Jens L
2b74a1f03b
security: fix CVE-2023-26481 ( #4832 )
...
fix CVE-2023-26481
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-02 20:16:29 +01:00
Jens Langhammer
19f5e6e07e
website/docs: update events page
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:44:13 +01:00
Jens Langhammer
7d6b573f8b
website: migrate to mermaid charts, rework proxy page
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 12:14:17 +01:00
Jens Langhammer
c340830b37
website/docs: prepare 2023.2.1
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 18:19:02 +01:00
Jens Langhammer
cf36da2e5d
website/docs: prepare 2023.2 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:44:53 +01:00
sdimovv
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
Jens L
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer
a7cf454760
web/admin: add notice for user_login stage session cookie behaviour
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 14:18:52 +01:00
Jens Langhammer
7a85038c11
website/docs: prepare 2023.2 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:52:29 +01:00
Jens Langhammer
3170b2f92c
providers/proxy: add token support for basic auth
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
Melvin Snijders
547c01f481
website/docs: update Caddy docs to include HTTPS proxying ( #4316 )
...
Update Caddy documentation to include HTTPS proxying
Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
2023-02-03 14:43:13 +01:00
Jens L
7d4ce41e12
providers/proxy: outpost wide logout implementation ( #4605 )
...
* initial outpost wide logout implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* handle deserialize error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix file cleanup, add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens Langhammer
cadb710c38
website/docs: add troubleshooting for CSRF
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
Skyler Mäntysaari
c2b4d14af5
website/docs: Add note for firefox about FIDO and TouchID ( #4552 )
...
* docs(passwordless): Make sure to include a warning
Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
* add notice for firefox touchID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-28 22:45:51 +01:00
Jens Langhammer
b99afd82b2
stages/user_write: fix migration setting wrong value, fix form
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:38:26 +01:00
Jens Langhammer
446dc0a17b
website/docs: prepare 2023.1.1
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 14:25:20 +01:00
Jens Langhammer
3a59b75f4a
website/docs: update ldap provider docs
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 11:46:57 +01:00
Jens L
98485c528e
ci: build beta for amd64 and arm64 ( #4468 )
...
* ci: build for arm64, but independently
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add notice to beta
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 21:41:56 +01:00
Jens Langhammer
59be3c7746
website/docs: add docs for validating phone numbers before SMS enrollment
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:52 +01:00
Jens Langhammer
97acc77e0a
website/docs: update 2023.1 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:25:58 +01:00
Jens Langhammer
eb1e0427c1
website/docs: add missing user uid field
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:22:06 +01:00
Jens L
23c69c456a
providers/proxy: add setting to intercept authorization header ( #4457 )
...
* add setting to intercept authorization header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to intercept_header_auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens L
c73fce4f58
sources/ldap: manual import ( #4456 )
...
* events: fix task UID
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ldap sync command
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
Jens Langhammer
19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
...
closes #4455
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer
07767c9376
website/docs: add disclaimer to beta page that downgrade isn't supported
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-16 10:44:42 +01:00
Jens Langhammer
d31e566873
outposts/proxy: add header to prevent redirects
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens Langhammer
b6b97f4706
website/docs: update 2023.1 release notes
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:32:34 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer
d3e2f41561
website/docs: fix typo
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 13:13:41 +01:00
Jens Langhammer
bec538c543
sources/ldap: make task timeout adjustable
...
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
Jens L
2604dc14fe
providers/ldap: add code-MFA support for ldap provider ( #4354 )
...
* add code support for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to extract code when auth validator stage is encountered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use parseint instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 18:32:06 +01:00
Jens L
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
Jens L
e6b5810e03
polices/hibp: remove deprecated ( #4363 )
...
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer
ed3f36e72a
website/docs: update redirect docs
...
closes #4248
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 12:38:38 +01:00
Jens Langhammer
1efc7eecbf
website/docs: add metrics for monitoring and metrics
...
closes #4308
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 20:49:35 +01:00
Jens L
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Jens Langhammer
c4bb51469b
website/docs: prepare 2022.12.2
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:15:15 +01:00
Jens Langhammer
82184b2882
web/flows: fix alternate captchas not loading
...
closes #4321
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:49:41 +01:00
Jens Langhammer
c8bd0fbb1c
website/docs: prepare 2022.12.1 release
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:59:05 +01:00
Jens Langhammer
c99798b1f2
website/docs: update release notes, remove duplicate files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:28:15 +01:00
Jens Langhammer
0e6400bfea
web/admin: improve user/group UX for adding/removing users to and from groups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 12:55:38 +01:00
Jens Langhammer
b16d1134ea
core: add endpoints to add/remove users from group atomically
...
closes #4252
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
Jens Langhammer
1615723f10
website/docs: update release notes for 2022.12
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:38 +01:00
sev
f9b46145de
website/docs: Clarify request.user and add link to Django docs ( #4287 )
...
* Clarify request.user and add link to doc
Signed-off-by: sev <git@sev.monster>
* rephrase a bit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sev <git@sev.monster>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:30 +01:00
Jens Langhammer
7046944bf6
website: link CVE and attribute reporter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:17:17 +01:00
Jens Langhammer
716584bbae
website: update release notes for CVEs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:21:02 +01:00
Jens L
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens L
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00