/user_write/UserWriteStageForm.ts b/web/src/pages/stages/user_write/UserWriteStageForm.ts index aebd2143c..58e7fa604 100644 --- a/web/src/pages/stages/user_write/UserWriteStageForm.ts +++ b/web/src/pages/stages/user_write/UserWriteStageForm.ts @@ -5,7 +5,9 @@ import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../../elements/forms/HorizontalFormElement"; +import "../../../elements/forms/FormGroup"; import { ModelForm } from "../../../elements/forms/ModelForm"; +import { first } from "../../../utils"; @customElement("ak-stage-user-write-form") export class UserWriteStageForm extends ModelForm { @@ -49,6 +51,22 @@ export class UserWriteStageForm extends ModelForm { name="name"> + + + ${t`Stage-specific settings`} + +
+ +
+ + +
+

${t`Mark newly created users as inactive.`}

+
+
+
`; } diff --git a/website/docs/releases/v2021.6.md b/website/docs/releases/v2021.6.md index 2053142ec..8ce50f86c 100644 --- a/website/docs/releases/v2021.6.md +++ b/website/docs/releases/v2021.6.md @@ -132,6 +132,8 @@ slug: "2021.6" - providers/oauth2: fix exp of JWT when not using seconds - sources/ldap: improve error handling when checking for password complexity on non-ad setups - stages/authenticator_duo: fix component not being set in API +- stages/prompt: ensure hidden and static fields keep the value they had set +- stages/user_write: add flag to create new users as inactive - tenants: include all default flows in current_tenant - web/admin: fix deletion of authenticator not reloading the state correctly - web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form diff --git a/website/static/flows/enrollment-email-verification.akflow b/website/static/flows/enrollment-email-verification.akflow index ebf7af9d1..da7bd5b75 100644 --- a/website/static/flows/enrollment-email-verification.akflow +++ b/website/static/flows/enrollment-email-verification.akflow @@ -145,7 +145,9 @@ "name": "default-enrollment-user-write" }, "model": "authentik_stages_user_write.userwritestage", - "attrs": {} + "attrs": { + "create_users_as_inactive": true + } }, { "identifiers": { From 621843c60c193d183b18e2419cef6a0f6487123c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 28 Jun 2021 23:55:07 +0200 Subject: [PATCH 36/42] flows: fix migration dependency issue Signed-off-by: Jens Langhammer --- authentik/flows/migrations/0018_oob_flows.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/flows/migrations/0018_oob_flows.py b/authentik/flows/migrations/0018_oob_flows.py index c6caee84b..9058dccd4 100644 --- a/authentik/flows/migrations/0018_oob_flows.py +++ b/authentik/flows/migrations/0018_oob_flows.py @@ -135,7 +135,7 @@ class Migration(migrations.Migration): dependencies = [ ("authentik_flows", "0017_auto_20210329_1334"), - ("authentik_stages_user_write", "__latest__"), + ("authentik_stages_user_write", "0002_auto_20200918_1653"), ("authentik_stages_user_login", "__latest__"), ("authentik_stages_password", "0002_passwordstage_change_flow"), ("authentik_policies", "0001_initial"), From 7937c84f2b64d4b421a0813681a2681b0584d59b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:53:10 +0200 Subject: [PATCH 37/42] build(deps): bump boto3 from 1.17.101 to 1.17.102 (#1091) --- Pipfile.lock | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index f5f95a4e4..c7a940924 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:77ebaa3645ae153978a0f2c492502fef3804fe0e693abc7dc74620e4884afe67", - "sha256:a9beeb6f1be835ced95e90e93e5ac35b972a0fc35b71e6a1edc01abdc87932d4" + "sha256:6300e9ee9a404038113250bd218e2c4827f5e676efb14e77de2ad2dcb67679bc", + "sha256:be4714f0475c1f5183eea09ddbf568ced6fa41b0fc9976f2698b8442e1b17303" ], "index": "pypi", - "version": "==1.17.101" + "version": "==1.17.102" }, "botocore": { "hashes": [ - "sha256:2c56644dc1fdfc3f7cc5c690371d0770d8e6b9edb3f4e15f206e5bc27422dcd6", - "sha256:f7a44fab1a3739ca54e7f72e8625b71574f8218f05349e59d3b871c887444edd" + "sha256:2f57f7ceed1598d96cc497aeb45317db5d3b21a5aafea4732d0e561d0fc2a8fa", + "sha256:bdf08a4f7f01ead00d386848f089c08270499711447569c18d0db60023619c06" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.20.101" + "version": "==1.20.102" }, "cachetools": { "hashes": [ @@ -948,10 +948,30 @@ }, "pyrsistent": { "hashes": [ - "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" + "sha256:097b96f129dd36a8c9e33594e7ebb151b1515eb52cceb08474c10a5479e799f2", + "sha256:2aaf19dc8ce517a8653746d98e962ef480ff34b6bc563fc067be6401ffb457c7", + "sha256:404e1f1d254d314d55adb8d87f4f465c8693d6f902f67eb6ef5b4526dc58e6ea", + "sha256:48578680353f41dca1ca3dc48629fb77dfc745128b56fc01096b2530c13fd426", + "sha256:4916c10896721e472ee12c95cdc2891ce5890898d2f9907b1b4ae0f53588b710", + "sha256:527be2bfa8dc80f6f8ddd65242ba476a6c4fb4e3aedbf281dfbac1b1ed4165b1", + "sha256:58a70d93fb79dc585b21f9d72487b929a6fe58da0754fa4cb9f279bb92369396", + "sha256:5e4395bbf841693eaebaa5bb5c8f5cdbb1d139e07c975c682ec4e4f8126e03d2", + "sha256:6b5eed00e597b5b5773b4ca30bd48a5774ef1e96f2a45d105db5b4ebb4bca680", + "sha256:73ff61b1411e3fb0ba144b8f08d6749749775fe89688093e1efef9839d2dcc35", + "sha256:772e94c2c6864f2cd2ffbe58bb3bdefbe2a32afa0acb1a77e472aac831f83427", + "sha256:773c781216f8c2900b42a7b638d5b517bb134ae1acbebe4d1e8f1f41ea60eb4b", + "sha256:a0c772d791c38bbc77be659af29bb14c38ced151433592e326361610250c605b", + "sha256:b29b869cf58412ca5738d23691e96d8aff535e17390128a1a52717c9a109da4f", + "sha256:c1a9ff320fa699337e05edcaae79ef8c2880b52720bc031b219e5b5008ebbdef", + "sha256:cd3caef37a415fd0dae6148a1b6957a8c5f275a62cca02e18474608cb263640c", + "sha256:d5ec194c9c573aafaceebf05fc400656722793dac57f254cd4741f3c27ae57b4", + "sha256:da6e5e818d18459fa46fac0a4a4e543507fe1110e808101277c5a2b5bab0cd2d", + "sha256:e79d94ca58fcafef6395f6352383fa1a76922268fa02caa2272fff501c2fdc78", + "sha256:f3ef98d7b76da5eb19c37fda834d50262ff9167c65658d1d8f974d2e4d90676b", + "sha256:f4c8cabb46ff8e5d61f56a037974228e978f26bfefce4f61a4b1ac0ba7a2ab72" ], - "markers": "python_version >= '3.5'", - "version": "==0.17.3" + "markers": "python_version >= '3.6'", + "version": "==0.18.0" }, "python-dateutil": { "hashes": [ From b39530f87353e9ba3d517773b2e799c22702f786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:53:31 +0200 Subject: [PATCH 38/42] build(deps): bump @sentry/browser from 6.7.2 to 6.8.0 in /web (#1090) --- web/package-lock.json | 168 +++++++++++++++++++++++++++++++++++------- web/package.json | 2 +- 2 files changed, 142 insertions(+), 28 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 2167bedb6..3037da797 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -24,7 +24,7 @@ "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", "@rollup/plugin-typescript": "^8.2.1", - "@sentry/browser": "^6.7.2", + "@sentry/browser": "^6.8.0", "@sentry/tracing": "^6.7.2", "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", @@ -2314,13 +2314,33 @@ "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg==" }, "node_modules/@sentry/browser": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.7.2.tgz", - "integrity": "sha512-Lv0Ne1QcesyGAhVcQDfQa3hDPR/MhPSDTMg3xFi+LxqztchVc4w/ynzR0wCZFb8KIHpTj5SpJHfxpDhXYMtS9g==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.8.0.tgz", + "integrity": "sha512-nxa71csHlG5sMHUxI4e4xxuCWtbCv/QbBfMsYw7ncJSfCKG3yNlCVh8NJ7NS0rZW/MJUT6S6+r93zw0HetNDOA==", "dependencies": { - "@sentry/core": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/core": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", + "tslib": "^1.9.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/browser/node_modules/@sentry/types": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==", + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/browser/node_modules/@sentry/utils": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", + "dependencies": { + "@sentry/types": "6.8.0", "tslib": "^1.9.3" }, "engines": { @@ -2333,14 +2353,60 @@ "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/core": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.7.2.tgz", - "integrity": "sha512-NTZqwN5nR94yrXmSfekoPs1mIFuKvf8esdIW/DadwSKWAdLJwQTJY9xK/8PQv+SEzd7wiitPAx+mCw2By1xiNQ==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.8.0.tgz", + "integrity": "sha512-vJzWt/znEB+JqVwtwfjkRrAYRN+ep+l070Ti8GhJnvwU4IDtVlV3T/jVNrj6rl6UChcczaJQMxVxtG5x0crlAA==", "dependencies": { - "@sentry/hub": "6.7.2", - "@sentry/minimal": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/hub": "6.8.0", + "@sentry/minimal": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", + "tslib": "^1.9.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/core/node_modules/@sentry/hub": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz", + "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==", + "dependencies": { + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", + "tslib": "^1.9.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/core/node_modules/@sentry/minimal": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz", + "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==", + "dependencies": { + "@sentry/hub": "6.8.0", + "@sentry/types": "6.8.0", + "tslib": "^1.9.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/core/node_modules/@sentry/types": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==", + "engines": { + "node": ">=6" + } + }, + "node_modules/@sentry/core/node_modules/@sentry/utils": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", + "dependencies": { + "@sentry/types": "6.8.0", "tslib": "^1.9.3" }, "engines": { @@ -9669,16 +9735,30 @@ } }, "@sentry/browser": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.7.2.tgz", - "integrity": "sha512-Lv0Ne1QcesyGAhVcQDfQa3hDPR/MhPSDTMg3xFi+LxqztchVc4w/ynzR0wCZFb8KIHpTj5SpJHfxpDhXYMtS9g==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.8.0.tgz", + "integrity": "sha512-nxa71csHlG5sMHUxI4e4xxuCWtbCv/QbBfMsYw7ncJSfCKG3yNlCVh8NJ7NS0rZW/MJUT6S6+r93zw0HetNDOA==", "requires": { - "@sentry/core": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/core": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { + "@sentry/types": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==" + }, + "@sentry/utils": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", + "requires": { + "@sentry/types": "6.8.0", + "tslib": "^1.9.3" + } + }, "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -9687,17 +9767,51 @@ } }, "@sentry/core": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.7.2.tgz", - "integrity": "sha512-NTZqwN5nR94yrXmSfekoPs1mIFuKvf8esdIW/DadwSKWAdLJwQTJY9xK/8PQv+SEzd7wiitPAx+mCw2By1xiNQ==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.8.0.tgz", + "integrity": "sha512-vJzWt/znEB+JqVwtwfjkRrAYRN+ep+l070Ti8GhJnvwU4IDtVlV3T/jVNrj6rl6UChcczaJQMxVxtG5x0crlAA==", "requires": { - "@sentry/hub": "6.7.2", - "@sentry/minimal": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/hub": "6.8.0", + "@sentry/minimal": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { + "@sentry/hub": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz", + "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==", + "requires": { + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", + "tslib": "^1.9.3" + } + }, + "@sentry/minimal": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz", + "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==", + "requires": { + "@sentry/hub": "6.8.0", + "@sentry/types": "6.8.0", + "tslib": "^1.9.3" + } + }, + "@sentry/types": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==" + }, + "@sentry/utils": { + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", + "requires": { + "@sentry/types": "6.8.0", + "tslib": "^1.9.3" + } + }, "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", diff --git a/web/package.json b/web/package.json index aab8bf1d2..e8272a17d 100644 --- a/web/package.json +++ b/web/package.json @@ -53,7 +53,7 @@ "@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-replace": "^2.4.2", "@rollup/plugin-typescript": "^8.2.1", - "@sentry/browser": "^6.7.2", + "@sentry/browser": "^6.8.0", "@sentry/tracing": "^6.7.2", "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", From b8a7186a5514c52317a4e71ae6a152c441e7a020 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:53:42 +0200 Subject: [PATCH 39/42] build(deps): bump @typescript-eslint/eslint-plugin in /web (#1088) --- web/package-lock.json | 254 ++++++++++++++++++++++++++++++++++++++---- web/package.json | 2 +- 2 files changed, 232 insertions(+), 24 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 3037da797..3ca623786 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -29,7 +29,7 @@ "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", - "@typescript-eslint/eslint-plugin": "^4.28.0", + "@typescript-eslint/eslint-plugin": "^4.28.1", "@typescript-eslint/parser": "^4.28.0", "@webcomponents/webcomponentsjs": "^2.5.0", "authentik-api": "file:api", @@ -2645,12 +2645,12 @@ "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.0.tgz", - "integrity": "sha512-KcF6p3zWhf1f8xO84tuBailV5cN92vhS+VT7UJsPzGBm9VnQqfI9AsiMUFUCYHTYPg1uCCo+HyiDnpDuvkAMfQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.1.tgz", + "integrity": "sha512-9yfcNpDaNGQ6/LQOX/KhUFTR1sCKH+PBr234k6hI9XJ0VP5UqGxap0AnNwBnWFk1MNyWBylJH9ZkzBXC+5akZQ==", "dependencies": { - "@typescript-eslint/experimental-utils": "4.28.0", - "@typescript-eslint/scope-manager": "4.28.0", + "@typescript-eslint/experimental-utils": "4.28.1", + "@typescript-eslint/scope-manager": "4.28.1", "debug": "^4.3.1", "functional-red-black-tree": "^1.0.1", "regexpp": "^3.1.0", @@ -2674,15 +2674,59 @@ } } }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", + "dependencies": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==", + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", + "dependencies": { + "@typescript-eslint/types": "4.28.1", + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/experimental-utils": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.0.tgz", - "integrity": "sha512-9XD9s7mt3QWMk82GoyUpc/Ji03vz4T5AYlHF9DcoFNfJ/y3UAclRsfGiE2gLfXtyC+JRA3trR7cR296TEb1oiQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.1.tgz", + "integrity": "sha512-n8/ggadrZ+uyrfrSEchx3jgODdmcx7MzVM2sI3cTpI/YlfSm0+9HEUaWw3aQn2urL2KYlWYMDgn45iLfjDYB+Q==", "dependencies": { "@types/json-schema": "^7.0.7", - "@typescript-eslint/scope-manager": "4.28.0", - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/typescript-estree": "4.28.0", + "@typescript-eslint/scope-manager": "4.28.1", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/typescript-estree": "4.28.1", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, @@ -2697,6 +2741,76 @@ "eslint": "*" } }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", + "dependencies": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==", + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", + "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", + "dependencies": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1", + "debug": "^4.3.1", + "globby": "^11.0.3", + "is-glob": "^4.0.1", + "semver": "^7.3.5", + "tsutils": "^3.21.0" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", + "dependencies": { + "@typescript-eslint/types": "4.28.1", + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -2714,6 +2828,25 @@ "eslint": ">=5" } }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/globby": { + "version": "11.0.4", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", + "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.1.1", + "ignore": "^5.1.4", + "merge2": "^1.3.0", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/@typescript-eslint/parser": { "version": "4.28.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.0.tgz", @@ -10039,32 +10172,94 @@ "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==" }, "@typescript-eslint/eslint-plugin": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.0.tgz", - "integrity": "sha512-KcF6p3zWhf1f8xO84tuBailV5cN92vhS+VT7UJsPzGBm9VnQqfI9AsiMUFUCYHTYPg1uCCo+HyiDnpDuvkAMfQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.1.tgz", + "integrity": "sha512-9yfcNpDaNGQ6/LQOX/KhUFTR1sCKH+PBr234k6hI9XJ0VP5UqGxap0AnNwBnWFk1MNyWBylJH9ZkzBXC+5akZQ==", "requires": { - "@typescript-eslint/experimental-utils": "4.28.0", - "@typescript-eslint/scope-manager": "4.28.0", + "@typescript-eslint/experimental-utils": "4.28.1", + "@typescript-eslint/scope-manager": "4.28.1", "debug": "^4.3.1", "functional-red-black-tree": "^1.0.1", "regexpp": "^3.1.0", "semver": "^7.3.5", "tsutils": "^3.21.0" + }, + "dependencies": { + "@typescript-eslint/scope-manager": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", + "requires": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" + } + }, + "@typescript-eslint/types": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==" + }, + "@typescript-eslint/visitor-keys": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", + "requires": { + "@typescript-eslint/types": "4.28.1", + "eslint-visitor-keys": "^2.0.0" + } + } } }, "@typescript-eslint/experimental-utils": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.0.tgz", - "integrity": "sha512-9XD9s7mt3QWMk82GoyUpc/Ji03vz4T5AYlHF9DcoFNfJ/y3UAclRsfGiE2gLfXtyC+JRA3trR7cR296TEb1oiQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.1.tgz", + "integrity": "sha512-n8/ggadrZ+uyrfrSEchx3jgODdmcx7MzVM2sI3cTpI/YlfSm0+9HEUaWw3aQn2urL2KYlWYMDgn45iLfjDYB+Q==", "requires": { "@types/json-schema": "^7.0.7", - "@typescript-eslint/scope-manager": "4.28.0", - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/typescript-estree": "4.28.0", + "@typescript-eslint/scope-manager": "4.28.1", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/typescript-estree": "4.28.1", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, "dependencies": { + "@typescript-eslint/scope-manager": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", + "requires": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" + } + }, + "@typescript-eslint/types": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==" + }, + "@typescript-eslint/typescript-estree": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", + "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", + "requires": { + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1", + "debug": "^4.3.1", + "globby": "^11.0.3", + "is-glob": "^4.0.1", + "semver": "^7.3.5", + "tsutils": "^3.21.0" + } + }, + "@typescript-eslint/visitor-keys": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", + "requires": { + "@typescript-eslint/types": "4.28.1", + "eslint-visitor-keys": "^2.0.0" + } + }, "eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -10072,6 +10267,19 @@ "requires": { "eslint-visitor-keys": "^2.0.0" } + }, + "globby": { + "version": "11.0.4", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", + "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", + "requires": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.1.1", + "ignore": "^5.1.4", + "merge2": "^1.3.0", + "slash": "^3.0.0" + } } } }, diff --git a/web/package.json b/web/package.json index e8272a17d..47460211b 100644 --- a/web/package.json +++ b/web/package.json @@ -58,7 +58,7 @@ "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", - "@typescript-eslint/eslint-plugin": "^4.28.0", + "@typescript-eslint/eslint-plugin": "^4.28.1", "@typescript-eslint/parser": "^4.28.0", "@webcomponents/webcomponentsjs": "^2.5.0", "authentik-api": "file:api", From ef0f618234547c1dd7b463dd98326483392d1cdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:54:49 +0200 Subject: [PATCH 40/42] build(deps): bump @sentry/tracing from 6.7.2 to 6.8.0 in /web (#1089) --- web/package-lock.json | 216 ++++++++++-------------------------------- web/package.json | 2 +- 2 files changed, 52 insertions(+), 166 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 3ca623786..f9faf278d 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -25,7 +25,7 @@ "@rollup/plugin-replace": "^2.4.2", "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.8.0", - "@sentry/tracing": "^6.7.2", + "@sentry/tracing": "^6.8.0", "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", @@ -2327,26 +2327,6 @@ "node": ">=6" } }, - "node_modules/@sentry/browser/node_modules/@sentry/types": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", - "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==", - "engines": { - "node": ">=6" - } - }, - "node_modules/@sentry/browser/node_modules/@sentry/utils": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", - "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", - "dependencies": { - "@sentry/types": "6.8.0", - "tslib": "^1.9.3" - }, - "engines": { - "node": ">=6" - } - }, "node_modules/@sentry/browser/node_modules/tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -2367,7 +2347,12 @@ "node": ">=6" } }, - "node_modules/@sentry/core/node_modules/@sentry/hub": { + "node_modules/@sentry/core/node_modules/tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + }, + "node_modules/@sentry/hub": { "version": "6.8.0", "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz", "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==", @@ -2380,7 +2365,12 @@ "node": ">=6" } }, - "node_modules/@sentry/core/node_modules/@sentry/minimal": { + "node_modules/@sentry/hub/node_modules/tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + }, + "node_modules/@sentry/minimal": { "version": "6.8.0", "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz", "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==", @@ -2393,76 +2383,20 @@ "node": ">=6" } }, - "node_modules/@sentry/core/node_modules/@sentry/types": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", - "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==", - "engines": { - "node": ">=6" - } - }, - "node_modules/@sentry/core/node_modules/@sentry/utils": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", - "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", - "dependencies": { - "@sentry/types": "6.8.0", - "tslib": "^1.9.3" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@sentry/core/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@sentry/hub": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.7.2.tgz", - "integrity": "sha512-05qVW6ymChJsXag4+fYCQokW3AcABIgcqrVYZUBf6GMU/Gbz5SJqpV7y1+njwWvnPZydMncP9LaDVpMKbE7UYQ==", - "dependencies": { - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", - "tslib": "^1.9.3" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@sentry/hub/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" - }, - "node_modules/@sentry/minimal": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.7.2.tgz", - "integrity": "sha512-jkpwFv2GFHoVl5vnK+9/Q+Ea8eVdbJ3hn3/Dqq9MOLFnVK7ED6MhdHKLT79puGSFj+85OuhM5m2Q44mIhyS5mw==", - "dependencies": { - "@sentry/hub": "6.7.2", - "@sentry/types": "6.7.2", - "tslib": "^1.9.3" - }, - "engines": { - "node": ">=6" - } - }, "node_modules/@sentry/minimal/node_modules/tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/tracing": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.7.2.tgz", - "integrity": "sha512-juKlI7FICKONWJFJxDxerj0A+8mNRhmtrdR+OXFqOkqSAy/QXlSFZcA/j//O19k2CfwK1BrvoMcQ/4gnffUOVg==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.8.0.tgz", + "integrity": "sha512-3gDkQnmOuOjHz5rY7BOatLEUksANU3efR8wuBa2ujsPQvoLSLFuyZpRjPPsxuUHQOqAYIbSNAoDloXECvQeHjw==", "dependencies": { - "@sentry/hub": "6.7.2", - "@sentry/minimal": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/hub": "6.8.0", + "@sentry/minimal": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", "tslib": "^1.9.3" }, "engines": { @@ -2475,19 +2409,19 @@ "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/types": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.7.2.tgz", - "integrity": "sha512-h21Go/PfstUN+ZV6SbwRSZVg9GXRJWdLfHoO5PSVb3TVEMckuxk8tAE57/u+UZDwX8wu+Xyon2TgsKpiWKxqUg==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==", "engines": { "node": ">=6" } }, "node_modules/@sentry/utils": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.7.2.tgz", - "integrity": "sha512-9COL7aaBbe61Hp5BlArtXZ1o/cxli1NGONLPrVT4fMyeQFmLonhUiy77NdsW19XnvhvaA+2IoV5dg3dnFiF/og==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", "dependencies": { - "@sentry/types": "6.7.2", + "@sentry/types": "6.8.0", "tslib": "^1.9.3" }, "engines": { @@ -9878,20 +9812,6 @@ "tslib": "^1.9.3" }, "dependencies": { - "@sentry/types": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", - "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==" - }, - "@sentry/utils": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", - "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", - "requires": { - "@sentry/types": "6.8.0", - "tslib": "^1.9.3" - } - }, "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -9911,40 +9831,6 @@ "tslib": "^1.9.3" }, "dependencies": { - "@sentry/hub": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz", - "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==", - "requires": { - "@sentry/types": "6.8.0", - "@sentry/utils": "6.8.0", - "tslib": "^1.9.3" - } - }, - "@sentry/minimal": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz", - "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==", - "requires": { - "@sentry/hub": "6.8.0", - "@sentry/types": "6.8.0", - "tslib": "^1.9.3" - } - }, - "@sentry/types": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", - "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==" - }, - "@sentry/utils": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", - "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", - "requires": { - "@sentry/types": "6.8.0", - "tslib": "^1.9.3" - } - }, "tslib": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", @@ -9953,12 +9839,12 @@ } }, "@sentry/hub": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.7.2.tgz", - "integrity": "sha512-05qVW6ymChJsXag4+fYCQokW3AcABIgcqrVYZUBf6GMU/Gbz5SJqpV7y1+njwWvnPZydMncP9LaDVpMKbE7UYQ==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz", + "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==", "requires": { - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { @@ -9970,12 +9856,12 @@ } }, "@sentry/minimal": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.7.2.tgz", - "integrity": "sha512-jkpwFv2GFHoVl5vnK+9/Q+Ea8eVdbJ3hn3/Dqq9MOLFnVK7ED6MhdHKLT79puGSFj+85OuhM5m2Q44mIhyS5mw==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz", + "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==", "requires": { - "@sentry/hub": "6.7.2", - "@sentry/types": "6.7.2", + "@sentry/hub": "6.8.0", + "@sentry/types": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { @@ -9987,14 +9873,14 @@ } }, "@sentry/tracing": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.7.2.tgz", - "integrity": "sha512-juKlI7FICKONWJFJxDxerj0A+8mNRhmtrdR+OXFqOkqSAy/QXlSFZcA/j//O19k2CfwK1BrvoMcQ/4gnffUOVg==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.8.0.tgz", + "integrity": "sha512-3gDkQnmOuOjHz5rY7BOatLEUksANU3efR8wuBa2ujsPQvoLSLFuyZpRjPPsxuUHQOqAYIbSNAoDloXECvQeHjw==", "requires": { - "@sentry/hub": "6.7.2", - "@sentry/minimal": "6.7.2", - "@sentry/types": "6.7.2", - "@sentry/utils": "6.7.2", + "@sentry/hub": "6.8.0", + "@sentry/minimal": "6.8.0", + "@sentry/types": "6.8.0", + "@sentry/utils": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { @@ -10006,16 +9892,16 @@ } }, "@sentry/types": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.7.2.tgz", - "integrity": "sha512-h21Go/PfstUN+ZV6SbwRSZVg9GXRJWdLfHoO5PSVb3TVEMckuxk8tAE57/u+UZDwX8wu+Xyon2TgsKpiWKxqUg==" + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz", + "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==" }, "@sentry/utils": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.7.2.tgz", - "integrity": "sha512-9COL7aaBbe61Hp5BlArtXZ1o/cxli1NGONLPrVT4fMyeQFmLonhUiy77NdsW19XnvhvaA+2IoV5dg3dnFiF/og==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz", + "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==", "requires": { - "@sentry/types": "6.7.2", + "@sentry/types": "6.8.0", "tslib": "^1.9.3" }, "dependencies": { diff --git a/web/package.json b/web/package.json index 47460211b..efdcf6f2f 100644 --- a/web/package.json +++ b/web/package.json @@ -54,7 +54,7 @@ "@rollup/plugin-replace": "^2.4.2", "@rollup/plugin-typescript": "^8.2.1", "@sentry/browser": "^6.8.0", - "@sentry/tracing": "^6.7.2", + "@sentry/tracing": "^6.8.0", "@types/chart.js": "^2.9.32", "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", From b3ce8331f5bd207513c3b8d4c1ea09b6a2fcd630 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:55:00 +0200 Subject: [PATCH 41/42] build(deps): bump @typescript-eslint/parser in /web (#1087) --- web/package-lock.json | 302 +++++++----------------------------------- web/package.json | 2 +- 2 files changed, 48 insertions(+), 256 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index f9faf278d..b65f46cd4 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -30,7 +30,7 @@ "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", "@typescript-eslint/eslint-plugin": "^4.28.1", - "@typescript-eslint/parser": "^4.28.0", + "@typescript-eslint/parser": "^4.28.1", "@webcomponents/webcomponentsjs": "^2.5.0", "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", @@ -2608,50 +2608,6 @@ } } }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", - "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", - "dependencies": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", - "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==", - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", - "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", - "dependencies": { - "@typescript-eslint/types": "4.28.1", - "eslint-visitor-keys": "^2.0.0" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/experimental-utils": { "version": "4.28.1", "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.1.tgz", @@ -2675,76 +2631,6 @@ "eslint": "*" } }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", - "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", - "dependencies": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", - "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==", - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", - "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", - "dependencies": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1", - "debug": "^4.3.1", - "globby": "^11.0.3", - "is-glob": "^4.0.1", - "semver": "^7.3.5", - "tsutils": "^3.21.0" - }, - "engines": { - "node": "^10.12.0 || >=12.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", - "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", - "dependencies": { - "@typescript-eslint/types": "4.28.1", - "eslint-visitor-keys": "^2.0.0" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -2762,33 +2648,14 @@ "eslint": ">=5" } }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/globby": { - "version": "11.0.4", - "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", - "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", - "dependencies": { - "array-union": "^2.1.0", - "dir-glob": "^3.0.1", - "fast-glob": "^3.1.1", - "ignore": "^5.1.4", - "merge2": "^1.3.0", - "slash": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/@typescript-eslint/parser": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.0.tgz", - "integrity": "sha512-7x4D22oPY8fDaOCvkuXtYYTQ6mTMmkivwEzS+7iml9F9VkHGbbZ3x4fHRwxAb5KeuSkLqfnYjs46tGx2Nour4A==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.1.tgz", + "integrity": "sha512-UjrMsgnhQIIK82hXGaD+MCN8IfORS1CbMdu7VlZbYa8LCZtbZjJA26De4IPQB7XYZbL8gJ99KWNj0l6WD0guJg==", "dependencies": { - "@typescript-eslint/scope-manager": "4.28.0", - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/typescript-estree": "4.28.0", + "@typescript-eslint/scope-manager": "4.28.1", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/typescript-estree": "4.28.1", "debug": "^4.3.1" }, "engines": { @@ -2808,12 +2675,12 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.0.tgz", - "integrity": "sha512-eCALCeScs5P/EYjwo6se9bdjtrh8ByWjtHzOkC4Tia6QQWtQr3PHovxh3TdYTuFcurkYI4rmFsRFpucADIkseg==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", "dependencies": { - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/visitor-keys": "4.28.0" + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" }, "engines": { "node": "^8.10.0 || ^10.13.0 || >=11.10.1" @@ -2824,9 +2691,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.0.tgz", - "integrity": "sha512-p16xMNKKoiJCVZY5PW/AfILw2xe1LfruTcfAKBj3a+wgNYP5I9ZEKNDOItoRt53p4EiPV6iRSICy8EPanG9ZVA==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==", "engines": { "node": "^8.10.0 || ^10.13.0 || >=11.10.1" }, @@ -2836,12 +2703,12 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.0.tgz", - "integrity": "sha512-m19UQTRtxMzKAm8QxfKpvh6OwQSXaW1CdZPoCaQuLwAq7VZMNuhJmZR4g5281s2ECt658sldnJfdpSZZaxUGMQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", + "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", "dependencies": { - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/visitor-keys": "4.28.0", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1", "debug": "^4.3.1", "globby": "^11.0.3", "is-glob": "^4.0.1", @@ -2881,11 +2748,11 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.0.tgz", - "integrity": "sha512-PjJyTWwrlrvM5jazxYF5ZPs/nl0kHDZMVbuIcbpawVXaDPelp3+S9zpOz5RmVUfS/fD5l5+ZXNKnWhNYjPzCvw==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", "dependencies": { - "@typescript-eslint/types": "4.28.0", + "@typescript-eslint/types": "4.28.1", "eslint-visitor-keys": "^2.0.0" }, "engines": { @@ -10069,31 +9936,6 @@ "regexpp": "^3.1.0", "semver": "^7.3.5", "tsutils": "^3.21.0" - }, - "dependencies": { - "@typescript-eslint/scope-manager": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", - "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", - "requires": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1" - } - }, - "@typescript-eslint/types": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", - "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==" - }, - "@typescript-eslint/visitor-keys": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", - "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", - "requires": { - "@typescript-eslint/types": "4.28.1", - "eslint-visitor-keys": "^2.0.0" - } - } } }, "@typescript-eslint/experimental-utils": { @@ -10109,43 +9951,6 @@ "eslint-utils": "^3.0.0" }, "dependencies": { - "@typescript-eslint/scope-manager": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", - "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", - "requires": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1" - } - }, - "@typescript-eslint/types": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", - "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==" - }, - "@typescript-eslint/typescript-estree": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", - "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", - "requires": { - "@typescript-eslint/types": "4.28.1", - "@typescript-eslint/visitor-keys": "4.28.1", - "debug": "^4.3.1", - "globby": "^11.0.3", - "is-glob": "^4.0.1", - "semver": "^7.3.5", - "tsutils": "^3.21.0" - } - }, - "@typescript-eslint/visitor-keys": { - "version": "4.28.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", - "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", - "requires": { - "@typescript-eslint/types": "4.28.1", - "eslint-visitor-keys": "^2.0.0" - } - }, "eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -10153,54 +9958,41 @@ "requires": { "eslint-visitor-keys": "^2.0.0" } - }, - "globby": { - "version": "11.0.4", - "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", - "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", - "requires": { - "array-union": "^2.1.0", - "dir-glob": "^3.0.1", - "fast-glob": "^3.1.1", - "ignore": "^5.1.4", - "merge2": "^1.3.0", - "slash": "^3.0.0" - } } } }, "@typescript-eslint/parser": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.0.tgz", - "integrity": "sha512-7x4D22oPY8fDaOCvkuXtYYTQ6mTMmkivwEzS+7iml9F9VkHGbbZ3x4fHRwxAb5KeuSkLqfnYjs46tGx2Nour4A==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.1.tgz", + "integrity": "sha512-UjrMsgnhQIIK82hXGaD+MCN8IfORS1CbMdu7VlZbYa8LCZtbZjJA26De4IPQB7XYZbL8gJ99KWNj0l6WD0guJg==", "requires": { - "@typescript-eslint/scope-manager": "4.28.0", - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/typescript-estree": "4.28.0", + "@typescript-eslint/scope-manager": "4.28.1", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/typescript-estree": "4.28.1", "debug": "^4.3.1" } }, "@typescript-eslint/scope-manager": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.0.tgz", - "integrity": "sha512-eCALCeScs5P/EYjwo6se9bdjtrh8ByWjtHzOkC4Tia6QQWtQr3PHovxh3TdYTuFcurkYI4rmFsRFpucADIkseg==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz", + "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==", "requires": { - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/visitor-keys": "4.28.0" + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1" } }, "@typescript-eslint/types": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.0.tgz", - "integrity": "sha512-p16xMNKKoiJCVZY5PW/AfILw2xe1LfruTcfAKBj3a+wgNYP5I9ZEKNDOItoRt53p4EiPV6iRSICy8EPanG9ZVA==" + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz", + "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==" }, "@typescript-eslint/typescript-estree": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.0.tgz", - "integrity": "sha512-m19UQTRtxMzKAm8QxfKpvh6OwQSXaW1CdZPoCaQuLwAq7VZMNuhJmZR4g5281s2ECt658sldnJfdpSZZaxUGMQ==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz", + "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==", "requires": { - "@typescript-eslint/types": "4.28.0", - "@typescript-eslint/visitor-keys": "4.28.0", + "@typescript-eslint/types": "4.28.1", + "@typescript-eslint/visitor-keys": "4.28.1", "debug": "^4.3.1", "globby": "^11.0.3", "is-glob": "^4.0.1", @@ -10224,11 +10016,11 @@ } }, "@typescript-eslint/visitor-keys": { - "version": "4.28.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.0.tgz", - "integrity": "sha512-PjJyTWwrlrvM5jazxYF5ZPs/nl0kHDZMVbuIcbpawVXaDPelp3+S9zpOz5RmVUfS/fD5l5+ZXNKnWhNYjPzCvw==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz", + "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==", "requires": { - "@typescript-eslint/types": "4.28.0", + "@typescript-eslint/types": "4.28.1", "eslint-visitor-keys": "^2.0.0" } }, diff --git a/web/package.json b/web/package.json index efdcf6f2f..14b11d0eb 100644 --- a/web/package.json +++ b/web/package.json @@ -59,7 +59,7 @@ "@types/codemirror": "5.60.1", "@types/grecaptcha": "^3.0.2", "@typescript-eslint/eslint-plugin": "^4.28.1", - "@typescript-eslint/parser": "^4.28.0", + "@typescript-eslint/parser": "^4.28.1", "@webcomponents/webcomponentsjs": "^2.5.0", "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", From b2a832175e03dc2f27808113fc2f0d9ddf2e96a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jun 2021 08:55:13 +0200 Subject: [PATCH 42/42] build(deps): bump celery from 5.1.1 to 5.1.2 (#1092) --- Pipfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index c7a940924..ccb1fd41c 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -165,11 +165,11 @@ }, "celery": { "hashes": [ - "sha256:54436cd97b031bf2e08064223240e2a83d601d9414bcb1b702f94c6c33c29485", - "sha256:b5399d76cf70d5cfac3ec993f8796ec1aa90d4cef55972295751f384758a80d7" + "sha256:8d9a3de9162965e97f8e8cc584c67aad83b3f7a267584fa47701ed11c3e0d4b0", + "sha256:9dab2170b4038f7bf10ef2861dbf486ddf1d20592290a1040f7b7a1259705d42" ], "index": "pypi", - "version": "==5.1.1" + "version": "==5.1.2" }, "certifi": { "hashes": [ @@ -1585,7 +1585,7 @@ "sha256:83510593e07e433b77bd5bff0f6f607dbafa06d1a89022616f02d8b699cfcd56", "sha256:8e2c107091cfec7286bc0f68a547d0ba4c094d460b732075b6fba674f1035c0c" ], - "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", + "markers": "python_version < '4' and python_full_version >= '3.6.1'", "version": "==5.9.1" }, "lazy-object-proxy": {