Jens Langhammer
6e1a54753e
providers/oauth2: fix import order
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:56:12 +01:00
Jens Langhammer
67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:43 +01:00
Jens Langhammer
d37de6bc00
policies: log full stacktrace
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 19:53:21 +01:00
Jens L
cd12e177ea
providers/proxy: add initial header token auth ( #4421 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for openid/profile claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* include jwks sources in proxy provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add web ui for jwks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only show sources with JWKS data configured
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix introspection tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start basic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs, update admonitions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add client_id to api, add tab for auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer
31c6ea9fda
providers/oauth2: don't allow spaces in scope_name
...
closes #4094
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:20:37 +01:00
Jens L
20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes ( #4429 )
...
* providers/oauth2: correctly fill claims_supported based on selected scopes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add nonce claim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 14:14:25 +01:00
Jens L
36822c128c
admin: include task duration in API ( #4428 )
...
include task duration in API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 13:21:49 +01:00
Jens Langhammer
81e9f2d608
web/admin: fix overflow in aggregate cards
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 14:12:02 +01:00
Jens L
67a6fa6399
events: rework metrics ( #4407 )
...
* rework metrics
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* change graphs to be over last week
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix Apps with most usage card
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-11 12:21:07 +01:00
Jens L
1ed24a5eef
blueprints: internal storage ( #4397 )
...
* rework oci client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add blueprint content
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make path optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-10 22:00:34 +01:00
Jens Langhammer
b555ccd549
sources/ldap: don't run membership sync if group sync is disabled
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4392
2023-01-09 17:19:50 +01:00
Jens Langhammer
9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups
...
closes #4392
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 17:17:48 +01:00
Jens Langhammer
a1be924fa4
*: strip leading and trailing whitespace when reading config values from files
...
also add a debug endpoint that dumps the go parsed config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 15:29:22 +01:00
Jens Langhammer
47aba4a996
crypto: prevent creation of duplicate self-signed default certs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 16:51:07 +01:00
Jens Langhammer
001869641d
web: ensure img tags have alt attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:44:51 +01:00
Jens Langhammer
bec538c543
sources/ldap: make task timeout adjustable
...
closes #4375
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
sdimovv
c63ba3f378
blueprints: Fix resolve model_name in !Find
tag ( #4371 )
...
Resolve model_name in !Find tag
2023-01-06 09:49:28 +01:00
sdimovv
53cab07a48
blueprints: Add !Enumerate
, !Value
and !Index
tags ( #4338 )
...
* Added For and Item tags
* Removed Sequence node support from ForItem tag
* Added ForItemIndex tag
* Added support for iterating over mappings
* Added support for mapping output body
* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index
* Refactored tests
* Formatting
* Improved exception info
* Improved error handing
* Added docs
* lint
* Small doc improvements
* Replaced deepcopy() call with call to copy()
* Fix mistake in docs example
* Fix missed "!" in example
2023-01-05 21:36:19 +01:00
Jens L
a960ce9454
stages/user_write: add more user creation options ( #4367 )
...
* add more user creation options
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update blueprints and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
Jens L
e6b5810e03
polices/hibp: remove deprecated ( #4363 )
...
* remove hibp
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save event matcher apps in migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs, update some phrasing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer
78b711ec9d
Merge branch 'version-2022.12'
2023-01-05 10:41:54 +01:00
Jens Langhammer
ac07833688
release: 2022.12.2
2023-01-05 10:01:30 +01:00
Jens Langhammer
730139e43c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:09 +01:00
Jens L
24e8915e0a
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:40:06 +01:00
Jens Langhammer
3e7320734c
*: improve general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:26:55 +01:00
Jens L
3131e557d9
providers/proxy: add tests for proxy basic auth ( #4357 )
...
* add tests for proxy basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stop bandit from complaining
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 22:04:16 +01:00
Jens L
dc1359a763
providers/saml: initial SLO implementation ( #2346 )
...
* providers/saml: initial SLO implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add logout request tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/saml: add tests for POST SLO
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* matrix e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set e2e matrix name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate oidc and oauth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add basic saml slo e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add better metadata download url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* kinda prepare release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sort releases into folders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add slo urls to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix linking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Jens L
1e01e9813d
providers/saml: add prefix to entity descriptor ( #4355 )
...
add prefix to entity descriptor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 16:44:52 +01:00
Jens Langhammer
e887a315be
providers/oauth2: correctly advertise supported response_modes_supported
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:21:34 +01:00
Jens Langhammer
4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token
...
closes #4339
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:41:18 +01:00
Jens Langhammer
57400925a4
providers/saml: don't error if no request in API serializer context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-03 00:14:16 +01:00
Jens Langhammer
2dc0792d9e
stages/email: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 09:28:26 +01:00
Jens Langhammer
fde848ee51
admin: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-02 00:12:14 +01:00
Jens Langhammer
e9d52282b7
admin: use matching environment for system API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:58:12 +01:00
Jens Langhammer
c810628fe3
stages/email: use pending user correctly
...
closes #4318
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:57 +01:00
Jens Langhammer
de0a5191f7
core: remove unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:50:42 +01:00
Jens Langhammer
93e20bce2e
core: don't use inline_serializer for user operations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:16:44 +01:00
Jens Langhammer
960a2aab74
crypto: fix type for has_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:14:19 +01:00
Jens Langhammer
2cae6596eb
core: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:01:08 +01:00
Jens Langhammer
11b1eb4173
stages/email: make template tests less flaky
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 23:00:32 +01:00
Jens Langhammer
3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:43:44 +01:00
Jens Langhammer
9fdfb8c99b
stages/dummy: add toggle to throw error for debugging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 21:25:53 +01:00
Jens Langhammer
5cab280759
stages/captcha: fix captcha not loading correctly, add tests
...
closes #4320
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:15:41 +01:00
Jens Langhammer
9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 20:38:15 +01:00
Jens Langhammer
2c42c87689
release: 2022.12.1
2022-12-30 13:43:42 +01:00
dependabot[bot]
8262a47455
core: bump packaging from 21.3 to 22.0 ( #4181 )
...
* core: bump packaging from 21.3 to 22.0
Bumps [packaging](https://github.com/pypa/packaging ) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0 )
---
updated-dependencies:
- dependency-name: packaging
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove LegacyVersion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 12:07:25 +01:00
Jens L
bd56922a2f
blueprints: watch blueprints directory and trigger tasks ( #4309 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-30 11:30:18 +01:00
Jens Langhammer
68b58fb73c
blueprints: fix error when entry with state absent doesn't exist
...
closes #4305
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:55:17 +01:00
Jens Langhammer
97513467ad
blueprints: disallow flow token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 21:54:56 +01:00
sdimovv
ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes ( #4299 )
...
* Fixed state and model attributes not resolving yaml tags
* Linting
2022-12-29 10:05:32 +01:00
Jens Langhammer
b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 20:38:57 +01:00
Jens Langhammer
f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates
...
closes #4182
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 18:59:25 +01:00
Jens Langhammer
2b2323fae7
outposts: include hostname in outpost heartbeat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 16:07:52 +01:00
Jens Langhammer
24eb4ed963
release: 2022.12.0
2022-12-28 13:00:49 +01:00
Jens Langhammer
b16d1134ea
core: add endpoints to add/remove users from group atomically
...
closes #4252
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
Jens Langhammer
20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow
...
closes #4278
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 13:55:51 +01:00
sdimovv
8f3579ba45
blueprints: add !If
tag ( #4264 )
...
* Added \!If tag
* Fix typo
* Removed trailing whitespace
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* format blueprint fixtures
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-26 16:20:22 +01:00
Jens Langhammer
ae13fc3b92
policies: make name required
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:46:48 +01:00
Jens Langhammer
94b9ebb0bb
blueprints: add Env tag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-24 20:41:51 +01:00
Jens Langhammer
1b86a3d5d6
Merge branch 'version-2022.11'
2022-12-23 14:39:52 +01:00
Jens Langhammer
8b710b57a5
root: don't send traces in testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:37:58 +01:00
Jens Langhammer
9dc0bb2a77
release: 2022.11.4
2022-12-23 14:17:48 +01:00
Jens L
2d827eaae1
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:30 +01:00
Jens L
47d79ac28c
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:16:26 +01:00
Jens L
9f846d94be
security: fix CVE 2022 23555 ( #4274 )
...
* add flow to invitation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show warning on invitation page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add security advisory
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L
84fbeb5721
security: fix CVE 2022 46172 ( #4275 )
...
* fallback to current user in user_write, add flag to disable user creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update api and web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add cve post to website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer
01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 12:04:31 +01:00
Jens Langhammer
42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens Langhammer
e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 23:28:26 +01:00
Jens L
c635487210
blueprints: better OCI support in UI ( #4263 )
...
use oci:// prefix to detect oci blueprint, add UI support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer
fb09df26c9
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:56:05 +01:00
Jens Langhammer
e4e7a112e3
web: use version family subdomain for in-app doc links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 17:03:08 +01:00
Jens Langhammer
042865c606
blueprints: add conditions to blueprint schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 18:59:17 +01:00
sdimovv
7f662ac2f3
blueprints: Added conditional entry application ( #4167 )
...
* blueprints: Added !AsBool tag
* Renamed AsBool tag to Condition
* Added conditions attributed to BlueprintEntry
* Added docs for the conditions attribute of a blueprint entry
* Website linting fix
* add new tag to vscode settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 17:04:00 +00:00
Jens L
609f95ac97
providers: add preview for mappings ( #4254 )
...
* preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: show provider page on application page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use oauth2 end session url instead of direct interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont show provider page on application page for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI for preview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate and release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* separate saml api files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
Jens Langhammer
027ca88d83
lib: enable sentry profiles_sample_rate
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:51:22 +01:00
Jens L
ec925491b2
stages/captcha: customisable URLs ( #3832 )
...
* make api and js url customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use recaptcha.net domains
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* regen locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-18 14:18:43 +01:00
Jens Langhammer
3418943949
root: allow custom settings via python module
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
Jens Langhammer
8d169a8bd9
Merge branch 'version-2022.11'
2022-12-12 17:05:39 +00:00
Jens Langhammer
f47ce9a360
stages/user_login: prevent double success message when logging in via source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:34:16 +00:00
Jens Langhammer
01a897dbc2
flows: set stage name and verbose_name for in_memory stages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 16:22:48 +00:00
Jens Langhammer
fddcb3a835
events: remove legacy logger declaration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:32:06 +00:00
Jens Langhammer
5d51621278
stages/user_write: always ignore component
field and prevent warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:56 +00:00
Jens Langhammer
9ffc720f48
policies: log correct cache state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:31:41 +00:00
Jens Langhammer
4d8978ea90
bleuprints: fix flaky test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-09 11:04:44 +00:00
sdimovv
8d13235b74
blueprints: fixed bug causing filtering with an empty query ( #4106 )
...
* Fixed bug causing filtering with an empty query
Fixed bug allowing blueprint import to filter for existing models using an empty query.
The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* Added support for using dict fields as blueprint entry identifiers
* Disabled pylint too-many-locals for _validate_single
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
Jens Langhammer
44bf9a890e
release: 2022.11.3
2022-12-02 23:00:59 +02:00
Jens Langhammer
58cd6007b2
Merge branch 'version-2022.11'
2022-12-02 18:12:38 +02:00
Jens L
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
sdimovv
1f7d52c5ce
blueprints: Support nested custom tags in !Find
and !Format
tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
Jens Langhammer
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
Jens Langhammer
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
Jens Langhammer
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
Jens Langhammer
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
Jens Langhammer
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
sdimovv
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
Jens Langhammer
e22fce02f8
stages/authenticator_validate: improve validation for not_configured_action
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:52:51 +01:00
Jens Langhammer
e2bd96c5de
stages/authenticator_validate: fix validation to ensure configuration stage is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 21:37:52 +01:00
Jens Langhammer
f8ef2b666f
events: fix incorrect EventAction being used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:53:05 +01:00
Jens Langhammer
a9909fcf6d
providers/oauth2: set amr values based on login event
...
closes #4070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 11:21:59 +01:00
Jens Langhammer
1fa9b3a996
providers/saml: set AuthnContextClassRef based on login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:45 +01:00
Jens Langhammer
5019346ab6
events: save login event in session after login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#4070
2022-11-25 11:21:00 +01:00
Jens Langhammer
f22f1ebcde
stages/authenticator_validate: save used mfa devices in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-25 10:47:49 +01:00
Jens Langhammer
1c2cdfe06a
web/flows: improve error messages for failed duo push
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
Jens Langhammer
d0308a8239
stages/authenticator_validate: log duo error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:43 +01:00
Jens Langhammer
6843c8389b
stages/authenticator_duo: fix imported duo devices not being confirmed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:36:34 +01:00
Jens Langhammer
3a13d19695
release: 2022.11.1
2022-11-22 21:42:10 +01:00
Jens Langhammer
ed7bef9dbf
blueprints: open fixtures in read only mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:39:30 +01:00
Jens Langhammer
b9fdb63a57
core: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:02:18 +01:00
Jens Langhammer
5262d89505
core: fix tab-complete in shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:30:00 +01:00
Jens L
ab3d47c437
blueprints: add desired state attribute to objects ( #4061 )
...
* add state attribute to delete objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests, move yaml from block to files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add state to docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only try to format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
Jens Langhammer
14cd52686d
stages/email: add test for email translation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3885
2022-11-22 14:14:42 +01:00
Jens Langhammer
1a39754fe9
*: don't return values in test suites
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 11:38:34 +01:00
Jens Langhammer
5b8223808e
Merge branch 'version-2022.11'
2022-11-21 22:14:33 +01:00
Jens Langhammer
14f341f504
web/admin: fix error when importing duo devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
Jens Langhammer
20c1770ec4
release: 2022.11.0
2022-11-21 20:12:02 +01:00
Jens Langhammer
a2e512c36c
stages/authenticator_validate: add flag to configure user_verification for webauthn devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
Jens Langhammer
3c2da8138d
stages/invitation: directly delete invitation now that flow plan is saved in email token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 14:55:49 +01:00
Jens Langhammer
426f0bc9dd
events: deepcopy event kwargs to prevent objects being removed, remove workaround
...
closes #4041
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 12:31:17 +01:00
Jens Langhammer
cc3ab141e5
policies: only cache policies for authenticated users
...
closes #4033
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00
Jens Langhammer
c158ef80db
*: fix remaining old cache keys
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:18:32 +01:00
Jens L
9f5fb692ba
sources: add custom icon support ( #4022 )
...
* add source icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to oauth form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to other browser sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add migration, return icon in UI challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* deduplicate file upload
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
Jens Langhammer
d67ec1b62f
lib: fix complex objects being included in event context for ak_create_event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:51:02 +01:00
Jens Langhammer
e5241ac574
core: fix error when propertymappings return complex value
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:28:15 +01:00
Jens L
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens L
55aa1897af
root: use single redis db ( #4009 )
...
* use single redis db
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure __str__ always returns string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix remaining old prefixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens Langhammer
9f269faf53
stages/authenticator_*: cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 13:46:00 +01:00
Jens Langhammer
9bde7ef59e
Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions"
...
closes #4008
This reverts commit 538c2ca4d3
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/stages/authenticator_static/stage.py
# authentik/stages/authenticator_totp/stage.py
2022-11-15 11:35:53 +01:00
Jens L
88594075b2
policies/password: merge hibp add zxcvbn ( #4001 )
...
* initial zxcvbn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api and port tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add api diff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L
ffe6f65af5
outposts/kubernetes: ingress class ( #4002 )
...
* add support for ingressClassName
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add option to disable ssl verification for k8s controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
dependabot[bot]
4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye ( #3864 )
...
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye
Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump project
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump deps
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump ci to 3.11
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
sdimovv
5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded ( #3990 )
...
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
2022-11-12 13:23:33 +01:00
Jens Langhammer
3306003f0e
providers/oauth2: fix inconsistent expiry encoded in JWT
...
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-10 20:23:24 +01:00
Daniel
85c790728f
core: simplify group serializer for user API endpoint ( #3899 )
...
* core/api: Adding simple group serializer to improve user retrieval performance
Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.
* core/api: Update schema
Update to the schema based on the new SimpleGroupSerializer
* core/api: Fix black and pylint
* make naming consistent, remove unnecessary fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-09 11:19:40 +01:00
Jens Langhammer
47132faffb
root: relicense and launch blog post
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-03 16:00:00 +01:00
Jens Langhammer
cd0d898a4b
events: sanitize generator for json safety
...
closes #3903
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
Jens Langhammer
400751ed3c
api: fix missing scheme in securitySchemes
...
closes #3883
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-29 18:50:34 +02:00
Jens Langhammer
f3a72761c0
release: 2022.10.1
2022-10-29 17:24:55 +02:00
Jens Langhammer
841c13ed77
core: set prehydrated locale based on active backend locale
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
Jens L
30d708dd1f
core: explicitly enable locales ( #3889 )
...
* activate locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* set locale for email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
Jens Langhammer
9d0a7578ec
flows: fix error due to not validating error challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
Jens Langhammer
f8fab14e1e
core: refactor MessageStage to not use dynamic class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
Jens Langhammer
6b35d0c70b
core: check if session is authenticated before showing linked message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
Jens Langhammer
dd65862bf2
core: show success message when authenticating/enrolling after flow is finished
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
Jens Langhammer
6ea57921f2
sources/saml: set username field to name_id attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
Jens Langhammer
b0d4f035f1
blueprints: fix error when cleaning up unset attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 22:12:59 +02:00
Jens Langhammer
661d2ec701
Merge branch 'version-2022.10'
2022-10-21 22:11:04 +02:00
Jens Langhammer
3f570bb96d
blueprints: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 20:18:02 +02:00
Jens Langhammer
89dc46a7ff
release: 2022.10.0
2022-10-21 19:42:38 +02:00
Jens Langhammer
a1ce8100e9
stages/identification: log invalid_login similar to event for easier log parsing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3715
2022-10-20 19:31:22 +02:00
Jens Langhammer
13d975a258
flows: fix error when opening inspector with no history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 19:30:56 +02:00
Jens Langhammer
782fec0eb9
flows: use stripped down flow serializer for flow_set to optimise loading time
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 09:56:08 +02:00
Jens L
cfad472e1b
flows: optimise queries ( #3818 )
...
* flows: optimise flow queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* index source on slug and name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* binding index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add policy parent index
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup old migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release note to upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
Jens Langhammer
6882445937
*: handle PermissionError when saving files, ensure permission bits are set correctly
...
closes #3817
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens Langhammer
9e3bf94547
flows: optimise flow API loading speed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:29:06 +02:00
Jens L
b06a3a8f9f
admin: add authorisations metric ( #3811 )
...
add authorizations metric
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
dependabot[bot]
167695d4b1
core: bump channels from 3.0.5 to 4.0.0 ( #3799 )
...
* core: bump channels from 3.0.5 to 4.0.0
Bumps [channels](https://github.com/django/channels ) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases )
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0 )
---
updated-dependencies:
- dependency-name: channels
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* add daphne
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:34:27 +02:00
Jens Langhammer
3e1490dcac
providers/saml: don't attempt verification of SAML request when no verification certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:26:04 +02:00
Jens Langhammer
6bff6a2a1a
core: fallback to empty user object for PropertyMappingEvaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:03:26 +02:00
Jens L
0efee2a660
flows: improved import ( #3807 )
...
* return logs when importing flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve error handling, show logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
Jens L
b85be12567
providers/oauth2: fix issues with es256 and add tests ( #3808 )
...
fix issues with es256 and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:29 +02:00
Jens Langhammer
96a30af0eb
sources/oauth: allow overriding of all scopes
...
closes #3747
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
Jens Langhammer
76531589dd
core: fix title in generic error template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:22 +02:00
Jens Langhammer
2112b5b26b
root: add global fallback throttle
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:51:36 +02:00
Jens Langhammer
a3cc844e25
crypto: fix cert_expiry not having the correct format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 23:32:02 +02:00
Jens Langhammer
53aef73f58
flows: optimise queries for flow and stage API endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-15 11:54:31 +02:00
Jens L
363872715d
sources/saml: revamp SAML Source ( #3785 )
...
* update saml source to use user connections, add all attributes to flow context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* check for SAML Status in response, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* package apple icon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add webui for connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
Jens L
79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug ( #3786 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Jens Langhammer
74a0e27a8c
blueprints: fix error when exporting objects with lazily translated strings
...
closes #3482
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 14:31:44 +02:00
Jens Langhammer
0ca1368dcc
sources/saml: improve error handling for missing assertion and missing subject
...
closes #3784
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 13:56:39 +02:00
Philipp Kolberg
2980c5884f
root: Add setting to adjust database config for pgbouncer ( #3769 )
...
* Add setting to adjust database config for pgbouncer
* docker-compose.yml cleanup
Delete pgbouncer setting as false is the default value
* Cleanup docker-compose.yml
Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
Jens L
217e145d23
stages/authenticator_sms: make sms stage payload customisable ( #3780 )
...
* make sms stage payload customisable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update phrasing for webhook mapping
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens Langhammer
e5e6c33b2d
providers/oauth2: fix expires_in not being an int
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 14:25:30 +03:00
Jens L
8ed2f7fe9e
providers/oauth2: add device flow ( #3334 )
...
* start device flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix inconsistent app filtering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tenant device code flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add throttling to device code view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* somewhat unrelated changes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add initial device code entry flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add finish stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* it works
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add support for verification_uri_complete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens Langhammer
00a6c2a40b
sources/oauth: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:28:25 +03:00
Jens Langhammer
239092b872
core: fix messages not being shown when no client is connected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
dependabot[bot]
34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 ( #3752 )
2022-10-10 11:26:49 +02:00
lvoegl
3ecc715e91
sources/oauth: add Twitch OAuth source ( #3746 )
...
* sources/oauth: add Twitch OAuth source
Signed-off-by: Lukas Vögl <lukas@voegl.org>
* website/integrations: add Twitch OAuth source documentation
Signed-off-by: Lukas Vögl <lukas@voegl.org>
Signed-off-by: Lukas Vögl <lukas@voegl.org>
2022-10-10 10:59:07 +02:00
Jens Langhammer
9bbe8e6c57
providers/oauth2: save full IDToken to database, only use to_dict for encoding final token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-08 15:06:17 +03:00
Jens Langhammer
b2a658d091
providers/oauth2: remove c_hash and nonce claim if they're not set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 17:07:33 +03:00
Jens Langhammer
ce085a029d
providers/oauth2: exclude at_hash claim if not set instead of being null
...
closes #3739
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-07 10:10:53 +03:00
Jens Langhammer
93e90f8f50
crypto: fix import_certificate checking private key as certificate
...
closes #3713
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-02 00:31:14 +02:00
Jens L
44e4f2e561
crypto: make certificate parsing optional for crypto api ( #3711 )
2022-10-01 00:06:00 +02:00
Jens L
cca0f60bda
root: decrease default token size to 60 chars for compatibility ( #3710 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2614
2022-09-30 23:12:51 +02:00
Jens Langhammer
d8a98e71bd
outposts: fix indentation in generated SSH Config
2022-09-29 09:23:27 +00:00
Jens Langhammer
7c0754000c
providers/oauth2: add all hardcoded claims to claims_supported list
...
closes #3702
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:27:46 +02:00
Jens Langhammer
43a5aaa9df
stages/email: don't check that email templates exist on startup
...
#3692
this runs on both server and worker where only the worker needs to have the email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:52:54 +02:00
Jens Langhammer
cd1a36fec4
root: save email template directory in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:51:34 +02:00
Jens L
df4200992c
outposts: remote docker ssh fixes ( #3691 )
...
* improve error logging for SSH connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* "fix" host key checking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 12:10:40 +02:00
Jens Langhammer
50819ae0f0
*: improve error handling in ldap outpost, ignore additional errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-23 22:11:47 +02:00
Jens Langhammer
2cfba36cb7
release: 2022.9.0
2022-09-23 12:33:01 +02:00
Jens Langhammer
81e820b6e6
flows: fix invalid graph generation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 10:53:29 +02:00
Jens L
b16a3d5697
internal: use config system for workers/threads, document the settings ( #3626 )
...
use config system for workers/threads, document the settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens L
1583d53e54
web: use mermaidjs ( #3623 )
...
* flows: move flow diagram logic to separate file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* idk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make web component work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove subgraph for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add denied connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* wrong list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom styles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* i18n
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typing issues, make diagram centered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:58:23 +02:00
Jens L
2bd10dbdee
tests: use create_test_flow where possible ( #3606 )
...
* use create_test_flow where possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix and add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove unused websocket stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* Revert "remove unused websocket stuff"
This reverts commit fc05f80951
.
* keepdb for make test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for notification transports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 13:16:53 +02:00
Jens L
be64296494
stages/authenticator_duo: improved import ( #3601 )
...
* prepare for duo admin integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make duo import params required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add UI to import devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rework form, automatic import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* limit amount of concurrent tasks on worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* load tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix API codes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests and such
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sigh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make stage better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic stage test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
Jens L
4a91a7d2e2
web: re-organise frontend and cleanup common code ( #3572 )
...
* fix repo in api client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: re-organise files to match their interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: include version in script tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup maybe broken
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert rename
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: get rid of Client.ts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more to common
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* unfuck files that vscode fucked, thanks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* finish moving (maybe)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ok more moving
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more stuff that vs code destroyed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* get rid "web" prefix for virtual package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix locales
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom base element
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix css file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't run autoDetectLanguage when importing locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix circular dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix build
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-15 00:05:21 +02:00
Jens Langhammer
9f5c019daa
core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00
Jens Langhammer
84c08dca41
stages/user_write: log discarded keys as warning
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 20:21:37 +02:00
Jens Langhammer
6b8b596c92
stages/identification: set primary_action based on flow designation
...
closes #3589
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 10:30:49 +02:00
Jens Langhammer
359da6db81
Revert "flows: always mark component field as required in Challenge and ChallengeResponses"
...
This reverts commit b35b225453
.
2022-09-11 23:13:51 +02:00
Jens Langhammer
7f8afad528
*: fix API Schema generation warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:08:31 +02:00
Jens Langhammer
b35b225453
flows: always mark component field as required in Challenge and ChallengeResponses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:59 +02:00
Jens Langhammer
0ff2ac7dc2
api: fix schema not referencing errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:01:26 +02:00
Jens Langhammer
8b4a7666f0
stages/authenticator_duo: fix 404 when current user does not have permissions to view stage
...
closes #3288
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 21:43:29 +02:00
Jens Langhammer
ae9dbf3014
blueprints: fix error caused by overriding rest_framework's instance attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 14:34:43 +02:00
Jens Langhammer
4c4d87d3bd
blueprints: validate instance before creating in metaapplyblueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:58:54 +02:00
Jens Langhammer
a407334d3b
providers/oauth2: use @method_decorator instead of decorating in urls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:26:17 +02:00
Jens Langhammer
5026cebf02
stages/consent: default to expiring consent instead of always_require
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:25:28 +02:00
Jens Langhammer
2e2ab55f9e
*: cleanup stray print calls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:53 +02:00
Jens Langhammer
28835fbca7
root: re-use custom log helper from config and cleanup duplicate functions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:31 +02:00
Jens Langhammer
aabb8af486
tenants: handle all errors in default_locale
...
closes #3457
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 00:56:12 +02:00
Jens L
7517d612d0
providers/oauth2: add x5c ( #3556 )
...
* add x5c, x5t and x5t#S256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* strip trailing = to fix encoding issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-08 23:30:05 +02:00
Jens L
62f93c83d4
ci: update pyright ( #3546 )
2022-09-07 00:23:25 +02:00
Jens Langhammer
03a3f1bd6f
crypto: add command to import certificates
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3544
2022-09-06 19:39:10 +02:00
Jens Langhammer
60266b3345
flows: migrate FlowExecutor error handler to native challenge instead of shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 18:48:15 +02:00
Jens Langhammer
2a4679e390
flows: fix incorrect diagram for policies bound to flows
...
closes #3534
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-06 10:24:13 +02:00
Jens Langhammer
eed958b132
stages/authenticator_duo: fix schema not declaring request body correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-05 22:00:02 +02:00
Jens Langhammer
12c318f0b1
sources/ldap: start_tls before binding but without reading server info
...
with read_server_info=True (default), this errors out on active directory
closes #3509 #1049
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 14:04:08 +02:00
Jens Langhammer
f68ed3562e
core: fix custom favicon not being set correctly on load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-04 00:24:51 +02:00
Jens L
f2f22719f8
core: improve error template ( #3521 )
2022-09-03 19:46:37 +02:00
Jens Langhammer
242423cf3c
internal: remove sentryhttp from main server mux to prevent double traces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
Jens Langhammer
d9775f2822
blueprints: don't export events by default and exclude anonymous user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:32:02 +02:00
Jens Langhammer
398eb23d31
blueprint: fix EntryInvalidError not being handled in tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:08:38 +02:00
Jens L
abca435337
blueprints: OCI registry support ( #3500 )
...
* blueprints: add ability to load blueprints via OCI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix inheritance check for meta models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add oci tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-30 14:08:26 +02:00
Jens L
54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies ( #3486 )
...
* add meta model to apply blueprint within blueprint for dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use custom registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move ManagedAppConfig to apps.py
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* rename manager to registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: use full tag in comment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 21:20:58 +02:00
Jens Langhammer
d3466ceef8
blueprints: use correct log level when re-logging import validation logs
...
closes #3483
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 16:07:48 +02:00
Jens Langhammer
5886688fae
core: make request in context optional for Applications API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3482
2022-08-28 15:59:34 +02:00
Jens Langhammer
c3c8cbf7ef
events: save event to test notification transport
...
closes #3485
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 15:39:42 +02:00
Jens Langhammer
83eaac375d
sources/oauth: use GitHub's dedicated email API when no public email address is configured
...
closes #3472
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-26 21:21:41 +02:00
Jens Langhammer
3eb3a9eab9
*: remove remaining default creation code in squashed migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-24 23:02:34 +02:00
Jens Langhammer
a099b21671
lib: reset settings when error is raised in patch
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:21:28 +02:00
Jens Langhammer
b9294fd9ad
blueprints: fix unbound error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:15:48 +02:00
Jens Langhammer
13a302cdad
sources/oauth: use UPN for username with azure AD source
...
closes #3468
breaking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:55:25 +02:00
Jens Langhammer
e994a01e80
blueprints: handle blueprints without metadata
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:54:56 +02:00
Jens Langhammer
d49431cfc7
events: reset task info when not saving on success
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:22:14 +02:00
Jens Langhammer
ce2ce38b59
blueprints: improve error messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:21:57 +02:00
Jens Langhammer
2af4f28239
stages/invitation: don't use uuid.hex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:46 +02:00
Jens Langhammer
1419910b29
blueprints: fix duplicate tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:30 +02:00
Jens Langhammer
649835cc61
events: fix MonitoredTasks' save_on_success not behaving as expected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:13:41 +02:00
Jens Langhammer
917c4ae835
ci: fix typos
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:49:23 +02:00
Jens Langhammer
ca2fce8be2
blueprints: always set metadata when attempting to apply
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:48:01 +02:00
Jens Langhammer
15c34c6f1f
release: 2022.8.2
2022-08-19 15:59:53 +01:00
Jens Langhammer
0ab8f4eed7
blueprints: add required password stage backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 15:59:41 +01:00
Jens Langhammer
810c04bacf
blueprints: don't suggest models not inheriting serializermodel in schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:26:15 +01:00
Jens Langhammer
0cc83c23c4
providers/proxy: fix duplicate proxy set default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 21:13:45 +01:00
Jens Langhammer
fdb8fb4b4c
providers/oauth2: fix oauth2 requests being logged as unauthenticated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:26:12 +02:00
Jens Langhammer
9d58407e25
blueprints: remove _state from exporter blueprints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 19:25:02 +02:00
Jens Langhammer
f4441c9fcf
providers/proxy: trigger proxy set_defaults task on startup
...
closes #3445
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
0e9762072a
blueprints: keep more modular state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
0cfffa28ad
blueprints: fix exporter not ignoring non-SerializerModel objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
1ad4c8fc29
outposts: fix log level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer
fb5eb7b868
sources/oauth: fix missing doseq param for updating URL query string
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:34:20 +02:00
Jens Langhammer
198c940a80
core: fix pre-hydrated config not being escaped properly
...
closes #3442
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00
Jens L
1adc6948b4
blueprints: allow for adding remote blueprints ( #3435 )
...
* allow blueprints to be fetched from HTTP URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove os.path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add validation for blueprint path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 23:00:47 +02:00
Jens L
e87236b285
blueprints: add generic export next to flow exporter ( #3439 )
2022-08-17 17:57:59 +01:00
Jens Langhammer
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
Jens Langhammer
1281e842d1
events: fix false-y values being stripped
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 22:29:36 +02:00
Jens Langhammer
f7601d9571
events: correctly handle lists for cleaning/sanitization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:47:30 +02:00
Jens Langhammer
4d9c9160e7
events: fix sanitize_dict not working on list items
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:24 +02:00
Jens Langhammer
ad1f913e54
blueprints: add wrapper to get blueprints as dict
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:05 +02:00
Jens Langhammer
3da0233c40
Revert "blueprints: fix issue in prod setups with encoding dataclasses via celery"
...
This reverts commit ff788edd9b
.
2022-08-16 21:21:47 +02:00
Jens Langhammer
ff788edd9b
blueprints: fix issue in prod setups with encoding dataclasses via celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 20:59:36 +02:00
Jens Langhammer
aea0958f3f
blueprints: add default status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 17:51:22 +02:00
Jens Langhammer
435d126a1c
release: 2022.8.1
2022-08-16 16:23:36 +02:00
Jens Langhammer
e8b30b75d2
root: override blueprints_dir for testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 15:50:58 +02:00
Jens Langhammer
e9c1276634
blueprints: use relative path in @apply_blueprint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 14:20:45 +02:00
Jens Langhammer
6000a33a8e
*: fix type annotations for serializer model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:23:22 +02:00
Jens Langhammer
4c9878313c
sources/oauth: correctly concatenate URLs to allow custom parameters to be included
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
Jens Langhammer
54c16129ea
stages/authenticator_duo: revamp duo enroll status API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3288
2022-08-08 20:38:06 +02:00
Jens Langhammer
872c18dddc
blueprints: don't use example label, add more tags and tests for tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
Jens Langhammer
2fa6cf855d
stages/consent: simplify logic, correctly update existing consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
Jens Langhammer
3b86144ae5
stages/*: use stage-bound logger when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
Jens Langhammer
f01f10c5e5
providers/oauth2: don't separate scopes by comma-space
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
Jens Langhammer
e1249d3760
providers/oauth2: fix scopes without descriptions not being saved in consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
Jens Langhammer
dcbf106daa
blueprints: add !Context to lookup things from instance context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer
85640d402f
internal: fix race conditions when accessing settings before bootstrap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot]
9a9c826c0b
core: bump django from 4.0.6 to 4.1 ( #3368 )
...
* core: bump django from 4.0.6 to 4.1
Bumps [django](https://github.com/django/django ) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.0.6...4.1 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
Jens Langhammer
2bd29e2fdd
*: improve error handling for startup tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer
3cd0a782af
blueprints: correctly load on fresh install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer
7a05c6faef
stages/consent: fix error when requests with identical empty permissions
...
closes #3280
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L
553989d17f
flows/stages/consent: fix for post requests ( #3339 )
...
add unique token to consent stage to ensure it is shown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L
882250a85e
flows: migrate flows to be yaml ( #3335 )
...
* flows: migrate flows to be yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate flows to yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer
fcf4657833
providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
...
closes #3314
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with
b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source ( #3299 )
...
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer
1dcec17a58
sources/oauth: only send header authentication for OIDC source
...
closes #3327
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer
d6b1a22563
core: fix import order
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer
cada292e00
core: pre-hydrate config into templates to directly load correct assets
...
closes #3228
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer
83eba36f8d
core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
...
closes #3237
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer
b82a142745
stages/authenticator_sms: use twilio SDK, improve docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer
2a42c203b2
stages/authenticator_totp: remove single device per user limit
...
closes #3281
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer
ade2d4879c
stages/authenticator_duo: fix imported Duo Device not having a name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer
e14798dcdc
core: import all models into shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer
0248755cda
stages/authentiactor_validate: improve error handling for duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer
1f90359310
root: fix broken traceback logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer
008fc19f0d
root: fix log fields being overwritten in celery task logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer
277df4f04f
stages/prompt: fix tests for file field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer
de26c65fa0
core: add attributes. avatar method to allow custom uploaded avatars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2631
2022-07-26 21:42:41 +02:00
dependabot[bot]
bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 ( #3294 )
...
* core: bump structlog from 21.5.0 to 22.1.0
Bumps [structlog](https://github.com/hynek/structlog ) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0 )
---
updated-dependencies:
- dependency-name: structlog
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* migrate threaedlocal to contextvars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer
1880f98fa1
sources/oauth: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer
dae6493a3e
release: 2022.7.3
2022-07-20 09:37:43 +02:00
Jens Langhammer
f909b86338
stages/consent: fix permimssions for consent API (allow owner to delete)
2022-07-19 16:41:34 +00:00
Jens Langhammer
327df6529b
sources/oauth: use oidc preferred_username if set, otherwise nickname
2022-07-19 16:41:10 +00:00
Jens Langhammer
658dc63c4c
lifecycle: revert waiting for lock, launch managed reconcile on app import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer
549f6f2077
providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L
e9d9d658c4
lifecycle: make worker wait for migrations to be done ( #3254 )
...
* lifecycle: make worker wait for migrations to be done
* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer
9a9ba2560b
core: delete expired models when filtering instead of excluding them
...
closes #3233
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer
47434cd62d
stages/prompt: try to base64 decode file, fallback to keeping value as-is
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer
ff500b44a6
stages/prompt: force required to false when using readonlyfield
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer
8e19fb3a8c
release: 2022.7.2
2022-07-06 20:31:48 +02:00
Jens Langhammer
d497db3010
flows: fix OOB flow incorrectly setting pending user
...
closes #3224
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer
24f95fdeaa
tenants: fix tests for current tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer
d1c4818724
policies: improve api test coverage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L
49cce6a968
stages/prompt: add basic file field ( #3156 )
...
add basic file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer
0a73e7ac9f
tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer
3344af72c2
outposts: cleanup user handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer
f316a3000b
release: 2022.7.1
2022-07-04 21:10:20 +02:00
Jens Langhammer
6a497b32f6
core: use Exception for fallback case in flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer
4cd629b5fc
core: handle FlowNonApplicableException correctly in source flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer
14a4047bdd
flows: show messages from ak_message when flow is denied
...
fallback to same generic message
closes #3197
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L
17d33f4b19
flows: denied action ( #3194 )
2022-07-02 17:37:57 +02:00
Jens L
c39a5933e1
core: create FlowToken instead of regular token for generated recovery links ( #3193 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2749
2022-07-02 14:17:41 +02:00
Jens L
5e3f44dd87
flows: add shortcut to redirect current flow ( #3192 )
2022-07-01 23:19:41 +02:00
Jens Langhammer
1c64616ebd
sources/ldap: add configuration for LDAP Source ciphers
...
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer
23273f53cc
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
...
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer
d11ce0a86e
providers/proxy: set default scopes based on managed attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer
766ceda57a
core: re-create anonymous user when repairing permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer
e758c434ea
web: ignore module load errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer
90e3ae9457
*: define prometheus metrics in apps to prevent re-import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer
56fd436e5d
web: fix redirect when accessing authentik URLs authenticated
...
closes #3174
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer
ea60c389be
providers/saml: include SSO Binding URLs in Provider API
...
closes #3179
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer
983882f5a0
providers/oauth2: ensure refresh tokens are URL safe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3185
2022-06-30 12:43:08 +02:00
Jens L
c5a2831665
api: add basic jwt support with required scope ( #2624 )
...
* api: add basic jwt support with required scope
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: only set auth_via when actually authenticating via token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* save consented permissions in user consent, re-prompt when new permissions are required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate special scope map
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more api auth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* build web api in e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* link generated client instead of copying
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L
504338ea66
web/admin: application wizard (part 1) ( #2745 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use form for all type wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic wizard actions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make resets work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add hint in provider wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* render correct icon in empty state in table page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add group PK to service account creation response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use wizard-level isValid prop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-add old buttons
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer
f28509608b
core: mark session as modified instead of saving it directly to bump expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer
6c9dc7a15b
providers/oauth2: fix OAuth form_post response mode for code response_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer
1f0fc0a6a2
Merge branch 'version-2022.6'
2022-06-20 10:19:25 +02:00
Jens Langhammer
9201fc1834
release: 2022.6.3
2022-06-19 22:01:06 +02:00
Jens Langhammer
1faba11a57
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-19 21:37:20 +02:00
9p4
f0c72e8536
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer
91f91b08e5
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L
caed306346
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer
59b899ddff
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer
85784f796c
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer
b42eb9464f
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L
6559fdee15
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer
3455bf3d27
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer
0d96e68c1e
core: add limit of 20 to group recursion
...
closes #3116
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer
7caac1d0c7
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-18 13:13:36 +02:00
9p4
45364d6553
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer
2298eb124f
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer
e892ed14da
providers/oauth2: include source's user path in M2M created users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L
1c62a3db6e
core: user paths ( #3085 )
...
* init
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add user_path_template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to sources and flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add outposts & api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dark theme for treeview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs and tests for validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to user write stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L
6821402fef
providers/oauth2: remove deprecated verification_keys ( #3071 )
...
remove verification_keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L
8dbb0bd2c6
providers/oauth2: token revoke ( #3077 )
2022-06-11 18:49:16 +02:00
Jens L
0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
74ce9cc6fd
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer
5e2d647a6c
core: trigger bootstrap tasks in server if we're debugging
...
closes #3040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer
7beebe030d
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L
66f4a31b4c
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer
039d896dee
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer
ff2baf502b
release: 2022.6.2
2022-06-07 21:36:18 +02:00
Jens Langhammer
23023ec727
providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer
7d84a71a01
stages/authenticator_validate: fix double-negation of password-less check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer
9add8479ca
stages/authenticator_validate: fix error in passwordless webauthn
...
closes #3050
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer
ca40d31dac
*: make user logging more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier
2dfa6c2c82
core: add setting to open application launch URL in a new browser tab ( #3037 )
...
* core: add setting to open application launch URL in a new browser tab
* core: fix failing applications unit tests
* core: fix formatting
* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer
c11435780d
sources/oauth: fix twitter client missing basic auth
...
closes #3038
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer
817d538b8f
core: add additional filters to source viewset
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer
210775776f
core: add slug to built-in source
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer
b26111fb42
events: fix error when attempting to create event with GeoIP City in context
...
closes #2709
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer
67d54c5209
release: 2022.6.1
2022-06-04 21:23:33 +02:00
Jens L
fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context ( #3039 )
...
* use custom login failed signal, also send for mfa errors, add stage and more to context
closes #3027
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include device class in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L
36cbc44ed6
migrate to main ( #3035 )
...
closes #3032
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L
0c591a50e3
*: don't dispatch tasks on startup of server ( #3033 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L
7ee655a318
core: add bootstrap variables with authentik prefix for helm charts ( #3031 )
...
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer
eba339ba27
core: improve loading speed of flow background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer
558c7bba2a
lib: add lxml wrapper
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer
8cd1a42fb9
*: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L
c0cb891078
stages/authenticator_sms: verify-only ( #3011 )
2022-06-01 23:16:28 +02:00
Jens L
fc1c1a849a
stages/*: use bound logger ( #3012 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L
2c6d82593e
root: cleanup session keys to use common format ( #3003 )
...
cleanup session keys to use common format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer
34bcc2df1a
root: disable session_save_every_request as it overwrites the session with old data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer
b4d528a789
policies: fix incorrect bound_to count
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer
a0397fdcf4
events: set default transport mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L
8faa1bf865
events: add local transport mode ( #2992 )
...
* events: add local transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default local transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer
fc75867218
events: ignore session model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L
9f2529c886
stages/authentiactor_validate: cookies ( #2978 )
...
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L
fb25b28976
core: db sessions ( #2979 )
...
* use db session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: wrap session cookie in JWT and add useful claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix compatibility with tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use standard session key for writing in sessions too
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer
fb69f67f47
*: cleanup vendor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer
18b48684eb
providers/oauth2: add configuration error event when wrong redirect uri is used in token request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer
098b0aef6e
*: use create_test_admin_user for all unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer
082df0ec51
Merge branch 'version-2022.5'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/oauth2/views/token.py
# web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer
1883402b3d
release: 2022.5.3
2022-05-28 12:04:26 +02:00
Jens Langhammer
1b3aacfa1d
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer
2b68363452
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer
6105956847
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer
4ff32af343
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer
972868c15c
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer
0bc57f571b
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer
a81d5a3d41
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer
34ef4af799
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer
5da47b69dd
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer
0e0dd2437b
providers/oauth2: handle attribute errors when validation JWK contains private key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer
e42386b150
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer
ef219198d4
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer
cc744dc581
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer
816b0c7d83
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer
56babb2649
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L
b8fdda50ec
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer
4a9b788703
providers/oauth2: set related_name for many-to-many so used by detects the connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L
80c1dbdfbb
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L
b4e75218f5
sources/oauth: OIDC well-known and JWKS ( #2936 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include source and jwk key id in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix web formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer
482491e93c
core: fix username validator not allowing changes that can be done via flows
...
closes #2755
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer
61a876b582
providers/saml: handle parse error
...
AUTHENTIK-1K5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
Jens Langhammer
8c9748e4a0
providers/oauth2: improve error handling for invalid regular expressions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
Jens Langhammer
b7979ad48e
Revert "events: ignore silk SQLQuery object"
...
This reverts commit a26f25ccd6
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
Jens Langhammer
4704de937a
stages/user_write: fix typo in request context variable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
Jens Langhammer
394d8e99a4
policies: improve error logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
Jens Langhammer
a26f25ccd6
events: ignore silk SQLQuery object
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
Jens Langhammer
63dc8fe7dc
crypto: set SAN in default generated Certificate to semi-random domain
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2462
2022-05-22 23:22:06 +02:00
Jens Langhammer
cfe2648b62
events: fix transport not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
Jens Langhammer
3d4a45c93f
release: 2022.5.2
2022-05-21 17:17:21 +02:00
Jens Langhammer
75d6cd1674
outposts: ensure the user and token are created on initial outpost save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
Jens L
2dee8034d3
outposts: allow externally managed SSH Config for outposts ( #2917 )
2022-05-21 12:10:08 +02:00
Jens Langhammer
220d21c3e0
release: 2022.5.1
2022-05-20 19:34:45 +02:00
Jens L
b43df2ae27
stages/identification: redirect with QS to keep next parameters ( #2909 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
Jens L
d570feffac
flows: add types to diagrams ( #2902 )
...
* add policy and stage types to diagram
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show policies bound to the root flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix get_build_hash being empty
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
Jens Langhammer
3d52266773
flows: handle missing initial_data
in challenge
...
AUTHENTIK-1HK
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
Jens L
7bdecd2ee6
stages/user_write: dynamic groups ( #2901 )
...
* stages/user_write: add dynamic groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* simplify functions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
Jens Langhammer
11f7935155
providers/oauth2: use regex to check redirect URI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2799
2022-05-18 21:22:27 +02:00
Jens L
75b0fb3393
sources/oauth: migrate twitter to oauth2 ( #2893 )
2022-05-18 00:03:02 +02:00
Jens Langhammer
538c2ca4d3
stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
Jens Langhammer
5080840ed9
admin: ensure disable_update_check is set to false for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
Jens L
333e58ce2f
flows/layouts ( #2867 )
2022-05-16 01:10:23 +02:00
Jens Langhammer
4de2ac3248
events: add task to expire seen notifications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
Jens Langhammer
eb4dce91c3
events: add user filter to notifications
...
as superuser all notifications are returned regardless of permission so we need to filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
Jens Langhammer
d4fd6153c8
api: fix OwnerFilter filtering out objects for superusers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
Jens Langhammer
85b6bfbe5f
sources: fix parent serializer for user connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
Jens Langhammer
5644d5f3f7
stages/authenticator_totp: fix key error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
Jens Langhammer
f391c33bdf
providers/oauth2: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
Jens Langhammer
18f450bd49
root: enable sentry for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
Jens Langhammer
ee36b7f3eb
flows: move autosubmit stage into flows package
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
Jens Langhammer
a9a62bbfc8
providers/oauth2: use correct title based on flow context and translated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
Jens Langhammer
ddd785898b
providers/saml: add title attribute to autosubmit stage and render correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
Jens Langhammer
8ba45a5f6a
providers/oauth2: don't create events before client_id can be verified to prevent spam
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
Jens Langhammer
7d41e6227b
providers/oauth2: add tests for form_post, fix attrs not being flattened
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
Jens Langhammer
1363226697
providers/saml: make SAML metadata generation consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
scheibling
d4abf5621e
providers/oauth2: add support for form_post response mode ( #2818 )
...
* Added request verification and parameter generation
* response_mode added to OAuthAuthorizationParams return
* Added class OauthPostFulfillmentStage
Check response_mode in initialization
* Corrected typo
* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class
* Fixed pylint error (trailing-whitespace)
Removed comment
* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
Jens L
ec67b60219
policies/hibp: check in prompt data ( #2845 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
Jens L
fd1d38f844
stages/authenticator_validate: remember ( #2828 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: cleanup timedelta help
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tooltip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* assert response code in self.assertStageResponse
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests, add duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
Jens Langhammer
3554406aa5
root: fix duplicate enum in api scheme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
Jens L
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer
860269acf0
root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1878
2022-05-07 22:32:56 +02:00
scheibling
30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) ( #2819 )
2022-05-06 10:09:09 +02:00
Jens Langhammer
59df02b3b8
root: disable stdout capturing for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
Jens Langhammer
ddbe0aaf13
stages/user_delete: fix delete stage failing when pending user is not explicitly set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
Jens Langhammer
84930b4924
Revert "internal: fix high cpu when backend isnt healthy"
...
This reverts commit eb6cfd22a7
.
Revert "root: handle JSON error in metrics too"
This reverts commit 1ede972222
.
Revert "root: don't force multiprocess prometheus registry"
This reverts commit cd1d1b4402
.
Revert "root: add error handling for prometheus view"
This reverts commit c0a883f76f
.
2022-04-29 18:13:26 +02:00
Jens Langhammer
1ede972222
root: handle JSON error in metrics too
...
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
Jens Langhammer
cd1d1b4402
root: don't force multiprocess prometheus registry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
Jens Langhammer
c0a883f76f
root: add error handling for prometheus view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
Jens Langhammer
ab8b37a899
events: fix ignored instances not being a tuple
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
Jens Langhammer
9077eff34d
root: add silk and debugging views
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
Jens Langhammer
2399fa456b
policies: fix current user not being set in server-side policy deny
...
closes #2039
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
Jens Langhammer
0b4ac54363
*: default to max 60 for fqdn_rand
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
Jens Langhammer
1a1434bfda
*: decrease frequency of background tasks, smear tasks based on name and fqdn
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2159
2022-04-20 18:43:40 +02:00
Jens Langhammer
d283a5236c
core: add custom shell command which imports all models and creates events for model events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
github-actions[bot]
e4486b98fc
web: Update Web API Client version ( #2733 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
Jens Langhammer
778065f468
core: add flag to globally disable impersonation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
Behn
70794d79dd
sources/oauth: Fix wording for OAuth source names ( #2732 )
2022-04-17 16:40:10 +02:00
Jens Langhammer
a3bb5d89cc
events: fix created events only being logged as debug level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
Jens Langhammer
f4f9f525d7
providers/oauth2: include application in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
Jens Langhammer
4c14e88a25
flows: pin dependency in migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
Jens Langhammer
7561ea15de
providers/oauth2: add additional tracing to token view
2022-04-14 16:48:17 +00:00
Jens Langhammer
8242b09394
flows: handle flow title formatting error better, add user to flow title context
2022-04-14 13:56:20 +00:00
Jens Langhammer
9b9c0fe663
release: 2022.4.1
2022-04-12 22:07:34 +02:00
Jens Langhammer
5a58f6ee64
providers/oauth2: remove test for non sa user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
Jens Langhammer
e84b17d550
providers/oauth2: don't force service accounts for client_credentials flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
Jens Langhammer
9da439623b
stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2666
2022-04-11 21:02:32 +02:00
Jens Langhammer
957bb1c5ef
core: make generated token length configurable
...
closes #2574
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
Jens Langhammer
2303a97bb9
core: add method to set key of token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2574
2022-04-11 20:43:39 +02:00
Jens Langhammer
8be04cc013
providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
...
closes #2703
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00
Jens Langhammer
cca33a74b6
core: fix error when checking generated users with no expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:53:46 +02:00
Jens Langhammer
f977bf61eb
providers/oauth2: make exp optional on jwt client_credentials flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:25:35 +02:00
Jens Langhammer
f8f8a9bbb9
providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 16:27:53 +02:00
Jens Langhammer
e64ca4ab04
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 10:10:30 +02:00
Jens Langhammer
e2f0a76309
outposts: check if docker ports should be mapped before comparing ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 17:30:33 +02:00
Jens Langhammer
5861d41ad3
tenants: add tenant-level attributes, applied to users based on request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:41:35 +02:00
Jens Langhammer
20262f3f4b
core: mark provider_obj as read_only
...
closes #2637
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:17:59 +02:00
Jens L
633296503d
core: add grouping to applications ( #2648 )
...
* core: add grouping to applications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add new field to tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00