Marc 'risson' Schmitt
f35f86442b
Merge branch 'main' into multi-tenant-django-tenants
2024-01-03 12:22:25 +01:00
Jens L
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
Marc 'risson' Schmitt
951f9ce043
Merge branch 's3-support' into multi-tenant-django-tenants
2023-12-20 10:33:29 +01:00
Marc 'risson' Schmitt
72fcaa92dd
Merge branch 'main' into multi-tenant-django-tenants
2023-12-20 09:45:34 +01:00
Marc 'risson' Schmitt
9619c2433f
root: add support for storing media files in S3
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-20 09:44:02 +01:00
Jens L
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-18 22:07:59 +01:00
Marc 'risson' Schmitt
77d8877efe
tenants -> brands, init new tenant model, migrate some config to tenants
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-11-21 18:23:58 +01:00
Jens L
dc7ffba8fa
internal: remove special route for /outpost.goauthentik.io ( #7539 )
...
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 17:39:40 +01:00
Jens L
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 14:48:37 +01:00
risson
4a434d581d
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn ( #6630 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-09-27 11:34:29 +00:00
Jens L
fd561ac802
root: connect to backend via socket ( #6720 )
...
* root: connect to gunicorn via socket
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* put socket in temp folder
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use non-socket connection for debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't hardcode local url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix dev_server missing websocket
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dedupe logging config between gunicorn and main app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* slight refactor for proxy errors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-02 17:58:37 +02:00
Alexandre NICOLAIE
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
Jens L
d22d147c8e
security: fix CVE-2023-36456 ( #6171 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-06 18:16:26 +02:00
authentik-db-cooper
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:57:52 +03:00
Jens L
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 13:27:46 +01:00
Jens Langhammer
0874574e5c
*: add additional prometheus metrics, remove unusable high entropy metrics
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:08:40 +01:00
Jens Langhammer
5ea9595c9c
internal: fix cache-control header
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4525
2023-01-25 21:18:20 +01:00
Jens Langhammer
06f67c738c
internal: check certificate value and not IsSet
...
closes #4369
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 18:30:11 +01:00
Jens Langhammer
bacf2afed1
internal: remove sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 17:52:07 +01:00
Jens L
276af8457d
root: make sentry DSN configurable ( #4016 )
...
* make sentry DSN configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make proxy smarter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix typo in config struct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens Langhammer
56181a45a1
internal: limit body size
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-17 18:52:16 +02:00
Jens Langhammer
53f224300b
internal: set ETag header on static resources to reduce cache issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3456
2022-09-11 23:18:34 +02:00
Jens Langhammer
242423cf3c
internal: remove sentryhttp from main server mux to prevent double traces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
Jens Langhammer
514c48a986
internal: fix routing for requests with querystring signature to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:43:01 +02:00
Jens Langhammer
846b63a17b
*: remove some very verbose logging messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
Jens Langhammer
4c9878313c
sources/oauth: correctly concatenate URLs to allow custom parameters to be included
...
closes #3374
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
Jens Langhammer
6356ddd9f3
internal: replace ioutils
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:00:45 +02:00
Jens Langhammer
201bea6d30
internal: add X-authentik-logout signature to trigger logouts when URLs are not exposed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 18:50:24 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
Jens L
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
Jens Langhammer
10b48b27b0
internal: walk config in go, check, parse and load from scheme like in python
...
closes #2719
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-26 11:33:37 +02:00
Jens Langhammer
ece0429ea8
internal: failback with self-signed cert if cert for tenant fails to load
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 21:26:34 +02:00
Jens Langhammer
0a83b04419
internal: fix routing to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 17:05:27 +02:00
Jens Langhammer
2d48fe42f4
internal: dont sample gunicorn proxied requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-16 11:32:21 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer
e194715c3e
internal: fix CSRF error caused by Host header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 14:34:55 +01:00
Jens Langhammer
02ba493759
internal: trace headers and url for backend requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:48:17 +01:00
Jens Langhammer
a7fea5434d
internal: remove uvicorn server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:38:47 +01:00
Jens Langhammer
4fb783e953
internal: improve error handling for internal reverse proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:37 +01:00
Jens L
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Jens Langhammer
e1c0c0b20c
internal: don't override server header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 22:05:11 +01:00
Jens Langhammer
14c7d8c4f4
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2079
2022-01-18 23:19:43 +01:00
Jens Langhammer
c741c13132
internal: fix listen attempt on shutdown
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 12:36:11 +01:00
Jens Langhammer
27e4c7027c
web: fix potential panic
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:24:44 +01:00
Jens Langhammer
87e99625e6
internal: update tenant certificates on outpost refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:38:49 +01:00
Jens Langhammer
34b11524f1
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
Jens Langhammer
b3ba083ff0
internal: cleanup logging, remove duplicate code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:33:21 +01:00
Jens Langhammer
22a8603892
internal: add custom proxy certificates support to embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 10:16:01 +01:00
Jens Langhammer
f8aab40e3e
internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 11:00:19 +01:00