Commit Graph

241 Commits

Author SHA1 Message Date
Jens Langhammer 731f5d0199 release: 2021.10.1-rc2 2021-10-21 16:38:30 +02:00
dependabot[bot] 6fc54ed7c6 build(deps): bump postcss from 8.3.9 to 8.3.10 in /website (#1652)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 10:29:48 +02:00
Jens Langhammer 2df4322ecf sources/oauth: add choices to oauth provider_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 00:11:19 +02:00
Jens Langhammer 5da7d9a573 release: 2021.10.1-rc1 2021-10-19 15:34:59 +02:00
Jens Langhammer f62786e58b policies: add additional filters to create flow charts on frontend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
Jens Langhammer 9bc9568008 stages/authenticator_sms: make fields non-nullable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 11:42:11 +02:00
Skyler Mäntysaari 634375c43f stages/authenticator_sms: add generic provider (#1595)
* stages/sms: New SMS provider, aka wrapper for outside API

* web/pages/authenicator_sms: Conditionally show options based on provider.

* stages/authenicator_sms: Fixing up the model.

* Whoops

* stages/authenicator_sms: Adding supported auth types for Generic provider.

* web/pages/stages/authenicator_sms: Added auth type for generic provider

* web/pages/stages/authenicator_sms: Fixing up my generic provider options.

* stages/authenicator/sms: Working version of generic provider.

* stages/authenicator/sms: Cleanup and creating an event on error.

* web/ages/stages/authenicator_sms: Made a default for Auth Type and cleaned up the non-needed name attribute.

* stages/authenicator_validate: Fixing up the migration as it had no SMS.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* web/pages/stages/authenicator_sms: Provider default is not empty anymore.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 10:24:15 +02:00
Jens L aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
* stages/authenticator_sms: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add initial stage UI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: clear invalid state when old input was invalid but new input is correct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add more logic

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add basic SMS settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: initial working version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: optimise totp password manager entry on authenticator_validation stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add grouping support for table

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: allow sms class in authenticator stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add grouping to more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: add SMS support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add throttling for flow executor based on session key and pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix style issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: add workflow to compile backend translations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
Jens Langhammer b80ecd4668 stages/prompt: fix wrong field type of field_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-10 18:54:56 +02:00
Jens Langhammer d959b7a930 Merge branch 'version-2021.9' 2021-10-10 14:35:40 +02:00
Jens Langhammer 619203c177 release: 2021.9.8 2021-10-10 13:12:26 +02:00
Jens Langhammer dff0613b3d crypto: add managed field, prepare managed JWT cert
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:14:39 +02:00
Jens Langhammer 09696207a6 web/user: remove debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 16:03:14 +02:00
Jens Langhammer b33ea9cc61 core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 15:35:18 +02:00
Jens Langhammer 57e5acaf2f stages/prompt: add sub_text field to add HTML below prompt fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:34:37 +02:00
Jens Langhammer 8c27616d0c Merge branch 'version-2021.9' 2021-10-06 21:04:16 +02:00
Jens Langhammer e444d0d640 release: 2021.9.7 2021-10-06 20:57:56 +02:00
Jens Langhammer d75c63d38b Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-06 00:04:09 +02:00
Jens Langhammer 2b730dec54 release: 2021.9.6 2021-10-05 22:22:54 +02:00
Jens Langhammer 79eec5a3a0 core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:49:14 +02:00
Jens Langhammer c1f302fb7c core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:53 +02:00
Jens Langhammer d1a1bfbbc5 web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:49 +02:00
Jens Langhammer 9e7e22367b core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:10:44 +02:00
Jens Langhammer f5761dc70d core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 12:31:25 +02:00
Jens Langhammer 847cfed73f web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:11:34 +02:00
Jens Langhammer 1c340ddbbd Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/package-lock.json
#	web/package.json
2021-10-04 22:02:56 +02:00
Jens Langhammer bcf7e162a4 release: 2021.9.5 2021-10-04 20:08:46 +02:00
Jens Langhammer cb37e5c10e stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-04 18:50:19 +02:00
Jens Langhammer 0692663537 stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:47:51 +02:00
Jens Langhammer faca127217 Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-10-01 12:19:11 +02:00
Jens Langhammer 1a6ea72c09 release: 2021.9.4 2021-10-01 09:51:51 +02:00
Jens L f9ad102915
flows: inspector (#1469)
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
Jens Langhammer 941bc61b31 release: 2021.9.3 2021-09-27 17:31:50 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
2021-09-25 15:00:06 +02:00
Jens Langhammer d0bfb99859 web/elements: improve error handling on forms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 12:19:56 +02:00
Jens Langhammer eddca478dc release: 2021.9.2 2021-09-23 12:34:02 +02:00
Jens Langhammer 2fe6de0505 release: 2021.9.1 2021-09-22 19:11:20 +02:00
Jens Langhammer 8f7d21b692 stages/email: don't throw 404 when token can't be found
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:01:25 +02:00
Jens Langhammer ac52667327 release: 2021.9.1-rc3 2021-09-19 21:52:49 +02:00
Jens Langhammer 06af306e8a sources/ldap: bump timeout, run each sync component in its own task
closes #1411

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:20 +02:00
Jens Langhammer 28189bdddf release: 2021.9.1-rc2 2021-09-16 23:23:36 +02:00
Jens Langhammer bdd5e16db1 release: 2021.9.1-rc1 2021-09-15 20:20:54 +02:00
Jens Langhammer ef341dd405 stages/user_write: add option to add newly created users to a group
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 21:45:34 +02:00
Jens Langhammer 71e68b498e core: optimise groups api by removing member superuser status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:06:37 +02:00
Jens Langhammer 9a7fa39de4 events: allow setting a mapping for webhook transport to customise request payloads
closes #1383

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-12 01:05:42 +02:00
Jens Langhammer bf771f8b6c release: 2021.8.5 2021-09-11 19:20:13 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 18:15:59 +02:00
Jens Langhammer 7dfbcdbb81 stages/authenticator_duo: add API to "import" devices from duo
closes #1371

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 11:35:09 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer 2db8b07578 events: add mark_all_seen
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:08:12 +02:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
Jens Langhammer c2b9dc5c75 api: cache schema, fix server urls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:23:14 +02:00
Jens Langhammer 276d8fe5cf release: 2021.8.4 2021-09-02 20:21:21 +02:00
Jens Langhammer f0db408699 api: add v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00
Jens Langhammer cc5cc43baa api: fix sentry endpoint not working due to mime-media
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 16:56:53 +02:00
Jens Langhammer 17cb76c334 stages/invitation: fix invitation not inheriting ExpiringModel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 14:25:19 +02:00
Jens Langhammer 523b96a6d2 api: add basic rate limiting for sentry endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 19:33:18 +02:00
Jens Langhammer 160139813d release: 2021.8.3 2021-08-28 16:58:44 +02:00
Jens Langhammer c4f72c2bc1 release: 2021.8.2 2021-08-26 17:58:20 +02:00
Jens Langhammer 897f6f3473 release: 2021.8.1 2021-08-26 16:03:45 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 09:36:41 +02:00
Jens Langhammer 0ccec96490 core: make user optional in token creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 21:21:51 +02:00
Jens Langhammer d79975c409 core: fix user object for token not be setable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 20:43:34 +02:00
Jens Langhammer 4d27694706 release: 2021.8.1-rc2 2021-08-24 21:29:29 +02:00
Jens Langhammer d7ad5f6a16 core: add API to create service account with token for app password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 20:09:22 +02:00
Jens Langhammer b0efab6d6d admin: add env to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:55:46 +02:00
Jens Langhammer 07a4f474f4 website/docs: add docs for `auth_method` and `auth_method_args` fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00
Jens Langhammer 9a6a3e66b8 root: update schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:14:33 +02:00
Jens Langhammer aad753de68 ci: fix extraction of generated client
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:57:56 +02:00
Jens Langhammer a79a150a1f root: test schema auto-update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:55:26 +02:00
Jens Langhammer 7639cdad0a release: 2021.8.1-rc1 2021-08-22 20:17:35 +02:00
Jens Langhammer 3e909ae6bb core: allow filtering users by the groups they are in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer b4f738492d sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:52:41 +02:00
Jens Langhammer 6433b5982e api: add cache timeouts to config API for outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer 84c4547005 sources/plex: add API for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer 2592fc3826 sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 19:09:29 +02:00
Jens Langhammer ec95a2bddc core: allow changing of groups a user is in from user api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00
Jens Langhammer de9d483b9f admin: add API to show embedded outpost status, add notice when its not configured properly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:16:11 +02:00
Jens Langhammer 557724768a core: add API to directly send recovery link to user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 13:54:59 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:06:44 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
Jens Langhammer 18211a2033 release: 2021.7.3 2021-08-05 19:23:03 +02:00
Jens Langhammer 1b91543add core: add UserSelfSerializer and separate method for users to update themselves with limited fields
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	web/src/elements/forms/ModelForm.ts
#	web/src/pages/user-settings/UserDetailsPage.ts
#	web/src/pages/user-settings/UserSettingsPage.ts
2021-08-05 17:47:45 +02:00
Jens Langhammer add7a80fdc release: 2021.7.2 2021-08-01 19:11:50 +02:00
Jens Langhammer e6b515e3f7 release: 2021.7.1 2021-07-27 10:35:45 +02:00
Jens Langhammer 3c9cc9d421 Merge branch 'version-2021.7' 2021-07-24 20:07:42 +02:00
Jens Langhammer 1972464a20 tenants: make event retention configurable on tenant level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-24 20:07:12 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 8ae7403abc core: add group filter by member username and pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 19:35:41 +02:00
Jens Langhammer 8cd1223081 core: add email filter for user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:10:42 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 16:20:26 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer 6f98833150 core: allow users to create non-expiring tokens when flag is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer 4fe0bd4b6c tests/e2e: fix e2e tests for ldap provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 10:10:11 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138)
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00