authentik

Archived

Author	SHA1	Message	Date
Jens L	561e6956fe	root: add get_int to config loader instead of casting to int everywhere (#6436 ) * root: add get_int to config loader instead of casting to int everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling, add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 19:34:59 +02:00
Jens L	2f469d2709	root: partial Live-updating config (#5959 ) * stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-19 23:13:22 +02:00
Jens L	863454a895	flows: allow empty value in AutosubmitChallenge (#6079 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-27 23:13:58 +02:00
Jens L	b0fbd576fc	security: cure53 fix (#6039 ) * ATH-01-001: resolve path and check start before loading blueprints This is even less of an issue since `411ef239f6`, since with that commit we only allow files that the listing returns Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: fix missing user filter for webauthn device This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it. * ATH-01-008: fix web forms not submitting correctly when pressing enter When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user. * ATH-01-004: remove env from admin system endpoint this endpoint already required admin access, but for debugging the env variables are used very little Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-005: use hmac.compare_digest for secret_key authentication Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-009: migrate impersonation to use API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-014: save authenticator validation state in flow context Signed-off-by: Jens Langhammer <jens@goauthentik.io> bugfixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-012: escape quotation marks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add website Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release ntoes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update with all notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-22 22:25:04 +02:00
Jens L	a5db60129d	*: use dataclass slots wherever applicable (#6005 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-19 18:31:07 +02:00
Jens L	0d0bb1a559	root: add install ID (#5717 ) * root: add install ID Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add fallback when no migrations table exists Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-22 17:24:12 +02:00
Jens L	eaa3d11df8	api: modular urls (#5551 ) * api: make API urls modular load API urls from app module's urls file instead of a single static file Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor websocket url mounting Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-09 14:46:47 +02:00
Jens L	9f4be4d150	blueprints: support setting file URLs in blueprints (#5510 ) * blueprints: support setting file URLs in blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make new fields not required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include conditional fields in schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-08 15:07:00 +02:00
Jens L	54d508ae8c	ci: fix pyright errors (#5392 ) * ci: fix pyright errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error in oauth 1 source Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove redundant blueprint fixtures Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-27 17:33:47 +03:00
Jens L	a5098364eb	events: unpack wrapped query from FlowExecutor (#5244 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-14 00:07:41 +02:00
sdimovv	6192d01b7e	stages: Add ability to set user friendly names for MFA stages (#5005 ) * Added ability to name MFA stage * Schema * Changed Charfield to Textfield * Regenerated schema * Add explicit required * set null instead of blank so title check works Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add help text and adjust wording Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-04-02 16:52:44 +02:00
Jens L	75510ead84	core: fix app launch URL flow selection (#5113 )	2023-03-30 02:10:25 +02:00
risson	1957717160	providers: Add ability to choose a default authentication flow (#5070 ) * core: add ability to choose a default authentication flow for a provider Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update web to use correct ak-search-select I don't think this element existed when the PR was initially created, lol Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only use provider authentication flow for authentication designation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-24 13:26:00 +01:00
Jens L	972dce1462	security: fix CVE-2023-26481 (#4832 ) fix CVE-2023-26481 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 20:15:33 +01:00
Jens L	20e971f5ce	flows: planner error handling (#4812 ) * handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-28 15:18:29 +01:00
Jens L	39d0893303	flows: change default flow stage binding settings (#4784 ) * flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 15:21:26 +01:00
Jens L	80f4fccd35	providers/oauth2: OpenID conformance (#4758 ) * don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 15:26:41 +01:00
Jens Langhammer	0874574e5c	*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:08:40 +01:00
Jens Langhammer	7f009f6d02	flows: include flow authentication requirement in diagram closes #4533 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 16:04:45 +01:00
sdimovv	b69e55eae9	core: Add support for auto generating unique avatars based on the user's initials (#4663 )	2023-02-12 16:35:17 +01:00
dependabot[bot]	18cfe67719	core: bump black from 22.12.0 to 23.1.0 (#4584 ) * core: bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * re-format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 11:31:32 +01:00
Jens L	9568f4dbd6	root: improve code style (#4436 ) * cleanup pylint comments Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix url name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * *: use ExtractHour instead of ExtractDay Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-15 17:02:31 +01:00
Jens Langhammer	81e9f2d608	web/admin: fix overflow in aggregate cards Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-11 14:12:02 +01:00
Jens Langhammer	11b1eb4173	stages/email: make template tests less flaky Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:00:32 +01:00
Jens Langhammer	3980eea7c6	web/flows: rework error display, always use ak-stage-flow-error instead of shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 21:43:44 +01:00
Jens Langhammer	e52c964354	flows: fix redirect from plan context "redirect" not being wrapped in flow response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 23:28:26 +01:00
Jens Langhammer	01a897dbc2	flows: set stage name and verbose_name for in_memory stages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 16:22:48 +00:00
Jens L	db95dfe38d	security: fix CVE 2022 46145 (#4140 ) * add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-02 16:14:25 +01:00
Jens Langhammer	c158ef80db	*: fix remaining old cache keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 16:18:32 +01:00
Jens L	9f5fb692ba	sources: add custom icon support (#4022 ) * add source icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to oauth form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to other browser sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add migration, return icon in UI challenges Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * deduplicate file upload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-16 14:10:10 +01:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens Langhammer	9d0a7578ec	flows: fix error due to not validating error challenge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-27 20:04:00 +02:00
Jens Langhammer	13d975a258	flows: fix error when opening inspector with no history Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 19:30:56 +02:00
Jens Langhammer	782fec0eb9	flows: use stripped down flow serializer for flow_set to optimise loading time Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 09:56:08 +02:00
Jens L	cfad472e1b	flows: optimise queries (#3818 ) * flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 22:53:07 +02:00
Jens Langhammer	6882445937	*: handle PermissionError when saving files, ensure permission bits are set correctly closes #3817 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 20:24:28 +02:00
Jens Langhammer	9e3bf94547	flows: optimise flow API loading speed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 10:29:06 +02:00
Jens L	0efee2a660	flows: improved import (#3807 ) * return logs when importing flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * improve error handling, show logs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:42 +02:00
Jens Langhammer	53aef73f58	flows: optimise queries for flow and stage API endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 11:54:31 +02:00
Jens L	79e8b72569	flows: always show flow inspector in debug mode, don't require admin in debug (#3786 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 15:44:59 +02:00
Jens Langhammer	239092b872	core: fix messages not being shown when no client is connected Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-10 13:27:41 +03:00
Jens Langhammer	81e820b6e6	flows: fix invalid graph generation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-21 10:53:29 +02:00
Jens L	1583d53e54	web: use mermaidjs (#3623 ) * flows: move flow diagram logic to separate file Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * idk Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make web component work Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove subgraph for now Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add denied connection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * wrong list Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom styles Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * i18n Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typing issues, make diagram centered Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-21 09:58:23 +02:00
Jens L	2bd10dbdee	tests: use create_test_flow where possible (#3606 ) * use create_test_flow where possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix and add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove unused websocket stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * Revert "remove unused websocket stuff" This reverts commit `fc05f80951`. * keepdb for make test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests for notification transports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-17 13:16:53 +02:00
Jens Langhammer	359da6db81	Revert "flows: always mark component field as required in Challenge and ChallengeResponses" This reverts commit `b35b225453`.	2022-09-11 23:13:51 +02:00
Jens Langhammer	b35b225453	flows: always mark component field as required in Challenge and ChallengeResponses Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-11 23:01:59 +02:00
Jens Langhammer	2e2ab55f9e	*: cleanup stray print calls Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:24:53 +02:00
Jens L	62f93c83d4	ci: update pyright (#3546 )	2022-09-07 00:23:25 +02:00
Jens Langhammer	60266b3345	flows: migrate FlowExecutor error handler to native challenge instead of shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-06 18:48:15 +02:00
Jens Langhammer	2a4679e390	flows: fix incorrect diagram for policies bound to flows closes #3534 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-06 10:24:13 +02:00

1 2 3 4 5 ...

331 commits