trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,838 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

282 Commits

Author SHA1 Message Date
Jens Langhammer 98a56c77e3 providers/proxy: update ingress controller to work with k8s 1.22 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-18 10:00:24 +02:00
Jens Langhammer 2b09d97522 core: fix squash migrations error when AK_ADMIN_TOKEN is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 17:45:10 +02:00
Jens L e4f141c6c0
*: Squash Migrations (#1593) 
* *: first squash pass

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/saml: squash less

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix docker controller not correctly checking image

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix old migration reference

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-11 21:39:35 +02:00
Jens Langhammer 83150d9920 outposts: fix circular import in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:25:18 +02:00
Jens Langhammer d30dcda814 providers/proxy: always check ingress secret in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:27 +02:00
Jens Langhammer 3c1ac4c7ec outposts/proxy: add new headers with unified naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-02 22:00:23 +02:00
Jens L f9ad102915
flows: inspector (#1469) 
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-28 09:36:48 +02:00
pemontto aea1736f70
outposts/proxy: Fix failing traefik healtcheck (#1470) 2021-09-26 11:33:18 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
 2021-09-25 15:00:06 +02:00
Jens Langhammer 79b92e764e *: fix typos in code 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 00:01:11 +02:00
Jens Langhammer ae07f13a87 outposts: don't map port 9300 on docker, only expose port 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-21 21:40:08 +02:00
Jens L 13e2eea72f
web/user: new end-user interface (#1404) 
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 22:17:05 +02:00
Jens Langhammer ae26d2756f providers/saml: improved error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 10:58:51 +02:00
Jens Langhammer 916530f0d8 providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui 
closes #1369

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 17:14:53 +02:00
Jens Langhammer ba6849f29c *: remove string.format() 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 12:06:47 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 18:15:59 +02:00
Jens Langhammer 4448145aa9 providers/proxy: use auth/traefik subpath 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 13:53:04 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370) 
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 15:52:24 +02:00
Jens Langhammer da58796768 providers/proxy: fix defaults for old proxy providers (load providers directly) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:54:24 +02:00
Jens Langhammer d98499a3fa providers/proxy: fix defaults for old proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:26:36 +02:00
Jens Langhammer f3ff398a44 providers/proxy: add metrics port to controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 23:01:22 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 10:43:09 +02:00
Jens Langhammer 3e9f5ec5ef providers/proxy: improve error handling for non-tls ingresses 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 14:43:57 +02:00
Jens Langhammer 0c6e781e5b providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-29 20:49:11 +02:00
Jens Langhammer 2d8b4f543b providers/proxy: fix url parsing for traefik labels on docker containers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 22:21:16 +02:00
Jens Langhammer 8542dc10ab providers/proxy: fix docker container labels not being inherited correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 20:20:34 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-26 09:36:41 +02:00
Jens Langhammer cba255eaaa Merge branch 'master' into app-passwords 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/tests/test_source_flow_manager.py
#	authentik/stages/authenticator_validate/tests.py
#	authentik/stages/password/tests.py
#	scripts/generate_ci_config.py
 2021-08-23 21:21:12 +02:00
Jens L 859cf2bd8f
lib: move id and key generators to lib (#1286) 
* lib: move generators to lib

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: bump default token key size

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix split being used for http basic auth instead of partition

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: don't rethrow error in ActionButton

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:27:38 +02:00
Jens Langhammer a2578ffaad core: add token tests for invalid intent and token auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:21:54 +02:00
Jens Langhammer d18e829d80 providers/ldap: fix error in outpost when certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 20:47:26 +02:00
Jens Langhammer f496b8b5d7 providers/oauth2: add more test cases for token view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 00:20:32 +02:00
Jens Langhammer 665c1aa81b providers/proxy: don't create ingress when no hosts are defined 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:46:05 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:06:44 +02:00
Jens Langhammer 3367b83368 providers/saml: use idp-initiated sso flow as launch url 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 15:01:52 +02:00
Jens Langhammer 9a8240bdd1 proviers/saml: fix validation error not being raised 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:39:30 +02:00
Jens Langhammer f6ab241219 providers/oauth2: fix accessing undefined variable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:35:17 +02:00
Jens Langhammer b0f09eb2c4 web/admin: fix Table not updating selectedElements correctly after update 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 20:53:28 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 16:34:14 +02:00
Jens Langhammer a449f9c69b providers/saml: fix error when PropertyMapping return value isn't string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:56 +02:00
Jens Langhammer 36b346662c providers/saml: add WantAssertionsSigned 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:13 +02:00
Jens Langhammer 9d392931df root: fix lint errors from re-format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 18:09:16 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 17:45:16 +02:00
Jens Langhammer f875149983 providers/saml: fix metadata being inaccessible without authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:50:17 +02:00
Jens Langhammer d70b81fe43 providers/saml: fix Error when getting metadata for invalid ID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:50:54 +02:00
Jens Langhammer 8495ff9fc0 providers/oauth2: fix error when requesting jwks keys with no rs256 aet 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 21:22:31 +02:00
Jens Langhammer 75ff2480e2 providers/proxy: fix hosts for ingress not being compared correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-28 16:08:06 +02:00