* initial zxcvbn Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api and port tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api diff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
16 KiB
title | slug |
---|---|
Release 2022.11 | 2022.11 |
Breaking changes
-
Have I Been Pwned policy is deprecated
The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.
New features
-
authentik now runs on Python 3.11
-
Expanded password policy
The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using zxcvbn to provider concise feedback.
API Changes
What's Changed
GET
/policies/password/{policy_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
PUT
/policies/password/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
PATCH
/policies/password/{policy_uuid}/
Request:
Changed content type : application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
GET
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
PUT
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
PATCH
/core/tokens/{identifier}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
GET
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
PUT
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
PATCH
/core/users/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
GET
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
PUT
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
PATCH
/policies/bindings/{policy_binding_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
POST
/policies/password/
Request:
Changed content type : application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
GET
/policies/password/
Parameters:
Added: check_have_i_been_pwned
in query
Added: check_static_rules
in query
Added: check_zxcvbn
in query
Added: hibp_allowed_count
in query
Added: zxcvbn_score_threshold
in query
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Password Policy Serializer
-
Added property
check_static_rules
(boolean) -
Added property
check_have_i_been_pwned
(boolean) -
Added property
check_zxcvbn
(boolean) -
Added property
hibp_allowed_count
(integer)How many times the password hash is allowed to be on haveibeenpwned
-
Added property
zxcvbn_score_threshold
(integer)If the zxcvbn score is equal or less than this value, the policy will fail.
-
-
POST
/core/tokens/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
GET
/core/tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Token Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
-
GET
/core/user_consent/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
POST
/core/users/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
GET
/core/users/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
GET
/oauth2/authorization_codes/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
GET
/oauth2/refresh_tokens/{id}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
POST
/policies/bindings/
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
GET
/policies/bindings/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > PolicyBinding Serializer
-
Changed property
user_obj
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
-
GET
/core/user_consent/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > UserConsent Serializer
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
-
GET
/oauth2/authorization_codes/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
-
GET
/oauth2/refresh_tokens/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > Serializer for BaseGrantModel and RefreshToken
-
Changed property
user
(object)User Serializer
-
Changed property
groups_obj
(array)Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
users_obj
-
Deleted property
users
(array) -
Deleted property
users_obj
(array)
-
-
-
Minor changes/fixes
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.11 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.11.1