Merge branch 'master' into next

This commit is contained in:
Jens Langhammer 2021-03-13 21:27:51 +01:00
commit fef5a5ca52
11 changed files with 209 additions and 58 deletions

View file

@ -13,6 +13,7 @@ redis:
ws_db: 2 ws_db: 2
debug: false debug: false
log_level: info log_level: info
# Error reporting, sends stacktrace to sentry.beryju.org # Error reporting, sends stacktrace to sentry.beryju.org

View file

@ -26,5 +26,5 @@ def invalidate_policy_cache(sender, instance, **_):
cache.delete_many(keys) cache.delete_many(keys)
LOGGER.debug("Invalidating policy cache", policy=instance, keys=total) LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
# Also delete user application cache # Also delete user application cache
keys = cache.keys(user_app_cache_key("*")) keys = cache.keys(user_app_cache_key("*")) or []
cache.delete_many(keys) cache.delete_many(keys)

View file

@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
self.fields["authentication_flow"].queryset = Flow.objects.filter( self.fields["authentication_flow"].queryset = Flow.objects.filter(
designation=FlowDesignation.AUTHENTICATION designation=FlowDesignation.AUTHENTICATION
) )
self.fields["authentication_flow"].required = True
self.fields["enrollment_flow"].queryset = Flow.objects.filter( self.fields["enrollment_flow"].queryset = Flow.objects.filter(
designation=FlowDesignation.ENROLLMENT designation=FlowDesignation.ENROLLMENT
) )
self.fields["enrollment_flow"].required = True
if hasattr(self.Meta, "overrides"): if hasattr(self.Meta, "overrides"):
for overide_field, overide_value in getattr(self.Meta, "overrides").items(): for overide_field, overide_value in getattr(self.Meta, "overrides").items():
self.fields[overide_field].initial = overide_value self.fields[overide_field].initial = overide_value

View file

@ -4,6 +4,7 @@ from typing import Any, Optional
from django.conf import settings from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.http import Http404, HttpRequest, HttpResponse from django.http import Http404, HttpRequest, HttpResponse
from django.http.response import HttpResponseBadRequest
from django.shortcuts import redirect from django.shortcuts import redirect
from django.urls import reverse from django.urls import reverse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
PLAN_CONTEXT_REDIRECT: final_redirect, PLAN_CONTEXT_REDIRECT: final_redirect,
} }
) )
if not flow:
return HttpResponseBadRequest()
# We run the Flow planner here so we can pass the Pending user in the context # We run the Flow planner here so we can pass the Pending user in the context
planner = FlowPlanner(flow) planner = FlowPlanner(flow)
plan = planner.plan(self.request, kwargs) plan = planner.plan(self.request, kwargs)
@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access, PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
} }
# We run the Flow planner here so we can pass the Pending user in the context # We run the Flow planner here so we can pass the Pending user in the context
if not source.enrollment_flow:
LOGGER.warning("source has no enrollment flow", source=source)
return HttpResponseBadRequest()
planner = FlowPlanner(source.enrollment_flow) planner = FlowPlanner(source.enrollment_flow)
plan = planner.plan(self.request, context) plan = planner.plan(self.request, context)
plan.append(in_memory_stage(PostUserEnrollmentStage)) plan.append(in_memory_stage(PostUserEnrollmentStage))

View file

@ -19,7 +19,7 @@ services:
networks: networks:
- internal - internal
server: server:
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3} image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
command: server command: server
environment: environment:
AUTHENTIK_REDIS__HOST: redis AUTHENTIK_REDIS__HOST: redis
@ -47,7 +47,7 @@ services:
env_file: env_file:
- .env - .env
worker: worker:
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3} image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
command: worker command: worker
networks: networks:
- internal - internal
@ -66,7 +66,7 @@ services:
env_file: env_file:
- .env - .env
static: static:
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.3.3} image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.3.3}
networks: networks:
- internal - internal
labels: labels:

View file

@ -0,0 +1,43 @@
---
title: Beta versions
---
You can test upcoming authentik versions by switching to the *next* images. These beta versions supported upgrades from the latest stable version, and have a supported upgrade plan to the next stable version.
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
<Tabs
defaultValue="docker-compose"
values={[
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Kubernetes', value: 'kubernetes'},
]}>
<TabItem value="docker-compose">
Add the following block to your `.env` file:
```shell
AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
AUTHENTIK_TAG=gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik
```
Afterwards, run the upgrade commands from the [release notes](../releases/next)
</TabItem>
<TabItem value="kubernetes">
Add the following block to your `values.yml` file:
```yaml
image:
name: docker.beryju.org/authentik/server
name_static: docker.beryju.org/authentik/static
name_outposts: docker.beryju.org/authentik
tag: gh-next
# pullPolicy: Always to ensure you always get the latest version
pullPolicy: Always
```
Afterwards, run the upgrade commands from the [release notes](../releases/next)
</TabItem>
</Tabs>

View file

@ -0,0 +1,84 @@
---
title: docker-compose configuration
---
These are all the configuration options you can set via docker-compose. These don't apply to Kubernetes, as those settings are configured via helm.
Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
## AUTHENTIK_LOG_LEVEL
Log level for the server and worker containers. Possible values: debug, info, warning, error
Defaults to `info`.
## AUTHENTIK_ERROR_REPORTING
- AUTHENTIK_ERROR_REPORTING__ENABLED
Enable error reporting. Defaults to `false`.
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
- AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
- AUTHENTIK_ERROR_REPORTING__SEND_PII
Whether or not to send personal data, like usernames. Defaults to `false`.
## AUTHENTIK_EMAIL
- AUTHENTIK_EMAIL__HOST
Default: `localhost`
- AUTHENTIK_EMAIL__PORT
Default: `25`
- AUTHENTIK_EMAIL__USERNAME
Default: `""`
- AUTHENTIK_EMAIL__PASSWORD
Default: `""`
- AUTHENTIK_EMAIL__USE_TLS
Default: `false`
- AUTHENTIK_EMAIL__USE_SSL
Default: `false`
- AUTHENTIK_EMAIL__TIMEOUT
Default: `10`
- AUTHENTIK_EMAIL__FROM
Default: `authentik@localhost`
Email address authentik will send from, should have a correct @domain
## AUTHENTIK_OUTPOSTS
- AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE
This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
## AUTHENTIK_AUTHENTIK
- AUTHENTIK_AUTHENTIK__AVATARS
Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
- AUTHENTIK_AUTHENTIK__BRANDING__TITLE
Branding title used throughout the UI. Defaults to `authentik`.
- AUTHENTIK_AUTHENTIK__BRANDING__LOGO
Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`

View file

@ -2,6 +2,6 @@
title: Installation title: Installation
--- ---
If you want to try out authentik, or only want a small deployment (< 100 Users), you should use [docker-compose](./docker-compose). If you want to try out authentik, or only want a small deployment you should use [docker-compose](./docker-compose).
If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes). If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).

View file

@ -59,6 +59,13 @@ config:
# Email address authentik will send from, should have a correct @domain # Email address authentik will send from, should have a correct @domain
from: authentik@localhost from: authentik@localhost
# Enable MaxMind GeoIP
# geoip:
# enabled: false
# accountId: ""
# licenseKey: ""
# image: maxmindinc/geoipupdate:latest
# Enable Database Backups to S3 # Enable Database Backups to S3
# backup: # backup:
# accessKey: access-key # accessKey: access-key
@ -86,15 +93,4 @@ ingress:
install: install:
postgresql: true postgresql: true
redis: true redis: true
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
postgresql:
postgresqlDatabase: authentik
redis:
cluster:
enabled: false
master:
persistence:
enabled: false
``` ```

View file

@ -0,0 +1,17 @@
---
title: Next
---
# TBD
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
### Kubernetes
Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml`.

View file

@ -14,8 +14,10 @@ module.exports = {
items: [ items: [
"installation/index", "installation/index",
"installation/docker-compose", "installation/docker-compose",
"installation/kubernetes", "installation/docker-compose-config",
"installation/reverse-proxy", "installation/reverse-proxy",
"installation/kubernetes",
"installation/beta",
], ],
}, },
{ {