trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
6533 commits 95 branches 330 tags 336 MiB
Commit graph

1620 commits

Author SHA1 Message Date
Jens Langhammer 837fa23af0 outpost: only set embedded outpost config on creation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 22:23:33 +02:00
Jens Langhammer 665c1aa81b providers/proxy: don't create ingress when no hosts are defined 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:46:05 +02:00
Jens Langhammer ebc6afe015 outpost: fix detection of embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:39:08 +02:00
Jens Langhammer 45bee4b4dc outposts: fix test for config validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 17:14:05 +02:00
Jens Langhammer c025d64ba3 outpost: revert managed config, make authentik_host field optional 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:58:01 +02:00
Jens Langhammer 2a53bc4330 outpost: add fallback for authentik_host when its not set in config 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:32:26 +02:00
Jens Langhammer 8180d6f9e8 outposts: don't override authentik_host for embedded outpost authentik_host 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:29:33 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:06:44 +02:00
Jens Langhammer 3367b83368 providers/saml: use idp-initiated sso flow as launch url 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 15:01:52 +02:00
Jens Langhammer f0a8c30ce9 outposts: create different service when using embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 14:01:39 +02:00
Jens Langhammer b36a3100e6 outposts: allow empty provider list for embedded provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 22:32:44 +02:00
Jens Langhammer e02207f38d outpost/embedded: use redis session backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 22:12:22 +02:00
Jens Langhammer 9a8240bdd1 proviers/saml: fix validation error not being raised 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:39:30 +02:00
Jens Langhammer f6ab241219 providers/oauth2: fix accessing undefined variable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:35:17 +02:00
Jens Langhammer b0f09eb2c4 web/admin: fix Table not updating selectedElements correctly after update 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 20:53:28 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 16:34:14 +02:00
Jens Langhammer 2d5094fdf7 root: fix formatting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-06 00:11:24 +02:00
Jens Langhammer 8044818a4d core: add additional cleanup for authenticated sessions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-05 23:25:40 +02:00
Jens Langhammer a43fb026a0 Merge branch 'version-2021.7' 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/providers/saml/processors/metadata_parser.py
#	web/src/pages/sources/oauth/OAuthSourceForm.ts
#	web/src/pages/sources/plex/PlexSourceForm.ts
#	web/src/pages/users/UserForm.ts
 2021-08-05 20:23:32 +02:00
Jens Langhammer 18211a2033 release: 2021.7.3 2021-08-05 19:23:03 +02:00
Jens Langhammer 1b91543add core: add UserSelfSerializer and separate method for users to update themselves with limited fields 
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	web/src/elements/forms/ModelForm.ts
#	web/src/pages/user-settings/UserDetailsPage.ts
#	web/src/pages/user-settings/UserSettingsPage.ts
 2021-08-05 17:47:45 +02:00
Jens Langhammer 6fe5175f21 core: add UserSelfSerializer and separate method for users to update themselves with limited fields 
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-05 17:42:19 +02:00
Jens Langhammer aa4f7fb2b6 providers/saml: fix error when PropertyMapping return value isn't string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-04 00:22:07 +02:00
Jens Langhammer 4f1c11c5ef providers/saml: add WantAssertionsSigned 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/saml/processors/metadata_parser.py
 2021-08-04 00:21:54 +02:00
Jens Langhammer a449f9c69b providers/saml: fix error when PropertyMapping return value isn't string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:56 +02:00
Jens Langhammer 36b346662c providers/saml: add WantAssertionsSigned 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:13 +02:00
Jens Langhammer 9d392931df root: fix lint errors from re-format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 18:09:16 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 17:45:16 +02:00
Jens Langhammer 9c9bcb7a01 Merge branch 'version-2021.7' 2021-08-01 19:23:22 +02:00
Jens Langhammer add7a80fdc release: 2021.7.2 2021-08-01 19:11:50 +02:00
Jens Langhammer aac91c2e9d stages/email: handle OSError 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 18:25:53 +02:00
Jens Langhammer 85e86351cd flows: fix flows not redirecting correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 18:25:53 +02:00
Jens Langhammer a939e224fc stages/email: handle OSError 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 17:53:13 +02:00
Jens Langhammer 1fc2bcf02b flows: fix flows not redirecting correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 17:50:43 +02:00
Jens Langhammer d767504474 flows: don't check redirect URL when set from flow plan (set from authentik or policy) 
closes #1203

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 15:23:46 +02:00
Jens Langhammer f84cd6208c flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 15:23:46 +02:00
Jens Langhammer 1ec540ea9a providers/saml: fix metadata being inaccessible without authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 15:23:46 +02:00
Jens Langhammer 4e5dba1d0b flows: don't check redirect URL when set from flow plan (set from authentik or policy) 
closes #1203

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 15:10:45 +02:00
Jens Langhammer 92a448b677 flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:56:48 +02:00
Jens Langhammer f875149983 providers/saml: fix metadata being inaccessible without authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:50:17 +02:00
Jens Langhammer 29fe731bbf providers/saml: fix Error when getting metadata for invalid ID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:09:22 +02:00
Jens Langhammer d70b81fe43 providers/saml: fix Error when getting metadata for invalid ID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:50:54 +02:00
Jens Langhammer 26e66969c9 stages/invitation: delete invite only after full enrollment flow is completed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:22:02 +02:00
Jens Langhammer b58c913618 stages/invitation: delete invite only after full enrollment flow is completed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:21:27 +02:00
Jens Langhammer 72b7642c5a outposts: catch invalid ServiceConnection error in outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 12:33:21 +02:00
Jens Langhammer a97f842112 sources/plex: add background task to monitor validity of plex token 
closes #1205

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 12:33:21 +02:00
Jens Langhammer 35c1476bbe outposts: catch invalid ServiceConnection error in outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 12:25:11 +02:00
Jens Langhammer 18bb4fd0bf sources/plex: add background task to monitor validity of plex token 
closes #1205

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 12:24:52 +02:00
Jens Langhammer 293c479364 outposts: ensure embedded outpost is created with integration selected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-31 21:09:38 +02:00
Jens Langhammer 0cb4d64b57 stages/email: fix error when re-requesting email after token has expired 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-30 09:39:42 +02:00
Jens Langhammer a4fd58a0db events: ensure fallback result is set for on_failure 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-30 09:39:42 +02:00
Jens Langhammer 8ceef82c55 stages/email: fix error when re-requesting email after token has expired 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-30 09:39:24 +02:00
Jens Langhammer f933cd99ad events: ensure fallback result is set for on_failure 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-30 09:37:53 +02:00
Jens Langhammer fb6e8ca1eb events: remove default result for MonitoredTasks, only save when result was set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 22:43:29 +02:00
Jens Langhammer 7ac5091e5a events: remove default result for MonitoredTasks, only save when result was set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 22:42:56 +02:00
Jens Langhammer bc9ff792a8 outposts: manage config for embedded outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 22:29:38 +02:00
Jens Langhammer a5c8caf909 providers/oauth2: fix error when requesting jwks keys with no rs256 aet 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 21:22:59 +02:00
Jens Langhammer 8495ff9fc0 providers/oauth2: fix error when requesting jwks keys with no rs256 aet 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 21:22:31 +02:00
Jens Langhammer a3981dd3cd providers/proxy: fix hosts for ingress not being compared correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 11:35:50 +02:00
Jens Langhammer affafc31cf sources/ldap: improve ms-ad password complexity checking 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 11:35:47 +02:00
Jens L f01bc20d44
Embedded outpost (#1193) 
* api: allow API requests as managed outpost's account when using secret_key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: load secret key from env

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: make listener IP configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: run outpost in background and pass requests conditionally

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: unify branding to embedded

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix embedded outpost not being editable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix mismatched host detection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix LDAP test not including user for embedded outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix user matching

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add tests for secret_key auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: load environment variables using github.com/Netflix/go-env

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 11:30:30 +02:00
Jens Langhammer 75ff2480e2 providers/proxy: fix hosts for ingress not being compared correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-28 16:08:06 +02:00
Jens Langhammer bc7f84fff4 sources/ldap: improve ms-ad password complexity checking 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-28 12:47:52 +02:00
Jens Langhammer e6b515e3f7 release: 2021.7.1 2021-07-27 10:35:45 +02:00
Jens Langhammer b752540800 core: fix pagination not working correctly with applications API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-26 19:12:23 +02:00
Jens Langhammer e7b7bfddd6 providers/oauth2: fix blank redirect_uri not working with TokenView 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-26 11:29:16 +02:00
Jens Langhammer f21ebf5488 core: add tests for flow_manager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-25 23:20:38 +02:00
Jens Langhammer 5615613ed1 core: fix CheckApplication's for_user flag not being checked correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-25 22:29:15 +02:00
Jens Langhammer 669329e49c tenants: set tenant uuid in sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-25 22:28:09 +02:00
Jens Langhammer 3c9cc9d421 Merge branch 'version-2021.7' 2021-07-24 20:07:42 +02:00
Jens Langhammer 1972464a20 tenants: make event retention configurable on tenant level 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-24 20:07:12 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 8ae7403abc core: add group filter by member username and pk 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-23 19:35:41 +02:00
Jens Langhammer f6e1bfdfc8 outpost: fix 100% CPU Usage when not connected to websocket 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-23 18:57:26 +02:00
Jens Langhammer 8cd1223081 core: add email filter for user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 20:10:42 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 16:20:26 +02:00
Jens Langhammer ff64814f40 web/admin: improve UI for notification toggle 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 14:17:56 +02:00
Jens Langhammer 66bfa6879d outposts/proxy: add X-Auth-Groups header to pass groups 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 10:47:58 +02:00
Jens Langhammer c05240afbf lib: fix outpost fake-ip not working, add tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 10:10:25 +02:00
Jens Langhammer 7370dd5f3f outposts: ensure outpost SAs always have permissions to fake IP 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 10:02:20 +02:00
Jens Langhammer 896e5adce2 sources/ldap: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 00:40:55 +02:00
Jens Langhammer a3abbcec6a sources/ldap: improve error handling for property mappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 23:49:09 +02:00
Jens Langhammer 70e000d327 providers/saml: improve error handling for property mappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 23:14:03 +02:00
Jens Langhammer a7467e6740 providers/oauth2: handler PropertyMapping exceptions and create event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 22:51:39 +02:00
Jens Langhammer b3da94bbb8 core: broaden error catching for propertymappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 22:50:39 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Jens Langhammer ba9a4efc9b providers/oauth2: fix nonce field not being optional 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:34:01 +02:00
Jens Langhammer 902378af53 providers/oauth2: fix redirect_uris not having blank set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:22:09 +02:00
Jens Langhammer 2352a7f4d6 providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:21:08 +02:00
Jens Langhammer a2c587be43 outposts: don't authenticate as service user for flows to set remote-ip 
set outpost token as additional header and check that token (user) if they can override remote-ip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-19 13:17:13 +02:00
Jens Langhammer 538a466090 root: fix middleware exception for outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-18 22:10:50 +02:00
Jens Langhammer 322a343c81 root: fix log level not being set to DEBUG for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-18 21:45:08 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
 2021-07-17 12:49:38 +02:00
Starz0r ae77c872a0
root: celery requires additional parameters when tls is enabled (#1148) 2021-07-16 08:51:09 +02:00
Starz0r a5bb583268
root: optional TLS support on redis connections (#1147) 
* root: optional TLS support on redis connections

* root: don't use f-strings when not interpolating variables

* root: use f-string in redis protocol prefix interpolation

* root: glaring typo

* formatting

* small formatting change I missed

* root: swap around default redis protocol prefixes
 2021-07-15 11:48:52 +02:00
Jens Langhammer 212ff11b6d api: fix Capabilities check for s3 backup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-15 09:58:07 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-14 21:47:32 +02:00
Jens Langhammer 6f98833150 core: allow users to create non-expiring tokens when flag is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-14 21:15:14 +02:00
Jens Langhammer 7c2decf5ec providers/ldap: squash migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-14 09:22:25 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138) 
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
 2021-07-14 09:17:01 +02:00
Jens Langhammer 84e9748340 policies/reputation: handle cache error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-13 18:47:32 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 2036827f04 api: add sentry tunnel 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-13 10:58:14 +02:00
Starz0r 5cfbb0993a
Allow for Configurable Redis Port (#1124) 
* root: make redis port configurable

* root: parse redis port from config as an integer

* code formatting

* lifecycle: truncate line under 100 chars

* lifecycle: incorrect indenting on newline
 2021-07-12 11:01:41 +02:00
Jens Langhammer 02f87032cc Merge branch 'master' into inbuilt-proxy 2021-07-11 12:41:16 +02:00
Jens Langhammer 3c0cc27ea1 events: fix error when slack notification request failed without a response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-09 19:52:19 +02:00
Jens Langhammer ec254d5927 flows: allow variable substitution in flow titles 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-09 19:46:39 +02:00
Jens Langhammer 92ba77e9e5 core: fix error when setting icon/background to url longer than 100 chars 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-09 19:31:32 +02:00
Jens Langhammer 90fe1c2ce8 providers/oauth2: allow blank redirect_uris to allow any redirect_uri 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-08 19:28:35 +02:00
Jens Langhammer 40428f5a82 providers/saml: fix parsing of POST bindings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 16:54:58 +02:00
Jens Langhammer 007838fcf2 root: subclass SessionMiddleware to set Secure and SameSite flag depending on context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 14:48:36 +02:00
Jens Langhammer 7c51afa36c root: set samesite to None for SAML POST flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 12:39:51 +02:00
Jens Langhammer 948db46406 Merge branch 'master' into inbuilt-proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
 2021-07-05 19:11:26 +02:00
Jens Langhammer adc4cd9c0d release: 2021.6.4 2021-07-05 16:59:29 +02:00
Jens Langhammer df92111296 outposts: update outpost permissions on m2m change 
closes #1105

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-04 19:37:12 +02:00
Jens Langhammer 5afe88a605 outposts: fix empty message when docker outpost controller has changed nothing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-04 13:48:43 +02:00
Jens Langhammer 320dab3425 core: only show Reset password link when recovery flow is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-04 12:59:41 +02:00
Jens Langhammer 5fd408ca82 outposts: fix docker controller not checking ports correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-04 12:32:55 +02:00
Jens Langhammer becb9e34b5 outposts: fix docker controller not checking env correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 22:17:29 +02:00
Jens Langhammer 4917ab9985 outposts: fix container not being started after creation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 21:59:47 +02:00
Jens Langhammer bd92505bc2 core: add notice about duplicate keys 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 21:52:28 +02:00
Jens Langhammer bf0141acc6 crypto: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 19:57:25 +02:00
Jens Langhammer 0c8d513567 stages/user_write: add wrapper for post to user_write 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 19:25:37 +02:00
Jens Langhammer d07704fdf1 crypto: show both sha1 and sha256 fingerprints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 19:25:27 +02:00
Jens Langhammer 086a8753c0 flows: handle old cached flow plans better 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 19:22:09 +02:00
Jens Langhammer 2c9b596f01 web/admin: run explicit update after loading instance 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 16:41:42 +02:00
Jens Langhammer 7257108091 sources/oauth: create configuration error event when profile can't be parsed as json 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 16:11:49 +02:00
Jens Langhammer 77a507d2f8 providers/oauth2: add revoked field, create suspicious event when previous token is used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:59:01 +02:00
Jens Langhammer 3e60e956f4 providers/oauth2: fix CORS headers not being set for unsuccessful requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:49:00 +02:00
Jens Langhammer 84ec70c2a2 providers/oauth2: use self.expires for exp field instead of calculating it again 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:32:58 +02:00
Jens Langhammer 3dc9e247d5 Merge branch 'master' into inbuilt-proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
 2021-07-02 16:23:30 +02:00
Jens Langhammer 3e26170f4b providers/oauth2: deepmerge claims 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-01 17:33:46 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095) 
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-30 10:37:28 +02:00
Jens Langhammer 2a0bd50e23 outposts: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-29 17:08:12 +02:00
Jens Langhammer ce49d7ea5b outposts: make managed outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-29 16:20:44 +02:00
Jens Langhammer 8429dd19b2 Merge branch 'master' into inbuilt-proxy 2021-06-29 16:20:24 +02:00
Jens Langhammer 680b182d95 release: 2021.6.3 2021-06-29 16:19:07 +02:00
Jens Langhammer 621843c60c flows: fix migration dependency issue 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 23:55:07 +02:00
Jens Langhammer c19da839b1 stages/user_write: add create_users_as_inactive flag 
close #1086

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 23:24:54 +02:00
Jens Langhammer fea1f3be6f stages/prompt: ensure hidden and static fields keep the value they had set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 22:29:36 +02:00
Jens Langhammer 6f5ec7838f events: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 20:57:28 +02:00
Jens Langhammer 5d3931c128 events: ignore notification non-existent in transport 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 20:15:00 +02:00
Jens Langhammer 262a8b5ae8 api: use partition instead of split for token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 20:13:08 +02:00
Jens Langhammer 2b1356bb91 flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses 
closes #1079

Default value of `retry` behaves like previous version.

`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-28 00:22:09 +02:00
Jens Langhammer ba9edd6c44 flows: handle possible errors with FlowPlans received from cache 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 22:03:48 +02:00
Jens Langhammer 3b2b3262d7 flows: add FlowStageBinding to flow plan instead of just stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 18:47:04 +02:00
Jens Langhammer 5431e7fe9d tenants: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 15:12:47 +02:00
Jens Langhammer 7d9c74ce04 tenants: include all default flows in current_tenant 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 23:47:49 +02:00
Jens Langhammer 60c3cf890a events: add ability to create events via API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 23:37:03 +02:00
Jens Langhammer 0403f6d373 web/admin: add flow export button on flow view page 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 22:03:19 +02:00
Jens Langhammer 9bd613a31d stages/authenticator_duo: fix component not being set in API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 20:49:58 +02:00
Jens Langhammer 3fe0483dbf core: fix flow background not correctly loading on initial draw 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 20:29:45 +02:00
Jens Langhammer b8bdf7a035 outposts: fix outpost being re-created when in host mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-25 15:15:18 +02:00
Jens Langhammer a3ff7cea23 providers/oauth2: fix usage of timedelta.seconds 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-25 11:55:00 +02:00
Jens Langhammer bb776c2710 outposts: check docker container ports match 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-25 11:54:35 +02:00
Jens Langhammer 6930c84425 events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-24 13:01:41 +02:00
Jens Langhammer 1554dc9feb outposts: make outpost managed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-23 21:26:24 +02:00
Jens Langhammer 2b98637ca5 lib: fix regex_match result being inverted, add tests 
closes #1073

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-23 20:06:43 +02:00
Jens Langhammer d1198fc6c1 sources/ldap: improve error handling when checking for password complexity on non-ad setups 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1067
 2021-06-23 00:24:05 +02:00
Jens Langhammer 31a58e2c25 release: 2021.6.2 2021-06-22 23:35:10 +02:00
Jens Langhammer b69248dd55 stages/authenticator_validate: fix error when using not_configured_action=configure 
closes #1048

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-22 20:08:58 +02:00
Jens Langhammer 5ff5edf769 outposts: improve logging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-22 18:51:02 +02:00
Jens Langhammer 939889e0ec tenants: fix footer_links for moved config 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-22 15:48:17 +02:00
Jens Langhammer 19ae6585dc lib: add tests for config loader 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-22 13:12:07 +02:00
Jens Langhammer c6ede78fba core: add support for custom urls for avatars 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-22 12:25:24 +02:00
Jens Langhammer 9b5e3921cb providers/saml: better handle decoding errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 22:48:34 +02:00
Jens Langhammer f6026fdb13 root: allow loading local /static files without debug flag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 21:21:35 +02:00
Jens Langhammer a4856969f4 outposts: fix port and inner_port being mixed on docker controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 19:19:06 +02:00
Jens Langhammer 2aa7266688 crypto: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 16:24:03 +02:00
Jens Langhammer c0c246edab crypto: catch error when loading private key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 15:57:48 +02:00
Jens Langhammer 831b32c279 core: fix PropertyMapping's globals not matching Expression policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 15:54:43 +02:00
Jens Langhammer 70ccc63702 core: remove default flow background from default css, set static in base_full and dynamically in if/flow 
closes #1056

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 10:37:34 +02:00
Jens Langhammer de954250e5 root: make general cache timeouts configurable 
closes #974

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 10:18:49 +02:00
Jens Langhammer f268bd4c69 policies: make policy result cache timeout configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 10:17:58 +02:00
Jens Langhammer 57a48b6350 flows: make flow plan cache timeout configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 10:17:11 +02:00
Jens Langhammer 9aac114115 root: save temporary database dump in /tmp 
closes #1055

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 09:58:19 +02:00
Jens Langhammer 4327b35bc3 tenants: fix tenant not being queried correctly when using accessing over a child domain 
closes #1044

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-20 14:39:21 +02:00
Jens Langhammer f7047df40e policies: don't use policy cache when checking application access 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-20 13:30:07 +02:00
Jens Langhammer ede072889e core: deepmerge user.group_attributes, use group_attributes for user settings 
closes #1051

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-19 19:52:55 +02:00
Jens Langhammer 9cb7e6c606 root: set outposts.docker_image_base to gh-master for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-19 15:49:49 +02:00
Jens Langhammer fe6963c428 release: 2021.6.1 2021-06-17 22:14:52 +02:00
Jens Langhammer 19cac4bf43 providers/saml: fix error when getting transient user identifier 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 13:52:10 +02:00
Jens Langhammer 4ca564490e providers/saml: add support for NameID type unspecified 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:45:53 +02:00
Jens Langhammer fcb795c273 providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:22:40 +02:00
Jens Langhammer cbea51ae5b stages/authenticator_duo: make Duo-admin viewset writeable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 23:17:26 +02:00
Jens Langhammer e743f13f81 recovery: fix error when creating multiple keys for the same user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 23:04:35 +02:00
Jens Langhammer b20a8b7c17 stages/authenticator_duo: fix error when enrolling an existing user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 23:04:24 +02:00
Jens Langhammer b53c94d76a flows: fix error when stage has incorrect type 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 22:52:00 +02:00
Jens Langhammer d4419d66c1 core: fix error when creating AuthenticatedSession without key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 22:51:48 +02:00
Jens Langhammer 79044368d2 core: fix error getting stages when enrollment flow isn't set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-16 22:45:42 +02:00
Jens Langhammer d9287d0c0e Merge branch 'next' 2021-06-15 23:43:44 +02:00
Jens Langhammer dec7a9cfb9 website/docs: add docs for flow executor 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-15 22:14:23 +02:00
Jens Langhammer e0f48a30b7 release: 2021.6.1-rc6 2021-06-15 21:18:33 +02:00
Jens Langhammer e8978adc1b outpost: fix syntax error when creating an outpost with connection 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-15 18:39:51 +02:00
Jens Langhammer 800df332b5 stages/authenticator_duo: don't create default duo stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 22:55:37 +02:00
Jens Langhammer 16c194d2dc core: fix upload api not checking clear properly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 22:34:47 +02:00
Jens Langhammer 53100a72fe stages/identification: fix challenges not being annotated correctly and API client not loading data correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 22:28:11 +02:00
Jens Langhammer ec4c3f44cb events: don't create system exception event in debug 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 22:16:27 +02:00
Jens Langhammer f10bd432b3 policies/reputation: fix race condition in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 20:40:40 +02:00
Jens Langhammer 74e578c2bf events: add tenant to event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 18:43:29 +02:00
Jens Langhammer e584fd1344 events: catch unhandled exceptions from request as event, add button to open github issue 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 17:22:58 +02:00
Jens Langhammer 0e02925a3d stages/authenticator_validate: add tests for authenticator validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 16:32:36 +02:00
Jens Langhammer 5b837c3ccc providers/saml: improve error handling for signature errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 12:51:42 +02:00
Jens Langhammer 2580371f94 outposts: fix error when getting component for base service connection 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 12:38:29 +02:00
Jens Langhammer 4e9be85353 website/docs: add docs for outpost configuration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 09:21:35 +02:00
Jens Langhammer 79508e1965 core: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 23:41:50 +02:00
Jens Langhammer 3a88dde545 web: fix declaration of Intl 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 23:13:43 +02:00
Jens Langhammer cabbd18880 core: revert check_access API to get to prevent CSRF errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 21:47:49 +02:00
Jens Langhammer bb8559ee18 web: remove base interface 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 19:54:27 +02:00
Jens Langhammer afb84c7bc5 flows: fix error clearing flow background when no files have been uploaded 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 14:14:41 +02:00
Jens Langhammer fc8004db2b outposts: fix integrity error with tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 13:36:54 +02:00
Jens Langhammer ddfc943bba root: fix build_hash being set incorrectly for tagged versions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 13:32:18 +02:00
Jens Langhammer 572b8d87b5 api: fix import error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 12:59:28 +02:00
Jens Langhammer 31d2ea65fd provider/proxy: mark forward_auth flag as deprecated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 12:39:25 +02:00
Jens Langhammer f4ac2f50e2 sources/saml: check sessions before deleting user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 12:39:10 +02:00
Jens Langhammer f10286edf8 Merge branch 'version-2021.6' into next 2021-06-12 20:43:12 +02:00
Jens Langhammer d789dcc28f core: fix impersonation not working with inactive users 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-12 20:41:02 +02:00
Jens Langhammer 74e4e8f6aa core: delete real session when AuthenticatedSession is deleted 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-12 17:37:32 +02:00
Jens Langhammer d78fda990a release: 2021.6.1-rc5 2021-06-12 15:19:24 +02:00
Jens Langhammer 10d949f7a9 stages/password: add constants for password backends 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-12 12:14:55 +02:00
Jens Langhammer 676b77aa7c stages/identification: add UPN 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 22:48:39 +02:00
Jens Langhammer e35e096266 stages/authenticator_webauthn: use tenant title as RP_NAME 
closes #1004

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 22:17:25 +02:00
Jens Langhammer 7af12d4fec stages/authenticator_totp: set TOTP issuer based on slug'd tenant title 
closes #1004

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 22:16:37 +02:00
Jens Langhammer 8d6db0fabf flows: fix configuration URL being set when no flow is configure 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 22:07:26 +02:00
Jens Langhammer e25f6aea8c release: 2021.6.1-rc4 2021-06-10 18:59:00 +02:00
Jens Langhammer 2c15ab9995 release: 2021.6.1-rc3 2021-06-10 18:04:59 +02:00
Jens Langhammer 6c985acb36 release: 2021.6.1-rc2 2021-06-10 14:10:47 +02:00
Jens Langhammer d878d2140e providers/saml: add metadata download link to api 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 14:06:44 +02:00
Jens Langhammer 4766d6ff3d flows: add export URL to API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 13:52:50 +02:00
Jens Langhammer 3a64d97040 crypto: add download links as API fields 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 13:46:12 +02:00
Jens Langhammer 2275ba3add flows: fix get_pending_user returning in-memory user when PLAN_CONTEXT_PENDING_USER_IDENTIFIER is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 12:17:46 +02:00
Jens Langhammer 9f7c941426 Merge branch 'master' into next 2021-06-10 11:59:10 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995) 
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 11:58:12 +02:00
Jens Langhammer 5235e00d3c stages/authenticator_validate: add more logging for challenges 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-09 23:58:08 +02:00
Jens Langhammer d4379ecd31 flows: fix configure_url not being set correctly User settings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-09 19:25:27 +02:00
Jens Langhammer f4a53c89ef release: 2021.6.1-rc1 2021-06-09 11:01:14 +02:00
Jens Langhammer 2210497569 events: add EMAIL_SENT event, show sent emails in event log 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-09 10:28:32 +02:00
Jens Langhammer 2addf71f37 outposts: add service connection to outpost API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-09 09:45:14 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971) 
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 23:10:17 +02:00
Jens Langhammer fb8d67a9d9 core: add configure_url to UserSettings for both stages and sources 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 19:21:27 +02:00
Jens Langhammer 029d58191e sources/saml: include metadata download link in API response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 17:22:03 +02:00
Jens Langhammer 75404f1345 web/admin: pass full configure flow URL instead of just boolean 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 17:14:54 +02:00
Jens Langhammer ba1b23c879 flows: move flow relevant info into ContextualFlowInfo 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 16:53:28 +02:00
Jens Langhammer 25f987ba2b stages/prompt: add more tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-07 17:40:06 +02:00
Jens Langhammer f23111beff stages/user_write: add tests for duplicate data 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-07 16:42:01 +02:00
Jens Langhammer 0f693158b6 stages/email: add tests for inaccessible email templates 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-07 16:09:39 +02:00
Jens Langhammer fceab788d2 outposts: fix error during outpost disconnect 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 19:25:09 +02:00
Jens Langhammer 88cc38394e root: improve sentry tags to simplify queries 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 14:51:43 +02:00
Jens Langhammer 90a5c84ac8 core: make EndSessionView inherit PolicyAccessView 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 14:07:50 +02:00
Jens Langhammer 9180d448df core: move end-session to core 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 13:56:38 +02:00