This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.11.md
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00

724 lines
16 KiB
Markdown

---
title: Release 2022.11
slug: "2022.11"
---
## Breaking changes
- Have I Been Pwned policy is deprecated
The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.
## New features
- authentik now runs on Python 3.11
- Expanded password policy
The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using [zxcvbn](https://github.com/dropbox/zxcvbn) to provider concise feedback.
## API Changes
#### What's Changed
---
##### `GET` /policies/password/{policy_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `PUT` /policies/password/{policy_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `PATCH` /policies/password/{policy_uuid}/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `GET` /core/tokens/{identifier}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /core/tokens/{identifier}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /core/tokens/{identifier}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/users/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /core/users/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /core/users/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /policies/bindings/{policy_binding_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /policies/bindings/{policy_binding_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /policies/bindings/{policy_binding_uuid}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /policies/password/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `GET` /policies/password/
###### Parameters:
Added: `check_have_i_been_pwned` in `query`
Added: `check_static_rules` in `query`
Added: `check_zxcvbn` in `query`
Added: `hibp_allowed_count` in `query`
Added: `zxcvbn_score_threshold` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Password Policy Serializer
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `POST` /core/tokens/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Token Serializer
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/user_consent/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /core/users/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/users/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/authorization_codes/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/refresh_tokens/{id}/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /policies/bindings/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /policies/bindings/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > PolicyBinding Serializer
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/user_consent/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserConsent Serializer
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
## Minor changes/fixes
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.11 from [here](https://goauthentik.io/version/2022.11/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.11.1
```