web/flows: bottom-align about text on flows page (#7051)
* web/flows: bottom-align about text on flows page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of typos Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
a1353d567b
commit
a0f607b5ac
|
@ -141,7 +141,7 @@ class BaseEvaluator:
|
||||||
"""Create event with supplied data and try to extract as much relevant data
|
"""Create event with supplied data and try to extract as much relevant data
|
||||||
from the context"""
|
from the context"""
|
||||||
context = self._context.copy()
|
context = self._context.copy()
|
||||||
# If the result was a complex variable, we don't want to re-use it
|
# If the result was a complex variable, we don't want to reuse it
|
||||||
context.pop("result", None)
|
context.pop("result", None)
|
||||||
context.pop("handler", None)
|
context.pop("handler", None)
|
||||||
event_kwargs = context
|
event_kwargs = context
|
||||||
|
|
|
@ -380,7 +380,7 @@ class Outpost(SerializerModel, ManagedModel):
|
||||||
managed=managed,
|
managed=managed,
|
||||||
)
|
)
|
||||||
except IntegrityError:
|
except IntegrityError:
|
||||||
# Integrity error happens mostly when managed is re-used
|
# Integrity error happens mostly when managed is reused
|
||||||
Token.objects.filter(managed=managed).delete()
|
Token.objects.filter(managed=managed).delete()
|
||||||
Token.objects.filter(identifier=self.token_identifier).delete()
|
Token.objects.filter(identifier=self.token_identifier).delete()
|
||||||
return self.token
|
return self.token
|
||||||
|
|
|
@ -21,7 +21,7 @@ class OktaOAuth2Callback(OAuthCallback):
|
||||||
"""Okta OAuth2 Callback"""
|
"""Okta OAuth2 Callback"""
|
||||||
|
|
||||||
# Okta has the same quirk as azure and throws an error if the access token
|
# Okta has the same quirk as azure and throws an error if the access token
|
||||||
# is set via query parameter, so we re-use the azure client
|
# is set via query parameter, so we reuse the azure client
|
||||||
# see https://github.com/goauthentik/authentik/issues/1910
|
# see https://github.com/goauthentik/authentik/issues/1910
|
||||||
client_class = UserprofileHeaderAuthClient
|
client_class = UserprofileHeaderAuthClient
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ class TwitterClient(UserprofileHeaderAuthClient):
|
||||||
the access token endpoint for some reason."""
|
the access token endpoint for some reason."""
|
||||||
|
|
||||||
# Twitter has the same quirk as azure and throws an error if the access token
|
# Twitter has the same quirk as azure and throws an error if the access token
|
||||||
# is set via query parameter, so we re-use the azure client
|
# is set via query parameter, so we reuse the azure client
|
||||||
# see https://github.com/goauthentik/authentik/issues/1910
|
# see https://github.com/goauthentik/authentik/issues/1910
|
||||||
|
|
||||||
def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
|
def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
|
||||||
|
|
|
@ -17,7 +17,7 @@ class Migration(migrations.Migration):
|
||||||
help_text=(
|
help_text=(
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the"
|
"When enabled, the Phone number is only used during enrollment to verify the"
|
||||||
" users authenticity. Only a hash of the phone number is saved to ensure it is"
|
" users authenticity. Only a hash of the phone number is saved to ensure it is"
|
||||||
" not re-used in the future."
|
" not reused in the future."
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
|
@ -56,7 +56,7 @@ class AuthenticatorSMSStage(ConfigurableStage, FriendlyNamedStage, Stage):
|
||||||
help_text=_(
|
help_text=_(
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is "
|
"users authenticity. Only a hash of the phone number is saved to ensure it is "
|
||||||
"not re-used in the future."
|
"not reused in the future."
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -5884,7 +5884,7 @@
|
||||||
"verify_only": {
|
"verify_only": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"title": "Verify only",
|
"title": "Verify only",
|
||||||
"description": "When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not re-used in the future."
|
"description": "When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future."
|
||||||
},
|
},
|
||||||
"mapping": {
|
"mapping": {
|
||||||
"type": "integer",
|
"type": "integer",
|
||||||
|
|
|
@ -96,7 +96,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
// Init tenant_tls here too since it requires an API Client,
|
// Init tenant_tls here too since it requires an API Client,
|
||||||
// so we just re-use the same one as the outpost uses
|
// so we just reuse the same one as the outpost uses
|
||||||
tw := tenant_tls.NewWatcher(ac.Client)
|
tw := tenant_tls.NewWatcher(ac.Client)
|
||||||
go tw.Start()
|
go tw.Start()
|
||||||
ws.TenantTLS = tw
|
ws.TenantTLS = tw
|
||||||
|
|
|
@ -65,7 +65,7 @@ def worker_exit(server: "Arbiter", worker: DjangoUvicornWorker):
|
||||||
|
|
||||||
|
|
||||||
def on_starting(server: "Arbiter"):
|
def on_starting(server: "Arbiter"):
|
||||||
"""Attach a set of IDs that can be temporarily re-used.
|
"""Attach a set of IDs that can be temporarily reused.
|
||||||
Used on reloads when each worker exists twice."""
|
Used on reloads when each worker exists twice."""
|
||||||
server._worker_id_overload = set()
|
server._worker_id_overload = set()
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ def nworkers_changed(server: "Arbiter", new_value, old_value):
|
||||||
|
|
||||||
|
|
||||||
def _next_worker_id(server: "Arbiter"):
|
def _next_worker_id(server: "Arbiter"):
|
||||||
"""If there are IDs open for re-use, take one. Else look for a free one."""
|
"""If there are IDs open for reuse, take one. Else look for a free one."""
|
||||||
if server._worker_id_overload:
|
if server._worker_id_overload:
|
||||||
return server._worker_id_overload.pop()
|
return server._worker_id_overload.pop()
|
||||||
|
|
||||||
|
@ -90,7 +90,7 @@ def _next_worker_id(server: "Arbiter"):
|
||||||
|
|
||||||
|
|
||||||
def on_reload(server: "Arbiter"):
|
def on_reload(server: "Arbiter"):
|
||||||
"""Add a full set of ids into overload so it can be re-used once."""
|
"""Add a full set of ids into overload so it can be reused once."""
|
||||||
server._worker_id_overload = set(range(1, server.cfg.workers + 1))
|
server._worker_id_overload = set(range(1, server.cfg.workers + 1))
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1857,7 +1857,7 @@ msgstr ""
|
||||||
msgid ""
|
msgid ""
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is "
|
"users authenticity. Only a hash of the phone number is saved to ensure it is "
|
||||||
"not re-used in the future."
|
"not reused in the future."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/stages/authenticator_sms/models.py:68
|
#: authentik/stages/authenticator_sms/models.py:68
|
||||||
|
|
|
@ -2074,7 +2074,7 @@ msgstr "Appareils Duo"
|
||||||
msgid ""
|
msgid ""
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
||||||
" not re-used in the future."
|
" not reused in the future."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Si activé, le numéro de téléphone n'est utilisé que durant l'inscription "
|
"Si activé, le numéro de téléphone n'est utilisé que durant l'inscription "
|
||||||
"pour vérifier l'authenticité de l'utilisateur. Seul un hachage du numéro de "
|
"pour vérifier l'authenticité de l'utilisateur. Seul un hachage du numéro de "
|
||||||
|
|
|
@ -2057,7 +2057,7 @@ msgstr "Duo-apparaten"
|
||||||
msgid ""
|
msgid ""
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
||||||
" not re-used in the future."
|
" not reused in the future."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Indien ingeschakeld, wordt het telefoonnummer alleen gebruikt tijdens "
|
"Indien ingeschakeld, wordt het telefoonnummer alleen gebruikt tijdens "
|
||||||
"inschrijving om de authenticiteit van de gebruiker te verifiëren. Alleen een"
|
"inschrijving om de authenticiteit van de gebruiker te verifiëren. Alleen een"
|
||||||
|
|
|
@ -1893,7 +1893,7 @@ msgstr "Duo 设备"
|
||||||
msgid ""
|
msgid ""
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
||||||
" not re-used in the future."
|
" not reused in the future."
|
||||||
msgstr "启用时,电话号码仅在注册期间用于验证用户的真实性。仅保存电话号码的哈希,以确保将来不会重复使用。"
|
msgstr "启用时,电话号码仅在注册期间用于验证用户的真实性。仅保存电话号码的哈希,以确保将来不会重复使用。"
|
||||||
|
|
||||||
#: authentik/stages/authenticator_sms/models.py:68
|
#: authentik/stages/authenticator_sms/models.py:68
|
||||||
|
|
|
@ -1893,7 +1893,7 @@ msgstr "Duo 设备"
|
||||||
msgid ""
|
msgid ""
|
||||||
"When enabled, the Phone number is only used during enrollment to verify the "
|
"When enabled, the Phone number is only used during enrollment to verify the "
|
||||||
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
"users authenticity. Only a hash of the phone number is saved to ensure it is"
|
||||||
" not re-used in the future."
|
" not reused in the future."
|
||||||
msgstr "启用时,电话号码仅在注册期间用于验证用户的真实性。仅保存电话号码的哈希,以确保将来不会重复使用。"
|
msgstr "启用时,电话号码仅在注册期间用于验证用户的真实性。仅保存电话号码的哈希,以确保将来不会重复使用。"
|
||||||
|
|
||||||
#: authentik/stages/authenticator_sms/models.py:68
|
#: authentik/stages/authenticator_sms/models.py:68
|
||||||
|
|
|
@ -27436,7 +27436,7 @@ components:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: When enabled, the Phone number is only used during enrollment
|
description: When enabled, the Phone number is only used during enrollment
|
||||||
to verify the users authenticity. Only a hash of the phone number is saved
|
to verify the users authenticity. Only a hash of the phone number is saved
|
||||||
to ensure it is not re-used in the future.
|
to ensure it is not reused in the future.
|
||||||
mapping:
|
mapping:
|
||||||
type: string
|
type: string
|
||||||
format: uuid
|
format: uuid
|
||||||
|
@ -27493,7 +27493,7 @@ components:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: When enabled, the Phone number is only used during enrollment
|
description: When enabled, the Phone number is only used during enrollment
|
||||||
to verify the users authenticity. Only a hash of the phone number is saved
|
to verify the users authenticity. Only a hash of the phone number is saved
|
||||||
to ensure it is not re-used in the future.
|
to ensure it is not reused in the future.
|
||||||
mapping:
|
mapping:
|
||||||
type: string
|
type: string
|
||||||
format: uuid
|
format: uuid
|
||||||
|
@ -34530,7 +34530,7 @@ components:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: When enabled, the Phone number is only used during enrollment
|
description: When enabled, the Phone number is only used during enrollment
|
||||||
to verify the users authenticity. Only a hash of the phone number is saved
|
to verify the users authenticity. Only a hash of the phone number is saved
|
||||||
to ensure it is not re-used in the future.
|
to ensure it is not reused in the future.
|
||||||
mapping:
|
mapping:
|
||||||
type: string
|
type: string
|
||||||
format: uuid
|
format: uuid
|
||||||
|
|
|
@ -202,7 +202,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
|
||||||
case ProxyMode.ForwardSingle:
|
case ProxyMode.ForwardSingle:
|
||||||
return html`<p class="pf-u-mb-xl">
|
return html`<p class="pf-u-mb-xl">
|
||||||
${msg(
|
${msg(
|
||||||
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).",
|
"Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).",
|
||||||
)}
|
)}
|
||||||
</p>
|
</p>
|
||||||
<ak-form-element-horizontal
|
<ak-form-element-horizontal
|
||||||
|
|
|
@ -79,7 +79,7 @@ html > form > input {
|
||||||
.pf-c-login__footer {
|
.pf-c-login__footer {
|
||||||
flex-grow: 2;
|
flex-grow: 2;
|
||||||
display: flex;
|
display: flex;
|
||||||
justify-content: start;
|
justify-content: end;
|
||||||
flex-direction: column;
|
flex-direction: column;
|
||||||
}
|
}
|
||||||
.pf-c-login__footer ul.pf-c-list.pf-m-inline {
|
.pf-c-login__footer ul.pf-c-list.pf-m-inline {
|
||||||
|
|
|
@ -155,7 +155,7 @@ According to the Microsoft team [contributing to Python](https://devblogs.micros
|
||||||
|
|
||||||
I know migration isn’t fun but when you’re making tradeoffs, it’s worth keeping it in mind as a future option. If the choice is to build now and migrate later instead of never building at all, I’m going to choose migration every time.
|
I know migration isn’t fun but when you’re making tradeoffs, it’s worth keeping it in mind as a future option. If the choice is to build now and migrate later instead of never building at all, I’m going to choose migration every time.
|
||||||
|
|
||||||
If we start running into truly significant performance issues – and I emphasize _if_ – we can always migrate critical parts of the application to a different language. This will of course be fully transparent to anyone running authentik, and I’d like to think of it as a last-resort, if we’ve already done all the opitmization possible.
|
If we start running into truly significant performance issues – and I emphasize _if_ – we can always migrate critical parts of the application to a different language. This will of course be fully transparent to anyone running authentik, and I’d like to think of it as a last-resort, if we’ve already done all the optimization possible.
|
||||||
|
|
||||||
### Architect your application well
|
### Architect your application well
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ entries:
|
||||||
# delete the object
|
# delete the object
|
||||||
state: present
|
state: present
|
||||||
# An optional list of boolean-like conditions. If all conditions match (or
|
# An optional list of boolean-like conditions. If all conditions match (or
|
||||||
# no condiitons are provided) the entry will be evaluated and acted upon
|
# no conditions are provided) the entry will be evaluated and acted upon
|
||||||
# as normal. Otherwise, the entry is skipped as if not defined at all.
|
# as normal. Otherwise, the entry is skipped as if not defined at all.
|
||||||
# Each condition will be evaluated in Python to its boolean representation
|
# Each condition will be evaluated in Python to its boolean representation
|
||||||
# bool(<condition>). Furthermore, complex conditions can be built using
|
# bool(<condition>). Furthermore, complex conditions can be built using
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
title: "Templates"
|
title: "Templates"
|
||||||
---
|
---
|
||||||
|
|
||||||
In technical docuemntation, there are document "types" (similar to how there are data types).
|
In technical documentation, there are document "types" (similar to how there are data types).
|
||||||
|
|
||||||
The most common types are:
|
The most common types are:
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ slug: "/releases/2021.8"
|
||||||
- core: add new token intent and auth backend (#1284)
|
- core: add new token intent and auth backend (#1284)
|
||||||
- core: add token tests for invalid intent and token auth
|
- core: add token tests for invalid intent and token auth
|
||||||
- core: fix token intent not defaulting correctly
|
- core: fix token intent not defaulting correctly
|
||||||
- core: handle error when ?for_user is not numberical
|
- core: handle error when ?for_user is not numerical
|
||||||
- lib: move id and key generators to lib (#1286)
|
- lib: move id and key generators to lib (#1286)
|
||||||
- lifecycle: rename to ak
|
- lifecycle: rename to ak
|
||||||
- outpost: handle non-existent permission
|
- outpost: handle non-existent permission
|
||||||
|
|
|
@ -244,7 +244,7 @@ Changed response : **200 OK**
|
||||||
- providers/oauth2: add x5c (#3556)
|
- providers/oauth2: add x5c (#3556)
|
||||||
- providers/proxy: fix routing based on signature in traefik and caddy
|
- providers/proxy: fix routing based on signature in traefik and caddy
|
||||||
- root: make redis persistent in docker-compose
|
- root: make redis persistent in docker-compose
|
||||||
- root: re-use custom log helper from config and cleanup duplicate functions
|
- root: reuse custom log helper from config and cleanup duplicate functions
|
||||||
- root: shorten outpost docker healthcheck intervals
|
- root: shorten outpost docker healthcheck intervals
|
||||||
- sources/ldap: start_tls before binding but without reading server info
|
- sources/ldap: start_tls before binding but without reading server info
|
||||||
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
|
- sources/oauth: use GitHub's dedicated email API when no public email address is configured
|
||||||
|
|
|
@ -48,6 +48,6 @@ On this page:
|
||||||
|
|
||||||
![Screenshot showing populated GitHub enterprise SAML settings](ghec_saml_settings.png)
|
![Screenshot showing populated GitHub enterprise SAML settings](ghec_saml_settings.png)
|
||||||
|
|
||||||
Once these fields are populated, you can use the `Test SAML configuation` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
|
Once these fields are populated, you can use the `Test SAML configuration` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
|
||||||
|
|
||||||
Scroll down to hit the `Save` button below.
|
Scroll down to hit the `Save` button below.
|
||||||
|
|
|
@ -42,7 +42,7 @@ On this page:
|
||||||
- For `Public certificate`, paste the _full_ signing certificate into this field.
|
- For `Public certificate`, paste the _full_ signing certificate into this field.
|
||||||
- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.
|
- Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik.
|
||||||
|
|
||||||
Once these fields are populated, you can use the `Test SAML configuation` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
|
Once these fields are populated, you can use the `Test SAML configuration` button to test the authentication flow. If the flow completes successfully, you will see a green tick next to the Test button.
|
||||||
|
|
||||||
Scroll down to hit the `Save` button below.
|
Scroll down to hit the `Save` button below.
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ The following placeholders will be used:
|
||||||
- `organizr.company` is the FQDN of the Service install.
|
- `organizr.company` is the FQDN of the Service install.
|
||||||
- `authentik.company` is the FQDN of the authentik install.
|
- `authentik.company` is the FQDN of the authentik install.
|
||||||
|
|
||||||
Create a new user account _(or re-use an existing)_ for organizr to use for LDAP bind under _Directory_ -> _Users_ -> _Create_, in this example called `ldapservice`.
|
Create a new user account _(or reuse an existing)_ for organizr to use for LDAP bind under _Directory_ -> _Users_ -> _Create_, in this example called `ldapservice`.
|
||||||
|
|
||||||
Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
Note the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ The following placeholders will be used:
|
||||||
|
|
||||||
### Step 1 - Service account
|
### Step 1 - Service account
|
||||||
|
|
||||||
Create a new user account _(or re-use an existing one)_ for ProFTPD to use for LDAP bind under _Directory_ -> _Users_ -> _Create_ and give the account a name, such as `ldapservice`.
|
Create a new user account _(or reuse an existing one)_ for ProFTPD to use for LDAP bind under _Directory_ -> _Users_ -> _Create_ and give the account a name, such as `ldapservice`.
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
On default provider settings, the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
On default provider settings, the DN of this user will be `cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io`
|
||||||
|
|
Reference in a new issue