trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/web/src
History
Jens L b0fbd576fc
security: cure53 fix (#6039) 
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 		2023-06-22 22:25:04 +02:00
..
admin security: cure53 fix (#6039) 2023-06-22 22:25:04 +02:00
assets/images web/flows: update default flow background (#5905) 2023-06-08 15:16:25 +02:00
common web: Storybook css import fix (#5964) 2023-06-16 13:36:04 +02:00
elements security: cure53 fix (#6039) 2023-06-22 22:25:04 +02:00
flow web/flows: update default flow background (#5905) 2023-06-08 15:16:25 +02:00
locales web: Replace lingui.js with lit-localize (#5761) 2023-06-02 08:08:36 -07:00
polyfill web: bump @formatjs/intl-listformat from 7.2.2 to 7.3.0 in /web (#5866) 2023-06-08 13:28:15 +02:00
standalone web: Replace lingui.js with lit-localize (#5761) 2023-06-02 08:08:36 -07:00
stories web: Add storybook (#5865) 2023-06-07 13:05:33 +02:00
user security: cure53 fix (#6039) 2023-06-22 22:25:04 +02:00
custom.css *: add placeholder custom.css to easily allow user customisation 2022-02-14 20:05:00 +01:00
global.d.ts web/elements: pass full Markdown object to ak-markdown, get title from metadata 2021-12-16 12:18:43 +01:00
locale-codes.ts website: update translation docs (#5875) 2023-06-06 12:32:32 +02:00