Commit graph

141 commits

Author SHA1 Message Date
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer 2db8b07578 events: add mark_all_seen
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:08:12 +02:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
Jens Langhammer c2b9dc5c75 api: cache schema, fix server urls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:23:14 +02:00
Jens Langhammer 276d8fe5cf release: 2021.8.4 2021-09-02 20:21:21 +02:00
Jens Langhammer f0db408699 api: add v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00
Jens Langhammer cc5cc43baa api: fix sentry endpoint not working due to mime-media
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 16:56:53 +02:00
Jens Langhammer 17cb76c334 stages/invitation: fix invitation not inheriting ExpiringModel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 14:25:19 +02:00
Jens Langhammer 523b96a6d2 api: add basic rate limiting for sentry endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 19:33:18 +02:00
Jens Langhammer 160139813d release: 2021.8.3 2021-08-28 16:58:44 +02:00
Jens Langhammer c4f72c2bc1 release: 2021.8.2 2021-08-26 17:58:20 +02:00
Jens Langhammer 897f6f3473 release: 2021.8.1 2021-08-26 16:03:45 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 09:36:41 +02:00
Jens Langhammer 0ccec96490 core: make user optional in token creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 21:21:51 +02:00
Jens Langhammer d79975c409 core: fix user object for token not be setable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 20:43:34 +02:00
Jens Langhammer 4d27694706 release: 2021.8.1-rc2 2021-08-24 21:29:29 +02:00
Jens Langhammer d7ad5f6a16 core: add API to create service account with token for app password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 20:09:22 +02:00
Jens Langhammer b0efab6d6d admin: add env to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:55:46 +02:00
Jens Langhammer 07a4f474f4 website/docs: add docs for auth_method and auth_method_args fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00
Jens Langhammer 9a6a3e66b8 root: update schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:14:33 +02:00
Jens Langhammer aad753de68 ci: fix extraction of generated client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:57:56 +02:00
Jens Langhammer a79a150a1f root: test schema auto-update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:55:26 +02:00
Jens Langhammer 7639cdad0a release: 2021.8.1-rc1 2021-08-22 20:17:35 +02:00
Jens Langhammer 3e909ae6bb core: allow filtering users by the groups they are in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer b4f738492d sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:52:41 +02:00
Jens Langhammer 6433b5982e api: add cache timeouts to config API for outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer 84c4547005 sources/plex: add API for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer 2592fc3826 sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 19:09:29 +02:00
Jens Langhammer ec95a2bddc core: allow changing of groups a user is in from user api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00
Jens Langhammer de9d483b9f admin: add API to show embedded outpost status, add notice when its not configured properly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:16:11 +02:00
Jens Langhammer 557724768a core: add API to directly send recovery link to user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 13:54:59 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:06:44 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
Jens Langhammer 18211a2033 release: 2021.7.3 2021-08-05 19:23:03 +02:00
Jens Langhammer 1b91543add core: add UserSelfSerializer and separate method for users to update themselves with limited fields
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	web/src/elements/forms/ModelForm.ts
#	web/src/pages/user-settings/UserDetailsPage.ts
#	web/src/pages/user-settings/UserSettingsPage.ts
2021-08-05 17:47:45 +02:00
Jens Langhammer add7a80fdc release: 2021.7.2 2021-08-01 19:11:50 +02:00
Jens Langhammer e6b515e3f7 release: 2021.7.1 2021-07-27 10:35:45 +02:00
Jens Langhammer 3c9cc9d421 Merge branch 'version-2021.7' 2021-07-24 20:07:42 +02:00
Jens Langhammer 1972464a20 tenants: make event retention configurable on tenant level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-24 20:07:12 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 8ae7403abc core: add group filter by member username and pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 19:35:41 +02:00
Jens Langhammer 8cd1223081 core: add email filter for user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:10:42 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 16:20:26 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer 6f98833150 core: allow users to create non-expiring tokens when flag is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer 4fe0bd4b6c tests/e2e: fix e2e tests for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 10:10:11 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138)
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00