*: add versioned user agent to sentry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/lib/sentry.py

@@ -1,5 +1,5 @@
 """authentik sentry integration"""
-from typing import Optional
+from typing import Any, Optional
 
 from aioredis.errors import ConnectionClosedError, ReplyError
 from billiard.exceptions import SoftTimeLimitExceeded, WorkerLostError
@@ -17,7 +17,7 @@ from ldap3.core.exceptions import LDAPException
 from redis.exceptions import ConnectionError as RedisConnectionError
 from redis.exceptions import RedisError, ResponseError
 from rest_framework.exceptions import APIException
-from sentry_sdk import Hub
+from sentry_sdk import HttpTransport, Hub
 from sentry_sdk import init as sentry_sdk_init
 from sentry_sdk.api import set_tag
 from sentry_sdk.integrations.celery import CeleryIntegration
@@ -30,6 +30,7 @@ from websockets.exceptions import WebSocketException
 
 from authentik import __version__, get_build_hash
 from authentik.lib.config import CONFIG
+from authentik.lib.utils.http import authentik_user_agent
 from authentik.lib.utils.reflection import class_to_path, get_env
 
 LOGGER = get_logger()
@@ -52,6 +53,14 @@ class SentryIgnoredException(Exception):
     """Base Class for all errors that are suppressed, and not sent to sentry."""
 
 
+class SentryTransport(HttpTransport):
+    """Custom sentry transport with custom user-agent"""
+
+    def __init__(self, options: dict[str, Any]) -> None:
+        super().__init__(options)
+        self._auth = self.parsed_dsn.to_auth(authentik_user_agent())
+
+
 def sentry_init(**sentry_init_kwargs):
     """Configure sentry SDK"""
     sentry_env = CONFIG.y("error_reporting.environment", "customer")
@@ -72,6 +81,7 @@ def sentry_init(**sentry_init_kwargs):
         before_send=before_send,
         traces_sampler=traces_sampler,
         release=f"authentik@{__version__}",
+        transport=SentryTransport,
         **kwargs,
     )
     set_tag("authentik.build_hash", get_build_hash("tagged"))

cmd/server/main.go

@@ -16,6 +16,7 @@ import (
 	"goauthentik.io/internal/outpost/ak"
 	"goauthentik.io/internal/outpost/proxyv2"
 	sentryutils "goauthentik.io/internal/utils/sentry"
+	webutils "goauthentik.io/internal/utils/web"
 	"goauthentik.io/internal/web"
 	"goauthentik.io/internal/web/tenant_tls"
 )
@@ -55,6 +56,7 @@ func main() {
 			TracesSampler:    sentryutils.SamplerFunc(config.G.ErrorReporting.SampleRate),
 			Release:          fmt.Sprintf("authentik@%s", constants.VERSION),
 			Environment:      config.G.ErrorReporting.Environment,
+			HTTPTransport:    webutils.NewUserAgentTransport(constants.UserAgent(), http.DefaultTransport),
 			IgnoreErrors: []string{
 				http.ErrAbortHandler.Error(),
 			},

internal/constants/constants.go

@@ -25,4 +25,8 @@ func OutpostUserAgent() string {
 	return fmt.Sprintf("goauthentik.io/outpost/%s", FullVersion())
 }
 
+func UserAgent() string {
+	return fmt.Sprintf("authentik@%s", FullVersion())
+}
+
 const VERSION = "2022.6.3"

internal/gounicorn/gounicorn.go

@@ -10,7 +10,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/config"
-	"goauthentik.io/internal/outpost/ak"
+	"goauthentik.io/internal/utils/web"
 )
 
 type GoUnicorn struct {
@@ -70,7 +70,7 @@ func (g *GoUnicorn) Start() error {
 func (g *GoUnicorn) healthcheck() {
 	g.log.Debug("starting healthcheck")
 	h := &http.Client{
-		Transport: ak.NewUserAgentTransport("goauthentik.io/proxy/healthcheck", http.DefaultTransport),
+		Transport: web.NewUserAgentTransport("goauthentik.io/proxy/healthcheck", http.DefaultTransport),
 	}
 	check := func() bool {
 		res, err := h.Get("http://localhost:8000/-/health/live/")

internal/outpost/ak/api.go

@@ -17,6 +17,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"goauthentik.io/api/v3"
 	"goauthentik.io/internal/constants"
+	"goauthentik.io/internal/utils/web"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -54,7 +55,7 @@ func NewAPIController(akURL url.URL, token string) *APIController {
 	config.Host = akURL.Host
 	config.Scheme = akURL.Scheme
 	config.HTTPClient = &http.Client{
-		Transport: NewUserAgentTransport(constants.OutpostUserAgent(), NewTracingTransport(rsp.Context(), GetTLSTransport())),
+		Transport: web.NewUserAgentTransport(constants.OutpostUserAgent(), web.NewTracingTransport(rsp.Context(), GetTLSTransport())),
 	}
 	config.AddDefaultHeader("Authorization", fmt.Sprintf("Bearer %s", token))
 

internal/outpost/ak/global.go

@@ -12,6 +12,7 @@ import (
 	"goauthentik.io/api/v3"
 	"goauthentik.io/internal/constants"
 	sentryutils "goauthentik.io/internal/utils/sentry"
+	webutils "goauthentik.io/internal/utils/web"
 )
 
 var initialSetup = false
@@ -52,6 +53,7 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 			Environment:   globalConfig.ErrorReporting.Environment,
 			TracesSampler: sentryutils.SamplerFunc(float64(globalConfig.ErrorReporting.TracesSampleRate)),
 			Release:       fmt.Sprintf("authentik@%s", constants.VERSION),
+			HTTPTransport: webutils.NewUserAgentTransport(constants.OutpostUserAgent(), http.DefaultTransport),
 			IgnoreErrors: []string{
 				http.ErrAbortHandler.Error(),
 			},

internal/outpost/flow/executor.go

@@ -17,6 +17,7 @@ import (
 	"goauthentik.io/api/v3"
 	"goauthentik.io/internal/constants"
 	"goauthentik.io/internal/outpost/ak"
+	"goauthentik.io/internal/utils/web"
 )
 
 var (
@@ -56,7 +57,7 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
 		l.WithError(err).Warning("Failed to create cookiejar")
 		panic(err)
 	}
-	transport := ak.NewUserAgentTransport(constants.OutpostUserAgent(), ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport()))
+	transport := web.NewUserAgentTransport(constants.OutpostUserAgent(), web.NewTracingTransport(rsp.Context(), ak.GetTLSTransport()))
 	fe := &FlowExecutor{
 		Params:    url.Values{},
 		Answers:   make(map[StageComponent]string),

internal/outpost/proxyv2/application/mode_proxy.go

@@ -11,7 +11,6 @@ import (
 	"github.com/getsentry/sentry-go"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
-	"goauthentik.io/internal/outpost/ak"
 	"goauthentik.io/internal/outpost/proxyv2/metrics"
 	"goauthentik.io/internal/utils/web"
 )
@@ -30,7 +29,7 @@ func (a *Application) configureProxy() error {
 	}
 	rp := &httputil.ReverseProxy{Director: a.proxyModifyRequest(u)}
 	rsp := sentry.StartSpan(context.TODO(), "authentik.outposts.proxy.application_transport")
-	rp.Transport = ak.NewTracingTransport(rsp.Context(), a.getUpstreamTransport())
+	rp.Transport = web.NewTracingTransport(rsp.Context(), a.getUpstreamTransport())
 	rp.ErrorHandler = a.newProxyErrorHandler()
 	rp.ModifyResponse = a.proxyModifyResponse
 	a.mux.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {

internal/outpost/proxyv2/refresh.go

@@ -9,6 +9,7 @@ import (
 	"goauthentik.io/internal/constants"
 	"goauthentik.io/internal/outpost/ak"
 	"goauthentik.io/internal/outpost/proxyv2/application"
+	"goauthentik.io/internal/utils/web"
 )
 
 func (ps *ProxyServer) Refresh() error {
@@ -24,7 +25,7 @@ func (ps *ProxyServer) Refresh() error {
 		rsp := sentry.StartSpan(context.Background(), "authentik.outposts.proxy.application_ss")
 		ua := fmt.Sprintf(" (provider=%s)", provider.Name)
 		hc := &http.Client{
-			Transport: ak.NewUserAgentTransport(constants.OutpostUserAgent()+ua, ak.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())),
+			Transport: web.NewUserAgentTransport(constants.OutpostUserAgent()+ua, web.NewTracingTransport(rsp.Context(), ak.GetTLSTransport())),
 		}
 		a, err := application.NewApplication(provider, hc, ps.cryptoStore, ps.akAPI)
 		if err != nil {

internal/utils/web/http_tracing.go

@@ -1,4 +1,4 @@
-package ak
+package web
 
 import (
 	"context"

internal/utils/web/http_user_agent.go

@@ -1,4 +1,4 @@
-package ak
+package web
 
 import (
 	"net/http"

website/docs/releases/v2022.6.md

@@ -78,7 +78,7 @@ slug: "2022.6"
 -   web/elements: add spinner when loading dynamic routes
 -   web/flows: add divider to identification stage for security key
 -   web/flows: fix error when webauthn operations failed and user retries
--   web/flows: remove autofocus from password field of identifications tage
+-   web/flows: remove autofocus from password field of identifications stage
 
 ## Upgrading