Commit graph

2795 commits

Author SHA1 Message Date
Jens Langhammer dcbf106daa blueprints: add !Context to lookup things from instance context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L 89fef0ae72
blueprints: docs (#3376)
* further blueprint cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make group users and parent optional

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix api client usage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer 85640d402f internal: fix race conditions when accessing settings before bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L ec42d378ab
blueprints/cleanup (#3369) 2022-08-05 08:39:00 +02:00
Jens L 2ce8e18bab
internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3360

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot] 9a9c826c0b
core: bump django from 4.0.6 to 4.1 (#3368)
* core: bump django from 4.0.6 to 4.1

Bumps [django](https://github.com/django/django) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.6...4.1)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L d1004e3798
blueprints: webui (#3356) 2022-08-03 00:05:49 +02:00
Jens Langhammer 2bd29e2fdd *: improve error handling for startup tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer 3cd0a782af blueprints: correctly load on fresh install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L a023eee9bf
blueprints: migrate from managed (#3338)
* test all bundled blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix empty title

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix default blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add script to generate dev config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate managed to blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more to blueprint instance

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrated away from ObjectManager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix a bit more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* whops

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *sigh*

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* scheduled

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* run discovery on start

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* oops this test should stay

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer 7a05c6faef stages/consent: fix error when requests with identical empty permissions
closes #3280

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L 553989d17f
flows/stages/consent: fix for post requests (#3339)
add unique token to consent stage to ensure it is shown

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L 89c84f10d0
blueprints: v1 (#1573)
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L 882250a85e
flows: migrate flows to be yaml (#3335)
* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer fcf4657833 providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L 393d7ec486
providers/proxy: no exposed urls (#3151)
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source (#3299)
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer 1dcec17a58 sources/oauth: only send header authentication for OIDC source
closes #3327

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer d6b1a22563 core: fix import order
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer cada292e00 core: pre-hydrate config into templates to directly load correct assets
closes #3228

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer 83eba36f8d core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
closes #3237

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer b82a142745 stages/authenticator_sms: use twilio SDK, improve docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer 2a42c203b2 stages/authenticator_totp: remove single device per user limit
closes #3281

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer ade2d4879c stages/authenticator_duo: fix imported Duo Device not having a name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer e14798dcdc core: import all models into shell
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer 0248755cda stages/authentiactor_validate: improve error handling for duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer 1f90359310 root: fix broken traceback logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer 008fc19f0d root: fix log fields being overwritten in celery task logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer 277df4f04f stages/prompt: fix tests for file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer de26c65fa0 core: add attributes. avatar method to allow custom uploaded avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2631
2022-07-26 21:42:41 +02:00
dependabot[bot] bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 (#3294)
* core: bump structlog from 21.5.0 to 22.1.0

Bumps [structlog](https://github.com/hynek/structlog) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0)

---
updated-dependencies:
- dependency-name: structlog
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* migrate threaedlocal to contextvars

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer 1880f98fa1 sources/oauth: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer dae6493a3e release: 2022.7.3 2022-07-20 09:37:43 +02:00
Jens Langhammer f909b86338 stages/consent: fix permimssions for consent API (allow owner to delete) 2022-07-19 16:41:34 +00:00
Jens Langhammer 327df6529b sources/oauth: use oidc preferred_username if set, otherwise nickname 2022-07-19 16:41:10 +00:00
Jens Langhammer 658dc63c4c lifecycle: revert waiting for lock, launch managed reconcile on app import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer 549f6f2077 providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L e9d9d658c4
lifecycle: make worker wait for migrations to be done (#3254)
* lifecycle: make worker wait for migrations to be done

* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer 9a9ba2560b core: delete expired models when filtering instead of excluding them
closes #3233

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer 47434cd62d stages/prompt: try to base64 decode file, fallback to keeping value as-is
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer ff500b44a6 stages/prompt: force required to false when using readonlyfield
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer 8e19fb3a8c release: 2022.7.2 2022-07-06 20:31:48 +02:00
Jens Langhammer d497db3010 flows: fix OOB flow incorrectly setting pending user
closes #3224

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer 24f95fdeaa tenants: fix tests for current tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer d1c4818724 policies: improve api test coverage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L 49cce6a968
stages/prompt: add basic file field (#3156)
add basic file field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer 0a73e7ac9f tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer 3344af72c2 outposts: cleanup user handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer f316a3000b release: 2022.7.1 2022-07-04 21:10:20 +02:00
Jens Langhammer 6a497b32f6 core: use Exception for fallback case in flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer 14a4047bdd flows: show messages from ak_message when flow is denied
fallback to same generic message

closes #3197

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L 17d33f4b19
flows: denied action (#3194) 2022-07-02 17:37:57 +02:00
Jens L c39a5933e1
core: create FlowToken instead of regular token for generated recovery links (#3193)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2749
2022-07-02 14:17:41 +02:00
Jens L 5e3f44dd87
flows: add shortcut to redirect current flow (#3192) 2022-07-01 23:19:41 +02:00
Jens Langhammer 1c64616ebd sources/ldap: add configuration for LDAP Source ciphers
closes #3110

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer d11ce0a86e providers/proxy: set default scopes based on managed attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer 766ceda57a core: re-create anonymous user when repairing permissions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer e758c434ea web: ignore module load errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer 90e3ae9457 *: define prometheus metrics in apps to prevent re-import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer 56fd436e5d web: fix redirect when accessing authentik URLs authenticated
closes #3174

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer ea60c389be providers/saml: include SSO Binding URLs in Provider API
closes #3179

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer 983882f5a0 providers/oauth2: ensure refresh tokens are URL safe
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
2022-06-30 12:43:08 +02:00
Jens L c5a2831665
api: add basic jwt support with required scope (#2624)
* api: add basic jwt support with required scope

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: only set auth_via when actually authenticating via token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* save consented permissions in user consent, re-prompt when new permissions are required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate special scope map

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more api auth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* build web api in e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* link generated client instead of copying

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L 504338ea66
web/admin: application wizard (part 1) (#2745)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove log

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use form for all type wizard pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic wizard actions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make resets work

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add hint in provider wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* render correct icon in empty state in table page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve empty state

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add group PK to service account creation response

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use wizard-level isValid prop

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-add old buttons

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer f28509608b core: mark session as modified instead of saving it directly to bump expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer 6c9dc7a15b providers/oauth2: fix OAuth form_post response mode for code response_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer b6267fdf28 *: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer 1f0fc0a6a2 Merge branch 'version-2022.6' 2022-06-20 10:19:25 +02:00
Jens Langhammer 9201fc1834 release: 2022.6.3 2022-06-19 22:01:06 +02:00
Jens Langhammer 1faba11a57 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-19 21:37:20 +02:00
9p4 f0c72e8536 providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer 91f91b08e5 core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L caed306346 providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer 59b899ddff internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer 85784f796c root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer b42eb9464f lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L 6559fdee15 stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer 3455bf3d27 policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer 0d96e68c1e core: add limit of 20 to group recursion
closes #3116

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer 7caac1d0c7 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-18 13:13:36 +02:00
9p4 45364d6553
providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer 2298eb124f core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer e892ed14da providers/oauth2: include source's user path in M2M created users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L 1c62a3db6e
core: user paths (#3085)
* init

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add user_path_template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to sources and flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add outposts & api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dark theme for treeview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add search

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs and tests for validation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to user write stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L 6821402fef
providers/oauth2: remove deprecated verification_keys (#3071)
remove verification_keys

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L 8dbb0bd2c6
providers/oauth2: token revoke (#3077) 2022-06-11 18:49:16 +02:00
Jens L 0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer bdf76bb4b7 internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer 74ce9cc6fd root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer 5e2d647a6c core: trigger bootstrap tasks in server if we're debugging
closes #3040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer 7beebe030d lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L 66f4a31b4c
stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer 039d896dee policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer ff2baf502b release: 2022.6.2 2022-06-07 21:36:18 +02:00
Jens Langhammer 23023ec727 providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer 7d84a71a01 stages/authenticator_validate: fix double-negation of password-less check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer 9add8479ca stages/authenticator_validate: fix error in passwordless webauthn
closes #3050

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer ca40d31dac *: make user logging more consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier 2dfa6c2c82
core: add setting to open application launch URL in a new browser tab (#3037)
* core: add setting to open application launch URL in a new browser tab

* core: fix failing applications unit tests

* core: fix formatting

* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer c11435780d sources/oauth: fix twitter client missing basic auth
closes #3038

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer 817d538b8f core: add additional filters to source viewset
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer 210775776f core: add slug to built-in source
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer b26111fb42 events: fix error when attempting to create event with GeoIP City in context
closes #2709

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer 67d54c5209 release: 2022.6.1 2022-06-04 21:23:33 +02:00
Jens L fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context (#3039)
* use custom login failed signal, also send for mfa errors, add stage and more to context

closes #3027

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include device class in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L 36cbc44ed6
migrate to main (#3035)
closes #3032

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L 0c591a50e3
*: don't dispatch tasks on startup of server (#3033)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L 7ee655a318
core: add bootstrap variables with authentik prefix for helm charts (#3031)
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer eba339ba27 core: improve loading speed of flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer 558c7bba2a lib: add lxml wrapper
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer 8cd1a42fb9 *: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L c0cb891078
stages/authenticator_sms: verify-only (#3011) 2022-06-01 23:16:28 +02:00
Jens L fc1c1a849a
stages/*: use bound logger (#3012)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L 2c6d82593e
root: cleanup session keys to use common format (#3003)
cleanup session keys to use common format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer 34bcc2df1a root: disable session_save_every_request as it overwrites the session with old data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer b4d528a789 policies: fix incorrect bound_to count
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer a0397fdcf4 events: set default transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L 8faa1bf865
events: add local transport mode (#2992)
* events: add local transport mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default local transport

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer fc75867218 events: ignore session model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L 3eb466ff4b
lifecycle: cleanup prometheus (#2972)
* remove high cardinality labels

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* retry worker number for prometheus multiprocess id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert to pid, use subdirectories

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing app label

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: remove static names

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L 9f2529c886
stages/authentiactor_validate: cookies (#2978)
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L fb25b28976
core: db sessions (#2979)
* use db session backend

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: wrap session cookie in JWT and add useful claims

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix compatibility with tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use standard session key for writing in sessions too

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer fb69f67f47 *: cleanup vendor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer 18b48684eb providers/oauth2: add configuration error event when wrong redirect uri is used in token request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer 098b0aef6e *: use create_test_admin_user for all unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer 082df0ec51 Merge branch 'version-2022.5'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/oauth2/views/token.py
#	web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer 1883402b3d release: 2022.5.3 2022-05-28 12:04:26 +02:00
Jens Langhammer 1b3aacfa1d providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer 2b68363452 providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer 6105956847 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer 4ff32af343 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer 972868c15c providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer 0bc57f571b api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer a81d5a3d41 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer 34ef4af799 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer 5da47b69dd providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer 0e0dd2437b providers/oauth2: handle attribute errors when validation JWK contains private key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer e42386b150 api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer ef219198d4 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer cc744dc581 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer 816b0c7d83 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer 56babb2649 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L b8fdda50ec ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer 4a9b788703 providers/oauth2: set related_name for many-to-many so used by detects the connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L 80c1dbdfbb
ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L b4e75218f5
sources/oauth: OIDC well-known and JWKS (#2936)
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer 482491e93c core: fix username validator not allowing changes that can be done via flows
closes #2755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer 61a876b582 providers/saml: handle parse error
AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
Jens Langhammer 8c9748e4a0 providers/oauth2: improve error handling for invalid regular expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
Jens Langhammer b7979ad48e Revert "events: ignore silk SQLQuery object"
This reverts commit a26f25ccd6.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
Jens Langhammer 4704de937a stages/user_write: fix typo in request context variable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
Jens Langhammer 394d8e99a4 policies: improve error logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
Jens Langhammer a26f25ccd6 events: ignore silk SQLQuery object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
Jens Langhammer 63dc8fe7dc crypto: set SAN in default generated Certificate to semi-random domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
2022-05-22 23:22:06 +02:00
Jens Langhammer cfe2648b62 events: fix transport not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
Jens Langhammer 3d4a45c93f release: 2022.5.2 2022-05-21 17:17:21 +02:00
Jens Langhammer 75d6cd1674 outposts: ensure the user and token are created on initial outpost save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
Jens L 2dee8034d3
outposts: allow externally managed SSH Config for outposts (#2917) 2022-05-21 12:10:08 +02:00
Jens Langhammer 220d21c3e0 release: 2022.5.1 2022-05-20 19:34:45 +02:00
Jens L b43df2ae27
stages/identification: redirect with QS to keep next parameters (#2909)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
Jens L d570feffac
flows: add types to diagrams (#2902)
* add policy and stage types to diagram

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show policies bound to the root flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix get_build_hash being empty

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
Jens Langhammer 3d52266773 flows: handle missing initial_data in challenge
AUTHENTIK-1HK

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
Jens L 7bdecd2ee6
stages/user_write: dynamic groups (#2901)
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
2022-05-18 21:22:27 +02:00
Jens L 75b0fb3393
sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
Jens Langhammer 538c2ca4d3 stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
Jens Langhammer 5080840ed9 admin: ensure disable_update_check is set to false for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
Jens L 333e58ce2f
flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
Jens Langhammer 4de2ac3248 events: add task to expire seen notifications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
Jens Langhammer eb4dce91c3 events: add user filter to notifications
as superuser all notifications are returned regardless of permission so we need to filter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
Jens Langhammer d4fd6153c8 api: fix OwnerFilter filtering out objects for superusers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
Jens Langhammer 85b6bfbe5f sources: fix parent serializer for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
Jens Langhammer 5644d5f3f7 stages/authenticator_totp: fix key error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
Jens Langhammer f391c33bdf providers/oauth2: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
Jens Langhammer 18f450bd49 root: enable sentry for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
Jens Langhammer ee36b7f3eb flows: move autosubmit stage into flows package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
Jens Langhammer a9a62bbfc8 providers/oauth2: use correct title based on flow context and translated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
Jens Langhammer ddd785898b providers/saml: add title attribute to autosubmit stage and render correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
Jens Langhammer 8ba45a5f6a providers/oauth2: don't create events before client_id can be verified to prevent spam
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
Jens Langhammer 7d41e6227b providers/oauth2: add tests for form_post, fix attrs not being flattened
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
Jens Langhammer 1363226697 providers/saml: make SAML metadata generation consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
scheibling d4abf5621e
providers/oauth2: add support for form_post response mode (#2818)
* Added request verification and parameter generation

* response_mode added to OAuthAuthorizationParams return

* Added class OauthPostFulfillmentStage
Check response_mode in initialization

* Corrected typo

* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class

* Fixed pylint error (trailing-whitespace)
Removed comment

* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
Jens L ec67b60219
policies/hibp: check in prompt data (#2845)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
Jens L fd1d38f844
stages/authenticator_validate: remember (#2828)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
Jens Langhammer 3554406aa5 root: fix duplicate enum in api scheme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824)
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer 860269acf0 root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1878
2022-05-07 22:32:56 +02:00
scheibling 30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819) 2022-05-06 10:09:09 +02:00
Jens Langhammer 59df02b3b8 root: disable stdout capturing for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
Jens Langhammer ddbe0aaf13 stages/user_delete: fix delete stage failing when pending user is not explicitly set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
Jens Langhammer 84930b4924 Revert "internal: fix high cpu when backend isnt healthy"
This reverts commit eb6cfd22a7.

Revert "root: handle JSON error in metrics too"

This reverts commit 1ede972222.

Revert "root: don't force multiprocess prometheus registry"

This reverts commit cd1d1b4402.

Revert "root: add error handling for prometheus view"

This reverts commit c0a883f76f.
2022-04-29 18:13:26 +02:00
Jens Langhammer 1ede972222 root: handle JSON error in metrics too
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
Jens Langhammer cd1d1b4402 root: don't force multiprocess prometheus registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
Jens Langhammer c0a883f76f root: add error handling for prometheus view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
Jens Langhammer ab8b37a899 events: fix ignored instances not being a tuple
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
Jens Langhammer 9077eff34d root: add silk and debugging views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
Jens Langhammer 2399fa456b policies: fix current user not being set in server-side policy deny
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
Jens Langhammer 0b4ac54363 *: default to max 60 for fqdn_rand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
Jens Langhammer 1a1434bfda *: decrease frequency of background tasks, smear tasks based on name and fqdn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
2022-04-20 18:43:40 +02:00
Jens Langhammer d283a5236c core: add custom shell command which imports all models and creates events for model events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
github-actions[bot] e4486b98fc web: Update Web API Client version (#2733)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
Jens Langhammer 778065f468 core: add flag to globally disable impersonation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
Behn 70794d79dd
sources/oauth: Fix wording for OAuth source names (#2732) 2022-04-17 16:40:10 +02:00
Jens Langhammer a3bb5d89cc events: fix created events only being logged as debug level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
Jens Langhammer f4f9f525d7 providers/oauth2: include application in login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
Jens Langhammer 4c14e88a25 flows: pin dependency in migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
Jens Langhammer 7561ea15de providers/oauth2: add additional tracing to token view 2022-04-14 16:48:17 +00:00
Jens Langhammer 8242b09394 flows: handle flow title formatting error better, add user to flow title context 2022-04-14 13:56:20 +00:00
Jens Langhammer 9b9c0fe663 release: 2022.4.1 2022-04-12 22:07:34 +02:00
Jens Langhammer 5a58f6ee64 providers/oauth2: remove test for non sa user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
Jens Langhammer e84b17d550 providers/oauth2: don't force service accounts for client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
Jens Langhammer 9da439623b stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
2022-04-11 21:02:32 +02:00
Jens Langhammer 957bb1c5ef core: make generated token length configurable
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
Jens Langhammer 2303a97bb9 core: add method to set key of token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
2022-04-11 20:43:39 +02:00
Jens Langhammer 8be04cc013 providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00
Jens Langhammer cca33a74b6 core: fix error when checking generated users with no expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:53:46 +02:00
Jens Langhammer f977bf61eb providers/oauth2: make exp optional on jwt client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:25:35 +02:00
Jens Langhammer f8f8a9bbb9 providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 16:27:53 +02:00
Jens Langhammer e64ca4ab04 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 10:10:30 +02:00
Jens Langhammer e2f0a76309 outposts: check if docker ports should be mapped before comparing ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 17:30:33 +02:00
Jens Langhammer 5861d41ad3 tenants: add tenant-level attributes, applied to users based on request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:41:35 +02:00
Jens Langhammer 20262f3f4b core: mark provider_obj as read_only
closes #2637

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:17:59 +02:00
Jens L 633296503d
core: add grouping to applications (#2648)
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00
Jens L 508cec2fd5
web: migrate dropdowns to wizards (#2633)
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 19:48:17 +02:00
Jens Langhammer 7a93614e4b policies: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 18:31:02 +02:00
Jens Langhammer 4f319eaa4f policies/dummy: bump to info to always get message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:28:51 +02:00
Jens Langhammer 86a8d00b3f policies: sanitze_dict when returning log messages during tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:15:44 +02:00
Jens Langhammer 5fe8c1f3d7 policies: fix missing default for log_messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 16:44:49 +02:00
Jens Langhammer d84ff2bbca policies: add policy log messages to test endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-01 22:07:35 +02:00
Jens Langhammer 4be238018b providers/oauth2: pass scope and other parameters to access policy request context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
2022-04-01 21:39:05 +02:00
Jens Langhammer 99008252f8 providers/oauth2: fix verification_keys being required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 20:19:13 +02:00
Jens Langhammer 8689444954 providers/oauth2: add password grant support (treated as client_credentials)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 18:02:17 +02:00
Jens L bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
Jens Langhammer 996bd05ba6 api: fix API header auth not passing to next auth method
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 00:06:01 +02:00
Jens Langhammer a1a64e25ee api: remove legacy http basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:39:08 +02:00
Jens Langhammer 993c6472db crypto: only count discovered when cert was loaded successfully 2022-03-28 08:58:23 +00:00
Jens Langhammer 123b0b2f05 core: fix pylint renamed variable 2022-03-28 08:58:13 +00:00
Jens Langhammer 7cbd5174f0 stages/invitation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 19:12:22 +01:00
Jens Langhammer c7a83e6182 stages/invitation: add invitation name
closes #2583

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 18:32:59 +01:00
Jens Langhammer 74ff9d04dd stages/prompt: set field default based on placeholder, fix duplicate fields
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 22:26:06 +01:00
Jens Langhammer 969902f503 stages/prompt: filter rest_framework.fields.empty when field is not required
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 20:21:12 +01:00
Jens Langhammer 04372e21dd events: handle types in event contexts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
2022-03-23 19:49:55 +01:00
Adam G d75a864f0e
providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497)
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2

This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.

* providers/oauth2: Move org template inside loop; Change slug to use Django slugify

* providers/oauth2: Remove placeholder replacement

* Possibly fix complaints from the linters

* Update github.py

* Change organization name

* Update github.py
2022-03-23 12:05:20 +01:00
Jens Langhammer 0c2b32da31 core: add num_pk to group for applications that need a numerical group id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2497
2022-03-22 21:37:11 +01:00
Jens Langhammer 9ad4c736f1 stages/email: allow overriding of destination email in plan context
closes #2445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 21:19:34 +01:00
Jens Langhammer 4154b62565 stages/prompt: fix non-required fields not allowing blank values, add more tests
closes #2544

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:38:04 +01:00
Jens Langhammer 86a4a7dcee release: 2022.3.3 2022-03-21 22:37:13 +01:00
Angel Nunez Mencias 8b95e9f97a
crypto: open files in read-only mode for importing (#2536)
closes #2535
2022-03-21 10:46:09 +01:00
Jens Langhammer be232e2b77 core: fix provider launch URL being prioritised over manually configured launch URL
closes #2493

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-16 10:26:55 +01:00
Jens Langhammer 53d0205e86 outposts/proxy: use Prefix in ingress for k8s
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-15 19:01:08 +01:00
Jens Langhammer 260a7aac63 release: 2022.3.2 2022-03-15 00:01:01 +01:00
Jens Langhammer a3df414f24 sources/ldap: fix parent_group not being applied
closes #2464

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:13:20 +01:00
Jens Langhammer dcaa8d6322 flows: revert default flow user change
closes #2483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:05:30 +01:00
Jens Langhammer ceb894039e stages/authenticator_validate: fix passwordless flows not working
closes #2484

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 21:15:47 +01:00
Jens Langhammer c7a825c393 lib: lower default sample rate 2022-03-14 12:38:14 +00:00
Jens Langhammer 54f170650a core: replace uid with uuid search
uid can't be searched it as its a computed field

closes #2480

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 10:35:55 +01:00
Jens Langhammer fedb81571d release: 2022.3.1 2022-03-10 19:12:29 +01:00
Jens Langhammer 37528e1bba stages/authenticator_validate: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 09:56:04 +01:00
Jens Langhammer cc1509cf57 stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected
closes #2290

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:46:42 +01:00
Jens Langhammer 0dfecc6ae2 stages/authenticator_*: fix device.confirmed being set incorrectly
closes #2330

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:19:49 +01:00
Jens Langhammer de17207c68 lib: fix default geoip path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2453
2022-03-09 21:57:29 +01:00
Jens L 920d1f1b0e
providers/oauth2: initial client_credentials grant support (#2437)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-05 23:24:55 +01:00
Jens Langhammer b1fd801ceb tenants: fix syntax error in expression for locale 2022-03-03 11:50:46 +00:00
Jens Langhammer 1e1d9f1bdd core/api: allow filtering users by uid, add uid to search
closes #2428

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:19:56 +01:00
Jens L 4f4f954693
core: customisable user settings (#2397)
* tenants: add user_settings flow, add basic flow and basic new executor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: use flow PromptStage instead of custom stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: add tenant to StageHost interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: fix form missing component

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add success message

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: improve support for multiple error messages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: allow expressions in prompt placeholders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: always set pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: never cache stage configuration flow plans

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/user_write: fix error when pending user is anonymous user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add checkbox for prompt placeholder expression

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add prompt expression docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add ak-locale field type

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add function to do global refresh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix rendering of ak-locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy, add error handling to placeholder, fix locale attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 00:13:06 +01:00
Jens Langhammer c57fbcfd89 sources/oauth: log body when get_profile fails
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 20:37:42 +01:00
Jens Langhammer 08acc7ba41 providers/oauth2: fix invalid launch URL being generated 2022-03-01 15:29:21 +00:00
Jens Langhammer 7bdd32506e web: cleanup default footer links 2022-03-01 15:27:21 +00:00
dependabot[bot] f98a9bed9f
build(deps-dev): bump bandit from 1.7.2 to 1.7.3 (#2403)
* build(deps-dev): bump bandit from 1.7.2 to 1.7.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-28 10:13:51 +01:00
Dorian Zedler e9064509fe
sources/oauth: Add Mailcow oauth source (#2380)
* Feat: Add Mailcow oauth source

* Feat: Add mailcow icon

* Run make

* Feat: Add tests

* Fix: Remainder from discord test

* Docs: Add mailcow oauth source docs

* Docs: add mailcow source to menu

* Fix: Mailcow provider type in test

* Fix: Formatting

* Fix: Doc file name
2022-02-27 15:06:02 +01:00
Jens Langhammer 7e5d8624c8 web: fix locale change not updating all elements
closes #2365

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:29:12 +01:00
Jens Langhammer 2f8dbe9b97 core: handle all exceptions for applications listing
closes #2382

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:08:38 +01:00
Jens L 677bcaadd7
core: add initial app launch url (#2367)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-23 22:48:55 +01:00
Jens Langhammer 80f218a6bf core: also handle TypeError for invalid app URL formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 18:23:11 +01:00
Jens Langhammer 4a1acd377b release: 2022.2.1 2022-02-16 10:51:55 +01:00
Jens Langhammer 72259f6479 events: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:15:45 +01:00
Jens Langhammer 0973c74b9d providers/oauth2: fix redirect_uri being lowercased on successful validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:04:00 +01:00
Jens Langhammer c7ed4f7ac1 events: check mtime on geoip database
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 22:42:46 +01:00
Jens Langhammer 3d577cf15e *: add placeholder custom.css to easily allow user customisation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 20:05:00 +01:00
Jens Langhammer c040b13b29 providers/proxy: remove leading slash to allow subdirectories in proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2305
2022-02-14 12:51:04 +01:00
Jens L df362dd9ea
core: handle error when formatting launch URL fails closes #2304 2022-02-14 12:02:51 +01:00
Jens Langhammer 3af0de6a00 Revert "root: disable sentry's auto_session_tracking"
This reverts commit 4f24d61290.
2022-02-14 09:55:35 +01:00
Jens Langhammer 4f24d61290 root: disable sentry's auto_session_tracking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 09:44:12 +01:00
Jens Langhammer 3b6497cd51 outposts: ensure keypair is set for SSH connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 15:39:37 +01:00
Jens Langhammer bb4be944dc sources/ldap: use merger that only appends unique items to list
closes #2211

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:20:13 +01:00
Jens Langhammer 21efee8f44 admin: add additional logging when restarting a task
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 18:40:21 +01:00
Jens Langhammer f61549a60f providers/proxy: enable TLS in ingress via traefik annotation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
2022-02-12 18:35:24 +01:00
Jens Langhammer 0da043a9fe outposts: make local discovery configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:41 +01:00
Jens Langhammer f336f204cb stages/authenticator_validate: fix handling when single configuration stage is selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:33 +01:00
Jens Langhammer b5d43b15f8 providers/oauth2: add support for explicit response_mode
closes #1953

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:56:47 +01:00
Jens Langhammer 2ccab75021 stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
closes #1843

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:55:50 +01:00
Jens Langhammer 8bc3db7c90 release: 2022.1.5 2022-02-09 22:42:34 +01:00
Jens Langhammer e741caa6b3 core: allow formatting strings to be used for applications' launch URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 23:46:23 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Jens Langhammer c63e1c9b87 outposts: fix compare_ports to support both service and container ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:40:49 +01:00
Jens Langhammer f44cf06d22 outposts: fix service reconciler re-creating services
closes #2095

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:23:00 +01:00
Jens Langhammer 15e2032493 stages/authenticator_validate: handle non-existent device_challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 20:31:49 +01:00
Jens Langhammer c87f6cd9d9 outposts: remove node_port on V1ServicePort checks to prevent service creation loops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2095
2022-02-07 20:26:14 +01:00
Jens Langhammer b0936ea8f3 sources/ldap: log entire exception
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:37:39 +01:00
Jens L d5e04a2301
*: remove deprecated backup (#2129)
* *: remove backup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: final cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use correct pyproject when migrating from stable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 18:54:15 +01:00
Jens Langhammer 4e4e2b36b6 sources/saml: fix server error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 15:41:26 +01:00
Jens Langhammer eaba8006e6 sources/saml: fix incorrect ProtocolBinding being sent
closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 18:20:06 +01:00
Jens Langhammer 39ff202f8c outposts: fix channel not always having a logger attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 17:58:54 +01:00
Jens Langhammer 49dfb4756e release: 2022.1.4 2022-02-01 20:12:55 +01:00
Jens Langhammer 88603fa4f7 providers/proxy: set traefik labels using object_naming_template instead of UUID 2022-02-01 17:13:27 +00:00
Jens Langhammer 0232c4e162 lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-01 15:01:43 +01:00
Jens Langhammer e93be0de9a sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
closes #2199

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 23:07:32 +01:00
Jens Langhammer a5adc4f8ed core: fix view_token permission not being assigned on token creation for non-admin user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 20:00:30 +01:00
Jens Langhammer ceaf832e63 root: remove boto integration in sentry to ease backup removal 2022-01-31 13:47:18 +00:00
Jens Langhammer c55f503b9b release: 2022.1.3 2022-01-26 22:15:28 +01:00
Jens Langhammer c2586557d8 root: fix redis passwords not being encoded correctly
closes #2130

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 20:45:45 +01:00
Jens Langhammer 0d47654651 root: add max-requests for gunicorn and max tasks for celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 10:04:58 +01:00
Jens Langhammer 2f4c92deb9 Merge branch 'version-2022.1' 2022-01-24 21:42:12 +01:00
Jens Langhammer c7ba183dc0 providers/proxy: fix traefik label
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 17:45:09 +01:00
Jens Langhammer 3d724db0e3 release: 2022.1.2 2022-01-24 11:28:00 +01:00
Jens Langhammer 2997542114 lib: disable backup by default, add note to configuration 2022-01-24 10:00:15 +00:00
Jens Langhammer 42f5cf8c93 outposts: allow custom label for docker containers
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:55:58 +01:00
Jens Langhammer 82cc1d536a providers/proxy: add PathPrefix to auto-traefik labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2128
2022-01-23 21:55:46 +01:00
Jens Langhammer 6a411d7960 policies/hibp: ensure password is encodable
closes AUTHENTIK-1SA

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:23:24 +01:00
Jens Langhammer f4a6c70e98 release: 2022.1.1 2022-01-22 18:28:40 +01:00
Jens Langhammer dd8b579dd6 lib: ignore paramiko logger
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 10:46:33 +01:00
Jens Langhammer 994c5882ab root: fix error if secret_key is purely numerical
closes #2099

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-18 09:17:33 +01:00
Jens Langhammer 0db0a12ef3 root: rename csrf header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 16:17:44 +01:00
Jens Langhammer eaeab27004 lib: add support for custom env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 14:56:02 +01:00
Jens Langhammer 111fbf119b *: refactor prometheus gauges to directly updating metrics view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 13:57:07 +01:00
Jens Langhammer 92cc0c9c64 root: decrease to 10 backup history
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 19:59:50 +01:00
Jens Langhammer 18ff803370 outposts: trigger service update on k8s when selector doesnt match
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 11:42:57 +01:00
Jens Langhammer 6338785ce1 outposts: change label app.kubernetes.io/name to include outpost type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:34:54 +01:00
Jens Langhammer 973e151dff outposts: add Additional version labels to managed k8s deployments
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:48:01 +01:00
Jens Langhammer fae6d83f27 *: simplify extracting current version info
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:47:31 +01:00
Jens Langhammer ed84fe0b8d root: set samesite for csrf cookie
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:14:14 +01:00
Jens Langhammer 7db7b7cc4d stages/authenticator_validate: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:00:28 +01:00
Jens Langhammer e758db5727 stages/authenticator_webauthn: make more WebAuthn options configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
Jens Langhammer 4d7d700afa providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:44:57 +01:00
Jens Langhammer f9a5add01d root: include build in analytics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:18:52 +01:00
Jens Langhammer 2986b56389 root: fix backups running every minute instead of once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:09:44 +01:00
Jens Langhammer 11e25617bd crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
closes #2082

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:36:50 +01:00
Jens Langhammer 19d5902a92 flows: handle error if flow title contains invalid format string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:49:27 +01:00
Jens Langhammer 71dffb21a9 outposts: improve error handling for outpost service connection state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:44:13 +01:00
Jens Langhammer 2543224c7c core: dont return 404 when trying to view key of expired token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 17:53:09 +01:00
Jens Langhammer 6b6702521f api: don't return error reporting enabled when debug is enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 21:53:22 +01:00
Jens Langhammer c07b8d95d0 outposts/proxy: remove deprecated headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
Jens Langhammer 0027dbc0e5 root: remove old api path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00
Jens Langhammer c15e4b24a1 release: 2021.12.5 2022-01-06 21:29:12 +01:00
Jens Langhammer 03503363e5 core: fix UserSelfSerializer's save() overwriting other user attributes
closes #2070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 18:23:06 +01:00
Jens Langhammer 22d6621b02 root run backup every 24 hours
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 15:29:11 +01:00
Jens Langhammer 91dd33cee6 policies/reputation: trigger save on update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 22:06:20 +01:00
Jens Langhammer 5a2c367e89 policies/reputation: fix test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:44:15 +01:00
Jens Langhammer 6e53f1689d policies/reputation: rework reputation to use a single entry, include geo_ip data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:02:33 +01:00
Jens Langhammer 7b1373e8d6 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 23:17:37 +01:00
Jens Langhammer e70b486f20 outposts: handle error in certificate cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:53:37 +01:00
Jens Langhammer 5769ff45b5 core: add goauthentik.io/user/can-change-name
closes #2054

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:03:12 +01:00
Jens Langhammer 9d6f79558f tenants: forbid creation of multiple default tenants
closes #2059

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:01:20 +01:00
Jens Langhammer 935a8f4d58 core: add tests for non-applicable flows with flow manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:14:52 +01:00
Jens Langhammer 7d3d17acb9 core: add error handling in source flow manager when flow isn't applicable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:57:55 +01:00
Jens Langhammer ebd476be14 sources/oauth: fix sources not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:36:14 +01:00
Jens Langhammer 31ba543c62 *: don't use exception keyword with structlog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:33:52 +01:00
Jens Langhammer a101d48b5a core: passthrough connection and additional data to FlowManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:31:26 +01:00
Jens Langhammer 8f44c792ac sources/oauth: fix github provider not including correct base scopes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 21:04:18 +01:00
Jens Langhammer 212220554f sources/oauth: add additional scopes field to get additional data from provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 16:43:52 +01:00
Jens Langhammer 3e22740eac core: add API endpoint to directly set user's password
closes #2040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:31:58 +01:00
Jens Langhammer d18a691f63 core: prevent LDAP password being set for internal hash upgrades
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:23:42 +01:00
Jens Langhammer 90c31c2214 flows: add test helpers to simplify and improve checking of stages, remove force_str
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:32 +01:00
Jens Langhammer 50e3d317b2 flows: use WithUserInfoChallenge for AccessDeniedChallenge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2039
2022-01-01 19:45:34 +01:00
Jens Langhammer 3eed7bb010 lib: dont send any sentry events when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 18:56:14 +01:00
Jens Langhammer 9154b9b85d web/user: rework user source connection UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:59:41 +01:00
Jens Langhammer fc19372709 flows: fix migration removing flow titles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:00:00 +01:00
Jens Langhammer d03b0b8152 outposts: include outposts build hash in state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 15:16:34 +01:00
Jens Langhammer c249b55ff5 *: use py3.10 syntax for unions, remove old Type[] import when possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 14:59:01 +01:00
Jens Langhammer fc7a452b0c flows: update default flow titles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 22:04:35 +01:00
Jens Langhammer 46f12e62e8 flows: don't create EventAction.FLOW_EXECUTION
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 15:07:33 +01:00
Jens Langhammer 53b10e64f8 outposts: fix error when client hasn't be initialised
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:26:48 +01:00
Jens Langhammer abe38bb16a outposts: fix __exit__ being called without params
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 17:52:20 +01:00
Jens Langhammer b19da6d774 crypto: return private key's type (required for some oauth2 providers)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:51:28 +01:00
Jens Langhammer 7c55616e29 outposts: fix creation of from_env docker client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:48:23 +01:00
Jens Langhammer 6510b97c1e outposts: add remote docker integration via SSH
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:31:34 +01:00
Jens Langhammer 22d1dd801c root: also use analytics uuid for sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 15:13:27 +01:00
Jens Langhammer e7e0e6d213 lib: strip values for timedelta from string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:35 +01:00
Jens Langhammer ca0250e19f core: add meta theme-color
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:24 +01:00
Jens Langhammer 5c5634830f stages/identification: add field for passwordless flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:27:00 +01:00
Jens Langhammer 9c42b75567 release: 2021.12.4 2021-12-23 10:32:48 +01:00
Jens Langhammer 457e17fec3 website/docs: add small let's encrypt docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:59:06 +01:00
Jens Langhammer 846006f2e3 events: create test notification with event with data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:32:29 +01:00
Jens Langhammer f557b2129f *: fix random typos
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:13:18 +01:00
Jens Langhammer 6dc2003e34 providers/oauth2: fix tests validating JWT incorrectly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:00:57 +01:00
Jens Langhammer 0149c89003 providers/oauth2: fix invalid assignments in JWKS view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:41:28 +01:00
Jens Langhammer f458cae954 providers/proxy: add error handing when field is already gone
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:31:53 +01:00
Jens Langhammer f01d117ce6 providers/proxy: fix imports in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:25:02 +01:00
Jens Langhammer 2bde43e5dc crypto: use older syntax for type union
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:22:45 +01:00
Jens Langhammer 2f3026084e providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:09:49 +01:00
Jens Langhammer c1f0833c09 crypto: improve support for non-rsa private keys (discovery)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 21:46:22 +01:00
Jens Langhammer 8e83209631 stages/authenticator_validate: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:14:35 +01:00
Jens Langhammer 2e48e0cc2f stages/authenticator_validate: fix prompt not triggering when using in non-authentication context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:03:02 +01:00
Jens Langhammer e72f0ab160 stages/authenticator_validation: refuse passwordless flow if flow is not for authentication
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:02:43 +01:00
Jens Langhammer 5b3a9e29fb stages/authenticator_validate: add passwordless login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 17:34:46 +01:00
Jens Langhammer 34b11524f1 tenants: add web certificate field, make authentik's core certificate configurable based on keypair
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
Jens Langhammer 16b6c17305 Revert "policies: don't always clear application cache on post_save"
This reverts commit 5ef385f0bb.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/policies/signals.py
2021-12-22 00:23:19 +01:00
Jens Langhammer cf4b4030aa release: 2021.12.3 2021-12-21 20:52:08 +01:00
Jens Langhammer 7fb939f97b core: fix error when getting launch URL for application with non-existent Provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:40:29 +01:00
Jens Langhammer c78236a2a2 root: don't set secure cross opener policy
closes #1977

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:22 +01:00
Jens Langhammer ca314c262c *: revert to using GHCR directly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:54:49 +01:00
Jens Langhammer 8a60a7e26f providers/proxy: revert to static list of forwarded headers
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others

closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 12:04:54 +01:00
Jens Langhammer 92b4244e81 providers/proxy: update traefik regex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1969
2021-12-20 22:43:58 +01:00
Jens Langhammer dfbf7027bc providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:24:42 +01:00
Jens Langhammer 4658018a90 Revert "outposts: rename outpost"
This reverts commit a5c30fd9c7.
2021-12-20 21:37:31 +01:00
Jens Langhammer 577b7ee515 providers/proxy: include auth headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:37:22 +01:00
Jens Langhammer 3da526f20e root: allow trace log level to work for core/embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:11:47 +01:00
Jens Langhammer c843f18743 lib: add additional celery logger to sentry ignore
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
Jens Langhammer 80d0b14bb8 outposts: fix error when getting state for non-existent outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:44:47 +01:00
Jens Langhammer a5c30fd9c7 outposts: rename outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:28:05 +01:00
Jens Langhammer ef23a0da52 outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors
closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:30:19 +01:00
Jens Langhammer ba527e7141 root: drop redis cache sentry errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:12:14 +01:00
Jens Langhammer 602573f83f ci: fix label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:44:34 +01:00
Jens Langhammer 8599d9efe0 web/admin: auto set the embedded outpost's authentik_host on first view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:27:04 +01:00
Jens Langhammer 8e6fcfe350 root: fix inconsistent URL quoting of redis URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 22:24:41 +01:00
Jens Langhammer e9910732bc release: 2021.12.2 2021-12-18 21:03:50 +01:00
Jens Langhammer b6ff04694f providers/oauth2: don't rely on expiry task for access codes and refresh tokens
closes #1911

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 17:42:41 +01:00
Jens Langhammer 61097b9400 policies/password: add minimum digits
closes #1952

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 16:15:56 +01:00
Jens Langhammer 4c5537ddfe sources/oauth: allow writing to user in SourceConnection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1888
2021-12-18 15:33:46 +01:00
Jens Langhammer a95779157d tests/integration: add rename and full update tests for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:32:16 +01:00
Jens Langhammer ac6afb2b82 stages/email: add test for non-existent directory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:05:40 +01:00
Jens Langhammer 71a22c2a34 outposts: add unittests for docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-17 13:42:33 +01:00
NeroPcStation 273f5211a0
providers/saml: Fix typo (#1950) 2021-12-17 11:00:20 +00:00
Jens Langhammer 2ca115285c crypto: fix private keys not being imported correctly
closes #1945

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 21:14:15 +01:00
Jens Langhammer 14c159500d core: don't rotate non-api tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 19:32:39 +01:00
Jens Langhammer f33190caa5 release: 2021.12.1 2021-12-16 15:48:59 +01:00
Jens Langhammer 741822424a Merge branch 'master' into version-2021.12 2021-12-16 15:48:53 +01:00
Jens Langhammer a105760123 events: improve app lookup for event creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 16:46:02 +01:00
Jens Langhammer 6ff8fdcc49 root: enable threading integration in sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 15:49:08 +01:00
Jens Langhammer 50ca3dc772 core: fix error when attempting to provider from cached application
closes #1940

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 15:11:13 +01:00
Jens Langhammer 2a09fc0ae2 release: 2021.12.1-rc5 2021-12-15 10:21:29 +01:00
Jens Langhammer fbb6756488 Merge branch 'master' into version-2021.12 2021-12-15 10:16:05 +01:00
Jens Langhammer 6e83467481 web/flows: fix error when attempting to enroll new webauthn device
closes #1936

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 00:24:46 +01:00
Jens Langhammer 72db17f23b stages/identification: fix miscalculated sleep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 23:31:08 +01:00
Jens Langhammer e18e681c2b events: dont store full backtrace in systemtask
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:55:38 +01:00
Jens Langhammer 10fe67e08d sources/ldap: fix incorrect task names being referenced, use source native slug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:53:14 +01:00
Jens Langhammer 3740e65906 web/admin: add dashboard with user creation/login statistics
closes #1867

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:08:41 +01:00
Jens Langhammer 30386cd899 events: add custom manager with helpers for metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:49:33 +01:00
Jens Langhammer 64a10e9a46 events: fix schema for top_per_user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:08:15 +01:00
Jens Langhammer 0b00768b84 events: add flow_execution event type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 16:13:51 +01:00
Jens Langhammer d162c79373 flows: fix wrong exception being caught in flow inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 16:06:00 +01:00
Jens Langhammer 8c16dfc478 stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 15:56:13 +01:00
Jens Langhammer 32ace1bece crypto: add additional validation before importing a certificate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 14:49:25 +01:00
Jens Langhammer 54f893b84f flows: add additional sentry spans
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 11:59:36 +01:00
Jens Langhammer 5854833240 stages/authenticator_webauthn: fix migrations for different choices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 11:06:46 +01:00
Jens Langhammer 4b2437a6f1 stages/authenticator_webauthn: use correct choices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 10:51:34 +01:00
Jens Langhammer 59a51c859a stages/authenticator_webauthn: add migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 10:09:35 +01:00
Jens Langhammer 4e6714fffe stages/authenticator_webauthn: make user_verification configurable
closes #1921

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 09:58:20 +01:00