Jens L
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens Langhammer
9f269faf53
stages/authenticator_*: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
Jens Langhammer
9bde7ef59e
Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
...
closes #4008
This reverts commit 538c2ca4d3
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/stages/authenticator_static/stage.py
# authentik/stages/authenticator_totp/stage.py
2022-11-15 11:35:53 +01:00
Jens L
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
dependabot[bot]
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
sdimovv
5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded ( #3990 )
...
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
Jens Langhammer
3306003f0e
providers/oauth2: fix inconsistent expiry encoded in JWT
...
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
Daniel
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
Jens Langhammer
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
Jens Langhammer
cd0d898a4b
events: sanitize generator for json safety
...
closes #3903
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
Jens Langhammer
400751ed3c
api: fix missing scheme in securitySchemes
...
closes #3883
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-29 18:50:34 +02:00
Jens Langhammer
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
Jens Langhammer
841c13ed77
core: set prehydrated locale based on active backend locale
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
Jens L
30d708dd1f
core: explicitly enable locales ( #3889 )
...
* activate locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set locale for email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
Jens Langhammer
9d0a7578ec
flows: fix error due to not validating error challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
Jens Langhammer
f8fab14e1e
core: refactor MessageStage to not use dynamic class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
Jens Langhammer
6b35d0c70b
core: check if session is authenticated before showing linked message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
Jens Langhammer
dd65862bf2
core: show success message when authenticating/enrolling after flow is finished
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
Jens Langhammer
6ea57921f2
sources/saml: set username field to name_id attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
Jens Langhammer
b0d4f035f1
blueprints: fix error when cleaning up unset attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 22:12:59 +02:00
Jens Langhammer
661d2ec701
Merge branch 'version-2022.10'
2022-10-21 22:11:04 +02:00
Jens Langhammer
3f570bb96d
blueprints: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 20:18:02 +02:00
Jens Langhammer
89dc46a7ff
release: 2022.10.0
2022-10-21 19:42:38 +02:00
Jens Langhammer
a1ce8100e9
stages/identification: log invalid_login similar to event for easier log parsing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3715
2022-10-20 19:31:22 +02:00
Jens Langhammer
13d975a258
flows: fix error when opening inspector with no history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 19:30:56 +02:00
Jens Langhammer
782fec0eb9
flows: use stripped down flow serializer for flow_set to optimise loading time
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 09:56:08 +02:00
Jens L
cfad472e1b
flows: optimise queries ( #3818 )
...
* flows: optimise flow queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* index source on slug and name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* binding index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add policy parent index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup old migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release note to upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
Jens Langhammer
6882445937
*: handle PermissionError when saving files, ensure permission bits are set correctly
...
closes #3817
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens Langhammer
9e3bf94547
flows: optimise flow API loading speed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:29:06 +02:00
Jens L
b06a3a8f9f
admin: add authorisations metric ( #3811 )
...
add authorizations metric
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
dependabot[bot]
167695d4b1
core: bump channels from 3.0.5 to 4.0.0 ( #3799 )
...
* core: bump channels from 3.0.5 to 4.0.0
Bumps [channels](https://github.com/django/channels ) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases )
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0 )
---
updated-dependencies:
- dependency-name: channels
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* add daphne
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:34:27 +02:00
Jens Langhammer
3e1490dcac
providers/saml: don't attempt verification of SAML request when no verification certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:26:04 +02:00
Jens Langhammer
6bff6a2a1a
core: fallback to empty user object for PropertyMappingEvaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:03:26 +02:00
Jens L
0efee2a660
flows: improved import ( #3807 )
...
* return logs when importing flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve error handling, show logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
Jens L
b85be12567
providers/oauth2: fix issues with es256 and add tests ( #3808 )
...
fix issues with es256 and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:29 +02:00
Jens Langhammer
96a30af0eb
sources/oauth: allow overriding of all scopes
...
closes #3747
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
Jens Langhammer
76531589dd
core: fix title in generic error template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:22 +02:00
Jens Langhammer
2112b5b26b
root: add global fallback throttle
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:51:36 +02:00
Jens Langhammer
a3cc844e25
crypto: fix cert_expiry not having the correct format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:32:02 +02:00
Jens Langhammer
53aef73f58
flows: optimise queries for flow and stage API endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 11:54:31 +02:00
Jens L
363872715d
sources/saml: revamp SAML Source ( #3785 )
...
* update saml source to use user connections, add all attributes to flow context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* check for SAML Status in response, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* package apple icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add webui for connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
Jens L
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Jens Langhammer
74a0e27a8c
blueprints: fix error when exporting objects with lazily translated strings
...
closes #3482
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 14:31:44 +02:00
Jens Langhammer
0ca1368dcc
sources/saml: improve error handling for missing assertion and missing subject
...
closes #3784
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 13:56:39 +02:00
Philipp Kolberg
2980c5884f
root: Add setting to adjust database config for pgbouncer ( #3769 )
...
* Add setting to adjust database config for pgbouncer
* docker-compose.yml cleanup
Delete pgbouncer setting as false is the default value
* Cleanup docker-compose.yml
Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
Jens L
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens Langhammer
e5e6c33b2d
providers/oauth2: fix expires_in not being an int
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 14:25:30 +03:00
Jens L
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens Langhammer
00a6c2a40b
sources/oauth: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:28:25 +03:00
Jens Langhammer
239092b872
core: fix messages not being shown when no client is connected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
dependabot[bot]
34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 ( #3752 )
2022-10-10 11:26:49 +02:00
lvoegl
3ecc715e91
sources/oauth: add Twitch OAuth source ( #3746 )
...
* sources/oauth: add Twitch OAuth source
Signed-off-by: Lukas Vögl <lukas@voegl.org>
* website/integrations: add Twitch OAuth source documentation
Signed-off-by: Lukas Vögl <lukas@voegl.org>
Signed-off-by: Lukas Vögl <lukas@voegl.org>
2022-10-10 10:59:07 +02:00
Jens Langhammer
9bbe8e6c57
providers/oauth2: save full IDToken to database, only use to_dict for encoding final token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-08 15:06:17 +03:00
Jens Langhammer
b2a658d091
providers/oauth2: remove c_hash and nonce claim if they're not set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 17:07:33 +03:00
Jens Langhammer
ce085a029d
providers/oauth2: exclude at_hash claim if not set instead of being null
...
closes #3739
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 10:10:53 +03:00
Jens Langhammer
93e90f8f50
crypto: fix import_certificate checking private key as certificate
...
closes #3713
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-02 00:31:14 +02:00
Jens L
44e4f2e561
crypto: make certificate parsing optional for crypto api ( #3711 )
2022-10-01 00:06:00 +02:00
Jens L
cca0f60bda
root: decrease default token size to 60 chars for compatibility ( #3710 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2614
2022-09-30 23:12:51 +02:00
Jens Langhammer
d8a98e71bd
outposts: fix indentation in generated SSH Config
2022-09-29 09:23:27 +00:00
Jens Langhammer
7c0754000c
providers/oauth2: add all hardcoded claims to claims_supported list
...
closes #3702
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:27:46 +02:00
Jens Langhammer
43a5aaa9df
stages/email: don't check that email templates exist on startup
...
#3692
this runs on both server and worker where only the worker needs to have the email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:52:54 +02:00
Jens Langhammer
cd1a36fec4
root: save email template directory in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:51:34 +02:00
Jens L
df4200992c
outposts: remote docker ssh fixes ( #3691 )
...
* improve error logging for SSH connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* "fix" host key checking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 12:10:40 +02:00
Jens Langhammer
50819ae0f0
*: improve error handling in ldap outpost, ignore additional errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-23 22:11:47 +02:00
Jens Langhammer
2cfba36cb7
release: 2022.9.0
2022-09-23 12:33:01 +02:00
Jens Langhammer
81e820b6e6
flows: fix invalid graph generation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 10:53:29 +02:00
Jens L
b16a3d5697
internal: use config system for workers/threads, document the settings ( #3626 )
...
use config system for workers/threads, document the settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens L
1583d53e54
web: use mermaidjs ( #3623 )
...
* flows: move flow diagram logic to separate file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* idk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make web component work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove subgraph for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add denied connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* wrong list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom styles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* i18n
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typing issues, make diagram centered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:58:23 +02:00
Jens L
2bd10dbdee
tests: use create_test_flow where possible ( #3606 )
...
* use create_test_flow where possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix and add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove unused websocket stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* Revert "remove unused websocket stuff"
This reverts commit fc05f80951
.
* keepdb for make test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for notification transports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 13:16:53 +02:00
Jens L
be64296494
stages/authenticator_duo: improved import ( #3601 )
...
* prepare for duo admin integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make duo import params required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI to import devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rework form, automatic import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* limit amount of concurrent tasks on worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* load tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix API codes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests and such
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sigh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make stage better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic stage test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
Jens L
4a91a7d2e2
web: re-organise frontend and cleanup common code ( #3572 )
...
* fix repo in api client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: re-organise files to match their interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: include version in script tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup maybe broken
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert rename
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: get rid of Client.ts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more to common
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* unfuck files that vscode fucked, thanks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* finish moving (maybe)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ok more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more stuff that vs code destroyed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* get rid "web" prefix for virtual package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom base element
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix css file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't run autoDetectLanguage when importing locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix circular dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix build
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-15 00:05:21 +02:00
Jens Langhammer
9f5c019daa
core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00
Jens Langhammer
84c08dca41
stages/user_write: log discarded keys as warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 20:21:37 +02:00
Jens Langhammer
6b8b596c92
stages/identification: set primary_action based on flow designation
...
closes #3589
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 10:30:49 +02:00
Jens Langhammer
359da6db81
Revert "flows: always mark component field as required in Challenge and ChallengeResponses"
...
This reverts commit b35b225453
.
2022-09-11 23:13:51 +02:00
Jens Langhammer
7f8afad528
*: fix API Schema generation warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:08:31 +02:00
Jens Langhammer
b35b225453
flows: always mark component field as required in Challenge and ChallengeResponses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:59 +02:00
Jens Langhammer
0ff2ac7dc2
api: fix schema not referencing errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:26 +02:00
Jens Langhammer
8b4a7666f0
stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
...
closes #3288
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 21:43:29 +02:00
Jens Langhammer
ae9dbf3014
blueprints: fix error caused by overriding rest_framework's instance attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 14:34:43 +02:00
Jens Langhammer
4c4d87d3bd
blueprints: validate instance before creating in metaapplyblueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:58:54 +02:00
Jens Langhammer
a407334d3b
providers/oauth2: use @method_decorator instead of decorating in urls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:26:17 +02:00
Jens Langhammer
5026cebf02
stages/consent: default to expiring consent instead of always_require
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:25:28 +02:00
Jens Langhammer
2e2ab55f9e
*: cleanup stray print calls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:53 +02:00
Jens Langhammer
28835fbca7
root: re-use custom log helper from config and cleanup duplicate functions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:31 +02:00
Jens Langhammer
aabb8af486
tenants: handle all errors in default_locale
...
closes #3457
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 00:56:12 +02:00
Jens L
7517d612d0
providers/oauth2: add x5c ( #3556 )
...
* add x5c, x5t and x5t#S256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* strip trailing = to fix encoding issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-08 23:30:05 +02:00
Jens L
62f93c83d4
ci: update pyright ( #3546 )
2022-09-07 00:23:25 +02:00
Jens Langhammer
03a3f1bd6f
crypto: add command to import certificates
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3544
2022-09-06 19:39:10 +02:00
Jens Langhammer
60266b3345
flows: migrate FlowExecutor error handler to native challenge instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 18:48:15 +02:00
Jens Langhammer
2a4679e390
flows: fix incorrect diagram for policies bound to flows
...
closes #3534
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 10:24:13 +02:00
Jens Langhammer
eed958b132
stages/authenticator_duo: fix schema not declaring request body correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-05 22:00:02 +02:00
Jens Langhammer
12c318f0b1
sources/ldap: start_tls before binding but without reading server info
...
with read_server_info=True (default), this errors out on active directory
closes #3509 #1049
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 14:04:08 +02:00
Jens Langhammer
f68ed3562e
core: fix custom favicon not being set correctly on load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 00:24:51 +02:00
Jens L
f2f22719f8
core: improve error template ( #3521 )
2022-09-03 19:46:37 +02:00
Jens Langhammer
242423cf3c
internal: remove sentryhttp from main server mux to prevent double traces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
Jens Langhammer
d9775f2822
blueprints: don't export events by default and exclude anonymous user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:32:02 +02:00
Jens Langhammer
398eb23d31
blueprint: fix EntryInvalidError not being handled in tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:08:38 +02:00
Jens L
abca435337
blueprints: OCI registry support ( #3500 )
...
* blueprints: add ability to load blueprints via OCI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix inheritance check for meta models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add oci tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-30 14:08:26 +02:00
Jens L
54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies ( #3486 )
...
* add meta model to apply blueprint within blueprint for dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move ManagedAppConfig to apps.py
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rename manager to registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: use full tag in comment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 21:20:58 +02:00
Jens Langhammer
d3466ceef8
blueprints: use correct log level when re-logging import validation logs
...
closes #3483
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 16:07:48 +02:00
Jens Langhammer
5886688fae
core: make request in context optional for Applications API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3482
2022-08-28 15:59:34 +02:00
Jens Langhammer
c3c8cbf7ef
events: save event to test notification transport
...
closes #3485
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 15:39:42 +02:00
Jens Langhammer
83eaac375d
sources/oauth: use GitHub's dedicated email API when no public email address is configured
...
closes #3472
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-26 21:21:41 +02:00
Jens Langhammer
3eb3a9eab9
*: remove remaining default creation code in squashed migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-24 23:02:34 +02:00
Jens Langhammer
a099b21671
lib: reset settings when error is raised in patch
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:21:28 +02:00
Jens Langhammer
b9294fd9ad
blueprints: fix unbound error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:15:48 +02:00
Jens Langhammer
13a302cdad
sources/oauth: use UPN for username with azure AD source
...
closes #3468
breaking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:55:25 +02:00
Jens Langhammer
e994a01e80
blueprints: handle blueprints without metadata
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:54:56 +02:00
Jens Langhammer
d49431cfc7
events: reset task info when not saving on success
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:22:14 +02:00
Jens Langhammer
ce2ce38b59
blueprints: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:21:57 +02:00
Jens Langhammer
2af4f28239
stages/invitation: don't use uuid.hex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:46 +02:00
Jens Langhammer
1419910b29
blueprints: fix duplicate tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:30 +02:00
Jens Langhammer
649835cc61
events: fix MonitoredTasks' save_on_success not behaving as expected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:13:41 +02:00
Jens Langhammer
917c4ae835
ci: fix typos
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:49:23 +02:00
Jens Langhammer
ca2fce8be2
blueprints: always set metadata when attempting to apply
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:48:01 +02:00
Jens Langhammer
15c34c6f1f
release: 2022.8.2
2022-08-19 15:59:53 +01:00
Jens Langhammer
0ab8f4eed7
blueprints: add required password stage backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 15:59:41 +01:00
Jens Langhammer
810c04bacf
blueprints: don't suggest models not inheriting serializermodel in schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:26:15 +01:00
Jens Langhammer
0cc83c23c4
providers/proxy: fix duplicate proxy set default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 21:13:45 +01:00
Jens Langhammer
fdb8fb4b4c
providers/oauth2: fix oauth2 requests being logged as unauthenticated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:26:12 +02:00
Jens Langhammer
9d58407e25
blueprints: remove _state from exporter blueprints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 19:25:02 +02:00
Jens Langhammer
f4441c9fcf
providers/proxy: trigger proxy set_defaults task on startup
...
closes #3445
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
0e9762072a
blueprints: keep more modular state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
0cfffa28ad
blueprints: fix exporter not ignoring non-SerializerModel objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
1ad4c8fc29
outposts: fix log level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
fb5eb7b868
sources/oauth: fix missing doseq param for updating URL query string
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:34:20 +02:00
Jens Langhammer
198c940a80
core: fix pre-hydrated config not being escaped properly
...
closes #3442
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00
Jens L
1adc6948b4
blueprints: allow for adding remote blueprints ( #3435 )
...
* allow blueprints to be fetched from HTTP URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove os.path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add validation for blueprint path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 23:00:47 +02:00
Jens L
e87236b285
blueprints: add generic export next to flow exporter ( #3439 )
2022-08-17 17:57:59 +01:00
Jens Langhammer
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
Jens Langhammer
1281e842d1
events: fix false-y values being stripped
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 22:29:36 +02:00
Jens Langhammer
f7601d9571
events: correctly handle lists for cleaning/sanitization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:47:30 +02:00
Jens Langhammer
4d9c9160e7
events: fix sanitize_dict not working on list items
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:24 +02:00
Jens Langhammer
ad1f913e54
blueprints: add wrapper to get blueprints as dict
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:05 +02:00
Jens Langhammer
3da0233c40
Revert "blueprints: fix issue in prod setups with encoding dataclasses via celery"
...
This reverts commit ff788edd9b
.
2022-08-16 21:21:47 +02:00
Jens Langhammer
ff788edd9b
blueprints: fix issue in prod setups with encoding dataclasses via celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 20:59:36 +02:00
Jens Langhammer
aea0958f3f
blueprints: add default status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 17:51:22 +02:00
Jens Langhammer
435d126a1c
release: 2022.8.1
2022-08-16 16:23:36 +02:00
Jens Langhammer
e8b30b75d2
root: override blueprints_dir for testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 15:50:58 +02:00
Jens Langhammer
e9c1276634
blueprints: use relative path in @apply_blueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 14:20:45 +02:00
Jens Langhammer
6000a33a8e
*: fix type annotations for serializer model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:23:22 +02:00
Jens Langhammer
4c9878313c
sources/oauth: correctly concatenate URLs to allow custom parameters to be included
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
Jens Langhammer
54c16129ea
stages/authenticator_duo: revamp duo enroll status API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3288
2022-08-08 20:38:06 +02:00
Jens Langhammer
872c18dddc
blueprints: don't use example label, add more tags and tests for tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
Jens Langhammer
2fa6cf855d
stages/consent: simplify logic, correctly update existing consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
Jens Langhammer
3b86144ae5
stages/*: use stage-bound logger when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
Jens Langhammer
f01f10c5e5
providers/oauth2: don't separate scopes by comma-space
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
Jens Langhammer
e1249d3760
providers/oauth2: fix scopes without descriptions not being saved in consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
Jens Langhammer
dcbf106daa
blueprints: add !Context to lookup things from instance context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer
85640d402f
internal: fix race conditions when accessing settings before bootstrap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot]
9a9c826c0b
core: bump django from 4.0.6 to 4.1 ( #3368 )
...
* core: bump django from 4.0.6 to 4.1
Bumps [django](https://github.com/django/django ) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.0.6...4.1 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
Jens Langhammer
2bd29e2fdd
*: improve error handling for startup tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer
3cd0a782af
blueprints: correctly load on fresh install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer
7a05c6faef
stages/consent: fix error when requests with identical empty permissions
...
closes #3280
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L
553989d17f
flows/stages/consent: fix for post requests ( #3339 )
...
add unique token to consent stage to ensure it is shown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L
882250a85e
flows: migrate flows to be yaml ( #3335 )
...
* flows: migrate flows to be yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate flows to yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer
fcf4657833
providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
...
closes #3314
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with
b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source ( #3299 )
...
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer
1dcec17a58
sources/oauth: only send header authentication for OIDC source
...
closes #3327
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer
d6b1a22563
core: fix import order
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer
cada292e00
core: pre-hydrate config into templates to directly load correct assets
...
closes #3228
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer
83eba36f8d
core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
...
closes #3237
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer
b82a142745
stages/authenticator_sms: use twilio SDK, improve docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer
2a42c203b2
stages/authenticator_totp: remove single device per user limit
...
closes #3281
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer
ade2d4879c
stages/authenticator_duo: fix imported Duo Device not having a name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer
e14798dcdc
core: import all models into shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer
0248755cda
stages/authentiactor_validate: improve error handling for duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer
1f90359310
root: fix broken traceback logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer
008fc19f0d
root: fix log fields being overwritten in celery task logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer
277df4f04f
stages/prompt: fix tests for file field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer
de26c65fa0
core: add attributes. avatar method to allow custom uploaded avatars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2631
2022-07-26 21:42:41 +02:00
dependabot[bot]
bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 ( #3294 )
...
* core: bump structlog from 21.5.0 to 22.1.0
Bumps [structlog](https://github.com/hynek/structlog ) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0 )
---
updated-dependencies:
- dependency-name: structlog
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* migrate threaedlocal to contextvars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer
1880f98fa1
sources/oauth: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer
dae6493a3e
release: 2022.7.3
2022-07-20 09:37:43 +02:00
Jens Langhammer
f909b86338
stages/consent: fix permimssions for consent API (allow owner to delete)
2022-07-19 16:41:34 +00:00
Jens Langhammer
327df6529b
sources/oauth: use oidc preferred_username if set, otherwise nickname
2022-07-19 16:41:10 +00:00
Jens Langhammer
658dc63c4c
lifecycle: revert waiting for lock, launch managed reconcile on app import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer
549f6f2077
providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L
e9d9d658c4
lifecycle: make worker wait for migrations to be done ( #3254 )
...
* lifecycle: make worker wait for migrations to be done
* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer
9a9ba2560b
core: delete expired models when filtering instead of excluding them
...
closes #3233
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer
47434cd62d
stages/prompt: try to base64 decode file, fallback to keeping value as-is
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer
ff500b44a6
stages/prompt: force required to false when using readonlyfield
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer
8e19fb3a8c
release: 2022.7.2
2022-07-06 20:31:48 +02:00
Jens Langhammer
d497db3010
flows: fix OOB flow incorrectly setting pending user
...
closes #3224
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer
24f95fdeaa
tenants: fix tests for current tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer
d1c4818724
policies: improve api test coverage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L
49cce6a968
stages/prompt: add basic file field ( #3156 )
...
add basic file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer
0a73e7ac9f
tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer
3344af72c2
outposts: cleanup user handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer
f316a3000b
release: 2022.7.1
2022-07-04 21:10:20 +02:00
Jens Langhammer
6a497b32f6
core: use Exception for fallback case in flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer
4cd629b5fc
core: handle FlowNonApplicableException correctly in source flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer
14a4047bdd
flows: show messages from ak_message when flow is denied
...
fallback to same generic message
closes #3197
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L
17d33f4b19
flows: denied action ( #3194 )
2022-07-02 17:37:57 +02:00
Jens L
c39a5933e1
core: create FlowToken instead of regular token for generated recovery links ( #3193 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2749
2022-07-02 14:17:41 +02:00
Jens L
5e3f44dd87
flows: add shortcut to redirect current flow ( #3192 )
2022-07-01 23:19:41 +02:00
Jens Langhammer
1c64616ebd
sources/ldap: add configuration for LDAP Source ciphers
...
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer
23273f53cc
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
...
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer
d11ce0a86e
providers/proxy: set default scopes based on managed attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer
766ceda57a
core: re-create anonymous user when repairing permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer
e758c434ea
web: ignore module load errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer
90e3ae9457
*: define prometheus metrics in apps to prevent re-import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer
56fd436e5d
web: fix redirect when accessing authentik URLs authenticated
...
closes #3174
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer
ea60c389be
providers/saml: include SSO Binding URLs in Provider API
...
closes #3179
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer
983882f5a0
providers/oauth2: ensure refresh tokens are URL safe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3185
2022-06-30 12:43:08 +02:00
Jens L
c5a2831665
api: add basic jwt support with required scope ( #2624 )
...
* api: add basic jwt support with required scope
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: only set auth_via when actually authenticating via token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* save consented permissions in user consent, re-prompt when new permissions are required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate special scope map
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more api auth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* build web api in e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* link generated client instead of copying
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L
504338ea66
web/admin: application wizard (part 1) ( #2745 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use form for all type wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic wizard actions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make resets work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add hint in provider wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* render correct icon in empty state in table page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add group PK to service account creation response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use wizard-level isValid prop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-add old buttons
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer
f28509608b
core: mark session as modified instead of saving it directly to bump expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer
6c9dc7a15b
providers/oauth2: fix OAuth form_post response mode for code response_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer
1f0fc0a6a2
Merge branch 'version-2022.6'
2022-06-20 10:19:25 +02:00
Jens Langhammer
9201fc1834
release: 2022.6.3
2022-06-19 22:01:06 +02:00
Jens Langhammer
1faba11a57
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-19 21:37:20 +02:00
9p4
f0c72e8536
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer
91f91b08e5
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L
caed306346
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer
59b899ddff
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer
85784f796c
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer
b42eb9464f
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L
6559fdee15
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer
3455bf3d27
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer
0d96e68c1e
core: add limit of 20 to group recursion
...
closes #3116
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer
7caac1d0c7
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-18 13:13:36 +02:00
9p4
45364d6553
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer
2298eb124f
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer
e892ed14da
providers/oauth2: include source's user path in M2M created users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L
1c62a3db6e
core: user paths ( #3085 )
...
* init
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add user_path_template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to sources and flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add outposts & api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dark theme for treeview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs and tests for validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to user write stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L
6821402fef
providers/oauth2: remove deprecated verification_keys ( #3071 )
...
remove verification_keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L
8dbb0bd2c6
providers/oauth2: token revoke ( #3077 )
2022-06-11 18:49:16 +02:00
Jens L
0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
74ce9cc6fd
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer
5e2d647a6c
core: trigger bootstrap tasks in server if we're debugging
...
closes #3040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer
7beebe030d
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L
66f4a31b4c
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer
039d896dee
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer
ff2baf502b
release: 2022.6.2
2022-06-07 21:36:18 +02:00
Jens Langhammer
23023ec727
providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer
7d84a71a01
stages/authenticator_validate: fix double-negation of password-less check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer
9add8479ca
stages/authenticator_validate: fix error in passwordless webauthn
...
closes #3050
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer
ca40d31dac
*: make user logging more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier
2dfa6c2c82
core: add setting to open application launch URL in a new browser tab ( #3037 )
...
* core: add setting to open application launch URL in a new browser tab
* core: fix failing applications unit tests
* core: fix formatting
* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer
c11435780d
sources/oauth: fix twitter client missing basic auth
...
closes #3038
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer
817d538b8f
core: add additional filters to source viewset
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer
210775776f
core: add slug to built-in source
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer
b26111fb42
events: fix error when attempting to create event with GeoIP City in context
...
closes #2709
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer
67d54c5209
release: 2022.6.1
2022-06-04 21:23:33 +02:00
Jens L
fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context ( #3039 )
...
* use custom login failed signal, also send for mfa errors, add stage and more to context
closes #3027
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include device class in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L
36cbc44ed6
migrate to main ( #3035 )
...
closes #3032
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L
0c591a50e3
*: don't dispatch tasks on startup of server ( #3033 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L
7ee655a318
core: add bootstrap variables with authentik prefix for helm charts ( #3031 )
...
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer
eba339ba27
core: improve loading speed of flow background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer
558c7bba2a
lib: add lxml wrapper
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer
8cd1a42fb9
*: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L
c0cb891078
stages/authenticator_sms: verify-only ( #3011 )
2022-06-01 23:16:28 +02:00
Jens L
fc1c1a849a
stages/*: use bound logger ( #3012 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L
2c6d82593e
root: cleanup session keys to use common format ( #3003 )
...
cleanup session keys to use common format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer
34bcc2df1a
root: disable session_save_every_request as it overwrites the session with old data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer
b4d528a789
policies: fix incorrect bound_to count
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer
a0397fdcf4
events: set default transport mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L
8faa1bf865
events: add local transport mode ( #2992 )
...
* events: add local transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default local transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer
fc75867218
events: ignore session model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L
9f2529c886
stages/authentiactor_validate: cookies ( #2978 )
...
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L
fb25b28976
core: db sessions ( #2979 )
...
* use db session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: wrap session cookie in JWT and add useful claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix compatibility with tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use standard session key for writing in sessions too
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer
fb69f67f47
*: cleanup vendor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer
18b48684eb
providers/oauth2: add configuration error event when wrong redirect uri is used in token request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer
098b0aef6e
*: use create_test_admin_user for all unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer
082df0ec51
Merge branch 'version-2022.5'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/oauth2/views/token.py
# web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer
1883402b3d
release: 2022.5.3
2022-05-28 12:04:26 +02:00
Jens Langhammer
1b3aacfa1d
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer
2b68363452
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer
6105956847
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer
4ff32af343
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer
972868c15c
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer
0bc57f571b
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer
a81d5a3d41
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer
34ef4af799
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer
5da47b69dd
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer
0e0dd2437b
providers/oauth2: handle attribute errors when validation JWK contains private key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer
e42386b150
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer
ef219198d4
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer
cc744dc581
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer
816b0c7d83
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer
56babb2649
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L
b8fdda50ec
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer
4a9b788703
providers/oauth2: set related_name for many-to-many so used by detects the connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L
80c1dbdfbb
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L
b4e75218f5
sources/oauth: OIDC well-known and JWKS ( #2936 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include source and jwk key id in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix web formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer
482491e93c
core: fix username validator not allowing changes that can be done via flows
...
closes #2755
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer
61a876b582
providers/saml: handle parse error
...
AUTHENTIK-1K5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00