trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
13374 commits 95 branches 330 tags 336 MiB
Commit graph

3120 commits

Author SHA1 Message Date
Jens L 9e29789c09
root: fix config loading for outposts (#6640) 
* root: fix config loading for outposts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve check to see if outpost is embedded or not

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also fix oauth url fetching

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-26 19:40:48 +02:00
Jens L d29163e3ad
core: fix filtering users by type attribute (#6638) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-26 17:26:50 +02:00
Marc 'risson' Schmitt 599f7e7c88 root: config: remove redundant default configs 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-26 02:41:37 +02:00
dependabot[bot] bc6706016b
core: bump pydantic from 1.10.12 to 2.3.0 (#6613) 
* core: bump pydantic from 1.10.12 to 2.3.0

Bumps [pydantic](https://github.com/pydantic/pydantic) from 1.10.12 to 2.3.0.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix webauthn stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix scim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* "fix" lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-24 12:25:17 +02:00
Marc 'risson' Schmitt 739edba92d enterprise: default user count to 0 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-23 17:10:50 +02:00
Jens L 168423a54e
enterprise: licensing fixes (#6601) 
* enterprise: fix unique index for key, fix field names

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise: update UI to match

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-23 13:20:42 +02:00
Jens L 0472ef583c
core: hotfix group membership check (#6584) 2023-08-20 23:47:13 +02:00
Jens L 8bba3c0a9b
core: rework recursive group membership (#6017) 
* rework checking group membership and add `user.all_groups` to get full list of groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor some more for better performance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate things to use all_groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix for django 4.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-18 17:31:39 +02:00
Jens L 42c21da8b6
blueprints: fix blueprint importer logging potentially sensitive data (#6567) 2023-08-18 00:33:26 +01:00
Jens L 7b3d1a229f
stages/authenticator_static: make static token size adjustable (#6565) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-17 23:48:05 +02:00
risson 1d99ec95b5
root: always use persistent database connections (#6560) 
* root: always use persistent database connections

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* root: activate database connection health checks

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-08-17 19:38:39 +02:00
Jens L 287cf6f0c7
web/admin: fix user sorting by active field (#6485) 
* web/admin: fix user sorting by active field

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/admin: fix hide service account toggle

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-08-05 22:07:17 +02:00
Jens L 00fae2353c
api: optimise pagination in API schema (#6478) 2023-08-05 15:37:06 +02:00
Jean-Michel DILLY e191cd6e7f
provider/oauth2: fix aud (Audience) field type which can be a list of… (#6447) 
provider/oauth2: fix aud (Audience) field type which can be a list of strings
 2023-08-01 23:16:26 +02:00
Jens L cc6824fd7c
core: bump django from 4.1.7 to 4.2 (#5238) 
* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-08-01 19:30:28 +02:00
Jens L 561e6956fe
root: add get_int to config loader instead of casting to int everywhere (#6436) 
* root: add get_int to config loader instead of casting to int everywhere

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling, add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 19:34:59 +02:00
Jens L 10b0c84d97
root: migrate bootstrap to blueprints (#6433) 
* remove old bootstrap

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add meta model to set user password

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure KeyOf works with objects in the state of created that already exist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for shorter form !If tag

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow !Context to resolve other yaml tags

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't require serializer to be valid for deleting an object

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix check if a model is being created

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove duplicate way to set password

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only change what is required with migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add description

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix admin status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* expand tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't require bootstrap in events to fix ci?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 19:34:46 +02:00
Jens L 09907ecb6a
root: add generated Source docs (#5323) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-31 11:59:20 +02:00
Jens L b08f8d8e0c
api: re-fix url import logging (#6400) 
* fix logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove lib from apps

lib doesn't declare any models, so it really doesn't need to be in there anyways?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove lib from schema too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-27 12:56:51 +02:00
risson 94836a3ce7
api: log errors if app URLs import fail (#6397) 
* api: log errors if app URLs import fail

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* bump level to warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-27 11:29:20 +02:00
Jens L f272d14fcf
events: fix monitored task not removing state (#6386) 
when `save_on_success` is set, a task failure saves state. when it succeeds afterwards, that state should be removed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-26 16:00:50 +02:00
Timo Schwarzer 17fe595528
sources/ldap: fix syncing large LDAP directories (#6384) 
* sources/ldap: fix syncing large LDAP directories

* add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-26 12:25:40 +02:00
Marc 'risson' Schmitt 18472c231a enterprise: fix license check not using the proper JWT algorithm 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-07-25 12:10:15 +02:00
Jens L 7be94df00c
root: set csrf cookie's secure flag same as session (#6350) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 13:57:30 +02:00
Yip Rui Fung 346c6e6a85
outposts: Fix infinite self-recursion in traefik reconciler. (#6336) 
Fix infinite self-recursion in traefik reconciler.
 2023-07-24 10:25:29 +00:00
ChandonPierre 8d4b7ce8d3
outposts: fix patch processing (#6338) 
* outposts: fix patch processing for custom object types

* outposts: correct parsing patch type

* small change

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 10:25:14 +00:00
Jens L 4647fbacb0
enterprise: fix license check not using DER as spec specifies (#6348) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-24 12:11:47 +02:00
ChandonPierre d435a65cfd
outposts: support json patch for Kubernetes (#6319) 2023-07-22 02:29:28 +02:00
Jens L a728dad166
providers/oauth2: fix grant_type password raising an exception (#6333) 2023-07-22 01:36:55 +02:00
Jens L d50f92d8b4
enterprise: cleanup v2 (#6330) 
* cleanup minor stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* change default user type to internal to be more consistent

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-21 18:23:51 +02:00
Jens L 9b7c30d44c
sources/ldap: fix ldap_sync cli command not running in foreground (#6325) 
closes #6317

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-21 13:03:06 +02:00
Jens Langhammer d12db62a6d
root: fix lint error 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-20 00:38:01 +02:00
Jens L 546425acde
root: fix config env var resolution (#6310) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-20 00:16:00 +02:00
Jens L 2f469d2709
root: partial Live-updating config (#5959) 
* stages/email: directly use email credentials from config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use custom database backend that supports dynamic credentials

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add crude config reloader

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make method names for CONFIG clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace config.set with environ

Not sure if this is the cleanest way, but it persists through a config reload

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add set for @patch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* even more crudeness

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clean up some old stuff?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup old things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flow e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-19 23:13:22 +02:00
Jens L b6e8342466
enterprise: add more info to enterprise forecast (#6292) 
* add more info to enterprise forecast

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix banner colour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some layout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix layout for warning banner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-18 23:24:44 +02:00
Jens L 41af486006
enterprise: initial enterprise (#5721) 
* initial

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add user type

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add external users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui, add more logic, add public JWT validation key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert to not use install_id as session jwt signing key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* switch to PKI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more licensing stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add install ID to form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix bugs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use x5c correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* license checks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use production CA

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more UI stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to summary

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale, improve ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add direct button

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update link

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format and such

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove old attributes from ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove is_enterprise_licensed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix admin interface styling issue

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/core/models.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* fix default case

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-07-17 17:57:08 +02:00
Jens L cf799fca03
sources/ldap: check nsaccountlock for FreeIPA/389-ds (#6270) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-17 12:59:29 +02:00
Jens L 5ca65003f1
events: fix authentik_system_tasks metric status label (#6252) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-13 16:24:13 +02:00
Jens Langhammer d6af506a78
release: 2023.6.1 2023-07-10 13:20:22 +02:00
Jens L 080ac6b5bb
core: fix UUID filter field for users api (#6203) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-10 12:14:06 +02:00
Jens L 5fe737326e
sources/ldap: fix more errors (#6191) 2023-07-09 15:10:57 +02:00
Jens L ff0d3c3d63
sources/ldap: fix page size (#6187) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-09 15:10:51 +02:00
Jens Langhammer 7db9ced218
release: 2023.6.0 2023-07-07 13:43:16 +02:00
Jens L d22d147c8e
security: fix CVE-2023-36456 (#6171) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-07-06 18:16:26 +02:00
Jens L f306fb9c26
stages/user_write: fix duplicate source writing (#6105) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-29 21:42:42 +02:00
Jens L e712225ced
sources/ldap: improve scalability (#6056) 
* sources/ldap: improve scalability

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use cache instead of call signature for page data

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-28 17:13:42 +02:00
Jens L a987846c76
root: celery refactor (#6095) 
* root: celery refactor

cleanup deprecation messages by configuring celery with a single object

run celery as django management command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve debug experience

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add debugpy to dev dependencies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix task_always_eager

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-28 16:44:50 +02:00
Jens L 35e2b648ba
sources/ldap: fix 100% cpu usage when LDAP Server is unavailable (#6094) 2023-06-28 15:13:12 +02:00
Jens L 8bd23f1686
sources/oauth: fix OIDC client sending access token as header and query param (#6081) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:16:52 +02:00
Jens L 863454a895
flows: allow empty value in AutosubmitChallenge (#6079) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:13:58 +02:00
Jens L 416f916da6
core: fix inconsistent favicon (#6080) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-27 23:13:31 +02:00
Jens Langhammer 422b19df60
release: 2023.5.4 2023-06-26 23:33:04 +02:00
Jens L eab767fc1b
stages/authenticator_validate: fix regression (#6062) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-26 13:06:11 +02:00
Jens L b0fbd576fc
security: cure53 fix (#6039) 
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-22 22:25:04 +02:00
Samir Musali b1de0b767e
sources/ldap: include UnwillingToPerformError as possible exception (#6031) 
feat: include UnwillingToPerformError as possible exception
 2023-06-21 19:45:20 +03:00
Jens L 469899233a
policies/event_matcher: change empty values to null (#6032) 
* policies/event_matcher: change empty values to null

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate old default values

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-21 15:49:46 +02:00
Jens L 93575a9966
core: prevent selecting a group as a parent of itself (#6016) 
* core: prevent selecting a group as a parent of itself

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api error when no parent is given

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-20 20:21:58 +02:00
Jens L 01311929d1
providers/ldap: improve password totp detection (#6006) 
* providers/ldap: improve password totp detection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flag for totp mfa support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep support for static tokens

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-20 12:09:13 +02:00
Jens L f6181ceb70
providers/oauth2: correctly advertise code_challenge_methods_supported (#6007) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 21:26:33 +02:00
Jens L a5db60129d
*: use dataclass slots wherever applicable (#6005) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 18:31:07 +02:00
Jens L 05d73f688c
policies/event_matcher: add model filter (#5802) 
* policies/event_matcher: add model filter

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve logic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove t``

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 22:11:11 +02:00
ChandonPierre 029395d08b
sources/ldap: add support for cert based auth (#5850) 
* ldap: support cert based auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ldap: default sni switch to off

* ldap: `get_info=NONE` on insufficient access error

* fix: Make file locale script

* ldap: add google ldap attribute mappings

* ldap: move google secure ldap blueprint to examples

Revert "ldap: add google ldap attribute mappings"

This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4.

* ldap: remove `validate` for client cert auth

not strictly necessary

* ldap: write temp cert files more securely

* ldap: use first array value for sni when provided csv input

* don't specify tempdir

we set $TMPDIR in the dockerfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* limit API to only allow certificate key pairs with private key

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use maxsplit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 15:41:44 +02:00
Jens L 51f4d4646c
providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933) 
* providers/ldap: fix Outpost provider listing excluding backchannel providers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 11:28:00 +02:00
Jens L c45e92b17e
root: revert to use secret_key for JWT signing (#5934) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 11:02:05 +02:00
Jens L 4741d8aa0d
sources/ldap: fix duplicate bind when authenticating user directly to… (#5927) 
sources/ldap: fix duplicate bind when authenticating user directly to LDAP source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-12 10:24:01 +02:00
risson 0041cf88f4
providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918) 
* providers/oauth2: launch url: if URL parsing fails, return no launch URL

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only get provider launch URL when no url is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only catch value error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-09 21:56:34 +02:00
Jens L 69f0460f69
website: update translation docs (#5875) 
* website/docs: remove lingui references

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace deprecated cryptography types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tell eslint to avoid escapes in strings when possible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ignore generated locale code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-06 12:32:32 +02:00
Jens Langhammer 0a1d0b85ca
Merge branch 'version-2023.5' 2023-06-01 21:00:13 +02:00
Jens Langhammer be85eecac5
release: 2023.5.3 2023-06-01 19:35:13 +02:00
Jens L e141a11475
blueprints: fix API validation with OCI blueprint path (#5822) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:52:12 +02:00
Jens L 772acb10d6
providers/ldap: fix LDAP Outpost application selection (#5812) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:51:46 +02:00
Jens L b6d338659f
blueprints: fix API validation with OCI blueprint path (#5822) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:50:39 +02:00
Jens L fd4c5f5ce7
providers/ldap: fix LDAP Outpost application selection (#5812) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:14:25 +02:00
rlew-is a7bf963409
stages/deny: fix typos (#5800) 
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
 2023-05-30 10:54:24 +02:00
rlew-is 0b25c612c0
stages/deny: fix typos (#5800) 
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
 2023-05-30 10:36:51 +02:00
Jens L f0619814f9
blueprints: allow setting user's passwords from blueprints (#5797) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-29 21:28:44 +02:00
Jens L d09bee7bf9
providers/proxy: add support for traefik.io API and CRD (#5801) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-29 21:12:59 +02:00
Jens Langhammer ce96600adb
Merge branch 'version-2023.5' 2023-05-28 13:23:32 +02:00
Jens Langhammer 5e5a74eebf
release: 2023.5.2 2023-05-26 23:54:12 +02:00
Jens L 5b0cc3672b
root: add method to get install_id without django being loaded (#5755) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-25 18:52:21 +02:00
Jens L 47d5fc26cc
events: fix ak_create_event using wrong request for event creation (#5731) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:14 +02:00
Jens L 9a996e7176
outposts: fix missing radius outpost controller (#5730) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:11 +02:00
Jens L 554a26442d
blueprints: support custom ports for OCI blueprints (#5727) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:07 +02:00
Jens L 573517bf0a
lib: add tests for ak_create_event (#5710) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	locale/en/LC_MESSAGES/django.po
 2023-05-24 21:51:52 +02:00
Jens L 2cd68dfa87
blueprints: fix check for file path not being run on worker (#5703) 2023-05-24 21:51:30 +02:00
Jens L 8029a13be1
core: make groups field for user optional (#5702) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:51:23 +02:00
Jens L 6766b12bd1
events: fix ak_create_event using wrong request for event creation (#5731) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 00:51:16 +02:00
Jens L c1404285bb
outposts: fix missing radius outpost controller (#5730) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 00:49:20 +02:00
Jens L 8bba8422d7
blueprints: support custom ports for OCI blueprints (#5727) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-23 13:52:50 +02:00
Jens L 0d0bb1a559
root: add install ID (#5717) 
* root: add install ID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add fallback when no migrations table exists

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-22 17:24:12 +02:00
Jens L 44341f0224
lib: add tests for ak_create_event (#5710) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-22 00:18:54 +02:00
Jens L 411ef239f6
blueprints: fix check for file path not being run on worker (#5703) 2023-05-21 15:29:55 +02:00
Jens L bb64fb1130
core: make groups field for user optional (#5702) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-21 15:19:05 +02:00
Jens L 5d5938c412
sources/saml: separate verification cert (#5699) 
* sources/saml: allow separate verification certificate to be specified

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migration to keep current behaviour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update strings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep testing verification

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-21 14:42:17 +02:00
Jens Langhammer 6900ffffd8
release: 2023.5.1 2023-05-18 21:33:38 +02:00
Jens L 9c69f67778
sources/ldap: log full exception when user password set fails (#5678) 
* sources/ldap: log full exception when user password set fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/sources/ldap/auth.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-18 19:00:17 +02:00
Jens L 79dcc30778
providers/radius: add warning message when radius provider is not used with outpost (#5656) 
* providers/radius: add warning message when radius provider is not used with outpost

same message as Proxy and LDAP provider have

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:33 +02:00
Jens L 68a1bcf233
providers/SCIM: improve backchannel signalling (#5657) 
* providers/scim: add warning when provider is not used as backchannel provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: don't sync SCIM provider that isn't used as backchannel at all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:18 +02:00
Jens L cd7de4c0b9
sources/ldap: improve error message (#5653) 
* sources/ldap: improve ldap password change error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stages/user_write: handle validation error when updating user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 15:26:46 +02:00
Jens L f4b0d6e85c
providers/scim: default to None for fields instead of empty list (#5642) 
* providers/scim: default to None for fields instead of empty list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make name of delete_none_keys clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 00:25:28 +02:00
Jens L a6b16ecc68
lib: fix fallback_names migration not working when multiple objects n… (#5637) 
lib: fix fallback_names migration not working when multiple objects need to be renamed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-16 22:17:56 +02:00
Jens Langhammer 8faec99bd6
release: 2023.5.0 2023-05-16 14:00:48 +02:00
tograss 557aadecc0
stages/authenticator_sms: Fix json serialization in send_generic (#5630) 
stages/authenticator_sms: Fix SMS Authenticator Setup Stage with generic provider does not work without mapping

This fixes issue #5629. Problem is/was that self.get_message(token) in send_generic returned a type django.utils.functional.lazy.<locals>.__proxy__ which is not json serializable.
 2023-05-16 10:28:14 +00:00
Jens L ff1510dedc
events: sanitize enums (#5610) 
when importing a flow and returning logs, sometimes an enum might be included which is currently not sanitized and hence causes an exception

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:58 +02:00
Jens L c3398004ff
blueprints: add meta models to schema (#5611) 
these models were previously ignored

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:48 +02:00
Jens L 47f09ac285
providers/scim: improve SCIM error messages (#5600) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:27 +02:00
Jens L 6299fc7f81
root: migrate from os.path to Pathlib (#5594) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:04:02 +02:00
Jens L a032fd529b
events: don't include task uid in task metric (#5595) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:52 +02:00
Jens L ec78e56fbd
providers/scim: fix group patch schema (#5596) 
the original request was made based on the sentry docs, which aren't actually correct

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:43 +02:00
Jens L 61434c807d
stages/identification: auto-redirect to source when no user fields are selected (#5583) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 16:52:30 +02:00
risson 7265a56f05
root: switch sentry dsn to our relay (#5494) 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-05-11 15:24:38 +02:00
Tana M Berry 95df14106c
blueprints: further copy-edits (#5559) 
another copy-edit

Co-authored-by: Tana Berry <tana@goauthentik.io>
 2023-05-11 13:48:27 +02:00
Jens L 91d78b0c7d
sources/oauth: re-fix reddit source (#5582) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 13:48:11 +02:00
Jens L 906faf9cce
providers/proxy: fix panic when claims in session were nil (#5569) 
* providers/proxy: fix panic when claims in session were nil

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add new options

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:58:44 +02:00
Jens L 3704f4ccf4
core: disallow username and email changes by default (#5571) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:57:57 +02:00
Michael OBrien eb071d4d90
providers/oauth2: add user UUID as subject option (#5556) 
* providers/oauth2: add user UUID as subject option

* Added translations for new OAuth2 subject option
 2023-05-10 17:50:13 +02:00
Jens L 1c04dc0986
providers/SCIM: patch group name (#5564) 
* providers/scim: patch name when group put fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-raise ResourceMissing in group update to trigger recreation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 12:29:39 +02:00
Jens L 92fd6a55db
blueprints: adjust wording on managed field (#5558) 2023-05-09 23:41:42 +02:00
Jens L b5b1ed5887
sources/oauth: fix reddit (#5557) 2023-05-09 23:41:24 +02:00
Jens L eaa3d11df8
api: modular urls (#5551) 
* api: make API urls modular

load API urls from app module's urls file instead of a single static file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor websocket url mounting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-09 14:46:47 +02:00
Jens L 9c25d72d61
providers/scim: fix scim_sync_all error (#5539) 
* providers/scim: fix scim_sync_all error

closes #5538

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't use static names in tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 22:39:48 +02:00
Jens L 5ea54e8f7e
*: improve configuration error events (#5523) 
* *: improve configuration error events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete test-db when resetting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:43 +02:00
Jens L 8215ee19c6
events: include event user in webhook notification (#5524) 
* events: include event user in webhook notification

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update other transports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:21 +02:00
Jens L 7acd0558f5
core: applications backchannel provider (#5449) 
* backchannel applications

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add webui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include assigned app in provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve backchannel provider list display

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make ldap provider compatible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show backchannel providers in app view

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make backchannel required for SCIM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-08 15:29:12 +02:00
Jens L 9f4be4d150
blueprints: support setting file URLs in blueprints (#5510) 
* blueprints: support setting file URLs in blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make new fields not required

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include conditional fields in schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:07:00 +02:00
Jens L 7df0e88b9d
events: cleanse http query string in events (#5508) 
* events: cleanse http query string in events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 20:11:36 +02:00
Jens L 53f827b54f
blueprints: specify schema for blueprint metadata (#5509) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 20:11:18 +02:00
Jens L 2a2e159a0d
blueprints: improve schema generation by including model schema (#5503) 
* blueprints: improve schema generation by including model schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unset required

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add deps

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 12:32:01 +02:00
Jens L 564b2874a9
providers/oauth2: use simpler charset for refresh tokens (#5502) 
various implementations might have issues with the special chars

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-07 00:19:11 +02:00
Jens L b99ce890ef
providers/scim: fix missing user/group filtering on SCIM direct save signals (#5473) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-04 02:28:58 +03:00
Jens L 5509bce3d7
blueprints: ignore hidden files in discovery (#5472) 
blueprints: ignore hidden files

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-04 02:16:48 +03:00
Jens L 3f607ee2c8
policies: make policy engine modes consistent with database values (#5462) 
* policies: make policy engine modes consistent with database values

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix in ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing case

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-03 18:16:16 +03:00
DerGardine a2994218e4
sources/oauth: add patreon type (#5452) 
* Models Update to include Patreon as Social Sign On

Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests, use vanity as username

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: DerGardine <julian.burgschweiger@gmail.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-03 13:49:43 +03:00
Jens L bb8b87fcb3
providers/scim: improve compatibility (#5425) 
* providers/scim: improve compatibility

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint and tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 19:43:24 +03:00
Jens L f36a5a053f
root: fix import error on non debug builds (#5424) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 16:36:43 +03:00
Jens L 0b0e08446d
blueprints: fix tests (#5421) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-30 14:08:36 +03:00
Jens L af7cc8d42d
blueprints: fix error when imported blueprint is invalid (#5414) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-28 22:44:19 +03:00
Jens L 5830781a5a
root: add websocket logging (#5408) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-28 20:34:34 +03:00
Jens L ecce31ee87
providers/scim: correctly handle 404 by re-creating object (#5405) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-28 14:36:21 +03:00
Jens L 967a38b7ac
crypto: make name field unique to prevent double certs (#5406) 
* crypto: make name field unique to prevent double certs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-28 14:35:59 +03:00
Jens L 9d1ad104ec
outposts: make state more consistent (#5403) 2023-04-28 13:53:07 +03:00
Jens L 54d508ae8c
ci: fix pyright errors (#5392) 
* ci: fix pyright errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error in oauth 1 source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove redundant blueprint fixtures

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-27 17:33:47 +03:00
Jens L 7b0d8f8991
providers/scim: ensure scim group member isn't None (#5391) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-27 15:03:50 +03:00
Jens L 4426cbec34
policies: clear app cache when writing user, groups, policies (#5371) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-25 15:24:47 +03:00
Jens L 5970a6e2a2
events: always run policies for notification rules even if no group is selected (#5353) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-23 19:10:22 +03:00
Jens L 480f5c2aac
ci: add log grouping (#5342) 
* ci: add log grouping

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* try to group structlog output

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* earlier hooks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hmm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* disable beats integration for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test container logs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-21 19:06:11 +03:00
Jens L e75e2cf324
website/docs: flow context docs (#5243) 
* add flow context docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup some redundant things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* added more section headers

* tweaked new headings

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add more keys, use dedicated prefix for internal keys

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* set toc_max_heading_level: 5

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update datatypes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more consistent header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/flow/context/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-04-20 17:31:34 +00:00
Jens L 4671d4afb4
enterprise: initial license (#5293) 
* enterprise: add enterprise license and app

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add license and terms

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't build enterprise into docker for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-19 16:13:45 +02:00
sdimovv ee6edec1d8
stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields (#5095) 
* Added initial_value to model

* Added initial_value to admin panel

* Added initial_value support to flows; updated tests

* Updated default blueprints

* update docs

* Fix test

* Fix another test

* Fix yet another test

* Add placeholder migration

* Remove unused import
 2023-04-19 12:27:51 +02:00
Jens L dfa80543b5
root: add ruff linter (#5240) 
* root: add ruff linter

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually add ruff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-18 13:28:19 +02:00
Jens L ce5f6d5d43
release: Version 2023.4 (#5283) 
* release: 2023.4.0

* release: 2023.4.1
 2023-04-18 10:45:17 +02:00
Jens L 8160663214
release: 2023.4.0 (#5254) 2023-04-14 13:20:22 +02:00
Jens L 6a700cb376
core: fix user metrics for users which can't access events (#5252) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-14 11:20:26 +02:00
Jens L a5098364eb
events: unpack wrapped query from FlowExecutor (#5244) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-14 00:07:41 +02:00
Jens L 6a74fa11c6
providers/oauth2: inconsistent client secret generation (#5241) 
* use simpler char set for client secret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also adjust radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use similar logic in web to generate ids and secrets

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont use math.random

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-13 15:06:28 +02:00
Jens L f84a10b59b
core: revert django update (#5236) 
* Revert "core: bump django from 4.1.7 to 4.2 (#5151)"

This reverts commit 18a4eac527.

* run unittests with postgres 11 and 12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-13 14:10:12 +02:00
dependabot[bot] 18a4eac527
core: bump django from 4.1.7 to 4.2 (#5151) 
* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-11 15:00:27 +02:00
Jens L 1ca8feb5fc
sources/ldap: make schema optional (#5213) 
* sources/ldap: make schema optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* create one connection and re-use it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use magicmock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-10 21:55:56 +02:00
Jens L 8b78570597
outposts: run containers as non root (#5212) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-09 21:39:07 +02:00
Jens L 977757f561
policies: provider raw result for better policy reusability (#5189) 
* policies: include raw_result in PolicyResult

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move ak_call_policy to base evaluator

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-06 09:42:29 +02:00
Jens L 711e98d049
stages/identification: revert is_active check (#5183) 2023-04-05 15:49:35 +02:00
Jens L 132a353b92
outposts: set k8s deployment security context (#5163) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-05 13:36:46 +02:00
dependabot[bot] fb4808418c
core: bump sentry-sdk from 1.18.0 to 1.19.0 (#5169) 
* core: bump sentry-sdk from 1.18.0 to 1.19.0

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.18.0...1.19.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* use new features

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-04 15:29:09 +02:00
Jens L 02f75a92ce
lifecycle: don't use celery ping for worker healthcheck (#5153) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-03 18:15:31 +02:00
Ongy adcd11b1f8
core: extend postgres configuration (#5138) 
Add postgres configuration options to control
TLS verification and client certificates.
 2023-04-02 17:39:36 +02:00
sdimovv 6192d01b7e
stages: Add ability to set user friendly names for MFA stages (#5005) 
* Added ability to name MFA stage

* Schema

* Changed Charfield to Textfield

* Regenerated schema

* Add explicit required

* set null instead of blank so title check works

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add help text and adjust wording

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-04-02 16:52:44 +02:00
Jens L 5947c7b97e
stages/user_write: improve error handling (#5136) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-31 23:59:37 +02:00
Jens L 75510ead84
core: fix app launch URL flow selection (#5113) 2023-03-30 02:10:25 +02:00
dependabot[bot] 73bf6fd530
core: bump channels-redis from 4.0.0 to 4.1.0 (#5115) 
* core: bump channels-redis from 4.0.0 to 4.1.0

Bumps [channels-redis](https://github.com/django/channels_redis) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/django/channels_redis/releases)
- [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels_redis/compare/4.0.0...4.1.0)

---
updated-dependencies:
- dependency-name: channels-redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove channels <4.1 workaround

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-30 00:08:07 +02:00
Jens L 1d2725825c
providers/scim: add missing default fields (#5108) 
* providers/scim: add missing default fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4554

* update tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-28 14:42:52 +02:00
Jens L 4218ece2a5
stages/authenticator_validate: fix stage not working without pending user (#5096) 
closes #5094

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-27 23:08:55 +02:00
Jens L b097cf4d7e
providers/scim: fix error when user-group m2m is updated forward (#5082) 
* providers/scim: fix error when user-group m2m is updated forward

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-26 22:34:53 +02:00
Jens L 5c0d7f9a58
web/admin: fix error when creating bindings due to hidden inputs (#5081) 
* web/admin: fix error when creating bindings due to hidden inputs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-26 18:58:02 +02:00
Jens L 6437fbc814
web/admin: prompt preview (#5078) 
* add initial prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't flood api with requests when fields are changeed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-25 22:31:48 +01:00
risson 1957717160
providers: Add ability to choose a default authentication flow (#5070) 
* core: add ability to choose a default authentication flow for a provider

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update web to use correct ak-search-select

I don't think this element existed when the PR was initially created, lol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only use provider authentication flow for authentication designation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-24 13:26:00 +01:00
Jens L da3222df07
core: fix websocket url path (#5019) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-21 00:20:48 +01:00
Jens L 54cacd784c
*: load websocket paths similarly to URLs (#5018) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-20 23:39:25 +01:00
Jens L 3f5effb1bc
providers/radius: simple radius outpost (#1796) 
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-20 16:54:35 +01:00
sdimovv 16a03160d0
core: Add unique constraint to user UUID (#5004) 2023-03-20 00:33:08 +01:00
sdimovv 8b52d711e8
stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822) 
* Added radio-button prompt type in model

* Add radio-button prompt

* Refactored radio-button prompt; Added dropdown prompt

* Added tests

* Fixed unrelated to choice fields bug causing validation errors; Added more tests

* Added description for new prompts

* Added docs

* Fix lint

* Add forgotten file changes

* Fix lint

* Small fix

* Add text-area prompts

* Update authentik/stages/prompt/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/stages/prompt/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Fix inline css

* remove AKGlobal, update schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-19 18:56:17 +01:00
Jens L 97df7848a5
blueprints: allow setting of token key in blueprint context (#4995) 
closes #4717

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-18 00:10:12 +01:00
Jens L e2d3a95c80
web: full web components part 1 (#4964) 
* migrate loading

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate api browser

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate base css

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move tenant fetching to base interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* import pre-loaded stages in flow interface and not executor to strip down executor size

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix redirect and such

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-17 23:10:19 +01:00
Jens L 8363016982
version: 2023.3 (#4980) 
* release: 2023.3.0

* providers/ldap: fix duplicate attributes (#4972)

closes #4971

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/oauth2: fix response for response_type code and response_mode fragment (#4975)

* web/flows: fix authenticator selector in dark mode (#4974)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* release: 2023.3.1

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-16 22:43:57 +01:00
Jens L 2a399cf8e8
providers/oauth2: fix response for response_type code and response_mode fragment (#4975) 2023-03-16 15:58:38 +01:00
Jens L eaf56f4f3f
stages/user_login: stay logged in (#4958) 
* add initial remember me offset

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to go executor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui for user login stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-15 20:21:05 +01:00
Jens L 9310d4cdc0
*: fix mismatched task names for discovery, make output service connection task monitored (#4956) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-15 12:12:08 +01:00
Jens L 86f9056d3f
core: fix url validator (#4957) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-15 12:00:57 +01:00
Jens L 73d7b5f110
root: add common fixture loader (#4946) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-14 17:13:03 +01:00
Jens L 4b1440944e
providers: fix authorization_flow not required in API (#4932) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-13 23:36:24 +01:00
Jens L 59a92dbacd
stages/authenticator_webauthn: remove credential_id size limit (#4931) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-13 21:24:10 +01:00
Jens L 6f6d22da13
release: 2023.3.0 (#4925) 2023-03-13 19:10:48 +01:00
Jens L fab6a8f8c9
stages/user_login: expiry before login (#4920) 
* stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-13 15:31:06 +01:00
Jens L 178bfe1d44
providers/scim: handle ServiceProviderConfig 404 (#4915) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-13 13:44:29 +01:00
Jens L 94f22cffba
root: fix session middleware for websocket connections (#4909) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-12 16:47:19 +01:00
Jens L 10b7d78825
events: set task start time before start not on init (#4908) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-12 15:13:04 +01:00
dependabot[bot] 0ef333f8ea
core: bump bandit from 1.7.4 to 1.7.5 (#4896) 
* core: bump bandit from 1.7.4 to 1.7.5

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-10 12:06:59 +01:00
Jens L 86bb2afd02
core: add validator which allows for URLs with formatting (#4890) 2023-03-10 00:16:17 +01:00
Jens L b6b820f6f1
web: toggle dark/light theme manually (#4876) 2023-03-09 23:17:53 +01:00
Jens L 6ae2fc9668
providers/SCIM: customizable externalId, document behavior (#4868) 
* only set externalId if mapping hasn't set it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better document use of SCIM in conjunction with OAuth/SAML

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-08 00:15:16 +01:00
Jens L 67f3db1e03
core: enforce unique on names where it makes sense (#4866) 
enforce unique on names where it makes sense

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-03-07 23:52:34 +01:00