716584bbae
website: update release notes for CVEs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:21:02 +01:00
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
28eb7c03fa
website/developer-docs: add templates for announcing fixed security release
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:13:21 +01:00
423776c7a2
website/docs: prepare 2022.12 release
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 21:58:57 +01:00
609f95ac97
providers: add preview for mappings ( #4254 )
...
* preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: show provider page on application page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use oauth2 end session url instead of direct interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont show provider page on application page for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI for preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate saml api files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
f4990bb5da
core: bundle geoip ( #4250 )
...
* bundle geoip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly pass secrets
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add geoip docs and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-20 22:09:30 +01:00
9d5b9204fc
web/admin: rework markdown, correctly render Admonitions, fix links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:48:02 +01:00
3418943949
root: allow custom settings via python module
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
1dfc0b2e93
website/docs: update flow context variables
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 14:37:37 +00:00
0995658ca6
website/docs: add note for possibly blocked SMTP ports
...
closes #4192
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 11:13:52 +00:00
49bd028363
website/docs: update release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-03 13:10:16 +02:00
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
4e04461820
website/docs: Change Kubernetes ingress apiVersion out of beta ( #4099 )
...
* Change Kubernetes ingress apiVersion out of beta
* fix lint
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 16:42:59 +01:00
147ebf1a5e
root: rework and expand security policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 12:10:53 +01:00
501d63b3aa
website/docs: add notice for unique Base DN ( #4073 )
...
* providers/ldap: updates documentation related to issue #4038
Signed-off-by: John Arrandale <bootsie227@gmail.com>
* providers/ldap: adheres to the CI prettier-check
Signed-off-by: John Arrandale <bootsie227@gmail.com>
2022-11-24 20:52:13 +01:00
ab0f8d027d
website/docs: add 2022.11.1 release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:17:05 +01:00
1efc0c1242
website/docs: update changelog
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 19:37:28 +01:00
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
d2bbcc0e1e
website/docs: Fix small error in Invitation stage docs ( #3997 )
...
The `.get` is there to ensure the policy won't throw an error if the key is not there (which can happen if the policy is executed before an Invitation stage).
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-11-14 09:54:25 +01:00
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
ac2e85c003
website/docs: fix 404s on ldap provider docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-06 00:01:38 +01:00
c157030905
website/docs: remove old banner, fix nginx formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-01 17:12:16 +01:00
77a67dcbc1
website/docs: prepare 2022.10.1
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:08:55 +02:00
8d7ce49101
website/docs: add docs for using email templates with helm chart
...
closes #3891
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:06:10 +02:00
7004cb1c91
website/docs: add notice for TOTP issuer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-22 17:11:20 +02:00
fa08e2c7bf
website/docs: update 2022.10 release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 18:24:25 +02:00
cfad472e1b
flows: optimise queries ( #3818 )
...
* flows: optimise flow queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* index source on slug and name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* binding index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add policy parent index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup old migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release note to upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
6882445937
*: handle PermissionError when saving files, ensure permission bits are set correctly
...
closes #3817
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
c22dae868c
website/docs: update 2022.10 release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:44:28 +02:00
895658e7a3
website/integrations: add Organizr integration ( #3802 )
...
* Add new integration application category for Dashboard and initialize organizr service template
* added images and additional info for organizr integration
* alphabetized application integration categories
* alphabetized integration federation and social login categories
* forgot to make website-lint-fix :/
* revert mention of organizr in generic setup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:28:48 +02:00
bb43c49b1e
website/docs: fix passwordless docs, cross-link both
...
closes #3803
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 21:38:01 +02:00
10cfccd999
website/docs: add General Setup instructions for LDAP Provider ( #3680 )
...
* Added General Setup instructions for LDAP Provider
* Added General Setup instructions for LDAP Provider and updated relative links
* updated LDAP Outpost note verbiage
* Corrected the case for LDAP and renamed to Generic Setup
* removed ldapsearch example from index page
* updated verbiage around multifactor authentication
* removed note about local LDAP provider
* updated sidebar to reflect generic_setup
* updated logging info
* corrected typo
* updated stage creation instructions and screenshot
* corrected another typo
* corrected another typo
* reword some things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 14:57:57 +00:00
77f6926a41
website/docs: prepare 2022.10 release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:23:23 +02:00
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
2980c5884f
root: Add setting to adjust database config for pgbouncer ( #3769 )
...
* Add setting to adjust database config for pgbouncer
* docker-compose.yml cleanup
Delete pgbouncer setting as false is the default value
* Cleanup docker-compose.yml
Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
cca0f60bda
root: decrease default token size to 60 chars for compatibility ( #3710 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2614
2022-09-30 23:12:51 +02:00
32c80467b6
website/docs: update log level warning phrasing
2022-09-29 09:52:48 +00:00
74c5a5b4c1
website/docs: add warning to trace log level
2022-09-29 09:27:35 +00:00
6135990762
website/docs: Fix letsencrypt folder ( #3643 )
...
When the docs were changed to the docker-compose.override.yaml version, the change wasnt 100% completed, by still including the "..authentik" folder part in the volumes.
Addtionally, it doesnt work to only mount the /live letsencrypt folder in the worker, as it will be a symlink that the worker wont have access to (as its outside the container context).
So this reverts the change to the previous version where the complete /etc/letsencrypt folder gets mounted in /certs
Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>
Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>
2022-09-26 16:32:14 +02:00
bba21d2b85
website/docs: Fix typo ( #3641 )
...
Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>
Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>
2022-09-25 11:44:41 +02:00
f8502edd2b
website: update 2022.9 release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-22 10:46:29 +02:00
b16a3d5697
internal: use config system for workers/threads, document the settings ( #3626 )
...
use config system for workers/threads, document the settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens Langhammer
Alex Wigen
John Arrandale
sdimovv
dependabot[bot]
Rob
Philipp Kolberg
Philipp Rintz
Riccardo Di Maio