authentik

Archived

Author	SHA1	Message	Date
Jens L	b5e059dfd9	root: fix API schema for kotlin (#7601 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-17 00:07:21 +01:00
Jens L	31ef91900b	events: fix missing model_* events when not directly authenticated (#7588 ) * events: fix missing model_* events when not directly authenticated Signed-off-by: Jens Langhammer <jens@goauthentik.io> * defer accessing database Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-16 12:06:39 +01:00
Jens L	51d3511f8b	providers/scim: fix missing schemas attribute for User and Group (#7477 ) * providers/scim: fix missing schemas attribute for User and Group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make things actually work Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-16 11:36:49 +01:00
Jens L	3d66923310	events: sanitize functions (#7587 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-15 21:56:16 +01:00
Jens L	95c71016ae	stages/email: use uuid for email confirmation token instead of username (#7581 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-15 21:13:53 +01:00
Jens L	f728bbb14b	sources/ldap: add check command to verify ldap connectivity (#7263 ) * sources/ldap: add check command to verify ldap connectivity Signed-off-by: Jens Langhammer <jens@goauthentik.io> * default to checking all sources Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding an API for ldap connectivity Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add webui for ldap source connection status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better show sync status, clear previous tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set timeout on redis lock for ldap sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix py lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-13 15:01:40 +01:00
Philipp Kolberg	9db9ad3d66	root: Restructure broker / cache / channel / result configuration (#7097 ) * Initial commit * Remove any remaining mentions of Redis URL This is handled in https://github.com/goauthentik/authentik/pull/5395 * Allow setting broker transport options This enables usage of other brokers that require additional settings * Remove remaining reference to Redis URL This functionality is not part of this PR * Reset default TLS requirements to none * Fix linter errors * Move dict from base64 encoded json to config.py Additionally add tests * Replace ast.literal_eval with json.loads * Use default channel and cache backend configuration If more customization is desired users shall look at goauthentik.io/docs/installation/configuration#custom-python-settings * Send config deprecation notification to all superusers * Remove duplicate method * Add configuration explanation For channel layer settings * Use Event for deprecation warning * Fix remove duplicated method * Add missing comma * Update authentik/lib/config.py Signed-off-by: Jens L. <jens@beryju.org> * Fix Event deprecation handling --------- Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Jens L <jens@beryju.org>	2023-11-10 15:44:37 +01:00
Jens Langhammer	c30a2406a9	release: 2023.10.3	2023-11-09 19:20:28 +01:00
Jens L	1e05d38059	core: fix worker beat toggle inverted (#7508 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-09 18:33:41 +01:00
Marc 'risson' Schmitt	2d821a07c6	events: fix gdpr compliance always running Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2023-11-08 15:19:49 +01:00
Jens L	fe1a06ebf2	sources/oauth: fix patreon (#7454 ) * web/admin: add note for potentially confusing consumer key/secret Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sources/oauth: fix patreon default scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-06 15:40:43 +01:00
Jens L	3d9f7ee27e	providers/oauth2: set auth_via for token and other endpoints (#7417 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-03 00:11:30 +01:00
Jens L	028c7af00f	stages/email: fix duplicate querystring encoding (#7386 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-31 00:27:34 +01:00
Jens Langhammer	8e72fcab59	release: 2023.10.2	2023-10-28 21:43:54 +02:00
Jens L	261879022d	security: fix oobe-flow reuse when akadmin is deleted (#7361 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-28 21:24:06 +02:00
Jens L	ad9f500ad1	crypto: fix race conditions when creating self-signed certificates on startup (#7344 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 16:29:10 +02:00
Jens L	15d7175750	blueprints: fix entries with state: absent not being deleted if their serializer has errors (#7345 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 16:28:56 +02:00
Jens L	83b84e8d26	rbac: handle lookup error (#7341 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 13:38:44 +02:00
Jens L	2b4b1d2f76	stages/email: fix sending emails from task (#7325 ) closes #7322 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-27 00:39:06 +02:00
Jens Langhammer	64c38909ff	release: 2023.10.1	2023-10-26 20:06:05 +02:00
Jens L	134799c734	root: fix pylint errors (#7312 )	2023-10-26 19:57:11 +02:00
Jens Langhammer	ed46fd629e	release: 2023.10.0	2023-10-26 16:51:57 +02:00
Jens Langhammer	263d9128c4	stages/email: fix path for email icon Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-26 16:06:00 +02:00
Jens L	28053059ff	stages/user_write: allow setting user type when creating new user (#7293 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-26 14:33:29 +02:00
Oleh Vivtash	add873ca9b	core: Use branding_title in the end session page (#7282 ) Update end_session.html Use branding_title in the end session "You've logged out of" section Signed-off-by: Oleh Vivtash <oleh@vivtash.net>	2023-10-25 15:55:20 +02:00
Jens L	c0fe99714f	stages/authenticator_sms: fix error when phone number from context already exists (#7264 )	2023-10-24 02:42:16 +02:00
Jens L	616f0b8b4f	sources/oauth: fix name clash (#7253 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-21 20:29:36 +02:00
Jens L	7e213f3ca6	sources/oauth: fix oidc well-known parsing (#7248 )	2023-10-20 20:37:52 +02:00
Jens L	63426bc9a8	sources/oauth: include default JWKS URLs for OAuth sources (#6992 ) * sources/oauth: include default JWKS URLs for OAuth sources makes it easier to use pre-defined types like github, google, azure with JWT M2M instead of needing to create a generic OAuth Source Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-20 16:54:03 +02:00
Jens L	63c52fd936	sources/oauth: periodically update OAuth sources' OIDC configuration (#7245 ) * sources/oauth: periodically update OAuth sources' OIDC configuration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make monitored task Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-20 16:51:37 +02:00
Roney Dsilva	f036820fd8	stages/email: Fix query parameters getting lost in Email links (#5376 ) * fix to email confirmation flow * handled query keyerror * rewrite using django's QueryDict, add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix makefile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove commented out code Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Roney Dsilva <roney.dsilva@cdmx.in> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-10-19 17:52:27 +02:00
Jens L	8aafa06259	providers/radius: TOTP MFA support (#7217 ) * move CheckPasswordMFA to flow executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mfa support field to radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-18 19:43:36 +02:00
Samir Musali	a60f3b4b81	stage/deny: add custom message (#7144 ) * stage/deny: add message * add migration, tests and schema update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add form Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-10-18 17:13:33 +02:00
Jens L	6ba4f4df46	enterprise: bump license usage task frequency (#7215 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-18 14:57:35 +02:00
Jens L	0697e3d5a4	rbac: revisions (#7188 ) * improve system migration logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix filter for internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * merge migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump go api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sources/ldap: check if we need to connect to ldap before connecting Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-16 19:42:19 +02:00
Jens L	e28babb0b8	core: Initial RBAC (#6806 ) * rename consent permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * the user version Signed-off-by: Jens Langhammer <jens@goauthentik.io> t Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * some minor table refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix user, add assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix backend Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add assign API for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding toggle buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude add_ permission for per-object perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission list for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make sidebar update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix page header not re-rendering? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show first category in table groupBy except when its empty Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make model and object PK optional but required together Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow for setting global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude non-authentik permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude models which aren't allowed (base models etc) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure all models have verbose_name set, exclude some more internal objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role perm assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unasign for global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add meta changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clear modal state after submit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles to our group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make recursive group query more usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add name field to role itself and move group creation to signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move rbac stuff to separate django app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make admin interface not require superuser for now, improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace some IsAdminUser where applicable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate flow inspector perms to actual permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix license not being a serializermodel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission modal to models without view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add additional permissions to assign/unassign permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add action to unassign user permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permissions tab to remaining view pages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow inspector permission check Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix codecov config? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure viewsets have an order set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hopefully the last api name change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make perm modal less confusing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start user view permission page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only make delete bulk form expandable if usedBy is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand permission tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user global permission table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests' url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for assign perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unassign tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rebuild permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent assigning/unassigning permissions to internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only enable default api browser in debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role object permissions showing duplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role link on role object permissions table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix object permission modal having duplicate close buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * return error if user has no global perm and no object perms also improve error display on table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system permission for non-object permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow access to admin interface based on perm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't exclude base models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-16 17:31:50 +02:00
Jens L	25d4905d6c	outposts: use channel groups instead of saving channel names (#7183 ) * outposts: use channel groups instead of saving channel names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use pubsub Signed-off-by: Jens Langhammer <jens@goauthentik.io> * support storing other args with state Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-16 17:01:44 +02:00
Alissa Gerhard	00b2a773b4	sources/ldap: made ldap_sync_single calls from ldap_sync_all asynchronous (#6862 )	2023-10-16 13:11:34 +02:00
Jens L	abab635a01	tests: fix potential infinite wait in tests spinning up a container (#7153 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-12 13:57:29 +02:00
horego	ab1b3b09d6	core/api: add uuid field to core api user http response (#7110 ) * feat: Add uuid field to core api user response * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: hor <hor@HOSRV> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 12:34:38 +02:00
Jens L	4db365c947	providers/proxy: improve SLO by backchannel logging out sessions (#7099 ) * outposts: add support for provider-specific websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: add custom signal on logout to logout in provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 01:06:52 +02:00
Jens L	6f3fc22c9b	providers/saml: add default RelayState value for IDP-initiated requests (#7100 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 00:08:16 +02:00
Jens L	25ee6f8116	sources/ldap: fix attribute path resolution (#7090 ) * lib: make set_path_in_dict reusable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sources/ldap: use set_path_in_dict to set attributes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stages/user_write: also use set_path_in_dict Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-06 18:01:09 +02:00
Philipp Kolberg	205d3d10e3	root: Support PyCharm's test runner (#7074 ) * Initial commit. * Use Django's test runner as basis * Skip already correctly formatted test labels	2023-10-05 20:13:38 +02:00
Jens L	f28f301865	policies: fix cached policy metric (#7068 )	2023-10-05 02:05:01 +02:00
Jens L	83f9eae654	root: extended flow and policy metrics (#7067 )	2023-10-05 01:04:55 +02:00
Jens L	a0f607b5ac	web/flows: bottom-align about text on flows page (#7051 ) * web/flows: bottom-align about text on flows page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of typos Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-03 14:10:10 +02:00
Jens L	cb6dadbf94	stages/email: rework email templates (#7029 ) rework email templates Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-02 16:04:40 +02:00
Jens L	29de5d34d6	events: fix error when storing events with date/time/datetime/etc (#7028 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-02 12:44:17 +02:00
Jens L	8c891b04f2	stages/invitation: fix mis-matched serializer class for invitation (#7018 ) * stages/invitation: fix mis-matched serializer class for invitation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix returning an instance Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-02 12:26:14 +02:00
Jens L	b15002a992	flows: stage_invalid() makes flow restart depending on invalid_response_action setting (#6780 ) * flows: stage_invalid() makes flow restart depending on invalid_response_action setting Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-27 12:34:02 +02:00
Jens L	e55e27d060	root: disable APPEND_SLASH (#6928 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 18:59:28 +02:00
Jens L	90aa5409cd	sources/ldap: add default property mapping to mirror directory structure (#6990 ) * sources/ldap: add default property mapping to mirror directory structure Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust name Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 18:55:33 +02:00
Alissa Gerhard	0e5952650b	root: make Celery worker concurrency configurable (#6837 ) * root: made Celery worker concurrency configurable * core: fixed Celery worker command to set autoscaling options to account for worker concurrency setting * Update website/docs/installation/configuration.md Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@beryju.org>	2023-09-26 10:37:22 +00:00
Jens L	3e81824388	core: prevent self-impersonation (#6885 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 12:04:40 +02:00
boesr	a32755b6c8	root: Add setting to adjust database config for pgpool (#6949 )	2023-09-21 12:54:18 +02:00
Jens L	000244e387	sources/ldap: add lock to sync (#6930 )	2023-09-18 21:38:01 +02:00
Jens L	7649a57495	core: create app transactional api (#6446 ) * initial api and schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate blueprint importer from yaml parsing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new "must_created" state to blueprints to prevent overwriting objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework validation and error response to make it actually usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add defaults Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework transaction_rollback Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use static method for string imports of subclass Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-17 23:55:21 +02:00
Jens L	583c5e3ba7	sources/ldap: add warning when a property mapping returns None or bytes (#6913 ) * sources/ldap: add warning when a property mapping returns None or bytes closes #6889 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-16 00:37:20 +02:00
Jens L	895c6a349c	policies: specify failure result (#6887 )	2023-09-14 20:38:22 +02:00
Jens L	58aa7ec623	sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877 ) sources/ldap: fix inverted interpretation of nsaccountlock Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-13 15:43:59 +02:00
Tana M Berry	c79e90964a	website/docs: tweak Config page (#6854 ) * used tabs to add k8s info * tweaks * changed to mdx * wording tweaks and rearranged sections * removed old md file renamed to mdx * tweak * added a redirect to toml file * fix references Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-12 20:30:40 +00:00
Jens L	515ce94a85	root: add option to disable beat when running worker (#6849 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-12 13:26:23 +02:00
Jens L	4c823b7428	providers/saml: set WantAuthnRequestsSigned in metadata (#6851 )	2023-09-12 09:10:06 +02:00
Jens Langhammer	5b6fb4a05a	Merge branch 'version-2023.8' Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # Dockerfile # poetry.lock # proxy.Dockerfile # web/src/admin/AdminInterface.ts # web/xliff/zh-Hans.xlf	2023-09-11 22:04:23 +02:00
Jens Langhammer	f885f8c039	release: 2023.8.3	2023-09-11 18:55:08 +02:00
Jens L	ec5bd550c7	core: remove celery's duplicate max_tasks_per_child (#6840 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:15:17 +02:00
Jens L	fe02720f8d	providers/scim: check that a provider exists before starting scim task (#6841 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:15:12 +02:00
Jens L	0580f32fe6	core: remove celery's duplicate max_tasks_per_child (#6840 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:18 +02:00
Jens L	74ee97b472	providers/scim: check that a provider exists before starting scim task (#6841 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:04 +02:00
Alissa Gerhard	dd18f9cd30	sources/ldap: dont prefetch useless items (#6812 ) sources/ldap: Fixed fetching of useless data into redis	2023-09-11 12:44:49 +02:00
Alissa Gerhard	d36574fc1a	sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809 ) * sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single * ldap_sync_all runs tasks async so doesn't need longer timeouts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump time more as we run some tasks in serial and add more leeway Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 12:44:40 +02:00
Alissa Gerhard	e45b57071a	sources/ldap: dont prefetch useless items (#6812 ) sources/ldap: Fixed fetching of useless data into redis	2023-09-11 12:43:10 +02:00
Alissa Gerhard	06850a2f57	sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809 ) * sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single * ldap_sync_all runs tasks async so doesn't need longer timeouts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump time more as we run some tasks in serial and add more leeway Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-08 20:37:54 +02:00
Jens L	ae91689fd8	policies/reputation: require either check to be enabled (#6764 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 14:00:29 +02:00
Jens L	aa209efa90	stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763 ) * stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 14:00:24 +02:00
Jens L	4b20409a91	sources/ldap: fix FreeIPA nsaccountlock sync (#6745 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 13:59:36 +02:00
Jens L	bbdf8c054b	stages/password: move password validation to serializer (#6766 ) * handle non-applicable when restarting flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * flows: add StageInvalidException error to be used in challenge/response serializer validation to return a stage_invalid error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework password stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:55:33 +02:00
Jens L	8c3f578187	policies/reputation: require either check to be enabled (#6764 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:15:14 +02:00
Jens L	e373bae189	flows: remove need for post() wrapper by using dispatch (#6765 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:15:03 +02:00
Jens L	7cbce1bb3d	stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763 ) * stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 21:58:11 +02:00
Jens L	6612f729ec	stages/authenticator: vendor otp (#6741 ) * initial import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update imports Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove email and hotp for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove things we don't need and clean up Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge static Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge totp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update webui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup, add doctests to test_runner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup more lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup last tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docstrings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement SerializerModel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-04 11:45:14 +02:00
Jens L	3f12c7c013	sources/ldap: fix FreeIPA nsaccountlock sync (#6745 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-04 08:44:00 +02:00
Jens L	fd561ac802	root: connect to backend via socket (#6720 ) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-02 17:58:37 +02:00
Jens Langhammer	97e4c8d5e2	release: 2023.8.2	2023-09-01 17:27:16 +02:00
Jens L	a39fef11b8	providers/saml: fix SAML metadata import API requiring flow slug inst… (#6729 ) * providers/saml: fix SAML metadata import API requiring flow slug instead of pk Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace format_exc_info with dict_tracebacks, and only for json logger Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-01 12:59:25 +02:00
Jens L	0772756eef	crypto: fix has_key filter (#6727 ) * crypto: fix has_key certificate filter Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-01 11:51:41 +02:00
Jens L	1c1c1cf5da	root: expand exception logging (#6690 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-31 14:17:57 +02:00
Jens L	f57b3efcaa	policies/reputation: fix reputation not expiring (#6714 ) * policies/reputation: fix reputation not expiring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some verbose names for models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-31 13:46:00 +02:00
Jens L	3f3ca6fe82	core: make groups' parent_name nullable as it might not be set (#6700 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 20:39:57 +02:00
Jens L	3afff1bae9	providers/oauth2: fix incorrect scope permissions shown (#6696 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 17:27:40 +02:00
Jens L	b6a57ffd4f	events: fix missing application names from most used applications (#6689 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 12:46:42 +02:00
Jens Langhammer	be3cfaee56	release: 2023.8.1	2023-08-30 00:31:45 +02:00
Jens L	9545857042	root/revert persistent connections (#6677 ) Revert "root: always use persistent database connections (#6560)" This reverts commit `1d99ec95b5`.	2023-08-30 00:13:53 +02:00
Jens Langhammer	bfa78afd54	release: 2023.8.0	2023-08-29 19:58:42 +02:00
Jens L	aa874dd92a	security: fix CVE-2023-39522 (#6665 ) * stages/email: don't disclose whether a user exists or not when recovering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update website Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 19:07:49 +02:00
Jens L	af200a6bf9	web: cleanup (#6664 ) * web: remove <p> used for padding and do it properly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: remove .form-help-text as it didn't change anything Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move data-list styling to correct scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove title from navbar for docs-only build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 18:24:11 +02:00
Jens L	ccfd45774e	: fix api errors raised in general validate() to specify a field (#6663 ) : fix api errors raised in general validate() to specify a field Signed-off-by: Jens Langhammer <jens@goauthentik.io> remove required flag for tls server name for ldap provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to make timing test less flaky Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 14:41:48 +02:00
Jens L	30cb38ac6d	blueprints: fix tag values not resolved correctly (#6653 ) * blueprints: fix tag values not resolved correctly this lead to `null` in an `!Env` tag being returned as `"null"` Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make blueprint user password optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure user doesn't have a usable password set when its an empty string Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 18:27:44 +02:00
Jens L	85bc35eb41	providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 00:51:48 +02:00

1 2 3 4 5 ...

3120 commits