trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into outpost-ldap

This commit is contained in:
Jens Langhammer 2021-04-24 22:22:01 +02:00
parent 4f5e1fb86b e5a8714e6a
commit 820c9e7d06
105 changed files with 1092 additions and 813 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bumpversion.cfg
View File

@ -1,5 +1,5 @@
[bumpversion] [bumpversion]
current_version = 2021.4.2 current_version = 2021.4.4
tag = True tag = True
commit = True commit = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*) parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)

14
.github/workflows/release.yml vendored
View File

@ -18,11 +18,11 @@ jobs:
- name: Building Docker Image - name: Building Docker Image
run: docker build run: docker build
--no-cache --no-cache
-t beryju/authentik:2021.4.2 -t beryju/authentik:2021.4.4
-t beryju/authentik:latest -t beryju/authentik:latest
-f Dockerfile . -f Dockerfile .
- name: Push Docker Container to Registry (versioned) - name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik:2021.4.2 run: docker push beryju/authentik:2021.4.4
- name: Push Docker Container to Registry (latest) - name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik:latest run: docker push beryju/authentik:latest
build-proxy: build-proxy:
@ -48,11 +48,11 @@ jobs:
cd outpost/ cd outpost/
docker build \ docker build \
--no-cache \ --no-cache \
-t beryju/authentik-proxy:2021.4.2 \ -t beryju/authentik-proxy:2021.4.4 \
-t beryju/authentik-proxy:latest \ -t beryju/authentik-proxy:latest \
-f proxy.Dockerfile . -f proxy.Dockerfile .
- name: Push Docker Container to Registry (versioned) - name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik-proxy:2021.4.2 run: docker push beryju/authentik-proxy:2021.4.4
- name: Push Docker Container to Registry (latest) - name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik-proxy:latest run: docker push beryju/authentik-proxy:latest
build-static: build-static:
@ -72,11 +72,11 @@ jobs:
cd web/ cd web/
docker build \ docker build \
--no-cache \ --no-cache \
-t beryju/authentik-static:2021.4.2 \ -t beryju/authentik-static:2021.4.4 \
-t beryju/authentik-static:latest \ -t beryju/authentik-static:latest \
-f Dockerfile . -f Dockerfile .
- name: Push Docker Container to Registry (versioned) - name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik-static:2021.4.2 run: docker push beryju/authentik-static:2021.4.4
- name: Push Docker Container to Registry (latest) - name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik-static:latest run: docker push beryju/authentik-static:latest
test-release: test-release:
@ -110,5 +110,5 @@ jobs:
SENTRY_PROJECT: authentik SENTRY_PROJECT: authentik
SENTRY_URL: https://sentry.beryju.org SENTRY_URL: https://sentry.beryju.org
with: with:
tagName: 2021.4.2 tagName: 2021.4.4
environment: beryjuorg-prod environment: beryjuorg-prod

18
Pipfile.lock generated
View File

@ -116,18 +116,18 @@
}, },
"boto3": { "boto3": {
"hashes": [ "hashes": [
"sha256:1d26f6e7ae3c940cb07119077ac42485dcf99164350da0ab50d0f5ad345800cd", "sha256:1e55df93aa47a84e2a12a639c7f145e16e6e9ef959542d69d5526d50d2e92692",
"sha256:3bf3305571f3c8b738a53e9e7dcff59137dffe94670046c084a17f9fa4599ff3" "sha256:eab42daaaf68cdad5b112d31dcb0684162098f6558ba7b64156be44f993525fa"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.17.53" "version": "==1.17.54"
}, },
"botocore": { "botocore": {
"hashes": [ "hashes": [
"sha256:d5e70d17b91c9b5867be7d6de0caa7dde9ed789bed62f03ea9b60718dc9350bf", "sha256:20a864fc6570ba11d52532c72c3ccabab5c71a9b4a9418601a313d56f1d2ce5b",
"sha256:e303500c4e80f6a706602da53daa6f751cfa8f491665c99a24ee732ab6321573" "sha256:37ec76ea2df8609540ba6cb0fe360ae1c589d2e1ee91eb642fd767823f3fcedd"
], ],
"version": "==1.20.53" "version": "==1.20.54"
}, },
"cachetools": { "cachetools": {
"hashes": [ "hashes": [
@ -1106,10 +1106,10 @@
}, },
"s3transfer": { "s3transfer": {
"hashes": [ "hashes": [
"sha256:35627b86af8ff97e7ac27975fe0a98a312814b46c6333d8a6b889627bcd80994", "sha256:af1af6384bd7fb8208b06480f9be73d0295d965c4c073a5c95ea5b6661dccc18",
"sha256:efa5bd92a897b6a8d5c1383828dca3d52d0790e0756d49740563a3fb6ed03246" "sha256:f3dfd791cad2799403e3c8051810a7ca6ee1d2e630e5d2a8f9649d892bdb3db6"
], ],
"version": "==0.3.7" "version": "==0.4.0"
}, },
"sentry-sdk": { "sentry-sdk": {
"hashes": [ "hashes": [

8
README.md
View File

@ -5,12 +5,12 @@
--- ---
[![](https://img.shields.io/discord/809154715984199690?label=Discord&style=flat-square)](https://discord.gg/jg33eMhnj6) [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=flat-square)](https://discord.gg/jg33eMhnj6)
[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/1?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=1) [![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/6?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=6)
[![Tests](https://img.shields.io/azure-devops/tests/beryjuorg/authentik/1?compact_message&style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=1) [![Tests](https://img.shields.io/azure-devops/tests/beryjuorg/authentik/6?compact_message&style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=6)
[![Code Coverage](https://img.shields.io/codecov/c/gh/beryju/authentik?style=flat-square)](https://codecov.io/gh/BeryJu/authentik) [![Code Coverage](https://img.shields.io/codecov/c/gh/goauthentik/authentik?style=flat-square)](https://codecov.io/gh/goauthentik/authentik)
![Docker pulls](https://img.shields.io/docker/pulls/beryju/authentik.svg?style=flat-square) ![Docker pulls](https://img.shields.io/docker/pulls/beryju/authentik.svg?style=flat-square)
![Latest version](https://img.shields.io/docker/v/beryju/authentik?sort=semver&style=flat-square) ![Latest version](https://img.shields.io/docker/v/beryju/authentik?sort=semver&style=flat-square)
![LGTM Grade](https://img.shields.io/lgtm/grade/python/github/BeryJu/authentik?style=flat-square) ![LGTM Grade](https://img.shields.io/lgtm/grade/python/github/goauthentik/authentik?style=flat-square)
## What is authentik? ## What is authentik?

2
authentik/__init__.py
View File

@ -1,3 +1,3 @@
"""authentik""" """authentik"""
__version__ = "2021.4.2" __version__ = "2021.4.4"
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"

2
authentik/admin/settings.py
View File

@ -4,7 +4,7 @@ from celery.schedules import crontab
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"admin_latest_version": { "admin_latest_version": {
"task": "authentik.admin.tasks.update_latest_version", "task": "authentik.admin.tasks.update_latest_version",
"schedule": crontab(minute=0), # Run every hour "schedule": crontab(minute="*/60"), # Run every hour
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

4
authentik/admin/tasks.py
View File

@ -23,7 +23,9 @@ URL_FINDER = URLValidator.regex.pattern[1:]
def update_latest_version(self: MonitoredTask): def update_latest_version(self: MonitoredTask):
"""Update latest version info""" """Update latest version info"""
try: try:
response = get("https://api.github.com/repos/beryju/authentik/releases/latest") response = get(
"https://api.github.com/repos/goauthentik/authentik/releases/latest"
)
response.raise_for_status() response.raise_for_status()
data = response.json() data = response.json()
tag_name = data.get("tag_name") tag_name = data.get("tag_name")

3
authentik/api/v2/urls.py
View File

@ -196,7 +196,8 @@ info = openapi.Info(
default_version="v2beta", default_version="v2beta",
contact=openapi.Contact(email="hello@beryju.org"), contact=openapi.Contact(email="hello@beryju.org"),
license=openapi.License( license=openapi.License(
name="GNU GPLv3", url="https://github.com/BeryJu/authentik/blob/master/LICENSE" name="GNU GPLv3",
url="https://github.com/goauthentik/authentik/blob/master/LICENSE",
), ),
) )
SchemaView = get_schema_view(info, public=True, permission_classes=(AllowAny,)) SchemaView = get_schema_view(info, public=True, permission_classes=(AllowAny,))

7
authentik/flows/views.py
View File

@ -14,6 +14,7 @@ from drf_yasg import openapi
from drf_yasg.utils import no_body, swagger_auto_schema from drf_yasg.utils import no_body, swagger_auto_schema
from rest_framework.permissions import AllowAny from rest_framework.permissions import AllowAny
from rest_framework.views import APIView from rest_framework.views import APIView
from sentry_sdk import capture_exception
from structlog.stdlib import BoundLogger, get_logger from structlog.stdlib import BoundLogger, get_logger
from authentik.core.models import USER_ATTRIBUTE_DEBUG from authentik.core.models import USER_ATTRIBUTE_DEBUG
@ -152,7 +153,8 @@ class FlowExecutorView(APIView):
stage_response = self.current_stage_view.get(request, *args, **kwargs) stage_response = self.current_stage_view.get(request, *args, **kwargs)
return to_stage_response(request, stage_response) return to_stage_response(request, stage_response)
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
self._logger.exception(exc) capture_exception(exc)
self._logger.warning(exc)
return to_stage_response(request, FlowErrorResponse(request, exc)) return to_stage_response(request, FlowErrorResponse(request, exc))
@swagger_auto_schema( @swagger_auto_schema(
@ -180,7 +182,8 @@ class FlowExecutorView(APIView):
stage_response = self.current_stage_view.post(request, *args, **kwargs) stage_response = self.current_stage_view.post(request, *args, **kwargs)
return to_stage_response(request, stage_response) return to_stage_response(request, stage_response)
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
self._logger.exception(exc) capture_exception(exc)
self._logger.warning(exc)
return to_stage_response(request, FlowErrorResponse(request, exc)) return to_stage_response(request, FlowErrorResponse(request, exc))
def _initiate_plan(self) -> FlowPlan: def _initiate_plan(self) -> FlowPlan:

4
authentik/lib/sentry.py
View File

@ -6,7 +6,7 @@ from billiard.exceptions import WorkerLostError
from botocore.client import ClientError from botocore.client import ClientError
from celery.exceptions import CeleryError from celery.exceptions import CeleryError
from channels_redis.core import ChannelFull from channels_redis.core import ChannelFull
from django.core.exceptions import DisallowedHost, ValidationError from django.core.exceptions import SuspiciousOperation, ValidationError
from django.db import InternalError, OperationalError, ProgrammingError from django.db import InternalError, OperationalError, ProgrammingError
from django_redis.exceptions import ConnectionInterrupted from django_redis.exceptions import ConnectionInterrupted
from docker.errors import DockerException from docker.errors import DockerException
@ -36,7 +36,7 @@ def before_send(event: dict, hint: dict) -> Optional[dict]:
OperationalError, OperationalError,
InternalError, InternalError,
ProgrammingError, ProgrammingError,
DisallowedHost, SuspiciousOperation,
ValidationError, ValidationError,
# Redis errors # Redis errors
RedisConnectionError, RedisConnectionError,

56
authentik/outposts/apps.py
View File

@ -1,17 +1,8 @@
"""authentik outposts app config""" """authentik outposts app config"""
from importlib import import_module from importlib import import_module
from os import R_OK, access
from os.path import expanduser
from pathlib import Path
from socket import gethostname
from urllib.parse import urlparse
import yaml
from django.apps import AppConfig from django.apps import AppConfig
from django.db import ProgrammingError from django.db import ProgrammingError
from docker.constants import DEFAULT_UNIX_SOCKET
from kubernetes.config.incluster_config import SERVICE_TOKEN_FILENAME
from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
LOGGER = get_logger() LOGGER = get_logger()
@ -27,49 +18,8 @@ class AuthentikOutpostConfig(AppConfig):
def ready(self): def ready(self):
import_module("authentik.outposts.signals") import_module("authentik.outposts.signals")
try: try:
AuthentikOutpostConfig.init_local_connection() from authentik.outposts.tasks import outpost_local_connection
outpost_local_connection.delay()
except ProgrammingError: except ProgrammingError:
pass pass
@staticmethod
def init_local_connection():
"""Check if local kubernetes or docker connections should be created"""
from authentik.outposts.models import (
DockerServiceConnection,
KubernetesServiceConnection,
)
# Explicitly check against token filename, as thats
# only present when the integration is enabled
if Path(SERVICE_TOKEN_FILENAME).exists():
LOGGER.debug("Detected in-cluster Kubernetes Config")
if not KubernetesServiceConnection.objects.filter(local=True).exists():
LOGGER.debug("Created Service Connection for in-cluster")
KubernetesServiceConnection.objects.create(
name="Local Kubernetes Cluster", local=True, kubeconfig={}
)
# For development, check for the existence of a kubeconfig file
kubeconfig_path = expanduser(KUBE_CONFIG_DEFAULT_LOCATION)
if Path(kubeconfig_path).exists():
LOGGER.debug("Detected kubeconfig")
kubeconfig_local_name = f"k8s-{gethostname()}"
if not KubernetesServiceConnection.objects.filter(
name=kubeconfig_local_name
).exists():
LOGGER.debug("Creating kubeconfig Service Connection")
with open(kubeconfig_path, "r") as _kubeconfig:
KubernetesServiceConnection.objects.create(
name=kubeconfig_local_name,
kubeconfig=yaml.safe_load(_kubeconfig),
)
unix_socket_path = urlparse(DEFAULT_UNIX_SOCKET).path
socket = Path(unix_socket_path)
if socket.exists() and access(socket, R_OK):
LOGGER.debug("Detected local docker socket")
if len(DockerServiceConnection.objects.filter(local=True)) == 0:
LOGGER.debug("Created Service Connection for docker")
DockerServiceConnection.objects.create(
name="Local Docker connection",
local=True,
url=unix_socket_path,
)

7
authentik/outposts/settings.py
View File

@ -9,7 +9,7 @@ CELERY_BEAT_SCHEDULE = {
}, },
"outposts_service_connection_check": { "outposts_service_connection_check": {
"task": "authentik.outposts.tasks.outpost_service_connection_monitor", "task": "authentik.outposts.tasks.outpost_service_connection_monitor",
"schedule": crontab(minute=0, hour="*"), "schedule": crontab(minute="*/60"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"outpost_token_ensurer": { "outpost_token_ensurer": {
@ -17,4 +17,9 @@ CELERY_BEAT_SCHEDULE = {
"schedule": crontab(minute="*/5"), "schedule": crontab(minute="*/5"),
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
}, },
"outpost_local_connection": {
"task": "authentik.outposts.tasks.outpost_local_connection",
"schedule": crontab(minute="*/60"),
"options": {"queue": "authentik_scheduled"},
},
} }

48
authentik/outposts/tasks.py
View File

@ -1,11 +1,20 @@
"""outpost tasks""" """outpost tasks"""
from os import R_OK, access
from os.path import expanduser
from pathlib import Path
from socket import gethostname
from typing import Any from typing import Any
from urllib.parse import urlparse
import yaml
from asgiref.sync import async_to_sync from asgiref.sync import async_to_sync
from channels.layers import get_channel_layer from channels.layers import get_channel_layer
from django.core.cache import cache from django.core.cache import cache
from django.db.models.base import Model from django.db.models.base import Model
from django.utils.text import slugify from django.utils.text import slugify
from docker.constants import DEFAULT_UNIX_SOCKET
from kubernetes.config.incluster_config import SERVICE_TOKEN_FILENAME
from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
@ -185,3 +194,42 @@ def _outpost_single_update(outpost: Outpost, layer=None):
for state in OutpostState.for_outpost(outpost): for state in OutpostState.for_outpost(outpost):
LOGGER.debug("sending update", channel=state.uid, outpost=outpost) LOGGER.debug("sending update", channel=state.uid, outpost=outpost)
async_to_sync(layer.send)(state.uid, {"type": "event.update"}) async_to_sync(layer.send)(state.uid, {"type": "event.update"})
@CELERY_APP.task()
def outpost_local_connection():
"""Checks the local environment and create Service connections."""
# Explicitly check against token filename, as thats
# only present when the integration is enabled
if Path(SERVICE_TOKEN_FILENAME).exists():
LOGGER.debug("Detected in-cluster Kubernetes Config")
if not KubernetesServiceConnection.objects.filter(local=True).exists():
LOGGER.debug("Created Service Connection for in-cluster")
KubernetesServiceConnection.objects.create(
name="Local Kubernetes Cluster", local=True, kubeconfig={}
)
# For development, check for the existence of a kubeconfig file
kubeconfig_path = expanduser(KUBE_CONFIG_DEFAULT_LOCATION)
if Path(kubeconfig_path).exists():
LOGGER.debug("Detected kubeconfig")
kubeconfig_local_name = f"k8s-{gethostname()}"
if not KubernetesServiceConnection.objects.filter(
name=kubeconfig_local_name
).exists():
LOGGER.debug("Creating kubeconfig Service Connection")
with open(kubeconfig_path, "r") as _kubeconfig:
KubernetesServiceConnection.objects.create(
name=kubeconfig_local_name,
kubeconfig=yaml.safe_load(_kubeconfig),
)
unix_socket_path = urlparse(DEFAULT_UNIX_SOCKET).path
socket = Path(unix_socket_path)
if socket.exists() and access(socket, R_OK):
LOGGER.debug("Detected local docker socket")
if len(DockerServiceConnection.objects.filter(local=True)) == 0:
LOGGER.debug("Created Service Connection for docker")
DockerServiceConnection.objects.create(
name="Local Docker connection",
local=True,
url=unix_socket_path,
)

6
authentik/providers/oauth2/tests/test_views_authorize.py
View File

@ -166,7 +166,7 @@ class TestViewsAuthorize(TestCase):
name="test", name="test",
client_id="test", client_id="test",
authorization_flow=flow, authorization_flow=flow,
redirect_uris="http://localhost", redirect_uris="foo://localhost",
) )
Application.objects.create(name="app", slug="app", provider=provider) Application.objects.create(name="app", slug="app", provider=provider)
state = generate_client_id() state = generate_client_id()
@ -179,7 +179,7 @@ class TestViewsAuthorize(TestCase):
"response_type": "code", "response_type": "code",
"client_id": "test", "client_id": "test",
"state": state, "state": state,
"redirect_uri": "http://localhost", "redirect_uri": "foo://localhost",
}, },
) )
response = self.client.get( response = self.client.get(
@ -190,7 +190,7 @@ class TestViewsAuthorize(TestCase):
force_str(response.content), force_str(response.content),
{ {
"type": ChallengeTypes.REDIRECT.value, "type": ChallengeTypes.REDIRECT.value,
"to": f"http://localhost?code={code.code}&state={state}", "to": f"foo://localhost?code={code.code}&state={state}",
}, },
) )

51
authentik/providers/oauth2/tests/test_views_token.py
View File

@ -153,10 +153,61 @@ class TestViewsToken(TestCase):
"redirect_uri": "http://local.invalid", "redirect_uri": "http://local.invalid",
}, },
HTTP_AUTHORIZATION=f"Basic {header}", HTTP_AUTHORIZATION=f"Basic {header}",
HTTP_ORIGIN="http://local.invalid",
) )
new_token: RefreshToken = ( new_token: RefreshToken = (
RefreshToken.objects.filter(user=user).exclude(pk=token.pk).first() RefreshToken.objects.filter(user=user).exclude(pk=token.pk).first()
) )
self.assertEqual(response["Access-Control-Allow-Credentials"], "true")
self.assertEqual(
response["Access-Control-Allow-Origin"], "http://local.invalid"
)
self.assertJSONEqual(
force_str(response.content),
{
"access_token": new_token.access_token,
"refresh_token": new_token.refresh_token,
"token_type": "bearer",
"expires_in": 600,
"id_token": provider.encode(
new_token.id_token.to_dict(),
),
},
)
def test_refresh_token_view_invalid_origin(self):
"""test request param"""
provider = OAuth2Provider.objects.create(
name="test",
client_id=generate_client_id(),
client_secret=generate_client_secret(),
authorization_flow=Flow.objects.first(),
redirect_uris="http://local.invalid",
)
header = b64encode(
f"{provider.client_id}:{provider.client_secret}".encode()
).decode()
user = User.objects.get(username="akadmin")
token: RefreshToken = RefreshToken.objects.create(
provider=provider,
user=user,
refresh_token=generate_client_id(),
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.refresh_token,
"redirect_uri": "http://local.invalid",
},
HTTP_AUTHORIZATION=f"Basic {header}",
HTTP_ORIGIN="http://another.invalid",
)
new_token: RefreshToken = (
RefreshToken.objects.filter(user=user).exclude(pk=token.pk).first()
)
self.assertNotIn("Access-Control-Allow-Credentials", response)
self.assertNotIn("Access-Control-Allow-Origin", response)
self.assertJSONEqual( self.assertJSONEqual(
force_str(response.content), force_str(response.content),
{ {

22
authentik/providers/oauth2/utils.py
View File

@ -2,10 +2,11 @@
import re import re
from base64 import b64decode from base64 import b64decode
from binascii import Error from binascii import Error
from typing import Optional from typing import Any, Optional
from urllib.parse import urlparse from urllib.parse import urlparse
from django.http import HttpRequest, HttpResponse, JsonResponse from django.http import HttpRequest, HttpResponse, JsonResponse
from django.http.response import HttpResponseRedirect
from django.utils.cache import patch_vary_headers from django.utils.cache import patch_vary_headers
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -26,8 +27,8 @@ class TokenResponse(JsonResponse):
self["Pragma"] = "no-cache" self["Pragma"] = "no-cache"
def cors_allow_any(request: HttpRequest, response: HttpResponse, *allowed_origins: str): def cors_allow(request: HttpRequest, response: HttpResponse, *allowed_origins: str):
"""Add headers to permit CORS requests from any origin, with or without credentials, """Add headers to permit CORS requests from allowed_origins, with or without credentials,
with any headers.""" with any headers."""
origin = request.META.get("HTTP_ORIGIN") origin = request.META.get("HTTP_ORIGIN")
if not origin: if not origin:
@ -161,3 +162,18 @@ def protected_resource_view(scopes: list[str]):
return view_wrapper return view_wrapper
return wrapper return wrapper
class HttpResponseRedirectScheme(HttpResponseRedirect):
"""HTTP Response to redirect, can be to a non-http scheme"""
def __init__(
self,
redirect_to: str,
*args: Any,
allowed_schemes: Optional[list[str]] = None,
**kwargs: Any,
) -> None:
self.allowed_schemes = allowed_schemes or ["http", "https", "ftp"]
# pyright: reportGeneralTypeIssues=false
super().__init__(redirect_to, *args, **kwargs)

16
authentik/providers/oauth2/views/authorize.py
View File

@ -2,12 +2,12 @@
from dataclasses import dataclass, field from dataclasses import dataclass, field
from datetime import timedelta from datetime import timedelta
from typing import Optional from typing import Optional
from urllib.parse import parse_qs, urlencode, urlsplit, urlunsplit from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
from uuid import uuid4 from uuid import uuid4
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.http.response import Http404, HttpResponseBadRequest, HttpResponseRedirect from django.http.response import Http404, HttpResponseBadRequest, HttpResponseRedirect
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404
from django.utils import timezone from django.utils import timezone
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -46,6 +46,7 @@ from authentik.providers.oauth2.models import (
OAuth2Provider, OAuth2Provider,
ResponseTypes, ResponseTypes,
) )
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
from authentik.providers.oauth2.views.userinfo import UserInfoView from authentik.providers.oauth2.views.userinfo import UserInfoView
from authentik.stages.consent.models import ConsentMode, ConsentStage from authentik.stages.consent.models import ConsentMode, ConsentStage
from authentik.stages.consent.stage import ( from authentik.stages.consent.stage import (
@ -233,6 +234,11 @@ class OAuthFulfillmentStage(StageView):
params: OAuthAuthorizationParams params: OAuthAuthorizationParams
provider: OAuth2Provider provider: OAuth2Provider
def redirect(self, uri: str) -> HttpResponse:
"""Redirect using HttpResponseRedirectScheme, compatible with non-http schemes"""
parsed = urlparse(uri)
return HttpResponseRedirectScheme(uri, allowed_schemes=[parsed.scheme])
# pylint: disable=unused-argument # pylint: disable=unused-argument
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
"""final Stage of an OAuth2 Flow""" """final Stage of an OAuth2 Flow"""
@ -261,7 +267,7 @@ class OAuthFulfillmentStage(StageView):
flow=self.executor.plan.flow_pk, flow=self.executor.plan.flow_pk,
scopes=", ".join(self.params.scope), scopes=", ".join(self.params.scope),
).from_http(self.request) ).from_http(self.request)
return redirect(self.create_response_uri()) return self.redirect(self.create_response_uri())
except (ClientIdError, RedirectUriError) as error: except (ClientIdError, RedirectUriError) as error:
error.to_event(application=application).from_http(request) error.to_event(application=application).from_http(request)
self.executor.stage_invalid() self.executor.stage_invalid()
@ -270,7 +276,7 @@ class OAuthFulfillmentStage(StageView):
except AuthorizeError as error: except AuthorizeError as error:
error.to_event(application=application).from_http(request) error.to_event(application=application).from_http(request)
self.executor.stage_invalid() self.executor.stage_invalid()
return redirect(error.create_uri()) return self.redirect(error.create_uri())
def create_response_uri(self) -> str: def create_response_uri(self) -> str:
"""Create a final Response URI the user is redirected to.""" """Create a final Response URI the user is redirected to."""
@ -304,7 +310,7 @@ class OAuthFulfillmentStage(StageView):
return urlunsplit(uri) return urlunsplit(uri)
raise OAuth2Error() raise OAuth2Error()
except OAuth2Error as error: except OAuth2Error as error:
LOGGER.exception("Error when trying to create response uri", error=error) LOGGER.warning("Error when trying to create response uri", error=error)
raise AuthorizeError( raise AuthorizeError(
self.params.redirect_uri, self.params.redirect_uri,
"server_error", "server_error",

4
authentik/providers/oauth2/views/provider.py
View File

@ -19,7 +19,7 @@ from authentik.providers.oauth2.models import (
ResponseTypes, ResponseTypes,
ScopeMapping, ScopeMapping,
) )
from authentik.providers.oauth2.utils import cors_allow_any from authentik.providers.oauth2.utils import cors_allow
LOGGER = get_logger() LOGGER = get_logger()
@ -112,5 +112,5 @@ class ProviderInfoView(View):
OAuth2Provider, pk=application.provider_id OAuth2Provider, pk=application.provider_id
) )
response = super().dispatch(request, *args, **kwargs) response = super().dispatch(request, *args, **kwargs)
cors_allow_any(request, response, *self.provider.redirect_uris.split("\n")) cors_allow(request, response, *self.provider.redirect_uris.split("\n"))
return response return response

19
authentik/providers/oauth2/views/token.py
View File

@ -19,7 +19,11 @@ from authentik.providers.oauth2.models import (
OAuth2Provider, OAuth2Provider,
RefreshToken, RefreshToken,
) )
from authentik.providers.oauth2.utils import TokenResponse, extract_client_auth from authentik.providers.oauth2.utils import (
TokenResponse,
cors_allow,
extract_client_auth,
)
LOGGER = get_logger() LOGGER = get_logger()
@ -154,7 +158,18 @@ class TokenParams:
class TokenView(View): class TokenView(View):
"""Generate tokens for clients""" """Generate tokens for clients"""
params: TokenParams params: Optional[TokenParams] = None
def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
response = super().dispatch(request, *args, **kwargs)
allowed_origins = []
if self.params:
allowed_origins = self.params.provider.redirect_uris.split("\n")
cors_allow(self.request, response, *allowed_origins)
return response
def options(self, request: HttpRequest) -> HttpResponse:
return TokenResponse({})
def post(self, request: HttpRequest) -> HttpResponse: def post(self, request: HttpRequest) -> HttpResponse:
"""Generate tokens for clients""" """Generate tokens for clients"""

4
authentik/providers/oauth2/views/userinfo.py
View File

@ -14,7 +14,7 @@ from authentik.providers.oauth2.constants import (
SCOPE_GITHUB_USER_READ, SCOPE_GITHUB_USER_READ,
) )
from authentik.providers.oauth2.models import RefreshToken, ScopeMapping from authentik.providers.oauth2.models import RefreshToken, ScopeMapping
from authentik.providers.oauth2.utils import TokenResponse, cors_allow_any from authentik.providers.oauth2.utils import TokenResponse, cors_allow
LOGGER = get_logger() LOGGER = get_logger()
@ -88,7 +88,7 @@ class UserInfoView(View):
allowed_origins = [] allowed_origins = []
if self.token: if self.token:
allowed_origins = self.token.provider.redirect_uris.split("\n") allowed_origins = self.token.provider.redirect_uris.split("\n")
cors_allow_any(self.request, response, *allowed_origins) cors_allow(self.request, response, *allowed_origins)
return response return response
def options(self, request: HttpRequest) -> HttpResponse: def options(self, request: HttpRequest) -> HttpResponse:

2
authentik/root/settings.py
View File

@ -337,7 +337,7 @@ if CONFIG.y("postgresql.s3_backup"):
# Sentry integration # Sentry integration
_ERROR_REPORTING = CONFIG.y_bool("error_reporting.enabled", False) _ERROR_REPORTING = CONFIG.y_bool("error_reporting.enabled", False)
if not DEBUG and _ERROR_REPORTING: if _ERROR_REPORTING:
# pylint: disable=abstract-class-instantiated # pylint: disable=abstract-class-instantiated
sentry_init( sentry_init(
dsn="https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8", dsn="https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",

2
authentik/sources/ldap/settings.py
View File

@ -8,7 +8,7 @@ AUTHENTICATION_BACKENDS = [
CELERY_BEAT_SCHEDULE = { CELERY_BEAT_SCHEDULE = {
"sources_ldap_sync": { "sources_ldap_sync": {
"task": "authentik.sources.ldap.tasks.ldap_sync_all", "task": "authentik.sources.ldap.tasks.ldap_sync_all",
"schedule": crontab(minute=0), # Run every hour "schedule": crontab(minute="*/60"), # Run every hour
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

15
authentik/sources/oauth/clients/base.py
View File

@ -40,8 +40,11 @@ class BaseOAuthClient:
def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]: def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]:
"Fetch user profile information." "Fetch user profile information."
profile_url = self.source.type.profile_url or ""
if self.source.type.urls_customizable and self.source.profile_url:
profile_url = self.source.profile_url
try: try:
response = self.do_request("get", self.source.profile_url, token=token) response = self.do_request("get", profile_url, token=token)
response.raise_for_status() response.raise_for_status()
except RequestException as exc: except RequestException as exc:
LOGGER.warning("Unable to fetch user profile", exc=exc) LOGGER.warning("Unable to fetch user profile", exc=exc)
@ -60,16 +63,16 @@ class BaseOAuthClient:
args.update(additional) args.update(additional)
params = urlencode(args) params = urlencode(args)
LOGGER.info("redirect args", **args) LOGGER.info("redirect args", **args)
base_url = self.source.type.authorization_url authorization_url = self.source.type.authorization_url or ""
if self.source.authorization_url: if self.source.type.urls_customizable and self.source.authorization_url:
base_url = self.source.authorization_url authorization_url = self.source.authorization_url
if base_url == "": if authorization_url == "":
Event.new( Event.new(
EventAction.CONFIGURATION_ERROR, EventAction.CONFIGURATION_ERROR,
source=self.source, source=self.source,
message="Source has an empty authorization URL.", message="Source has an empty authorization URL.",
).save() ).save()
return f"{base_url}?{params}" return f"{authorization_url}?{params}"
def parse_raw_token(self, raw_token: str) -> dict[str, Any]: def parse_raw_token(self, raw_token: str) -> dict[str, Any]:
"Parse token and secret from raw token response." "Parse token and secret from raw token response."

8
authentik/sources/oauth/clients/oauth1.py
View File

@ -28,8 +28,8 @@ class OAuthClient(BaseOAuthClient):
if raw_token is not None and verifier is not None: if raw_token is not None and verifier is not None:
token = self.parse_raw_token(raw_token) token = self.parse_raw_token(raw_token)
try: try:
access_token_url: str = self.source.type.access_token_url or "" access_token_url = self.source.type.access_token_url or ""
if self.source.access_token_url: if self.source.type.urls_customizable and self.source.access_token_url:
access_token_url = self.source.access_token_url access_token_url = self.source.access_token_url
response = self.do_request( response = self.do_request(
"post", "post",
@ -51,8 +51,8 @@ class OAuthClient(BaseOAuthClient):
"Fetch the OAuth request token. Only required for OAuth 1.0." "Fetch the OAuth request token. Only required for OAuth 1.0."
callback = self.request.build_absolute_uri(self.callback) callback = self.request.build_absolute_uri(self.callback)
try: try:
request_token_url: str = self.source.type.request_token_url or "" request_token_url = self.source.type.request_token_url or ""
if self.source.request_token_url: if self.source.type.urls_customizable and self.source.request_token_url:
request_token_url = self.source.request_token_url request_token_url = self.source.request_token_url
response = self.do_request( response = self.do_request(
"post", "post",

2
authentik/sources/oauth/clients/oauth2.py
View File

@ -57,7 +57,7 @@ class OAuth2Client(BaseOAuthClient):
return None return None
try: try:
access_token_url = self.source.type.access_token_url or "" access_token_url = self.source.type.access_token_url or ""
if self.source.access_token_url: if self.source.type.urls_customizable and self.source.access_token_url:
access_token_url = self.source.access_token_url access_token_url = self.source.access_token_url
response = self.session.request( response = self.session.request(
"post", "post",

9
authentik/sources/oauth/types/azure_ad.py
View File

@ -1,5 +1,5 @@
"""AzureAD OAuth2 Views""" """AzureAD OAuth2 Views"""
from typing import Any from typing import Any, Optional
from uuid import UUID from uuid import UUID
from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
@ -10,8 +10,11 @@ from authentik.sources.oauth.views.callback import OAuthCallback
class AzureADOAuthCallback(OAuthCallback): class AzureADOAuthCallback(OAuthCallback):
"""AzureAD OAuth2 Callback""" """AzureAD OAuth2 Callback"""
def get_user_id(self, source: OAuthSource, info: dict[str, Any]) -> str: def get_user_id(self, source: OAuthSource, info: dict[str, Any]) -> Optional[str]:
return str(UUID(info.get("objectId")).int) try:
return str(UUID(info.get("objectId")).int)
except TypeError:
return None
def get_user_enroll_context( def get_user_enroll_context(
self, self,

12
authentik/sources/oauth/views/base.py
View File

@ -2,12 +2,15 @@
from typing import Optional, Type from typing import Optional, Type
from django.http.request import HttpRequest from django.http.request import HttpRequest
from structlog.stdlib import get_logger
from authentik.sources.oauth.clients.base import BaseOAuthClient from authentik.sources.oauth.clients.base import BaseOAuthClient
from authentik.sources.oauth.clients.oauth1 import OAuthClient from authentik.sources.oauth.clients.oauth1 import OAuthClient
from authentik.sources.oauth.clients.oauth2 import OAuth2Client from authentik.sources.oauth.clients.oauth2 import OAuth2Client
from authentik.sources.oauth.models import OAuthSource from authentik.sources.oauth.models import OAuthSource
LOGGER = get_logger()
# pylint: disable=too-few-public-methods # pylint: disable=too-few-public-methods
class OAuthClientMixin: class OAuthClientMixin:
@ -22,6 +25,9 @@ class OAuthClientMixin:
if self.client_class is not None: if self.client_class is not None:
# pylint: disable=not-callable # pylint: disable=not-callable
return self.client_class(source, self.request, **kwargs) return self.client_class(source, self.request, **kwargs)
if source.request_token_url: if source.type.request_token_url or source.request_token_url:
return OAuthClient(source, self.request, **kwargs) client = OAuthClient(source, self.request, **kwargs)
return OAuth2Client(source, self.request, **kwargs) else:
client = OAuth2Client(source, self.request, **kwargs)
LOGGER.debug("Using client for oauth request", client=client)
return client

2
authentik/sources/saml/processors/response.py
View File

@ -39,13 +39,13 @@ from authentik.sources.saml.processors.constants import (
from authentik.sources.saml.processors.request import SESSION_REQUEST_ID from authentik.sources.saml.processors.request import SESSION_REQUEST_ID
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
from authentik.stages.user_login.stage import DEFAULT_BACKEND
LOGGER = get_logger() LOGGER = get_logger()
if TYPE_CHECKING: if TYPE_CHECKING:
from xml.etree.ElementTree import Element # nosec from xml.etree.ElementTree import Element # nosec
CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s" CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s"
DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
class ResponseProcessor: class ResponseProcessor:

4
authentik/stages/identification/stage.py
View File

@ -1,5 +1,6 @@
"""Identification stage logic""" """Identification stage logic"""
from dataclasses import asdict from dataclasses import asdict
from time import sleep
from typing import Optional from typing import Optional
from django.db.models import Q from django.db.models import Q
@ -46,6 +47,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
"""Validate that user exists""" """Validate that user exists"""
pre_user = self.stage.get_user(value) pre_user = self.stage.get_user(value)
if not pre_user: if not pre_user:
sleep(0.150)
LOGGER.debug("invalid_login", identifier=value) LOGGER.debug("invalid_login", identifier=value)
raise ValidationError("Failed to authenticate.") raise ValidationError("Failed to authenticate.")
self.pre_user = pre_user self.pre_user = pre_user
@ -68,7 +70,7 @@ class IdentificationStageView(ChallengeStageView):
else: else:
model_field += "__exact" model_field += "__exact"
query |= Q(**{model_field: uid_value}) query |= Q(**{model_field: uid_value})
users = User.objects.filter(query) users = User.objects.filter(query, is_active=True)
if users.exists(): if users.exists():
LOGGER.debug("Found user", user=users.first(), query=query) LOGGER.debug("Found user", user=users.first(), query=query)
return users.first() return users.first()

10
authentik/stages/user_login/stage.py
View File

@ -11,6 +11,7 @@ from authentik.lib.utils.time import timedelta_from_string
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
LOGGER = get_logger() LOGGER = get_logger()
DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
class UserLoginStageView(StageView): class UserLoginStageView(StageView):
@ -23,12 +24,9 @@ class UserLoginStageView(StageView):
messages.error(request, message) messages.error(request, message)
LOGGER.debug(message) LOGGER.debug(message)
return self.executor.stage_invalid() return self.executor.stage_invalid()
if PLAN_CONTEXT_AUTHENTICATION_BACKEND not in self.executor.plan.context: backend = self.executor.plan.context.get(
message = _("Pending user has no backend.") PLAN_CONTEXT_AUTHENTICATION_BACKEND, DEFAULT_BACKEND
messages.error(request, message) )
LOGGER.debug(message)
return self.executor.stage_invalid()
backend = self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND]
login( login(
self.request, self.request,
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER], self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],

33
authentik/stages/user_login/tests.py
View File

@ -12,7 +12,6 @@ from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK
from authentik.flows.views import SESSION_KEY_PLAN from authentik.flows.views import SESSION_KEY_PLAN
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
from authentik.stages.user_login.models import UserLoginStage from authentik.stages.user_login.models import UserLoginStage
@ -38,9 +37,6 @@ class TestUserLoginStage(TestCase):
flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
) )
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
plan.context[
PLAN_CONTEXT_AUTHENTICATION_BACKEND
] = "django.contrib.auth.backends.ModelBackend"
session = self.client.session session = self.client.session
session[SESSION_KEY_PLAN] = plan session[SESSION_KEY_PLAN] = plan
session.save() session.save()
@ -82,32 +78,3 @@ class TestUserLoginStage(TestCase):
"type": ChallengeTypes.NATIVE.value, "type": ChallengeTypes.NATIVE.value,
}, },
) )
@patch(
"authentik.flows.views.to_stage_response",
TO_STAGE_RESPONSE_MOCK,
)
def test_without_backend(self):
"""Test a plan with pending user, without backend, resulting in a denied"""
plan = FlowPlan(
flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
session[SESSION_KEY_PLAN] = plan
session.save()
response = self.client.get(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
)
self.assertEqual(response.status_code, 200)
self.assertJSONEqual(
force_str(response.content),
{
"component": "ak-stage-access-denied",
"error_message": None,
"title": "",
"type": ChallengeTypes.NATIVE.value,
},
)

2
azure-pipelines.yml
View File

@ -369,8 +369,6 @@ stages:
coverage-unittest/unittest.xml coverage-unittest/unittest.xml
mergeTestResults: true mergeTestResults: true
- task: CmdLine@2 - task: CmdLine@2
env:
CODECOV_TOKEN: $(CODECOV_TOKEN)
inputs: inputs:
script: bash <(curl -s https://codecov.io/bash) script: bash <(curl -s https://codecov.io/bash)
- stage: Build - stage: Build

6
docker-compose.yml
View File

@ -20,7 +20,7 @@ services:
networks: networks:
- internal - internal
server: server:
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.4}
restart: unless-stopped restart: unless-stopped
command: server command: server
environment: environment:
@ -48,7 +48,7 @@ services:
env_file: env_file:
- .env - .env
worker: worker:
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.4}
restart: unless-stopped restart: unless-stopped
command: worker command: worker
networks: networks:
@ -68,7 +68,7 @@ services:
env_file: env_file:
- .env - .env
static: static:
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.2} image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.4}
restart: unless-stopped restart: unless-stopped
networks: networks:
- internal - internal

6
helm/Chart.yaml
View File

@ -3,9 +3,9 @@ description: authentik is an open-source Identity Provider focused on flexibilit
name: authentik name: authentik
home: https://goauthentik.io home: https://goauthentik.io
sources: sources:
- https://github.com/BeryJu/authentik - https://github.com/goauthentik/authentik
version: "2021.4.2" version: "2021.4.4"
icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg icon: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.svg
dependencies: dependencies:
- name: postgresql - name: postgresql
version: 9.4.1 version: 9.4.1

2
helm/README.md
View File

@ -4,7 +4,7 @@
|-----------------------------------|-------------------------|-------------| |-----------------------------------|-------------------------|-------------|
| image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.tag | 2021.4.2 | Image tag | | image.tag | 2021.4.4 | Image tag |
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
| serverReplicas | 1 | Replicas for the Server deployment | | serverReplicas | 1 | Replicas for the Server deployment |
| workerReplicas | 1 | Replicas for the Worker deployment | | workerReplicas | 1 | Replicas for the Worker deployment |

2
helm/values.yaml
View File

@ -5,7 +5,7 @@ image:
name: beryju/authentik name: beryju/authentik
name_static: beryju/authentik-static name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 2021.4.2 tag: 2021.4.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
serverReplicas: 1 serverReplicas: 1

2
outpost/README.md
View File

@ -1,6 +1,6 @@
# authentik outpost # authentik outpost
[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/3?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=3) [![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/3?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=8)
![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square) ![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square)
Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik. Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik.

9
outpost/pkg/ak/api.go
View File

@ -31,8 +31,7 @@ type APIController struct {
Server Outpost Server Outpost
lastBundleHash string logger *log.Entry
logger *log.Entry
reloadOffset time.Duration reloadOffset time.Duration
@ -71,18 +70,12 @@ func NewAPIController(akURL url.URL, token string) *APIController {
logger: log, logger: log,
reloadOffset: time.Duration(rand.Intn(10)) * time.Second, reloadOffset: time.Duration(rand.Intn(10)) * time.Second,
lastBundleHash: "",
} }
ac.logger.Debugf("HA Reload offset: %s", ac.reloadOffset) ac.logger.Debugf("HA Reload offset: %s", ac.reloadOffset)
ac.initWS(akURL, outpost.Pk) ac.initWS(akURL, outpost.Pk)
return ac return ac
} }
func (a *APIController) GetLastBundleHash() string {
return a.lastBundleHash
}
// Start Starts all handlers, non-blocking // Start Starts all handlers, non-blocking
func (a *APIController) Start() error { func (a *APIController) Start() error {
err := a.Server.Refresh() err := a.Server.Refresh()

15
outpost/pkg/ak/api_update.go
View File

@ -1,10 +1,6 @@
package ak package ak
import ( import (
"crypto/sha512"
"encoding/hex"
"encoding/json"
"goauthentik.io/outpost/pkg/client/outposts" "goauthentik.io/outpost/pkg/client/outposts"
"goauthentik.io/outpost/pkg/models" "goauthentik.io/outpost/pkg/models"
) )
@ -15,16 +11,5 @@ func (a *APIController) Update() ([]*models.ProxyOutpostConfig, error) {
a.logger.WithError(err).Error("Failed to fetch providers") a.logger.WithError(err).Error("Failed to fetch providers")
return nil, err return nil, err
} }
// Check provider hash to see if anything is changed
hasher := sha512.New()
out, err := json.Marshal(providers.Payload.Results)
if err != nil {
return nil, nil
}
hash := hex.EncodeToString(hasher.Sum(out))
if hash == a.lastBundleHash {
return nil, nil
}
a.lastBundleHash = hash
return providers.Payload.Results, nil return providers.Payload.Results, nil
} }

6
outpost/pkg/ak/api_ws.go
View File

@ -15,9 +15,9 @@ import (
"goauthentik.io/outpost/pkg" "goauthentik.io/outpost/pkg"
) )
func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) { func (ac *APIController) initWS(akURL url.URL, outpostUUID strfmt.UUID) {
pathTemplate := "%s://%s/ws/outpost/%s/" pathTemplate := "%s://%s/ws/outpost/%s/"
scheme := strings.ReplaceAll(pbURL.Scheme, "http", "ws") scheme := strings.ReplaceAll(akURL.Scheme, "http", "ws")
authHeader := fmt.Sprintf("Bearer %s", ac.token) authHeader := fmt.Sprintf("Bearer %s", ac.token)
@ -37,7 +37,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
InsecureSkipVerify: strings.ToLower(value) == "true", InsecureSkipVerify: strings.ToLower(value) == "true",
}, },
} }
ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header) ws.Dial(fmt.Sprintf(pathTemplate, scheme, akURL.Host, outpostUUID.String()), header)
ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik") ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")

2
outpost/pkg/proxy/middleware.go
View File

@ -107,7 +107,7 @@ func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
duration := float64(time.Since(t)) / float64(time.Millisecond) duration := float64(time.Since(t)) / float64(time.Millisecond)
h.logger.WithFields(log.Fields{ h.logger.WithFields(log.Fields{
"host": req.RemoteAddr, "host": req.RemoteAddr,
"vhost": req.Host, "vhost": getHost(req),
"request_protocol": req.Proto, "request_protocol": req.Proto,
"runtime": fmt.Sprintf("%0.3f", duration), "runtime": fmt.Sprintf("%0.3f", duration),
"method": req.Method, "method": req.Method,

4
outpost/pkg/proxy/oauth.go
View File

@ -161,7 +161,7 @@ func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) {
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error()) p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", err.Error())
return return
} }
redirectURI := p.GetRedirectURI(req.Host) redirectURI := p.GetRedirectURI(getHost(req))
http.Redirect(rw, req, p.provider.GetLoginURL(redirectURI, fmt.Sprintf("%v:%v", nonce, redirect)), http.StatusFound) http.Redirect(rw, req, p.provider.GetLoginURL(redirectURI, fmt.Sprintf("%v:%v", nonce, redirect)), http.StatusFound)
} }
@ -184,7 +184,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
return return
} }
session, err := p.redeemCode(req.Context(), req.Host, req.Form.Get("code")) session, err := p.redeemCode(req.Context(), getHost(req), req.Form.Get("code"))
if err != nil { if err != nil {
p.logger.Errorf("Error redeeming code during OAuth2 callback: %v", err) p.logger.Errorf("Error redeeming code during OAuth2 callback: %v", err)
p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Internal Error") p.ErrorPage(rw, http.StatusInternalServerError, "Internal Server Error", "Internal Error")

5
outpost/pkg/proxy/server.go
View File

@ -42,7 +42,8 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(204) w.WriteHeader(204)
return return
} }
handler, ok := s.Handlers[r.Host] host := getHost(r)
handler, ok := s.Handlers[host]
if !ok { if !ok {
// If we only have one handler, host name switching doesn't matter // If we only have one handler, host name switching doesn't matter
if len(s.Handlers) == 1 { if len(s.Handlers) == 1 {
@ -56,7 +57,7 @@ func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
for k := range s.Handlers { for k := range s.Handlers {
hostKeys = append(hostKeys, k) hostKeys = append(hostKeys, k)
} }
s.logger.WithField("host", r.Host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of") s.logger.WithField("host", host).WithField("known-hosts", strings.Join(hostKeys, ", ")).Debug("Host header does not match any we know of")
w.WriteHeader(404) w.WriteHeader(404)
return return
} }

12
outpost/pkg/proxy/utils.go Normal file
View File

@ -0,0 +1,12 @@
package proxy
import "net/http"
var xForwardedHost = http.CanonicalHeaderKey("X-Forwarded-Host")
func getHost(req *http.Request) string {
if req.Header.Get(xForwardedHost) != "" {
return req.Header.Get(xForwardedHost)
}
return req.Host
}

2
outpost/pkg/version.go
View File

@ -1,3 +1,3 @@
package pkg package pkg
const VERSION = "2021.4.2" const VERSION = "2021.4.4"

2
swagger.yaml
View File

@ -5,7 +5,7 @@ info:
email: hello@beryju.org email: hello@beryju.org
license: license:
name: GNU GPLv3 name: GNU GPLv3
url: https://github.com/BeryJu/authentik/blob/master/LICENSE url: https://github.com/goauthentik/authentik/blob/master/LICENSE
version: v2beta version: v2beta
basePath: /api/v2beta basePath: /api/v2beta
consumes: consumes:

4
tests/e2e/test_provider_proxy.py
View File

@ -13,13 +13,13 @@ from selenium.webdriver.common.by import By
from authentik import __version__ from authentik import __version__
from authentik.core.models import Application from authentik.core.models import Application
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.outposts.apps import AuthentikOutpostConfig
from authentik.outposts.models import ( from authentik.outposts.models import (
DockerServiceConnection, DockerServiceConnection,
Outpost, Outpost,
OutpostConfig, OutpostConfig,
OutpostType, OutpostType,
) )
from authentik.outposts.tasks import outpost_local_connection
from authentik.providers.proxy.models import ProxyProvider from authentik.providers.proxy.models import ProxyProvider
from tests.e2e.utils import SeleniumTestCase, apply_migration, object_manager, retry from tests.e2e.utils import SeleniumTestCase, apply_migration, object_manager, retry
@ -117,7 +117,7 @@ class TestProviderProxyConnect(ChannelsLiveServerTestCase):
@object_manager @object_manager
def test_proxy_connectivity(self): def test_proxy_connectivity(self):
"""Test proxy connectivity over websocket""" """Test proxy connectivity over websocket"""
AuthentikOutpostConfig.init_local_connection() outpost_local_connection()
proxy: ProxyProvider = ProxyProvider.objects.create( proxy: ProxyProvider = ProxyProvider.objects.create(
name="proxy_provider", name="proxy_provider",
authorization_flow=Flow.objects.get( authorization_flow=Flow.objects.get(

28
tests/e2e/test_source_oauth.py
View File

@ -4,6 +4,7 @@ from sys import platform
from time import sleep from time import sleep
from typing import Any, Optional from typing import Any, Optional
from unittest.case import skipUnless from unittest.case import skipUnless
from unittest.mock import Mock, patch
from django.test import override_settings from django.test import override_settings
from docker.models.containers import Container from docker.models.containers import Container
@ -22,12 +23,31 @@ from authentik.providers.oauth2.generators import (
generate_client_secret, generate_client_secret,
) )
from authentik.sources.oauth.models import OAuthSource from authentik.sources.oauth.models import OAuthSource
from authentik.sources.oauth.types.manager import SourceType
from authentik.sources.oauth.types.twitter import TwitterOAuthCallback
from tests.e2e.utils import SeleniumTestCase, apply_migration, object_manager, retry from tests.e2e.utils import SeleniumTestCase, apply_migration, object_manager, retry
CONFIG_PATH = "/tmp/dex.yml" # nosec CONFIG_PATH = "/tmp/dex.yml" # nosec
LOGGER = get_logger() LOGGER = get_logger()
class OAUth1Type(SourceType):
"""Twitter Type definition"""
callback_view = TwitterOAuthCallback
name = "Twitter"
slug = "twitter"
request_token_url = "http://localhost:5000/oauth/request_token" # nosec
access_token_url = "http://localhost:5000/oauth/access_token" # nosec
authorization_url = "http://localhost:5000/oauth/authorize"
profile_url = "http://localhost:5000/api/me"
urls_customizable = False
SOURCE_TYPE_MOCK = Mock(return_value=OAUth1Type())
@skipUnless(platform.startswith("linux"), "requires local docker") @skipUnless(platform.startswith("linux"), "requires local docker")
class TestSourceOAuth2(SeleniumTestCase): class TestSourceOAuth2(SeleniumTestCase):
"""test OAuth Source flow""" """test OAuth Source flow"""
@ -291,10 +311,6 @@ class TestSourceOAuth1(SeleniumTestCase):
authentication_flow=authentication_flow, authentication_flow=authentication_flow,
enrollment_flow=enrollment_flow, enrollment_flow=enrollment_flow,
provider_type="twitter", provider_type="twitter",
request_token_url="http://localhost:5000/oauth/request_token",
access_token_url="http://localhost:5000/oauth/access_token",
authorization_url="http://localhost:5000/oauth/authorize",
profile_url="http://localhost:5000/api/me",
consumer_key=self.client_id, consumer_key=self.client_id,
consumer_secret=self.client_secret, consumer_secret=self.client_secret,
) )
@ -304,6 +320,10 @@ class TestSourceOAuth1(SeleniumTestCase):
@apply_migration("authentik_flows", "0008_default_flows") @apply_migration("authentik_flows", "0008_default_flows")
@apply_migration("authentik_flows", "0009_source_flows") @apply_migration("authentik_flows", "0009_source_flows")
@apply_migration("authentik_crypto", "0002_create_self_signed_kp") @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
@patch(
"authentik.sources.oauth.types.manager.SourceTypeManager.find_type",
SOURCE_TYPE_MOCK,
)
@object_manager @object_manager
def test_oauth_enroll(self): def test_oauth_enroll(self):
"""test OAuth Source With With OIDC""" """test OAuth Source With With OIDC"""

4
tests/integration/test_outpost_docker.py
View File

@ -12,9 +12,9 @@ from docker.types.healthcheck import Healthcheck
from authentik import __version__ from authentik import __version__
from authentik.crypto.models import CertificateKeyPair from authentik.crypto.models import CertificateKeyPair
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.outposts.apps import AuthentikOutpostConfig
from authentik.outposts.controllers.docker import DockerController from authentik.outposts.controllers.docker import DockerController
from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostType from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostType
from authentik.outposts.tasks import outpost_local_connection
from authentik.providers.proxy.models import ProxyProvider from authentik.providers.proxy.models import ProxyProvider
@ -53,7 +53,7 @@ class OutpostDockerTests(TestCase):
self.ssl_folder = mkdtemp() self.ssl_folder = mkdtemp()
self.container = self._start_container(self.ssl_folder) self.container = self._start_container(self.ssl_folder)
# Ensure that local connection have been created # Ensure that local connection have been created
AuthentikOutpostConfig.init_local_connection() outpost_local_connection()
self.provider: ProxyProvider = ProxyProvider.objects.create( self.provider: ProxyProvider = ProxyProvider.objects.create(
name="test", name="test",
internal_host="http://localhost", internal_host="http://localhost",

4
tests/integration/test_outpost_kubernetes.py
View File

@ -3,11 +3,11 @@ from django.test import TestCase
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.lib.config import CONFIG from authentik.lib.config import CONFIG
from authentik.outposts.apps import AuthentikOutpostConfig
from authentik.outposts.controllers.k8s.base import NeedsUpdate from authentik.outposts.controllers.k8s.base import NeedsUpdate
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
from authentik.outposts.controllers.kubernetes import KubernetesController from authentik.outposts.controllers.kubernetes import KubernetesController
from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType
from authentik.outposts.tasks import outpost_local_connection
from authentik.providers.proxy.models import ProxyProvider from authentik.providers.proxy.models import ProxyProvider
@ -17,7 +17,7 @@ class OutpostKubernetesTests(TestCase):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
# Ensure that local connection have been created # Ensure that local connection have been created
AuthentikOutpostConfig.init_local_connection() outpost_local_connection()
self.provider: ProxyProvider = ProxyProvider.objects.create( self.provider: ProxyProvider = ProxyProvider.objects.create(
name="test", name="test",
internal_host="http://localhost", internal_host="http://localhost",

4
tests/integration/test_proxy_docker.py
View File

@ -12,8 +12,8 @@ from docker.types.healthcheck import Healthcheck
from authentik import __version__ from authentik import __version__
from authentik.crypto.models import CertificateKeyPair from authentik.crypto.models import CertificateKeyPair
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.outposts.apps import AuthentikOutpostConfig
from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostType from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostType
from authentik.outposts.tasks import outpost_local_connection
from authentik.providers.proxy.controllers.docker import DockerController from authentik.providers.proxy.controllers.docker import DockerController
from authentik.providers.proxy.models import ProxyProvider from authentik.providers.proxy.models import ProxyProvider
@ -53,7 +53,7 @@ class TestProxyDocker(TestCase):
self.ssl_folder = mkdtemp() self.ssl_folder = mkdtemp()
self.container = self._start_container(self.ssl_folder) self.container = self._start_container(self.ssl_folder)
# Ensure that local connection have been created # Ensure that local connection have been created
AuthentikOutpostConfig.init_local_connection() outpost_local_connection()
self.provider: ProxyProvider = ProxyProvider.objects.create( self.provider: ProxyProvider = ProxyProvider.objects.create(
name="test", name="test",
internal_host="http://localhost", internal_host="http://localhost",

4
tests/integration/test_proxy_kubernetes.py
View File

@ -3,8 +3,8 @@ import yaml
from django.test import TestCase from django.test import TestCase
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.outposts.apps import AuthentikOutpostConfig
from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType
from authentik.outposts.tasks import outpost_local_connection
from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController
from authentik.providers.proxy.models import ProxyProvider from authentik.providers.proxy.models import ProxyProvider
@ -14,7 +14,7 @@ class TestProxyKubernetes(TestCase):
def setUp(self): def setUp(self):
# Ensure that local connection have been created # Ensure that local connection have been created
AuthentikOutpostConfig.init_local_connection() outpost_local_connection()
def test_kubernetes_controller_static(self): def test_kubernetes_controller_static(self):
"""Test Kubernetes Controller""" """Test Kubernetes Controller"""

2
web/nginx.conf
View File

@ -81,7 +81,7 @@ http {
location /static/ { location /static/ {
expires 31d; expires 31d;
add_header Cache-Control "public, no-transform"; add_header Cache-Control "public, no-transform";
add_header X-authentik-version "2021.4.2"; add_header X-authentik-version "2021.4.4";
add_header Vary X-authentik-version; add_header Vary X-authentik-version;
} }

382
web/package-lock.json generated
View File

@ -26,19 +26,19 @@
"integrity": "sha512-3eJJ841uKxeV8dcN/2yGEUy+RfgQspPEgQat85umsE1rotuquQ2AbIub4S6j7c50a2d+4myc+zSlnXeIHrOnhQ==" "integrity": "sha512-3eJJ841uKxeV8dcN/2yGEUy+RfgQspPEgQat85umsE1rotuquQ2AbIub4S6j7c50a2d+4myc+zSlnXeIHrOnhQ=="
}, },
"@babel/core": { "@babel/core": {
"version": "7.13.15", "version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/core/-/core-7.13.15.tgz", "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.13.16.tgz",
"integrity": "sha512-6GXmNYeNjS2Uz+uls5jalOemgIhnTMeaXo+yBUA72kC2uX/8VW6XyhVIo2L8/q0goKQA3EVKx0KOQpVKSeWadQ==", "integrity": "sha512-sXHpixBiWWFti0AV2Zq7avpTasr6sIAu7Y396c608541qAU2ui4a193m0KSQmfPSKFZLnQ3cvlKDOm3XkuXm3Q==",
"requires": { "requires": {
"@babel/code-frame": "^7.12.13", "@babel/code-frame": "^7.12.13",
"@babel/generator": "^7.13.9", "@babel/generator": "^7.13.16",
"@babel/helper-compilation-targets": "^7.13.13", "@babel/helper-compilation-targets": "^7.13.16",
"@babel/helper-module-transforms": "^7.13.14", "@babel/helper-module-transforms": "^7.13.14",
"@babel/helpers": "^7.13.10", "@babel/helpers": "^7.13.16",
"@babel/parser": "^7.13.15", "@babel/parser": "^7.13.16",
"@babel/template": "^7.12.13", "@babel/template": "^7.12.13",
"@babel/traverse": "^7.13.15", "@babel/traverse": "^7.13.15",
"@babel/types": "^7.13.14", "@babel/types": "^7.13.16",
"convert-source-map": "^1.7.0", "convert-source-map": "^1.7.0",
"debug": "^4.1.0", "debug": "^4.1.0",
"gensync": "^1.0.0-beta.2", "gensync": "^1.0.0-beta.2",
@ -55,6 +55,32 @@
"@babel/highlight": "^7.12.13" "@babel/highlight": "^7.12.13"
} }
}, },
"@babel/compat-data": {
"version": "7.13.15",
"resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.13.15.tgz",
"integrity": "sha512-ltnibHKR1VnrU4ymHyQ/CXtNXI6yZC0oJThyW78Hft8XndANwi+9H+UIklBDraIjFEJzw8wmcM427oDd9KS5wA=="
},
"@babel/generator": {
"version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.13.16.tgz",
"integrity": "sha512-grBBR75UnKOcUWMp8WoDxNsWCFl//XCK6HWTrBQKTr5SV9f5g0pNOjdyzi/DTBv12S9GnYPInIXQBTky7OXEMg==",
"requires": {
"@babel/types": "^7.13.16",
"jsesc": "^2.5.1",
"source-map": "^0.5.0"
}
},
"@babel/helper-compilation-targets": {
"version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.13.16.tgz",
"integrity": "sha512-3gmkYIrpqsLlieFwjkGgLaSHmhnvlAYzZLlYVjlW+QwI+1zE17kGxuJGmIqDQdYp56XdmGeD+Bswx0UTyG18xA==",
"requires": {
"@babel/compat-data": "^7.13.15",
"@babel/helper-validator-option": "^7.12.17",
"browserslist": "^4.14.5",
"semver": "^6.3.0"
}
},
"@babel/helper-validator-identifier": { "@babel/helper-validator-identifier": {
"version": "7.12.11", "version": "7.12.11",
"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz",
@ -71,25 +97,34 @@
} }
}, },
"@babel/parser": { "@babel/parser": {
"version": "7.13.15", "version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.13.15.tgz", "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.13.16.tgz",
"integrity": "sha512-b9COtcAlVEQljy/9fbcMHpG+UIW9ReF+gpaxDHTlZd0c6/UU9ng8zdySAW9sRTzpvcdCHn6bUcbuYUgGzLAWVQ==" "integrity": "sha512-6bAg36mCwuqLO0hbR+z7PHuqWiCeP7Dzg73OpQwsAB1Eb8HnGEz5xYBzCfbu+YjoaJsJs+qheDxVAuqbt3ILEw=="
}, },
"@babel/traverse": { "@babel/traverse": {
"version": "7.13.15", "version": "7.13.17",
"resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.13.15.tgz", "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.13.17.tgz",
"integrity": "sha512-/mpZMNvj6bce59Qzl09fHEs8Bt8NnpEDQYleHUPZQ3wXUMvXi+HJPLars68oAbmp839fGoOkv2pSL2z9ajCIaQ==", "integrity": "sha512-BMnZn0R+X6ayqm3C3To7o1j7Q020gWdqdyP50KEoVqaCO2c/Im7sYZSmVgvefp8TTMQ+9CtwuBp0Z1CZ8V3Pvg==",
"requires": { "requires": {
"@babel/code-frame": "^7.12.13", "@babel/code-frame": "^7.12.13",
"@babel/generator": "^7.13.9", "@babel/generator": "^7.13.16",
"@babel/helper-function-name": "^7.12.13", "@babel/helper-function-name": "^7.12.13",
"@babel/helper-split-export-declaration": "^7.12.13", "@babel/helper-split-export-declaration": "^7.12.13",
"@babel/parser": "^7.13.15", "@babel/parser": "^7.13.16",
"@babel/types": "^7.13.14", "@babel/types": "^7.13.17",
"debug": "^4.1.0", "debug": "^4.1.0",
"globals": "^11.1.0" "globals": "^11.1.0"
} }
}, },
"@babel/types": {
"version": "7.13.17",
"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.13.17.tgz",
"integrity": "sha512-RawydLgxbOPDlTLJNtoIypwdmAy//uQIzlKt2+iBiJaRlVuI6QLUxVAyWGNfOzp8Yu4L4lLIacoCyTNtpb4wiA==",
"requires": {
"@babel/helper-validator-identifier": "^7.12.11",
"to-fast-properties": "^2.0.0"
}
},
"globals": { "globals": {
"version": "11.12.0", "version": "11.12.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
@ -355,13 +390,87 @@
} }
}, },
"@babel/helpers": { "@babel/helpers": {
"version": "7.13.10", "version": "7.13.17",
"resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.13.10.tgz", "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.13.17.tgz",
"integrity": "sha512-4VO883+MWPDUVRF3PhiLBUFHoX/bsLTGFpFK/HqvvfBZz2D57u9XzPVNFVBTc0PW/CWR9BXTOKt8NF4DInUHcQ==", "integrity": "sha512-Eal4Gce4kGijo1/TGJdqp3WuhllaMLSrW6XcL0ulyUAQOuxHcCafZE8KHg9857gcTehsm/v7RcOx2+jp0Ryjsg==",
"requires": { "requires": {
"@babel/template": "^7.12.13", "@babel/template": "^7.12.13",
"@babel/traverse": "^7.13.0", "@babel/traverse": "^7.13.17",
"@babel/types": "^7.13.0" "@babel/types": "^7.13.17"
},
"dependencies": {
"@babel/code-frame": {
"version": "7.12.13",
"resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.13.tgz",
"integrity": "sha512-HV1Cm0Q3ZrpCR93tkWOYiuYIgLxZXZFVG2VgK+MBWjUqZTundupbfx2aXarXuw5Ko5aMcjtJgbSs4vUGBS5v6g==",
"requires": {
"@babel/highlight": "^7.12.13"
}
},
"@babel/generator": {
"version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.13.16.tgz",
"integrity": "sha512-grBBR75UnKOcUWMp8WoDxNsWCFl//XCK6HWTrBQKTr5SV9f5g0pNOjdyzi/DTBv12S9GnYPInIXQBTky7OXEMg==",
"requires": {
"@babel/types": "^7.13.16",
"jsesc": "^2.5.1",
"source-map": "^0.5.0"
}
},
"@babel/helper-validator-identifier": {
"version": "7.12.11",
"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.12.11.tgz",
"integrity": "sha512-np/lG3uARFybkoHokJUmf1QfEvRVCPbmQeUQpKow5cQ3xWrV9i3rUHodKDJPQfTVX61qKi+UdYk8kik84n7XOw=="
},
"@babel/highlight": {
"version": "7.13.10",
"resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.13.10.tgz",
"integrity": "sha512-5aPpe5XQPzflQrFwL1/QoeHkP2MsA4JCntcXHRhEsdsfPVkvPi2w7Qix4iV7t5S/oC9OodGrggd8aco1g3SZFg==",
"requires": {
"@babel/helper-validator-identifier": "^7.12.11",
"chalk": "^2.0.0",
"js-tokens": "^4.0.0"
}
},
"@babel/parser": {
"version": "7.13.16",
"resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.13.16.tgz",
"integrity": "sha512-6bAg36mCwuqLO0hbR+z7PHuqWiCeP7Dzg73OpQwsAB1Eb8HnGEz5xYBzCfbu+YjoaJsJs+qheDxVAuqbt3ILEw=="
},
"@babel/traverse": {
"version": "7.13.17",
"resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.13.17.tgz",
"integrity": "sha512-BMnZn0R+X6ayqm3C3To7o1j7Q020gWdqdyP50KEoVqaCO2c/Im7sYZSmVgvefp8TTMQ+9CtwuBp0Z1CZ8V3Pvg==",
"requires": {
"@babel/code-frame": "^7.12.13",
"@babel/generator": "^7.13.16",
"@babel/helper-function-name": "^7.12.13",
"@babel/helper-split-export-declaration": "^7.12.13",
"@babel/parser": "^7.13.16",
"@babel/types": "^7.13.17",
"debug": "^4.1.0",
"globals": "^11.1.0"
}
},
"@babel/types": {
"version": "7.13.17",
"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.13.17.tgz",
"integrity": "sha512-RawydLgxbOPDlTLJNtoIypwdmAy//uQIzlKt2+iBiJaRlVuI6QLUxVAyWGNfOzp8Yu4L4lLIacoCyTNtpb4wiA==",
"requires": {
"@babel/helper-validator-identifier": "^7.12.11",
"to-fast-properties": "^2.0.0"
}
},
"globals": {
"version": "11.12.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
"integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="
},
"source-map": {
"version": "0.5.7",
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
"integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w="
}
} }
}, },
"@babel/highlight": { "@babel/highlight": {
@ -1336,86 +1445,28 @@
} }
}, },
"@lingui/babel-plugin-extract-messages": { "@lingui/babel-plugin-extract-messages": {
"version": "3.8.9", "version": "3.8.10",
"resolved": "https://registry.npmjs.org/@lingui/babel-plugin-extract-messages/-/babel-plugin-extract-messages-3.8.9.tgz", "resolved": "https://registry.npmjs.org/@lingui/babel-plugin-extract-messages/-/babel-plugin-extract-messages-3.8.10.tgz",
"integrity": "sha512-zPpSl89nvUrLyGHfVosZHCP9fylfCfkEMc29wGdjE6f0U+frJ59NRLilWMy7xaE8uz97cD5vkhYaaF1wnavhxA==", "integrity": "sha512-16EnNRb1HXNjdDLMY3xS7jh0wKA00x21LC1CIKRAki80u92jvkSMOJYk+lD6yhdrcl0dH5OMAbdluAm1+rpEPw==",
"requires": { "requires": {
"@babel/generator": "^7.11.6", "@babel/generator": "^7.11.6",
"@babel/runtime": "^7.11.2", "@babel/runtime": "^7.11.2",
"@lingui/conf": "^3.8.9", "@lingui/conf": "^3.8.10",
"mkdirp": "^1.0.4" "mkdirp": "^1.0.4"
},
"dependencies": {
"@lingui/conf": {
"version": "3.8.9",
"resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz",
"integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==",
"requires": {
"@babel/runtime": "^7.11.2",
"@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2",
"chalk": "^4.1.0",
"cosmiconfig": "^7.0.0",
"jest-validate": "^26.5.2",
"lodash.get": "^4.4.2"
}
},
"ansi-styles": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"requires": {
"color-convert": "^2.0.1"
}
},
"chalk": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz",
"integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==",
"requires": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
}
},
"color-convert": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
"requires": {
"color-name": "~1.1.4"
}
},
"color-name": {
"version": "1.1.4",
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
},
"has-flag": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="
},
"supports-color": {
"version": "7.2.0",
"resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
"integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
"requires": {
"has-flag": "^4.0.0"
}
}
} }
}, },
"@lingui/cli": { "@lingui/cli": {
"version": "3.8.9", "version": "3.8.10",
"resolved": "https://registry.npmjs.org/@lingui/cli/-/cli-3.8.9.tgz", "resolved": "https://registry.npmjs.org/@lingui/cli/-/cli-3.8.10.tgz",
"integrity": "sha512-UccLtfwrTjXrZcTxpqA4ggYhuUMbXZtzbUVks8nDVt3emVqU56C3VMvVD8WKXLL8Qmq9cEDXPwIZy7IKRL4mEQ==", "integrity": "sha512-YLkT5e6JRwVcXEwLD0++/m1p/wvRQbLj/+m8geXfrcFfrsQyT3uhHNZRFK0GdsjyDslSqJYbalYibJUbgC2sOA==",
"requires": { "requires": {
"@babel/generator": "^7.11.6", "@babel/generator": "^7.11.6",
"@babel/parser": "^7.11.5", "@babel/parser": "^7.11.5",
"@babel/plugin-syntax-jsx": "^7.10.4", "@babel/plugin-syntax-jsx": "^7.10.4",
"@babel/runtime": "^7.11.2", "@babel/runtime": "^7.11.2",
"@babel/types": "^7.11.5", "@babel/types": "^7.11.5",
"@lingui/babel-plugin-extract-messages": "^3.8.9", "@lingui/babel-plugin-extract-messages": "^3.8.10",
"@lingui/conf": "^3.8.9", "@lingui/conf": "^3.8.10",
"babel-plugin-macros": "^3.0.1", "babel-plugin-macros": "^3.0.1",
"bcp-47": "^1.0.7", "bcp-47": "^1.0.7",
"chalk": "^4.1.0", "chalk": "^4.1.0",
@ -1442,19 +1493,6 @@
"ramda": "^0.27.1" "ramda": "^0.27.1"
}, },
"dependencies": { "dependencies": {
"@lingui/conf": {
"version": "3.8.9",
"resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz",
"integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==",
"requires": {
"@babel/runtime": "^7.11.2",
"@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2",
"chalk": "^4.1.0",
"cosmiconfig": "^7.0.0",
"jest-validate": "^26.5.2",
"lodash.get": "^4.4.2"
}
},
"ansi-styles": { "ansi-styles": {
"version": "4.3.0", "version": "4.3.0",
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
@ -1531,9 +1569,9 @@
} }
}, },
"@lingui/conf": { "@lingui/conf": {
"version": "3.8.9", "version": "3.8.10",
"resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.9.tgz", "resolved": "https://registry.npmjs.org/@lingui/conf/-/conf-3.8.10.tgz",
"integrity": "sha512-r0RGchwiALjCE6CSOtOKbOqVrNg1EQ78AXjyvbrtJoPWVlChDasWCckXEF0BSnsoZaRP6nQCAI+dsQiGW1deWg==", "integrity": "sha512-4KdH+23WXZ5g+LRlvvise3z3mdd41zLgqSJ/PUCMGk60RfElvTrTdxpnm2tOF/2hr+OyGCQEy6kLq606y639qw==",
"requires": { "requires": {
"@babel/runtime": "^7.11.2", "@babel/runtime": "^7.11.2",
"@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2", "@endemolshinegroup/cosmiconfig-typescript-loader": "^3.0.2",
@ -1589,9 +1627,9 @@
} }
}, },
"@lingui/core": { "@lingui/core": {
"version": "3.8.9", "version": "3.8.10",
"resolved": "https://registry.npmjs.org/@lingui/core/-/core-3.8.9.tgz", "resolved": "https://registry.npmjs.org/@lingui/core/-/core-3.8.10.tgz",
"integrity": "sha512-QmEfgukR7w/4/4USZT0LGNt7Yq/RgirFl4088wEta0vgroidxaCRgUXr8RXcdFVjTdtG5dc86JTEj4inZECKvg==", "integrity": "sha512-1OzZW8iP5yAXxz49pY/WZ1acLvkekd6HgDh8zH3jMA2Hbig2jk6VGVERMO7lwEwJiyEuxaQpe8fRrhCTB7wA3A==",
"requires": { "requires": {
"@babel/runtime": "^7.11.2", "@babel/runtime": "^7.11.2",
"make-plural": "^6.2.2", "make-plural": "^6.2.2",
@ -1599,12 +1637,12 @@
} }
}, },
"@lingui/macro": { "@lingui/macro": {
"version": "3.8.9", "version": "3.8.10",
"resolved": "https://registry.npmjs.org/@lingui/macro/-/macro-3.8.9.tgz", "resolved": "https://registry.npmjs.org/@lingui/macro/-/macro-3.8.10.tgz",
"integrity": "sha512-9LhlbkJ9wOtOLhlaVRLHCRL55S5wOFyyqEhUM+ujUmCskTmMmXzjnRsw5f11nJTK1JJETMT/VlUB5/p7D7Edkw==", "integrity": "sha512-oZZ/F7HsNQkDsnHFroxzGFuEIXM624H72RIj8j2ClpR64nt+xYDxXYC6TYFicQLtBGcKKBTBoM+zbDaoIv74qQ==",
"requires": { "requires": {
"@babel/runtime": "^7.11.2", "@babel/runtime": "^7.11.2",
"@lingui/conf": "^3.8.9", "@lingui/conf": "^3.8.10",
"ramda": "^0.27.1" "ramda": "^0.27.1"
} }
}, },
@ -1828,13 +1866,13 @@
} }
}, },
"@sentry/browser": { "@sentry/browser": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.3.0.tgz",
"integrity": "sha512-nlvaE+D7oaj4MxoY9ikw+krQDOjftnDYJQnOwOraXPk7KYM6YwmkakLuE+x/AkaH3FQVTQF330VAa9d6SWETlA==", "integrity": "sha512-Rse9j5XwN9n7GnfW1mNscTS4YQ0oiBNJcaSk3Mw/vQT872Wh60yKyx5wxAw5GujFZI0NgdyPlZwZ/tGQwirRxA==",
"requires": { "requires": {
"@sentry/core": "6.2.5", "@sentry/core": "6.3.0",
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"@sentry/utils": "6.2.5", "@sentry/utils": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
@ -1846,14 +1884,14 @@
} }
}, },
"@sentry/core": { "@sentry/core": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.3.0.tgz",
"integrity": "sha512-I+AkgIFO6sDUoHQticP6I27TT3L+i6TUS03in3IEtpBcSeP2jyhlxI8l/wdA7gsBqUPdQ4GHOOaNgtFIcr8qag==", "integrity": "sha512-voot/lJ9gRXB6bx6tVqbEbD6jOd4Sx6Rfmm6pzfpom9C0q+fjIZTatTLq8GdXj8DzxaH1MBDSwtaq/eC3NqYpA==",
"requires": { "requires": {
"@sentry/hub": "6.2.5", "@sentry/hub": "6.3.0",
"@sentry/minimal": "6.2.5", "@sentry/minimal": "6.3.0",
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"@sentry/utils": "6.2.5", "@sentry/utils": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
@ -1865,12 +1903,12 @@
} }
}, },
"@sentry/hub": { "@sentry/hub": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.3.0.tgz",
"integrity": "sha512-YlEFdEhcfqpl2HC+/dWXBsBJEljyMzFS7LRRjCk8QANcOdp9PhwQjwebUB4/ulOBjHPP2WZk7fBBd/IKDasTUg==", "integrity": "sha512-lAnW3Om66t9IR+t1wya1NpOF9lGbvYG6Ca8wxJJGJ1t2PxKwyxpZKzRx0q8M1QFhlZ5cETCzxmM7lBEZ4QVCBg==",
"requires": { "requires": {
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"@sentry/utils": "6.2.5", "@sentry/utils": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
@ -1882,12 +1920,12 @@
} }
}, },
"@sentry/minimal": { "@sentry/minimal": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.3.0.tgz",
"integrity": "sha512-RKP4Qx3p7Cv0oX1cPKAkNVFYM7p2k1t32cNk1+rrVQS4hwlJ7Eg6m6fsqsO+85jd6Ne/FnyYsfo9cDD3ImTlWQ==", "integrity": "sha512-ZdPUwdPQkaKroy67NkwQRqmnfKyd/C1OyouM9IqYKyBjAInjOijwwc/Rd91PMHalvCOGfp1scNZYbZ+YFs/qQQ==",
"requires": { "requires": {
"@sentry/hub": "6.2.5", "@sentry/hub": "6.3.0",
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
@ -1899,17 +1937,51 @@
} }
}, },
"@sentry/tracing": { "@sentry/tracing": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.3.0.tgz",
"integrity": "sha512-j/hM0BoHxfrNLxPeEJ5Vq4R34hO/TOHMEpLR3FdnunBXbsmjoKMMygIkPxnpML5XWtvukAehbwpDXldwMYz83w==", "integrity": "sha512-3UNGgQOrDKBoDqLc4vt+0n27Zv3lbNEoCbBydq4IvGfuYq7ozWMsaTcelsotMsd4ckDuOEh8V/nJTqrDjvL76g==",
"requires": { "requires": {
"@sentry/hub": "6.2.5", "@sentry/hub": "6.3.0",
"@sentry/minimal": "6.2.5", "@sentry/minimal": "6.3.0",
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"@sentry/utils": "6.2.5", "@sentry/utils": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
"@sentry/hub": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.3.0.tgz",
"integrity": "sha512-lAnW3Om66t9IR+t1wya1NpOF9lGbvYG6Ca8wxJJGJ1t2PxKwyxpZKzRx0q8M1QFhlZ5cETCzxmM7lBEZ4QVCBg==",
"requires": {
"@sentry/types": "6.3.0",
"@sentry/utils": "6.3.0",
"tslib": "^1.9.3"
}
},
"@sentry/minimal": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.3.0.tgz",
"integrity": "sha512-ZdPUwdPQkaKroy67NkwQRqmnfKyd/C1OyouM9IqYKyBjAInjOijwwc/Rd91PMHalvCOGfp1scNZYbZ+YFs/qQQ==",
"requires": {
"@sentry/hub": "6.3.0",
"@sentry/types": "6.3.0",
"tslib": "^1.9.3"
}
},
"@sentry/types": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.3.0.tgz",
"integrity": "sha512-xWyCYDmFPjS5ex60kxOOHbHEs4vs00qHbm0iShQfjl4OSg9S2azkcWofDmX8Xbn0FSOUXgdPCjNJW1B0bPVhCA=="
},
"@sentry/utils": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.3.0.tgz",
"integrity": "sha512-NZzw4oLelgvCsVBG2e+ZtFtaBvgA7rZYtcGFbZTphhAlYoJ6JMCQUzYk0iwJK79yR1quh510x4UE0jynvvToWg==",
"requires": {
"@sentry/types": "6.3.0",
"tslib": "^1.9.3"
}
},
"tslib": { "tslib": {
"version": "1.14.1", "version": "1.14.1",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
@ -1918,16 +1990,16 @@
} }
}, },
"@sentry/types": { "@sentry/types": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.3.0.tgz",
"integrity": "sha512-1Sux6CLYrV9bETMsGP/HuLFLouwKoX93CWzG8BjMueW+Di0OGxZphYjXrGuDs8xO8bAKEVGCHgVQdcB2jevS0w==" "integrity": "sha512-xWyCYDmFPjS5ex60kxOOHbHEs4vs00qHbm0iShQfjl4OSg9S2azkcWofDmX8Xbn0FSOUXgdPCjNJW1B0bPVhCA=="
}, },
"@sentry/utils": { "@sentry/utils": {
"version": "6.2.5", "version": "6.3.0",
"resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.2.5.tgz", "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.3.0.tgz",
"integrity": "sha512-fJoLUZHrd5MPylV1dT4qL74yNFDl1Ur/dab+pKNSyvnHPnbZ/LRM7aJ8VaRY/A7ZdpRowU+E14e/Yeem2c6gtQ==", "integrity": "sha512-NZzw4oLelgvCsVBG2e+ZtFtaBvgA7rZYtcGFbZTphhAlYoJ6JMCQUzYk0iwJK79yR1quh510x4UE0jynvvToWg==",
"requires": { "requires": {
"@sentry/types": "6.2.5", "@sentry/types": "6.3.0",
"tslib": "^1.9.3" "tslib": "^1.9.3"
}, },
"dependencies": { "dependencies": {
@ -2775,9 +2847,9 @@
"integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4=" "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4="
}, },
"codemirror": { "codemirror": {
"version": "5.60.0", "version": "5.61.0",
"resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.60.0.tgz", "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.61.0.tgz",
"integrity": "sha512-AEL7LhFOlxPlCL8IdTcJDblJm8yrAGib7I+DErJPdZd4l6imx8IMgKK3RblVgBQqz3TZJR4oknQ03bz+uNjBYA==" "integrity": "sha512-D3wYH90tYY1BsKlUe0oNj2JAhQ9TepkD51auk3N7q+4uz7A/cgJ5JsWHreT0PqieW1QhOuqxQ2reCXV1YXzecg=="
}, },
"collection-visit": { "collection-visit": {
"version": "1.0.0", "version": "1.0.0",
@ -2921,9 +2993,9 @@
} }
}, },
"date-fns": { "date-fns": {
"version": "2.20.1", "version": "2.21.1",
"resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.20.1.tgz", "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.21.1.tgz",
"integrity": "sha512-8P5M8Kxbnovd0zfvOs7ipkiVJ3/zZQ0F/nrBW4x5E+I0uAZVZ80h6CKd24fSXQ5TLK5hXMtI4yb2O5rEZdUt2A==" "integrity": "sha512-m1WR0xGiC6j6jNFAyW4Nvh4WxAi4JF4w9jRJwSI8nBmNcyZXPcP9VUQG+6gHQXAmqaGEKDKhOqAtENDC941UkA=="
}, },
"debug": { "debug": {
"version": "4.3.1", "version": "4.3.1",

14
web/package.json
View File

@ -35,23 +35,23 @@
] ]
}, },
"dependencies": { "dependencies": {
"@babel/core": "^7.13.15", "@babel/core": "^7.13.16",
"@babel/plugin-proposal-decorators": "^7.13.15", "@babel/plugin-proposal-decorators": "^7.13.15",
"@babel/plugin-transform-runtime": "^7.13.15", "@babel/plugin-transform-runtime": "^7.13.15",
"@babel/preset-env": "^7.13.15", "@babel/preset-env": "^7.13.15",
"@babel/preset-typescript": "^7.13.0", "@babel/preset-typescript": "^7.13.0",
"@fortawesome/fontawesome-free": "^5.15.3", "@fortawesome/fontawesome-free": "^5.15.3",
"@lingui/cli": "^3.8.9", "@lingui/cli": "^3.8.10",
"@lingui/core": "^3.8.9", "@lingui/core": "^3.8.10",
"@lingui/macro": "^3.8.9", "@lingui/macro": "^3.8.10",
"@patternfly/patternfly": "^4.96.2", "@patternfly/patternfly": "^4.96.2",
"@polymer/iron-form": "^3.0.1", "@polymer/iron-form": "^3.0.1",
"@polymer/paper-input": "^3.2.1", "@polymer/paper-input": "^3.2.1",
"@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-babel": "^5.3.0",
"@rollup/plugin-replace": "^2.4.2", "@rollup/plugin-replace": "^2.4.2",
"@rollup/plugin-typescript": "^8.2.1", "@rollup/plugin-typescript": "^8.2.1",
"@sentry/browser": "^6.2.5", "@sentry/browser": "^6.3.0",
"@sentry/tracing": "^6.2.5", "@sentry/tracing": "^6.3.0",
"@types/chart.js": "^2.9.32", "@types/chart.js": "^2.9.32",
"@types/codemirror": "0.0.109", "@types/codemirror": "0.0.109",
"@types/grecaptcha": "^3.0.1", "@types/grecaptcha": "^3.0.1",
@ -62,7 +62,7 @@
"base64-js": "^1.5.1", "base64-js": "^1.5.1",
"chart.js": "^3.1.1", "chart.js": "^3.1.1",
"chartjs-adapter-moment": "^1.0.0", "chartjs-adapter-moment": "^1.0.0",
"codemirror": "^5.60.0", "codemirror": "^5.61.0",
"construct-style-sheets-polyfill": "^2.4.16", "construct-style-sheets-polyfill": "^2.4.16",
"eslint": "^7.24.0", "eslint": "^7.24.0",
"eslint-config-google": "^0.14.0", "eslint-config-google": "^0.14.0",

2
web/security.txt
View File

@ -1,4 +1,4 @@
Contact: mailto:security@beryju.org Contact: mailto:security@beryju.org
Expires: Sat, 1 Jan 2022 00:00 +0200 Expires: Sat, 1 Jan 2022 00:00 +0200
Preferred-Languages: en, de Preferred-Languages: en, de
Policy: https://github.com/BeryJu/authentik/blob/master/SECURITY.md Policy: https://github.com/goauthentik/authentik/blob/master/SECURITY.md

10
web/src/api/Config.ts
View File

@ -1,4 +1,4 @@
import { Configuration, Middleware, ResponseContext } from "authentik-api"; import { Config, Configuration, Middleware, ResponseContext, RootApi } from "authentik-api";
import { getCookie } from "../utils"; import { getCookie } from "../utils";
import { API_DRAWER_MIDDLEWARE } from "../elements/notifications/APIDrawer"; import { API_DRAWER_MIDDLEWARE } from "../elements/notifications/APIDrawer";
import { MessageMiddleware } from "../elements/messages/Middleware"; import { MessageMiddleware } from "../elements/messages/Middleware";
@ -12,6 +12,14 @@ export class LoggingMiddleware implements Middleware {
} }
let globalConfigPromise: Promise<Config>;
export function config(): Promise<Config> {
if (!globalConfigPromise) {
globalConfigPromise = new RootApi(DEFAULT_CONFIG).rootConfigList();
}
return globalConfigPromise;
}
export const DEFAULT_CONFIG = new Configuration({ export const DEFAULT_CONFIG = new Configuration({
basePath: "/api/v2beta", basePath: "/api/v2beta",
headers: { headers: {

17
web/src/api/Sentry.ts
View File

@ -2,12 +2,12 @@ import * as Sentry from "@sentry/browser";
import { Integrations } from "@sentry/tracing"; import { Integrations } from "@sentry/tracing";
import { VERSION } from "../constants"; import { VERSION } from "../constants";
import { SentryIgnoredError } from "../common/errors"; import { SentryIgnoredError } from "../common/errors";
import { Config, RootApi } from "authentik-api";
import { me } from "./Users"; import { me } from "./Users";
import { DEFAULT_CONFIG } from "./Config"; import { config } from "./Config";
import { Config } from "authentik-api";
export function configureSentry(): Promise<Config> { export function configureSentry(): Promise<Config> {
return new RootApi(DEFAULT_CONFIG).rootConfigList().then((config) => { return config().then((config) => {
if (config.errorReportingEnabled) { if (config.errorReportingEnabled) {
Sentry.init({ Sentry.init({
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8", dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
@ -19,10 +19,19 @@ export function configureSentry(): Promise<Config> {
], ],
tracesSampleRate: 0.6, tracesSampleRate: 0.6,
environment: config.errorReportingEnvironment, environment: config.errorReportingEnvironment,
beforeSend(event: Sentry.Event, hint: Sentry.EventHint) { beforeSend: async (event: Sentry.Event, hint: Sentry.EventHint): Promise<Sentry.Event | null> => {
if (hint.originalException instanceof SentryIgnoredError) { if (hint.originalException instanceof SentryIgnoredError) {
return null; return null;
} }
if (hint.originalException instanceof Response) {
const response = hint.originalException as Response;
// We only care about server errors
if (response.status < 500) {
return null;
}
const body = await response.json();
event.message = `${response.status} ${response.url}: ${JSON.stringify(body)}`
}
if (event.exception) { if (event.exception) {
me().then(user => { me().then(user => {
Sentry.showReportDialog({ Sentry.showReportDialog({

16
web/src/api/Users.ts
View File

@ -1,15 +1,21 @@
import { CoreApi, SessionUser } from "authentik-api"; import { CoreApi, SessionUser } from "authentik-api";
import { DEFAULT_CONFIG } from "./Config"; import { DEFAULT_CONFIG } from "./Config";
let _globalMePromise: Promise<SessionUser>; let globalMePromise: Promise<SessionUser>;
export function me(): Promise<SessionUser> { export function me(): Promise<SessionUser> {
if (!_globalMePromise) { if (!globalMePromise) {
_globalMePromise = new CoreApi(DEFAULT_CONFIG).coreUsersMe().catch((ex) => { globalMePromise = new CoreApi(DEFAULT_CONFIG).coreUsersMe().catch((ex) => {
const defaultUser: SessionUser = {
user: {
username: "",
name: ""
}
};
if (ex.status === 401 || ex.status === 403) { if (ex.status === 401 || ex.status === 403) {
window.location.assign("/"); window.location.assign("/");
} }
return ex; return defaultUser;
}); });
} }
return _globalMePromise; return globalMePromise;
} }

4
web/src/constants.ts
View File

@ -3,11 +3,11 @@ export const SUCCESS_CLASS = "pf-m-success";
export const ERROR_CLASS = "pf-m-danger"; export const ERROR_CLASS = "pf-m-danger";
export const PROGRESS_CLASS = "pf-m-in-progress"; export const PROGRESS_CLASS = "pf-m-in-progress";
export const CURRENT_CLASS = "pf-m-current"; export const CURRENT_CLASS = "pf-m-current";
export const VERSION = "2021.4.2"; export const VERSION = "2021.4.4";
export const PAGE_SIZE = 20; export const PAGE_SIZE = 20;
export const EVENT_REFRESH = "ak-refresh"; export const EVENT_REFRESH = "ak-refresh";
export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle"; export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle";
export const EVENT_SIDEBAR_TOGGLE = "ak-sidebar-toggle"; export const EVENT_SIDEBAR_TOGGLE = "ak-sidebar-toggle";
export const EVENT_API_DRAWER_REFRESH = "ak-api-drawer-refresh"; export const EVENT_API_DRAWER_REFRESH = "ak-api-drawer-refresh";
export const TITLE_SUFFIX = "authentik"; export const TITLE_DEFAULT = "authentik";
export const ROUTE_SEPARATOR = ";"; export const ROUTE_SEPARATOR = ";";

15
web/src/elements/PageHeader.ts
View File

@ -4,7 +4,8 @@ import PFContent from "@patternfly/patternfly/components/Content/content.css";
import AKGlobal from "../authentik.css"; import AKGlobal from "../authentik.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css";
import PFButton from "@patternfly/patternfly/components/Button/button.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css";
import { EVENT_SIDEBAR_TOGGLE, TITLE_SUFFIX } from "../constants"; import { EVENT_SIDEBAR_TOGGLE, TITLE_DEFAULT } from "../constants";
import { config } from "../api/Config";
@customElement("ak-page-header") @customElement("ak-page-header")
export class PageHeader extends LitElement { export class PageHeader extends LitElement {
@ -17,11 +18,13 @@ export class PageHeader extends LitElement {
@property() @property()
set header(value: string) { set header(value: string) {
if (value !== "") { config().then(config => {
document.title = `${value} - ${TITLE_SUFFIX}`; if (value !== "") {
} else { document.title = `${value} - ${config.brandingTitle}`;
document.title = TITLE_SUFFIX; } else {
} document.title = config.brandingTitle || TITLE_DEFAULT;
}
});
this._header = value; this._header = value;
} }

21
web/src/flows/FlowExecutor.ts
View File

@ -36,13 +36,14 @@ import { AuthenticatorValidateStageChallenge } from "./stages/authenticator_vali
import { WebAuthnAuthenticatorRegisterChallenge } from "./stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage"; import { WebAuthnAuthenticatorRegisterChallenge } from "./stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage";
import { CaptchaChallenge } from "./stages/captcha/CaptchaStage"; import { CaptchaChallenge } from "./stages/captcha/CaptchaStage";
import { StageHost } from "./stages/base"; import { StageHost } from "./stages/base";
import { Challenge, ChallengeTypeEnum, Config, FlowsApi, RootApi } from "authentik-api"; import { Challenge, ChallengeTypeEnum, Config, FlowsApi } from "authentik-api";
import { DEFAULT_CONFIG } from "../api/Config"; import { config, DEFAULT_CONFIG } from "../api/Config";
import { ifDefined } from "lit-html/directives/if-defined"; import { ifDefined } from "lit-html/directives/if-defined";
import { until } from "lit-html/directives/until"; import { until } from "lit-html/directives/until";
import { AccessDeniedChallenge } from "./access_denied/FlowAccessDenied"; import { AccessDeniedChallenge } from "./access_denied/FlowAccessDenied";
import { PFSize } from "../elements/Spinner"; import { PFSize } from "../elements/Spinner";
import { TITLE_SUFFIX } from "../constants"; import { TITLE_DEFAULT } from "../constants";
import { configureSentry } from "../api/Sentry";
@customElement("ak-flow-executor") @customElement("ak-flow-executor")
export class FlowExecutor extends LitElement implements StageHost { export class FlowExecutor extends LitElement implements StageHost {
@ -98,11 +99,13 @@ export class FlowExecutor extends LitElement implements StageHost {
} }
private postUpdate(): void { private postUpdate(): void {
if (this.challenge?.title) { config().then(config => {
document.title = `${this.challenge.title} - ${TITLE_SUFFIX}`; if (this.challenge?.title) {
} else { document.title = `${this.challenge.title} - ${config.brandingTitle}`;
document.title = TITLE_SUFFIX; } else {
} document.title = config.brandingTitle || TITLE_DEFAULT;
}
});
} }
submit<T>(formData?: T): Promise<void> { submit<T>(formData?: T): Promise<void> {
@ -124,7 +127,7 @@ export class FlowExecutor extends LitElement implements StageHost {
} }
firstUpdated(): void { firstUpdated(): void {
new RootApi(DEFAULT_CONFIG).rootConfigList().then((config) => { configureSentry().then((config) => {
this.config = config; this.config = config;
}); });
this.loading = true; this.loading = true;

328
web/src/locales/en.po
View File

@ -13,7 +13,7 @@ msgstr ""
"Language-Team: \n" "Language-Team: \n"
"Plural-Forms: \n" "Plural-Forms: \n"
#: src/pages/policies/BoundPoliciesList.ts:55 #: src/pages/policies/BoundPoliciesList.ts:59
msgid "-" msgid "-"
msgstr "-" msgstr "-"
@ -64,7 +64,7 @@ msgstr "API Requests"
msgid "API request failed" msgid "API request failed"
msgstr "API request failed" msgstr "API request failed"
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:87 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:88
msgid "Access Key" msgid "Access Key"
msgstr "Access Key" msgstr "Access Key"
@ -105,8 +105,8 @@ msgstr "Additional group DN, prepended to the Base DN."
msgid "Additional user DN, prepended to the Base DN." msgid "Additional user DN, prepended to the Base DN."
msgstr "Additional user DN, prepended to the Base DN." msgstr "Additional user DN, prepended to the Base DN."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:131 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:132
#: src/pages/providers/proxy/ProxyProviderForm.ts:128 #: src/pages/providers/proxy/ProxyProviderForm.ts:130
#: src/pages/providers/saml/SAMLProviderForm.ts:117 #: src/pages/providers/saml/SAMLProviderForm.ts:117
#: src/pages/sources/saml/SAMLSourceForm.ts:134 #: src/pages/sources/saml/SAMLSourceForm.ts:134
msgid "Advanced protocol settings" msgid "Advanced protocol settings"
@ -125,7 +125,7 @@ msgstr "Affected model:"
msgid "Alert" msgid "Alert"
msgstr "Alert" msgstr "Alert"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:152 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:153
msgid "Algorithm used to sign the JWT Tokens." msgid "Algorithm used to sign the JWT Tokens."
msgstr "Algorithm used to sign the JWT Tokens." msgstr "Algorithm used to sign the JWT Tokens."
@ -259,7 +259,7 @@ msgstr "Attempted to log in as {0}"
msgid "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded." msgid "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded."
msgstr "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded." msgstr "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded."
#: src/pages/groups/GroupForm.ts:135 #: src/pages/groups/GroupForm.ts:134
#: src/pages/stages/invitation/InvitationForm.ts:52 #: src/pages/stages/invitation/InvitationForm.ts:52
#: src/pages/users/UserForm.ts:77 #: src/pages/users/UserForm.ts:77
msgid "Attributes" msgid "Attributes"
@ -293,7 +293,7 @@ msgid "Authorization Code"
msgstr "Authorization Code" msgstr "Authorization Code"
#: src/pages/sources/oauth/OAuthSourceForm.ts:66 #: src/pages/sources/oauth/OAuthSourceForm.ts:66
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:95 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:96
msgid "Authorization URL" msgid "Authorization URL"
msgstr "Authorization URL" msgstr "Authorization URL"
@ -342,19 +342,19 @@ msgstr "Backup status"
msgid "Base DN" msgid "Base DN"
msgstr "Base DN" msgstr "Base DN"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:204 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
msgid "Based on the Hashed User ID" msgid "Based on the Hashed User ID"
msgstr "Based on the Hashed User ID" msgstr "Based on the Hashed User ID"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:210 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:209
msgid "Based on the User's Email. This is recommended over the UPN method." msgid "Based on the User's Email. This is recommended over the UPN method."
msgstr "Based on the User's Email. This is recommended over the UPN method." msgstr "Based on the User's Email. This is recommended over the UPN method."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:213 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:212
msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains." msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
msgstr "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains." msgstr "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:207 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:206
msgid "Based on the username" msgid "Based on the username"
msgstr "Based on the username" msgstr "Based on the username"
@ -405,7 +405,7 @@ msgstr "Cached Flows"
msgid "Cached Policies" msgid "Cached Policies"
msgstr "Cached Policies" msgstr "Cached Policies"
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:79 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:80
msgid "Callback URL" msgid "Callback URL"
msgstr "Callback URL" msgstr "Callback URL"
@ -426,7 +426,7 @@ msgid "Case insensitive matching"
msgstr "Case insensitive matching" msgstr "Case insensitive matching"
#: src/pages/crypto/CertificateKeyPairForm.ts:51 #: src/pages/crypto/CertificateKeyPairForm.ts:51
#: src/pages/providers/proxy/ProxyProviderForm.ts:132 #: src/pages/providers/proxy/ProxyProviderForm.ts:134
msgid "Certificate" msgid "Certificate"
msgstr "Certificate" msgstr "Certificate"
@ -472,7 +472,7 @@ msgstr "Change your password"
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:135 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:135
#: src/pages/providers/saml/SAMLProviderViewPage.ts:129 #: src/pages/providers/saml/SAMLProviderViewPage.ts:129
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:113 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:113
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:132 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:133
#: src/pages/sources/saml/SAMLSourceViewPage.ts:119 #: src/pages/sources/saml/SAMLSourceViewPage.ts:119
#: src/pages/users/UserViewPage.ts:185 #: src/pages/users/UserViewPage.ts:185
msgid "Changelog" msgid "Changelog"
@ -596,7 +596,7 @@ msgstr "Configure WebAuthn"
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:242 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:241
msgid "Configure how the issuer field of the ID Token should be filled." msgid "Configure how the issuer field of the ID Token should be filled."
msgstr "Configure how the issuer field of the ID Token should be filled." msgstr "Configure how the issuer field of the ID Token should be filled."
@ -604,7 +604,7 @@ msgstr "Configure how the issuer field of the ID Token should be filled."
msgid "Configure settings relevant to your user profile." msgid "Configure settings relevant to your user profile."
msgstr "Configure settings relevant to your user profile." msgstr "Configure settings relevant to your user profile."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:217 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
msgstr "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." msgstr "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
@ -660,8 +660,8 @@ msgstr "Consumer secret"
#: src/pages/events/EventInfo.ts:79 #: src/pages/events/EventInfo.ts:79
#: src/pages/events/EventInfo.ts:148 #: src/pages/events/EventInfo.ts:148
#: src/pages/events/EventInfo.ts:167 #: src/pages/events/EventInfo.ts:167
#: src/pages/policies/PolicyTestForm.ts:74 #: src/pages/policies/PolicyTestForm.ts:75
#: src/pages/property-mappings/PropertyMappingTestForm.ts:63 #: src/pages/property-mappings/PropertyMappingTestForm.ts:65
msgid "Context" msgid "Context"
msgstr "Context" msgstr "Context"
@ -708,15 +708,15 @@ msgstr "Copy Key"
#: src/pages/flows/BoundStagesList.ts:167 #: src/pages/flows/BoundStagesList.ts:167
#: src/pages/flows/FlowListPage.ts:109 #: src/pages/flows/FlowListPage.ts:109
#: src/pages/flows/FlowListPage.ts:117 #: src/pages/flows/FlowListPage.ts:117
#: src/pages/groups/GroupListPage.ts:91 #: src/pages/groups/GroupListPage.ts:90
#: src/pages/groups/GroupListPage.ts:99 #: src/pages/groups/GroupListPage.ts:98
#: src/pages/outposts/OutpostListPage.ts:101 #: src/pages/outposts/OutpostListPage.ts:101
#: src/pages/outposts/OutpostListPage.ts:109 #: src/pages/outposts/OutpostListPage.ts:109
#: src/pages/outposts/ServiceConnectionListPage.ts:110 #: src/pages/outposts/ServiceConnectionListPage.ts:110
#: src/pages/outposts/ServiceConnectionListPage.ts:119 #: src/pages/outposts/ServiceConnectionListPage.ts:119
#: src/pages/policies/BoundPoliciesList.ts:158 #: src/pages/policies/BoundPoliciesList.ts:162
#: src/pages/policies/BoundPoliciesList.ts:185 #: src/pages/policies/BoundPoliciesList.ts:189
#: src/pages/policies/BoundPoliciesList.ts:206 #: src/pages/policies/BoundPoliciesList.ts:210
#: src/pages/policies/PolicyListPage.ts:124 #: src/pages/policies/PolicyListPage.ts:124
#: src/pages/policies/PolicyListPage.ts:133 #: src/pages/policies/PolicyListPage.ts:133
#: src/pages/property-mappings/PropertyMappingListPage.ts:113 #: src/pages/property-mappings/PropertyMappingListPage.ts:113
@ -747,10 +747,10 @@ msgstr "Create"
msgid "Create Application" msgid "Create Application"
msgstr "Create Application" msgstr "Create Application"
#: src/pages/policies/BoundPoliciesList.ts:161 #: src/pages/policies/BoundPoliciesList.ts:165
#: src/pages/policies/BoundPoliciesList.ts:166 #: src/pages/policies/BoundPoliciesList.ts:170
#: src/pages/policies/BoundPoliciesList.ts:209 #: src/pages/policies/BoundPoliciesList.ts:213
#: src/pages/policies/BoundPoliciesList.ts:214 #: src/pages/policies/BoundPoliciesList.ts:218
msgid "Create Binding" msgid "Create Binding"
msgstr "Create Binding" msgstr "Create Binding"
@ -762,7 +762,7 @@ msgstr "Create Certificate-Key Pair"
msgid "Create Flow" msgid "Create Flow"
msgstr "Create Flow" msgstr "Create Flow"
#: src/pages/groups/GroupListPage.ts:94 #: src/pages/groups/GroupListPage.ts:93
msgid "Create Group" msgid "Create Group"
msgstr "Create Group" msgstr "Create Group"
@ -786,7 +786,7 @@ msgstr "Create Notification Transport"
msgid "Create Outpost" msgid "Create Outpost"
msgstr "Create Outpost" msgstr "Create Outpost"
#: src/pages/policies/BoundPoliciesList.ts:176 #: src/pages/policies/BoundPoliciesList.ts:180
msgid "Create Policy" msgid "Create Policy"
msgstr "Create Policy" msgstr "Create Policy"
@ -819,7 +819,7 @@ msgstr "Create provider"
#: src/pages/applications/ApplicationForm.ts:123 #: src/pages/applications/ApplicationForm.ts:123
#: src/pages/flows/BoundStagesList.ts:149 #: src/pages/flows/BoundStagesList.ts:149
#: src/pages/outposts/ServiceConnectionListPage.ts:122 #: src/pages/outposts/ServiceConnectionListPage.ts:122
#: src/pages/policies/BoundPoliciesList.ts:188 #: src/pages/policies/BoundPoliciesList.ts:192
#: src/pages/policies/PolicyListPage.ts:136 #: src/pages/policies/PolicyListPage.ts:136
#: src/pages/property-mappings/PropertyMappingListPage.ts:125 #: src/pages/property-mappings/PropertyMappingListPage.ts:125
#: src/pages/providers/ProviderListPage.ts:119 #: src/pages/providers/ProviderListPage.ts:119
@ -873,7 +873,7 @@ msgstr "Define how notifications are sent to users, like Email or Webhook."
#: src/pages/events/RuleListPage.ts:82 #: src/pages/events/RuleListPage.ts:82
#: src/pages/events/TransportListPage.ts:86 #: src/pages/events/TransportListPage.ts:86
#: src/pages/flows/FlowListPage.ts:86 #: src/pages/flows/FlowListPage.ts:86
#: src/pages/groups/GroupListPage.ts:82 #: src/pages/groups/GroupListPage.ts:81
#: src/pages/outposts/OutpostListPage.ts:87 #: src/pages/outposts/OutpostListPage.ts:87
#: src/pages/outposts/ServiceConnectionListPage.ts:101 #: src/pages/outposts/ServiceConnectionListPage.ts:101
#: src/pages/policies/PolicyListPage.ts:115 #: src/pages/policies/PolicyListPage.ts:115
@ -895,7 +895,7 @@ msgid "Delete Authorization Code"
msgstr "Delete Authorization Code" msgstr "Delete Authorization Code"
#: src/pages/flows/BoundStagesList.ts:91 #: src/pages/flows/BoundStagesList.ts:91
#: src/pages/policies/BoundPoliciesList.ts:145 #: src/pages/policies/BoundPoliciesList.ts:149
msgid "Delete Binding" msgid "Delete Binding"
msgstr "Delete Binding" msgstr "Delete Binding"
@ -1010,7 +1010,7 @@ msgstr "Download"
msgid "Dummy stage used for testing. Shows a simple continue button and always passes." msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
msgstr "Dummy stage used for testing. Shows a simple continue button and always passes." msgstr "Dummy stage used for testing. Shows a simple continue button and always passes."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:235 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:234
msgid "Each provider has a different issuer, based on the application slug." msgid "Each provider has a different issuer, based on the application slug."
msgstr "Each provider has a different issuer, based on the application slug." msgstr "Each provider has a different issuer, based on the application slug."
@ -1021,7 +1021,7 @@ msgstr "Each provider has a different issuer, based on the application slug."
#: src/pages/events/RuleListPage.ts:70 #: src/pages/events/RuleListPage.ts:70
#: src/pages/events/TransportListPage.ts:74 #: src/pages/events/TransportListPage.ts:74
#: src/pages/flows/FlowListPage.ts:74 #: src/pages/flows/FlowListPage.ts:74
#: src/pages/groups/GroupListPage.ts:70 #: src/pages/groups/GroupListPage.ts:69
#: src/pages/outposts/OutpostListPage.ts:75 #: src/pages/outposts/OutpostListPage.ts:75
#: src/pages/outposts/ServiceConnectionListPage.ts:89 #: src/pages/outposts/ServiceConnectionListPage.ts:89
#: src/pages/policies/PolicyListPage.ts:90 #: src/pages/policies/PolicyListPage.ts:90
@ -1032,7 +1032,7 @@ msgstr "Each provider has a different issuer, based on the application slug."
#: src/pages/providers/saml/SAMLProviderViewPage.ts:121 #: src/pages/providers/saml/SAMLProviderViewPage.ts:121
#: src/pages/sources/SourcesListPage.ts:82 #: src/pages/sources/SourcesListPage.ts:82
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:105 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:105
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:124 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:125
#: src/pages/sources/saml/SAMLSourceViewPage.ts:111 #: src/pages/sources/saml/SAMLSourceViewPage.ts:111
#: src/pages/stages/StageListPage.ts:98 #: src/pages/stages/StageListPage.ts:98
#: src/pages/stages/prompt/PromptListPage.ts:75 #: src/pages/stages/prompt/PromptListPage.ts:75
@ -1043,15 +1043,15 @@ msgid "Edit"
msgstr "Edit" msgstr "Edit"
#: src/pages/flows/BoundStagesList.ts:79 #: src/pages/flows/BoundStagesList.ts:79
#: src/pages/policies/BoundPoliciesList.ts:133 #: src/pages/policies/BoundPoliciesList.ts:137
msgid "Edit Binding" msgid "Edit Binding"
msgstr "Edit Binding" msgstr "Edit Binding"
#: src/pages/policies/BoundPoliciesList.ts:92 #: src/pages/policies/BoundPoliciesList.ts:96
msgid "Edit Group" msgid "Edit Group"
msgstr "Edit Group" msgstr "Edit Group"
#: src/pages/policies/BoundPoliciesList.ts:77 #: src/pages/policies/BoundPoliciesList.ts:81
msgid "Edit Policy" msgid "Edit Policy"
msgstr "Edit Policy" msgstr "Edit Policy"
@ -1059,7 +1059,7 @@ msgstr "Edit Policy"
msgid "Edit Stage" msgid "Edit Stage"
msgstr "Edit Stage" msgstr "Edit Stage"
#: src/pages/policies/BoundPoliciesList.ts:107 #: src/pages/policies/BoundPoliciesList.ts:111
msgid "Edit User" msgid "Edit User"
msgstr "Edit User" msgstr "Edit User"
@ -1104,8 +1104,8 @@ msgstr "Enable Static Tokens"
msgid "Enable TOTP" msgid "Enable TOTP"
msgstr "Enable TOTP" msgstr "Enable TOTP"
#: src/pages/policies/BoundPoliciesList.ts:37 #: src/pages/policies/BoundPoliciesList.ts:41
#: src/pages/policies/PolicyBindingForm.ts:198 #: src/pages/policies/PolicyBindingForm.ts:199
#: src/pages/sources/ldap/LDAPSourceForm.ts:69 #: src/pages/sources/ldap/LDAPSourceForm.ts:69
#: src/pages/sources/oauth/OAuthSourceForm.ts:115 #: src/pages/sources/oauth/OAuthSourceForm.ts:115
#: src/pages/sources/saml/SAMLSourceForm.ts:69 #: src/pages/sources/saml/SAMLSourceForm.ts:69
@ -1247,10 +1247,10 @@ msgstr "Export"
msgid "Expression" msgid "Expression"
msgstr "Expression" msgstr "Expression"
#: src/pages/policies/expression/ExpressionPolicyForm.ts:84 #: src/pages/policies/expression/ExpressionPolicyForm.ts:85
#: src/pages/property-mappings/PropertyMappingLDAPForm.ts:70 #: src/pages/property-mappings/PropertyMappingLDAPForm.ts:71
#: src/pages/property-mappings/PropertyMappingSAMLForm.ts:80 #: src/pages/property-mappings/PropertyMappingSAMLForm.ts:81
#: src/pages/property-mappings/PropertyMappingScopeForm.ts:77 #: src/pages/property-mappings/PropertyMappingScopeForm.ts:78
msgid "Expression using Python." msgid "Expression using Python."
msgstr "Expression using Python." msgstr "Expression using Python."
@ -1262,7 +1262,7 @@ msgstr "External Applications which use authentik as Identity-Provider, utilizin
msgid "External Host" msgid "External Host"
msgstr "External Host" msgstr "External Host"
#: src/pages/providers/proxy/ProxyProviderForm.ts:118 #: src/pages/providers/proxy/ProxyProviderForm.ts:119
msgid "External host" msgid "External host"
msgstr "External host" msgstr "External host"
@ -1420,9 +1420,9 @@ msgid "Go to previous page"
msgstr "Go to previous page" msgstr "Go to previous page"
#: src/pages/events/RuleForm.ts:65 #: src/pages/events/RuleForm.ts:65
#: src/pages/groups/GroupListPage.ts:75 #: src/pages/groups/GroupListPage.ts:74
#: src/pages/policies/PolicyBindingForm.ts:132 #: src/pages/policies/PolicyBindingForm.ts:125
#: src/pages/policies/PolicyBindingForm.ts:160 #: src/pages/policies/PolicyBindingForm.ts:161
msgid "Group" msgid "Group"
msgstr "Group" msgstr "Group"
@ -1442,7 +1442,7 @@ msgstr "Group object filter"
msgid "Group users together and give them permissions based on the membership." msgid "Group users together and give them permissions based on the membership."
msgstr "Group users together and give them permissions based on the membership." msgstr "Group users together and give them permissions based on the membership."
#: src/pages/policies/BoundPoliciesList.ts:49 #: src/pages/policies/BoundPoliciesList.ts:53
msgid "Group {0}" msgid "Group {0}"
msgstr "Group {0}" msgstr "Group {0}"
@ -1451,7 +1451,7 @@ msgstr "Group {0}"
msgid "Groups" msgid "Groups"
msgstr "Groups" msgstr "Groups"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:149 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:150
msgid "HS256 (Symmetric Encryption)" msgid "HS256 (Symmetric Encryption)"
msgstr "HS256 (Symmetric Encryption)" msgstr "HS256 (Symmetric Encryption)"
@ -1476,7 +1476,7 @@ msgid "Hide managed mappings"
msgstr "Hide managed mappings" msgstr "Hide managed mappings"
#: src/pages/events/RuleForm.ts:93 #: src/pages/events/RuleForm.ts:93
#: src/pages/groups/GroupForm.ts:132 #: src/pages/groups/GroupForm.ts:131
#: src/pages/outposts/OutpostForm.ts:98 #: src/pages/outposts/OutpostForm.ts:98
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178
#: src/pages/providers/saml/SAMLProviderForm.ts:177 #: src/pages/providers/saml/SAMLProviderForm.ts:177
@ -1552,11 +1552,11 @@ msgstr "Import certificates of external providers or create certificates to sign
msgid "In case you can't access any other method." msgid "In case you can't access any other method."
msgstr "In case you can't access any other method." msgstr "In case you can't access any other method."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:227 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." msgstr "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:224 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:223
msgid "Include claims in id_token" msgid "Include claims in id_token"
msgstr "Include claims in id_token" msgstr "Include claims in id_token"
@ -1572,7 +1572,7 @@ msgstr "Internal application name, used in URLs."
msgid "Internal host" msgid "Internal host"
msgstr "Internal host" msgstr "Internal host"
#: src/pages/providers/proxy/ProxyProviderForm.ts:112 #: src/pages/providers/proxy/ProxyProviderForm.ts:113
msgid "Internal host SSL Validation" msgid "Internal host SSL Validation"
msgstr "Internal host SSL Validation" msgstr "Internal host SSL Validation"
@ -1600,15 +1600,15 @@ msgstr "Is superuser"
msgid "Issuer" msgid "Issuer"
msgstr "Issuer" msgstr "Issuer"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:230 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:229
msgid "Issuer mode" msgid "Issuer mode"
msgstr "Issuer mode" msgstr "Issuer mode"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:141 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:142
msgid "JWT Algorithm" msgid "JWT Algorithm"
msgstr "JWT Algorithm" msgstr "JWT Algorithm"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:196 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:195
msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
msgstr "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." msgstr "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
@ -1665,8 +1665,8 @@ msgid "Library"
msgstr "Library" msgstr "Library"
#: src/elements/table/Table.ts:120 #: src/elements/table/Table.ts:120
#: src/flows/FlowExecutor.ts:164 #: src/flows/FlowExecutor.ts:167
#: src/flows/FlowExecutor.ts:210 #: src/flows/FlowExecutor.ts:213
#: src/flows/access_denied/FlowAccessDenied.ts:27 #: src/flows/access_denied/FlowAccessDenied.ts:27
#: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts:43 #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts:43
#: src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts:33 #: src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts:33
@ -1694,23 +1694,23 @@ msgstr "Loading"
#: src/pages/flows/StageBindingForm.ts:89 #: src/pages/flows/StageBindingForm.ts:89
#: src/pages/flows/StageBindingForm.ts:106 #: src/pages/flows/StageBindingForm.ts:106
#: src/pages/groups/GroupForm.ts:77 #: src/pages/groups/GroupForm.ts:77
#: src/pages/groups/GroupForm.ts:128 #: src/pages/groups/GroupForm.ts:127
#: src/pages/outposts/OutpostForm.ts:74 #: src/pages/outposts/OutpostForm.ts:74
#: src/pages/outposts/OutpostForm.ts:96 #: src/pages/outposts/OutpostForm.ts:96
#: src/pages/outposts/ServiceConnectionDockerForm.ts:87 #: src/pages/outposts/ServiceConnectionDockerForm.ts:87
#: src/pages/outposts/ServiceConnectionDockerForm.ts:104 #: src/pages/outposts/ServiceConnectionDockerForm.ts:104
#: src/pages/policies/PolicyBindingForm.ts:156 #: src/pages/policies/PolicyBindingForm.ts:157
#: src/pages/policies/PolicyBindingForm.ts:172 #: src/pages/policies/PolicyBindingForm.ts:173
#: src/pages/policies/PolicyBindingForm.ts:188 #: src/pages/policies/PolicyBindingForm.ts:189
#: src/pages/policies/PolicyTestForm.ts:70 #: src/pages/policies/PolicyTestForm.ts:71
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108
#: src/pages/property-mappings/PropertyMappingTestForm.ts:59 #: src/pages/property-mappings/PropertyMappingTestForm.ts:61
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:194 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:193
#: src/pages/providers/proxy/ProxyProviderForm.ts:92 #: src/pages/providers/proxy/ProxyProviderForm.ts:92
#: src/pages/providers/proxy/ProxyProviderForm.ts:143 #: src/pages/providers/proxy/ProxyProviderForm.ts:145
#: src/pages/providers/saml/SAMLProviderForm.ts:71 #: src/pages/providers/saml/SAMLProviderForm.ts:71
#: src/pages/providers/saml/SAMLProviderForm.ts:133 #: src/pages/providers/saml/SAMLProviderForm.ts:133
#: src/pages/providers/saml/SAMLProviderForm.ts:149 #: src/pages/providers/saml/SAMLProviderForm.ts:149
@ -1803,7 +1803,7 @@ msgid "Members"
msgstr "Members" msgstr "Members"
#: src/pages/events/EventInfo.ts:174 #: src/pages/events/EventInfo.ts:174
#: src/pages/policies/PolicyTestForm.ts:43 #: src/pages/policies/PolicyTestForm.ts:44
#: src/pages/system-tasks/SystemTaskListPage.ts:80 #: src/pages/system-tasks/SystemTaskListPage.ts:80
msgid "Messages" msgid "Messages"
msgstr "Messages" msgstr "Messages"
@ -1889,7 +1889,7 @@ msgstr "Monitor"
#: src/pages/sources/ldap/LDAPSourceForm.ts:54 #: src/pages/sources/ldap/LDAPSourceForm.ts:54
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:64 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:64
#: src/pages/sources/oauth/OAuthSourceForm.ts:100 #: src/pages/sources/oauth/OAuthSourceForm.ts:100
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:63 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:64
#: src/pages/sources/saml/SAMLSourceForm.ts:54 #: src/pages/sources/saml/SAMLSourceForm.ts:54
#: src/pages/sources/saml/SAMLSourceViewPage.ts:66 #: src/pages/sources/saml/SAMLSourceViewPage.ts:66
#: src/pages/stages/StageListPage.ts:65 #: src/pages/stages/StageListPage.ts:65
@ -1939,11 +1939,11 @@ msgid "New version available!"
msgstr "New version available!" msgstr "New version available!"
#: src/pages/crypto/CertificateKeyPairListPage.ts:61 #: src/pages/crypto/CertificateKeyPairListPage.ts:61
#: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/GroupListPage.ts:57
#: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/groups/MemberSelectModal.ts:57
#: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/outposts/ServiceConnectionListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:118 #: src/pages/policies/BoundPoliciesList.ts:122
#: src/pages/policies/PolicyTestForm.ts:38 #: src/pages/policies/PolicyTestForm.ts:39
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108
#: src/pages/tokens/TokenListPage.ts:56 #: src/pages/tokens/TokenListPage.ts:56
#: src/pages/user-settings/tokens/UserTokenList.ts:83 #: src/pages/user-settings/tokens/UserTokenList.ts:83
@ -1960,7 +1960,7 @@ msgstr "No Applications available."
msgid "No Events found." msgid "No Events found."
msgstr "No Events found." msgstr "No Events found."
#: src/pages/policies/BoundPoliciesList.ts:151 #: src/pages/policies/BoundPoliciesList.ts:155
msgid "No Policies bound." msgid "No Policies bound."
msgstr "No Policies bound." msgstr "No Policies bound."
@ -1989,7 +1989,7 @@ msgstr "No form found"
msgid "No matching events could be found." msgid "No matching events could be found."
msgstr "No matching events could be found." msgstr "No matching events could be found."
#: src/pages/policies/BoundPoliciesList.ts:153 #: src/pages/policies/BoundPoliciesList.ts:157
msgid "No policies are currently bound to this object." msgid "No policies are currently bound to this object."
msgstr "No policies are currently bound to this object." msgstr "No policies are currently bound to this object."
@ -2161,8 +2161,8 @@ msgstr "Optionally set the 'FriendlyName' value of the Assertion attribute."
#: src/pages/flows/BoundStagesList.ts:38 #: src/pages/flows/BoundStagesList.ts:38
#: src/pages/flows/StageBindingForm.ts:110 #: src/pages/flows/StageBindingForm.ts:110
#: src/pages/policies/BoundPoliciesList.ts:38 #: src/pages/policies/BoundPoliciesList.ts:42
#: src/pages/policies/PolicyBindingForm.ts:203 #: src/pages/policies/PolicyBindingForm.ts:204
#: src/pages/stages/prompt/PromptForm.ts:119 #: src/pages/stages/prompt/PromptForm.ts:119
#: src/pages/stages/prompt/PromptListPage.ts:49 #: src/pages/stages/prompt/PromptListPage.ts:49
msgid "Order" msgid "Order"
@ -2199,7 +2199,7 @@ msgstr "Outposts are deployments of authentik components to support different en
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:56 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:56
#: src/pages/providers/saml/SAMLProviderViewPage.ts:58 #: src/pages/providers/saml/SAMLProviderViewPage.ts:58
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:56 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:56
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:55 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:56
#: src/pages/sources/saml/SAMLSourceViewPage.ts:58 #: src/pages/sources/saml/SAMLSourceViewPage.ts:58
#: src/pages/users/UserViewPage.ts:74 #: src/pages/users/UserViewPage.ts:74
msgid "Overview" msgid "Overview"
@ -2219,7 +2219,7 @@ msgid "Pass policy?"
msgstr "Pass policy?" msgstr "Pass policy?"
#: src/pages/events/EventInfo.ts:173 #: src/pages/events/EventInfo.ts:173
#: src/pages/policies/PolicyTestForm.ts:35 #: src/pages/policies/PolicyTestForm.ts:36
msgid "Passing" msgid "Passing"
msgstr "Passing" msgstr "Passing"
@ -2254,7 +2254,6 @@ msgid "Please enter your password"
msgstr "Please enter your password" msgstr "Please enter your password"
#: src/interfaces/AdminInterface.ts:26 #: src/interfaces/AdminInterface.ts:26
#: src/pages/admin-overview/AdminOverviewPage.ts:48
#: src/pages/flows/FlowListPage.ts:50 #: src/pages/flows/FlowListPage.ts:50
#: src/pages/policies/PolicyListPage.ts:38 #: src/pages/policies/PolicyListPage.ts:38
msgid "Policies" msgid "Policies"
@ -2264,24 +2263,28 @@ msgstr "Policies"
msgid "Policies without binding exist." msgid "Policies without binding exist."
msgstr "Policies without binding exist." msgstr "Policies without binding exist."
#: src/pages/policies/PolicyBindingForm.ts:124 #: src/pages/policies/PolicyBindingForm.ts:108
#: src/pages/policies/PolicyBindingForm.ts:147 #: src/pages/policies/PolicyBindingForm.ts:117
#: src/pages/policies/PolicyBindingForm.ts:148
#: src/pages/policies/PolicyListPage.ts:108 #: src/pages/policies/PolicyListPage.ts:108
msgid "Policy" msgid "Policy"
msgstr "Policy" msgstr "Policy"
#: src/pages/policies/BoundPoliciesList.ts:36 #: src/pages/applications/ApplicationViewPage.ts:134
#: src/pages/flows/FlowViewPage.ts:101
msgid "Policy / Group / User Bindings"
msgstr "Policy / Group / User Bindings"
#: src/pages/policies/BoundPoliciesList.ts:40
msgid "Policy / User / Group" msgid "Policy / User / Group"
msgstr "Policy / User / Group" msgstr "Policy / User / Group"
#: src/pages/applications/ApplicationViewPage.ts:134 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:144
#: src/pages/flows/FlowViewPage.ts:101
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:143
#: src/pages/sources/saml/SAMLSourceViewPage.ts:150 #: src/pages/sources/saml/SAMLSourceViewPage.ts:150
msgid "Policy Bindings" msgid "Policy Bindings"
msgstr "Policy Bindings" msgstr "Policy Bindings"
#: src/pages/policies/BoundPoliciesList.ts:138 #: src/pages/policies/BoundPoliciesList.ts:142
msgid "Policy binding" msgid "Policy binding"
msgstr "Policy binding" msgstr "Policy binding"
@ -2292,7 +2295,7 @@ msgstr "Policy binding"
msgid "Policy engine mode" msgid "Policy engine mode"
msgstr "Policy engine mode" msgstr "Policy engine mode"
#: src/pages/policies/BoundPoliciesList.ts:46 #: src/pages/policies/BoundPoliciesList.ts:50
msgid "Policy {0}" msgid "Policy {0}"
msgstr "Policy {0}" msgstr "Policy {0}"
@ -2318,7 +2321,7 @@ msgstr "Post binding"
msgid "Post binding (auto-submit)" msgid "Post binding (auto-submit)"
msgstr "Post binding (auto-submit)" msgstr "Post binding (auto-submit)"
#: src/flows/FlowExecutor.ts:252 #: src/flows/FlowExecutor.ts:255
msgid "Powered by authentik" msgid "Powered by authentik"
msgstr "Powered by authentik" msgstr "Powered by authentik"
@ -2399,7 +2402,7 @@ msgid "Provider"
msgstr "Provider" msgstr "Provider"
#: src/pages/applications/ApplicationListPage.ts:61 #: src/pages/applications/ApplicationListPage.ts:61
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:71 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:72
msgid "Provider Type" msgid "Provider Type"
msgstr "Provider Type" msgstr "Provider Type"
@ -2408,13 +2411,16 @@ msgid "Provider type"
msgstr "Provider type" msgstr "Provider type"
#: src/interfaces/AdminInterface.ts:20 #: src/interfaces/AdminInterface.ts:20
#: src/pages/admin-overview/AdminOverviewPage.ts:46
#: src/pages/outposts/OutpostForm.ts:82 #: src/pages/outposts/OutpostForm.ts:82
#: src/pages/outposts/OutpostListPage.ts:51 #: src/pages/outposts/OutpostListPage.ts:51
#: src/pages/providers/ProviderListPage.ts:34 #: src/pages/providers/ProviderListPage.ts:34
msgid "Providers" msgid "Providers"
msgstr "Providers" msgstr "Providers"
#: src/pages/admin-overview/AdminOverviewPage.ts:46
msgid "Providers without application"
msgstr "Providers without application"
#: src/pages/outposts/OutpostForm.ts:57 #: src/pages/outposts/OutpostForm.ts:57
msgid "Proxy" msgid "Proxy"
msgstr "Proxy" msgstr "Proxy"
@ -2435,7 +2441,7 @@ msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
msgid "Publisher" msgid "Publisher"
msgstr "Publisher" msgstr "Publisher"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:146 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:147
msgid "RS256 (Asymmetric Encryption)" msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetric Encryption)" msgstr "RS256 (Asymmetric Encryption)"
@ -2507,7 +2513,7 @@ msgstr "Refresh Code"
msgid "Register device" msgid "Register device"
msgstr "Register device" msgstr "Register device"
#: src/pages/providers/proxy/ProxyProviderForm.ts:151 #: src/pages/providers/proxy/ProxyProviderForm.ts:153
msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression." msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
msgstr "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression." msgstr "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
@ -2556,7 +2562,7 @@ msgid "Resources"
msgstr "Resources" msgstr "Resources"
#: src/pages/events/EventInfo.ts:171 #: src/pages/events/EventInfo.ts:171
#: src/pages/property-mappings/PropertyMappingTestForm.ts:34 #: src/pages/property-mappings/PropertyMappingTestForm.ts:36
msgid "Result" msgid "Result"
msgstr "Result" msgstr "Result"
@ -2569,7 +2575,7 @@ msgstr "Retry Task"
msgid "Retry authentication" msgid "Retry authentication"
msgstr "Retry authentication" msgstr "Retry authentication"
#: src/flows/FlowExecutor.ts:142 #: src/flows/FlowExecutor.ts:145
msgid "Return" msgid "Return"
msgstr "Return" msgstr "Return"
@ -2632,7 +2638,7 @@ msgstr "SMTP Username"
msgid "SSO URL" msgid "SSO URL"
msgstr "SSO URL" msgstr "SSO URL"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:238 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:237
msgid "Same identifier is used for all providers" msgid "Same identifier is used for all providers"
msgstr "Same identifier is used for all providers" msgstr "Same identifier is used for all providers"
@ -2646,7 +2652,7 @@ msgstr "Scope which the client can specify to access these properties."
#: src/elements/oauth/UserCodeList.ts:31 #: src/elements/oauth/UserCodeList.ts:31
#: src/elements/oauth/UserRefreshList.ts:31 #: src/elements/oauth/UserRefreshList.ts:31
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:155 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:156
msgid "Scopes" msgid "Scopes"
msgstr "Scopes" msgstr "Scopes"
@ -2658,10 +2664,10 @@ msgstr "Search..."
msgid "Secret:" msgid "Secret:"
msgstr "Secret:" msgstr "Secret:"
#: src/pages/policies/expression/ExpressionPolicyForm.ts:86 #: src/pages/policies/expression/ExpressionPolicyForm.ts:87
#: src/pages/property-mappings/PropertyMappingLDAPForm.ts:72 #: src/pages/property-mappings/PropertyMappingLDAPForm.ts:73
#: src/pages/property-mappings/PropertyMappingSAMLForm.ts:82 #: src/pages/property-mappings/PropertyMappingSAMLForm.ts:83
#: src/pages/property-mappings/PropertyMappingScopeForm.ts:79 #: src/pages/property-mappings/PropertyMappingScopeForm.ts:80
msgid "See documentation for a list of all variables." msgid "See documentation for a list of all variables."
msgstr "See documentation for a list of all variables." msgstr "See documentation for a list of all variables."
@ -2750,19 +2756,19 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1
msgid "Session valid not on or after" msgid "Session valid not on or after"
msgstr "Session valid not on or after" msgstr "Session valid not on or after"
#: src/pages/providers/proxy/ProxyProviderForm.ts:161 #: src/pages/providers/proxy/ProxyProviderForm.ts:163
msgid "Set HTTP-Basic Authentication" msgid "Set HTTP-Basic Authentication"
msgstr "Set HTTP-Basic Authentication" msgstr "Set HTTP-Basic Authentication"
#: src/pages/providers/proxy/ProxyProviderForm.ts:164 #: src/pages/providers/proxy/ProxyProviderForm.ts:166
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik." msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik." msgstr "Set a custom HTTP-Basic Authentication header based on values from authentik."
#: src/pages/groups/GroupForm.ts:139 #: src/pages/groups/GroupForm.ts:139
#: src/pages/outposts/OutpostForm.ts:109 #: src/pages/outposts/OutpostForm.ts:109
#: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73 #: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73
#: src/pages/policies/PolicyTestForm.ts:78 #: src/pages/policies/PolicyTestForm.ts:79
#: src/pages/users/UserForm.ts:81 #: src/pages/users/UserForm.ts:82
msgid "Set custom attributes using YAML or JSON." msgid "Set custom attributes using YAML or JSON."
msgstr "Set custom attributes using YAML or JSON." msgstr "Set custom attributes using YAML or JSON."
@ -2804,7 +2810,7 @@ msgstr "Signing keypair"
msgid "Single Prompts that can be used for Prompt Stages." msgid "Single Prompts that can be used for Prompt Stages."
msgstr "Single Prompts that can be used for Prompt Stages." msgstr "Single Prompts that can be used for Prompt Stages."
#: src/pages/providers/proxy/ProxyProviderForm.ts:148 #: src/pages/providers/proxy/ProxyProviderForm.ts:150
msgid "Skip path regex" msgid "Skip path regex"
msgstr "Skip path regex" msgstr "Skip path regex"
@ -2817,7 +2823,7 @@ msgstr "Skip path regex"
msgid "Slug" msgid "Slug"
msgstr "Slug" msgstr "Slug"
#: src/flows/FlowExecutor.ts:135 #: src/flows/FlowExecutor.ts:138
msgid "Something went wrong! Please try again later." msgid "Something went wrong! Please try again later."
msgstr "Something went wrong! Please try again later." msgstr "Something went wrong! Please try again later."
@ -2942,7 +2948,7 @@ msgstr "Stop impersonation"
msgid "Subject" msgid "Subject"
msgstr "Subject" msgstr "Subject"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:199 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:198
msgid "Subject mode" msgid "Subject mode"
msgstr "Subject mode" msgstr "Subject mode"
@ -2971,7 +2977,7 @@ msgid "Successfully created application."
msgstr "Successfully created application." msgstr "Successfully created application."
#: src/pages/flows/StageBindingForm.ts:39 #: src/pages/flows/StageBindingForm.ts:39
#: src/pages/policies/PolicyBindingForm.ts:72 #: src/pages/policies/PolicyBindingForm.ts:64
msgid "Successfully created binding." msgid "Successfully created binding."
msgstr "Successfully created binding." msgstr "Successfully created binding."
@ -3089,8 +3095,8 @@ msgstr "Successfully imported flow."
msgid "Successfully imported provider." msgid "Successfully imported provider."
msgstr "Successfully imported provider." msgstr "Successfully imported provider."
#: src/pages/policies/PolicyTestForm.ts:29 #: src/pages/policies/PolicyTestForm.ts:30
#: src/pages/property-mappings/PropertyMappingTestForm.ts:29 #: src/pages/property-mappings/PropertyMappingTestForm.ts:31
msgid "Successfully sent test-request." msgid "Successfully sent test-request."
msgstr "Successfully sent test-request." msgstr "Successfully sent test-request."
@ -3099,7 +3105,7 @@ msgid "Successfully updated application."
msgstr "Successfully updated application." msgstr "Successfully updated application."
#: src/pages/flows/StageBindingForm.ts:36 #: src/pages/flows/StageBindingForm.ts:36
#: src/pages/policies/PolicyBindingForm.ts:69 #: src/pages/policies/PolicyBindingForm.ts:61
msgid "Successfully updated binding." msgid "Successfully updated binding."
msgstr "Successfully updated binding." msgstr "Successfully updated binding."
@ -3301,35 +3307,43 @@ msgstr "Text: Simple Text input"
msgid "The URL \"{0}\" was not found." msgid "The URL \"{0}\" was not found."
msgstr "The URL \"{0}\" was not found." msgstr "The URL \"{0}\" was not found."
#: src/pages/providers/proxy/ProxyProviderForm.ts:123
msgid "The external URL you'll access the outpost at."
msgstr "The external URL you'll access the outpost at."
#: src/pages/policies/dummy/DummyPolicyForm.ts:90 #: src/pages/policies/dummy/DummyPolicyForm.ts:90
msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgid "The policy takes a random time to execute. This controls the minimum time it will take."
msgstr "The policy takes a random time to execute. This controls the minimum time it will take." msgstr "The policy takes a random time to execute. This controls the minimum time it will take."
#: src/pages/flows/BoundStagesList.ts:102
msgid "These bindings control if this stage will be applied to the flow."
msgstr "These bindings control if this stage will be applied to the flow."
#: src/pages/events/RuleListPage.ts:109 #: src/pages/events/RuleListPage.ts:109
msgid "" msgid ""
"These policies control upon which events this rule triggers. Bindings to\n" "These bindings control upon which events this rule triggers. Bindings to\n"
"groups/users are checked against the user of the event." "groups/users are checked against the user of the event."
msgstr "" msgstr ""
"These policies control upon which events this rule triggers. Bindings to\n" "These bindings control upon which events this rule triggers. Bindings to\n"
"groups/users are checked against the user of the event." "groups/users are checked against the user of the event."
#: src/pages/flows/BoundStagesList.ts:102 #: src/pages/flows/FlowViewPage.ts:103
msgid "These policies control when this stage will be applied to the flow." msgid "These bindings control which users can access this flow."
msgstr "These policies control when this stage will be applied to the flow." msgstr "These bindings control which users can access this flow."
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:146
#: src/pages/sources/saml/SAMLSourceViewPage.ts:152
msgid ""
"These bindings control which users can access this source.\n"
"You can only use policies here as access is checked before the user is authenticated."
msgstr ""
"These bindings control which users can access this source.\n"
"You can only use policies here as access is checked before the user is authenticated."
#: src/pages/applications/ApplicationViewPage.ts:136 #: src/pages/applications/ApplicationViewPage.ts:136
msgid "These policies control which users can access this application." msgid "These policies control which users can access this application."
msgstr "These policies control which users can access this application." msgstr "These policies control which users can access this application."
#: src/pages/flows/FlowViewPage.ts:103
msgid "These policies control which users can access this flow."
msgstr "These policies control which users can access this flow."
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:145
#: src/pages/sources/saml/SAMLSourceViewPage.ts:152
msgid "These policies control which users can access this source."
msgstr "These policies control which users can access this source."
#: src/pages/stages/invitation/InvitationStageForm.ts:53 #: src/pages/stages/invitation/InvitationStageForm.ts:53
msgid "This stage can be included in enrollment flows to accept invitations." msgid "This stage can be included in enrollment flows to accept invitations."
msgstr "This stage can be included in enrollment flows to accept invitations." msgstr "This stage can be included in enrollment flows to accept invitations."
@ -3354,8 +3368,8 @@ msgstr "Time offset when temporary users should be deleted. This only applies if
msgid "Time-based One-Time Passwords" msgid "Time-based One-Time Passwords"
msgstr "Time-based One-Time Passwords" msgstr "Time-based One-Time Passwords"
#: src/pages/policies/BoundPoliciesList.ts:39 #: src/pages/policies/BoundPoliciesList.ts:43
#: src/pages/policies/PolicyBindingForm.ts:209 #: src/pages/policies/PolicyBindingForm.ts:210
#: src/pages/stages/email/EmailStageForm.ts:101 #: src/pages/stages/email/EmailStageForm.ts:101
msgid "Timeout" msgid "Timeout"
msgstr "Timeout" msgstr "Timeout"
@ -3370,7 +3384,7 @@ msgid "Token"
msgstr "Token" msgstr "Token"
#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:103 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:104
msgid "Token URL" msgid "Token URL"
msgstr "Token URL" msgstr "Token URL"
@ -3382,7 +3396,7 @@ msgstr "Token count"
msgid "Token expiry" msgid "Token expiry"
msgstr "Token expiry" msgstr "Token expiry"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:135 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
msgid "Token validity" msgid "Token validity"
msgstr "Token validity" msgstr "Token validity"
@ -3453,6 +3467,10 @@ msgstr "URL used by authentik to retrieve tokens."
msgid "URL used to request the initial token. This URL is only required for OAuth 1." msgid "URL used to request the initial token. This URL is only required for OAuth 1."
msgstr "URL used to request the initial token. This URL is only required for OAuth 1." msgstr "URL used to request the initial token. This URL is only required for OAuth 1."
#: src/pages/admin-overview/AdminOverviewPage.ts:48
msgid "Unbound policies"
msgstr "Unbound policies"
#: src/pages/flows/FlowForm.ts:73 #: src/pages/flows/FlowForm.ts:73
msgid "Unenrollment" msgid "Unenrollment"
msgstr "Unenrollment" msgstr "Unenrollment"
@ -3477,13 +3495,13 @@ msgstr "Up-to-date!"
#: src/pages/flows/BoundStagesList.ts:53 #: src/pages/flows/BoundStagesList.ts:53
#: src/pages/flows/BoundStagesList.ts:71 #: src/pages/flows/BoundStagesList.ts:71
#: src/pages/flows/FlowListPage.ts:66 #: src/pages/flows/FlowListPage.ts:66
#: src/pages/groups/GroupListPage.ts:62 #: src/pages/groups/GroupListPage.ts:61
#: src/pages/outposts/OutpostListPage.ts:67 #: src/pages/outposts/OutpostListPage.ts:67
#: src/pages/outposts/ServiceConnectionListPage.ts:76 #: src/pages/outposts/ServiceConnectionListPage.ts:76
#: src/pages/policies/BoundPoliciesList.ts:64 #: src/pages/policies/BoundPoliciesList.ts:68
#: src/pages/policies/BoundPoliciesList.ts:84 #: src/pages/policies/BoundPoliciesList.ts:88
#: src/pages/policies/BoundPoliciesList.ts:99 #: src/pages/policies/BoundPoliciesList.ts:103
#: src/pages/policies/BoundPoliciesList.ts:125 #: src/pages/policies/BoundPoliciesList.ts:129
#: src/pages/policies/PolicyListPage.ts:77 #: src/pages/policies/PolicyListPage.ts:77
#: src/pages/property-mappings/PropertyMappingListPage.ts:66 #: src/pages/property-mappings/PropertyMappingListPage.ts:66
#: src/pages/providers/ProviderListPage.ts:73 #: src/pages/providers/ProviderListPage.ts:73
@ -3492,7 +3510,7 @@ msgstr "Up-to-date!"
#: src/pages/providers/saml/SAMLProviderViewPage.ts:111 #: src/pages/providers/saml/SAMLProviderViewPage.ts:111
#: src/pages/sources/SourcesListPage.ts:69 #: src/pages/sources/SourcesListPage.ts:69
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:95 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:95
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:114 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:115
#: src/pages/sources/saml/SAMLSourceViewPage.ts:101 #: src/pages/sources/saml/SAMLSourceViewPage.ts:101
#: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/StageListPage.ts:85
#: src/pages/stages/prompt/PromptListPage.ts:67 #: src/pages/stages/prompt/PromptListPage.ts:67
@ -3512,7 +3530,7 @@ msgstr "Update"
msgid "Update Application" msgid "Update Application"
msgstr "Update Application" msgstr "Update Application"
#: src/pages/policies/BoundPoliciesList.ts:128 #: src/pages/policies/BoundPoliciesList.ts:132
msgid "Update Binding" msgid "Update Binding"
msgstr "Update Binding" msgstr "Update Binding"
@ -3524,8 +3542,8 @@ msgstr "Update Certificate-Key Pair"
msgid "Update Flow" msgid "Update Flow"
msgstr "Update Flow" msgstr "Update Flow"
#: src/pages/groups/GroupListPage.ts:65 #: src/pages/groups/GroupListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:87 #: src/pages/policies/BoundPoliciesList.ts:91
msgid "Update Group" msgid "Update Group"
msgstr "Update Group" msgstr "Update Group"
@ -3541,7 +3559,7 @@ msgstr "Update Notification Rule"
msgid "Update Notification Transport" msgid "Update Notification Transport"
msgstr "Update Notification Transport" msgstr "Update Notification Transport"
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:117 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:118
msgid "Update OAuth Source" msgid "Update OAuth Source"
msgstr "Update OAuth Source" msgstr "Update OAuth Source"
@ -3577,7 +3595,7 @@ msgstr "Update Stage binding"
msgid "Update Token" msgid "Update Token"
msgstr "Update Token" msgstr "Update Token"
#: src/pages/policies/BoundPoliciesList.ts:102 #: src/pages/policies/BoundPoliciesList.ts:106
#: src/pages/users/UserListPage.ts:71 #: src/pages/users/UserListPage.ts:71
#: src/pages/users/UserViewPage.ts:142 #: src/pages/users/UserViewPage.ts:142
msgid "Update User" msgid "Update User"
@ -3589,7 +3607,7 @@ msgstr "Update details"
#: src/pages/flows/BoundStagesList.ts:56 #: src/pages/flows/BoundStagesList.ts:56
#: src/pages/outposts/ServiceConnectionListPage.ts:79 #: src/pages/outposts/ServiceConnectionListPage.ts:79
#: src/pages/policies/BoundPoliciesList.ts:67 #: src/pages/policies/BoundPoliciesList.ts:71
#: src/pages/policies/PolicyListPage.ts:80 #: src/pages/policies/PolicyListPage.ts:80
#: src/pages/property-mappings/PropertyMappingListPage.ts:69 #: src/pages/property-mappings/PropertyMappingListPage.ts:69
#: src/pages/providers/ProviderListPage.ts:76 #: src/pages/providers/ProviderListPage.ts:76
@ -3599,6 +3617,10 @@ msgstr "Update details"
msgid "Update {0}" msgid "Update {0}"
msgstr "Update {0}" msgstr "Update {0}"
#: src/pages/providers/proxy/ProxyProviderForm.ts:107
msgid "Upstream host that the requests are forwarded to."
msgstr "Upstream host that the requests are forwarded to."
#: src/pages/stages/email/EmailStageForm.ts:96 #: src/pages/stages/email/EmailStageForm.ts:96
msgid "Use SSL" msgid "Use SSL"
msgstr "Use SSL" msgstr "Use SSL"
@ -3623,10 +3645,10 @@ msgstr "Use global settings"
#: src/elements/events/UserEvents.ts:36 #: src/elements/events/UserEvents.ts:36
#: src/pages/events/EventInfo.ts:83 #: src/pages/events/EventInfo.ts:83
#: src/pages/events/EventListPage.ts:44 #: src/pages/events/EventListPage.ts:44
#: src/pages/policies/PolicyBindingForm.ts:140 #: src/pages/policies/PolicyBindingForm.ts:133
#: src/pages/policies/PolicyBindingForm.ts:176 #: src/pages/policies/PolicyBindingForm.ts:177
#: src/pages/policies/PolicyTestForm.ts:60 #: src/pages/policies/PolicyTestForm.ts:61
#: src/pages/property-mappings/PropertyMappingTestForm.ts:49 #: src/pages/property-mappings/PropertyMappingTestForm.ts:51
#: src/pages/tokens/TokenListPage.ts:45 #: src/pages/tokens/TokenListPage.ts:45
#: src/pages/user-settings/tokens/UserTokenList.ts:72 #: src/pages/user-settings/tokens/UserTokenList.ts:72
#: src/pages/users/UserListPage.ts:88 #: src/pages/users/UserListPage.ts:88
@ -3667,7 +3689,7 @@ msgstr "User object filter"
msgid "User password writeback" msgid "User password writeback"
msgstr "User password writeback" msgstr "User password writeback"
#: src/pages/policies/BoundPoliciesList.ts:52 #: src/pages/policies/BoundPoliciesList.ts:56
#: src/pages/users/UserViewPage.ts:63 #: src/pages/users/UserViewPage.ts:63
msgid "User {0}" msgid "User {0}"
msgstr "User {0}" msgstr "User {0}"
@ -3722,11 +3744,11 @@ msgstr "Using flow"
msgid "Using source" msgid "Using source"
msgstr "Using source" msgstr "Using source"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:123 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:124
msgid "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows." msgid "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows."
msgstr "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows." msgstr "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows."
#: src/pages/providers/proxy/ProxyProviderForm.ts:115 #: src/pages/providers/proxy/ProxyProviderForm.ts:116
msgid "Validate SSL Certificates of upstream servers." msgid "Validate SSL Certificates of upstream servers."
msgstr "Validate SSL Certificates of upstream servers." msgstr "Validate SSL Certificates of upstream servers."
@ -3841,7 +3863,7 @@ msgstr "When selected, incoming assertion's Signatures will be validated against
msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
msgstr "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." msgstr "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
#: src/flows/FlowExecutor.ts:131 #: src/flows/FlowExecutor.ts:134
msgid "Whoops!" msgid "Whoops!"
msgstr "Whoops!" msgstr "Whoops!"
@ -3866,11 +3888,11 @@ msgid "X509 Subject"
msgstr "X509 Subject" msgstr "X509 Subject"
#: src/pages/crypto/CertificateKeyPairListPage.ts:61 #: src/pages/crypto/CertificateKeyPairListPage.ts:61
#: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/GroupListPage.ts:57
#: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/groups/MemberSelectModal.ts:57
#: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/outposts/ServiceConnectionListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:118 #: src/pages/policies/BoundPoliciesList.ts:122
#: src/pages/policies/PolicyTestForm.ts:38 #: src/pages/policies/PolicyTestForm.ts:39
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105
#: src/pages/tokens/TokenListPage.ts:56 #: src/pages/tokens/TokenListPage.ts:56
#: src/pages/user-settings/tokens/UserTokenList.ts:83 #: src/pages/user-settings/tokens/UserTokenList.ts:83

322
web/src/locales/pseudo-LOCALE.po
View File

@ -13,7 +13,7 @@ msgstr ""
"Language-Team: \n" "Language-Team: \n"
"Plural-Forms: \n" "Plural-Forms: \n"
#: src/pages/policies/BoundPoliciesList.ts:55 #: src/pages/policies/BoundPoliciesList.ts:59
msgid "-" msgid "-"
msgstr "" msgstr ""
@ -64,7 +64,7 @@ msgstr ""
msgid "API request failed" msgid "API request failed"
msgstr "" msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:87 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:88
msgid "Access Key" msgid "Access Key"
msgstr "" msgstr ""
@ -105,8 +105,8 @@ msgstr ""
msgid "Additional user DN, prepended to the Base DN." msgid "Additional user DN, prepended to the Base DN."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:131 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:132
#: src/pages/providers/proxy/ProxyProviderForm.ts:128 #: src/pages/providers/proxy/ProxyProviderForm.ts:130
#: src/pages/providers/saml/SAMLProviderForm.ts:117 #: src/pages/providers/saml/SAMLProviderForm.ts:117
#: src/pages/sources/saml/SAMLSourceForm.ts:134 #: src/pages/sources/saml/SAMLSourceForm.ts:134
msgid "Advanced protocol settings" msgid "Advanced protocol settings"
@ -125,7 +125,7 @@ msgstr ""
msgid "Alert" msgid "Alert"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:152 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:153
msgid "Algorithm used to sign the JWT Tokens." msgid "Algorithm used to sign the JWT Tokens."
msgstr "" msgstr ""
@ -255,7 +255,7 @@ msgstr ""
msgid "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded." msgid "Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded."
msgstr "" msgstr ""
#: src/pages/groups/GroupForm.ts:135 #: src/pages/groups/GroupForm.ts:134
#: src/pages/stages/invitation/InvitationForm.ts:52 #: src/pages/stages/invitation/InvitationForm.ts:52
#: src/pages/users/UserForm.ts:77 #: src/pages/users/UserForm.ts:77
msgid "Attributes" msgid "Attributes"
@ -289,7 +289,7 @@ msgid "Authorization Code"
msgstr "" msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts:66 #: src/pages/sources/oauth/OAuthSourceForm.ts:66
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:95 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:96
msgid "Authorization URL" msgid "Authorization URL"
msgstr "" msgstr ""
@ -338,19 +338,19 @@ msgstr ""
msgid "Base DN" msgid "Base DN"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:204 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:203
msgid "Based on the Hashed User ID" msgid "Based on the Hashed User ID"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:210 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:209
msgid "Based on the User's Email. This is recommended over the UPN method." msgid "Based on the User's Email. This is recommended over the UPN method."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:213 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:212
msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains." msgid "Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:207 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:206
msgid "Based on the username" msgid "Based on the username"
msgstr "" msgstr ""
@ -401,7 +401,7 @@ msgstr ""
msgid "Cached Policies" msgid "Cached Policies"
msgstr "" msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:79 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:80
msgid "Callback URL" msgid "Callback URL"
msgstr "" msgstr ""
@ -422,7 +422,7 @@ msgid "Case insensitive matching"
msgstr "" msgstr ""
#: src/pages/crypto/CertificateKeyPairForm.ts:51 #: src/pages/crypto/CertificateKeyPairForm.ts:51
#: src/pages/providers/proxy/ProxyProviderForm.ts:132 #: src/pages/providers/proxy/ProxyProviderForm.ts:134
msgid "Certificate" msgid "Certificate"
msgstr "" msgstr ""
@ -468,7 +468,7 @@ msgstr ""
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:135 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:135
#: src/pages/providers/saml/SAMLProviderViewPage.ts:129 #: src/pages/providers/saml/SAMLProviderViewPage.ts:129
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:113 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:113
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:132 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:133
#: src/pages/sources/saml/SAMLSourceViewPage.ts:119 #: src/pages/sources/saml/SAMLSourceViewPage.ts:119
#: src/pages/users/UserViewPage.ts:185 #: src/pages/users/UserViewPage.ts:185
msgid "Changelog" msgid "Changelog"
@ -590,7 +590,7 @@ msgstr ""
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected." msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:242 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:241
msgid "Configure how the issuer field of the ID Token should be filled." msgid "Configure how the issuer field of the ID Token should be filled."
msgstr "" msgstr ""
@ -598,7 +598,7 @@ msgstr ""
msgid "Configure settings relevant to your user profile." msgid "Configure settings relevant to your user profile."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:217 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:216
msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
msgstr "" msgstr ""
@ -654,8 +654,8 @@ msgstr ""
#: src/pages/events/EventInfo.ts:79 #: src/pages/events/EventInfo.ts:79
#: src/pages/events/EventInfo.ts:148 #: src/pages/events/EventInfo.ts:148
#: src/pages/events/EventInfo.ts:167 #: src/pages/events/EventInfo.ts:167
#: src/pages/policies/PolicyTestForm.ts:74 #: src/pages/policies/PolicyTestForm.ts:75
#: src/pages/property-mappings/PropertyMappingTestForm.ts:63 #: src/pages/property-mappings/PropertyMappingTestForm.ts:65
msgid "Context" msgid "Context"
msgstr "" msgstr ""
@ -702,15 +702,15 @@ msgstr ""
#: src/pages/flows/BoundStagesList.ts:167 #: src/pages/flows/BoundStagesList.ts:167
#: src/pages/flows/FlowListPage.ts:109 #: src/pages/flows/FlowListPage.ts:109
#: src/pages/flows/FlowListPage.ts:117 #: src/pages/flows/FlowListPage.ts:117
#: src/pages/groups/GroupListPage.ts:91 #: src/pages/groups/GroupListPage.ts:90
#: src/pages/groups/GroupListPage.ts:99 #: src/pages/groups/GroupListPage.ts:98
#: src/pages/outposts/OutpostListPage.ts:101 #: src/pages/outposts/OutpostListPage.ts:101
#: src/pages/outposts/OutpostListPage.ts:109 #: src/pages/outposts/OutpostListPage.ts:109
#: src/pages/outposts/ServiceConnectionListPage.ts:110 #: src/pages/outposts/ServiceConnectionListPage.ts:110
#: src/pages/outposts/ServiceConnectionListPage.ts:119 #: src/pages/outposts/ServiceConnectionListPage.ts:119
#: src/pages/policies/BoundPoliciesList.ts:158 #: src/pages/policies/BoundPoliciesList.ts:162
#: src/pages/policies/BoundPoliciesList.ts:185 #: src/pages/policies/BoundPoliciesList.ts:189
#: src/pages/policies/BoundPoliciesList.ts:206 #: src/pages/policies/BoundPoliciesList.ts:210
#: src/pages/policies/PolicyListPage.ts:124 #: src/pages/policies/PolicyListPage.ts:124
#: src/pages/policies/PolicyListPage.ts:133 #: src/pages/policies/PolicyListPage.ts:133
#: src/pages/property-mappings/PropertyMappingListPage.ts:113 #: src/pages/property-mappings/PropertyMappingListPage.ts:113
@ -741,10 +741,10 @@ msgstr ""
msgid "Create Application" msgid "Create Application"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:161 #: src/pages/policies/BoundPoliciesList.ts:165
#: src/pages/policies/BoundPoliciesList.ts:166 #: src/pages/policies/BoundPoliciesList.ts:170
#: src/pages/policies/BoundPoliciesList.ts:209 #: src/pages/policies/BoundPoliciesList.ts:213
#: src/pages/policies/BoundPoliciesList.ts:214 #: src/pages/policies/BoundPoliciesList.ts:218
msgid "Create Binding" msgid "Create Binding"
msgstr "" msgstr ""
@ -756,7 +756,7 @@ msgstr ""
msgid "Create Flow" msgid "Create Flow"
msgstr "" msgstr ""
#: src/pages/groups/GroupListPage.ts:94 #: src/pages/groups/GroupListPage.ts:93
msgid "Create Group" msgid "Create Group"
msgstr "" msgstr ""
@ -780,7 +780,7 @@ msgstr ""
msgid "Create Outpost" msgid "Create Outpost"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:176 #: src/pages/policies/BoundPoliciesList.ts:180
msgid "Create Policy" msgid "Create Policy"
msgstr "" msgstr ""
@ -813,7 +813,7 @@ msgstr ""
#: src/pages/applications/ApplicationForm.ts:123 #: src/pages/applications/ApplicationForm.ts:123
#: src/pages/flows/BoundStagesList.ts:149 #: src/pages/flows/BoundStagesList.ts:149
#: src/pages/outposts/ServiceConnectionListPage.ts:122 #: src/pages/outposts/ServiceConnectionListPage.ts:122
#: src/pages/policies/BoundPoliciesList.ts:188 #: src/pages/policies/BoundPoliciesList.ts:192
#: src/pages/policies/PolicyListPage.ts:136 #: src/pages/policies/PolicyListPage.ts:136
#: src/pages/property-mappings/PropertyMappingListPage.ts:125 #: src/pages/property-mappings/PropertyMappingListPage.ts:125
#: src/pages/providers/ProviderListPage.ts:119 #: src/pages/providers/ProviderListPage.ts:119
@ -867,7 +867,7 @@ msgstr ""
#: src/pages/events/RuleListPage.ts:82 #: src/pages/events/RuleListPage.ts:82
#: src/pages/events/TransportListPage.ts:86 #: src/pages/events/TransportListPage.ts:86
#: src/pages/flows/FlowListPage.ts:86 #: src/pages/flows/FlowListPage.ts:86
#: src/pages/groups/GroupListPage.ts:82 #: src/pages/groups/GroupListPage.ts:81
#: src/pages/outposts/OutpostListPage.ts:87 #: src/pages/outposts/OutpostListPage.ts:87
#: src/pages/outposts/ServiceConnectionListPage.ts:101 #: src/pages/outposts/ServiceConnectionListPage.ts:101
#: src/pages/policies/PolicyListPage.ts:115 #: src/pages/policies/PolicyListPage.ts:115
@ -889,7 +889,7 @@ msgid "Delete Authorization Code"
msgstr "" msgstr ""
#: src/pages/flows/BoundStagesList.ts:91 #: src/pages/flows/BoundStagesList.ts:91
#: src/pages/policies/BoundPoliciesList.ts:145 #: src/pages/policies/BoundPoliciesList.ts:149
msgid "Delete Binding" msgid "Delete Binding"
msgstr "" msgstr ""
@ -1002,7 +1002,7 @@ msgstr ""
msgid "Dummy stage used for testing. Shows a simple continue button and always passes." msgid "Dummy stage used for testing. Shows a simple continue button and always passes."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:235 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:234
msgid "Each provider has a different issuer, based on the application slug." msgid "Each provider has a different issuer, based on the application slug."
msgstr "" msgstr ""
@ -1013,7 +1013,7 @@ msgstr ""
#: src/pages/events/RuleListPage.ts:70 #: src/pages/events/RuleListPage.ts:70
#: src/pages/events/TransportListPage.ts:74 #: src/pages/events/TransportListPage.ts:74
#: src/pages/flows/FlowListPage.ts:74 #: src/pages/flows/FlowListPage.ts:74
#: src/pages/groups/GroupListPage.ts:70 #: src/pages/groups/GroupListPage.ts:69
#: src/pages/outposts/OutpostListPage.ts:75 #: src/pages/outposts/OutpostListPage.ts:75
#: src/pages/outposts/ServiceConnectionListPage.ts:89 #: src/pages/outposts/ServiceConnectionListPage.ts:89
#: src/pages/policies/PolicyListPage.ts:90 #: src/pages/policies/PolicyListPage.ts:90
@ -1024,7 +1024,7 @@ msgstr ""
#: src/pages/providers/saml/SAMLProviderViewPage.ts:121 #: src/pages/providers/saml/SAMLProviderViewPage.ts:121
#: src/pages/sources/SourcesListPage.ts:82 #: src/pages/sources/SourcesListPage.ts:82
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:105 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:105
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:124 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:125
#: src/pages/sources/saml/SAMLSourceViewPage.ts:111 #: src/pages/sources/saml/SAMLSourceViewPage.ts:111
#: src/pages/stages/StageListPage.ts:98 #: src/pages/stages/StageListPage.ts:98
#: src/pages/stages/prompt/PromptListPage.ts:75 #: src/pages/stages/prompt/PromptListPage.ts:75
@ -1035,15 +1035,15 @@ msgid "Edit"
msgstr "" msgstr ""
#: src/pages/flows/BoundStagesList.ts:79 #: src/pages/flows/BoundStagesList.ts:79
#: src/pages/policies/BoundPoliciesList.ts:133 #: src/pages/policies/BoundPoliciesList.ts:137
msgid "Edit Binding" msgid "Edit Binding"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:92 #: src/pages/policies/BoundPoliciesList.ts:96
msgid "Edit Group" msgid "Edit Group"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:77 #: src/pages/policies/BoundPoliciesList.ts:81
msgid "Edit Policy" msgid "Edit Policy"
msgstr "" msgstr ""
@ -1051,7 +1051,7 @@ msgstr ""
msgid "Edit Stage" msgid "Edit Stage"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:107 #: src/pages/policies/BoundPoliciesList.ts:111
msgid "Edit User" msgid "Edit User"
msgstr "" msgstr ""
@ -1096,8 +1096,8 @@ msgstr ""
msgid "Enable TOTP" msgid "Enable TOTP"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:37 #: src/pages/policies/BoundPoliciesList.ts:41
#: src/pages/policies/PolicyBindingForm.ts:198 #: src/pages/policies/PolicyBindingForm.ts:199
#: src/pages/sources/ldap/LDAPSourceForm.ts:69 #: src/pages/sources/ldap/LDAPSourceForm.ts:69
#: src/pages/sources/oauth/OAuthSourceForm.ts:115 #: src/pages/sources/oauth/OAuthSourceForm.ts:115
#: src/pages/sources/saml/SAMLSourceForm.ts:69 #: src/pages/sources/saml/SAMLSourceForm.ts:69
@ -1239,10 +1239,10 @@ msgstr ""
msgid "Expression" msgid "Expression"
msgstr "" msgstr ""
#: src/pages/policies/expression/ExpressionPolicyForm.ts:84 #: src/pages/policies/expression/ExpressionPolicyForm.ts:85
#: src/pages/property-mappings/PropertyMappingLDAPForm.ts:70 #: src/pages/property-mappings/PropertyMappingLDAPForm.ts:71
#: src/pages/property-mappings/PropertyMappingSAMLForm.ts:80 #: src/pages/property-mappings/PropertyMappingSAMLForm.ts:81
#: src/pages/property-mappings/PropertyMappingScopeForm.ts:77 #: src/pages/property-mappings/PropertyMappingScopeForm.ts:78
msgid "Expression using Python." msgid "Expression using Python."
msgstr "" msgstr ""
@ -1254,7 +1254,7 @@ msgstr ""
msgid "External Host" msgid "External Host"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:118 #: src/pages/providers/proxy/ProxyProviderForm.ts:119
msgid "External host" msgid "External host"
msgstr "" msgstr ""
@ -1412,9 +1412,9 @@ msgid "Go to previous page"
msgstr "" msgstr ""
#: src/pages/events/RuleForm.ts:65 #: src/pages/events/RuleForm.ts:65
#: src/pages/groups/GroupListPage.ts:75 #: src/pages/groups/GroupListPage.ts:74
#: src/pages/policies/PolicyBindingForm.ts:132 #: src/pages/policies/PolicyBindingForm.ts:125
#: src/pages/policies/PolicyBindingForm.ts:160 #: src/pages/policies/PolicyBindingForm.ts:161
msgid "Group" msgid "Group"
msgstr "" msgstr ""
@ -1434,7 +1434,7 @@ msgstr ""
msgid "Group users together and give them permissions based on the membership." msgid "Group users together and give them permissions based on the membership."
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:49 #: src/pages/policies/BoundPoliciesList.ts:53
msgid "Group {0}" msgid "Group {0}"
msgstr "" msgstr ""
@ -1443,7 +1443,7 @@ msgstr ""
msgid "Groups" msgid "Groups"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:149 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:150
msgid "HS256 (Symmetric Encryption)" msgid "HS256 (Symmetric Encryption)"
msgstr "" msgstr ""
@ -1468,7 +1468,7 @@ msgid "Hide managed mappings"
msgstr "" msgstr ""
#: src/pages/events/RuleForm.ts:93 #: src/pages/events/RuleForm.ts:93
#: src/pages/groups/GroupForm.ts:132 #: src/pages/groups/GroupForm.ts:131
#: src/pages/outposts/OutpostForm.ts:98 #: src/pages/outposts/OutpostForm.ts:98
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:178
#: src/pages/providers/saml/SAMLProviderForm.ts:177 #: src/pages/providers/saml/SAMLProviderForm.ts:177
@ -1544,11 +1544,11 @@ msgstr ""
msgid "In case you can't access any other method." msgid "In case you can't access any other method."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:227 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:226
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint." msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:224 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:223
msgid "Include claims in id_token" msgid "Include claims in id_token"
msgstr "" msgstr ""
@ -1564,7 +1564,7 @@ msgstr ""
msgid "Internal host" msgid "Internal host"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:112 #: src/pages/providers/proxy/ProxyProviderForm.ts:113
msgid "Internal host SSL Validation" msgid "Internal host SSL Validation"
msgstr "" msgstr ""
@ -1592,15 +1592,15 @@ msgstr ""
msgid "Issuer" msgid "Issuer"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:230 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:229
msgid "Issuer mode" msgid "Issuer mode"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:141 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:142
msgid "JWT Algorithm" msgid "JWT Algorithm"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:196 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:195
msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256." msgid "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
msgstr "" msgstr ""
@ -1657,8 +1657,8 @@ msgid "Library"
msgstr "" msgstr ""
#: src/elements/table/Table.ts:120 #: src/elements/table/Table.ts:120
#: src/flows/FlowExecutor.ts:164 #: src/flows/FlowExecutor.ts:167
#: src/flows/FlowExecutor.ts:210 #: src/flows/FlowExecutor.ts:213
#: src/flows/access_denied/FlowAccessDenied.ts:27 #: src/flows/access_denied/FlowAccessDenied.ts:27
#: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts:43 #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts:43
#: src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts:33 #: src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts:33
@ -1686,23 +1686,23 @@ msgstr ""
#: src/pages/flows/StageBindingForm.ts:89 #: src/pages/flows/StageBindingForm.ts:89
#: src/pages/flows/StageBindingForm.ts:106 #: src/pages/flows/StageBindingForm.ts:106
#: src/pages/groups/GroupForm.ts:77 #: src/pages/groups/GroupForm.ts:77
#: src/pages/groups/GroupForm.ts:128 #: src/pages/groups/GroupForm.ts:127
#: src/pages/outposts/OutpostForm.ts:74 #: src/pages/outposts/OutpostForm.ts:74
#: src/pages/outposts/OutpostForm.ts:96 #: src/pages/outposts/OutpostForm.ts:96
#: src/pages/outposts/ServiceConnectionDockerForm.ts:87 #: src/pages/outposts/ServiceConnectionDockerForm.ts:87
#: src/pages/outposts/ServiceConnectionDockerForm.ts:104 #: src/pages/outposts/ServiceConnectionDockerForm.ts:104
#: src/pages/policies/PolicyBindingForm.ts:156 #: src/pages/policies/PolicyBindingForm.ts:157
#: src/pages/policies/PolicyBindingForm.ts:172 #: src/pages/policies/PolicyBindingForm.ts:173
#: src/pages/policies/PolicyBindingForm.ts:188 #: src/pages/policies/PolicyBindingForm.ts:189
#: src/pages/policies/PolicyTestForm.ts:70 #: src/pages/policies/PolicyTestForm.ts:71
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:88
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108 #: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts:108
#: src/pages/property-mappings/PropertyMappingTestForm.ts:59 #: src/pages/property-mappings/PropertyMappingTestForm.ts:61
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:74
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:175
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:194 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:193
#: src/pages/providers/proxy/ProxyProviderForm.ts:92 #: src/pages/providers/proxy/ProxyProviderForm.ts:92
#: src/pages/providers/proxy/ProxyProviderForm.ts:143 #: src/pages/providers/proxy/ProxyProviderForm.ts:145
#: src/pages/providers/saml/SAMLProviderForm.ts:71 #: src/pages/providers/saml/SAMLProviderForm.ts:71
#: src/pages/providers/saml/SAMLProviderForm.ts:133 #: src/pages/providers/saml/SAMLProviderForm.ts:133
#: src/pages/providers/saml/SAMLProviderForm.ts:149 #: src/pages/providers/saml/SAMLProviderForm.ts:149
@ -1795,7 +1795,7 @@ msgid "Members"
msgstr "" msgstr ""
#: src/pages/events/EventInfo.ts:174 #: src/pages/events/EventInfo.ts:174
#: src/pages/policies/PolicyTestForm.ts:43 #: src/pages/policies/PolicyTestForm.ts:44
#: src/pages/system-tasks/SystemTaskListPage.ts:80 #: src/pages/system-tasks/SystemTaskListPage.ts:80
msgid "Messages" msgid "Messages"
msgstr "" msgstr ""
@ -1881,7 +1881,7 @@ msgstr ""
#: src/pages/sources/ldap/LDAPSourceForm.ts:54 #: src/pages/sources/ldap/LDAPSourceForm.ts:54
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:64 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:64
#: src/pages/sources/oauth/OAuthSourceForm.ts:100 #: src/pages/sources/oauth/OAuthSourceForm.ts:100
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:63 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:64
#: src/pages/sources/saml/SAMLSourceForm.ts:54 #: src/pages/sources/saml/SAMLSourceForm.ts:54
#: src/pages/sources/saml/SAMLSourceViewPage.ts:66 #: src/pages/sources/saml/SAMLSourceViewPage.ts:66
#: src/pages/stages/StageListPage.ts:65 #: src/pages/stages/StageListPage.ts:65
@ -1931,11 +1931,11 @@ msgid "New version available!"
msgstr "" msgstr ""
#: src/pages/crypto/CertificateKeyPairListPage.ts:61 #: src/pages/crypto/CertificateKeyPairListPage.ts:61
#: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/GroupListPage.ts:57
#: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/groups/MemberSelectModal.ts:57
#: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/outposts/ServiceConnectionListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:118 #: src/pages/policies/BoundPoliciesList.ts:122
#: src/pages/policies/PolicyTestForm.ts:38 #: src/pages/policies/PolicyTestForm.ts:39
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:108 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:108
#: src/pages/tokens/TokenListPage.ts:56 #: src/pages/tokens/TokenListPage.ts:56
#: src/pages/user-settings/tokens/UserTokenList.ts:83 #: src/pages/user-settings/tokens/UserTokenList.ts:83
@ -1952,7 +1952,7 @@ msgstr ""
msgid "No Events found." msgid "No Events found."
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:151 #: src/pages/policies/BoundPoliciesList.ts:155
msgid "No Policies bound." msgid "No Policies bound."
msgstr "" msgstr ""
@ -1981,7 +1981,7 @@ msgstr ""
msgid "No matching events could be found." msgid "No matching events could be found."
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:153 #: src/pages/policies/BoundPoliciesList.ts:157
msgid "No policies are currently bound to this object." msgid "No policies are currently bound to this object."
msgstr "" msgstr ""
@ -2153,8 +2153,8 @@ msgstr ""
#: src/pages/flows/BoundStagesList.ts:38 #: src/pages/flows/BoundStagesList.ts:38
#: src/pages/flows/StageBindingForm.ts:110 #: src/pages/flows/StageBindingForm.ts:110
#: src/pages/policies/BoundPoliciesList.ts:38 #: src/pages/policies/BoundPoliciesList.ts:42
#: src/pages/policies/PolicyBindingForm.ts:203 #: src/pages/policies/PolicyBindingForm.ts:204
#: src/pages/stages/prompt/PromptForm.ts:119 #: src/pages/stages/prompt/PromptForm.ts:119
#: src/pages/stages/prompt/PromptListPage.ts:49 #: src/pages/stages/prompt/PromptListPage.ts:49
msgid "Order" msgid "Order"
@ -2191,7 +2191,7 @@ msgstr ""
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:56 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:56
#: src/pages/providers/saml/SAMLProviderViewPage.ts:58 #: src/pages/providers/saml/SAMLProviderViewPage.ts:58
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:56 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:56
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:55 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:56
#: src/pages/sources/saml/SAMLSourceViewPage.ts:58 #: src/pages/sources/saml/SAMLSourceViewPage.ts:58
#: src/pages/users/UserViewPage.ts:74 #: src/pages/users/UserViewPage.ts:74
msgid "Overview" msgid "Overview"
@ -2211,7 +2211,7 @@ msgid "Pass policy?"
msgstr "" msgstr ""
#: src/pages/events/EventInfo.ts:173 #: src/pages/events/EventInfo.ts:173
#: src/pages/policies/PolicyTestForm.ts:35 #: src/pages/policies/PolicyTestForm.ts:36
msgid "Passing" msgid "Passing"
msgstr "" msgstr ""
@ -2246,7 +2246,6 @@ msgid "Please enter your password"
msgstr "" msgstr ""
#: src/interfaces/AdminInterface.ts:26 #: src/interfaces/AdminInterface.ts:26
#: src/pages/admin-overview/AdminOverviewPage.ts:48
#: src/pages/flows/FlowListPage.ts:50 #: src/pages/flows/FlowListPage.ts:50
#: src/pages/policies/PolicyListPage.ts:38 #: src/pages/policies/PolicyListPage.ts:38
msgid "Policies" msgid "Policies"
@ -2256,24 +2255,28 @@ msgstr ""
msgid "Policies without binding exist." msgid "Policies without binding exist."
msgstr "" msgstr ""
#: src/pages/policies/PolicyBindingForm.ts:124 #: src/pages/policies/PolicyBindingForm.ts:108
#: src/pages/policies/PolicyBindingForm.ts:147 #: src/pages/policies/PolicyBindingForm.ts:117
#: src/pages/policies/PolicyBindingForm.ts:148
#: src/pages/policies/PolicyListPage.ts:108 #: src/pages/policies/PolicyListPage.ts:108
msgid "Policy" msgid "Policy"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:36 #: src/pages/applications/ApplicationViewPage.ts:134
#: src/pages/flows/FlowViewPage.ts:101
msgid "Policy / Group / User Bindings"
msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:40
msgid "Policy / User / Group" msgid "Policy / User / Group"
msgstr "" msgstr ""
#: src/pages/applications/ApplicationViewPage.ts:134 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:144
#: src/pages/flows/FlowViewPage.ts:101
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:143
#: src/pages/sources/saml/SAMLSourceViewPage.ts:150 #: src/pages/sources/saml/SAMLSourceViewPage.ts:150
msgid "Policy Bindings" msgid "Policy Bindings"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:138 #: src/pages/policies/BoundPoliciesList.ts:142
msgid "Policy binding" msgid "Policy binding"
msgstr "" msgstr ""
@ -2284,7 +2287,7 @@ msgstr ""
msgid "Policy engine mode" msgid "Policy engine mode"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:46 #: src/pages/policies/BoundPoliciesList.ts:50
msgid "Policy {0}" msgid "Policy {0}"
msgstr "" msgstr ""
@ -2310,7 +2313,7 @@ msgstr ""
msgid "Post binding (auto-submit)" msgid "Post binding (auto-submit)"
msgstr "" msgstr ""
#: src/flows/FlowExecutor.ts:252 #: src/flows/FlowExecutor.ts:255
msgid "Powered by authentik" msgid "Powered by authentik"
msgstr "" msgstr ""
@ -2391,7 +2394,7 @@ msgid "Provider"
msgstr "" msgstr ""
#: src/pages/applications/ApplicationListPage.ts:61 #: src/pages/applications/ApplicationListPage.ts:61
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:71 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:72
msgid "Provider Type" msgid "Provider Type"
msgstr "" msgstr ""
@ -2400,13 +2403,16 @@ msgid "Provider type"
msgstr "" msgstr ""
#: src/interfaces/AdminInterface.ts:20 #: src/interfaces/AdminInterface.ts:20
#: src/pages/admin-overview/AdminOverviewPage.ts:46
#: src/pages/outposts/OutpostForm.ts:82 #: src/pages/outposts/OutpostForm.ts:82
#: src/pages/outposts/OutpostListPage.ts:51 #: src/pages/outposts/OutpostListPage.ts:51
#: src/pages/providers/ProviderListPage.ts:34 #: src/pages/providers/ProviderListPage.ts:34
msgid "Providers" msgid "Providers"
msgstr "" msgstr ""
#: src/pages/admin-overview/AdminOverviewPage.ts:46
msgid "Providers without application"
msgstr ""
#: src/pages/outposts/OutpostForm.ts:57 #: src/pages/outposts/OutpostForm.ts:57
msgid "Proxy" msgid "Proxy"
msgstr "" msgstr ""
@ -2427,7 +2433,7 @@ msgstr ""
msgid "Publisher" msgid "Publisher"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:146 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:147
msgid "RS256 (Asymmetric Encryption)" msgid "RS256 (Asymmetric Encryption)"
msgstr "" msgstr ""
@ -2499,7 +2505,7 @@ msgstr ""
msgid "Register device" msgid "Register device"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:151 #: src/pages/providers/proxy/ProxyProviderForm.ts:153
msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression." msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
msgstr "" msgstr ""
@ -2548,7 +2554,7 @@ msgid "Resources"
msgstr "" msgstr ""
#: src/pages/events/EventInfo.ts:171 #: src/pages/events/EventInfo.ts:171
#: src/pages/property-mappings/PropertyMappingTestForm.ts:34 #: src/pages/property-mappings/PropertyMappingTestForm.ts:36
msgid "Result" msgid "Result"
msgstr "" msgstr ""
@ -2561,7 +2567,7 @@ msgstr ""
msgid "Retry authentication" msgid "Retry authentication"
msgstr "" msgstr ""
#: src/flows/FlowExecutor.ts:142 #: src/flows/FlowExecutor.ts:145
msgid "Return" msgid "Return"
msgstr "" msgstr ""
@ -2624,7 +2630,7 @@ msgstr ""
msgid "SSO URL" msgid "SSO URL"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:238 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:237
msgid "Same identifier is used for all providers" msgid "Same identifier is used for all providers"
msgstr "" msgstr ""
@ -2638,7 +2644,7 @@ msgstr ""
#: src/elements/oauth/UserCodeList.ts:31 #: src/elements/oauth/UserCodeList.ts:31
#: src/elements/oauth/UserRefreshList.ts:31 #: src/elements/oauth/UserRefreshList.ts:31
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:155 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:156
msgid "Scopes" msgid "Scopes"
msgstr "" msgstr ""
@ -2650,10 +2656,10 @@ msgstr ""
msgid "Secret:" msgid "Secret:"
msgstr "" msgstr ""
#: src/pages/policies/expression/ExpressionPolicyForm.ts:86 #: src/pages/policies/expression/ExpressionPolicyForm.ts:87
#: src/pages/property-mappings/PropertyMappingLDAPForm.ts:72 #: src/pages/property-mappings/PropertyMappingLDAPForm.ts:73
#: src/pages/property-mappings/PropertyMappingSAMLForm.ts:82 #: src/pages/property-mappings/PropertyMappingSAMLForm.ts:83
#: src/pages/property-mappings/PropertyMappingScopeForm.ts:79 #: src/pages/property-mappings/PropertyMappingScopeForm.ts:80
msgid "See documentation for a list of all variables." msgid "See documentation for a list of all variables."
msgstr "" msgstr ""
@ -2742,19 +2748,19 @@ msgstr ""
msgid "Session valid not on or after" msgid "Session valid not on or after"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:161 #: src/pages/providers/proxy/ProxyProviderForm.ts:163
msgid "Set HTTP-Basic Authentication" msgid "Set HTTP-Basic Authentication"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:164 #: src/pages/providers/proxy/ProxyProviderForm.ts:166
msgid "Set a custom HTTP-Basic Authentication header based on values from authentik." msgid "Set a custom HTTP-Basic Authentication header based on values from authentik."
msgstr "" msgstr ""
#: src/pages/groups/GroupForm.ts:139 #: src/pages/groups/GroupForm.ts:139
#: src/pages/outposts/OutpostForm.ts:109 #: src/pages/outposts/OutpostForm.ts:109
#: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73 #: src/pages/outposts/ServiceConnectionKubernetesForm.ts:73
#: src/pages/policies/PolicyTestForm.ts:78 #: src/pages/policies/PolicyTestForm.ts:79
#: src/pages/users/UserForm.ts:81 #: src/pages/users/UserForm.ts:82
msgid "Set custom attributes using YAML or JSON." msgid "Set custom attributes using YAML or JSON."
msgstr "" msgstr ""
@ -2796,7 +2802,7 @@ msgstr ""
msgid "Single Prompts that can be used for Prompt Stages." msgid "Single Prompts that can be used for Prompt Stages."
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:148 #: src/pages/providers/proxy/ProxyProviderForm.ts:150
msgid "Skip path regex" msgid "Skip path regex"
msgstr "" msgstr ""
@ -2809,7 +2815,7 @@ msgstr ""
msgid "Slug" msgid "Slug"
msgstr "" msgstr ""
#: src/flows/FlowExecutor.ts:135 #: src/flows/FlowExecutor.ts:138
msgid "Something went wrong! Please try again later." msgid "Something went wrong! Please try again later."
msgstr "" msgstr ""
@ -2934,7 +2940,7 @@ msgstr ""
msgid "Subject" msgid "Subject"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:199 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:198
msgid "Subject mode" msgid "Subject mode"
msgstr "" msgstr ""
@ -2963,7 +2969,7 @@ msgid "Successfully created application."
msgstr "" msgstr ""
#: src/pages/flows/StageBindingForm.ts:39 #: src/pages/flows/StageBindingForm.ts:39
#: src/pages/policies/PolicyBindingForm.ts:72 #: src/pages/policies/PolicyBindingForm.ts:64
msgid "Successfully created binding." msgid "Successfully created binding."
msgstr "" msgstr ""
@ -3081,8 +3087,8 @@ msgstr ""
msgid "Successfully imported provider." msgid "Successfully imported provider."
msgstr "" msgstr ""
#: src/pages/policies/PolicyTestForm.ts:29 #: src/pages/policies/PolicyTestForm.ts:30
#: src/pages/property-mappings/PropertyMappingTestForm.ts:29 #: src/pages/property-mappings/PropertyMappingTestForm.ts:31
msgid "Successfully sent test-request." msgid "Successfully sent test-request."
msgstr "" msgstr ""
@ -3091,7 +3097,7 @@ msgid "Successfully updated application."
msgstr "" msgstr ""
#: src/pages/flows/StageBindingForm.ts:36 #: src/pages/flows/StageBindingForm.ts:36
#: src/pages/policies/PolicyBindingForm.ts:69 #: src/pages/policies/PolicyBindingForm.ts:61
msgid "Successfully updated binding." msgid "Successfully updated binding."
msgstr "" msgstr ""
@ -3293,33 +3299,39 @@ msgstr ""
msgid "The URL \"{0}\" was not found." msgid "The URL \"{0}\" was not found."
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:123
msgid "The external URL you'll access the outpost at."
msgstr ""
#: src/pages/policies/dummy/DummyPolicyForm.ts:90 #: src/pages/policies/dummy/DummyPolicyForm.ts:90
msgid "The policy takes a random time to execute. This controls the minimum time it will take." msgid "The policy takes a random time to execute. This controls the minimum time it will take."
msgstr "" msgstr ""
#: src/pages/flows/BoundStagesList.ts:102
msgid "These bindings control if this stage will be applied to the flow."
msgstr ""
#: src/pages/events/RuleListPage.ts:109 #: src/pages/events/RuleListPage.ts:109
msgid "" msgid ""
"These policies control upon which events this rule triggers. Bindings to\n" "These bindings control upon which events this rule triggers. Bindings to\n"
"groups/users are checked against the user of the event." "groups/users are checked against the user of the event."
msgstr "" msgstr ""
#: src/pages/flows/BoundStagesList.ts:102 #: src/pages/flows/FlowViewPage.ts:103
msgid "These policies control when this stage will be applied to the flow." msgid "These bindings control which users can access this flow."
msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:146
#: src/pages/sources/saml/SAMLSourceViewPage.ts:152
msgid ""
"These bindings control which users can access this source.\n"
"You can only use policies here as access is checked before the user is authenticated."
msgstr "" msgstr ""
#: src/pages/applications/ApplicationViewPage.ts:136 #: src/pages/applications/ApplicationViewPage.ts:136
msgid "These policies control which users can access this application." msgid "These policies control which users can access this application."
msgstr "" msgstr ""
#: src/pages/flows/FlowViewPage.ts:103
msgid "These policies control which users can access this flow."
msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:145
#: src/pages/sources/saml/SAMLSourceViewPage.ts:152
msgid "These policies control which users can access this source."
msgstr ""
#: src/pages/stages/invitation/InvitationStageForm.ts:53 #: src/pages/stages/invitation/InvitationStageForm.ts:53
msgid "This stage can be included in enrollment flows to accept invitations." msgid "This stage can be included in enrollment flows to accept invitations."
msgstr "" msgstr ""
@ -3344,8 +3356,8 @@ msgstr ""
msgid "Time-based One-Time Passwords" msgid "Time-based One-Time Passwords"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:39 #: src/pages/policies/BoundPoliciesList.ts:43
#: src/pages/policies/PolicyBindingForm.ts:209 #: src/pages/policies/PolicyBindingForm.ts:210
#: src/pages/stages/email/EmailStageForm.ts:101 #: src/pages/stages/email/EmailStageForm.ts:101
msgid "Timeout" msgid "Timeout"
msgstr "" msgstr ""
@ -3360,7 +3372,7 @@ msgid "Token"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts:174
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:103 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:104
msgid "Token URL" msgid "Token URL"
msgstr "" msgstr ""
@ -3372,7 +3384,7 @@ msgstr ""
msgid "Token expiry" msgid "Token expiry"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:135 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:136
msgid "Token validity" msgid "Token validity"
msgstr "" msgstr ""
@ -3443,6 +3455,10 @@ msgstr ""
msgid "URL used to request the initial token. This URL is only required for OAuth 1." msgid "URL used to request the initial token. This URL is only required for OAuth 1."
msgstr "" msgstr ""
#: src/pages/admin-overview/AdminOverviewPage.ts:48
msgid "Unbound policies"
msgstr ""
#: src/pages/flows/FlowForm.ts:73 #: src/pages/flows/FlowForm.ts:73
msgid "Unenrollment" msgid "Unenrollment"
msgstr "" msgstr ""
@ -3467,13 +3483,13 @@ msgstr ""
#: src/pages/flows/BoundStagesList.ts:53 #: src/pages/flows/BoundStagesList.ts:53
#: src/pages/flows/BoundStagesList.ts:71 #: src/pages/flows/BoundStagesList.ts:71
#: src/pages/flows/FlowListPage.ts:66 #: src/pages/flows/FlowListPage.ts:66
#: src/pages/groups/GroupListPage.ts:62 #: src/pages/groups/GroupListPage.ts:61
#: src/pages/outposts/OutpostListPage.ts:67 #: src/pages/outposts/OutpostListPage.ts:67
#: src/pages/outposts/ServiceConnectionListPage.ts:76 #: src/pages/outposts/ServiceConnectionListPage.ts:76
#: src/pages/policies/BoundPoliciesList.ts:64 #: src/pages/policies/BoundPoliciesList.ts:68
#: src/pages/policies/BoundPoliciesList.ts:84 #: src/pages/policies/BoundPoliciesList.ts:88
#: src/pages/policies/BoundPoliciesList.ts:99 #: src/pages/policies/BoundPoliciesList.ts:103
#: src/pages/policies/BoundPoliciesList.ts:125 #: src/pages/policies/BoundPoliciesList.ts:129
#: src/pages/policies/PolicyListPage.ts:77 #: src/pages/policies/PolicyListPage.ts:77
#: src/pages/property-mappings/PropertyMappingListPage.ts:66 #: src/pages/property-mappings/PropertyMappingListPage.ts:66
#: src/pages/providers/ProviderListPage.ts:73 #: src/pages/providers/ProviderListPage.ts:73
@ -3482,7 +3498,7 @@ msgstr ""
#: src/pages/providers/saml/SAMLProviderViewPage.ts:111 #: src/pages/providers/saml/SAMLProviderViewPage.ts:111
#: src/pages/sources/SourcesListPage.ts:69 #: src/pages/sources/SourcesListPage.ts:69
#: src/pages/sources/ldap/LDAPSourceViewPage.ts:95 #: src/pages/sources/ldap/LDAPSourceViewPage.ts:95
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:114 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:115
#: src/pages/sources/saml/SAMLSourceViewPage.ts:101 #: src/pages/sources/saml/SAMLSourceViewPage.ts:101
#: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/StageListPage.ts:85
#: src/pages/stages/prompt/PromptListPage.ts:67 #: src/pages/stages/prompt/PromptListPage.ts:67
@ -3502,7 +3518,7 @@ msgstr ""
msgid "Update Application" msgid "Update Application"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:128 #: src/pages/policies/BoundPoliciesList.ts:132
msgid "Update Binding" msgid "Update Binding"
msgstr "" msgstr ""
@ -3514,8 +3530,8 @@ msgstr ""
msgid "Update Flow" msgid "Update Flow"
msgstr "" msgstr ""
#: src/pages/groups/GroupListPage.ts:65 #: src/pages/groups/GroupListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:87 #: src/pages/policies/BoundPoliciesList.ts:91
msgid "Update Group" msgid "Update Group"
msgstr "" msgstr ""
@ -3531,7 +3547,7 @@ msgstr ""
msgid "Update Notification Transport" msgid "Update Notification Transport"
msgstr "" msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts:117 #: src/pages/sources/oauth/OAuthSourceViewPage.ts:118
msgid "Update OAuth Source" msgid "Update OAuth Source"
msgstr "" msgstr ""
@ -3567,7 +3583,7 @@ msgstr ""
msgid "Update Token" msgid "Update Token"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:102 #: src/pages/policies/BoundPoliciesList.ts:106
#: src/pages/users/UserListPage.ts:71 #: src/pages/users/UserListPage.ts:71
#: src/pages/users/UserViewPage.ts:142 #: src/pages/users/UserViewPage.ts:142
msgid "Update User" msgid "Update User"
@ -3579,7 +3595,7 @@ msgstr ""
#: src/pages/flows/BoundStagesList.ts:56 #: src/pages/flows/BoundStagesList.ts:56
#: src/pages/outposts/ServiceConnectionListPage.ts:79 #: src/pages/outposts/ServiceConnectionListPage.ts:79
#: src/pages/policies/BoundPoliciesList.ts:67 #: src/pages/policies/BoundPoliciesList.ts:71
#: src/pages/policies/PolicyListPage.ts:80 #: src/pages/policies/PolicyListPage.ts:80
#: src/pages/property-mappings/PropertyMappingListPage.ts:69 #: src/pages/property-mappings/PropertyMappingListPage.ts:69
#: src/pages/providers/ProviderListPage.ts:76 #: src/pages/providers/ProviderListPage.ts:76
@ -3589,6 +3605,10 @@ msgstr ""
msgid "Update {0}" msgid "Update {0}"
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:107
msgid "Upstream host that the requests are forwarded to."
msgstr ""
#: src/pages/stages/email/EmailStageForm.ts:96 #: src/pages/stages/email/EmailStageForm.ts:96
msgid "Use SSL" msgid "Use SSL"
msgstr "" msgstr ""
@ -3613,10 +3633,10 @@ msgstr ""
#: src/elements/events/UserEvents.ts:36 #: src/elements/events/UserEvents.ts:36
#: src/pages/events/EventInfo.ts:83 #: src/pages/events/EventInfo.ts:83
#: src/pages/events/EventListPage.ts:44 #: src/pages/events/EventListPage.ts:44
#: src/pages/policies/PolicyBindingForm.ts:140 #: src/pages/policies/PolicyBindingForm.ts:133
#: src/pages/policies/PolicyBindingForm.ts:176 #: src/pages/policies/PolicyBindingForm.ts:177
#: src/pages/policies/PolicyTestForm.ts:60 #: src/pages/policies/PolicyTestForm.ts:61
#: src/pages/property-mappings/PropertyMappingTestForm.ts:49 #: src/pages/property-mappings/PropertyMappingTestForm.ts:51
#: src/pages/tokens/TokenListPage.ts:45 #: src/pages/tokens/TokenListPage.ts:45
#: src/pages/user-settings/tokens/UserTokenList.ts:72 #: src/pages/user-settings/tokens/UserTokenList.ts:72
#: src/pages/users/UserListPage.ts:88 #: src/pages/users/UserListPage.ts:88
@ -3657,7 +3677,7 @@ msgstr ""
msgid "User password writeback" msgid "User password writeback"
msgstr "" msgstr ""
#: src/pages/policies/BoundPoliciesList.ts:52 #: src/pages/policies/BoundPoliciesList.ts:56
#: src/pages/users/UserViewPage.ts:63 #: src/pages/users/UserViewPage.ts:63
msgid "User {0}" msgid "User {0}"
msgstr "" msgstr ""
@ -3712,11 +3732,11 @@ msgstr ""
msgid "Using source" msgid "Using source"
msgstr "" msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts:123 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts:124
msgid "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows." msgid "Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows."
msgstr "" msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts:115 #: src/pages/providers/proxy/ProxyProviderForm.ts:116
msgid "Validate SSL Certificates of upstream servers." msgid "Validate SSL Certificates of upstream servers."
msgstr "" msgstr ""
@ -3831,7 +3851,7 @@ msgstr ""
msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged." msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
msgstr "" msgstr ""
#: src/flows/FlowExecutor.ts:131 #: src/flows/FlowExecutor.ts:134
msgid "Whoops!" msgid "Whoops!"
msgstr "" msgstr ""
@ -3854,11 +3874,11 @@ msgid "X509 Subject"
msgstr "" msgstr ""
#: src/pages/crypto/CertificateKeyPairListPage.ts:61 #: src/pages/crypto/CertificateKeyPairListPage.ts:61
#: src/pages/groups/GroupListPage.ts:58 #: src/pages/groups/GroupListPage.ts:57
#: src/pages/groups/MemberSelectModal.ts:57 #: src/pages/groups/MemberSelectModal.ts:57
#: src/pages/outposts/ServiceConnectionListPage.ts:64 #: src/pages/outposts/ServiceConnectionListPage.ts:64
#: src/pages/policies/BoundPoliciesList.ts:118 #: src/pages/policies/BoundPoliciesList.ts:122
#: src/pages/policies/PolicyTestForm.ts:38 #: src/pages/policies/PolicyTestForm.ts:39
#: src/pages/providers/proxy/ProxyProviderViewPage.ts:105 #: src/pages/providers/proxy/ProxyProviderViewPage.ts:105
#: src/pages/tokens/TokenListPage.ts:56 #: src/pages/tokens/TokenListPage.ts:56
#: src/pages/user-settings/tokens/UserTokenList.ts:83 #: src/pages/user-settings/tokens/UserTokenList.ts:83

6
web/src/pages/admin-overview/AdminOverviewPage.ts
View File

@ -44,13 +44,13 @@ export class AdminOverviewPage extends LitElement {
<ak-aggregate-card class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-server" header=${t`Apps with most usage`} style="grid-column-end: span 2;grid-row-end: span 3;"> <ak-aggregate-card class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-server" header=${t`Apps with most usage`} style="grid-column-end: span 2;grid-row-end: span 3;">
<ak-top-applications-table></ak-top-applications-table> <ak-top-applications-table></ak-top-applications-table>
</ak-aggregate-card> </ak-aggregate-card>
<ak-admin-status-card-provider class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-plugged" header=${t`Providers`} headerLink="#/core/providers/"> <ak-admin-status-card-provider class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-plugged" header=${t`Providers without application`} headerLink="#/core/providers">
</ak-admin-status-card-provider> </ak-admin-status-card-provider>
<ak-admin-status-card-policy-unbound class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-infrastructure" header=${t`Policies`} headerLink="#/policy/policies"> <ak-admin-status-card-policy-unbound class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-infrastructure" header=${t`Unbound policies`} headerLink="#/policy/policies">
</ak-admin-status-card-policy-unbound> </ak-admin-status-card-policy-unbound>
<ak-admin-status-card-user-count class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-user" header=${t`Users`} headerLink="#/identity/users"> <ak-admin-status-card-user-count class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-user" header=${t`Users`} headerLink="#/identity/users">
</ak-admin-status-card-user-count> </ak-admin-status-card-user-count>
<ak-admin-status-version class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-bundle" header=${t`Version`} headerLink="https://github.com/BeryJu/authentik/releases"> <ak-admin-status-version class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-bundle" header=${t`Version`} headerLink="https://github.com/goauthentik/authentik/releases">
</ak-admin-status-version> </ak-admin-status-version>
<ak-admin-status-card-workers class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-server" header=${t`Workers`}> <ak-admin-status-card-workers class="pf-l-gallery__item pf-m-4-col" icon="pf-icon pf-icon-server" header=${t`Workers`}>
</ak-admin-status-card-workers> </ak-admin-status-card-workers>

2
web/src/pages/applications/ApplicationViewPage.ts
View File

@ -134,7 +134,7 @@ export class ApplicationViewPage extends LitElement {
</div> </div>
</div> </div>
</section> </section>
<div slot="page-policy-bindings" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile"> <div slot="page-policy-bindings" data-tab-title="${t`Policy / Group / User Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title">${t`These policies control which users can access this application.`}</div> <div class="pf-c-card__title">${t`These policies control which users can access this application.`}</div>
<ak-bound-policies-list .target=${this.application.pk}> <ak-bound-policies-list .target=${this.application.pk}>

2
web/src/pages/events/EventInfo.ts
View File

@ -190,7 +190,7 @@ export class EventInfo extends LitElement {
<ak-expand>${this.defaultResponse()}</ak-expand>`; <ak-expand>${this.defaultResponse()}</ak-expand>`;
case "update_available": case "update_available":
return html`<h3>${t`New version available!`}</h3> return html`<h3>${t`New version available!`}</h3>
<a target="_blank" href="https://github.com/BeryJu/authentik/releases/tag/version%2F${this.event.context.new_version}">${this.event.context.new_version}</a> <a target="_blank" href="https://github.com/goauthentik/authentik/releases/tag/version%2F${this.event.context.new_version}">${this.event.context.new_version}</a>
`; `;
// Action types which typically don't record any extra context. // Action types which typically don't record any extra context.
// If context is not empty, we fall to the default response. // If context is not empty, we fall to the default response.

2
web/src/pages/events/RuleListPage.ts
View File

@ -108,7 +108,7 @@ export class RuleListPage extends TablePage<NotificationRule> {
return html` return html`
<td role="cell" colspan="4"> <td role="cell" colspan="4">
<div class="pf-c-table__expandable-row-content"> <div class="pf-c-table__expandable-row-content">
<p>${t`These policies control upon which events this rule triggers. Bindings to <p>${t`These bindings control upon which events this rule triggers. Bindings to
groups/users are checked against the user of the event.`}</p> groups/users are checked against the user of the event.`}</p>
<ak-bound-policies-list .target=${item.pk}> <ak-bound-policies-list .target=${item.pk}>
</ak-bound-policies-list> </ak-bound-policies-list>

2
web/src/pages/flows/BoundStagesList.ts
View File

@ -100,7 +100,7 @@ export class BoundStagesList extends Table<FlowStageBinding> {
<td role="cell" colspan="3"> <td role="cell" colspan="3">
<div class="pf-c-table__expandable-row-content"> <div class="pf-c-table__expandable-row-content">
<div class="pf-c-content"> <div class="pf-c-content">
<p>${t`These policies control when this stage will be applied to the flow.`}</p> <p>${t`These bindings control if this stage will be applied to the flow.`}</p>
<ak-bound-policies-list .target=${item.policybindingmodelPtrId}> <ak-bound-policies-list .target=${item.policybindingmodelPtrId}>
</ak-bound-policies-list> </ak-bound-policies-list>
</div> </div>

4
web/src/pages/flows/FlowViewPage.ts
View File

@ -104,9 +104,9 @@ export class FlowViewPage extends LitElement {
</div> </div>
</div> </div>
</div> </div>
<div slot="page-policy-bindings" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile"> <div slot="page-policy-bindings" data-tab-title="${t`Policy / Group / User Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title">${t`These policies control which users can access this flow.`}</div> <div class="pf-c-card__title">${t`These bindings control which users can access this flow.`}</div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
<ak-bound-policies-list .target=${this.flow.policybindingmodelPtrId}> <ak-bound-policies-list .target=${this.flow.policybindingmodelPtrId}>
</ak-bound-policies-list> </ak-bound-policies-list>

2
web/src/pages/groups/GroupForm.ts
View File

@ -73,7 +73,6 @@ export class GroupForm extends Form<Group> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Members`} label=${t`Members`}
?required=${true}
name="users"> name="users">
<div class="pf-c-input-group"> <div class="pf-c-input-group">
<ak-group-member-select-table <ak-group-member-select-table
@ -121,6 +120,7 @@ export class GroupForm extends Form<Group> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Attributes`} label=${t`Attributes`}
?required=${true}
name="attributes"> name="attributes">
<ak-codemirror mode="yaml" value="${YAML.stringify(first(this.group?.attributes, {}))}"> <ak-codemirror mode="yaml" value="${YAML.stringify(first(this.group?.attributes, {}))}">
</ak-codemirror> </ak-codemirror>

2
web/src/pages/groups/GroupListPage.ts
View File

@ -53,7 +53,7 @@ export class GroupListPage extends TablePage<Group> {
return [ return [
html`${item.name}`, html`${item.name}`,
html`${item.parent || "-"}`, html`${item.parent || "-"}`,
html`${item.users?.keys.length}`, html`${Array.from(item.users || []).length}`,
html`${item.isSuperuser ? t`Yes` : t`No`}`, html`${item.isSuperuser ? t`Yes` : t`No`}`,
html` html`
<ak-forms-modal> <ak-forms-modal>

9
web/src/pages/policies/BoundPoliciesList.ts
View File

@ -25,6 +25,9 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
@property() @property()
target?: string; target?: string;
@property({type: Boolean})
policyOnly = false;
apiEndpoint(page: number): Promise<AKResponse<PolicyBinding>> { apiEndpoint(page: number): Promise<AKResponse<PolicyBinding>> {
return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsList({ return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsList({
target: this.target || "", target: this.target || "",
@ -125,7 +128,7 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
<span slot="header"> <span slot="header">
${t`Update Binding`} ${t`Update Binding`}
</span> </span>
<ak-policy-binding-form slot="form" .binding=${item} targetPk=${ifDefined(this.target)}> <ak-policy-binding-form slot="form" .binding=${item} targetPk=${ifDefined(this.target)} ?policyOnly=${this.policyOnly}>
</ak-policy-binding-form> </ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-secondary"> <button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Edit Binding`} ${t`Edit Binding`}
@ -159,7 +162,7 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
<span slot="header"> <span slot="header">
${t`Create Binding`} ${t`Create Binding`}
</span> </span>
<ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)}> <ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)} ?policyOnly=${this.policyOnly}>
</ak-policy-binding-form> </ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-primary"> <button slot="trigger" class="pf-c-button pf-m-primary">
${t`Create Binding`} ${t`Create Binding`}
@ -208,7 +211,7 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
<span slot="header"> <span slot="header">
${t`Create Binding`} ${t`Create Binding`}
</span> </span>
<ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)}> <ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)} ?policyOnly=${this.policyOnly}>
</ak-policy-binding-form> </ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-secondary"> <button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Create Binding`} ${t`Create Binding`}

68
web/src/pages/policies/PolicyBindingForm.ts
View File

@ -44,6 +44,9 @@ export class PolicyBindingForm extends Form<PolicyBinding> {
@property({type: Number}) @property({type: Number})
policyGroupUser: target = target.policy; policyGroupUser: target = target.policy;
@property({type: Boolean})
policyOnly = false;
getSuccessMessage(): string { getSuccessMessage(): string {
if (this.binding) { if (this.binding) {
return t`Successfully updated binding.`; return t`Successfully updated binding.`;
@ -60,10 +63,6 @@ export class PolicyBindingForm extends Form<PolicyBinding> {
`); `);
} }
async customValidate(form: PolicyBinding): Promise<PolicyBinding> {
return form;
}
send = (data: PolicyBinding): Promise<PolicyBinding> => { send = (data: PolicyBinding): Promise<PolicyBinding> => {
if (this.binding) { if (this.binding) {
return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsUpdate({ return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsUpdate({
@ -105,34 +104,49 @@ export class PolicyBindingForm extends Form<PolicyBinding> {
}); });
} }
renderModeSelector(): TemplateResult {
console.log(this.policyOnly);
if (this.policyOnly) {
this.policyGroupUser = target.policy;
return html`
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button pf-m-selected" type="button">
<span class="pf-c-toggle-group__text">${t`Policy`}</span>
</button>
</div>`;
}
return html`
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.policy ? "pf-m-selected": ""}" type="button" @click=${() => {
this.policyGroupUser = target.policy;
}}>
<span class="pf-c-toggle-group__text">${t`Policy`}</span>
</button>
</div>
<div class="pf-c-divider pf-m-vertical" role="separator"></div>
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.group ? "pf-m-selected" : ""}" type="button" @click=${() => {
this.policyGroupUser = target.group;
}}>
<span class="pf-c-toggle-group__text">${t`Group`}</span>
</button>
</div>
<div class="pf-c-divider pf-m-vertical" role="separator"></div>
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.user ? "pf-m-selected" : ""}" type="button" @click=${() => {
this.policyGroupUser = target.user;
}}>
<span class="pf-c-toggle-group__text">${t`User`}</span>
</button>
</div>`;
}
renderForm(): TemplateResult { renderForm(): TemplateResult {
return html`<form class="pf-c-form pf-m-horizontal"> return html`<form class="pf-c-form pf-m-horizontal">
<div class="pf-c-card pf-m-selectable pf-m-selected"> <div class="pf-c-card pf-m-selectable pf-m-selected">
<div class="pf-c-card__body"> <div class="pf-c-card__body">
<div class="pf-c-toggle-group"> <div class="pf-c-toggle-group">
<div class="pf-c-toggle-group__item"> ${this.renderModeSelector()}
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.policy ? "pf-m-selected": ""}" type="button" @click=${() => {
this.policyGroupUser = target.policy;
}}>
<span class="pf-c-toggle-group__text">${t`Policy`}</span>
</button>
</div>
<div class="pf-c-divider pf-m-vertical" role="separator"></div>
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.group ? "pf-m-selected" : ""}" type="button" @click=${() => {
this.policyGroupUser = target.group;
}}>
<span class="pf-c-toggle-group__text">${t`Group`}</span>
</button>
</div>
<div class="pf-c-divider pf-m-vertical" role="separator"></div>
<div class="pf-c-toggle-group__item">
<button class="pf-c-toggle-group__button ${this.policyGroupUser === target.user ? "pf-m-selected" : ""}" type="button" @click=${() => {
this.policyGroupUser = target.user;
}}>
<span class="pf-c-toggle-group__text">${t`User`}</span>
</button>
</div>
</div> </div>
</div> </div>
<div class="pf-c-card__footer"> <div class="pf-c-card__footer">

1
web/src/pages/policies/expression/ExpressionPolicyForm.ts
View File

@ -74,6 +74,7 @@ export class ExpressionPolicyForm extends Form<ExpressionPolicy> {
<div slot="body" class="pf-c-form"> <div slot="body" class="pf-c-form">
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Expression`} label=${t`Expression`}
?required=${true}
name="expression"> name="expression">
<ak-codemirror mode="python" value="${ifDefined(this.policy?.expression)}"> <ak-codemirror mode="python" value="${ifDefined(this.policy?.expression)}">
</ak-codemirror> </ak-codemirror>

1
web/src/pages/property-mappings/PropertyMappingLDAPForm.ts
View File

@ -60,6 +60,7 @@ export class PropertyMappingLDAPForm extends Form<LDAPPropertyMapping> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Expression`} label=${t`Expression`}
?required=${true}
name="expression"> name="expression">
<ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}"> <ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}">
</ak-codemirror> </ak-codemirror>

1
web/src/pages/property-mappings/PropertyMappingSAMLForm.ts
View File

@ -70,6 +70,7 @@ export class PropertyMappingLDAPForm extends Form<SAMLPropertyMapping> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Expression`} label=${t`Expression`}
?required=${true}
name="expression"> name="expression">
<ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}"> <ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}">
</ak-codemirror> </ak-codemirror>

1
web/src/pages/property-mappings/PropertyMappingScopeForm.ts
View File

@ -67,6 +67,7 @@ export class PropertyMappingScopeForm extends Form<ScopeMapping> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Expression`} label=${t`Expression`}
?required=${true}
name="expression"> name="expression">
<ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}"> <ak-codemirror mode="python" value="${ifDefined(this.mapping?.expression)}">
</ak-codemirror> </ak-codemirror>

5
web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
View File

@ -114,8 +114,9 @@ export class OAuth2ProviderFormPage extends Form<OAuth2Provider> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Redirect URIs/Origins`} label=${t`Redirect URIs/Origins`}
?required=${true}
name="redirectUris"> name="redirectUris">
<textarea class="pf-c-form-control">${this.provider?.redirectUris}</textarea> <textarea class="pf-c-form-control" required>${this.provider?.redirectUris}</textarea>
<p class="pf-c-form__helper-text"> <p class="pf-c-form__helper-text">
${t`Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows.`} ${t`Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows.`}
</p> </p>
@ -150,7 +151,6 @@ export class OAuth2ProviderFormPage extends Form<OAuth2Provider> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Scopes`} label=${t`Scopes`}
?required=${true}
name="propertyMappings"> name="propertyMappings">
<select class="pf-c-form-control" multiple> <select class="pf-c-form-control" multiple>
${until(new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsScopeList({ ${until(new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsScopeList({
@ -174,7 +174,6 @@ export class OAuth2ProviderFormPage extends Form<OAuth2Provider> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`RSA Key`} label=${t`RSA Key`}
?required=${true}
name="rsaKey"> name="rsaKey">
<select class="pf-c-form-control"> <select class="pf-c-form-control">
<option value="" ?selected=${this.provider?.rsaKey === undefined}>---------</option> <option value="" ?selected=${this.provider?.rsaKey === undefined}>---------</option>

2
web/src/pages/providers/proxy/ProxyProviderForm.ts
View File

@ -102,6 +102,7 @@ export class ProxyProviderFormPage extends Form<ProxyProvider> {
?required=${true} ?required=${true}
name="internalHost"> name="internalHost">
<input type="text" value="${ifDefined(this.provider?.internalHost)}" class="pf-c-form-control" required> <input type="text" value="${ifDefined(this.provider?.internalHost)}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`Upstream host that the requests are forwarded to.`}</p>
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal name="internalHostSslValidation"> <ak-form-element-horizontal name="internalHostSslValidation">
<div class="pf-c-check"> <div class="pf-c-check">
@ -117,6 +118,7 @@ export class ProxyProviderFormPage extends Form<ProxyProvider> {
?required=${true} ?required=${true}
name="externalHost"> name="externalHost">
<input type="text" value="${ifDefined(this.provider?.externalHost)}" class="pf-c-form-control" required> <input type="text" value="${ifDefined(this.provider?.externalHost)}" class="pf-c-form-control" required>
<p class="pf-c-form__helper-text">${t`The external URL you'll access the outpost at.`}</p>
</ak-form-element-horizontal> </ak-form-element-horizontal>
</div> </div>
</ak-form-group> </ak-form-group>

4
web/src/pages/sources/oauth/OAuthSourceForm.ts
View File

@ -196,7 +196,7 @@ export class OAuthSourceForm extends Form<OAuthSource> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.source?.authenticationFlow === flow.pk; let selected = this.source?.authenticationFlow === flow.pk;
if (!this.source?.authenticationFlow && flow.slug === "default-source-authentication") { if (!this.source?.pk && !this.source?.authenticationFlow && flow.slug === "default-source-authentication") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;
@ -216,7 +216,7 @@ export class OAuthSourceForm extends Form<OAuthSource> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.source?.enrollmentFlow === flow.pk; let selected = this.source?.enrollmentFlow === flow.pk;
if (!this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { if (!this.source?.pk && !this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;

9
web/src/pages/sources/oauth/OAuthSourceViewPage.ts
View File

@ -99,7 +99,7 @@ export class OAuthSourceViewPage extends LitElement {
<span class="pf-c-description-list__text">${t`Authorization URL`}</span> <span class="pf-c-description-list__text">${t`Authorization URL`}</span>
</dt> </dt>
<dd class="pf-c-description-list__description"> <dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">${this.source.authorizationUrl}</div> <div class="pf-c-description-list__text">${this.source.type?.authorizationUrl || this.source.authorizationUrl}</div>
</dd> </dd>
</div> </div>
<div class="pf-c-description-list__group"> <div class="pf-c-description-list__group">
@ -107,7 +107,7 @@ export class OAuthSourceViewPage extends LitElement {
<span class="pf-c-description-list__text">${t`Token URL`}</span> <span class="pf-c-description-list__text">${t`Token URL`}</span>
</dt> </dt>
<dd class="pf-c-description-list__description"> <dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">${this.source.accessTokenUrl}</div> <div class="pf-c-description-list__text">${this.source.type?.accessTokenUrl || this.source.accessTokenUrl}</div>
</dd> </dd>
</div> </div>
</dl> </dl>
@ -146,9 +146,10 @@ export class OAuthSourceViewPage extends LitElement {
</section> </section>
<div slot="page-policy-binding" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile"> <div slot="page-policy-binding" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title">${t`These policies control which users can access this source.`}</div> <div class="pf-c-card__title">${t`These bindings control which users can access this source.
You can only use policies here as access is checked before the user is authenticated.`}</div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
<ak-bound-policies-list .target=${this.source.pk}> <ak-bound-policies-list .target=${this.source.pk} ?policyOnly=${true}>
</ak-bound-policies-list> </ak-bound-policies-list>
</div> </div>
</div> </div>

6
web/src/pages/sources/saml/SAMLSourceForm.ts
View File

@ -227,7 +227,7 @@ export class SAMLSourceForm extends Form<SAMLSource> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.source?.preAuthenticationFlow === flow.pk; let selected = this.source?.preAuthenticationFlow === flow.pk;
if (!this.source?.preAuthenticationFlow && flow.slug === "default-source-pre-authentication") { if (!this.source?.pk && !this.source?.preAuthenticationFlow && flow.slug === "default-source-pre-authentication") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;
@ -247,7 +247,7 @@ export class SAMLSourceForm extends Form<SAMLSource> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.source?.authenticationFlow === flow.pk; let selected = this.source?.authenticationFlow === flow.pk;
if (!this.source?.authenticationFlow && flow.slug === "default-source-authentication") { if (!this.source?.pk && !this.source?.authenticationFlow && flow.slug === "default-source-authentication") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;
@ -267,7 +267,7 @@ export class SAMLSourceForm extends Form<SAMLSource> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.source?.enrollmentFlow === flow.pk; let selected = this.source?.enrollmentFlow === flow.pk;
if (!this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") { if (!this.source?.pk && !this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;

5
web/src/pages/sources/saml/SAMLSourceViewPage.ts
View File

@ -154,9 +154,10 @@ export class SAMLSourceViewPage extends LitElement {
</section> </section>
<div slot="page-policy-bindings" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile"> <div slot="page-policy-bindings" data-tab-title="${t`Policy Bindings`}" class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title">${t`These policies control which users can access this source.`}</div> <div class="pf-c-card__title">${t`These bindings control which users can access this source.
You can only use policies here as access is checked before the user is authenticated.`}</div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
<ak-bound-policies-list .target=${this.source.pk}> <ak-bound-policies-list .target=${this.source.pk} ?policyOnly=${true}>
</ak-bound-policies-list> </ak-bound-policies-list>
</div> </div>
</div> </div>

2
web/src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts
View File

@ -78,7 +78,7 @@ export class AuthenticatorStaticStageForm extends Form<AuthenticatorStaticStage>
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.stage?.configureFlow === flow.pk; let selected = this.stage?.configureFlow === flow.pk;
if (!this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-otp-time-configure") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;

2
web/src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
View File

@ -84,7 +84,7 @@ export class AuthenticatorTOTPStageForm extends Form<AuthenticatorTOTPStage> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.stage?.configureFlow === flow.pk; let selected = this.stage?.configureFlow === flow.pk;
if (!this.stage?.configureFlow && flow.slug === "default-otp-time-configure") { if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-otp-time-configure") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;

2
web/src/pages/stages/identification/IdentificationStageForm.ts
View File

@ -70,7 +70,7 @@ export class IdentificationStageForm extends Form<IdentificationStage> {
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`User fields`} label=${t`User fields`}
?required=${true} ?required=${true}
name="transports"> name="userFields">
<select name="users" class="pf-c-form-control" multiple> <select name="users" class="pf-c-form-control" multiple>
<option value=${IdentificationStageUserFieldsEnum.Username} ?selected=${this.isUserFieldSelected(IdentificationStageUserFieldsEnum.Username)}> <option value=${IdentificationStageUserFieldsEnum.Username} ?selected=${this.isUserFieldSelected(IdentificationStageUserFieldsEnum.Username)}>
${t`Username`} ${t`Username`}

2
web/src/pages/stages/password/PasswordStageForm.ts
View File

@ -94,7 +94,7 @@ export class PasswordStageForm extends Form<PasswordStage> {
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
let selected = this.stage?.configureFlow === flow.pk; let selected = this.stage?.configureFlow === flow.pk;
if (!this.stage?.configureFlow && flow.slug === "default-password-change") { if (!this.stage?.pk && !this.stage?.configureFlow && flow.slug === "default-password-change") {
selected = true; selected = true;
} }
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;

1
web/src/pages/users/UserForm.ts
View File

@ -71,6 +71,7 @@ export class UserForm extends Form<User> {
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Attributes`} label=${t`Attributes`}
?required=${true}
name="attributes"> name="attributes">
<ak-codemirror mode="yaml" value="${YAML.stringify(first(this.user?.attributes, {}))}"> <ak-codemirror mode="yaml" value="${YAML.stringify(first(this.user?.attributes, {}))}">
</ak-codemirror> </ak-codemirror>

2
web/src/pages/users/UserViewPage.ts
View File

@ -130,7 +130,7 @@ export class UserViewPage extends LitElement {
</dt> </dt>
<dd class="pf-c-description-list__description"> <dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text"> <div class="pf-c-description-list__text">
<ak-label color=${this.user.isActive ? PFColor.Green : PFColor.Orange} text=""></ak-label> <ak-label color=${this.user.isSuperuser ? PFColor.Green : PFColor.Orange} text=""></ak-label>
</div> </div>
</dd> </dd>
</div> </div>

30
website/docs/installation/docker-compose-config.md
View File

@ -13,51 +13,51 @@ Defaults to `info`.
## AUTHENTIK_ERROR_REPORTING ## AUTHENTIK_ERROR_REPORTING
- AUTHENTIK_ERROR_REPORTING__ENABLED - `AUTHENTIK_ERROR_REPORTING__ENABLED`
Enable error reporting. Defaults to `false`. Enable error reporting. Defaults to `false`.
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent. Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
- AUTHENTIK_ERROR_REPORTING__ENVIRONMENT - `AUTHENTIK_ERROR_REPORTING__ENVIRONMENT`
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`. Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
- AUTHENTIK_ERROR_REPORTING__SEND_PII - `AUTHENTIK_ERROR_REPORTING__SEND_PII`
Whether or not to send personal data, like usernames. Defaults to `false`. Whether or not to send personal data, like usernames. Defaults to `false`.
## AUTHENTIK_EMAIL ## AUTHENTIK_EMAIL
- AUTHENTIK_EMAIL__HOST - `AUTHENTIK_EMAIL__HOST`
Default: `localhost` Default: `localhost`
- AUTHENTIK_EMAIL__PORT - `AUTHENTIK_EMAIL__PORT`
Default: `25` Default: `25`
- AUTHENTIK_EMAIL__USERNAME - `AUTHENTIK_EMAIL__USERNAME`
Default: `""` Default: `""`
- AUTHENTIK_EMAIL__PASSWORD - `AUTHENTIK_EMAIL__PASSWORD`
Default: `""` Default: `""`
- AUTHENTIK_EMAIL__USE_TLS - `AUTHENTIK_EMAIL__USE_TLS`
Default: `false` Default: `false`
- AUTHENTIK_EMAIL__USE_SSL - `AUTHENTIK_EMAIL__USE_SSL`
Default: `false` Default: `false`
- AUTHENTIK_EMAIL__TIMEOUT - `AUTHENTIK_EMAIL__TIMEOUT`
Default: `10` Default: `10`
- AUTHENTIK_EMAIL__FROM - `AUTHENTIK_EMAIL__FROM`
Default: `authentik@localhost` Default: `authentik@localhost`
@ -65,20 +65,20 @@ Defaults to `info`.
## AUTHENTIK_OUTPOSTS ## AUTHENTIK_OUTPOSTS
- AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE - `AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE`
This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`. This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
## AUTHENTIK_AUTHENTIK ## AUTHENTIK_AUTHENTIK
- AUTHENTIK_AUTHENTIK__AVATARS - `AUTHENTIK_AUTHENTIK__AVATARS`
Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars. Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
- AUTHENTIK_AUTHENTIK__BRANDING__TITLE - `AUTHENTIK_AUTHENTIK__BRANDING__TITLE`
Branding title used throughout the UI. Defaults to `authentik`. Branding title used throughout the UI. Defaults to `authentik`.
- AUTHENTIK_AUTHENTIK__BRANDING__LOGO - `AUTHENTIK_AUTHENTIK__BRANDING__LOGO`
Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg` Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`

4
website/docs/installation/docker-compose.md
View File

@ -12,11 +12,11 @@ This installation method is for test-setups and small-scale productive setups.
## Preparation ## Preparation
Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/BeryJu/authentik/master/docker-compose.yml). Place it in a directory of your choice. Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/master/docker-compose.yml). Place it in a directory of your choice.
To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env` To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.2 >> .env` To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.4 >> .env`
If this is a fresh authentik install run the following commands to generate a password: If this is a fresh authentik install run the following commands to generate a password:

2
website/docs/installation/kubernetes.md
View File

@ -38,7 +38,7 @@ image:
name: beryju/authentik name: beryju/authentik
name_static: beryju/authentik-static name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 2021.4.2 tag: 2021.4.4
serverReplicas: 1 serverReplicas: 1
workerReplicas: 1 workerReplicas: 1

4
website/docs/integrations/services/nextcloud/index.md
View File

@ -11,7 +11,7 @@ Nextcloud is a suite of client-server software for creating and using file hosti
::: :::
:::warning :::warning
This setup only works, when NextCloud is running with HTTPS enabled. This setup only works, when NextCloud is running with HTTPS enabled. See [here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=overwriteprotocol#overwrite-parameters) on how to configure this.
::: :::
:::warning :::warning
@ -38,7 +38,7 @@ You can of course use a custom signing certificate, and adjust durations.
## NextCloud ## NextCloud
In NextCloud, navigate to `Settings`, then `SSO & SAML Authentication`. In NextCloud, ensure that the `SSO & SAML Authentication` extension is installed. Navigate to `Settings`, then `SSO & SAML Authentication`.
Set the following values: Set the following values:

2
website/docs/outposts/manual-deploy-docker-compose.md
View File

@ -11,7 +11,7 @@ version: "3.5"
services: services:
authentik_proxy: authentik_proxy:
image: beryju/authentik-proxy:2021.4.2 image: beryju/authentik-proxy:2021.4.4
ports: ports:
- 4180:4180 - 4180:4180
- 4443:4443 - 4443:4443

14
website/docs/outposts/manual-deploy-kubernetes.md
View File

@ -14,7 +14,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
name: authentik-outpost-api name: authentik-outpost-api
stringData: stringData:
authentik_host: "__AUTHENTIK_URL__" authentik_host: "__AUTHENTIK_URL__"
@ -29,7 +29,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
name: authentik-outpost name: authentik-outpost
spec: spec:
ports: ports:
@ -54,7 +54,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
name: authentik-outpost name: authentik-outpost
spec: spec:
selector: selector:
@ -62,14 +62,14 @@ spec:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
template: template:
metadata: metadata:
labels: labels:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
spec: spec:
containers: containers:
- env: - env:
@ -88,7 +88,7 @@ spec:
secretKeyRef: secretKeyRef:
key: authentik_host_insecure key: authentik_host_insecure
name: authentik-outpost-api name: authentik-outpost-api
image: beryju/authentik-proxy:2021.4.2 image: beryju/authentik-proxy:2021.4.4
name: proxy name: proxy
ports: ports:
- containerPort: 4180 - containerPort: 4180
@ -110,7 +110,7 @@ metadata:
app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy app.kubernetes.io/name: authentik-proxy
app.kubernetes.io/version: 2021.4.2 app.kubernetes.io/version: 2021.4.4
name: authentik-outpost name: authentik-outpost
spec: spec:
rules: rules:

2
website/docs/releases/v0.10.md
View File

@ -37,7 +37,7 @@ This update brings a lot of big features, such as:
### docker-compose ### docker-compose
The docker-compose file has been updated, please download the latest from `https://raw.githubusercontent.com/BeryJu/authentik/master/docker-compose.yml`. The docker-compose file has been updated, please download the latest from `https://raw.githubusercontent.com/goauthentik/authentik/master/docker-compose.yml`.
By default, the new compose file uses a fixed version to prevent unintended updates. By default, the new compose file uses a fixed version to prevent unintended updates.
Before updating the file, stop all containers. Then download the file, pull the new containers and start the database. Before updating the file, stop all containers. Then download the file, pull the new containers and start the database.

2
website/docs/releases/v0.11.md
View File

@ -20,6 +20,6 @@ This update brings these headline features:
## Upgrading ## Upgrading
This upgrade can be done as any other patch upgrade, the only external change is the new docker-compose file, which enabled the Docker Integration for Outposts. To use this feature, please download the latest docker-compose from [here](https://raw.githubusercontent.com/BeryJu/authentik/master/docker-compose.yml). This upgrade can be done as any other patch upgrade, the only external change is the new docker-compose file, which enabled the Docker Integration for Outposts. To use this feature, please download the latest docker-compose from [here](https://raw.githubusercontent.com/goauthentik/authentik/master/docker-compose.yml).
Afterwards, you can simply run `docker-compose up -d` and then the normal upgrade command of `docker-compose run --rm server migrate`. Afterwards, you can simply run `docker-compose up -d` and then the normal upgrade command of `docker-compose run --rm server migrate`.

2
website/docs/releases/v0.12.md
View File

@ -21,7 +21,7 @@ Fixes:
### docker-compose ### docker-compose
Docker-compose users should download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/master/docker-compose.yml). This includes the new traefik 2.3. Docker-compose users should download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/master/docker-compose.yml). This includes the new traefik 2.3.
Afterwards, you can simply run `docker-compose up -d` and then the normal upgrade command of `docker-compose run --rm server migrate`. Afterwards, you can simply run `docker-compose up -d` and then the normal upgrade command of `docker-compose run --rm server migrate`.

4
website/docs/releases/v0.13.md
View File

@ -7,7 +7,7 @@ After a long back and forth, we've finally switched to a more permanent name. Wh
# Headline changes # Headline changes
- New name (https://github.com/BeryJu/authentik/pull/361) - New name (https://github.com/goauthentik/authentik/pull/361)
- The web interface is now a semi-SPA Experience. This means that most operations are done through Asynchronous requests - The web interface is now a semi-SPA Experience. This means that most operations are done through Asynchronous requests
In this initial release, this brings features such as a refresh button, a generally better User experience due to shorter loading times In this initial release, this brings features such as a refresh button, a generally better User experience due to shorter loading times
@ -25,7 +25,7 @@ After a long back and forth, we've finally switched to a more permanent name. Wh
### docker-compose ### docker-compose
Docker-compose users should download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-0.13/docker-compose.yml). Docker-compose users should download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-0.13/docker-compose.yml).
:::caution :::caution
If you decided to rename the folder you're running the docker-compose file from, be aware that this will also change the name, that docker-compose will give the database volume. To mitigate this, either If you decided to rename the folder you're running the docker-compose file from, be aware that this will also change the name, that docker-compose will give the database volume. To mitigate this, either

Some files were not shown because too many files have changed in this diff Show More