Merge branch 'master' into outpost-ldap

This commit is contained in:
Jens Langhammer 2021-05-01 00:26:55 +02:00
commit c317efa14c
30 changed files with 833 additions and 276 deletions

View file

@ -1,5 +1,5 @@
[bumpversion]
current_version = 2021.4.4
current_version = 2021.4.5
tag = True
commit = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)

View file

@ -24,9 +24,9 @@ jobs:
with:
push: true
tags: |
beryju/authentik-proxy:2021.4.4,
beryju/authentik-proxy:2021.4.5,
beryju/authentik-proxy:latest,
ghcr.io/goauthentik/authentik:2021.4.4,
ghcr.io/goauthentik/authentik:2021.4.5,
ghcr.io/goauthentik/authentik:latest
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
build-proxy:
@ -56,9 +56,9 @@ jobs:
with:
push: true
tags: |
beryju/authentik-proxy:2021.4.4,
beryju/authentik-proxy:2021.4.5,
beryju/authentik-proxy:latest,
ghcr.io/goauthentik/proxy:2021.4.4,
ghcr.io/goauthentik/proxy:2021.4.5,
ghcr.io/goauthentik/proxy:latest
context: proxy/
file: proxy/proxy.Dockerfile
@ -84,9 +84,9 @@ jobs:
with:
push: true
tags: |
beryju/authentik-static:2021.4.4,
beryju/authentik-static:2021.4.5,
beryju/authentik-static:latest,
ghcr.io/goauthentik/static:2021.4.4,
ghcr.io/goauthentik/static:2021.4.5,
ghcr.io/goauthentik/static:latest
context: web/
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
@ -121,5 +121,5 @@ jobs:
SENTRY_PROJECT: authentik
SENTRY_URL: https://sentry.beryju.org
with:
tagName: 2021.4.4
tagName: 2021.4.5
environment: beryjuorg-prod

17
Pipfile.lock generated
View file

@ -116,17 +116,18 @@
},
"boto3": {
"hashes": [
"sha256:edd2f14f64e0afd2373cd9b2c839004c751afedc593ea3baca3ab36f7206644d"
"sha256:35b099fa55f5db6e99a92855b9f320736121ae985340adfc73bc46fb443809e9",
"sha256:53fd4c7df86f78e51168f832b42ca1c284333b3f5af0266bf10d13af41aeff5c"
],
"index": "pypi",
"version": "==1.17.60"
"version": "==1.17.61"
},
"botocore": {
"hashes": [
"sha256:bb63a112ef415638328e4535b75dbc32ebd88f06b7937ce1d297aa5b5527335a",
"sha256:e19947a8978e99467e7b1843308d1adc8febaa4e221021d4befdaec83d993ee7"
"sha256:c765ddd0648e32b375ced8b82bfcc3f8437107278b2d2c73b7da7f41297b5388",
"sha256:d48f94573c75a6c1d6d0152b9e21432083a1b0a0fc39b41f57128464982cb0a0"
],
"version": "==1.20.60"
"version": "==1.20.61"
},
"cachetools": {
"hashes": [
@ -952,10 +953,10 @@
},
"python-dotenv": {
"hashes": [
"sha256:471b782da0af10da1a80341e8438fca5fadeba2881c54360d5fd8d03d03a4f4a",
"sha256:49782a97c9d641e8a09ae1d9af0856cc587c8d2474919342d5104d85be9890b2"
"sha256:00aa34e92d992e9f8383730816359647f358f4a3be1ba45e5a5cefd27ee91544",
"sha256:b1ae5e9643d5ed987fc57cc2583021e38db531946518130777734f9589b3141f"
],
"version": "==0.17.0"
"version": "==0.17.1"
},
"pytz": {
"hashes": [

View file

@ -1,3 +1,3 @@
"""authentik"""
__version__ = "2021.4.4"
__version__ = "2021.4.5"
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"

View file

@ -39,7 +39,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
"""Show if this keypair has a private key configured or not"""
return instance.key_data != "" and instance.key_data is not None
def validate_certificate_data(self, value):
def validate_certificate_data(self, value: str) -> str:
"""Verify that input is a valid PEM x509 Certificate"""
try:
load_pem_x509_certificate(value.encode("utf-8"), default_backend())
@ -47,7 +47,7 @@ class CertificateKeyPairSerializer(ModelSerializer):
raise ValidationError("Unable to load certificate.")
return value
def validate_key_data(self, value):
def validate_key_data(self, value: str) -> str:
"""Verify that input is a valid PEM RSA Key"""
# Since this field is optional, data can be empty.
if value != "":
@ -57,8 +57,10 @@ class CertificateKeyPairSerializer(ModelSerializer):
password=None,
backend=default_backend(),
)
except ValueError:
raise ValidationError("Unable to load private key.")
except (ValueError, TypeError):
raise ValidationError(
"Unable to load private key (possibly encrypted?)."
)
return value
class Meta:

View file

@ -61,6 +61,4 @@ class BaseController:
def get_container_image(self) -> str:
"""Get container image to use for this outpost"""
image_name_template: str = CONFIG.y("outposts.docker_image_base")
return image_name_template.format(
{"type": self.outpost.type, "version": __version__}
)
return image_name_template % {"type": self.outpost.type, "version": __version__}

View file

@ -54,7 +54,7 @@ class ResponseProcessor:
_source: SAMLSource
_root: Any
_root_xml: str
_root_xml: bytes
_http_request: HttpRequest
@ -69,7 +69,7 @@ class ResponseProcessor:
if not raw_response:
raise MissingSAMLResponse("Request does not contain 'SAMLResponse'")
# Check if response is compressed, b64 decode it
self._root_xml = b64decode(raw_response.encode()).decode()
self._root_xml = b64decode(raw_response.encode())
self._root = fromstring(self._root_xml)
if self._source.signing_kp:
@ -186,7 +186,7 @@ class ResponseProcessor:
expected=self._source.name_id_policy,
got=name_id.attrib["Format"],
)
# transient NameIDs are handeled seperately as they don't have to go through flows.
# transient NameIDs are handled separately as they don't have to go through flows.
if name_id.attrib["Format"] == SAML_NAME_ID_FORMAT_TRANSIENT:
return self._handle_name_id_transient(request)

View file

@ -1,4 +1,6 @@
"""saml sp views"""
from urllib.parse import ParseResult, parse_qsl, urlparse, urlunparse
from django.contrib.auth import logout
from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import Http404, HttpRequest, HttpResponse
@ -104,8 +106,24 @@ class InitiateView(View):
auth_n_req = RequestProcessor(source, request, relay_state)
# If the source is configured for Redirect bindings, we can just redirect there
if source.binding_type == SAMLBindingTypes.REDIRECT:
url_args = urlencode(auth_n_req.build_auth_n_detached())
return redirect(f"{source.sso_url}?{url_args}")
# Parse the initial SSO URL
sso_url = urlparse(source.sso_url)
# Parse the querystring into a dict...
url_kwargs = dict(parse_qsl(sso_url.query))
# ... and update it with the SAML args
url_kwargs.update(auth_n_req.build_auth_n_detached())
# Encode it back into a string
res = ParseResult(
scheme=sso_url.scheme,
netloc=sso_url.hostname or "",
path=sso_url.path,
params=sso_url.params,
query=urlencode(url_kwargs),
fragment=sso_url.fragment,
)
# and merge it back into a URL
final_url = urlunparse(res)
return redirect(final_url)
# As POST Binding we show a form
saml_request = nice64(auth_n_req.build_auth_n())
injected_stages = []

View file

@ -0,0 +1,27 @@
# Generated by Django 3.2 on 2021-04-29 22:56
import django.contrib.postgres.fields
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_stages_identification", "0007_remove_identificationstage_template"),
]
operations = [
migrations.AlterField(
model_name="identificationstage",
name="user_fields",
field=django.contrib.postgres.fields.ArrayField(
base_field=models.CharField(
choices=[("email", "E Mail"), ("username", "Username")],
max_length=100,
),
blank=True,
help_text="Fields of the user object to match against. (Hold shift to select multiple options)",
size=None,
),
),
]

View file

@ -22,6 +22,7 @@ class IdentificationStage(Stage):
user_fields = ArrayField(
models.CharField(max_length=100, choices=UserFields.choices),
blank=True,
help_text=_(
(
"Fields of the user object to match against. "

View file

@ -7,7 +7,7 @@ from django.db.models import Q
from django.http import HttpResponse
from django.urls import reverse
from django.utils.translation import gettext as _
from rest_framework.fields import CharField
from rest_framework.fields import CharField, ListField
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
@ -20,7 +20,7 @@ from authentik.flows.stage import (
ChallengeStageView,
)
from authentik.flows.views import SESSION_KEY_APPLICATION_PRE
from authentik.stages.identification.models import IdentificationStage, UserFields
from authentik.stages.identification.models import IdentificationStage
LOGGER = get_logger()
@ -28,7 +28,7 @@ LOGGER = get_logger()
class IdentificationChallenge(Challenge):
"""Identification challenges with all UI elements"""
input_type = CharField()
user_fields = ListField(child=CharField(), allow_empty=True, allow_null=True)
application_pre = CharField(required=False)
enroll_url = CharField(required=False)
@ -83,11 +83,9 @@ class IdentificationStageView(ChallengeStageView):
"type": ChallengeTypes.NATIVE.value,
"component": "ak-stage-identification",
"primary_action": _("Log in"),
"input_type": "text",
"user_fields": current_stage.user_fields,
}
)
if current_stage.user_fields == [UserFields.E_MAIL]:
challenge.initial_data["input_type"] = "email"
# If the user has been redirected to us whilst trying to access an
# application, SESSION_KEY_APPLICATION_PRE is set in the session
if SESSION_KEY_APPLICATION_PRE in self.request.session:

View file

@ -106,7 +106,7 @@ class TestIdentificationStage(TestCase):
"background": flow.background.url,
"type": ChallengeTypes.NATIVE.value,
"component": "ak-stage-identification",
"input_type": "email",
"user_fields": ["email"],
"enroll_url": reverse(
"authentik_core:if-flow",
kwargs={"flow_slug": "unique-enrollment-string"},
@ -149,7 +149,7 @@ class TestIdentificationStage(TestCase):
"background": flow.background.url,
"type": ChallengeTypes.NATIVE.value,
"component": "ak-stage-identification",
"input_type": "email",
"user_fields": ["email"],
"recovery_url": reverse(
"authentik_core:if-flow",
kwargs={"flow_slug": "unique-recovery-string"},

View file

@ -20,7 +20,7 @@ services:
networks:
- internal
server:
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.4}
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
restart: unless-stopped
command: server
environment:
@ -48,7 +48,7 @@ services:
env_file:
- .env
worker:
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.4}
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
restart: unless-stopped
command: worker
networks:
@ -68,7 +68,7 @@ services:
env_file:
- .env
static:
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.4}
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.5}
restart: unless-stopped
networks:
- internal

View file

@ -4,7 +4,7 @@ name: authentik
home: https://goauthentik.io
sources:
- https://github.com/goauthentik/authentik
version: "2021.4.4"
version: "2021.4.5"
icon: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.svg
dependencies:
- name: postgresql

View file

@ -5,7 +5,7 @@
| image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.name_outposts | beryju/authentik-%(type)s:%(version)s | Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1 |
| image.tag | 2021.4.4 | Image tag |
| image.tag | 2021.4.5 | Image tag |
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
| serverReplicas | 1 | Replicas for the Server deployment |
| workerReplicas | 1 | Replicas for the Worker deployment |

View file

@ -8,7 +8,7 @@ image:
# %(type)s: Outpost type; proxy, ldap, etc
# %(version)s: Current version; 2021.4.1
name_outposts: "beryju/authentik-%(type)s:%(version)s"
tag: 2021.4.4
tag: 2021.4.5
pullPolicy: IfNotPresent
serverReplicas: 1

View file

@ -1,3 +1,3 @@
package pkg
const VERSION = "2021.4.4"
const VERSION = "2021.4.5"

View file

@ -18375,7 +18375,6 @@ definitions:
IdentificationStage:
required:
- name
- user_fields
type: object
properties:
pk:

View file

@ -81,7 +81,7 @@ http {
location /static/ {
expires 31d;
add_header Cache-Control "public, no-transform";
add_header X-authentik-version "2021.4.4";
add_header X-authentik-version "2021.4.5";
add_header Vary X-authentik-version;
}

784
web/package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -35,10 +35,10 @@
]
},
"dependencies": {
"@babel/core": "^7.13.16",
"@babel/core": "^7.14.0",
"@babel/plugin-proposal-decorators": "^7.13.15",
"@babel/plugin-transform-runtime": "^7.13.15",
"@babel/preset-env": "^7.13.15",
"@babel/preset-env": "^7.14.0",
"@babel/preset-typescript": "^7.13.0",
"@fortawesome/fontawesome-free": "^5.15.3",
"@lingui/cli": "^3.8.10",
@ -50,11 +50,11 @@
"@rollup/plugin-babel": "^5.3.0",
"@rollup/plugin-replace": "^2.4.2",
"@rollup/plugin-typescript": "^8.2.1",
"@sentry/browser": "^6.3.3",
"@sentry/tracing": "^6.3.3",
"@sentry/browser": "^6.3.4",
"@sentry/tracing": "^6.3.4",
"@types/chart.js": "^2.9.32",
"@types/codemirror": "0.0.109",
"@types/grecaptcha": "^3.0.1",
"@types/grecaptcha": "^3.0.2",
"@typescript-eslint/eslint-plugin": "^4.22.0",
"@typescript-eslint/parser": "^4.22.0",
"@webcomponents/webcomponentsjs": "^2.5.0",
@ -73,7 +73,7 @@
"lit-html": "^1.4.0",
"moment": "^2.29.1",
"rapidoc": "^9.0.0",
"rollup": "^2.45.2",
"rollup": "^2.46.0",
"rollup-plugin-commonjs": "^10.1.0",
"rollup-plugin-copy": "^3.4.0",
"rollup-plugin-cssimport": "^1.0.2",

View file

@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
export const ERROR_CLASS = "pf-m-danger";
export const PROGRESS_CLASS = "pf-m-in-progress";
export const CURRENT_CLASS = "pf-m-current";
export const VERSION = "2021.4.4";
export const VERSION = "2021.4.5";
export const PAGE_SIZE = 20;
export const EVENT_REFRESH = "ak-refresh";
export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle";

View file

@ -22,7 +22,7 @@ export const PasswordManagerPrefill: {
export interface IdentificationChallenge extends Challenge {
input_type: string;
user_fields?: string[];
primary_action: string;
sources?: UILoginButton[];
@ -154,6 +154,43 @@ export class IdentificationStage extends BaseStage {
</div>`;
}
renderInput(): TemplateResult {
let label = "";
let type = "text";
if (!this.challenge?.user_fields) {
return html`<p>
${t`Select one of the sources below to login.`}
</p>`;
}
if (this.challenge?.user_fields === ["email"]) {
label = t`Email`;
type = "email";
} else if (this.challenge?.user_fields === ["username"]) {
label = t`Username`;
} else {
label = t`Email or username`;
}
return html`<ak-form-element
label=${label}
?required="${true}"
class="pf-c-form__group"
.errors=${(this.challenge?.response_errors || {})["uid_field"]}>
<!-- @ts-ignore -->
<input type=${type}
name="uid_field"
placeholder="Email or Username"
autofocus=""
autocomplete="username"
class="pf-c-form-control"
required>
</ak-form-element>
<div class="pf-c-form__group pf-m-action">
<button type="submit" class="pf-c-button pf-m-primary pf-m-block">
${this.challenge.primary_action}
</button>
</div>`;
}
render(): TemplateResult {
if (!this.challenge) {
return html`<ak-empty-state
@ -173,26 +210,7 @@ export class IdentificationStage extends BaseStage {
${t`Login to continue to ${this.challenge.application_pre}.`}
</p>`:
html``}
<ak-form-element
label="${t`Email or Username`}"
?required="${true}"
class="pf-c-form__group"
.errors=${(this.challenge?.response_errors || {})["uid_field"]}>
<input type="text"
name="uid_field"
placeholder="Email or Username"
autofocus=""
autocomplete="username"
class="pf-c-form-control"
required>
</ak-form-element>
<div class="pf-c-form__group pf-m-action">
<button type="submit" class="pf-c-button pf-m-primary pf-m-block">
${this.challenge.primary_action}
</button>
</div>
${this.renderInput()}
</form>
</div>
<footer class="pf-c-login__main-footer">

View file

@ -428,7 +428,7 @@ msgstr "Can be in the format of 'unix://' when connecting to a local docker daem
msgid "Cancel"
msgstr "Cancel"
#: src/pages/stages/identification/IdentificationStageForm.ts:92
#: src/pages/stages/identification/IdentificationStageForm.ts:91
msgid "Case insensitive matching"
msgstr "Case insensitive matching"
@ -1086,8 +1086,9 @@ msgstr "Edit User"
msgid "Either no applications are defined, or you don't have access to any."
msgstr "Either no applications are defined, or you don't have access to any."
#: src/flows/stages/identification/IdentificationStage.ts:138
#: src/pages/events/TransportForm.ts:46
#: src/pages/stages/identification/IdentificationStageForm.ts:82
#: src/pages/stages/identification/IdentificationStageForm.ts:81
#: src/pages/user-settings/UserDetailsPage.ts:71
#: src/pages/users/UserForm.ts:61
#: src/pages/users/UserViewPage.ts:100
@ -1098,9 +1099,9 @@ msgstr "Email"
msgid "Email address"
msgstr "Email address"
#: src/flows/stages/identification/IdentificationStage.ts:150
msgid "Email or Username"
msgstr "Email or Username"
#: src/flows/stages/identification/IdentificationStage.ts:145
msgid "Email or username"
msgstr "Email or username"
#: src/pages/stages/prompt/PromptForm.ts:51
msgid "Email: Text field with Email type."
@ -1145,7 +1146,7 @@ msgstr "Enrollment"
#: src/pages/sources/oauth/OAuthSourceForm.ts:210
#: src/pages/sources/saml/SAMLSourceForm.ts:266
#: src/pages/stages/identification/IdentificationStageForm.ts:107
#: src/pages/stages/identification/IdentificationStageForm.ts:106
msgid "Enrollment flow"
msgstr "Enrollment flow"
@ -1342,9 +1343,9 @@ msgstr "Field which contains members of a group."
msgid "Fields"
msgstr "Fields"
#: src/pages/stages/identification/IdentificationStageForm.ts:85
msgid "Fields a user can identify themselves with."
msgstr "Fields a user can identify themselves with."
#: src/pages/stages/identification/IdentificationStageForm.ts:84
msgid "Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources."
msgstr "Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources."
#: src/pages/flows/FlowImportForm.ts:34
#: src/pages/flows/FlowListPage.ts:79
@ -1510,7 +1511,7 @@ msgstr "Hide managed mappings"
#: src/pages/sources/ldap/LDAPSourceForm.ts:167
#: src/pages/sources/ldap/LDAPSourceForm.ts:193
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:114
#: src/pages/stages/identification/IdentificationStageForm.ts:86
#: src/pages/stages/identification/IdentificationStageForm.ts:85
#: src/pages/stages/password/PasswordStageForm.ts:86
#: src/pages/stages/prompt/PromptStageForm.ts:87
#: src/pages/stages/prompt/PromptStageForm.ts:121
@ -1704,7 +1705,7 @@ msgstr "Library"
#: src/flows/stages/consent/ConsentStage.ts:28
#: src/flows/stages/dummy/DummyStage.ts:27
#: src/flows/stages/email/EmailStage.ts:26
#: src/flows/stages/identification/IdentificationStage.ts:133
#: src/flows/stages/identification/IdentificationStage.ts:170
#: src/flows/stages/password/PasswordStage.ts:31
#: src/flows/stages/prompt/PromptStage.ts:126
#: src/pages/applications/ApplicationViewPage.ts:43
@ -1757,8 +1758,8 @@ msgstr "Loading"
#: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts:96
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:170
#: src/pages/stages/identification/IdentificationStageForm.ts:120
#: src/pages/stages/identification/IdentificationStageForm.ts:138
#: src/pages/stages/identification/IdentificationStageForm.ts:119
#: src/pages/stages/identification/IdentificationStageForm.ts:137
#: src/pages/stages/password/PasswordStageForm.ts:106
#: src/pages/stages/prompt/PromptStageForm.ts:85
#: src/pages/stages/prompt/PromptStageForm.ts:118
@ -1779,7 +1780,7 @@ msgstr "Log the currently pending user in."
msgid "Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP."
msgstr "Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP."
#: src/flows/stages/identification/IdentificationStage.ts:145
#: src/flows/stages/identification/IdentificationStage.ts:182
msgid "Login to continue to {0}."
msgstr "Login to continue to {0}."
@ -2165,11 +2166,11 @@ msgstr "Optional URL if the IDP supports Single-Logout."
msgid "Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON."
msgstr "Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON."
#: src/pages/stages/identification/IdentificationStageForm.ts:122
#: src/pages/stages/identification/IdentificationStageForm.ts:121
msgid "Optional enrollment flow, which is linked at the bottom of the page."
msgstr "Optional enrollment flow, which is linked at the bottom of the page."
#: src/pages/stages/identification/IdentificationStageForm.ts:140
#: src/pages/stages/identification/IdentificationStageForm.ts:139
msgid "Optional recovery flow, which is linked at the bottom of the page."
msgstr "Optional recovery flow, which is linked at the bottom of the page."
@ -2503,7 +2504,7 @@ msgstr "Re-evaluate policies"
msgid "Recovery"
msgstr "Recovery"
#: src/pages/stages/identification/IdentificationStageForm.ts:125
#: src/pages/stages/identification/IdentificationStageForm.ts:124
msgid "Recovery flow"
msgstr "Recovery flow"
@ -2709,6 +2710,10 @@ msgstr "Select all rows"
msgid "Select an identification method."
msgstr "Select an identification method."
#: src/flows/stages/identification/IdentificationStage.ts:134
msgid "Select one of the sources below to login."
msgstr "Select one of the sources below to login."
#: src/pages/groups/MemberSelectModal.ts:68
msgid "Select users to add"
msgstr "Select users to add"
@ -2807,7 +2812,7 @@ msgstr "Severity"
msgid "Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable."
msgstr "Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable."
#: src/pages/stages/identification/IdentificationStageForm.ts:101
#: src/pages/stages/identification/IdentificationStageForm.ts:100
msgid "Show matched user"
msgstr "Show matched user"
@ -3741,7 +3746,8 @@ msgstr "User/Group Attribute used for the user part of the HTTP-Basic Header. If
msgid "Userinfo URL"
msgstr "Userinfo URL"
#: src/pages/stages/identification/IdentificationStageForm.ts:79
#: src/flows/stages/identification/IdentificationStage.ts:142
#: src/pages/stages/identification/IdentificationStageForm.ts:78
#: src/pages/user-settings/UserDetailsPage.ts:57
#: src/pages/users/UserForm.ts:47
#: src/pages/users/UserViewPage.ts:84
@ -3863,7 +3869,7 @@ msgstr "Webhook (generic)"
msgid "Webhook URL"
msgstr "Webhook URL"
#: src/pages/stages/identification/IdentificationStageForm.ts:104
#: src/pages/stages/identification/IdentificationStageForm.ts:103
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
@ -3871,7 +3877,7 @@ msgstr "When a valid username/email has been entered, and this option is enabled
msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
msgstr "When enabled, global Email connection settings will be used and connection settings below will be ignored."
#: src/pages/stages/identification/IdentificationStageForm.ts:95
#: src/pages/stages/identification/IdentificationStageForm.ts:94
msgid "When enabled, user fields are matched regardless of their casing."
msgstr "When enabled, user fields are matched regardless of their casing."

View file

@ -424,7 +424,7 @@ msgstr ""
msgid "Cancel"
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:92
#: src/pages/stages/identification/IdentificationStageForm.ts:91
msgid "Case insensitive matching"
msgstr ""
@ -1078,8 +1078,9 @@ msgstr ""
msgid "Either no applications are defined, or you don't have access to any."
msgstr ""
#: src/flows/stages/identification/IdentificationStage.ts:138
#: src/pages/events/TransportForm.ts:46
#: src/pages/stages/identification/IdentificationStageForm.ts:82
#: src/pages/stages/identification/IdentificationStageForm.ts:81
#: src/pages/user-settings/UserDetailsPage.ts:71
#: src/pages/users/UserForm.ts:61
#: src/pages/users/UserViewPage.ts:100
@ -1090,8 +1091,8 @@ msgstr ""
msgid "Email address"
msgstr ""
#: src/flows/stages/identification/IdentificationStage.ts:150
msgid "Email or Username"
#: src/flows/stages/identification/IdentificationStage.ts:145
msgid "Email or username"
msgstr ""
#: src/pages/stages/prompt/PromptForm.ts:51
@ -1137,7 +1138,7 @@ msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts:210
#: src/pages/sources/saml/SAMLSourceForm.ts:266
#: src/pages/stages/identification/IdentificationStageForm.ts:107
#: src/pages/stages/identification/IdentificationStageForm.ts:106
msgid "Enrollment flow"
msgstr ""
@ -1334,8 +1335,8 @@ msgstr ""
msgid "Fields"
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:85
msgid "Fields a user can identify themselves with."
#: src/pages/stages/identification/IdentificationStageForm.ts:84
msgid "Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources."
msgstr ""
#: src/pages/flows/FlowImportForm.ts:34
@ -1502,7 +1503,7 @@ msgstr ""
#: src/pages/sources/ldap/LDAPSourceForm.ts:167
#: src/pages/sources/ldap/LDAPSourceForm.ts:193
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:114
#: src/pages/stages/identification/IdentificationStageForm.ts:86
#: src/pages/stages/identification/IdentificationStageForm.ts:85
#: src/pages/stages/password/PasswordStageForm.ts:86
#: src/pages/stages/prompt/PromptStageForm.ts:87
#: src/pages/stages/prompt/PromptStageForm.ts:121
@ -1696,7 +1697,7 @@ msgstr ""
#: src/flows/stages/consent/ConsentStage.ts:28
#: src/flows/stages/dummy/DummyStage.ts:27
#: src/flows/stages/email/EmailStage.ts:26
#: src/flows/stages/identification/IdentificationStage.ts:133
#: src/flows/stages/identification/IdentificationStage.ts:170
#: src/flows/stages/password/PasswordStage.ts:31
#: src/flows/stages/prompt/PromptStage.ts:126
#: src/pages/applications/ApplicationViewPage.ts:43
@ -1749,8 +1750,8 @@ msgstr ""
#: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts:96
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:131
#: src/pages/stages/email/EmailStageForm.ts:170
#: src/pages/stages/identification/IdentificationStageForm.ts:120
#: src/pages/stages/identification/IdentificationStageForm.ts:138
#: src/pages/stages/identification/IdentificationStageForm.ts:119
#: src/pages/stages/identification/IdentificationStageForm.ts:137
#: src/pages/stages/password/PasswordStageForm.ts:106
#: src/pages/stages/prompt/PromptStageForm.ts:85
#: src/pages/stages/prompt/PromptStageForm.ts:118
@ -1771,7 +1772,7 @@ msgstr ""
msgid "Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP."
msgstr ""
#: src/flows/stages/identification/IdentificationStage.ts:145
#: src/flows/stages/identification/IdentificationStage.ts:182
msgid "Login to continue to {0}."
msgstr ""
@ -2157,11 +2158,11 @@ msgstr ""
msgid "Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON."
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:122
#: src/pages/stages/identification/IdentificationStageForm.ts:121
msgid "Optional enrollment flow, which is linked at the bottom of the page."
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:140
#: src/pages/stages/identification/IdentificationStageForm.ts:139
msgid "Optional recovery flow, which is linked at the bottom of the page."
msgstr ""
@ -2495,7 +2496,7 @@ msgstr ""
msgid "Recovery"
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:125
#: src/pages/stages/identification/IdentificationStageForm.ts:124
msgid "Recovery flow"
msgstr ""
@ -2701,6 +2702,10 @@ msgstr ""
msgid "Select an identification method."
msgstr ""
#: src/flows/stages/identification/IdentificationStage.ts:134
msgid "Select one of the sources below to login."
msgstr ""
#: src/pages/groups/MemberSelectModal.ts:68
msgid "Select users to add"
msgstr ""
@ -2799,7 +2804,7 @@ msgstr ""
msgid "Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable."
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:101
#: src/pages/stages/identification/IdentificationStageForm.ts:100
msgid "Show matched user"
msgstr ""
@ -3729,7 +3734,8 @@ msgstr ""
msgid "Userinfo URL"
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:79
#: src/flows/stages/identification/IdentificationStage.ts:142
#: src/pages/stages/identification/IdentificationStageForm.ts:78
#: src/pages/user-settings/UserDetailsPage.ts:57
#: src/pages/users/UserForm.ts:47
#: src/pages/users/UserViewPage.ts:84
@ -3851,7 +3857,7 @@ msgstr ""
msgid "Webhook URL"
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:104
#: src/pages/stages/identification/IdentificationStageForm.ts:103
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr ""
@ -3859,7 +3865,7 @@ msgstr ""
msgid "When enabled, global Email connection settings will be used and connection settings below will be ignored."
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts:95
#: src/pages/stages/identification/IdentificationStageForm.ts:94
msgid "When enabled, user fields are matched regardless of their casing."
msgstr ""

View file

@ -69,7 +69,6 @@ export class IdentificationStageForm extends Form<IdentificationStage> {
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${t`User fields`}
?required=${true}
name="userFields">
<select name="users" class="pf-c-form-control" multiple>
<option value=${IdentificationStageUserFieldsEnum.Username} ?selected=${this.isUserFieldSelected(IdentificationStageUserFieldsEnum.Username)}>
@ -79,7 +78,7 @@ export class IdentificationStageForm extends Form<IdentificationStage> {
${t`Email`}
</option>
</select>
<p class="pf-c-form__helper-text">${t`Fields a user can identify themselves with.`}</p>
<p class="pf-c-form__helper-text">${t`Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources.`}</p>
<p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="caseInsensitiveMatching">

View file

@ -16,7 +16,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte
To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.4 >> .env`
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.5 >> .env`
If this is a fresh authentik install run the following commands to generate a password:

View file

@ -41,7 +41,7 @@ image:
# %(type)s: Outpost type; proxy, ldap, etc
# %(version)s: Current version; 2021.4.1
name_outposts: "beryju/authentik-%(type)s:%(version)s"
tag: 2021.4.4
tag: 2021.4.5
serverReplicas: 1
workerReplicas: 1

View file

@ -11,7 +11,7 @@ version: "3.5"
services:
authentik_proxy:
image: beryju/authentik-proxy:2021.4.4
image: beryju/authentik-proxy:2021.4.5
ports:
- 4180:4180
- 4443:4443

View file

@ -14,7 +14,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
name: authentik-outpost-api
stringData:
authentik_host: "__AUTHENTIK_URL__"
@ -29,7 +29,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
name: authentik-outpost
spec:
ports:
@ -54,7 +54,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
name: authentik-outpost
spec:
selector:
@ -62,14 +62,14 @@ spec:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
template:
metadata:
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
spec:
containers:
- env:
@ -88,7 +88,7 @@ spec:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
image: beryju/authentik-proxy:2021.4.4
image: beryju/authentik-proxy:2021.4.5
name: proxy
ports:
- containerPort: 4180
@ -110,7 +110,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.4
app.kubernetes.io/version: 2021.4.5
name: authentik-outpost
spec:
rules: