trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,515 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

147 Commits

Author SHA1 Message Date
Marc 'risson' Schmitt 2d04fa0de2
add docs 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2024-01-16 05:25:42 +01:00
Marc 'risson' Schmitt c2f5f993b2
Merge branch 'main' into multi-tenant-django-tenants 2024-01-10 17:57:40 +01:00
Jens L 6649f7ab72
providers/oauth2: fix CVE-2024-21637 (#8104) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2024-01-09 18:14:12 +01:00
Marc 'risson' Schmitt f35f86442b
Merge branch 'main' into multi-tenant-django-tenants 2024-01-03 12:22:25 +01:00
Jens L 240cf6dd94
enterprise/providers: Add RAC [AUTH-15] (#7291) 
* add basic guacamole

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make everything mostly work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add rac build to CI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix resize, fix web lint, sendSize correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pre-send connection from client, format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve throughput

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework TokenOutpostConsumer into middleware

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some layout issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add outpost controllers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start testing audio things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix to work with outpost group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add simple loadbalancing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add simple reconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show reconnecting text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error when checking ports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move to providers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flow check to interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix go lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rac app label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix audio

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow overriding all settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate keyboard, debug high DPI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing __init__.py breaking model loading

I love python

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump successful ws connection to info

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hide cursor since guac draws that

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add clipboard support (bidirectional)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make codespell not want to break the code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* run pr comment in separate task

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start endpoint and property mapping stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more endpoint things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix event model_pk filtering with ints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: improve event display for changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rebuild endpoint stuff again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk special url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more stuff, connect token with session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add disconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework disconnect

cleanly disconnect from guacd instead of just letting the connection timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clear cache when creating outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* support host:port and fix protocol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* center smaller viewport

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework connection to wait more and stop after some time

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add policy control to endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove provider protocol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't switch to different outpost connection when already chosen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start using property mappings, add static settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some RAC mapping settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests for event changes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests and fix issues found by said tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add preview banner, move endpoints to main page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* auto-select endpoint if only one is available

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* backport https://github.com/goauthentik/authentik/pull/7831 to rac

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont select property mappings on endpoints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make table modal only load when opened

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only auto-redirect when open

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for token expiry and terminate session

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add endpoint name to title

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* disconnect connection when token is manually deleted

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add initial RAC docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add connection expiry setting to provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flaky tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-12-30 21:33:14 +01:00
Marc 'risson' Schmitt 951f9ce043
Merge branch 's3-support' into multi-tenant-django-tenants 2023-12-20 10:33:29 +01:00
Marc 'risson' Schmitt 9619c2433f
root: add support for storing media files in S3 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-12-20 09:44:02 +01:00
Marc 'risson' Schmitt 5cd6791739
website: tenants -> brands 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-11-21 19:09:00 +01:00
Jens L b88e39411c
security: fix CVE-2023-48228 (#7666) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-11-21 18:10:07 +01:00
Jens L 261879022d
security: fix oobe-flow reuse when akadmin is deleted (#7361) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-10-28 21:24:06 +02:00
Jens L d9b3e307e3
website/docs: add 2023.10 release notes (#7309) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-10-26 15:10:17 +02:00
Tana M Berry 84fdd3c750
website/docs: RBAC docs (#7191) 
* draft rbac docs

* tweaks

* add a permissions topic

* tweaks

* more changes

* draft permissions topic

* more content on roles

* links

* typo

* more conceptual info

* Optimised images with calibre/image-actions

* more content on roles

* add more x-ref links

* fix links

* more content

* links

* typos

* polishing

* Update website/docs/user-group-role/access-control/permissions.md

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* separwate conceptual vs procedural in permissions

* finished groups procedurals

* new page

* added link

* Update website/docs/user-group-role/access-control/permissions.md

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* polish

* edits from PR review

* restructured view section to remove repetition

* rest of edits from PR review

* polished flows and stages

* polish

* typo

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2023-10-26 12:31:32 +02:00
Tana M Berry 78af350610
website/docs: Balok pr for User docs (#7139) 
* procedrual docs

* restructure

* new image, edit tweaks

* more tweaks

* edits

* edits for new button labels

* more content in invitations

* tweaks

* Optimised images with calibre/image-actions

* fixed link

* links

* ken's edits

* changed label name

* spelling checks

* fix links

* links again

* fighting with imports

* ugh

* add extensions back

* fix link

* tweak

* rename file again

* more links

* added punctuation

* use generated index

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-10-12 21:45:21 +02:00
Jens L 782341441a
website: update 2023.8 release notes (#6666) 
* update main release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-08-29 19:57:14 +02:00
Jens L aa874dd92a
security: fix CVE-2023-39522 (#6665) 
* stages/email: don't disclose whether a user exists or not when recovering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-29 19:07:49 +02:00
Tana M Berry 87f65526e1
website/docs: Enterprise docs (#6632) 
* new ent docs

* first drafts WIP

* Optimised images with calibre/image-actions

* more details added

* further updates

* tweaks

* better image

* Optimised images with calibre/image-actions

* fix typos

* final edits

* fixed formatting fail

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2023-08-29 16:57:29 +00:00
Jens L d9f13e89c6
website: update release notes (#6590) 
* move 2023.7 to 2023.8

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move version dropdown from navbar to sidebar, and only have it on applicable sites

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove title instead of just hiding it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some styling for the mobile navbar sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add social image

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* fix website tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2023-08-22 13:03:11 +02:00
Sandeep Gadhiya 4693c50701
website/docs: Troubleshooting Whitelist Email and Web-Dev Setup Docs (#6426) 
* Whitelist email troubleshooting docs

* update preview website command

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* Update website/docs/troubleshooting/whitelist_email.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>

* refactor policies section

* refactor policies section

---------

Signed-off-by: Sandeep Gadhiya <sandeepgadhiya22@gmail.com>
Co-authored-by: sandeepgadhiya <sandeep.gadhiya@turtlemint.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-08-09 10:06:41 -05:00
Jens L cc6824fd7c
core: bump django from 4.1.7 to 4.2 (#5238) 
* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-08-01 19:30:28 +02:00
Jens L 33e7903699
website/docs: add architecture and persistence (#6250) 
* website/docs: add architecture and persistence

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add note about kubernetes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* link to relevant parts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-07-31 11:21:33 +02:00
Jens L 87cc649e17
website: finalise 2023.6 release notes (#6177) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-07 12:17:15 +02:00
Jens L d22d147c8e
security: fix CVE-2023-36456 (#6171) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-06 18:16:26 +02:00
Jens L b0fbd576fc
security: cure53 fix (#6039) 
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-22 22:25:04 +02:00
Jens L b4a3b266b3
website/docs: clarify troubleshooting headlines and order (#5696) 
* website/docs: clarify troubleshooting headlines and order

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/troubleshooting/login.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-19 15:54:04 +02:00
Jens L a58374f065
website/docs: add 2023.5 to release sidebar (#5631) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-16 14:12:30 +02:00
Tana M Berry 8356ceaead
website/docs: added info about how to upgrade (#5589) 
added info about how to upgrade

Co-authored-by: Tana Berry <tana@goauthentik.io>
 2023-05-12 10:25:26 -05:00
Jens L e75e2cf324
website/docs: flow context docs (#5243) 
* add flow context docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup some redundant things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* added more section headers

* tweaked new headings

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add more keys, use dedicated prefix for internal keys

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set toc_max_heading_level: 5

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update datatypes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more consistent header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-04-20 17:31:34 +00:00
Jens L 67644ace87
website/docs: prepare 2023.4 release notes (#5223) 
* website/docs: prepare 2023.4 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update website/docs/releases/2023/v2023.4.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add new release to sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-04-13 14:11:46 +02:00
Jens L 3f5effb1bc
providers/radius: simple radius outpost (#1796) 
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-20 16:54:35 +01:00
Jens L eaf56f4f3f
stages/user_login: stay logged in (#4958) 
* add initial remember me offset

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to go executor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui for user login stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-15 20:21:05 +01:00
Jens L 095850f038
website/docs: add new release to sidebar, cleanup (#4926) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-13 19:04:25 +01:00
Jens L bf7dc5df78
website/docs: separate pages for each webserver (#4911) 
* website/docs: separate pages for each webserver

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-03-13 17:29:51 +01:00
Jens L b6b820f6f1
web: toggle dark/light theme manually (#4876) 2023-03-09 23:17:53 +01:00
Jens L 28ddeb124f
providers: SCIM (#4835) 
* basic user sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add group sync and some refactor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow null authorization flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make task monitored

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add missing dependency

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make authorization_flow required for most providers via API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make task result better readable, exclude anonymous user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add task UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add scheduled task for all sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scim errors more readable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add mappings, migrate to mappings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add mapping UI and more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add scim docs to web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start implementing membership

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate signals to tasks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate fully to tasks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* strip none keys, fix lint errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix saml

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add scim schemas and validate against it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add group put support, add group tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* send correct application/scim+json headers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stop sync if no mappings are confiugred

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test for task sync

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add membership tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use decorator for tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make tests better

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-06 19:39:08 +01:00
Jens L 972dce1462
security: fix CVE-2023-26481 (#4832) 
fix CVE-2023-26481

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-02 20:15:33 +01:00
Jens Langhammer fc9ae9e938
website: include 2023.2 in sidebar 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-14 13:17:55 +01:00
Jens Langhammer cadb710c38
website/docs: add troubleshooting for CSRF 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-02 11:09:03 +01:00
Jens Langhammer 26f9bbeefa
website/docs: add 2023.1 to sidebar 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 16:36:03 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456) 
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 12:21:33 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens Langhammer 1efc7eecbf
website/docs: add metrics for monitoring and metrics 
closes #4308

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 20:49:35 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346) 
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 19:45:31 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:12:58 +01:00
Jens L f4990bb5da
core: bundle geoip (#4250) 
* bundle geoip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly pass secrets

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add geoip docs and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-20 22:09:30 +01:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140) 
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-02 16:14:25 +01:00
Jens Langhammer 147ebf1a5e root: rework and expand security policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-28 12:10:53 +01:00
Jens Langhammer 1efc0c1242 website/docs: update changelog 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 19:37:28 +01:00
Jens Langhammer a359184f29 website/docs: add 2022.10 to sidebar 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-21 19:42:22 +02:00
Rob 10cfccd999
website/docs: add General Setup instructions for LDAP Provider (#3680) 
* Added General Setup instructions for LDAP Provider

* Added General Setup instructions for LDAP Provider and updated relative links

* updated LDAP Outpost note verbiage

* Corrected the case for LDAP and renamed to Generic Setup

* removed ldapsearch example from index page

* updated verbiage around multifactor authentication

* removed note about local LDAP provider

* updated sidebar to reflect generic_setup

* updated logging info

* corrected typo

* updated stage creation instructions and screenshot

* corrected another typo

* corrected another typo

* reword some things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-16 14:57:57 +00:00