23a198ddd8
allow current tenant with mobile auth (api endpoint doesn't require auth but api client sends it anyways...?)
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
7d9b66b6e6
show device state in webui
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
90606fabf9
set firebase key with checkin
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
76498a2d7b
allow setting firebase api key while sending enrollment callback
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
c90d35b113
fix geoip usage
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:05 +01:00
e496d86e2b
use uuid for mobile token
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:04 +01:00
c19e12d1e1
fix web to support string for device uuid
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:04 +01:00
41387e413f
switch to text field, add debug mode
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
edccf3331a
migrate to cloud gateway
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
97871ecd6c
re-gen migrations, implement one half of number matching
...
this also treats accept/deny as "number" matching (we call it item matching to make it more general), since it's just a more static version of selecting the correct thing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
7720c80d5b
allow mobile device token to retrieve user info
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:03 +01:00
00fb77e3da
move firebase config to db for testing
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
757d179ae5
add logic for checkin
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
c55f88d4df
implement more
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
ad5ccf8062
set device name from hostname
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
38e7a7fe59
add transaction states
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
a334d21708
move sending code into mobiletransaction model
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
47cb4603da
start checkin
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:02 +01:00
bb8a70448f
more fixes, start implementing validate
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
742b946caf
add temporary firebase
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
a239084385
fix QR
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
4114c757b9
implement more of the API
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
28e1c08800
change mobile device pk to uuid
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
e99a660a5f
move functions to device
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
31f869c2e0
fix stuff
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
a895157be1
fix lint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:01 +01:00
86b69e83e0
change enrollment to post
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
cb60fc2c7b
use more minimal payload for QR code sake
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
fc5f5ed117
initial scaffold
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 12:28:00 +01:00
2064395434
enterprise/providers/rac: add option to limit concurrent connections to endpoint ( #8053 )
...
* enterprise/providers/rac: add option to limit concurrent connections to endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: put outpost settings in group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 16:27:16 +01:00
116ac30c72
enterprise/providers/rac: add alert that enterprise is required for RAC ( #8057 )
...
add alert that enterprise is required for RAC
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 16:18:12 +01:00
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
02869d8173
stages/user_login: session binding ( #7881 )
...
* start with user_login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# authentik/root/settings.py
* fix and improve logout event
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint pass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update authenticated session when IP changes and binding doesn't break
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs, always keep old and new IP in event
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-gen api schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 01:20:23 +01:00
7778a8fab2
release: 2023.10.5
2023-12-21 15:08:13 +01:00
2521073dba
providers/scim: use lock for sync ( #7948 )
...
* providers/scim: use lock for sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-21 14:43:40 +01:00
50860d7ffe
events: add ASN Database reader ( #7793 )
...
* events: add ASN Database reader
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix test config generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* de-duplicate code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add enrich_context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to context processors?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cache
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use config deprecation system, update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update more docs and tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test asn db
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-build schema with latest versions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-20 22:16:50 +01:00
3e530cf1b5
flows: add "require outpost" authentication_requirement ( #7921 )
...
* migrate get_client_ip to middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use middleware directly without wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add require_outpost setting for flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve fallback
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-19 13:32:10 +01:00
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-18 22:07:59 +01:00
944368c4f2
events: add graph for event volume ( #7639 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-06 19:06:07 +02:00
18b2f489c0
release: 2023.10.4
2023-11-21 19:29:02 +01:00
44fc9ee80c
stages/identification: add option to pretend user exists ( #7610 )
...
* stages/identification: add option to pretend user exists
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test CI permission fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-18 01:55:48 +01:00
b5e059dfd9
root: fix API schema for kotlin ( #7601 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-17 00:07:21 +01:00
f728bbb14b
sources/ldap: add check command to verify ldap connectivity ( #7263 )
...
* sources/ldap: add check command to verify ldap connectivity
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* default to checking all sources
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding an API for ldap connectivity
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add webui for ldap source connection status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better show sync status, clear previous tasks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set timeout on redis lock for ldap sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix py lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 15:01:40 +01:00
c30a2406a9
release: 2023.10.3
2023-11-09 19:20:28 +01:00
8e72fcab59
release: 2023.10.2
2023-10-28 21:43:54 +02:00
64c38909ff
release: 2023.10.1
2023-10-26 20:06:05 +02:00
ed46fd629e
release: 2023.10.0
2023-10-26 16:51:57 +02:00
28053059ff
stages/user_write: allow setting user type when creating new user ( #7293 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-26 14:33:29 +02:00
63426bc9a8
sources/oauth: include default JWKS URLs for OAuth sources ( #6992 )
...
* sources/oauth: include default JWKS URLs for OAuth sources
makes it easier to use pre-defined types like github, google, azure with JWT M2M instead of needing to create a generic OAuth Source
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-20 16:54:03 +02:00
8aafa06259
providers/radius: TOTP MFA support ( #7217 )
...
* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 19:43:36 +02:00
Jens Langhammer