Jens Langhammer
aa701c5725
core: don't delete expired tokens, rotate their key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer
6f98833150
core: allow users to create non-expiring tokens when flag is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer
4fe0bd4b6c
tests/e2e: fix e2e tests for ldap provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 10:10:11 +02:00
Lukas Söder
7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. ( #1138 )
...
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.
The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.
The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.
I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.
* Add a 'fake' primary group for each user
* First attempt att adding config to interface
* Updated API to support new fields
* Refactor code, update documentation and remove obsolete comment
Simplify `GetRIDForGroup`, was a bit overcomplicated before.
Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User
Add proper support in the interface for changing gidNumber and uidNumber starting points
* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens L
7dfc621ae4
LDAP Provider: TLS support ( #1137 )
2021-07-13 18:24:18 +02:00
Jens Langhammer
adc4cd9c0d
release: 2021.6.4
2021-07-05 16:59:29 +02:00
Jens Langhammer
320dab3425
core: only show `Reset password` link when recovery flow is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:59:41 +02:00
Jens Langhammer
d07704fdf1
crypto: show both sha1 and sha256 fingerprints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:27 +02:00
Jens Langhammer
91f7b289cc
web/admin: show oauth2 token revoked status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:04:24 +02:00
Jens Langhammer
014d93d485
root: fix mismatched version in openapi schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:34:42 +02:00
Jens Langhammer
c19da839b1
stages/user_write: add create_users_as_inactive flag
...
close #1086
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:24:54 +02:00
Jens Langhammer
2b1356bb91
flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses
...
closes #1079
Default value of `retry` behaves like previous version.
`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 00:22:09 +02:00
Jens Langhammer
7d9c74ce04
tenants: include all default flows in current_tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:47:49 +02:00
Jens Langhammer
60c3cf890a
events: add ability to create events via API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:37:03 +02:00
Jens Langhammer
2b98637ca5
lib: fix regex_match result being inverted, add tests
...
closes #1073
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 20:06:43 +02:00
Jens Langhammer
f7047df40e
policies: don't use policy cache when checking application access
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 13:30:07 +02:00
Jens Langhammer
cbea51ae5b
stages/authenticator_duo: make Duo-admin viewset writeable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:17:26 +02:00
Jens Langhammer
d9c2b64116
root: update schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 23:38:03 +02:00
Jens Langhammer
53100a72fe
stages/identification: fix challenges not being annotated correctly and API client not loading data correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:28:11 +02:00
Jens Langhammer
74e578c2bf
events: add tenant to event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 18:43:29 +02:00
Jens Langhammer
e584fd1344
events: catch unhandled exceptions from request as event, add button to open github issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 17:22:58 +02:00
Jens Langhammer
cabbd18880
core: revert check_access API to get to prevent CSRF errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 21:47:49 +02:00
Jens Langhammer
572b8d87b5
api: fix import error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:59:28 +02:00
Jens Langhammer
676b77aa7c
stages/identification: add UPN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:48:39 +02:00
Jens Langhammer
8d6db0fabf
flows: fix configuration URL being set when no flow is configure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:07:26 +02:00
Jens Langhammer
d878d2140e
providers/saml: add metadata download link to api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 14:06:44 +02:00
Jens Langhammer
4766d6ff3d
flows: add export URL to API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:52:50 +02:00
Jens Langhammer
3a64d97040
crypto: add download links as API fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:46:12 +02:00
Jens L
34ae9e6dab
API: add endpoint to show by what objects an object is used ( #995 )
...
* core: add used_by API to show what objects are affected before deletion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add support for used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add authentik_used_by_shadows to shadow other models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: implement used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix duplicate imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add action field to used_by api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add UI for used_by action
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add notice to tenant form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix naming in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: check length for used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix used_by for non-pk models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: improve __str__ on models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add support for many to many in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 11:58:12 +02:00
Jens Langhammer
2210497569
events: add EMAIL_SENT event, show sent emails in event log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:28:32 +02:00
Jens Langhammer
2addf71f37
outposts: add service connection to outpost API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 09:45:14 +02:00
Jens L
dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain ( #971 )
...
* outposts: initial cookie domain implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add cookie domain setting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: replace forward_auth_mode with general mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: rebuild proxy provider form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: re-add forward_auth_mode for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix data.mode not being set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: always set log level to debug when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: use new mode attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only ingress /akprox on forward_domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix error on ProxyProviderForm when not using proxy mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix default for outpost form's type missing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add additional desc for proxy modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix service account permissions not always being updated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: fix redirecting to incorrect host for domain mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling for network errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: fix image naming not matching main imaeg
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: fix redirects for domain mode and traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix colour for paragraphs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix consent stage not showing permissions correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add domain-level docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix broken links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: remove dead code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix missing id for #header-text
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
Jens Langhammer
fb8d67a9d9
core: add configure_url to UserSettings for both stages and sources
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 19:21:27 +02:00
Jens Langhammer
029d58191e
sources/saml: include metadata download link in API response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:22:03 +02:00
Jens Langhammer
75404f1345
web/admin: pass full configure flow URL instead of just boolean
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:14:54 +02:00
Jens Langhammer
ba1b23c879
flows: move flow relevant info into ContextualFlowInfo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 16:53:28 +02:00
Jens Langhammer
1f35f73c66
api: add CAN_BACKUP capability
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 12:44:43 +02:00
Jens Langhammer
0032f535da
core: add minor tests for users api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 01:23:04 +02:00
Jens Langhammer
f5dbdbd48b
*: add clear param to file upload API to delete stored file and reset field
...
closes #949
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 21:33:03 +02:00
Jens Langhammer
86b450c6d1
flows: add compatibility_mode to toggle ShadyDOM
...
closes #894
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:04:30 +02:00
Jens Langhammer
0b90cfcec4
flows: set default background in code not model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 19:38:13 +02:00
Jens Langhammer
24da24b5d5
stages/identification: allow setting of a password stage to check password and identity in a single step
...
closes #970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 16:05:03 +02:00
Jens Langhammer
ed3859800c
core: improve API validation for Application's set_icon_url (fix JSON Syntax Error)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 00:39:56 +02:00
Jens Langhammer
cec47c3cfc
providers/oauth2: show id_token issues for refresh token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 22:05:04 +02:00
Jens Langhammer
3ea2b16a12
tenants: add separate field for favicon url
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:31:04 +02:00
Jens Langhammer
6d0e0cbe5a
outposts: improve validation of providers (must match outpost type)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 16:04:41 +02:00
Jens Langhammer
e24a9e3119
policies: fix missing negate flag of policy bindings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-31 11:50:29 +02:00
Jens L
fb6242d2d3
Merge pull request #941 from goauthentik/authenticated-sessions
...
Session management
2021-05-30 15:12:49 +02:00
Jens Langhammer
0e8d9aa45d
api: add System info API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:01:20 +02:00
Jens Langhammer
66a04aeec5
api: add can_geo_ip capability
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 01:02:03 +02:00