Jens L
a6b16ecc68
lib: fix fallback_names migration not working when multiple objects n… ( #5637 )
...
lib: fix fallback_names migration not working when multiple objects need to be renamed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-16 22:17:56 +02:00
Jens Langhammer
8faec99bd6
release: 2023.5.0
2023-05-16 14:00:48 +02:00
tograss
557aadecc0
stages/authenticator_sms: Fix json serialization in send_generic ( #5630 )
...
stages/authenticator_sms: Fix SMS Authenticator Setup Stage with generic provider does not work without mapping
This fixes issue #5629 . Problem is/was that self.get_message(token) in send_generic returned a type django.utils.functional.lazy.<locals>.__proxy__ which is not json serializable.
2023-05-16 10:28:14 +00:00
Jens L
ff1510dedc
events: sanitize enums ( #5610 )
...
when importing a flow and returning logs, sometimes an enum might be included which is currently not sanitized and hence causes an exception
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-15 14:39:58 +02:00
Jens L
c3398004ff
blueprints: add meta models to schema ( #5611 )
...
these models were previously ignored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-15 14:39:48 +02:00
Jens L
47f09ac285
providers/scim: improve SCIM error messages ( #5600 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-15 14:39:27 +02:00
Jens L
6299fc7f81
root: migrate from os.path to Pathlib ( #5594 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 20:04:02 +02:00
Jens L
a032fd529b
events: don't include task uid in task metric ( #5595 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 20:03:52 +02:00
Jens L
ec78e56fbd
providers/scim: fix group patch schema ( #5596 )
...
the original request was made based on the sentry docs, which aren't actually correct
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 20:03:43 +02:00
Jens L
61434c807d
stages/identification: auto-redirect to source when no user fields are selected ( #5583 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-11 16:52:30 +02:00
risson
7265a56f05
root: switch sentry dsn to our relay ( #5494 )
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-05-11 15:24:38 +02:00
Tana M Berry
95df14106c
blueprints: further copy-edits ( #5559 )
...
another copy-edit
Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-05-11 13:48:27 +02:00
Jens L
91d78b0c7d
sources/oauth: re-fix reddit source ( #5582 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-11 13:48:11 +02:00
Jens L
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:44 +02:00
Jens L
3704f4ccf4
core: disallow username and email changes by default ( #5571 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:57:57 +02:00
Michael OBrien
eb071d4d90
providers/oauth2: add user UUID as subject option ( #5556 )
...
* providers/oauth2: add user UUID as subject option
* Added translations for new OAuth2 subject option
2023-05-10 17:50:13 +02:00
Jens L
1c04dc0986
providers/SCIM: patch group name ( #5564 )
...
* providers/scim: patch name when group put fails
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-raise ResourceMissing in group update to trigger recreation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 12:29:39 +02:00
Jens L
92fd6a55db
blueprints: adjust wording on managed field ( #5558 )
2023-05-09 23:41:42 +02:00
Jens L
b5b1ed5887
sources/oauth: fix reddit ( #5557 )
2023-05-09 23:41:24 +02:00
Jens L
eaa3d11df8
api: modular urls ( #5551 )
...
* api: make API urls modular
load API urls from app module's urls file instead of a single static file
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* refactor websocket url mounting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-09 14:46:47 +02:00
Jens L
9c25d72d61
providers/scim: fix scim_sync_all error ( #5539 )
...
* providers/scim: fix scim_sync_all error
closes #5538
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't use static names in tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 22:39:48 +02:00
Jens L
5ea54e8f7e
*: improve configuration error events ( #5523 )
...
* *: improve configuration error events
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* delete test-db when resetting
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 15:34:43 +02:00
Jens L
8215ee19c6
events: include event user in webhook notification ( #5524 )
...
* events: include event user in webhook notification
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update other transports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 15:34:21 +02:00
Jens L
7acd0558f5
core: applications backchannel provider ( #5449 )
...
* backchannel applications
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add webui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include assigned app in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve backchannel provider list display
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make ldap provider compatible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show backchannel providers in app view
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make backchannel required for SCIM
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-05-08 15:29:12 +02:00
Jens L
9f4be4d150
blueprints: support setting file URLs in blueprints ( #5510 )
...
* blueprints: support setting file URLs in blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make new fields not required
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include conditional fields in schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-08 15:07:00 +02:00
Jens L
7df0e88b9d
events: cleanse http query string in events ( #5508 )
...
* events: cleanse http query string in events
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-07 20:11:36 +02:00
Jens L
53f827b54f
blueprints: specify schema for blueprint metadata ( #5509 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-07 20:11:18 +02:00
Jens L
2a2e159a0d
blueprints: improve schema generation by including model schema ( #5503 )
...
* blueprints: improve schema generation by including model schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unset required
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-07 12:32:01 +02:00
Jens L
564b2874a9
providers/oauth2: use simpler charset for refresh tokens ( #5502 )
...
various implementations might have issues with the special chars
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-07 00:19:11 +02:00
Jens L
b99ce890ef
providers/scim: fix missing user/group filtering on SCIM direct save signals ( #5473 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-04 02:28:58 +03:00
Jens L
5509bce3d7
blueprints: ignore hidden files in discovery ( #5472 )
...
blueprints: ignore hidden files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-04 02:16:48 +03:00
Jens L
3f607ee2c8
policies: make policy engine modes consistent with database values ( #5462 )
...
* policies: make policy engine modes consistent with database values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix in ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-03 18:16:16 +03:00
DerGardine
a2994218e4
sources/oauth: add patreon type ( #5452 )
...
* Models Update to include Patreon as Social Sign On
Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests, use vanity as username
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-03 13:49:43 +03:00
Jens L
bb8b87fcb3
providers/scim: improve compatibility ( #5425 )
...
* providers/scim: improve compatibility
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-30 19:43:24 +03:00
Jens L
f36a5a053f
root: fix import error on non debug builds ( #5424 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-30 16:36:43 +03:00
Jens L
0b0e08446d
blueprints: fix tests ( #5421 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-30 14:08:36 +03:00
Jens L
af7cc8d42d
blueprints: fix error when imported blueprint is invalid ( #5414 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 22:44:19 +03:00
Jens L
5830781a5a
root: add websocket logging ( #5408 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 20:34:34 +03:00
Jens L
ecce31ee87
providers/scim: correctly handle 404 by re-creating object ( #5405 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 14:36:21 +03:00
Jens L
967a38b7ac
crypto: make name field unique to prevent double certs ( #5406 )
...
* crypto: make name field unique to prevent double certs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-28 14:35:59 +03:00
Jens L
9d1ad104ec
outposts: make state more consistent ( #5403 )
2023-04-28 13:53:07 +03:00
Jens L
54d508ae8c
ci: fix pyright errors ( #5392 )
...
* ci: fix pyright errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error in oauth 1 source
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove redundant blueprint fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 17:33:47 +03:00
Jens L
7b0d8f8991
providers/scim: ensure scim group member isn't None ( #5391 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 15:03:50 +03:00
Jens L
4426cbec34
policies: clear app cache when writing user, groups, policies ( #5371 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-25 15:24:47 +03:00
Jens L
5970a6e2a2
events: always run policies for notification rules even if no group is selected ( #5353 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-23 19:10:22 +03:00
Jens L
480f5c2aac
ci: add log grouping ( #5342 )
...
* ci: add log grouping
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* try to group structlog output
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* earlier hooks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hmm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disable beats integration for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test container logs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 19:06:11 +03:00
Jens L
e75e2cf324
website/docs: flow context docs ( #5243 )
...
* add flow context docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup some redundant things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* added more section headers
* tweaked new headings
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* add more keys, use dedicated prefix for internal keys
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set toc_max_heading_level: 5
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update datatypes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more consistent header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
* Update website/docs/flow/context/index.md
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-20 17:31:34 +00:00
Jens L
4671d4afb4
enterprise: initial license ( #5293 )
...
* enterprise: add enterprise license and app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add license and terms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't build enterprise into docker for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-19 16:13:45 +02:00
sdimovv
ee6edec1d8
stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields ( #5095 )
...
* Added initial_value to model
* Added initial_value to admin panel
* Added initial_value support to flows; updated tests
* Updated default blueprints
* update docs
* Fix test
* Fix another test
* Fix yet another test
* Add placeholder migration
* Remove unused import
2023-04-19 12:27:51 +02:00
Jens L
dfa80543b5
root: add ruff linter ( #5240 )
...
* root: add ruff linter
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually add ruff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-18 13:28:19 +02:00
Jens L
ce5f6d5d43
release: Version 2023.4 ( #5283 )
...
* release: 2023.4.0
* release: 2023.4.1
2023-04-18 10:45:17 +02:00
Jens L
8160663214
release: 2023.4.0 ( #5254 )
2023-04-14 13:20:22 +02:00
Jens L
6a700cb376
core: fix user metrics for users which can't access events ( #5252 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 11:20:26 +02:00
Jens L
a5098364eb
events: unpack wrapped query from FlowExecutor ( #5244 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 00:07:41 +02:00
Jens L
6a74fa11c6
providers/oauth2: inconsistent client secret generation ( #5241 )
...
* use simpler char set for client secret
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also adjust radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use similar logic in web to generate ids and secrets
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont use math.random
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 15:06:28 +02:00
Jens L
f84a10b59b
core: revert django update ( #5236 )
...
* Revert "core: bump django from 4.1.7 to 4.2 (#5151 )"
This reverts commit 18a4eac527
.
* run unittests with postgres 11 and 12
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 14:10:12 +02:00
dependabot[bot]
18a4eac527
core: bump django from 4.1.7 to 4.2 ( #5151 )
...
* core: bump django from 4.1.7 to 4.2
Bumps [django](https://github.com/django/django ) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.1.7...4.2 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* upgrade to psycopg3, use custom engine for prometheus metrics
See https://github.com/korfuri/django-prometheus/issues/350
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scripts use pscopg3
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-11 15:00:27 +02:00
Jens L
1ca8feb5fc
sources/ldap: make schema optional ( #5213 )
...
* sources/ldap: make schema optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* create one connection and re-use it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use magicmock
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-10 21:55:56 +02:00
Jens L
8b78570597
outposts: run containers as non root ( #5212 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-09 21:39:07 +02:00
Jens L
977757f561
policies: provider raw result for better policy reusability ( #5189 )
...
* policies: include raw_result in PolicyResult
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move ak_call_policy to base evaluator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-06 09:42:29 +02:00
Jens L
711e98d049
stages/identification: revert is_active check ( #5183 )
2023-04-05 15:49:35 +02:00
Jens L
132a353b92
outposts: set k8s deployment security context ( #5163 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-05 13:36:46 +02:00
dependabot[bot]
fb4808418c
core: bump sentry-sdk from 1.18.0 to 1.19.0 ( #5169 )
...
* core: bump sentry-sdk from 1.18.0 to 1.19.0
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/1.18.0...1.19.0 )
---
updated-dependencies:
- dependency-name: sentry-sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* use new features
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-04 15:29:09 +02:00
Jens L
02f75a92ce
lifecycle: don't use celery ping for worker healthcheck ( #5153 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-03 18:15:31 +02:00
Ongy
adcd11b1f8
core: extend postgres configuration ( #5138 )
...
Add postgres configuration options to control
TLS verification and client certificates.
2023-04-02 17:39:36 +02:00
sdimovv
6192d01b7e
stages: Add ability to set user friendly names for MFA stages ( #5005 )
...
* Added ability to name MFA stage
* Schema
* Changed Charfield to Textfield
* Regenerated schema
* Add explicit required
* set null instead of blank so title check works
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add help text and adjust wording
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-02 16:52:44 +02:00
Jens L
5947c7b97e
stages/user_write: improve error handling ( #5136 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-31 23:59:37 +02:00
Jens L
75510ead84
core: fix app launch URL flow selection ( #5113 )
2023-03-30 02:10:25 +02:00
dependabot[bot]
73bf6fd530
core: bump channels-redis from 4.0.0 to 4.1.0 ( #5115 )
...
* core: bump channels-redis from 4.0.0 to 4.1.0
Bumps [channels-redis](https://github.com/django/channels_redis ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/django/channels_redis/releases )
- [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels_redis/compare/4.0.0...4.1.0 )
---
updated-dependencies:
- dependency-name: channels-redis
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove channels <4.1 workaround
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-30 00:08:07 +02:00
Jens L
1d2725825c
providers/scim: add missing default fields ( #5108 )
...
* providers/scim: add missing default fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4554
* update tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-28 14:42:52 +02:00
Jens L
4218ece2a5
stages/authenticator_validate: fix stage not working without pending user ( #5096 )
...
closes #5094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-27 23:08:55 +02:00
Jens L
b097cf4d7e
providers/scim: fix error when user-group m2m is updated forward ( #5082 )
...
* providers/scim: fix error when user-group m2m is updated forward
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 22:34:53 +02:00
Jens L
5c0d7f9a58
web/admin: fix error when creating bindings due to hidden inputs ( #5081 )
...
* web/admin: fix error when creating bindings due to hidden inputs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 18:58:02 +02:00
Jens L
6437fbc814
web/admin: prompt preview ( #5078 )
...
* add initial prompt preview
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't flood api with requests when fields are changeed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-25 22:31:48 +01:00
risson
1957717160
providers: Add ability to choose a default authentication flow ( #5070 )
...
* core: add ability to choose a default authentication flow for a provider
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* update web to use correct ak-search-select
I don't think this element existed when the PR was initially created, lol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only use provider authentication flow for authentication designation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-24 13:26:00 +01:00
Jens L
da3222df07
core: fix websocket url path ( #5019 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-21 00:20:48 +01:00
Jens L
54cacd784c
*: load websocket paths similarly to URLs ( #5018 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 23:39:25 +01:00
Jens L
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
sdimovv
16a03160d0
core: Add unique constraint to user UUID ( #5004 )
2023-03-20 00:33:08 +01:00
sdimovv
8b52d711e8
stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields ( #4822 )
...
* Added radio-button prompt type in model
* Add radio-button prompt
* Refactored radio-button prompt; Added dropdown prompt
* Added tests
* Fixed unrelated to choice fields bug causing validation errors; Added more tests
* Added description for new prompts
* Added docs
* Fix lint
* Add forgotten file changes
* Fix lint
* Small fix
* Add text-area prompts
* Update authentik/stages/prompt/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/stages/prompt/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fix inline css
* remove AKGlobal, update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-19 18:56:17 +01:00
Jens L
97df7848a5
blueprints: allow setting of token key in blueprint context ( #4995 )
...
closes #4717
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-18 00:10:12 +01:00
Jens L
e2d3a95c80
web: full web components part 1 ( #4964 )
...
* migrate loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate api browser
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate base css
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move tenant fetching to base interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* import pre-loaded stages in flow interface and not executor to strip down executor size
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix redirect and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-17 23:10:19 +01:00
Jens L
8363016982
version: 2023.3 ( #4980 )
...
* release: 2023.3.0
* providers/ldap: fix duplicate attributes (#4972 )
closes #4971
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/oauth2: fix response for response_type code and response_mode fragment (#4975 )
* web/flows: fix authenticator selector in dark mode (#4974 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* release: 2023.3.1
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 22:43:57 +01:00
Jens L
2a399cf8e8
providers/oauth2: fix response for response_type code and response_mode fragment ( #4975 )
2023-03-16 15:58:38 +01:00
Jens L
eaf56f4f3f
stages/user_login: stay logged in ( #4958 )
...
* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
Jens L
9310d4cdc0
*: fix mismatched task names for discovery, make output service connection task monitored ( #4956 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:12:08 +01:00
Jens L
86f9056d3f
core: fix url validator ( #4957 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:00:57 +01:00
Jens L
73d7b5f110
root: add common fixture loader ( #4946 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-14 17:13:03 +01:00
Jens L
4b1440944e
providers: fix authorization_flow not required in API ( #4932 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 23:36:24 +01:00
Jens L
59a92dbacd
stages/authenticator_webauthn: remove credential_id size limit ( #4931 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 21:24:10 +01:00
Jens L
6f6d22da13
release: 2023.3.0 ( #4925 )
2023-03-13 19:10:48 +01:00
Jens L
fab6a8f8c9
stages/user_login: expiry before login ( #4920 )
...
* stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 15:31:06 +01:00
Jens L
178bfe1d44
providers/scim: handle ServiceProviderConfig 404 ( #4915 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 13:44:29 +01:00
Jens L
94f22cffba
root: fix session middleware for websocket connections ( #4909 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 16:47:19 +01:00
Jens L
10b7d78825
events: set task start time before start not on init ( #4908 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 15:13:04 +01:00
dependabot[bot]
0ef333f8ea
core: bump bandit from 1.7.4 to 1.7.5 ( #4896 )
...
* core: bump bandit from 1.7.4 to 1.7.5
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-10 12:06:59 +01:00
Jens L
86bb2afd02
core: add validator which allows for URLs with formatting ( #4890 )
2023-03-10 00:16:17 +01:00
Jens L
b6b820f6f1
web: toggle dark/light theme manually ( #4876 )
2023-03-09 23:17:53 +01:00
Jens L
6ae2fc9668
providers/SCIM: customizable externalId, document behavior ( #4868 )
...
* only set externalId if mapping hasn't set it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better document use of SCIM in conjunction with OAuth/SAML
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-08 00:15:16 +01:00
Jens L
67f3db1e03
core: enforce unique on names where it makes sense ( #4866 )
...
enforce unique on names where it makes sense
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 23:52:34 +01:00
Jens L
9559bc2e1e
providers/scim: add option to filter out service accounts, parent group ( #4862 )
...
* add option to filter out service accounts, parent group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to filter group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework sync card to show scim sync status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 15:39:48 +01:00
Jens L
28ddeb124f
providers: SCIM ( #4835 )
...
* basic user sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group sync and some refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow null authorization flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task monitored
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing dependency
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make authorization_flow required for most providers via API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make task result better readable, exclude anonymous user
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scheduled task for all sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scim errors more readable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mappings, migrate to mappings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mapping UI and more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim docs to web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start implementing membership
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate signals to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate fully to tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* strip none keys, fix lint errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix saml
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add scim schemas and validate against it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add group put support, add group tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* send correct application/scim+json headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* stop sync if no mappings are confiugred
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for task sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add membership tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use decorator for tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make tests better
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
dependabot[bot]
e08536af33
web: bump mermaid from 10.0.1 to 10.0.2 in /web ( #4837 )
...
* web: bump mermaid from 10.0.1 to 10.0.2 in /web
Bumps [mermaid](https://github.com/mermaid-js/mermaid ) from 10.0.1 to 10.0.2.
- [Release notes](https://github.com/mermaid-js/mermaid/releases )
- [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/mermaid-js/mermaid/compare/v10.0.1...v10.0.2 )
---
updated-dependencies:
- dependency-name: mermaid
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix failing bandit check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-03 10:27:16 +01:00
Jens L
9370d155f8
sources/plex: fix check_token error unusable if token is empty ( #4834 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 22:21:54 +00:00
Jens L
972dce1462
security: fix CVE-2023-26481 ( #4832 )
...
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 20:15:33 +01:00
Jens L
7b44d8972f
stages/authenticator_sms: fix twilio sending, add test ( #4829 )
...
closes #4823
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 14:39:28 +01:00
sdimovv
a6eba37d5a
core: Add resolve_dns
and reverse_dns
functions to evaluator ( #4769 )
...
* Add resolve_dns
* Add reverse_dns
* Fix lint
* add caching, small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Added time-aware LRU cache
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-01 22:15:13 +01:00
Jens L
20e971f5ce
flows: planner error handling ( #4812 )
...
* handle FlowNonApplicableException everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make flow planner check authentication when no pending user is in planning context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mailhog to e2e test services, remove local docker requirement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-28 15:18:29 +01:00
Jens L
118765ab30
web: fetch custom.css via fetch and add stylesheet ( #4804 )
...
* web: fetch custom.css via fetch and add stylesheet
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't hardcode path
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 19:54:19 +01:00
Jens L
5e60db8593
providers/oauth2: fix typo ( #4803 )
2023-02-27 17:17:48 +01:00
Jens L
39d0893303
flows: change default flow stage binding settings ( #4784 )
...
* flows: change default flow stage binding settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fallback to correct value
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 15:21:26 +01:00
Jens L
596ff529c4
core: bootstrap email ( #4788 )
2023-02-26 17:02:45 +01:00
Jens L
26f3275361
sources/ldap: improve error handling for password complexity ( #4780 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-24 10:39:43 +00:00
Jens L
b7e4ad7234
web/user: fix source connections not being filtered ( #4778 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-24 10:22:02 +00:00
Jens L
80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-23 15:26:41 +01:00
Jens L
122055b38b
stages/user_login: terminate others ( #4754 )
...
* rework session list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use sender filtering for signals when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add terminate_other_sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:09:28 +01:00
sdimovv
c4e24c04f6
core: Improve service account creation ( #4751 )
...
* Added ability to select service account token expiration on creation
* Added call to user.set_unusable_password on service account creation
* Added forgotten call to save()
* Added and improved existsing tests
* Added accidentally deleted help text
* Fix lint
2023-02-22 13:19:01 +01:00
Jens Langhammer
1f7178c3a8
providers/oauth2: remove unused import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 11:11:20 +01:00
Jens Langhammer
cfa2edebcf
providers/oauth2: revert PKCE requirement for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 23:51:27 +01:00
sdimovv
175502b053
core: Fix bug causing whitespace only names to raise exception when generating avatars ( #4746 )
...
Fix bug causing whitespace only names to raise exception when generating avatars
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2023-02-21 16:19:19 +01:00
Jens Langhammer
9e82de33e6
lib: remove unused imports
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 11:00:54 +01:00
Jens Langhammer
d2cfb76a7c
root: don't trace websockets to sentry
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 21:32:35 +01:00
Jens Langhammer
327d87355d
lib: improve caching of gravatar status
...
closes #4711
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 12:41:09 +01:00
Jens Langhammer
b415e9b773
core: remove avatar from group user member list
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4711
2023-02-20 12:40:42 +01:00
Jens Langhammer
1ac2e924a2
core: fix error when creating token without request in context
...
closes #4716
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:31:20 +01:00
Jens Langhammer
0874574e5c
*: add additional prometheus metrics, remove unusable high entropy metrics
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:08:40 +01:00
Jens Langhammer
069e9c015b
events: fix m2m_change events not being logged
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 16:28:30 +01:00
Jens Langhammer
c6ead3dc49
providers/oauth2: make PKCE required for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:39 +01:00
Jens Langhammer
f749027143
root: don't log django request warnings
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:18 +01:00
Jens Langhammer
153bd3aaf1
sources/oauth: fix not all token errors being logged with response
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 13:22:41 +01:00
Jens Langhammer
1a57d453ba
providers/oauth2: fix missing information for Revoked token access events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-16 14:47:07 +01:00
Jens Langhammer
d842fc4958
release: 2023.2.2
2023-02-15 19:53:42 +01:00
Jens Langhammer
bff34cc5dc
root: use channel send workaround for sync sending of websocket messages
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:08:01 +01:00
Jens Langhammer
7f009f6d02
flows: include flow authentication requirement in diagram
...
closes #4533
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:04:45 +01:00
Jens Langhammer
c8c401e2c5
lib: don't try to cache generated avatar with full user, only cache with name
...
closes #4690
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 10:49:13 +01:00
Jens Langhammer
80de3ee853
release: 2023.2.1
2023-02-14 18:52:36 +01:00
Jens Langhammer
deb91bd12b
sources/ldap: add LDAP Debug endpoint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 16:06:54 +01:00
Jens Langhammer
81d70e5d41
release: 2023.2.0
2023-02-14 13:15:47 +01:00
Jens L
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 16:34:47 +01:00
Jens Langhammer
925477b3a2
policies: raise sentry-ignored error for invalid PolicyEngine parameters
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:23:07 +01:00
Jens Langhammer
cefc1a57ee
core: handle error when cleaning up sessions and cached session can't be loaded
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:22:34 +01:00
Jens Langhammer
53b25d61f7
events: use colon as separator for task name and task UID
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 12:06:29 +01:00
Jens Langhammer
1240ed6c6d
providers/oauth2: fix inconsistency in event client_credentials created events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 11:17:03 +01:00
Jens Langhammer
4f868c2ef2
events: dont log oauth temporary model creation
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 16:55:45 +01:00
sdimovv
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
Jens Langhammer
c5870fcab2
core: fix missing uniqueness validator on user api
...
closes #4665
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:51 +01:00
Jens Langhammer
8850446bc2
admin: fix schema generation warning
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:48 +01:00
sdimovv
10b9878f03
providers/saml: fix mismatched SAML SLO Urls ( #4655 )
...
* Fix SLO URL
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fixed SAML SLO URLs
* Revert "Fix SLO URL"
This reverts commit 664051934b
.
---------
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2023-02-10 20:30:38 +01:00
Jens Langhammer
8de92943ab
providers/saml: fix invalid SAML provider metadata, add schema tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-10 12:32:18 +01:00
Jens L
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer
1be792fbd8
policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria
...
closes #4643
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 23:29:59 +01:00
Jens Langhammer
ec9085ff06
providers/oauth2: don't use policy cache for token requests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 23:53:50 +01:00
Jens Langhammer
00a16bee76
web/elements: add dropdown css to DOM directly instead of including
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 23:32:54 +01:00
Jens Langhammer
66aabcc371
providers/oauth2: fix token login event args not set correctly
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 00:45:54 +01:00
Jens Langhammer
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
Jens L
798245b8db
providers/oauth2: optimise client credentials JWT database lookup ( #4606 )
2023-02-02 19:15:19 +01:00
Jens Langhammer
f98b5b651b
admin: remove import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 14:19:25 +01:00
Jens Langhammer
2113029a14
admin: allow post to system info api endpoint for debugging
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
dependabot[bot]
c590cb86cf
core: bump pylint from 2.15.10 to 2.16.0 ( #4600 )
...
* core: bump pylint from 2.15.10 to 2.16.0
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:05:46 +01:00
Jens Langhammer
dbf2bd5aba
blueprints: handle error when blueprint entry identifier field does not exist
...
closes #4588
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:45:36 +01:00
Jens Langhammer
f2386f126e
core: fix inconsistent branding in end_session view
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4586
2023-02-01 19:40:59 +01:00
Jens Langhammer
ffc97905f3
events: prevent error when request fails without response
...
closes #4589
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:40:02 +01:00
dependabot[bot]
18cfe67719
core: bump black from 22.12.0 to 23.1.0 ( #4584 )
...
* core: bump black from 22.12.0 to 23.1.0
Bumps [black](https://github.com/psf/black ) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* re-format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 11:31:32 +01:00
Jens Langhammer
e5ba5d51fe
events: improve sanitising for tuples and sets
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-31 19:19:22 +01:00
Ellis Percival
eb60bba0d5
providers/oauth2: cast user.pk to string when using it for token 'sub' value ( #4570 )
2023-01-30 15:38:10 +00:00
Aaron Carson
c05d6b96a2
stages/prompt: set UUID to be a string ( #4563 )
2023-01-30 00:02:12 +01:00
Jens Langhammer
72168fae29
providers/oauth2: add user id as "sub" mode
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:15:03 +01:00
Jens Langhammer
96eeb91493
providers/oauth2: only set auth_time in ID token when a login event is stored in the session
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-29 16:00:19 +01:00
Jens L
627e8a250e
tests: run e2e tests in random order ( #4550 )
...
* run e2e tests randomly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test_ldap_bind_search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:53 +01:00
Jens Langhammer
ecb1ce8135
core: fix token's set_key accessing data incorrectly
...
also add tests
closes #4551
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-27 23:57:35 +01:00
Jens Langhammer
5631a99f00
stages/prompt: fallback to uuid for unique names
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 23:29:26 +01:00
Jens Langhammer
36f8f8bae5
stages/prompt: fix mismatched name field in migration
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:46:40 +01:00
Jens Langhammer
68058fb2ae
stages/authenticator_validate: fix error with passwordless webauthn login, improve tests
...
closes #4527
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-25 14:45:00 +01:00
Jens L
53b65a9d1a
stages/prompt: field name ( #4497 )
...
* add prompt field name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove numerical prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use text field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrate blueprint to remove old stages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add task to remove unretrievable blueprints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix blueprint test paths
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix fixtures
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 12:23:22 +01:00
Jens Langhammer
16076cc46f
outposts: fallback to ghcr
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-24 10:47:30 +01:00
Jens Langhammer
b2d272bf6f
api: fix lint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 20:19:03 +01:00
Jens Langhammer
31ef6fb6a6
core: delete session when user is set to inactive
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
Jens Langhammer
c9c059a008
api: ensure user is active when authenticating
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 16:24:30 +01:00
Jens Langhammer
9397598376
release: 2023.1.2
2023-01-23 14:25:55 +01:00
Jens Langhammer
91ffe4e7f9
stages/user_write: fix migration setting wrong value, fix form
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:05:41 +01:00
Jens Langhammer
430a207865
release: 2023.1.1
2023-01-23 11:34:58 +01:00
Jens Langhammer
1ce2a1b846
stages/email: update tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 10:43:49 +01:00
Loan J
4731ccfafe
stages/email: fix a typo in email template ( #4485 )
...
fix a typo in main content
Signed-off-by: Loan J <joliveau.loan@gmail.com>
Signed-off-by: Loan J <joliveau.loan@gmail.com>
2023-01-23 10:22:49 +01:00
jmptbl
c1b9b5c5e2
stages/authenticator_totp: url quote TOTP issuer instead of slugifying ( #4482 )
...
* Fix TOTP issuer mangling
* Fix OTP issuer mangling
* sort imports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 16:37:47 +00:00
Jens Langhammer
b288393cd4
stages/invitation: handle incorrectly formatted token
...
closes #4481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-22 00:03:39 +01:00
Jens Langhammer
5736a1542c
stages/authenticator_sms: fix code not being sent when phone_number is in context
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 20:19:23 +01:00
Jens Langhammer
fc8fe5317a
stages: always use get_pending_user instead of getting context user
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:21 +01:00
Jens L
c61529e4d4
sources/ldap: add e2e LDAP source tests ( #4462 )
...
* start adding more LDAP source tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve healthcheck
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* try local webdriver
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add full samba tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix locale types
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 15:03:56 +01:00
Jens Langhammer
a302a72379
crypto: fallback when no SAN values are given
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 19:40:24 +01:00
Jens L
e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests ( #4463 )
...
* add option to exclude x5*
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4082
* cleanup jwks, add flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add workaround based on https://github.com/jpadilla/pyjwt/issues/709
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't rstrip hashes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keycloak seems to strip equals
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:11:36 +00:00
Jens Langhammer
60189ce9ca
add tests to prevent empty SAN
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:59:10 +01:00
Jens Langhammer
fdc445e6a1
ensure we don't generate an empty SAN certificate
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 18:44:41 +01:00
Jens Langhammer
49b6c71079
release: 2023.1.0
2023-01-18 15:49:45 +01:00
Jens Langhammer
6e0c9acb34
events: exclude base models from model audit log
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:11:33 +01:00
Jens L
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens L
c73fce4f58
sources/ldap: manual import ( #4456 )
...
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
Jens L
9568f4dbd6
root: improve code style ( #4436 )
...
* cleanup pylint comments
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix url name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* *: use ExtractHour instead of ExtractDay
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-15 17:02:31 +01:00
Jens Langhammer
143309448e
policies: ensure user is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:24:46 +01:00
Jens Langhammer
1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 20:22:06 +01:00
Jens Langhammer
1b1f2ea72c
providers/oauth2: actually fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:58:24 +01:00
Jens Langhammer
6e1a54753e
providers/oauth2: fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:56:12 +01:00
Jens Langhammer
67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:43 +01:00
Jens Langhammer
d37de6bc00
policies: log full stacktrace
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:21 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer
31c6ea9fda
providers/oauth2: don't allow spaces in scope_name
...
closes #4094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:20:37 +01:00
Jens L
20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes ( #4429 )
...
* providers/oauth2: correctly fill claims_supported based on selected scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add nonce claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 14:14:25 +01:00
Jens L
36822c128c
admin: include task duration in API ( #4428 )
...
include task duration in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 13:21:49 +01:00
Jens Langhammer
81e9f2d608
web/admin: fix overflow in aggregate cards
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 14:12:02 +01:00
Jens L
67a6fa6399
events: rework metrics ( #4407 )
...
* rework metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* change graphs to be over last week
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix Apps with most usage card
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 12:21:07 +01:00
Jens L
1ed24a5eef
blueprints: internal storage ( #4397 )
...
* rework oci client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add blueprint content
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make path optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-10 22:00:34 +01:00
Jens Langhammer
b555ccd549
sources/ldap: don't run membership sync if group sync is disabled
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4392
2023-01-09 17:19:50 +01:00
Jens Langhammer
9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups
...
closes #4392
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 17:17:48 +01:00
Jens Langhammer
a1be924fa4
*: strip leading and trailing whitespace when reading config values from files
...
also add a debug endpoint that dumps the go parsed config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 15:29:22 +01:00
Jens Langhammer
47aba4a996
crypto: prevent creation of duplicate self-signed default certs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 16:51:07 +01:00
Jens Langhammer
001869641d
web: ensure img tags have alt attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:44:51 +01:00
Jens Langhammer
bec538c543
sources/ldap: make task timeout adjustable
...
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
sdimovv
c63ba3f378
blueprints: Fix resolve model_name in !Find
tag ( #4371 )
...
Resolve model_name in !Find tag
2023-01-06 09:49:28 +01:00
sdimovv
53cab07a48
blueprints: Add !Enumerate
, !Value
and !Index
tags ( #4338 )
...
* Added For and Item tags
* Removed Sequence node support from ForItem tag
* Added ForItemIndex tag
* Added support for iterating over mappings
* Added support for mapping output body
* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index
* Refactored tests
* Formatting
* Improved exception info
* Improved error handing
* Added docs
* lint
* Small doc improvements
* Replaced deepcopy() call with call to copy()
* Fix mistake in docs example
* Fix missed "!" in example
2023-01-05 21:36:19 +01:00
Jens L
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
Jens L
e6b5810e03
polices/hibp: remove deprecated ( #4363 )
...
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer
78b711ec9d
Merge branch 'version-2022.12'
2023-01-05 10:41:54 +01:00
Jens Langhammer
ac07833688
release: 2022.12.2
2023-01-05 10:01:30 +01:00
Jens Langhammer
730139e43c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:09 +01:00
Jens L
24e8915e0a
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:06 +01:00
Jens Langhammer
3e7320734c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:26:55 +01:00
Jens L
3131e557d9
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:04:16 +01:00
Jens L
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Jens L
1e01e9813d
providers/saml: add prefix to entity descriptor ( #4355 )
...
add prefix to entity descriptor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 16:44:52 +01:00
Jens Langhammer
e887a315be
providers/oauth2: correctly advertise supported response_modes_supported
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:21:34 +01:00
Jens Langhammer
4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token
...
closes #4339
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:41:18 +01:00
Jens Langhammer
57400925a4
providers/saml: don't error if no request in API serializer context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:14:16 +01:00
Jens Langhammer
2dc0792d9e
stages/email: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 09:28:26 +01:00
Jens Langhammer
fde848ee51
admin: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 00:12:14 +01:00
Jens Langhammer
e9d52282b7
admin: use matching environment for system API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:58:12 +01:00
Jens Langhammer
c810628fe3
stages/email: use pending user correctly
...
closes #4318
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:57 +01:00
Jens Langhammer
de0a5191f7
core: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:42 +01:00
Jens Langhammer
93e20bce2e
core: don't use inline_serializer for user operations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:16:44 +01:00
Jens Langhammer
960a2aab74
crypto: fix type for has_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:14:19 +01:00
Jens Langhammer
2cae6596eb
core: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:01:08 +01:00
Jens Langhammer
11b1eb4173
stages/email: make template tests less flaky
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:00:32 +01:00
Jens Langhammer
3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:43:44 +01:00
Jens Langhammer
9fdfb8c99b
stages/dummy: add toggle to throw error for debugging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:25:53 +01:00
Jens Langhammer
5cab280759
stages/captcha: fix captcha not loading correctly, add tests
...
closes #4320
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:15:41 +01:00
Jens Langhammer
9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 20:38:15 +01:00
Jens Langhammer
2c42c87689
release: 2022.12.1
2022-12-30 13:43:42 +01:00
dependabot[bot]
8262a47455
core: bump packaging from 21.3 to 22.0 ( #4181 )
...
* core: bump packaging from 21.3 to 22.0
Bumps [packaging](https://github.com/pypa/packaging ) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0 )
---
updated-dependencies:
- dependency-name: packaging
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove LegacyVersion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 12:07:25 +01:00
Jens L
bd56922a2f
blueprints: watch blueprints directory and trigger tasks ( #4309 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 11:30:18 +01:00
Jens Langhammer
68b58fb73c
blueprints: fix error when entry with state absent doesn't exist
...
closes #4305
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:55:17 +01:00
Jens Langhammer
97513467ad
blueprints: disallow flow token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:54:56 +01:00
sdimovv
ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes ( #4299 )
...
* Fixed state and model attributes not resolving yaml tags
* Linting
2022-12-29 10:05:32 +01:00
Jens Langhammer
b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 20:38:57 +01:00
Jens Langhammer
f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates
...
closes #4182
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 18:59:25 +01:00
Jens Langhammer
2b2323fae7
outposts: include hostname in outpost heartbeat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 16:07:52 +01:00
Jens Langhammer
24eb4ed963
release: 2022.12.0
2022-12-28 13:00:49 +01:00
Jens Langhammer
b16d1134ea
core: add endpoints to add/remove users from group atomically
...
closes #4252
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
Jens Langhammer
20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow
...
closes #4278
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 13:55:51 +01:00
sdimovv
8f3579ba45
blueprints: add !If
tag ( #4264 )
...
* Added \!If tag
* Fix typo
* Removed trailing whitespace
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* format blueprint fixtures
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-26 16:20:22 +01:00
Jens Langhammer
ae13fc3b92
policies: make name required
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:46:48 +01:00
Jens Langhammer
94b9ebb0bb
blueprints: add Env tag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 20:41:51 +01:00
Jens Langhammer
1b86a3d5d6
Merge branch 'version-2022.11'
2022-12-23 14:39:52 +01:00
Jens Langhammer
8b710b57a5
root: don't send traces in testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:37:58 +01:00
Jens Langhammer
9dc0bb2a77
release: 2022.11.4
2022-12-23 14:17:48 +01:00
Jens L
2d827eaae1
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:30 +01:00
Jens L
47d79ac28c
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
Jens L
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer
01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 12:04:31 +01:00
Jens Langhammer
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens Langhammer
e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 23:28:26 +01:00
Jens L
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer
fb09df26c9
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:56:05 +01:00
Jens Langhammer
e4e7a112e3
web: use version family subdomain for in-app doc links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:03:08 +01:00
Jens Langhammer
042865c606
blueprints: add conditions to blueprint schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 18:59:17 +01:00
sdimovv
7f662ac2f3
blueprints: Added conditional entry application ( #4167 )
...
* blueprints: Added !AsBool tag
* Renamed AsBool tag to Condition
* Added conditions attributed to BlueprintEntry
* Added docs for the conditions attribute of a blueprint entry
* Website linting fix
* add new tag to vscode settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 17:04:00 +00:00
Jens L
609f95ac97
providers: add preview for mappings ( #4254 )
...
* preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: show provider page on application page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use oauth2 end session url instead of direct interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont show provider page on application page for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI for preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate saml api files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
Jens Langhammer
027ca88d83
lib: enable sentry profiles_sample_rate
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:51:22 +01:00
Jens L
ec925491b2
stages/captcha: customisable URLs ( #3832 )
...
* make api and js url customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use recaptcha.net domains
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* regen locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-18 14:18:43 +01:00
Jens Langhammer
3418943949
root: allow custom settings via python module
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
Jens Langhammer
8d169a8bd9
Merge branch 'version-2022.11'
2022-12-12 17:05:39 +00:00
Jens Langhammer
f47ce9a360
stages/user_login: prevent double success message when logging in via source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:34:16 +00:00
Jens Langhammer
01a897dbc2
flows: set stage name and verbose_name for in_memory stages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:22:48 +00:00
Jens Langhammer
fddcb3a835
events: remove legacy logger declaration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:32:06 +00:00
Jens Langhammer
5d51621278
stages/user_write: always ignore component
field and prevent warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:56 +00:00
Jens Langhammer
9ffc720f48
policies: log correct cache state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:41 +00:00
Jens Langhammer
4d8978ea90
bleuprints: fix flaky test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-09 11:04:44 +00:00
sdimovv
8d13235b74
blueprints: fixed bug causing filtering with an empty query ( #4106 )
...
* Fixed bug causing filtering with an empty query
Fixed bug allowing blueprint import to filter for existing models using an empty query.
The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* Added support for using dict fields as blueprint entry identifiers
* Disabled pylint too-many-locals for _validate_single
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
Jens Langhammer
44bf9a890e
release: 2022.11.3
2022-12-02 23:00:59 +02:00
Jens Langhammer
58cd6007b2
Merge branch 'version-2022.11'
2022-12-02 18:12:38 +02:00
Jens L
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
sdimovv
1f7d52c5ce
blueprints: Support nested custom tags in !Find
and !Format
tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
Jens Langhammer
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
Jens Langhammer
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
Jens Langhammer
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
Jens Langhammer
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
Jens Langhammer
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
sdimovv
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
Jens Langhammer
e22fce02f8
stages/authenticator_validate: improve validation for not_configured_action
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
Jens Langhammer
e2bd96c5de
stages/authenticator_validate: fix validation to ensure configuration stage is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
Jens Langhammer
f8ef2b666f
events: fix incorrect EventAction being used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
Jens Langhammer
a9909fcf6d
providers/oauth2: set amr values based on login event
...
closes #4070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00