88594075b2
* initial zxcvbn Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api and port tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api diff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
724 lines
16 KiB
Markdown
724 lines
16 KiB
Markdown
---
|
|
title: Release 2022.11
|
|
slug: "2022.11"
|
|
---
|
|
|
|
## Breaking changes
|
|
|
|
- Have I Been Pwned policy is deprecated
|
|
|
|
The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.
|
|
|
|
## New features
|
|
|
|
- authentik now runs on Python 3.11
|
|
- Expanded password policy
|
|
|
|
The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using [zxcvbn](https://github.com/dropbox/zxcvbn) to provider concise feedback.
|
|
|
|
## API Changes
|
|
|
|
#### What's Changed
|
|
|
|
---
|
|
|
|
##### `GET` /policies/password/{policy_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
##### `PUT` /policies/password/{policy_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
##### `PATCH` /policies/password/{policy_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
##### `GET` /core/tokens/{identifier}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PUT` /core/tokens/{identifier}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PATCH` /core/tokens/{identifier}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /core/users/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PUT` /core/users/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PATCH` /core/users/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /policies/bindings/{policy_binding_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PUT` /policies/bindings/{policy_binding_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `PATCH` /policies/bindings/{policy_binding_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `POST` /policies/password/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
##### `GET` /policies/password/
|
|
|
|
###### Parameters:
|
|
|
|
Added: `check_have_i_been_pwned` in `query`
|
|
|
|
Added: `check_static_rules` in `query`
|
|
|
|
Added: `check_zxcvbn` in `query`
|
|
|
|
Added: `hibp_allowed_count` in `query`
|
|
|
|
Added: `zxcvbn_score_threshold` in `query`
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Password Policy Serializer
|
|
|
|
- Added property `check_static_rules` (boolean)
|
|
|
|
- Added property `check_have_i_been_pwned` (boolean)
|
|
|
|
- Added property `check_zxcvbn` (boolean)
|
|
|
|
- Added property `hibp_allowed_count` (integer)
|
|
|
|
> How many times the password hash is allowed to be on haveibeenpwned
|
|
|
|
- Added property `zxcvbn_score_threshold` (integer)
|
|
> If the zxcvbn score is equal or less than this value, the policy will fail.
|
|
|
|
##### `POST` /core/tokens/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /core/tokens/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Token Serializer
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /core/user_consent/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `POST` /core/users/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /core/users/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /oauth2/authorization_codes/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /oauth2/refresh_tokens/{id}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `POST` /policies/bindings/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /policies/bindings/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > PolicyBinding Serializer
|
|
|
|
- Changed property `user_obj` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /core/user_consent/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > UserConsent Serializer
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /oauth2/authorization_codes/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
##### `GET` /oauth2/refresh_tokens/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
|
|
|
|
- Changed property `user` (object)
|
|
|
|
> User Serializer
|
|
|
|
- Changed property `groups_obj` (array)
|
|
|
|
Changed items (object): > Simplified Group Serializer for user's groups
|
|
|
|
New optional properties:
|
|
|
|
- `users_obj`
|
|
|
|
* Deleted property `users` (array)
|
|
|
|
* Deleted property `users_obj` (array)
|
|
|
|
## Minor changes/fixes
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2022.11 from [here](https://goauthentik.io/version/2022.11/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2022.11.1
|
|
```
|