b0fbd576fc
* ATH-01-001: resolve path and check start before loading blueprints
This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-010: fix missing user filter for webauthn device
This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.
* ATH-01-008: fix web forms not submitting correctly when pressing enter
When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly
This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.
* ATH-01-004: remove env from admin system endpoint
this endpoint already required admin access, but for debugging the env variables are used very little
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-005: use hmac.compare_digest for secret_key authentication
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-009: migrate impersonation to use API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-010: rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-014: save authenticator validation state in flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
bugfixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ATH-01-012: escape quotation marks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add website
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release ntoes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update with all notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
101 lines
3.4 KiB
Python
101 lines
3.4 KiB
Python
"""authentik URL Configuration"""
|
|
from channels.auth import AuthMiddleware
|
|
from channels.sessions import CookieMiddleware
|
|
from django.conf import settings
|
|
from django.contrib.auth.decorators import login_required
|
|
from django.urls import path
|
|
from django.views.decorators.csrf import ensure_csrf_cookie
|
|
from django.views.generic import RedirectView
|
|
|
|
from authentik.core.api.applications import ApplicationViewSet
|
|
from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet
|
|
from authentik.core.api.devices import AdminDeviceViewSet, DeviceViewSet
|
|
from authentik.core.api.groups import GroupViewSet
|
|
from authentik.core.api.propertymappings import PropertyMappingViewSet
|
|
from authentik.core.api.providers import ProviderViewSet
|
|
from authentik.core.api.sources import SourceViewSet, UserSourceConnectionViewSet
|
|
from authentik.core.api.tokens import TokenViewSet
|
|
from authentik.core.api.users import UserViewSet
|
|
from authentik.core.views import apps
|
|
from authentik.core.views.debug import AccessDeniedView
|
|
from authentik.core.views.interface import FlowInterfaceView, InterfaceView
|
|
from authentik.core.views.session import EndSessionView
|
|
from authentik.root.asgi_middleware import SessionMiddleware
|
|
from authentik.root.messages.consumer import MessageConsumer
|
|
from authentik.root.middleware import ChannelsLoggingMiddleware
|
|
|
|
urlpatterns = [
|
|
path(
|
|
"",
|
|
login_required(
|
|
RedirectView.as_view(pattern_name="authentik_core:if-user", query_string=True)
|
|
),
|
|
name="root-redirect",
|
|
),
|
|
path(
|
|
# We have to use this format since everything else uses applications/o or applications/saml
|
|
"application/launch/<slug:application_slug>/",
|
|
apps.RedirectToAppLaunch.as_view(),
|
|
name="application-launch",
|
|
),
|
|
# Interfaces
|
|
path(
|
|
"if/admin/",
|
|
ensure_csrf_cookie(InterfaceView.as_view(template_name="if/admin.html")),
|
|
name="if-admin",
|
|
),
|
|
path(
|
|
"if/user/",
|
|
ensure_csrf_cookie(InterfaceView.as_view(template_name="if/user.html")),
|
|
name="if-user",
|
|
),
|
|
path(
|
|
"if/flow/<slug:flow_slug>/",
|
|
ensure_csrf_cookie(FlowInterfaceView.as_view()),
|
|
name="if-flow",
|
|
),
|
|
path(
|
|
"if/session-end/<slug:application_slug>/",
|
|
ensure_csrf_cookie(EndSessionView.as_view()),
|
|
name="if-session-end",
|
|
),
|
|
# Fallback for WS
|
|
path("ws/outpost/<uuid:pk>/", InterfaceView.as_view(template_name="if/admin.html")),
|
|
path(
|
|
"ws/client/",
|
|
InterfaceView.as_view(template_name="if/admin.html"),
|
|
),
|
|
]
|
|
|
|
api_urlpatterns = [
|
|
("core/authenticated_sessions", AuthenticatedSessionViewSet),
|
|
("core/applications", ApplicationViewSet),
|
|
("core/groups", GroupViewSet),
|
|
("core/users", UserViewSet),
|
|
("core/tokens", TokenViewSet),
|
|
("sources/all", SourceViewSet),
|
|
("sources/user_connections/all", UserSourceConnectionViewSet),
|
|
("providers/all", ProviderViewSet),
|
|
("propertymappings/all", PropertyMappingViewSet),
|
|
("authenticators/all", DeviceViewSet, "device"),
|
|
(
|
|
"authenticators/admin/all",
|
|
AdminDeviceViewSet,
|
|
"admin-device",
|
|
),
|
|
]
|
|
|
|
websocket_urlpatterns = [
|
|
path(
|
|
"ws/client/",
|
|
ChannelsLoggingMiddleware(
|
|
CookieMiddleware(SessionMiddleware(AuthMiddleware(MessageConsumer.as_asgi())))
|
|
),
|
|
),
|
|
]
|
|
|
|
if settings.DEBUG:
|
|
urlpatterns += [
|
|
path("debug/policy/deny/", AccessDeniedView.as_view(), name="debug-policy-deny"),
|
|
]
|