trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
11141 commits 95 branches 330 tags 336 MiB
Commit graph

2795 commits

Author SHA1 Message Date
Jens Langhammer b2d272bf6f
api: fix lint 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 20:19:03 +01:00
Jens Langhammer 31ef6fb6a6
core: delete session when user is set to inactive 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 16:24:30 +01:00
Jens Langhammer c9c059a008
api: ensure user is active when authenticating 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 16:24:30 +01:00
Jens Langhammer 9397598376
release: 2023.1.2 2023-01-23 14:25:55 +01:00
Jens Langhammer 91ffe4e7f9
stages/user_write: fix migration setting wrong value, fix form 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 14:05:41 +01:00
Jens Langhammer 430a207865
release: 2023.1.1 2023-01-23 11:34:58 +01:00
Jens Langhammer 1ce2a1b846
stages/email: update tests 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 10:43:49 +01:00
Loan J 4731ccfafe
stages/email: fix a typo in email template (#4485) 
fix a typo in main content

Signed-off-by: Loan J <joliveau.loan@gmail.com>

Signed-off-by: Loan J <joliveau.loan@gmail.com>
 2023-01-23 10:22:49 +01:00
jmptbl c1b9b5c5e2
stages/authenticator_totp: url quote TOTP issuer instead of slugifying (#4482) 
* Fix TOTP issuer mangling

* Fix OTP issuer mangling

* sort imports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-22 16:37:47 +00:00
Jens Langhammer b288393cd4
stages/invitation: handle incorrectly formatted token 
closes #4481

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-22 00:03:39 +01:00
Jens Langhammer 5736a1542c
stages/authenticator_sms: fix code not being sent when phone_number is in context 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 20:19:23 +01:00
Jens Langhammer fc8fe5317a
stages: always use get_pending_user instead of getting context user 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 17:57:21 +01:00
Jens L c61529e4d4
sources/ldap: add e2e LDAP source tests (#4462) 
* start adding more LDAP source tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve healthcheck

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* try local webdriver

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add full samba tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix locale types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 15:03:56 +01:00
Jens Langhammer a302a72379
crypto: fallback when no SAN values are given 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 19:40:24 +01:00
Jens L e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests (#4463) 
* add option to exclude x5*

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4082

* cleanup jwks, add flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add workaround based on https://github.com/jpadilla/pyjwt/issues/709

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't rstrip hashes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keycloak seems to strip equals

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:11:36 +00:00
Jens Langhammer 60189ce9ca
add tests to prevent empty SAN 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:59:10 +01:00
Jens Langhammer fdc445e6a1
ensure we don't generate an empty SAN certificate 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:44:41 +01:00
Jens Langhammer 49b6c71079
release: 2023.1.0 2023-01-18 15:49:45 +01:00
Jens Langhammer 6e0c9acb34
events: exclude base models from model audit log 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 15:11:33 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457) 
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 18:56:48 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456) 
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 12:21:33 +01:00
Jens L 9568f4dbd6
root: improve code style (#4436) 
* cleanup pylint comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* *: use ExtractHour instead of ExtractDay

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-15 17:02:31 +01:00
Jens Langhammer 143309448e
policies: ensure user is set 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:24:46 +01:00
Jens Langhammer 1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:22:06 +01:00
Jens Langhammer 1b1f2ea72c
providers/oauth2: actually fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:58:24 +01:00
Jens Langhammer 6e1a54753e
providers/oauth2: fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:56:12 +01:00
Jens Langhammer 67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:43 +01:00
Jens Langhammer d37de6bc00
policies: log full stacktrace 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:21 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens Langhammer 31c6ea9fda
providers/oauth2: don't allow spaces in scope_name 
closes #4094

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:20:37 +01:00
Jens L 20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes (#4429) 
* providers/oauth2: correctly fill claims_supported based on selected scopes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add nonce claim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 14:14:25 +01:00
Jens L 36822c128c
admin: include task duration in API (#4428) 
include task duration in API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 13:21:49 +01:00
Jens Langhammer 81e9f2d608
web/admin: fix overflow in aggregate cards 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 14:12:02 +01:00
Jens L 67a6fa6399
events: rework metrics (#4407) 
* rework metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* change graphs to be over last week

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix  Apps with most usage card

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 12:21:07 +01:00
Jens L 1ed24a5eef
blueprints: internal storage (#4397) 
* rework oci client

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add blueprint content

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make path optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-10 22:00:34 +01:00
Jens Langhammer b555ccd549
sources/ldap: don't run membership sync if group sync is disabled 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4392
 2023-01-09 17:19:50 +01:00
Jens Langhammer 9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups 
closes #4392

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 17:17:48 +01:00
Jens Langhammer a1be924fa4
*: strip leading and trailing whitespace when reading config values from files 
also add a debug endpoint that dumps the go parsed config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 15:29:22 +01:00
Jens Langhammer 47aba4a996
crypto: prevent creation of duplicate self-signed default certs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 16:51:07 +01:00
Jens Langhammer 001869641d
web: ensure img tags have alt attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:44:51 +01:00
Jens Langhammer bec538c543
sources/ldap: make task timeout adjustable 
closes #4375

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:37:59 +01:00
sdimovv c63ba3f378
blueprints: Fix resolve model_name in !Find tag (#4371) 
Resolve model_name in !Find tag
 2023-01-06 09:49:28 +01:00
sdimovv 53cab07a48
blueprints: Add !Enumerate, !Value and !Index tags (#4338) 
* Added For and Item tags

* Removed Sequence node support from ForItem tag

* Added ForItemIndex tag

* Added support for iterating over mappings

* Added support for mapping output body

* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index

* Refactored tests

* Formatting

* Improved exception info

* Improved error handing

* Added docs

* lint

* Small doc improvements

* Replaced deepcopy() call with call to copy()

* Fix mistake in docs example

* Fix missed "!" in example
 2023-01-05 21:36:19 +01:00
Jens L a960ce9454
stages/user_write: add more user creation options (#4367) 
* add more user creation options

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update blueprints and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 15:46:20 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363) 
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 13:19:26 +01:00
Jens Langhammer 78b711ec9d
Merge branch 'version-2022.12' 2023-01-05 10:41:54 +01:00
Jens Langhammer ac07833688
release: 2022.12.2 2023-01-05 10:01:30 +01:00
Jens Langhammer 730139e43c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:09 +01:00
Jens L 24e8915e0a
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:06 +01:00
Jens Langhammer 3e7320734c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:26:55 +01:00
Jens L 3131e557d9
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:04:16 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346) 
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 19:45:31 +01:00
Jens L 1e01e9813d
providers/saml: add prefix to entity descriptor (#4355) 
add prefix to entity descriptor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 16:44:52 +01:00
Jens Langhammer e887a315be
providers/oauth2: correctly advertise supported response_modes_supported 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 10:21:34 +01:00
Jens Langhammer 4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token 
closes #4339

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:41:18 +01:00
Jens Langhammer 57400925a4
providers/saml: don't error if no request in API serializer context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:14:16 +01:00
Jens Langhammer 2dc0792d9e
stages/email: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 09:28:26 +01:00
Jens Langhammer fde848ee51
admin: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 00:12:14 +01:00
Jens Langhammer e9d52282b7
admin: use matching environment for system API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:58:12 +01:00
Jens Langhammer c810628fe3
stages/email: use pending user correctly 
closes #4318

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:57 +01:00
Jens Langhammer de0a5191f7
core: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:42 +01:00
Jens Langhammer 93e20bce2e
core: don't use inline_serializer for user operations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:16:44 +01:00
Jens Langhammer 960a2aab74
crypto: fix type for has_key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:14:19 +01:00
Jens Langhammer 2cae6596eb
core: cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:01:08 +01:00
Jens Langhammer 11b1eb4173
stages/email: make template tests less flaky 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:00:32 +01:00
Jens Langhammer 3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:43:44 +01:00
Jens Langhammer 9fdfb8c99b
stages/dummy: add toggle to throw error for debugging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:25:53 +01:00
Jens Langhammer 5cab280759
stages/captcha: fix captcha not loading correctly, add tests 
closes #4320

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 18:15:41 +01:00
Jens Langhammer 9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 20:38:15 +01:00
Jens Langhammer 2c42c87689
release: 2022.12.1 2022-12-30 13:43:42 +01:00
dependabot[bot] 8262a47455
core: bump packaging from 21.3 to 22.0 (#4181) 
* core: bump packaging from 21.3 to 22.0

Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove LegacyVersion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 12:07:25 +01:00
Jens L bd56922a2f
blueprints: watch blueprints directory and trigger tasks (#4309) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 11:30:18 +01:00
Jens Langhammer 68b58fb73c
blueprints: fix error when entry with state absent doesn't exist 
closes #4305

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:55:17 +01:00
Jens Langhammer 97513467ad
blueprints: disallow flow token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:54:56 +01:00
sdimovv ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes (#4299) 
* Fixed state and model attributes not resolving yaml tags

* Linting
 2022-12-29 10:05:32 +01:00
Jens Langhammer b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 20:38:57 +01:00
Jens Langhammer f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates 
closes #4182

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 18:59:25 +01:00
Jens Langhammer 2b2323fae7
outposts: include hostname in outpost heartbeat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 16:07:52 +01:00
Jens Langhammer 24eb4ed963
release: 2022.12.0 2022-12-28 13:00:49 +01:00
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically 
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 10:50:30 +01:00
Jens Langhammer 20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow 
closes #4278

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-27 13:55:51 +01:00
sdimovv 8f3579ba45
blueprints: add !If tag (#4264) 
* Added \!If tag

* Fix typo

* Removed trailing whitespace

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* format blueprint fixtures

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-26 16:20:22 +01:00
Jens Langhammer ae13fc3b92
policies: make name required 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-25 14:46:48 +01:00
Jens Langhammer 94b9ebb0bb
blueprints: add Env tag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-24 20:41:51 +01:00
Jens Langhammer 1b86a3d5d6
Merge branch 'version-2022.11' 2022-12-23 14:39:52 +01:00
Jens Langhammer 8b710b57a5
root: don't send traces in testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:37:58 +01:00
Jens Langhammer 9dc0bb2a77
release: 2022.11.4 2022-12-23 14:17:48 +01:00
Jens L 2d827eaae1
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:30 +01:00
Jens L 47d79ac28c
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:26 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:12:58 +01:00
Jens Langhammer 01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 12:04:31 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 11:18:26 +01:00
Jens Langhammer e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 23:28:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263) 
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 18:49:25 +01:00
Jens Langhammer fb09df26c9
core: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:56:05 +01:00
Jens Langhammer e4e7a112e3
web: use version family subdomain for in-app doc links 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:03:08 +01:00
Jens Langhammer 042865c606 blueprints: add conditions to blueprint schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 18:59:17 +01:00
sdimovv 7f662ac2f3
blueprints: Added conditional entry application (#4167) 
* blueprints: Added !AsBool tag

* Renamed AsBool tag to Condition

* Added conditions attributed to BlueprintEntry

* Added docs for the conditions attribute of a blueprint entry

* Website linting fix

* add new tag to vscode settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 17:04:00 +00:00
Jens L 609f95ac97
providers: add preview for mappings (#4254) 
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 12:13:11 +01:00
Jens Langhammer 027ca88d83 lib: enable sentry profiles_sample_rate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-19 12:51:22 +01:00
Jens L ec925491b2
stages/captcha: customisable URLs (#3832) 
* make api and js url customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use recaptcha.net domains

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* regen locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-18 14:18:43 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-15 10:59:14 +01:00
Jens Langhammer 8d169a8bd9 Merge branch 'version-2022.11' 2022-12-12 17:05:39 +00:00
Jens Langhammer f47ce9a360 stages/user_login: prevent double success message when logging in via source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:34:16 +00:00
Jens Langhammer 01a897dbc2 flows: set stage name and verbose_name for in_memory stages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:22:48 +00:00
Jens Langhammer fddcb3a835 events: remove legacy logger declaration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:32:06 +00:00
Jens Langhammer 5d51621278 stages/user_write: always ignore component field and prevent warning 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:56 +00:00
Jens Langhammer 9ffc720f48 policies: log correct cache state 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:41 +00:00
Jens Langhammer 4d8978ea90 bleuprints: fix flaky test 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-09 11:04:44 +00:00
sdimovv 8d13235b74
blueprints: fixed bug causing filtering with an empty query (#4106) 
* Fixed bug causing filtering with an empty query

Fixed bug allowing blueprint import to filter for existing models using an empty query.

The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. 

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* Added support for using dict fields as blueprint entry identifiers

* Disabled pylint too-many-locals for _validate_single

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
 2022-12-06 12:06:25 +01:00
Jens Langhammer 44bf9a890e release: 2022.11.3 2022-12-02 23:00:59 +02:00
Jens Langhammer 58cd6007b2 Merge branch 'version-2022.11' 2022-12-02 18:12:38 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140) 
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-02 16:14:25 +01:00
sdimovv 1f7d52c5ce
blueprints: Support nested custom tags in !Find and !Format tags (#4127) 
* Added support for nested tags to !Find and !Format

* Added tests

* Fix variable names

* Added docs

* Fixed small mistake in tests

* Fixed variable names

* Broke example into multiple lines
 2022-12-01 16:10:26 +01:00
Jens Langhammer 3251bdc220 events: improve handling creation of events with non-pickleable objects 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-01 15:56:28 +02:00
Jens Langhammer 2a4daa5360 release: 2022.11.2 2022-12-01 10:41:29 +02:00
Jens Langhammer e1a6dede54 *: backport CVE-2022-46145 fix 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-01 10:41:26 +02:00
Jens Langhammer cf40e5047e policies: don't log context when policy returns None 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 14:43:47 +02:00
Jens Langhammer d5329432fe lib: fix uploaded files not being saved correctly, add tests 
closes #4110 #4109 #4107

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 12:48:33 +02:00
sdimovv 5156aeee0f
policies/password: Always add generic message to failing zxcvbn check (#4100) 
* Always add generic message to failing zxcvbn password policy

Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.

For example:
```
$ echo  'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password: 
  "score": 3,
  "feedback": {
    "warning": "",
    "suggestions": []
  }
}
```

As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. 

There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.

I personally prefer 1. This way the generic message will  be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.



Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/policies/password/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* fix black formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 07:58:16 +00:00
Jens Langhammer e22fce02f8 stages/authenticator_validate: improve validation for not_configured_action 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-28 10:52:51 +01:00
Jens Langhammer e2bd96c5de stages/authenticator_validate: fix validation to ensure configuration stage is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 21:37:52 +01:00
Jens Langhammer f8ef2b666f events: fix incorrect EventAction being used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:53:05 +01:00
Jens Langhammer a9909fcf6d providers/oauth2: set amr values based on login event 
closes #4070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:21:59 +01:00
Jens Langhammer 1fa9b3a996 providers/saml: set AuthnContextClassRef based on login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
 2022-11-25 11:21:45 +01:00
Jens Langhammer 5019346ab6 events: save login event in session after login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
 2022-11-25 11:21:00 +01:00
Jens Langhammer f22f1ebcde stages/authenticator_validate: save used mfa devices in login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 10:47:49 +01:00
Jens Langhammer 1c2cdfe06a web/flows: improve error messages for failed duo push 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 13:42:13 +01:00
Jens Langhammer d0308a8239 stages/authenticator_validate: log duo error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 11:36:43 +01:00
Jens Langhammer 6843c8389b stages/authenticator_duo: fix imported duo devices not being confirmed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 11:36:34 +01:00
Jens Langhammer 3a13d19695 release: 2022.11.1 2022-11-22 21:42:10 +01:00
Jens Langhammer ed7bef9dbf blueprints: open fixtures in read only mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 21:39:30 +01:00
Jens Langhammer b9fdb63a57 core: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 21:02:18 +01:00
Jens Langhammer 5262d89505 core: fix tab-complete in shell 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 20:30:00 +01:00
Jens L ab3d47c437
blueprints: add desired state attribute to objects (#4061) 
* add state attribute to delete objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests, move yaml from block to files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add state to docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 14:27:20 +01:00
Jens Langhammer 14cd52686d stages/email: add test for email translation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3885
 2022-11-22 14:14:42 +01:00
Jens Langhammer 1a39754fe9 *: don't return values in test suites 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 11:38:34 +01:00
Jens Langhammer 5b8223808e Merge branch 'version-2022.11' 2022-11-21 22:14:33 +01:00
Jens Langhammer 14f341f504 web/admin: fix error when importing duo devices 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 21:36:10 +01:00
Jens Langhammer 20c1770ec4 release: 2022.11.0 2022-11-21 20:12:02 +01:00
Jens Langhammer a2e512c36c stages/authenticator_validate: add flag to configure user_verification for webauthn devices 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 17:52:37 +01:00
Jens Langhammer 3c2da8138d stages/invitation: directly delete invitation now that flow plan is saved in email token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 14:55:49 +01:00
Jens Langhammer 426f0bc9dd events: deepcopy event kwargs to prevent objects being removed, remove workaround 
closes #4041

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 12:31:17 +01:00
Jens Langhammer cc3ab141e5 policies: only cache policies for authenticated users 
closes #4033

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-18 21:06:53 +01:00
Jens Langhammer c158ef80db *: fix remaining old cache keys 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-18 16:18:32 +01:00
Jens L 9f5fb692ba
sources: add custom icon support (#4022) 
* add source icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to oauth form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to other browser sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add migration, return icon in UI challenges

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* deduplicate file upload

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-16 14:10:10 +01:00
Jens Langhammer d67ec1b62f lib: fix complex objects being included in event context for ak_create_event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:51:02 +01:00
Jens Langhammer e5241ac574 core: fix error when propertymappings return complex value 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:28:15 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016) 
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:05:29 +01:00