Commit Graph

897 Commits

Author SHA1 Message Date
gcp-cherry-pick-bot[bot] d9aab79c62
providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) (#8106)
* providers/oauth2: fix CVE-2024-21637 (#8104)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-09 18:43:56 +01:00
gcp-cherry-pick-bot[bot] 3af77ab382
security: fix CVE-2023-48228 (cherry-pick #7666) (#7669)
security: fix CVE-2023-48228 (#7666)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-21 18:13:50 +01:00
Jens L ea75741ec2
security: fix oobe-flow reuse when akadmin is deleted (#7361)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	website/docs/releases/2023/v2023.10.md
2023-10-28 21:26:53 +02:00
Jens L b5b33ce8e9
website/docs: prepare 2023.8.3 release notes (#6843)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-11 18:54:58 +02:00
Jens L 3d1bf85587
website/docs: prepare 2023.8.2 release (#6731)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-01 16:09:42 +02:00
Jens L f57b3efcaa
policies/reputation: fix reputation not expiring (#6714)
* policies/reputation: fix reputation not expiring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some verbose names for models

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-31 13:46:00 +02:00
Jens L 9d894528e3
website: fix reference to flow stage binding option (#6701)
the option name was changed a while back but the docs still used the old name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 20:10:36 +02:00
Jens L 6246537e17
website: bump 2023.8.1 release notes (#6678)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 00:31:26 +02:00
Tana M Berry d291d16aac
website/docs: fix typos (#6672)
fix typos

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-08-29 16:49:40 -05:00
Jens L 782341441a
website: update 2023.8 release notes (#6666)
* update main release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-29 19:57:14 +02:00
Jens L aa874dd92a
security: fix CVE-2023-39522 (#6665)
* stages/email: don't disclose whether a user exists or not when recovering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 19:07:49 +02:00
Tana M Berry 87f65526e1
website/docs: Enterprise docs (#6632)
* new ent docs

* first drafts WIP

* Optimised images with calibre/image-actions

* more details added

* further updates

* tweaks

* better image

* Optimised images with calibre/image-actions

* fix typos

* final edits

* fixed formatting fail

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2023-08-29 16:57:29 +00:00
Marc 'risson' Schmitt 13e5495b55 website: resize images over 1080p
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-08-26 02:38:59 +02:00
Jens L e467a91f44
website/docs: update 2023.8 actually (#6591)
* add actual changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix source docs credentials

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-22 14:19:37 +02:00
Jens L d9f13e89c6
website: update release notes (#6590)
* move 2023.7 to 2023.8

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move version dropdown from navbar to sidebar, and only have it on applicable sites

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove title instead of just hiding it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some styling for the mobile navbar sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add social image

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* fix website tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2023-08-22 13:03:11 +02:00
Jens L 8bba3c0a9b
core: rework recursive group membership (#6017)
* rework checking group membership and add `user.all_groups` to get full list of groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor some more for better performance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate things to use all_groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix for django 4.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-18 17:31:39 +02:00
Sandeep Gadhiya 4693c50701
website/docs: Troubleshooting Whitelist Email and Web-Dev Setup Docs (#6426)
* Whitelist email troubleshooting docs

* update preview website command

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* refactor policies section

* refactor policies section

---------

Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>
Co-authored-by: sandeepgadhiya <sandeep.gadhiya@turtlemint.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-09 10:06:41 -05:00
risson c7537f9f32
web, website: compress images (#6121)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-08-02 12:06:03 +00:00
Jens L cc6824fd7c
core: bump django from 4.1.7 to 4.2 (#5238)
* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-01 19:30:28 +02:00
Jens L 30d32022e5
website/docs: expand beta beta / install docs (#6443)
* website/docs: expand beta beta / install docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-01 18:02:31 +02:00
r.e.e.c.h.e.e c0474a83d9
website/docs: update Docker Compose and Kubernetes installation guide (#6429)
* website/docs: Update docker-compose and beta install guide

* website/docs: Update kubernetes and beta install guide

* Update website/docs/installation/kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-31 15:17:54 -05:00
Jens L 33e7903699
website/docs: add architecture and persistence (#6250)
* website/docs: add architecture and persistence

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add note about kubernetes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* link to relevant parts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-31 11:21:33 +02:00
Thomas Moschny f2293c0f5b
website/docs: Update syntax in traefik standalone example (#6303)
* Update syntax in traefik standalone example

Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>

* One more syntax update

Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>

---------

Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
2023-07-26 10:56:31 +02:00
ChandonPierre d435a65cfd
outposts: support json patch for Kubernetes (#6319) 2023-07-22 02:29:28 +02:00
Jens L 9b7c30d44c
sources/ldap: fix ldap_sync cli command not running in foreground (#6325)
closes #6317

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-21 13:03:06 +02:00
Jens L 77662c9a51
website/docs: re-add goauthentik.io/user/can-change-* (#6251)
* website/docs: re-add goauthentik.io/user/can-change-*

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/user-group/user.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-14 16:28:37 +02:00
Jens L 57893e0125
website: update 2023.6.1 release notes (#6204)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-10 12:55:35 +02:00
Jens L 8828eefbe4
sources/ldap: fix page size (#6187)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-08 01:15:35 +02:00
Jens Langhammer e2bfcf8a6d
website: update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-06 18:47:24 +02:00
Jens L d22d147c8e
security: fix CVE-2023-36456 (#6171)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-06 18:16:26 +02:00
dependabot[bot] d14a2906f5
website: bump prettier from 2.8.8 to 3.0.0 in /website (#6155)
* website: bump prettier from 2.8.8 to 3.0.0 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* prettier

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-07-06 12:00:54 +02:00
Jens L fb8c4b97f4
website: update navbar, update 2023.6 changelog (#6136)
* website: update navbar, update 2023.6 changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-04 14:25:08 +02:00
Jens L f7d21b3aba
website: update 2023.6 release notes (#6053)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-23 15:32:49 +02:00
Jens L b0fbd576fc
security: cure53 fix (#6039)
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 22:25:04 +02:00
Jens L 01311929d1
providers/ldap: improve password totp detection (#6006)
* providers/ldap: improve password totp detection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flag for totp mfa support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep support for static tokens

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-20 12:09:13 +02:00
Jens L a2de6194e4
website/docs: correct LDAP StartTLS documentation (#5886)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 11:00:20 +02:00
Jens L 0ce41a1b2d
providers/ldap: add StartTLS support (#5861)
* providers/ldap: add StartTLS support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add starttls test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update form and docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add tls server name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
Tana M Berry b1de9f8d93
website/docs: add Note about wget command (#5770)
* add Note about wget

* added info about -) flag

* add review edits

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-06-06 02:21:27 -05:00
Thomas B ea1f92cb05
website/docs: Update troubleshooting login.md (#5814)
Update login.md

Added instructions to recover the key via cli

Signed-off-by: Thomas B <toolboxes909@gmail.com>
2023-06-05 11:16:53 +02:00
Jens L 7daf89be05
website/docs: prepare 2023.5.3 (#5824)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-01 19:34:56 +02:00
Jens L e8c2aabad0
website/docs: prepare 2023.5.2 release notes (#5777)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-28 12:45:50 +02:00
Tana M Berry 1ce482911b
website/docs: capitalize Beta and link to Rel Notes (#5753)
capitalize Beta and link to Rel Notes

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-05-25 11:18:27 -05:00
Jens L b4a3b266b3
website/docs: clarify troubleshooting headlines and order (#5696)
* website/docs: clarify troubleshooting headlines and order

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/troubleshooting/login.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-19 15:54:04 +02:00
Jens L 873aaf85f9
website/docs: prepare 2023.5.1 release notes (#5679)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-18 20:34:33 +02:00
Tana M Berry 8356ceaead
website/docs: added info about how to upgrade (#5589)
added info about how to upgrade

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-05-12 10:25:26 -05:00
Jens L 228197ea5e
website/docs: update 2023.5 release notes (#5526)
* website/docs: update 2023.5 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 13:45:25 +02:00
Jens L 61434c807d
stages/identification: auto-redirect to source when no user fields are selected (#5583)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-11 16:52:30 +02:00
risson 7265a56f05
root: switch sentry dsn to our relay (#5494)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-05-11 15:24:38 +02:00
Jens L c68a42f63b
website/docs: improve docs for OAuth2 device code flow (#5570)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:31 +02:00
Jens L 3704f4ccf4
core: disallow username and email changes by default (#5571)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:57:57 +02:00