This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.11.md
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00

16 KiB

title slug
Release 2022.11 2022.11

Breaking changes

  • Have I Been Pwned policy is deprecated

    The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.

New features

  • authentik now runs on Python 3.11

  • Expanded password policy

    The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using zxcvbn to provider concise feedback.

API Changes

What's Changed


GET /policies/password/{policy_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property check_static_rules (boolean)

    • Added property check_have_i_been_pwned (boolean)

    • Added property check_zxcvbn (boolean)

    • Added property hibp_allowed_count (integer)

      How many times the password hash is allowed to be on haveibeenpwned

    • Added property zxcvbn_score_threshold (integer)

      If the zxcvbn score is equal or less than this value, the policy will fail.

PUT /policies/password/{policy_uuid}/
Request:

Changed content type : application/json

  • Added property check_static_rules (boolean)

  • Added property check_have_i_been_pwned (boolean)

  • Added property check_zxcvbn (boolean)

  • Added property hibp_allowed_count (integer)

    How many times the password hash is allowed to be on haveibeenpwned

  • Added property zxcvbn_score_threshold (integer)

    If the zxcvbn score is equal or less than this value, the policy will fail.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property check_static_rules (boolean)

    • Added property check_have_i_been_pwned (boolean)

    • Added property check_zxcvbn (boolean)

    • Added property hibp_allowed_count (integer)

      How many times the password hash is allowed to be on haveibeenpwned

    • Added property zxcvbn_score_threshold (integer)

      If the zxcvbn score is equal or less than this value, the policy will fail.

PATCH /policies/password/{policy_uuid}/
Request:

Changed content type : application/json

  • Added property check_static_rules (boolean)

  • Added property check_have_i_been_pwned (boolean)

  • Added property check_zxcvbn (boolean)

  • Added property hibp_allowed_count (integer)

    How many times the password hash is allowed to be on haveibeenpwned

  • Added property zxcvbn_score_threshold (integer)

    If the zxcvbn score is equal or less than this value, the policy will fail.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property check_static_rules (boolean)

    • Added property check_have_i_been_pwned (boolean)

    • Added property check_zxcvbn (boolean)

    • Added property hibp_allowed_count (integer)

      How many times the password hash is allowed to be on haveibeenpwned

    • Added property zxcvbn_score_threshold (integer)

      If the zxcvbn score is equal or less than this value, the policy will fail.

GET /core/tokens/{identifier}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

PUT /core/tokens/{identifier}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

PATCH /core/tokens/{identifier}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

GET /core/users/{id}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property groups_obj (array)

      Changed items (object): > Simplified Group Serializer for user's groups

      New optional properties:

      • users_obj
      • Deleted property users (array)

      • Deleted property users_obj (array)

PUT /core/users/{id}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property groups_obj (array)

      Changed items (object): > Simplified Group Serializer for user's groups

      New optional properties:

      • users_obj
      • Deleted property users (array)

      • Deleted property users_obj (array)

PATCH /core/users/{id}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property groups_obj (array)

      Changed items (object): > Simplified Group Serializer for user's groups

      New optional properties:

      • users_obj
      • Deleted property users (array)

      • Deleted property users_obj (array)

GET /policies/bindings/{policy_binding_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

PUT /policies/bindings/{policy_binding_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

PATCH /policies/bindings/{policy_binding_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

POST /policies/password/
Request:

Changed content type : application/json

  • Added property check_static_rules (boolean)

  • Added property check_have_i_been_pwned (boolean)

  • Added property check_zxcvbn (boolean)

  • Added property hibp_allowed_count (integer)

    How many times the password hash is allowed to be on haveibeenpwned

  • Added property zxcvbn_score_threshold (integer)

    If the zxcvbn score is equal or less than this value, the policy will fail.

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property check_static_rules (boolean)

    • Added property check_have_i_been_pwned (boolean)

    • Added property check_zxcvbn (boolean)

    • Added property hibp_allowed_count (integer)

      How many times the password hash is allowed to be on haveibeenpwned

    • Added property zxcvbn_score_threshold (integer)

      If the zxcvbn score is equal or less than this value, the policy will fail.

GET /policies/password/
Parameters:

Added: check_have_i_been_pwned in query

Added: check_static_rules in query

Added: check_zxcvbn in query

Added: hibp_allowed_count in query

Added: zxcvbn_score_threshold in query

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Password Policy Serializer

      • Added property check_static_rules (boolean)

      • Added property check_have_i_been_pwned (boolean)

      • Added property check_zxcvbn (boolean)

      • Added property hibp_allowed_count (integer)

        How many times the password hash is allowed to be on haveibeenpwned

      • Added property zxcvbn_score_threshold (integer)

        If the zxcvbn score is equal or less than this value, the policy will fail.

POST /core/tokens/
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

GET /core/tokens/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Token Serializer

      • Changed property user_obj (object)

        User Serializer

        • Changed property groups_obj (array)

          Changed items (object): > Simplified Group Serializer for user's groups

          New optional properties:

          • users_obj
          • Deleted property users (array)

          • Deleted property users_obj (array)

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

POST /core/users/
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Changed property groups_obj (array)

      Changed items (object): > Simplified Group Serializer for user's groups

      New optional properties:

      • users_obj
      • Deleted property users (array)

      • Deleted property users_obj (array)

GET /core/users/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

GET /oauth2/authorization_codes/{id}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

GET /oauth2/refresh_tokens/{id}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property user (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

POST /policies/bindings/
Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Changed property user_obj (object)

      User Serializer

      • Changed property groups_obj (array)

        Changed items (object): > Simplified Group Serializer for user's groups

        New optional properties:

        • users_obj
        • Deleted property users (array)

        • Deleted property users_obj (array)

GET /policies/bindings/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > PolicyBinding Serializer

      • Changed property user_obj (object)

        User Serializer

        • Changed property groups_obj (array)

          Changed items (object): > Simplified Group Serializer for user's groups

          New optional properties:

          • users_obj
          • Deleted property users (array)

          • Deleted property users_obj (array)

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > UserConsent Serializer

      • Changed property user (object)

        User Serializer

        • Changed property groups_obj (array)

          Changed items (object): > Simplified Group Serializer for user's groups

          New optional properties:

          • users_obj
          • Deleted property users (array)

          • Deleted property users_obj (array)

GET /oauth2/authorization_codes/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant

      • Changed property user (object)

        User Serializer

        • Changed property groups_obj (array)

          Changed items (object): > Simplified Group Serializer for user's groups

          New optional properties:

          • users_obj
          • Deleted property users (array)

          • Deleted property users_obj (array)

GET /oauth2/refresh_tokens/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > Serializer for BaseGrantModel and RefreshToken

      • Changed property user (object)

        User Serializer

        • Changed property groups_obj (array)

          Changed items (object): > Simplified Group Serializer for user's groups

          New optional properties:

          • users_obj
          • Deleted property users (array)

          • Deleted property users_obj (array)

Minor changes/fixes

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.11 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.11.1