Jens Langhammer
|
90fe1c2ce8
|
providers/oauth2: allow blank redirect_uris to allow any redirect_uri
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-08 19:28:35 +02:00 |
Jens Langhammer
|
40428f5a82
|
providers/saml: fix parsing of POST bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-06 16:54:58 +02:00 |
Jens Langhammer
|
77a507d2f8
|
providers/oauth2: add revoked field, create suspicious event when previous token is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-03 15:59:01 +02:00 |
Jens Langhammer
|
3e60e956f4
|
providers/oauth2: fix CORS headers not being set for unsuccessful requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-03 15:49:00 +02:00 |
Jens Langhammer
|
84ec70c2a2
|
providers/oauth2: use self.expires for exp field instead of calculating it again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-03 15:32:58 +02:00 |
Jens Langhammer
|
3e26170f4b
|
providers/oauth2: deepmerge claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-01 17:33:46 +02:00 |
dependabot[bot]
|
d102c59654
|
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095)
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: update source for new pylint version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-30 10:37:28 +02:00 |
Jens Langhammer
|
ba9edd6c44
|
flows: handle possible errors with FlowPlans received from cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-27 22:03:48 +02:00 |
Jens Langhammer
|
3b2b3262d7
|
flows: add FlowStageBinding to flow plan instead of just stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-27 18:47:04 +02:00 |
Jens Langhammer
|
a3ff7cea23
|
providers/oauth2: fix usage of timedelta.seconds
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-25 11:55:00 +02:00 |
Jens Langhammer
|
9b5e3921cb
|
providers/saml: better handle decoding errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-21 22:48:34 +02:00 |
Jens Langhammer
|
831b32c279
|
core: fix PropertyMapping's globals not matching Expression policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-21 15:54:43 +02:00 |
Jens Langhammer
|
19cac4bf43
|
providers/saml: fix error when getting transient user identifier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-17 13:52:10 +02:00 |
Jens Langhammer
|
4ca564490e
|
providers/saml: add support for NameID type unspecified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-17 12:45:53 +02:00 |
Jens Langhammer
|
fcb795c273
|
providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-17 12:22:40 +02:00 |
Jens Langhammer
|
0e02925a3d
|
stages/authenticator_validate: add tests for authenticator validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-14 16:32:36 +02:00 |
Jens Langhammer
|
5b837c3ccc
|
providers/saml: improve error handling for signature errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-14 12:51:42 +02:00 |
Jens Langhammer
|
31d2ea65fd
|
provider/proxy: mark forward_auth flag as deprecated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-13 12:39:25 +02:00 |
Jens Langhammer
|
d878d2140e
|
providers/saml: add metadata download link to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-10 14:06:44 +02:00 |
Jens L
|
34ae9e6dab
|
API: add endpoint to show by what objects an object is used (#995)
* core: add used_by API to show what objects are affected before deletion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add support for used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add authentik_used_by_shadows to shadow other models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: implement used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix duplicate imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add action field to used_by api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add UI for used_by action
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add notice to tenant form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix naming in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: check length for used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix used_by for non-pk models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: improve __str__ on models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add support for many to many in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-10 11:58:12 +02:00 |
Jens L
|
dad24c03ff
|
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add cookie domain setting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: replace forward_auth_mode with general mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: rebuild proxy provider form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: re-add forward_auth_mode for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix data.mode not being set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: always set log level to debug when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: use new mode attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only ingress /akprox on forward_domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix error on ProxyProviderForm when not using proxy mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix default for outpost form's type missing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add additional desc for proxy modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix service account permissions not always being updated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: fix redirecting to incorrect host for domain mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling for network errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: fix image naming not matching main imaeg
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: fix redirects for domain mode and traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix colour for paragraphs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix consent stage not showing permissions correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add domain-level docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix broken links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: remove dead code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix missing id for #header-text
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-08 23:10:17 +02:00 |
Jens Langhammer
|
029d58191e
|
sources/saml: include metadata download link in API response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-08 17:22:03 +02:00 |
Jens Langhammer
|
9180d448df
|
core: move end-session to core
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-06 13:56:38 +02:00 |
Jens Langhammer
|
cec47c3cfc
|
providers/oauth2: show id_token issues for refresh token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-02 22:05:04 +02:00 |
Jens Langhammer
|
b50ac96605
|
providers/oauth2: remove size limit on Access code nonce
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-02 20:20:07 +02:00 |
Jens Langhammer
|
14f85ec980
|
tenants: migrate context_processor to tenants
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-29 18:01:48 +02:00 |
Jens Langhammer
|
58a4b20297
|
outposts: handle disconnects without outpost better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-25 12:06:55 +02:00 |
Jens Langhammer
|
c6bb6709fd
|
flows: add default challenge response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-24 20:27:50 +02:00 |
Jens Langhammer
|
fb4e0723ee
|
stages: fix stage unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-24 17:12:48 +02:00 |
Jens Langhammer
|
6f6ae7831e
|
flows: make use of oneOf OpenAPI to annotate all challenge types
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-24 14:11:23 +02:00 |
Jens Langhammer
|
9b57f0b81d
|
Merge branch 'version-2021.5' into next
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/en.po
# web/src/locales/pseudo-LOCALE.po
|
2021-05-22 20:01:16 +02:00 |
Jens Langhammer
|
2c816e6162
|
providers/proxy: don't use https to communicate with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-22 18:56:38 +02:00 |
Jens Langhammer
|
bb89b9b572
|
Merge branch 'version-2021.5' into next
|
2021-05-21 23:50:43 +02:00 |
Jens Langhammer
|
6600da7d98
|
providers/oauth2: add missing kid header to JWT Tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-21 23:40:00 +02:00 |
Jens Langhammer
|
92f2a82c03
|
providers/oauth2: fix double login required when prompt=login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-20 01:10:08 +02:00 |
Jens Langhammer
|
dcf074650e
|
providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-20 01:10:04 +02:00 |
Jens Langhammer
|
acf1ad91d9
|
providers/oauth2: fix double login required when prompt=login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-19 23:34:27 +02:00 |
Jens Langhammer
|
a74419214c
|
providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-19 23:10:00 +02:00 |
Jens Langhammer
|
3cf0f07baf
|
*: fix API Schema for file uploads
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-17 23:12:52 +02:00 |
Jens Langhammer
|
ef9f08553c
|
*: linting pass, rename from swagger to schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-16 15:22:57 +02:00 |
Jens Langhammer
|
4fb71a6bdd
|
api: fix pagination schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-16 15:08:51 +02:00 |
Jens Langhammer
|
0bac738090
|
*: fix static response descriptions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-16 14:07:29 +02:00 |
Jens Langhammer
|
1324d03815
|
*: initial migration to openapi v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-15 23:57:28 +02:00 |
Jens Langhammer
|
6600d5bf69
|
providers/oauth2: use user.uid
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-15 14:08:49 +02:00 |
Jens Langhammer
|
a4278833d8
|
providers/proxy: fix ingress not being created with full https
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-15 13:45:41 +02:00 |
Jens Langhammer
|
942905b9b1
|
providers/proxy: fix formatting issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-14 16:24:35 +02:00 |
Jens Langhammer
|
8d7bb7da17
|
providers/proxy: connect ingress to https instead of http
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#882
|
2021-05-14 11:42:03 +02:00 |
Jens Langhammer
|
0620324702
|
root: bump version of psf black
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-12 00:42:46 +02:00 |
Jens Langhammer
|
84dfbcaaae
|
providers/api: return redirect_uris for proxy provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-11 20:02:17 +02:00 |
Jens Langhammer
|
24f2932777
|
crypto: add ?download flag
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#861
|
2021-05-11 14:21:35 +02:00 |