60c49c1692
outposts/ldap: avoid nil ptr deref in MemorySearcher ( #7767 )
2023-12-04 20:32:33 +02:00
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 14:48:37 +01:00
e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:31:50 +02:00
a22bc5a261
lifecycle: fix install_id migration not running ( #7116 )
...
* lifecycle: fix install_id migration not running
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ldap test?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk if this works
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 19:52:06 +02:00
f11bb8bfd4
providers/ldap: add windows adsi support ( #7098 )
...
* fix(outpost/ldap): missing user object classes
* add "person" object class
* update user object classes
* update boolean strings to upper for being compliant
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): add subschema attributes
* add supported capability OIDs for Windows
* add relevant supported ldap control OIDs
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): update schema for windows Compatibility
* add relevant dITContentRules for authentik
* add all existing attribute types for Windows/Unix/Linux
* add missing object classes definitions
* update classes definitions for being compliant with LDAP schema
* update attributes orders
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): refine LDAP attribute types
* remove unsused attribute types
* order attribute types
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
2023-10-09 13:17:46 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-17 17:57:08 +02:00
ae7ea4dd11
outposts/ldap: add more tests ( #6188 )
...
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-08 20:51:05 +02:00
ad81ee2740
providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )
...
* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-29 16:57:46 +02:00
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 15:16:40 +02:00
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
4d58eba027
core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #5548 )
...
* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-09 11:22:57 +02:00
b7b62ba089
providers/ldap: correctly use pagination in search results in both modes ( #5492 )
...
closes #4292
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:51:02 +03:00
146d54813c
providers/ldap: fix error not being checked correctly when fetching users
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 18:10:06 +01:00
bd0ef69ece
outposts/ldap: decrease verbosity
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 11:12:31 +01:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
eb633c607e
internal: fix nil pointer reference
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:02:53 +02:00
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
a286f999e2
api: migrate to openapi generator v6 ( #2968 )
...
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 15:15:30 +02:00
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:48:50 +02:00
51194cbf42
outposts/ldap: use backend group num_pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
b45a442447
outposts/ldap: fix contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
75a720ead1
outposts/ldap: prevent operations error from nil dereference ( #2447 )
...
closes #2526
2022-03-19 18:26:26 +01:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
819af78e2b
internal: make internal go version match python version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00
ececfc3a30
internal: fix comment formatting for TODOs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
7d6e88061f
outposts: check if hub from context is set and fallback
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:19:57 +01:00
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00
bd2e453218
outposts/ldap: Fix search case sensitivity. ( #1897 )
2021-12-08 20:11:56 +01:00
40404ff41d
outposts/ldap: Rework/improve LDAP search logic. ( #1687 )
...
* outposts/ldap: Refactor searching so we key primarily off base dn
* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
e7b4363d21
outposts/ldap: fix logic error in cached ldap searcher
...
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Lars Seipel
Jens L
vherrlein
Alexandre NICOLAIE
Daniel
dependabot[bot]
Jens L
Simon Siebert
Ilya Kogan
Jens L