Commit graph

2885 commits

Author SHA1 Message Date
sdimovv 8d13235b74
blueprints: fixed bug causing filtering with an empty query (#4106)
* Fixed bug causing filtering with an empty query

Fixed bug allowing blueprint import to filter for existing models using an empty query.

The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. 

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* Added support for using dict fields as blueprint entry identifiers

* Disabled pylint too-many-locals for _validate_single

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
Jens Langhammer 44bf9a890e release: 2022.11.3 2022-12-02 23:00:59 +02:00
Jens Langhammer 58cd6007b2 Merge branch 'version-2022.11' 2022-12-02 18:12:38 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
sdimovv 1f7d52c5ce
blueprints: Support nested custom tags in !Find and !Format tags (#4127)
* Added support for nested tags to !Find and !Format

* Added tests

* Fix variable names

* Added docs

* Fixed small mistake in tests

* Fixed variable names

* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
Jens Langhammer 3251bdc220 events: improve handling creation of events with non-pickleable objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
Jens Langhammer 2a4daa5360 release: 2022.11.2 2022-12-01 10:41:29 +02:00
Jens Langhammer e1a6dede54 *: backport CVE-2022-46145 fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
Jens Langhammer cf40e5047e policies: don't log context when policy returns None
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
Jens Langhammer d5329432fe lib: fix uploaded files not being saved correctly, add tests
closes #4110 #4109 #4107

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
sdimovv 5156aeee0f
policies/password: Always add generic message to failing zxcvbn check (#4100)
* Always add generic message to failing zxcvbn password policy

Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.

For example:
```
$ echo  'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password: 
  "score": 3,
  "feedback": {
    "warning": "",
    "suggestions": []
  }
}
```

As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. 

There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.

I personally prefer 1. This way the generic message will  be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.



Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/policies/password/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* fix black formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
Jens Langhammer e22fce02f8 stages/authenticator_validate: improve validation for not_configured_action
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
Jens Langhammer e2bd96c5de stages/authenticator_validate: fix validation to ensure configuration stage is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
Jens Langhammer f8ef2b666f events: fix incorrect EventAction being used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
Jens Langhammer a9909fcf6d providers/oauth2: set amr values based on login event
closes #4070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00
Jens Langhammer 1fa9b3a996 providers/saml: set AuthnContextClassRef based on login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
2022-11-25 11:21:45 +01:00
Jens Langhammer 5019346ab6 events: save login event in session after login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
2022-11-25 11:21:00 +01:00
Jens Langhammer f22f1ebcde stages/authenticator_validate: save used mfa devices in login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 10:47:49 +01:00
Jens Langhammer 1c2cdfe06a web/flows: improve error messages for failed duo push
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
Jens Langhammer d0308a8239 stages/authenticator_validate: log duo error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:43 +01:00
Jens Langhammer 6843c8389b stages/authenticator_duo: fix imported duo devices not being confirmed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:34 +01:00
Jens Langhammer 3a13d19695 release: 2022.11.1 2022-11-22 21:42:10 +01:00
Jens Langhammer ed7bef9dbf blueprints: open fixtures in read only mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:39:30 +01:00
Jens Langhammer b9fdb63a57 core: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:02:18 +01:00
Jens Langhammer 5262d89505 core: fix tab-complete in shell
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:30:00 +01:00
Jens L ab3d47c437
blueprints: add desired state attribute to objects (#4061)
* add state attribute to delete objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests, move yaml from block to files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add state to docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
Jens Langhammer 14cd52686d stages/email: add test for email translation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3885
2022-11-22 14:14:42 +01:00
Jens Langhammer 1a39754fe9 *: don't return values in test suites
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 11:38:34 +01:00
Jens Langhammer 5b8223808e Merge branch 'version-2022.11' 2022-11-21 22:14:33 +01:00
Jens Langhammer 14f341f504 web/admin: fix error when importing duo devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
Jens Langhammer 20c1770ec4 release: 2022.11.0 2022-11-21 20:12:02 +01:00
Jens Langhammer a2e512c36c stages/authenticator_validate: add flag to configure user_verification for webauthn devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
Jens Langhammer 3c2da8138d stages/invitation: directly delete invitation now that flow plan is saved in email token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 14:55:49 +01:00
Jens Langhammer 426f0bc9dd events: deepcopy event kwargs to prevent objects being removed, remove workaround
closes #4041

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 12:31:17 +01:00
Jens Langhammer cc3ab141e5 policies: only cache policies for authenticated users
closes #4033

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00
Jens Langhammer c158ef80db *: fix remaining old cache keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:18:32 +01:00
Jens L 9f5fb692ba
sources: add custom icon support (#4022)
* add source icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to oauth form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to other browser sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add migration, return icon in UI challenges

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* deduplicate file upload

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
Jens Langhammer d67ec1b62f lib: fix complex objects being included in event context for ak_create_event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:51:02 +01:00
Jens Langhammer e5241ac574 core: fix error when propertymappings return complex value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:28:15 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens L 55aa1897af
root: use single redis db (#4009)
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens Langhammer 9f269faf53 stages/authenticator_*: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
Jens Langhammer 9bde7ef59e Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
closes #4008

This reverts commit 538c2ca4d3.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/stages/authenticator_static/stage.py
#	authentik/stages/authenticator_totp/stage.py
2022-11-15 11:35:53 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002)
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
dependabot[bot] 4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864)
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye

Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump project

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump deps

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump ci to 3.11

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
sdimovv 5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded (#3990)
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
Jens Langhammer 3306003f0e providers/oauth2: fix inconsistent expiry encoded in JWT
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
Daniel 85c790728f
core: simplify group serializer for user API endpoint (#3899)
* core/api: Adding simple group serializer to improve user retrieval performance

Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.

* core/api: Update schema

Update to the schema based on the new SimpleGroupSerializer

* core/api: Fix black and pylint

* make naming consistent, remove unnecessary fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
Jens Langhammer 47132faffb root: relicense and launch blog post
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
Jens Langhammer cd0d898a4b events: sanitize generator for json safety
closes #3903

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
Jens Langhammer 400751ed3c api: fix missing scheme in securitySchemes
closes #3883

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-29 18:50:34 +02:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
Jens Langhammer 841c13ed77 core: set prehydrated locale based on active backend locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
Jens L 30d708dd1f
core: explicitly enable locales (#3889)
* activate locales

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set locale for email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
Jens Langhammer 9d0a7578ec flows: fix error due to not validating error challenge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
Jens Langhammer f8fab14e1e core: refactor MessageStage to not use dynamic class
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
Jens Langhammer 6b35d0c70b core: check if session is authenticated before showing linked message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
Jens Langhammer dd65862bf2 core: show success message when authenticating/enrolling after flow is finished
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
Jens Langhammer 6ea57921f2 sources/saml: set username field to name_id attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
Jens Langhammer b0d4f035f1 blueprints: fix error when cleaning up unset attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 22:12:59 +02:00
Jens Langhammer 661d2ec701 Merge branch 'version-2022.10' 2022-10-21 22:11:04 +02:00
Jens Langhammer 3f570bb96d blueprints: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 20:18:02 +02:00
Jens Langhammer 89dc46a7ff release: 2022.10.0 2022-10-21 19:42:38 +02:00
Jens Langhammer a1ce8100e9 stages/identification: log invalid_login similar to event for easier log parsing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3715
2022-10-20 19:31:22 +02:00
Jens Langhammer 13d975a258 flows: fix error when opening inspector with no history
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 19:30:56 +02:00
Jens Langhammer 782fec0eb9 flows: use stripped down flow serializer for flow_set to optimise loading time
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 09:56:08 +02:00
Jens L cfad472e1b
flows: optimise queries (#3818)
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens Langhammer 9e3bf94547 flows: optimise flow API loading speed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:29:06 +02:00
Jens L b06a3a8f9f
admin: add authorisations metric (#3811)
add authorizations metric

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
dependabot[bot] 167695d4b1
core: bump channels from 3.0.5 to 4.0.0 (#3799)
* core: bump channels from 3.0.5 to 4.0.0

Bumps [channels](https://github.com/django/channels) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0)

---
updated-dependencies:
- dependency-name: channels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add daphne

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:34:27 +02:00
Jens Langhammer 3e1490dcac providers/saml: don't attempt verification of SAML request when no verification certificate is configured
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:26:04 +02:00
Jens Langhammer 6bff6a2a1a core: fallback to empty user object for PropertyMappingEvaluator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:03:26 +02:00
Jens L 0efee2a660
flows: improved import (#3807)
* return logs when importing flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve error handling, show logs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
Jens L b85be12567
providers/oauth2: fix issues with es256 and add tests (#3808)
fix issues with es256 and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:29 +02:00
Jens Langhammer 96a30af0eb sources/oauth: allow overriding of all scopes
closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
Jens Langhammer 76531589dd core: fix title in generic error template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:22 +02:00
Jens Langhammer 2112b5b26b root: add global fallback throttle
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:51:36 +02:00
Jens Langhammer a3cc844e25 crypto: fix cert_expiry not having the correct format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:32:02 +02:00
Jens Langhammer 53aef73f58 flows: optimise queries for flow and stage API endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 11:54:31 +02:00
Jens L 363872715d
sources/saml: revamp SAML Source (#3785)
* update saml source to use user connections, add all attributes to flow context

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* check for SAML Status in response, add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* package apple icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add webui for connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Jens Langhammer 74a0e27a8c blueprints: fix error when exporting objects with lazily translated strings
closes #3482

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 14:31:44 +02:00
Jens Langhammer 0ca1368dcc sources/saml: improve error handling for missing assertion and missing subject
closes #3784

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 13:56:39 +02:00
Philipp Kolberg 2980c5884f
root: Add setting to adjust database config for pgbouncer (#3769)
* Add setting to adjust database config for pgbouncer

* docker-compose.yml cleanup

Delete pgbouncer setting as false is the default value

* Cleanup docker-compose.yml

Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780)
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens Langhammer e5e6c33b2d providers/oauth2: fix expires_in not being an int
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 14:25:30 +03:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334)
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens Langhammer 00a6c2a40b sources/oauth: improve error messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:28:25 +03:00
Jens Langhammer 239092b872 core: fix messages not being shown when no client is connected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
dependabot[bot] 34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 (#3752) 2022-10-10 11:26:49 +02:00
lvoegl 3ecc715e91
sources/oauth: add Twitch OAuth source (#3746)
* sources/oauth: add Twitch OAuth source

Signed-off-by: Lukas Vögl <lukas@voegl.org>

* website/integrations: add Twitch OAuth source documentation

Signed-off-by: Lukas Vögl <lukas@voegl.org>

Signed-off-by: Lukas Vögl <lukas@voegl.org>
2022-10-10 10:59:07 +02:00
Jens Langhammer 9bbe8e6c57 providers/oauth2: save full IDToken to database, only use to_dict for encoding final token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-08 15:06:17 +03:00
Jens Langhammer b2a658d091 providers/oauth2: remove c_hash and nonce claim if they're not set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 17:07:33 +03:00
Jens Langhammer ce085a029d providers/oauth2: exclude at_hash claim if not set instead of being null
closes #3739

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 10:10:53 +03:00
Jens Langhammer 93e90f8f50 crypto: fix import_certificate checking private key as certificate
closes #3713

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-02 00:31:14 +02:00
Jens L 44e4f2e561
crypto: make certificate parsing optional for crypto api (#3711) 2022-10-01 00:06:00 +02:00
Jens L cca0f60bda
root: decrease default token size to 60 chars for compatibility (#3710)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2614
2022-09-30 23:12:51 +02:00
Jens Langhammer d8a98e71bd outposts: fix indentation in generated SSH Config 2022-09-29 09:23:27 +00:00
Jens Langhammer 7c0754000c providers/oauth2: add all hardcoded claims to claims_supported list
closes #3702

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:27:46 +02:00
Jens Langhammer 43a5aaa9df stages/email: don't check that email templates exist on startup
#3692

this runs on both server and worker where only the worker needs to have the email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:52:54 +02:00
Jens Langhammer cd1a36fec4 root: save email template directory in config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:51:34 +02:00
Jens L df4200992c
outposts: remote docker ssh fixes (#3691)
* improve error logging for SSH connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* "fix" host key checking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 12:10:40 +02:00
Jens Langhammer 50819ae0f0 *: improve error handling in ldap outpost, ignore additional errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-23 22:11:47 +02:00
Jens Langhammer 2cfba36cb7 release: 2022.9.0 2022-09-23 12:33:01 +02:00
Jens Langhammer 81e820b6e6 flows: fix invalid graph generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 10:53:29 +02:00
Jens L b16a3d5697
internal: use config system for workers/threads, document the settings (#3626)
use config system for workers/threads, document the settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens L 1583d53e54
web: use mermaidjs (#3623)
* flows: move flow diagram logic to separate file

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* idk

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make web component work

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove subgraph for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add denied connection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* wrong list

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use custom styles

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* i18n

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typing issues, make diagram centered

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:58:23 +02:00
Jens L 2bd10dbdee
tests: use create_test_flow where possible (#3606)
* use create_test_flow where possible

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix and add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove unused websocket stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "remove unused websocket stuff"

This reverts commit fc05f80951.

* keepdb for make test

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for notification transports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 13:16:53 +02:00
Jens L be64296494
stages/authenticator_duo: improved import (#3601)
* prepare for duo admin integration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make duo import params required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI to import devices

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rework form, automatic import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* limit amount of concurrent tasks on worker

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* load tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix API codes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests and such

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make stage better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic stage test

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
Jens L 4a91a7d2e2
web: re-organise frontend and cleanup common code (#3572)
* fix repo in api client

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: re-organise files to match their interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: include version in script tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup maybe broken

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert rename

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: get rid of Client.ts

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move more to common

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more moving

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* unfuck files that vscode fucked, thanks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* finish moving (maybe)

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ok more moving

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more stuff that vs code destroyed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* get rid "web" prefix for virtual package

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix locales

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use custom base element

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix css file

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't run autoDetectLanguage when importing locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix circular dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix build

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-15 00:05:21 +02:00
Jens Langhammer 9f5c019daa core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00
Jens Langhammer 84c08dca41 stages/user_write: log discarded keys as warning
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 20:21:37 +02:00
Jens Langhammer 6b8b596c92 stages/identification: set primary_action based on flow designation
closes #3589

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 10:30:49 +02:00
Jens Langhammer 359da6db81 Revert "flows: always mark component field as required in Challenge and ChallengeResponses"
This reverts commit b35b225453.
2022-09-11 23:13:51 +02:00
Jens Langhammer 7f8afad528 *: fix API Schema generation warnings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:08:31 +02:00
Jens Langhammer b35b225453 flows: always mark component field as required in Challenge and ChallengeResponses
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:59 +02:00
Jens Langhammer 0ff2ac7dc2 api: fix schema not referencing errors correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:26 +02:00
Jens Langhammer 8b4a7666f0 stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
closes #3288

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 21:43:29 +02:00
Jens Langhammer ae9dbf3014 blueprints: fix error caused by overriding rest_framework's instance attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 14:34:43 +02:00
Jens Langhammer 4c4d87d3bd blueprints: validate instance before creating in metaapplyblueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:58:54 +02:00
Jens Langhammer a407334d3b providers/oauth2: use @method_decorator instead of decorating in urls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:26:17 +02:00
Jens Langhammer 5026cebf02 stages/consent: default to expiring consent instead of always_require
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:25:28 +02:00
Jens Langhammer 2e2ab55f9e *: cleanup stray print calls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:53 +02:00
Jens Langhammer 28835fbca7 root: re-use custom log helper from config and cleanup duplicate functions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:31 +02:00
Jens Langhammer aabb8af486 tenants: handle all errors in default_locale
closes #3457

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 00:56:12 +02:00
Jens L 7517d612d0
providers/oauth2: add x5c (#3556)
* add x5c, x5t and x5t#S256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* strip trailing = to fix encoding issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-08 23:30:05 +02:00
Jens L 62f93c83d4
ci: update pyright (#3546) 2022-09-07 00:23:25 +02:00
Jens Langhammer 03a3f1bd6f crypto: add command to import certificates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3544
2022-09-06 19:39:10 +02:00
Jens Langhammer 60266b3345 flows: migrate FlowExecutor error handler to native challenge instead of shell
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 18:48:15 +02:00
Jens Langhammer 2a4679e390 flows: fix incorrect diagram for policies bound to flows
closes #3534

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 10:24:13 +02:00
Jens Langhammer eed958b132 stages/authenticator_duo: fix schema not declaring request body correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-05 22:00:02 +02:00
Jens Langhammer 12c318f0b1 sources/ldap: start_tls before binding but without reading server info
with read_server_info=True (default), this errors out on active directory

closes #3509 #1049

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 14:04:08 +02:00
Jens Langhammer f68ed3562e core: fix custom favicon not being set correctly on load
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 00:24:51 +02:00
Jens L f2f22719f8
core: improve error template (#3521) 2022-09-03 19:46:37 +02:00
Jens Langhammer 242423cf3c internal: remove sentryhttp from main server mux to prevent double traces
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
Jens Langhammer d9775f2822 blueprints: don't export events by default and exclude anonymous user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:32:02 +02:00
Jens Langhammer 398eb23d31 blueprint: fix EntryInvalidError not being handled in tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:08:38 +02:00
Jens L abca435337
blueprints: OCI registry support (#3500)
* blueprints: add ability to load blueprints via OCI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix inheritance check for meta models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add oci tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-30 14:08:26 +02:00
Jens L 54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
* add meta model to apply blueprint within blueprint for dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use custom registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix again

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move ManagedAppConfig to apps.py

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rename manager to registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use full tag in comment

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 21:20:58 +02:00
Jens Langhammer d3466ceef8 blueprints: use correct log level when re-logging import validation logs
closes #3483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 16:07:48 +02:00
Jens Langhammer 5886688fae core: make request in context optional for Applications API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3482
2022-08-28 15:59:34 +02:00
Jens Langhammer c3c8cbf7ef events: save event to test notification transport
closes #3485

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 15:39:42 +02:00
Jens Langhammer 83eaac375d sources/oauth: use GitHub's dedicated email API when no public email address is configured
closes #3472

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-26 21:21:41 +02:00
Jens Langhammer 3eb3a9eab9 *: remove remaining default creation code in squashed migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-24 23:02:34 +02:00
Jens Langhammer a099b21671 lib: reset settings when error is raised in patch
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:21:28 +02:00
Jens Langhammer b9294fd9ad blueprints: fix unbound error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:15:48 +02:00
Jens Langhammer 13a302cdad sources/oauth: use UPN for username with azure AD source
closes #3468
breaking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:55:25 +02:00
Jens Langhammer e994a01e80 blueprints: handle blueprints without metadata
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:54:56 +02:00
Jens Langhammer d49431cfc7 events: reset task info when not saving on success
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:22:14 +02:00
Jens Langhammer ce2ce38b59 blueprints: improve error messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:21:57 +02:00
Jens Langhammer 2af4f28239 stages/invitation: don't use uuid.hex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:46 +02:00
Jens Langhammer 1419910b29 blueprints: fix duplicate tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:30 +02:00
Jens Langhammer 649835cc61 events: fix MonitoredTasks' save_on_success not behaving as expected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:13:41 +02:00
Jens Langhammer 917c4ae835 ci: fix typos
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:49:23 +02:00
Jens Langhammer ca2fce8be2 blueprints: always set metadata when attempting to apply
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:48:01 +02:00
Jens Langhammer 15c34c6f1f release: 2022.8.2 2022-08-19 15:59:53 +01:00
Jens Langhammer 0ab8f4eed7 blueprints: add required password stage backends
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 15:59:41 +01:00
Jens Langhammer 810c04bacf blueprints: don't suggest models not inheriting serializermodel in schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:26:15 +01:00
Jens Langhammer 0cc83c23c4 providers/proxy: fix duplicate proxy set default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 21:13:45 +01:00
Jens Langhammer fdb8fb4b4c providers/oauth2: fix oauth2 requests being logged as unauthenticated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:26:12 +02:00
Jens Langhammer 9d58407e25 blueprints: remove _state from exporter blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 19:25:02 +02:00
Jens Langhammer f4441c9fcf providers/proxy: trigger proxy set_defaults task on startup
closes #3445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 0e9762072a blueprints: keep more modular state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 0cfffa28ad blueprints: fix exporter not ignoring non-SerializerModel objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 1ad4c8fc29 outposts: fix log level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer fb5eb7b868 sources/oauth: fix missing doseq param for updating URL query string
closes #3374

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:34:20 +02:00
Jens Langhammer 198c940a80 core: fix pre-hydrated config not being escaped properly
closes #3442

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00
Jens L 1adc6948b4
blueprints: allow for adding remote blueprints (#3435)
* allow blueprints to be fetched from HTTP URLs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove os.path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add validation for blueprint path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 23:00:47 +02:00
Jens L e87236b285
blueprints: add generic export next to flow exporter (#3439) 2022-08-17 17:57:59 +01:00
Jens Langhammer 846b63a17b *: remove some very verbose logging messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
Jens Langhammer 1281e842d1 events: fix false-y values being stripped
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 22:29:36 +02:00
Jens Langhammer f7601d9571 events: correctly handle lists for cleaning/sanitization
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:47:30 +02:00
Jens Langhammer 4d9c9160e7 events: fix sanitize_dict not working on list items
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:24 +02:00
Jens Langhammer ad1f913e54 blueprints: add wrapper to get blueprints as dict
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:05 +02:00
Jens Langhammer 3da0233c40 Revert "blueprints: fix issue in prod setups with encoding dataclasses via celery"
This reverts commit ff788edd9b.
2022-08-16 21:21:47 +02:00
Jens Langhammer ff788edd9b blueprints: fix issue in prod setups with encoding dataclasses via celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 20:59:36 +02:00
Jens Langhammer aea0958f3f blueprints: add default status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 17:51:22 +02:00
Jens Langhammer 435d126a1c release: 2022.8.1 2022-08-16 16:23:36 +02:00
Jens Langhammer e8b30b75d2 root: override blueprints_dir for testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 15:50:58 +02:00
Jens Langhammer e9c1276634 blueprints: use relative path in @apply_blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 14:20:45 +02:00
Jens Langhammer 6000a33a8e *: fix type annotations for serializer model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:23:22 +02:00
Jens Langhammer 4c9878313c sources/oauth: correctly concatenate URLs to allow custom parameters to be included
closes #3374

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
Jens Langhammer 54c16129ea stages/authenticator_duo: revamp duo enroll status API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3288
2022-08-08 20:38:06 +02:00
Jens Langhammer 872c18dddc blueprints: don't use example label, add more tags and tests for tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
Jens Langhammer 2fa6cf855d stages/consent: simplify logic, correctly update existing consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
Jens Langhammer 3b86144ae5 stages/*: use stage-bound logger when possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
Jens Langhammer f01f10c5e5 providers/oauth2: don't separate scopes by comma-space
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
Jens Langhammer e1249d3760 providers/oauth2: fix scopes without descriptions not being saved in consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
Jens Langhammer dcbf106daa blueprints: add !Context to lookup things from instance context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L 89fef0ae72
blueprints: docs (#3376)
* further blueprint cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make group users and parent optional

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix api client usage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer 85640d402f internal: fix race conditions when accessing settings before bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L ec42d378ab
blueprints/cleanup (#3369) 2022-08-05 08:39:00 +02:00
Jens L 2ce8e18bab
internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3360

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot] 9a9c826c0b
core: bump django from 4.0.6 to 4.1 (#3368)
* core: bump django from 4.0.6 to 4.1

Bumps [django](https://github.com/django/django) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.6...4.1)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L d1004e3798
blueprints: webui (#3356) 2022-08-03 00:05:49 +02:00
Jens Langhammer 2bd29e2fdd *: improve error handling for startup tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer 3cd0a782af blueprints: correctly load on fresh install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L a023eee9bf
blueprints: migrate from managed (#3338)
* test all bundled blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix empty title

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix default blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add script to generate dev config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate managed to blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more to blueprint instance

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrated away from ObjectManager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix a bit more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* whops

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *sigh*

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* scheduled

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* run discovery on start

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* oops this test should stay

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer 7a05c6faef stages/consent: fix error when requests with identical empty permissions
closes #3280

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L 553989d17f
flows/stages/consent: fix for post requests (#3339)
add unique token to consent stage to ensure it is shown

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L 89c84f10d0
blueprints: v1 (#1573)
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L 882250a85e
flows: migrate flows to be yaml (#3335)
* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer fcf4657833 providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L 393d7ec486
providers/proxy: no exposed urls (#3151)
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source (#3299)
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer 1dcec17a58 sources/oauth: only send header authentication for OIDC source
closes #3327

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer d6b1a22563 core: fix import order
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer cada292e00 core: pre-hydrate config into templates to directly load correct assets
closes #3228

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer 83eba36f8d core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
closes #3237

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer b82a142745 stages/authenticator_sms: use twilio SDK, improve docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer 2a42c203b2 stages/authenticator_totp: remove single device per user limit
closes #3281

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer ade2d4879c stages/authenticator_duo: fix imported Duo Device not having a name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer e14798dcdc core: import all models into shell
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer 0248755cda stages/authentiactor_validate: improve error handling for duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer 1f90359310 root: fix broken traceback logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer 008fc19f0d root: fix log fields being overwritten in celery task logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer 277df4f04f stages/prompt: fix tests for file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer de26c65fa0 core: add attributes. avatar method to allow custom uploaded avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2631
2022-07-26 21:42:41 +02:00
dependabot[bot] bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 (#3294)
* core: bump structlog from 21.5.0 to 22.1.0

Bumps [structlog](https://github.com/hynek/structlog) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0)

---
updated-dependencies:
- dependency-name: structlog
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* migrate threaedlocal to contextvars

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer 1880f98fa1 sources/oauth: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer dae6493a3e release: 2022.7.3 2022-07-20 09:37:43 +02:00
Jens Langhammer f909b86338 stages/consent: fix permimssions for consent API (allow owner to delete) 2022-07-19 16:41:34 +00:00
Jens Langhammer 327df6529b sources/oauth: use oidc preferred_username if set, otherwise nickname 2022-07-19 16:41:10 +00:00
Jens Langhammer 658dc63c4c lifecycle: revert waiting for lock, launch managed reconcile on app import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer 549f6f2077 providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L e9d9d658c4
lifecycle: make worker wait for migrations to be done (#3254)
* lifecycle: make worker wait for migrations to be done

* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer 9a9ba2560b core: delete expired models when filtering instead of excluding them
closes #3233

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer 47434cd62d stages/prompt: try to base64 decode file, fallback to keeping value as-is
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer ff500b44a6 stages/prompt: force required to false when using readonlyfield
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer 8e19fb3a8c release: 2022.7.2 2022-07-06 20:31:48 +02:00
Jens Langhammer d497db3010 flows: fix OOB flow incorrectly setting pending user
closes #3224

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer 24f95fdeaa tenants: fix tests for current tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer d1c4818724 policies: improve api test coverage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L 49cce6a968
stages/prompt: add basic file field (#3156)
add basic file field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer 0a73e7ac9f tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer 3344af72c2 outposts: cleanup user handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer f316a3000b release: 2022.7.1 2022-07-04 21:10:20 +02:00
Jens Langhammer 6a497b32f6 core: use Exception for fallback case in flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer 14a4047bdd flows: show messages from ak_message when flow is denied
fallback to same generic message

closes #3197

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L 17d33f4b19
flows: denied action (#3194) 2022-07-02 17:37:57 +02:00
Jens L c39a5933e1
core: create FlowToken instead of regular token for generated recovery links (#3193)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2749
2022-07-02 14:17:41 +02:00
Jens L 5e3f44dd87
flows: add shortcut to redirect current flow (#3192) 2022-07-01 23:19:41 +02:00
Jens Langhammer 1c64616ebd sources/ldap: add configuration for LDAP Source ciphers
closes #3110

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer d11ce0a86e providers/proxy: set default scopes based on managed attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer 766ceda57a core: re-create anonymous user when repairing permissions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer e758c434ea web: ignore module load errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer 90e3ae9457 *: define prometheus metrics in apps to prevent re-import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer 56fd436e5d web: fix redirect when accessing authentik URLs authenticated
closes #3174

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer ea60c389be providers/saml: include SSO Binding URLs in Provider API
closes #3179

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer 983882f5a0 providers/oauth2: ensure refresh tokens are URL safe
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
2022-06-30 12:43:08 +02:00
Jens L c5a2831665
api: add basic jwt support with required scope (#2624)
* api: add basic jwt support with required scope

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: only set auth_via when actually authenticating via token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* save consented permissions in user consent, re-prompt when new permissions are required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate special scope map

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more api auth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* build web api in e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* link generated client instead of copying

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L 504338ea66
web/admin: application wizard (part 1) (#2745)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove log

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use form for all type wizard pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic wizard actions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make resets work

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add hint in provider wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* render correct icon in empty state in table page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve empty state

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add group PK to service account creation response

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use wizard-level isValid prop

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-add old buttons

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer f28509608b core: mark session as modified instead of saving it directly to bump expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer 6c9dc7a15b providers/oauth2: fix OAuth form_post response mode for code response_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer b6267fdf28 *: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer 1f0fc0a6a2 Merge branch 'version-2022.6' 2022-06-20 10:19:25 +02:00
Jens Langhammer 9201fc1834 release: 2022.6.3 2022-06-19 22:01:06 +02:00
Jens Langhammer 1faba11a57 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-19 21:37:20 +02:00
9p4 f0c72e8536 providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer 91f91b08e5 core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L caed306346 providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer 59b899ddff internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer 85784f796c root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer b42eb9464f lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L 6559fdee15 stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer 3455bf3d27 policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer 0d96e68c1e core: add limit of 20 to group recursion
closes #3116

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer 7caac1d0c7 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-18 13:13:36 +02:00
9p4 45364d6553
providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer 2298eb124f core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer e892ed14da providers/oauth2: include source's user path in M2M created users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L 1c62a3db6e
core: user paths (#3085)
* init

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add user_path_template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to sources and flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add outposts & api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dark theme for treeview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add search

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs and tests for validation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to user write stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L 6821402fef
providers/oauth2: remove deprecated verification_keys (#3071)
remove verification_keys

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L 8dbb0bd2c6
providers/oauth2: token revoke (#3077) 2022-06-11 18:49:16 +02:00
Jens L 0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer bdf76bb4b7 internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer 74ce9cc6fd root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer 5e2d647a6c core: trigger bootstrap tasks in server if we're debugging
closes #3040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer 7beebe030d lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L 66f4a31b4c
stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer 039d896dee policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer ff2baf502b release: 2022.6.2 2022-06-07 21:36:18 +02:00
Jens Langhammer 23023ec727 providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer 7d84a71a01 stages/authenticator_validate: fix double-negation of password-less check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer 9add8479ca stages/authenticator_validate: fix error in passwordless webauthn
closes #3050

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer ca40d31dac *: make user logging more consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier 2dfa6c2c82
core: add setting to open application launch URL in a new browser tab (#3037)
* core: add setting to open application launch URL in a new browser tab

* core: fix failing applications unit tests

* core: fix formatting

* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer c11435780d sources/oauth: fix twitter client missing basic auth
closes #3038

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer 817d538b8f core: add additional filters to source viewset
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer 210775776f core: add slug to built-in source
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer b26111fb42 events: fix error when attempting to create event with GeoIP City in context
closes #2709

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer 67d54c5209 release: 2022.6.1 2022-06-04 21:23:33 +02:00
Jens L fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context (#3039)
* use custom login failed signal, also send for mfa errors, add stage and more to context

closes #3027

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include device class in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L 36cbc44ed6
migrate to main (#3035)
closes #3032

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L 0c591a50e3
*: don't dispatch tasks on startup of server (#3033)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L 7ee655a318
core: add bootstrap variables with authentik prefix for helm charts (#3031)
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer eba339ba27 core: improve loading speed of flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer 558c7bba2a lib: add lxml wrapper
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer 8cd1a42fb9 *: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L c0cb891078
stages/authenticator_sms: verify-only (#3011) 2022-06-01 23:16:28 +02:00
Jens L fc1c1a849a
stages/*: use bound logger (#3012)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L 2c6d82593e
root: cleanup session keys to use common format (#3003)
cleanup session keys to use common format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer 34bcc2df1a root: disable session_save_every_request as it overwrites the session with old data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer b4d528a789 policies: fix incorrect bound_to count
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer a0397fdcf4 events: set default transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L 8faa1bf865
events: add local transport mode (#2992)
* events: add local transport mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default local transport

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer fc75867218 events: ignore session model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L 3eb466ff4b
lifecycle: cleanup prometheus (#2972)
* remove high cardinality labels

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* retry worker number for prometheus multiprocess id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert to pid, use subdirectories

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing app label

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: remove static names

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L 9f2529c886
stages/authentiactor_validate: cookies (#2978)
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L fb25b28976
core: db sessions (#2979)
* use db session backend

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: wrap session cookie in JWT and add useful claims

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix compatibility with tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use standard session key for writing in sessions too

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer fb69f67f47 *: cleanup vendor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer 18b48684eb providers/oauth2: add configuration error event when wrong redirect uri is used in token request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer 098b0aef6e *: use create_test_admin_user for all unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer 082df0ec51 Merge branch 'version-2022.5'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/oauth2/views/token.py
#	web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer 1883402b3d release: 2022.5.3 2022-05-28 12:04:26 +02:00
Jens Langhammer 1b3aacfa1d providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer 2b68363452 providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer 6105956847 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer 4ff32af343 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer 972868c15c providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer 0bc57f571b api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer a81d5a3d41 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer 34ef4af799 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer 5da47b69dd providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer 0e0dd2437b providers/oauth2: handle attribute errors when validation JWK contains private key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer e42386b150 api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer ef219198d4 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer cc744dc581 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer 816b0c7d83 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer 56babb2649 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L b8fdda50ec ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer 4a9b788703 providers/oauth2: set related_name for many-to-many so used by detects the connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L 80c1dbdfbb
ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L b4e75218f5
sources/oauth: OIDC well-known and JWKS (#2936)
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer 482491e93c core: fix username validator not allowing changes that can be done via flows
closes #2755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer 61a876b582 providers/saml: handle parse error
AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
Jens Langhammer 8c9748e4a0 providers/oauth2: improve error handling for invalid regular expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
Jens Langhammer b7979ad48e Revert "events: ignore silk SQLQuery object"
This reverts commit a26f25ccd6.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
Jens Langhammer 4704de937a stages/user_write: fix typo in request context variable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
Jens Langhammer 394d8e99a4 policies: improve error logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
Jens Langhammer a26f25ccd6 events: ignore silk SQLQuery object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
Jens Langhammer 63dc8fe7dc crypto: set SAN in default generated Certificate to semi-random domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
2022-05-22 23:22:06 +02:00
Jens Langhammer cfe2648b62 events: fix transport not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
Jens Langhammer 3d4a45c93f release: 2022.5.2 2022-05-21 17:17:21 +02:00
Jens Langhammer 75d6cd1674 outposts: ensure the user and token are created on initial outpost save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
Jens L 2dee8034d3
outposts: allow externally managed SSH Config for outposts (#2917) 2022-05-21 12:10:08 +02:00