trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
11597 commits 95 branches 330 tags 336 MiB
Commit graph

2896 commits

Author SHA1 Message Date
Jens Langhammer 1d57a258f3
ATH-01-012: escape quotation marks 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:48:08 +02:00
Jens Langhammer f15cac39c8
ATH-01-014: save authenticator validation state in flow context 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:48:05 +02:00
Jens Langhammer ce77d82b24
ATH-01-010: rework 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:48:03 +02:00
Jens Langhammer c3fe57197d
ATH-01-009: migrate impersonation to use API 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/core/urls.py
#	web/src/admin/AdminInterface.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/UserListPage.ts
#	web/src/admin/users/UserViewPage.ts
#	web/src/user/UserInterface.ts

# Conflicts:
#	authentik/core/urls.py
 2023-06-19 13:47:53 +02:00
Jens Langhammer 267938d435
ATH-01-005: use hmac.compare_digest for secret_key authentication 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:47:11 +02:00
Jens Langhammer 5336afb1b4
ATH-01-004: remove env from admin system endpoint 
this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:47:06 +02:00
Jens Langhammer 9bb44055a3
ATH-01-008: fix web forms not submitting correctly when pressing enter 
When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	web/src/admin/applications/ApplicationCheckAccessForm.ts
#	web/src/admin/crypto/CertificateGenerateForm.ts
#	web/src/admin/flows/FlowImportForm.ts
#	web/src/admin/groups/RelatedGroupList.ts
#	web/src/admin/policies/PolicyTestForm.ts
#	web/src/admin/property-mappings/PropertyMappingTestForm.ts
#	web/src/admin/providers/saml/SAMLProviderImportForm.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/ServiceAccountForm.ts
#	web/src/admin/users/UserPasswordForm.ts
#	web/src/admin/users/UserResetEmailForm.ts

# Conflicts:
#	web/src/admin/property-mappings/PropertyMappingTestForm.ts
 2023-06-19 13:46:52 +02:00
Jens Langhammer 143663d293
ATH-01-010: fix missing user filter for webauthn device 
This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.
 2023-06-19 13:46:16 +02:00
Jens Langhammer bd54d034e1
ATH-01-001: resolve path and check start before loading blueprints 
This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-06-19 13:46:13 +02:00
Jens Langhammer be85eecac5
release: 2023.5.3 2023-06-01 19:35:13 +02:00
Jens L e141a11475
blueprints: fix API validation with OCI blueprint path (#5822) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:52:12 +02:00
Jens L 772acb10d6
providers/ldap: fix LDAP Outpost application selection (#5812) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-31 14:51:46 +02:00
rlew-is a7bf963409
stages/deny: fix typos (#5800) 
* Fix typo in stage.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

* Fix typo in models.py

Fix typo in "Cancells the current flow"

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>

---------

Signed-off-by: rlew-is <96594816+rlew-is@users.noreply.github.com>
 2023-05-30 10:54:24 +02:00
Jens Langhammer 5e5a74eebf
release: 2023.5.2 2023-05-26 23:54:12 +02:00
Jens L 47d5fc26cc
events: fix ak_create_event using wrong request for event creation (#5731) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:14 +02:00
Jens L 9a996e7176
outposts: fix missing radius outpost controller (#5730) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:11 +02:00
Jens L 554a26442d
blueprints: support custom ports for OCI blueprints (#5727) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:52:07 +02:00
Jens L 573517bf0a
lib: add tests for ak_create_event (#5710) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	locale/en/LC_MESSAGES/django.po
 2023-05-24 21:51:52 +02:00
Jens L 2cd68dfa87
blueprints: fix check for file path not being run on worker (#5703) 2023-05-24 21:51:30 +02:00
Jens L 8029a13be1
core: make groups field for user optional (#5702) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-24 21:51:23 +02:00
Jens Langhammer 6900ffffd8
release: 2023.5.1 2023-05-18 21:33:38 +02:00
Jens L 9c69f67778
sources/ldap: log full exception when user password set fails (#5678) 
* sources/ldap: log full exception when user password set fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/sources/ldap/auth.py

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-18 19:00:17 +02:00
Jens L 79dcc30778
providers/radius: add warning message when radius provider is not used with outpost (#5656) 
* providers/radius: add warning message when radius provider is not used with outpost

same message as Proxy and LDAP provider have

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:33 +02:00
Jens L 68a1bcf233
providers/SCIM: improve backchannel signalling (#5657) 
* providers/scim: add warning when provider is not used as backchannel provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/scim: don't sync SCIM provider that isn't used as backchannel at all

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 16:19:18 +02:00
Jens L cd7de4c0b9
sources/ldap: improve error message (#5653) 
* sources/ldap: improve ldap password change error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stages/user_write: handle validation error when updating user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 15:26:46 +02:00
Jens L f4b0d6e85c
providers/scim: default to None for fields instead of empty list (#5642) 
* providers/scim: default to None for fields instead of empty list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make name of delete_none_keys clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-17 00:25:28 +02:00
Jens L a6b16ecc68
lib: fix fallback_names migration not working when multiple objects n… (#5637) 
lib: fix fallback_names migration not working when multiple objects need to be renamed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-16 22:17:56 +02:00
Jens Langhammer 8faec99bd6
release: 2023.5.0 2023-05-16 14:00:48 +02:00
tograss 557aadecc0
stages/authenticator_sms: Fix json serialization in send_generic (#5630) 
stages/authenticator_sms: Fix SMS Authenticator Setup Stage with generic provider does not work without mapping

This fixes issue #5629. Problem is/was that self.get_message(token) in send_generic returned a type django.utils.functional.lazy.<locals>.__proxy__ which is not json serializable.
 2023-05-16 10:28:14 +00:00
Jens L ff1510dedc
events: sanitize enums (#5610) 
when importing a flow and returning logs, sometimes an enum might be included which is currently not sanitized and hence causes an exception

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:58 +02:00
Jens L c3398004ff
blueprints: add meta models to schema (#5611) 
these models were previously ignored

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:48 +02:00
Jens L 47f09ac285
providers/scim: improve SCIM error messages (#5600) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-15 14:39:27 +02:00
Jens L 6299fc7f81
root: migrate from os.path to Pathlib (#5594) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:04:02 +02:00
Jens L a032fd529b
events: don't include task uid in task metric (#5595) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:52 +02:00
Jens L ec78e56fbd
providers/scim: fix group patch schema (#5596) 
the original request was made based on the sentry docs, which aren't actually correct

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-12 20:03:43 +02:00
Jens L 61434c807d
stages/identification: auto-redirect to source when no user fields are selected (#5583) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 16:52:30 +02:00
risson 7265a56f05
root: switch sentry dsn to our relay (#5494) 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2023-05-11 15:24:38 +02:00
Tana M Berry 95df14106c
blueprints: further copy-edits (#5559) 
another copy-edit

Co-authored-by: Tana Berry <tana@goauthentik.io>
 2023-05-11 13:48:27 +02:00
Jens L 91d78b0c7d
sources/oauth: re-fix reddit source (#5582) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-11 13:48:11 +02:00
Jens L 906faf9cce
providers/proxy: fix panic when claims in session were nil (#5569) 
* providers/proxy: fix panic when claims in session were nil

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add new options

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:58:44 +02:00
Jens L 3704f4ccf4
core: disallow username and email changes by default (#5571) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 20:57:57 +02:00
Michael OBrien eb071d4d90
providers/oauth2: add user UUID as subject option (#5556) 
* providers/oauth2: add user UUID as subject option

* Added translations for new OAuth2 subject option
 2023-05-10 17:50:13 +02:00
Jens L 1c04dc0986
providers/SCIM: patch group name (#5564) 
* providers/scim: patch name when group put fails

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-raise ResourceMissing in group update to trigger recreation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-10 12:29:39 +02:00
Jens L 92fd6a55db
blueprints: adjust wording on managed field (#5558) 2023-05-09 23:41:42 +02:00
Jens L b5b1ed5887
sources/oauth: fix reddit (#5557) 2023-05-09 23:41:24 +02:00
Jens L eaa3d11df8
api: modular urls (#5551) 
* api: make API urls modular

load API urls from app module's urls file instead of a single static file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor websocket url mounting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-09 14:46:47 +02:00
Jens L 9c25d72d61
providers/scim: fix scim_sync_all error (#5539) 
* providers/scim: fix scim_sync_all error

closes #5538

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't use static names in tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 22:39:48 +02:00
Jens L 5ea54e8f7e
*: improve configuration error events (#5523) 
* *: improve configuration error events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete test-db when resetting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:43 +02:00
Jens L 8215ee19c6
events: include event user in webhook notification (#5524) 
* events: include event user in webhook notification

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update other transports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-05-08 15:34:21 +02:00
Jens L 7acd0558f5
core: applications backchannel provider (#5449) 
* backchannel applications

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add webui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include assigned app in provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve backchannel provider list display

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make ldap provider compatible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show backchannel providers in app view

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make backchannel required for SCIM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
 2023-05-08 15:29:12 +02:00