Commit Graph

104 Commits

Author SHA1 Message Date
Jens Langhammer 3c9cc9d421 Merge branch 'version-2021.7' 2021-07-24 20:07:42 +02:00
Jens Langhammer 1972464a20 tenants: make event retention configurable on tenant level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-24 20:07:12 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 8ae7403abc core: add group filter by member username and pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 19:35:41 +02:00
Jens Langhammer 8cd1223081 core: add email filter for user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:10:42 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 16:20:26 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer 6f98833150 core: allow users to create non-expiring tokens when flag is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer 4fe0bd4b6c tests/e2e: fix e2e tests for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 10:10:11 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138)
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 948db46406 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
Jens Langhammer adc4cd9c0d release: 2021.6.4 2021-07-05 16:59:29 +02:00
Jens Langhammer 320dab3425 core: only show `Reset password` link when recovery flow is configured
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:59:41 +02:00
Jens Langhammer d07704fdf1 crypto: show both sha1 and sha256 fingerprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:27 +02:00
Jens Langhammer 91f7b289cc web/admin: show oauth2 token revoked status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:04:24 +02:00
Jens Langhammer 3dc9e247d5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-02 16:23:30 +02:00
Jens Langhammer 014d93d485 root: fix mismatched version in openapi schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:34:42 +02:00
Jens Langhammer 8429dd19b2 Merge branch 'master' into inbuilt-proxy 2021-06-29 16:20:24 +02:00
Jens Langhammer c19da839b1 stages/user_write: add create_users_as_inactive flag
close #1086

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:24:54 +02:00
Jens Langhammer 2b1356bb91 flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses
closes #1079

Default value of `retry` behaves like previous version.

`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 00:22:09 +02:00
Jens Langhammer 7d9c74ce04 tenants: include all default flows in current_tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:47:49 +02:00
Jens Langhammer 60c3cf890a events: add ability to create events via API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:37:03 +02:00
Jens Langhammer 1554dc9feb outposts: make outpost managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 21:26:24 +02:00
Jens Langhammer 2b98637ca5 lib: fix regex_match result being inverted, add tests
closes #1073

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 20:06:43 +02:00
Jens Langhammer f7047df40e policies: don't use policy cache when checking application access
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 13:30:07 +02:00
Jens Langhammer cbea51ae5b stages/authenticator_duo: make Duo-admin viewset writeable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:17:26 +02:00
Jens Langhammer d9c2b64116 root: update schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 23:38:03 +02:00
Jens Langhammer 53100a72fe stages/identification: fix challenges not being annotated correctly and API client not loading data correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:28:11 +02:00
Jens Langhammer 74e578c2bf events: add tenant to event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 18:43:29 +02:00
Jens Langhammer e584fd1344 events: catch unhandled exceptions from request as event, add button to open github issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 17:22:58 +02:00
Jens Langhammer cabbd18880 core: revert check_access API to get to prevent CSRF errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 21:47:49 +02:00
Jens Langhammer 572b8d87b5 api: fix import error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:59:28 +02:00
Jens Langhammer 676b77aa7c stages/identification: add UPN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:48:39 +02:00
Jens Langhammer 8d6db0fabf flows: fix configuration URL being set when no flow is configure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:07:26 +02:00
Jens Langhammer d878d2140e providers/saml: add metadata download link to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 14:06:44 +02:00
Jens Langhammer 4766d6ff3d flows: add export URL to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:52:50 +02:00
Jens Langhammer 3a64d97040 crypto: add download links as API fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:46:12 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995)
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 11:58:12 +02:00
Jens Langhammer 2210497569 events: add EMAIL_SENT event, show sent emails in event log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:28:32 +02:00
Jens Langhammer 2addf71f37 outposts: add service connection to outpost API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 09:45:14 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
Jens Langhammer fb8d67a9d9 core: add configure_url to UserSettings for both stages and sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 19:21:27 +02:00
Jens Langhammer 029d58191e sources/saml: include metadata download link in API response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:22:03 +02:00
Jens Langhammer 75404f1345 web/admin: pass full configure flow URL instead of just boolean
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:14:54 +02:00
Jens Langhammer ba1b23c879 flows: move flow relevant info into ContextualFlowInfo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 16:53:28 +02:00
Jens Langhammer 1f35f73c66 api: add CAN_BACKUP capability
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 12:44:43 +02:00
Jens Langhammer 0032f535da core: add minor tests for users api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 01:23:04 +02:00