diff --git a/tests/wdio/package-lock.json b/tests/wdio/package-lock.json index d594c937c..2eeafd9eb 100644 --- a/tests/wdio/package-lock.json +++ b/tests/wdio/package-lock.json @@ -9,10 +9,10 @@ "@trivago/prettier-plugin-sort-imports": "^4.2.0", "@typescript-eslint/eslint-plugin": "^6.7.5", "@typescript-eslint/parser": "^6.7.5", - "@wdio/cli": "^8.17.0", - "@wdio/local-runner": "^8.17.0", - "@wdio/mocha-framework": "^8.17.0", - "@wdio/spec-reporter": "^8.17.0", + "@wdio/cli": "^8.18.0", + "@wdio/local-runner": "^8.18.0", + "@wdio/mocha-framework": "^8.18.0", + "@wdio/spec-reporter": "^8.18.1", "eslint": "^8.51.0", "eslint-config-google": "^0.14.0", "eslint-plugin-sonarjs": "^0.21.0", @@ -1067,18 +1067,18 @@ } }, "node_modules/@wdio/cli": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.17.0.tgz", - "integrity": "sha512-RF7QMY4K9aS6kQipHcmPPtuo5VZd8UNOqt2dw97b2LKxK0niDOAwQNQSB5lzhCOJ6sRVAIlX/DVo23zhGbldvA==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.18.0.tgz", + "integrity": "sha512-zLt6pEbSwW/S7sBH5uZrYn9HhexB57ufqMV6IAKgX0SsJQwqOu1hdCIOiH1ZAfAHr2bPjpqIDIW+WOvV7mug9g==", "dev": true, "dependencies": { "@types/node": "^20.1.1", - "@wdio/config": "8.17.0", - "@wdio/globals": "8.17.0", + "@wdio/config": "8.18.0", + "@wdio/globals": "8.18.0", "@wdio/logger": "8.16.17", - "@wdio/protocols": "8.16.5", + "@wdio/protocols": "8.18.0", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "async-exit-hook": "^2.0.1", "chalk": "^5.2.0", "chokidar": "^3.5.3", @@ -1093,7 +1093,7 @@ "lodash.union": "^4.6.0", "read-pkg-up": "10.1.0", "recursive-readdir": "^2.2.3", - "webdriverio": "8.17.0", + "webdriverio": "8.18.0", "yargs": "^17.7.2", "yarn-install": "^1.0.0" }, @@ -1117,14 +1117,14 @@ } }, "node_modules/@wdio/config": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.17.0.tgz", - "integrity": "sha512-6qUgE99D8XSKSDdwLrpeEatJ133Ce0UPrIyTNdsIFOQ7vSmwBif+vmFDSa7mCt1+ay2hLYglEwVJ1r+48Ke/pw==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/config/-/config-8.18.0.tgz", + "integrity": "sha512-sS5OXyxRtPCXDKloCqtEFuhei9WCxFzM7B5CyTKanbZ+xF4+t21aNF49OXXzWZXhUylK88whGB7amwO8tfJFww==", "dev": true, "dependencies": { "@wdio/logger": "8.16.17", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "decamelize": "^6.0.0", "deepmerge-ts": "^5.0.0", "glob": "^10.2.2", @@ -1136,28 +1136,28 @@ } }, "node_modules/@wdio/globals": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.17.0.tgz", - "integrity": "sha512-SWI1faPNYgZnPwS2TZF+/Vpg2wxB8Yx0nHv/t3JvZ/QOZs/NpWJ9oXNjCDuktljNXaYhUOgYsx1e5DHHR6VTuQ==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/globals/-/globals-8.18.0.tgz", + "integrity": "sha512-r6BvpMaqD3+pf7U7Lq1EnbahGhf/3BRO6aqQP7z7IlwakoeU9ih/yTA31BGt36wj0Vx8dhFfR0JpFhMXpvDqiA==", "dev": true, "engines": { "node": "^16.13 || >=18" }, "optionalDependencies": { "expect-webdriverio": "^4.2.5", - "webdriverio": "8.17.0" + "webdriverio": "8.18.0" } }, "node_modules/@wdio/local-runner": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.17.0.tgz", - "integrity": "sha512-hYubvTs80U2h9s4mtd7+znRiQwLnn2duwdYW0L+pRkt3yDmaA76R/a//GrpIFqn9j04463S9xv4pOGOat10fPA==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/local-runner/-/local-runner-8.18.0.tgz", + "integrity": "sha512-fArLIgYbMPP7gqajy6lZSMgECkyKFNRJG75UA0NjMoTBmZLzJavgadnB/uF42dXyNBdZ218abikF90qMLF1RJg==", "dev": true, "dependencies": { "@types/node": "^20.1.0", "@wdio/logger": "8.16.17", "@wdio/repl": "8.10.1", - "@wdio/runner": "8.17.0", + "@wdio/runner": "8.18.0", "@wdio/types": "8.17.0", "async-exit-hook": "^2.0.1", "split2": "^4.1.0", @@ -1195,16 +1195,16 @@ } }, "node_modules/@wdio/mocha-framework": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.17.0.tgz", - "integrity": "sha512-jHNsPib3sddudsULxxVJi/M4k+A+YfrkZr1covvEciLUF4Myr8O1D6GOLPT8HkqY3XMU6PKjs1Xz1rkZokmuAw==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/mocha-framework/-/mocha-framework-8.18.0.tgz", + "integrity": "sha512-8c+z3il5s9nWqZ4NqQxOherex2VbMC4xNAllJO4pixeJkKhRI30mB0f1/gMM4YjO7sW801AHSSMD1lWNh/kDOg==", "dev": true, "dependencies": { "@types/mocha": "^10.0.0", "@types/node": "^20.1.0", "@wdio/logger": "8.16.17", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "mocha": "^10.0.0" }, "engines": { @@ -1212,9 +1212,9 @@ } }, "node_modules/@wdio/protocols": { - "version": "8.16.5", - "resolved": "https://registry.npmjs.org/@wdio/protocols/-/protocols-8.16.5.tgz", - "integrity": "sha512-u9I57hIqmcOgrDH327ZCc2GTXv2YFN5bg6UaA3OUoJU7eJgGYHFB6RrjiNjLXer68iIx07wwVM70V/1xzijd3Q==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/protocols/-/protocols-8.18.0.tgz", + "integrity": "sha512-TABA0mksHvu5tE8qNYYDR0fDyo90NCANeghbGAtsI8TUsJzgH0dwpos3WSSiB97J9HRSZuWIMa7YuABEkBIjWQ==", "dev": true }, "node_modules/@wdio/repl": { @@ -1246,31 +1246,31 @@ } }, "node_modules/@wdio/runner": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.17.0.tgz", - "integrity": "sha512-icWRiCytpIlrJGq2CUUS4QfrFjiiX2pDoBGH1hr7L8XDorQ7niyTQWYPj7DoDuDy42poWuCjsCxZCBgb5YHw1Q==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/runner/-/runner-8.18.0.tgz", + "integrity": "sha512-5I9DWh1cW9/Om+E7vNWFNx7BqavAzOFvvj1cihTzT766Y3I2wLHAUAE0OJoOZsk53beBJNYnCIOwrOWjk7RdZQ==", "dev": true, "dependencies": { "@types/node": "^20.1.0", - "@wdio/config": "8.17.0", - "@wdio/globals": "8.17.0", + "@wdio/config": "8.18.0", + "@wdio/globals": "8.18.0", "@wdio/logger": "8.16.17", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "deepmerge-ts": "^5.0.0", "expect-webdriverio": "^4.2.5", "gaze": "^1.1.2", - "webdriver": "8.17.0", - "webdriverio": "8.17.0" + "webdriver": "8.18.0", + "webdriverio": "8.18.0" }, "engines": { "node": "^16.13 || >=18" } }, "node_modules/@wdio/spec-reporter": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.17.0.tgz", - "integrity": "sha512-qefsqN71S0Imbcdq7mWqVVij6qbLw8Mx55tUsr+ImPhDDQWbh+XPgP0tsTDbdLmPez7V2Ui0wovHA2WYbif3GQ==", + "version": "8.18.1", + "resolved": "https://registry.npmjs.org/@wdio/spec-reporter/-/spec-reporter-8.18.1.tgz", + "integrity": "sha512-p6l8mR7K+l66QJl/m+sV9ahCp570ThaqxLc3npYDt5N4ut/qqDgqnwVU3qt0kwx/QMLrYLiXjjMKXqs6DkJTiA==", "dev": true, "dependencies": { "@wdio/reporter": "8.17.0", @@ -1308,9 +1308,9 @@ } }, "node_modules/@wdio/utils": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.17.0.tgz", - "integrity": "sha512-WkXY+kSFOi/7tztB1uWVRfu6E/4TIEBYni+qCYTkaPI5903EDratkeakINuu63xL7WtYv9adt7ndtDVcsi1KTg==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/@wdio/utils/-/utils-8.18.0.tgz", + "integrity": "sha512-ziXToU5BZSW96KNPhTGYl3eVmHQV5YeI+lsBozXJ5tGofaBCYMtbxdAI573IwR6lo8+evEdNTIGJgZXp8lDOxQ==", "dev": true, "dependencies": { "@puppeteer/browsers": "^1.6.0", @@ -8693,18 +8693,18 @@ } }, "node_modules/webdriver": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.17.0.tgz", - "integrity": "sha512-YxAOPJx4dxVOsN2A7XpFu1IzA12M3yO82oDCjauyPGJ7+TQgXGVqEuk0wtNzOn8Ok8uq7sPFkne5ASQBsH6cWg==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/webdriver/-/webdriver-8.18.0.tgz", + "integrity": "sha512-OImB/K2BMGVP77yGpB4qrAwzAVrlusL5egaqoA9sl4inh1Ff+6n+LwQmPfe/dezejm5Fxuaf/HWvWEq91WbghQ==", "dev": true, "dependencies": { "@types/node": "^20.1.0", "@types/ws": "^8.5.3", - "@wdio/config": "8.17.0", + "@wdio/config": "8.18.0", "@wdio/logger": "8.16.17", - "@wdio/protocols": "8.16.5", + "@wdio/protocols": "8.18.0", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "deepmerge-ts": "^5.1.0", "got": "^ 12.6.1", "ky": "^0.33.0", @@ -8752,18 +8752,18 @@ } }, "node_modules/webdriverio": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.17.0.tgz", - "integrity": "sha512-nn4OzRAJOxWYRQDdQNM/XQ9QKYWfUjhirFwB3GeQ5vEcqzvJmU0U0DMwlMjDYi6O6RMvkJY384+GA/0Dfiq3vg==", + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/webdriverio/-/webdriverio-8.18.0.tgz", + "integrity": "sha512-LVgmZHn36NOL4O1RszBa7TPYf5VAyakmgkkDtWe1tVVQ2AkbIKnhKGLar6BQd/wfLIn61pKfvvmmYwDjnXgkhg==", "dev": true, "dependencies": { "@types/node": "^20.1.0", - "@wdio/config": "8.17.0", + "@wdio/config": "8.18.0", "@wdio/logger": "8.16.17", - "@wdio/protocols": "8.16.5", + "@wdio/protocols": "8.18.0", "@wdio/repl": "8.10.1", "@wdio/types": "8.17.0", - "@wdio/utils": "8.17.0", + "@wdio/utils": "8.18.0", "archiver": "^6.0.0", "aria-query": "^5.0.0", "css-shorthand-properties": "^1.1.1", @@ -8780,7 +8780,7 @@ "resq": "^1.9.1", "rgb2hex": "0.2.5", "serialize-error": "^11.0.1", - "webdriver": "8.17.0" + "webdriver": "8.18.0" }, "engines": { "node": "^16.13 || >=18" diff --git a/tests/wdio/package.json b/tests/wdio/package.json index 8fbe2bf96..02313d828 100644 --- a/tests/wdio/package.json +++ b/tests/wdio/package.json @@ -6,10 +6,10 @@ "@trivago/prettier-plugin-sort-imports": "^4.2.0", "@typescript-eslint/eslint-plugin": "^6.7.5", "@typescript-eslint/parser": "^6.7.5", - "@wdio/cli": "^8.17.0", - "@wdio/local-runner": "^8.17.0", - "@wdio/mocha-framework": "^8.17.0", - "@wdio/spec-reporter": "^8.17.0", + "@wdio/cli": "^8.18.0", + "@wdio/local-runner": "^8.18.0", + "@wdio/mocha-framework": "^8.18.0", + "@wdio/spec-reporter": "^8.18.1", "eslint": "^8.51.0", "eslint-config-google": "^0.14.0", "eslint-plugin-sonarjs": "^0.21.0", diff --git a/web/src/admin/providers/scim/SCIMProviderViewPage.ts b/web/src/admin/providers/scim/SCIMProviderViewPage.ts index 8a4d7fe0b..e9d0afb79 100644 --- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts +++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts @@ -120,10 +120,7 @@ export class SCIMProviderViewPage extends AKElement { if (!this.provider) { return html``; } - return html`
- ${msg("SCIM provider is in preview.")} -
- ${!this.provider?.assignedBackchannelApplicationName + return html` ${!this.provider?.assignedBackchannelApplicationName ? html`
${msg( "Warning: Provider is not assigned to an application as backchannel provider.", diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 0abd9ab1c..cb04bce07 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -1689,9 +1689,6 @@ NameID attribute - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5873,22 +5870,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index 34c0c51e5..53a2b42f2 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -1779,10 +1779,6 @@ NameID attribute NameID attribute - - SCIM provider is in preview. - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. Warning: Provider is not assigned to an application as backchannel provider. @@ -6156,22 +6152,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index 461d4502c..a8b6f18a8 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -1661,9 +1661,6 @@ NameID attribute - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5788,22 +5785,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index a309541a8..70093c447 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -2216,11 +2216,6 @@ Il y a jour(s) NameID attribute Attribut NameID - - - SCIM provider is in preview. - Le fournisseur SCIM est en aperçu. - Warning: Provider is not assigned to an application as backchannel provider. @@ -7691,22 +7686,11 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index ab2cd304d..be8da53ea 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -1715,9 +1715,6 @@ NameID attribute Atrybut NameID - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5996,22 +5993,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index 4bac06609..18738e568 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -1756,10 +1756,6 @@ NameID attribute - - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -6091,22 +6087,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index faaae0a67..3eb16f662 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -1660,9 +1660,6 @@ NameID attribute - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5781,22 +5778,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 259262314..88adeffd2 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -2217,11 +2217,6 @@ NameID attribute NameID 属性 - - - SCIM provider is in preview. - SCIM 提供程序处于预览状态。 - Warning: Provider is not assigned to an application as backchannel provider. @@ -7623,9 +7618,11 @@ Bindings to groups/users are checked against the user of the event. Flow Info + 流程信息 Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + 用来配置 WebAuthn 身份验证器(即 Yubikey、FaceID/Windows Hello)的阶段。 <<<<<<< HEAD @@ -7696,22 +7693,15 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main + 自定义属性 Don't show this message again. + 不要再显示此消息。 - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + + + diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 8e61e821c..5b6598e99 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -1674,9 +1674,6 @@ NameID attribute - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5829,22 +5826,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/web/xliff/zh_CN.xlf b/web/xliff/zh_CN.xlf index 411ef8e82..caf2987eb 100644 --- a/web/xliff/zh_CN.xlf +++ b/web/xliff/zh_CN.xlf @@ -5305,11 +5305,6 @@ doesn't pass when either or both of the selected options are equal or above the When multiple stages are selected, the user can choose which one they want to enroll. 选中多个阶段时,用户可以选择要注册哪个。 - - - Stage used to configure a WebAutnn authenticator (i.e. Yubikey, FaceID/Windows Hello). - 用来配置 WebAuthn 身份验证器(即 Yubikey、FaceID/Windows Hello)的阶段。 - User verification @@ -7825,6 +7820,22 @@ Bindings to groups/users are checked against the user of the event. When using IDP-initiated logins, the relay state will be set to this value. 当使用 IDP 发起的登录时,中继状态会被设置为此值。 + + + Flow Info + 流程信息 + + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + 用来配置 WebAuthn 身份验证器(即 Yubikey、FaceID/Windows Hello)的阶段。 + + + Custom attributes + 自定义属性 + + + Don't show this message again. + 不要再显示此消息。 diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index bbe162b1c..be253d994 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -1674,9 +1674,6 @@ NameID attribute - - SCIM provider is in preview. - Warning: Provider is not assigned to an application as backchannel provider. @@ -5828,22 +5825,11 @@ Bindings to groups/users are checked against the user of the event. forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). -======= + Custom attributes ->>>>>>> main Don't show this message again. - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - + diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.md index 57624b119..ceddc916c 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.md @@ -66,7 +66,7 @@ return ak_is_group_member(request.user, name="test_group") Fetch a user matching `**filters`. -Returns "None" if no user was found, otherwise [User](/docs/user-group/user) +Returns "None" if no user was found, otherwise returns the [User](/docs/user-group/user) object. Example: diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md index cc747ccad..250e15400 100644 --- a/website/docs/expressions/_user.md +++ b/website/docs/expressions/_user.md @@ -1,4 +1,4 @@ -- `user`: The current user. This may be `None` if there is no contextual user. See ([User](../user-group/user.md#object-attributes)) +- `user`: The current user. This may be `None` if there is no contextual user. See [User](../user-group/user/user_ref.md#object-properties). Example: diff --git a/website/docs/flow/context/index.md b/website/docs/flow/context/index.md index a98512c25..07b584092 100644 --- a/website/docs/flow/context/index.md +++ b/website/docs/flow/context/index.md @@ -22,7 +22,7 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub ### Common keys -#### `pending_user` ([User object](../../user-group/user.md)) +#### `pending_user` ([User object](../../user-group/user/user_ref.md#object-properties)) `pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../stages/identification/). diff --git a/website/docs/policies/expression.mdx b/website/docs/policies/expression.mdx index c98803f65..cf59dccfd 100644 --- a/website/docs/policies/expression.mdx +++ b/website/docs/policies/expression.mdx @@ -41,7 +41,7 @@ import Objects from "../expressions/_objects.md"; - `request`: A PolicyRequest object, which has the following properties: - - `request.user`: The current user, against which the policy is applied. See [User](../user-group/user.md#object-attributes) + - `request.user`: The current user, against which the policy is applied. See [User](../user-group/user/user_ref.md#object-properties) :::caution When a policy is executed in the context of a flow, this will be set to the user initiaing request, and will only be changed by a `user_login` stage. For that reason, using this value in authentication flow policies may not return the expected user. Use `context['pending_user']` instead; User Identification and other stages update this value during flow execution. @@ -77,7 +77,7 @@ This includes the following: - `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional) - `context['application']`: The application the user is in the process of authorizing. (Optional) - `context['source']`: The source the user is authenticating/enrolling with. (Optional) -- `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes) +- `context['pending_user']`: The currently pending user, see [User](../user-group/user/user_ref.md#object-properties) - `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional) - `context['auth_method']`: Authentication method (this value is set by password stages) (Optional) diff --git a/website/docs/providers/scim/index.md b/website/docs/providers/scim/index.md index ee8f4c020..51fb4d868 100644 --- a/website/docs/providers/scim/index.md +++ b/website/docs/providers/scim/index.md @@ -4,10 +4,6 @@ title: SCIM Provider SCIM (System for Cross-domain Identity Management) is a set of APIs to provision users and groups. The SCIM provider in authentik supports SCIM 2.0 and can be used to provision and sync users from authentik into other applications. -:::info -The SCIM provider is currently in Preview. -::: - ### Configuration A SCIM provider requires a base URL and a token. SCIM works via HTTP requests, so authentik must be able to reach the specified endpoint. diff --git a/website/docs/user-group/user/create_invite.png b/website/docs/user-group/user/create_invite.png new file mode 100644 index 000000000..3855bb82a Binary files /dev/null and b/website/docs/user-group/user/create_invite.png differ diff --git a/website/docs/user-group/user/index.mdx b/website/docs/user-group/user/index.mdx new file mode 100644 index 000000000..9f15e85ff --- /dev/null +++ b/website/docs/user-group/user/index.mdx @@ -0,0 +1,12 @@ +--- +title: About users +--- + +import DocCardList from "@theme/DocCardList"; +import { useCurrentSidebarCategory } from "@docusaurus/theme-common"; + +In authentik you can create and manage users with fine-tuned access control, session and event details, group membership, super-user rights, impersonation, and password management and recovery. + +To learn more about working with users in authentik, refer to the following topics: + + diff --git a/website/docs/user-group/user/invitations.md b/website/docs/user-group/user/invitations.md new file mode 100644 index 000000000..7387543f5 --- /dev/null +++ b/website/docs/user-group/user/invitations.md @@ -0,0 +1,49 @@ +--- +title: Invitations +description: "Learn how to create an invitation URL for new users to enroll." +--- + +Invitations are another way to create a user, by inviting someone to join your authentik instance, as a new user. With invitations, you can either email an enrollment invitation URL to one or more specific recipients with pre-defined credentials, or you can email a URL to users, who can then log in and define their own credentials. + +:::info +You can also create a policy to see if the invitation was ever used. +::: + +## Create an invitation + +The fastest way to create an invitation is to use our pre-defined `default-enrollment-flow` that has the necessary stages and prompts already included. + +**Step 1. Download the `default-enrollment-flow` file** + +To download the `default-enrollment-flow` file, run this command: + +``` +wget https://raw.githubusercontent.com/goauthentik/authentik/main/website/developer-docs/blueprints/example/flows-enrollment-2-stage.yaml +``` + +Alternatively, use this [link](/blueprints/example/flows-enrollment-2-stage.yaml) to view and save the file. For more details, refer to the [documentation](https://goauthentik.io/docs/flow/examples/flows#enrollment-2-stage). + +**Step 2. Import the `default-enrollment-flow` file** + +In authentik, navigate to the Admin UI, and then click **Flows** in the left navigation pane. + +At the top of the Flows page, click **Import**, and then select the `flows-enrollment-2-stage.yaml` file that you just downloaded. + +**Step 3. Create the invitation object** + +In the Admin UI, navigate to **Directory --> Invitations**, and then click **Create** to open the **Create Invitation** modal. Define the following fields: + +- **Name**: provide a name for your invitation object. +- **Expires**: select a date for when you want the invitation to expire. +- **Flow**: in the drop-down menu, select the **default-enrollment-flow** Flow. +- **Custom attributes**: (_optional_) enter optional key/value pairs here, to pre-define any information about the user that you will invite to enroll. The data entered here is considered as a variable, specifically the `context['prompt_data']` variable. This data is read by the context flow's [prompt stage](../../flow/stages/prompt/index.md) in an expression policy. + +![Create an invitation modal box](./create_invite.png) + +- **Single use**: specify whether or not you want the invitation to expire after a single use. + +Click **Save** to save the new invitation and close the modal and return to the **Invitations** page. + +**Step 3. Email the invitation** + +On the **Invitations** page, click the chevron beside your new invitation, to expand the details. The **Link to use the invitation** displays with the URL. Copy the URL and send it in an email to the people you want to invite to enroll. diff --git a/website/docs/user-group/user/user_basic_operations.md b/website/docs/user-group/user/user_basic_operations.md new file mode 100644 index 000000000..73a834252 --- /dev/null +++ b/website/docs/user-group/user/user_basic_operations.md @@ -0,0 +1,117 @@ +--- +title: Manage users +--- + +The following topics are for the basic management of users: how to create, modify, delete or deactivate users, and using a recovery email. + +### Create a user + +> If you want to automate user creation, you can do that either by [invitations](./invitations.md), [`user_write` stage](../../flow/stages/user_write), or [using the API](/developer-docs/api/browser). + +1. In the Admin interface of your authentik instance, select **Directory > Users** in the left side menu. + +2. Select the folder where you want to create a user. + +3. Click **Create** (for a default user). + +4. Fill in the required fields: + +- **Username**: This value must be unique across your user folders. +- **Path**: The path where the user will be created. It will be automatically populated with the folder you selected in the previous step. + +5. Fill the **_optional_** fields if needed: + +- **Name**: The display name of the user. +- **Email**: The email address of the user. That will be used if there is a [notification rule](../../events/notifications) triggered or for [email stages](../../flow/stages/email). +- **Is active**: Define is the newly created user account is active. Selected by default. +- **Attributes**: Custom attributes definition for the user, in YAML or JSON format. These attributes can be used to enforce additional prompts on authentication stages or define conditions to enforce specific policies if the current implementation does not fit your use case. The value is an empty dictionary by default. + +6. Click **Create** + +You should see a confirmation pop-up on the top-right of the screen that the user has been created, and see the new user in the user list. You can directly click the username if you want to [modify your user](./user_basic_operations#modify-a-user). + +### View user details + +In the **Directory > Users** menu of the Admin interface, you can browse all the users in your authentik instance. + +To view details about a specific user: + +1. In the list of all users, click on the name of the user you want to check. + + This takes you to the **Overview** tab, with basic information about the user, and also quick access to perform basic actions to the user. + +2. To see further details, click any of the other tabs: + +- **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices. +- **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../group). +- **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc. +- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../providers/oauth2/). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application. +- **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**. +- **MFA Authenticators** shows all the authentications that the user has registered to their user profile. You can remove the tokens if the user has lost their authenticator and want to enroll a new one. + +## Modify a user + +After the creation of the user, you can edit any parameter defined during the creation. + +To modify a user object, go to **Directory > Users**, and click the edit icon beside the name. + +You can also go into [user details](#view-user-details), and click **Edit**. + +## User recovery + +If a user has lost their credentials, there are several options. + +### Email them a recovery link + +1. In the Admin interface, navigate to **Directory > Users** to display all users. + +2. Either click the name of the user to display the full User details page, or click the chevron (the › symbol) beside their name to expand the toptions. + +3. To generate a recovery link, which you can then copy and paste into an email, click **View recovery link**. + + A pop-up will appear on your browser with the link for you to copy and to send to the user. + +### Automate email to a user + +You can use our automated email to send a link with the URL for the user to reset their password. This option will only work if you have properly [configured a SMTP server during the installation](../../installation/docker-compose#email-configuration-optional-but-recommended) and set an email address for the user. + +1. In the Admin interface, navigate to **Directory > Users** to display all users. + +2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. + +3. To send the automated email to the user, click **Email recovery link**. + +If the user does not receive the email, check if the mail server parameters [are properly configured](../../troubleshooting/emails). + +### Reset the password for the user + +As an Admin, you can simply reset the password for the user. + +1. In the Admin interface, navigate to **Directory > Users** to display all users. + +2. Either click the name of the user to display the full User details page, or click the chevron beside their name to expand the toptions. + +3. To reset the user's password, click **Reset password**, and then define the new value. + +## Deactivate or Delete user + +#### To deactivate a user: + +1. Go into the user list or detail, and click **Deactivate**. + +2. Review the changes and click **Update**. + +The active sessions are revoked and the authentication of the user blocked. You can reactivate the account by following the same procedure. + +#### To delete a user: + +:::caution +This deletion is not reversible, so be sure you do not need to recover any identity data of the user. +You may instead deactivate the account to preserve identity data. +::: + +1. Go into the user list and select one (or multiple users) to delete and click **Delete** on the top-right of the page. + +2. Review the changes and click **Delete**. + +The user list refreshes and no longer displays the removed users. diff --git a/website/docs/user-group/user.md b/website/docs/user-group/user/user_ref.md similarity index 88% rename from website/docs/user-group/user.md rename to website/docs/user-group/user/user_ref.md index 6651b7cf2..88d8a3af5 100644 --- a/website/docs/user-group/user.md +++ b/website/docs/user-group/user/user_ref.md @@ -1,5 +1,5 @@ --- -title: User +title: User properties and attributes --- ## Object properties @@ -19,15 +19,15 @@ The User object has the following properties: - `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes. - `ak_groups` This is a queryset of all the user's groups. - You can do additional filtering like + You can do additional filtering like: ```python user.ak_groups.filter(name__startswith='test') ``` - see [here](https://docs.djangoproject.com/en/3.1/ref/models/querysets/#id4) + For Django field lookups, see [here](https://docs.djangoproject.com/en/4.2/ref/models/querysets/#id4). - To get the name of all groups, you can do + To get the name of all groups, you can use this command: ```python [group.name for group in user.ak_groups.all()] @@ -72,7 +72,7 @@ Only applies when the token creation is triggered by the user with this attribut ### `goauthentik.io/user/debug`: -See [Troubleshooting access problems](../troubleshooting/access.md), when set, the user gets a more detailed explanation of access decisions. +See [Troubleshooting access problems](../../troubleshooting/access), when set, the user gets a more detailed explanation of access decisions. ### `additionalHeaders`: diff --git a/website/sidebars.js b/website/sidebars.js index 6b8a56bdf..902194492 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -260,7 +260,22 @@ const docsSidebar = { { type: "category", label: "Users & Groups", - items: ["user-group/user", "user-group/group"], + items: [ + { + type: "category", + label: "Users", + link: { + type: "doc", + id: "user-group/user/index", + }, + items: [ + "user-group/user/user_basic_operations", + "user-group/user/user_ref", + "user-group/user/invitations", + ], + }, + "user-group/group", + ], }, { type: "category",