authentik

Archived

Author	SHA1	Message	Date
Jens L	af7cc8d42d	blueprints: fix error when imported blueprint is invalid (#5414 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-28 22:44:19 +03:00
Jens L	5830781a5a	root: add websocket logging (#5408 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-28 20:34:34 +03:00
Jens L	ecce31ee87	providers/scim: correctly handle 404 by re-creating object (#5405 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-28 14:36:21 +03:00
Jens L	967a38b7ac	crypto: make name field unique to prevent double certs (#5406 ) * crypto: make name field unique to prevent double certs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-28 14:35:59 +03:00
Jens L	9d1ad104ec	outposts: make state more consistent (#5403 )	2023-04-28 13:53:07 +03:00
Jens L	54d508ae8c	ci: fix pyright errors (#5392 ) * ci: fix pyright errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error in oauth 1 source Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove redundant blueprint fixtures Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-27 17:33:47 +03:00
Jens L	7b0d8f8991	providers/scim: ensure scim group member isn't None (#5391 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-27 15:03:50 +03:00
Jens L	4426cbec34	policies: clear app cache when writing user, groups, policies (#5371 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-25 15:24:47 +03:00
Jens L	5970a6e2a2	events: always run policies for notification rules even if no group is selected (#5353 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-23 19:10:22 +03:00
Jens L	480f5c2aac	ci: add log grouping (#5342 ) * ci: add log grouping Signed-off-by: Jens Langhammer <jens@goauthentik.io> * try to group structlog output Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * earlier hooks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hmm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * disable beats integration for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test container logs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove testing Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-21 19:06:11 +03:00
Jens L	e75e2cf324	website/docs: flow context docs (#5243 ) * add flow context docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup some redundant things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * added more section headers * tweaked new headings * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * add more keys, use dedicated prefix for internal keys Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set toc_max_heading_level: 5 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update datatypes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more consistent header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-04-20 17:31:34 +00:00
Jens L	4671d4afb4	enterprise: initial license (#5293 ) * enterprise: add enterprise license and app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add license and terms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't build enterprise into docker for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-19 16:13:45 +02:00
sdimovv	ee6edec1d8	stages/prompt: Add initial_data prompt field and ability to select a default choice for choice fields (#5095 ) * Added initial_value to model * Added initial_value to admin panel * Added initial_value support to flows; updated tests * Updated default blueprints * update docs * Fix test * Fix another test * Fix yet another test * Add placeholder migration * Remove unused import	2023-04-19 12:27:51 +02:00
Jens L	dfa80543b5	root: add ruff linter (#5240 ) * root: add ruff linter Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually add ruff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-18 13:28:19 +02:00
Jens L	ce5f6d5d43	release: Version 2023.4 (#5283 ) * release: 2023.4.0 * release: 2023.4.1	2023-04-18 10:45:17 +02:00
Jens L	8160663214	release: 2023.4.0 (#5254 )	2023-04-14 13:20:22 +02:00
Jens L	6a700cb376	core: fix user metrics for users which can't access events (#5252 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-14 11:20:26 +02:00
Jens L	a5098364eb	events: unpack wrapped query from FlowExecutor (#5244 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-14 00:07:41 +02:00
Jens L	6a74fa11c6	providers/oauth2: inconsistent client secret generation (#5241 ) * use simpler char set for client secret Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also adjust radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use similar logic in web to generate ids and secrets Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont use math.random Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-13 15:06:28 +02:00
Jens L	f84a10b59b	core: revert django update (#5236 ) * Revert "core: bump django from 4.1.7 to 4.2 (#5151)" This reverts commit `18a4eac527`. * run unittests with postgres 11 and 12 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-13 14:10:12 +02:00
dependabot[bot]	18a4eac527	core: bump django from 4.1.7 to 4.2 (#5151 ) * core: bump django from 4.1.7 to 4.2 Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.1.7...4.2) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade to psycopg3, use custom engine for prometheus metrics See https://github.com/korfuri/django-prometheus/issues/350 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scripts use pscopg3 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-04-11 15:00:27 +02:00
Jens L	1ca8feb5fc	sources/ldap: make schema optional (#5213 ) * sources/ldap: make schema optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * create one connection and re-use it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use magicmock Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-10 21:55:56 +02:00
Jens L	8b78570597	outposts: run containers as non root (#5212 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-09 21:39:07 +02:00
Jens L	977757f561	policies: provider raw result for better policy reusability (#5189 ) * policies: include raw_result in PolicyResult Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move ak_call_policy to base evaluator Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-06 09:42:29 +02:00
Jens L	711e98d049	stages/identification: revert is_active check (#5183 )	2023-04-05 15:49:35 +02:00
Jens L	132a353b92	outposts: set k8s deployment security context (#5163 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-05 13:36:46 +02:00
dependabot[bot]	fb4808418c	core: bump sentry-sdk from 1.18.0 to 1.19.0 (#5169 ) * core: bump sentry-sdk from 1.18.0 to 1.19.0 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.18.0...1.19.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * use new features Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-04-04 15:29:09 +02:00
Jens L	02f75a92ce	lifecycle: don't use celery ping for worker healthcheck (#5153 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-03 18:15:31 +02:00
Ongy	adcd11b1f8	core: extend postgres configuration (#5138 ) Add postgres configuration options to control TLS verification and client certificates.	2023-04-02 17:39:36 +02:00
sdimovv	6192d01b7e	stages: Add ability to set user friendly names for MFA stages (#5005 ) * Added ability to name MFA stage * Schema * Changed Charfield to Textfield * Regenerated schema * Add explicit required * set null instead of blank so title check works Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add help text and adjust wording Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-04-02 16:52:44 +02:00
Jens L	5947c7b97e	stages/user_write: improve error handling (#5136 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-31 23:59:37 +02:00
Jens L	75510ead84	core: fix app launch URL flow selection (#5113 )	2023-03-30 02:10:25 +02:00
dependabot[bot]	73bf6fd530	core: bump channels-redis from 4.0.0 to 4.1.0 (#5115 ) * core: bump channels-redis from 4.0.0 to 4.1.0 Bumps [channels-redis](https://github.com/django/channels_redis) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/django/channels_redis/releases) - [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt) - [Commits](https://github.com/django/channels_redis/compare/4.0.0...4.1.0) --- updated-dependencies: - dependency-name: channels-redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * remove channels <4.1 workaround Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-30 00:08:07 +02:00
Jens L	1d2725825c	providers/scim: add missing default fields (#5108 ) * providers/scim: add missing default fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4554 * update tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-28 14:42:52 +02:00
Jens L	4218ece2a5	stages/authenticator_validate: fix stage not working without pending user (#5096 ) closes #5094 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-27 23:08:55 +02:00
Jens L	b097cf4d7e	providers/scim: fix error when user-group m2m is updated forward (#5082 ) * providers/scim: fix error when user-group m2m is updated forward Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-26 22:34:53 +02:00
Jens L	5c0d7f9a58	web/admin: fix error when creating bindings due to hidden inputs (#5081 ) * web/admin: fix error when creating bindings due to hidden inputs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-26 18:58:02 +02:00
Jens L	6437fbc814	web/admin: prompt preview (#5078 ) * add initial prompt preview Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't flood api with requests when fields are changeed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-25 22:31:48 +01:00
risson	1957717160	providers: Add ability to choose a default authentication flow (#5070 ) * core: add ability to choose a default authentication flow for a provider Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update web to use correct ak-search-select I don't think this element existed when the PR was initially created, lol Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only use provider authentication flow for authentication designation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-24 13:26:00 +01:00
Jens L	da3222df07	core: fix websocket url path (#5019 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-21 00:20:48 +01:00
Jens L	54cacd784c	*: load websocket paths similarly to URLs (#5018 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-20 23:39:25 +01:00
Jens L	3f5effb1bc	providers/radius: simple radius outpost (#1796 ) * initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-20 16:54:35 +01:00
sdimovv	16a03160d0	core: Add unique constraint to user UUID (#5004 )	2023-03-20 00:33:08 +01:00
sdimovv	8b52d711e8	stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822 ) * Added radio-button prompt type in model * Add radio-button prompt * Refactored radio-button prompt; Added dropdown prompt * Added tests * Fixed unrelated to choice fields bug causing validation errors; Added more tests * Added description for new prompts * Added docs * Fix lint * Add forgotten file changes * Fix lint * Small fix * Add text-area prompts * Update authentik/stages/prompt/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Update authentik/stages/prompt/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Fix inline css * remove AKGlobal, update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@beryju.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-19 18:56:17 +01:00
Jens L	97df7848a5	blueprints: allow setting of token key in blueprint context (#4995 ) closes #4717 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-18 00:10:12 +01:00
Jens L	e2d3a95c80	web: full web components part 1 (#4964 ) * migrate loading Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate api browser Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate base css Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move tenant fetching to base interface Signed-off-by: Jens Langhammer <jens@goauthentik.io> * import pre-loaded stages in flow interface and not executor to strip down executor size Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix redirect and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-17 23:10:19 +01:00
Jens L	8363016982	version: 2023.3 (#4980 ) * release: 2023.3.0 * providers/ldap: fix duplicate attributes (#4972) closes #4971 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/oauth2: fix response for response_type code and response_mode fragment (#4975) * web/flows: fix authenticator selector in dark mode (#4974) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * release: 2023.3.1 --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-16 22:43:57 +01:00
Jens L	2a399cf8e8	providers/oauth2: fix response for response_type code and response_mode fragment (#4975 )	2023-03-16 15:58:38 +01:00
Jens L	eaf56f4f3f	stages/user_login: stay logged in (#4958 ) * add initial remember me offset Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to go executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui for user login stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-15 20:21:05 +01:00
Jens L	9310d4cdc0	*: fix mismatched task names for discovery, make output service connection task monitored (#4956 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-15 12:12:08 +01:00
Jens L	86f9056d3f	core: fix url validator (#4957 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-15 12:00:57 +01:00
Jens L	73d7b5f110	root: add common fixture loader (#4946 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-14 17:13:03 +01:00
Jens L	4b1440944e	providers: fix authorization_flow not required in API (#4932 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 23:36:24 +01:00
Jens L	59a92dbacd	stages/authenticator_webauthn: remove credential_id size limit (#4931 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 21:24:10 +01:00
Jens L	6f6d22da13	release: 2023.3.0 (#4925 )	2023-03-13 19:10:48 +01:00
Jens L	fab6a8f8c9	stages/user_login: expiry before login (#4920 ) * stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 15:31:06 +01:00
Jens L	178bfe1d44	providers/scim: handle ServiceProviderConfig 404 (#4915 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 13:44:29 +01:00
Jens L	94f22cffba	root: fix session middleware for websocket connections (#4909 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-12 16:47:19 +01:00
Jens L	10b7d78825	events: set task start time before start not on init (#4908 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-12 15:13:04 +01:00
dependabot[bot]	0ef333f8ea	core: bump bandit from 1.7.4 to 1.7.5 (#4896 ) * core: bump bandit from 1.7.4 to 1.7.5 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-10 12:06:59 +01:00
Jens L	86bb2afd02	core: add validator which allows for URLs with formatting (#4890 )	2023-03-10 00:16:17 +01:00
Jens L	b6b820f6f1	web: toggle dark/light theme manually (#4876 )	2023-03-09 23:17:53 +01:00
Jens L	6ae2fc9668	providers/SCIM: customizable externalId, document behavior (#4868 ) * only set externalId if mapping hasn't set it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better document use of SCIM in conjunction with OAuth/SAML Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-08 00:15:16 +01:00
Jens L	67f3db1e03	core: enforce unique on names where it makes sense (#4866 ) enforce unique on names where it makes sense Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 23:52:34 +01:00
Jens L	9559bc2e1e	providers/scim: add option to filter out service accounts, parent group (#4862 ) * add option to filter out service accounts, parent group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to filter group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework sync card to show scim sync status Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 15:39:48 +01:00
Jens L	28ddeb124f	providers: SCIM (#4835 ) * basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-06 19:39:08 +01:00
dependabot[bot]	e08536af33	web: bump mermaid from 10.0.1 to 10.0.2 in /web (#4837 ) * web: bump mermaid from 10.0.1 to 10.0.2 in /web Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 10.0.1 to 10.0.2. - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](https://github.com/mermaid-js/mermaid/compare/v10.0.1...v10.0.2) --- updated-dependencies: - dependency-name: mermaid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix failing bandit check Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-03 10:27:16 +01:00
Jens L	9370d155f8	sources/plex: fix check_token error unusable if token is empty (#4834 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 22:21:54 +00:00
Jens L	972dce1462	security: fix CVE-2023-26481 (#4832 ) fix CVE-2023-26481 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 20:15:33 +01:00
Jens L	7b44d8972f	stages/authenticator_sms: fix twilio sending, add test (#4829 ) closes #4823 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-02 14:39:28 +01:00
sdimovv	a6eba37d5a	core: Add `resolve_dns` and `reverse_dns` functions to evaluator (#4769 ) * Add resolve_dns * Add reverse_dns * Fix lint * add caching, small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Added time-aware LRU cache --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-01 22:15:13 +01:00
Jens L	20e971f5ce	flows: planner error handling (#4812 ) * handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-28 15:18:29 +01:00
Jens L	118765ab30	web: fetch custom.css via fetch and add stylesheet (#4804 ) * web: fetch custom.css via fetch and add stylesheet Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode path Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 19:54:19 +01:00
Jens L	5e60db8593	providers/oauth2: fix typo (#4803 )	2023-02-27 17:17:48 +01:00
Jens L	39d0893303	flows: change default flow stage binding settings (#4784 ) * flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-27 15:21:26 +01:00
Jens L	596ff529c4	core: bootstrap email (#4788 )	2023-02-26 17:02:45 +01:00
Jens L	26f3275361	sources/ldap: improve error handling for password complexity (#4780 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-24 10:39:43 +00:00
Jens L	b7e4ad7234	web/user: fix source connections not being filtered (#4778 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-24 10:22:02 +00:00
Jens L	80f4fccd35	providers/oauth2: OpenID conformance (#4758 ) * don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 15:26:41 +01:00
Jens L	122055b38b	stages/user_login: terminate others (#4754 ) * rework session list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use sender filtering for signals when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add terminate_other_sessions Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-22 14:09:28 +01:00
sdimovv	c4e24c04f6	core: Improve service account creation (#4751 ) * Added ability to select service account token expiration on creation * Added call to user.set_unusable_password on service account creation * Added forgotten call to save() * Added and improved existsing tests * Added accidentally deleted help text * Fix lint	2023-02-22 13:19:01 +01:00
Jens Langhammer	1f7178c3a8	providers/oauth2: remove unused import Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-22 11:11:20 +01:00
Jens Langhammer	cfa2edebcf	providers/oauth2: revert PKCE requirement for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-21 23:51:27 +01:00
sdimovv	175502b053	core: Fix bug causing whitespace only names to raise exception when generating avatars (#4746 ) Fix bug causing whitespace only names to raise exception when generating avatars Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2023-02-21 16:19:19 +01:00
Jens Langhammer	9e82de33e6	lib: remove unused imports Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-21 11:00:54 +01:00
Jens Langhammer	d2cfb76a7c	root: don't trace websockets to sentry Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 21:32:35 +01:00
Jens Langhammer	327d87355d	lib: improve caching of gravatar status closes #4711 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-20 12:41:09 +01:00
Jens Langhammer	b415e9b773	core: remove avatar from group user member list Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4711	2023-02-20 12:40:42 +01:00
Jens Langhammer	1ac2e924a2	core: fix error when creating token without request in context closes #4716 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:31:20 +01:00
Jens Langhammer	0874574e5c	*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:08:40 +01:00
Jens Langhammer	069e9c015b	events: fix m2m_change events not being logged Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 16:28:30 +01:00
Jens Langhammer	c6ead3dc49	providers/oauth2: make PKCE required for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 18:08:39 +01:00
Jens Langhammer	f749027143	root: don't log django request warnings Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 18:08:18 +01:00
Jens Langhammer	153bd3aaf1	sources/oauth: fix not all token errors being logged with response Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 13:22:41 +01:00
Jens Langhammer	1a57d453ba	providers/oauth2: fix missing information for Revoked token access events Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-16 14:47:07 +01:00
Jens Langhammer	d842fc4958	release: 2023.2.2	2023-02-15 19:53:42 +01:00
Jens Langhammer	bff34cc5dc	root: use channel send workaround for sync sending of websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 16:08:01 +01:00
Jens Langhammer	7f009f6d02	flows: include flow authentication requirement in diagram closes #4533 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 16:04:45 +01:00
Jens Langhammer	c8c401e2c5	lib: don't try to cache generated avatar with full user, only cache with name closes #4690 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-15 10:49:13 +01:00
Jens Langhammer	80de3ee853	release: 2023.2.1	2023-02-14 18:52:36 +01:00

1 2 3 4 5 ...

2884 commits