Commit graph

273 commits

Author SHA1 Message Date
Jens Langhammer f62786e58b policies: add additional filters to create flow charts on frontend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
Jens Langhammer 4b7399f454 *: add @prefill_task() decorator to "pre-fill" tasks in cache, so they can be executed even before their schedule would do so
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:21:28 +02:00
Jens L e4f141c6c0
*: Squash Migrations (#1593)
* *: first squash pass

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/saml: squash less

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix docker controller not correctly checking image

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix old migration reference

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 21:39:35 +02:00
Jens L aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
* stages/authenticator_sms: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add initial stage UI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: clear invalid state when old input was invalid but new input is correct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add more logic

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add basic SMS settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: initial working version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: optimise totp password manager entry on authenticator_validation stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add grouping support for table

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: allow sms class in authenticator stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add grouping to more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: add SMS support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add throttling for flow executor based on session key and pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix style issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: add workflow to compile backend translations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
Jens Langhammer f32d35b07c policies/password: add extra sub_text field in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:27:24 +02:00
Jens Langhammer 16380b3f7a api: ensure viewsets have default ordering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:26:41 +02:00
Jens L f9ad102915
flows: inspector (#1469)
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
Jens Langhammer 79b92e764e *: fix typos in code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00
Jens Langhammer 95a2fddfa8 policies/expression: add ak_user_has_authenticator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:13:41 +02:00
Jens Langhammer 17503365f7 policies: improve error handling when using bindings without policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:31 +02:00
Jens Langhammer c779ad2e3b *: use common user agent for all outgoing requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 21:08:26 +02:00
Jens Langhammer 37c29a073e policies/password: fix symbols not being checked correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:21:48 +02:00
Jens Langhammer 6ec8432217 policies/password: don't use regex for symbol detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:36:01 +02:00
Jens Langhammer 7fea20375f *: fix tests not using APITestCase
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 19:14:21 +02:00
Jens Langhammer b1ed2154ac policies/password: fix PasswordStage not being usable with prompt stages, rework validation logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 00:40:36 +02:00
Jens L 859cf2bd8f
lib: move id and key generators to lib (#1286)
* lib: move generators to lib

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: bump default token key size

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix split being used for http basic auth instead of partition

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: don't rethrow error in ActionButton

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:27:38 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer 84e9748340 policies/reputation: handle cache error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-13 18:47:32 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095)
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-30 10:37:28 +02:00
Jens Langhammer 2b1356bb91 flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses
closes #1079

Default value of `retry` behaves like previous version.

`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 00:22:09 +02:00
Jens Langhammer de954250e5 root: make general cache timeouts configurable
closes #974

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:18:49 +02:00
Jens Langhammer f268bd4c69 policies: make policy result cache timeout configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:17:58 +02:00
Jens Langhammer f7047df40e policies: don't use policy cache when checking application access
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 13:30:07 +02:00
Jens Langhammer ede072889e core: deepmerge user.group_attributes, use group_attributes for user settings
closes #1051

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-19 19:52:55 +02:00
Jens Langhammer f10bd432b3 policies/reputation: fix race condition in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 20:40:40 +02:00
Jens Langhammer 74e578c2bf events: add tenant to event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 18:43:29 +02:00
Jens Langhammer e584fd1344 events: catch unhandled exceptions from request as event, add button to open github issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 17:22:58 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995)
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 11:58:12 +02:00
Jens Langhammer 2210497569 events: add EMAIL_SENT event, show sent emails in event log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:28:32 +02:00
Jens Langhammer 90a5c84ac8 core: make EndSessionView inherit PolicyAccessView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 14:07:50 +02:00
Jens Langhammer 17326615b7 events: rewrite GeoIP to a wrapper, reload file every 8 hours
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 00:42:41 +02:00
Jens Langhammer e24a9e3119 policies: fix missing negate flag of policy bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-31 11:50:29 +02:00
Jens Langhammer b9773d39c0 core: add tests for authenticated sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:43:00 +02:00
Jens Langhammer 7e8044619c lib: return default IP if none could be extracted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 12:49:44 +02:00
Jens Langhammer f51ab7a878 policies/reputation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 23:46:13 +02:00
Jens Langhammer 31ad09c391 stages/identification: add signal which is sent upon identification failure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:58:32 +02:00
Jens Langhammer 05b3c4ddb3 policies/reputation: save username instead of user object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:49:58 +02:00
Jens Langhammer a4c28a28b4 website/docs: improve docs for expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 21:47:35 +02:00
Jens Langhammer 14f85ec980 tenants: migrate context_processor to tenants
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:01:48 +02:00
Jens Langhammer ff611f21cd tenants: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 17:47:25 +02:00
Jens Langhammer 6893948fa0 tests/e2e: fix invalid flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:18:47 +02:00
Jens L 53e2b2c784
Prometheus metrics (#914)
* admin: add worker metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* admin: add version metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add gauge for system tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: add gauge for last hello and connection status

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: re-add prometheus metrics to database

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: allow access to metrics without credentials when debug is on

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: add UpdatingGauge to auto-set value on load

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add metrics for cache and building

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: add metrics for policy engine

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add histogram for task durations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: revert to gauge because values are updated on export view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add gauge to count all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add metrics for events

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 20:29:34 +02:00
Jens Langhammer 1a0f72d0a8 Merge branch 'version-2021.5' into next
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/stages/authenticator_static/api.py
#	swagger.yaml
2021-05-21 21:33:18 +02:00
Jens Langhammer a265dd54cc stages/authenticator_*: fix Permission Error when disabling Authenticator as non-superuser
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 21:25:03 +02:00
Jens Langhammer 41a1305555 policies: improve debug logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:47 +02:00
Jens Langhammer c526e5fb9a policies: improve debug logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:15 +02:00
Jens Langhammer 0bac738090 *: fix static response descriptions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 14:07:29 +02:00
Jens Langhammer 1324d03815 *: initial migration to openapi v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 23:57:28 +02:00
Jens Langhammer d5cab5d580 sources/plex: fix default for client_id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 19:23:51 +02:00
Jens Langhammer 35faf269db sources: rewrite onboarding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 20:27:52 +02:00
Jens Langhammer c529340d6c *: fix title not being set correctly for server-side rendered views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 12:22:50 +02:00
Jens Langhammer 32c5bf04b8 *: fix linting errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-17 20:08:49 +02:00
Jens Langhammer 67240fb9ad *: add model_name to TypeCreate API to pass to forms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-17 19:12:00 +02:00
Jens Langhammer 4f27a97e10 *: add validator to ensure JSON Fields only receive dicts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-11 23:05:19 +02:00
Jens Langhammer d76db3caba *: add missing error codes as swagger annotations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-10 23:55:43 +02:00
Jens Langhammer 34b8a97ae9 web/admin: add custom rendering for inbuilt sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-09 16:30:53 +02:00
Jens Langhammer fb409a73a1 web/elements: Fix display in deleteform when object has no name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-06 17:36:42 +02:00
Jens Langhammer a31fc8319d policies: fix policybinding API returning wrong policy objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-06 17:24:32 +02:00
Jens Langhammer 37a14858ad policies: fix display of policy result source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-04 14:04:41 +02:00
Jens Langhammer 55c24de8c7 policies: fix error when viewing/clearing cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-03 19:57:50 +02:00
Jens Langhammer eeb9449c11 lib: remove templatetags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-03 12:37:32 +02:00
Jens Langhammer 42cb55d78a *: rename objectType to component to get rid of lookup tables
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-03 11:32:17 +02:00
Jens Langhammer 448dd7ed54 core: change TypeCreateSerializer to component
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 23:17:30 +02:00
Jens Langhammer 0f76e80341 admin: remove policies views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 17:15:48 +02:00
Jens Langhammer 6acfbb7d66 policies/reputation: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 17:09:30 +02:00
Jens Langhammer fcdc064cac policies/password: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 17:09:19 +02:00
Jens Langhammer 0c92f4a74d policies/hibp: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 16:57:55 +02:00
Jens Langhammer ac136ec5f6 policies/expiry: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 16:49:37 +02:00
Jens Langhammer f75f6a8404 policies/expression: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 16:42:30 +02:00
Jens Langhammer 415bb4cc88 policies/event_matcher: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 16:37:51 +02:00
Jens Langhammer 6a3e1da986 policies/dummy: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 16:31:53 +02:00
Jens Langhammer 83fc22005c *: remove swagger parameters from functions that don't accept them
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-02 13:39:22 +02:00
Jens Langhammer d3f2f987e0 providers/saml: migrate saml property mappings to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 23:38:40 +02:00
Jens Langhammer af438af8ac stages/invitation: add API tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 20:52:46 +02:00
Jens Langhammer 041b51a7f8 policies: add tests for bindings API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 20:37:24 +02:00
Jens Langhammer e476186cbc web/admin: migrate policybinding form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 19:41:42 +02:00
Jens Langhammer 3124b0f39c web/elements: add support for non-field errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 19:13:56 +02:00
Jens Langhammer 55f68a9197 policies: fix api updating issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 18:54:36 +02:00
Jens Langhammer d248b30eb3 policies: fix serializers for bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 16:26:52 +02:00
Jens L 46f4493f04
policies: configurable engine mode (#682)
* policies: add policy_engine_mode field, defaults to MODE_ALL

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: add policy_engine_mode to API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: add policy_engine_mode to forms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: update default for new objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* docs: add to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-31 14:14:56 +02:00
Jens Langhammer 6916c59483 policies: fix test API not working, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-30 17:22:47 +02:00
Jens Langhammer b1214f6c35 *: add new base class for non-model serializers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-30 15:50:00 +02:00
Jens Langhammer 69ee18e13d Merge branch 'master' into new-forms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
#	authentik/api/decorators.py
#	authentik/core/api/applications.py
#	authentik/core/api/users.py
#	authentik/events/api/event.py
#	authentik/events/api/notification_transport.py
#	authentik/flows/api/flows.py
#	swagger.yaml
2021-03-30 10:26:18 +02:00
Jens Langhammer 7e85524e51 *: simplify API permissions checking, add API for user recovery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-30 09:45:48 +02:00
Jens Langhammer 54c50f6446 policies: add test API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-29 23:40:36 +02:00
Jens Langhammer 7d74e1d2c4 *: revert to drf-yasg upstream
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-29 21:04:54 +02:00
Jens Langhammer 464a56ad52 Merge branch 'master' into new-forms 2021-03-29 15:37:12 +02:00
Jens Langhammer 0793fff222 *: simplify API permissions checking, add API for user recovery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-29 15:36:35 +02:00
Jens Langhammer 3cc7d54cc1 policies: use GroupSerializer for PolicyBinding API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-29 12:28:06 +02:00
Jens Langhammer 533a719914 sources/oauth: migrate to webcomponents
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-24 20:35:00 +01:00
Jens Langhammer 3f6174e8cc ci: fix missing isort
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-23 18:28:23 +01:00
Jens Langhammer de6fa63d21 web: detect deep links in flow interface and redirect locally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-23 18:04:21 +01:00
Jens Langhammer c6c4636b9b policies: show messages of root result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-23 17:14:54 +01:00
Jens Langhammer 0671d712fa policies: remove deprecated group_membership policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-23 14:43:24 +01:00
Jens Langhammer 6961089425 flows: add API to clear cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-23 10:37:41 +01:00
Jens Langhammer 3157bf63a6 root: upgrade to pylint 2.7
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-22 20:03:33 +01:00
Jens Langhammer e202fd988b root: update to isort 5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-22 19:53:10 +01:00
Jens Langhammer dae60b5a08 *: replace ReadOnlyModelViewSet with List/Retrieve/Delete viewsets
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 12:11:07 +01:00
Jens Langhammer 9d339d8b11 policies: fix error when clearing policy cache when no policies are cached
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-13 21:10:13 +01:00
Jens Langhammer 373793ce9a policies: show more information when provider fails to resolve application 2021-03-02 16:58:55 +01:00
Jens Langhammer 743aaea15e policies: improve logging 2021-03-02 15:04:31 +01:00
Jens Langhammer 7538af5e09 docs: fix download links for compose 2021-03-02 10:07:46 +01:00
Jens Langhammer c65b2944b3 stages/reputation: add API for user and IP Score 2021-03-01 20:22:37 +01:00
Jens Langhammer 644a03e40e lib: don't order_by on widget because PolicyBindingModel, order in form 2021-03-01 19:23:09 +01:00
Jens Langhammer 88ce93ab04 policies: fix tests creating policies with empty names 2021-03-01 19:22:35 +01:00
Jens Langhammer 03d38557e5 stages/*: simplify __str__ of classes 2021-03-01 18:30:47 +01:00
Jens Langhammer ca4ead8fd8 events: fix event creation with anonymous user 2021-03-01 12:04:27 +01:00
Jens Langhammer d2dfc6d63b Merge branch 'master' into stage-challenge 2021-02-27 16:04:57 +01:00
Jens Langhammer 5c652c1f79 policies: sort groups in groupmembership policy and binding
closes #595
2021-02-27 13:19:38 +01:00
Jens Langhammer 451c117ea4 stages/authenticator_webauthn: fix incorrect response being sent 2021-02-22 19:54:05 +01:00
Jens Langhammer bdb86d7119 *: replace shortcuts.reverse with urls.reverse 2021-02-20 19:13:50 +01:00
Jens Langhammer 6597d5bd28 web: migrate Token List to web 2021-02-19 19:09:30 +01:00
Jens Langhammer 79089d8981 policies: add bound count to api 2021-02-19 16:53:30 +01:00
Jens Langhammer 47bde052ca policies: add types action to policy API, use MetaNameSerializer 2021-02-19 16:34:33 +01:00
Jens Langhammer ecff810021 *: replace List from typing with normal list 2021-02-18 13:45:46 +01:00
Jens Langhammer fdde97cbbf *: replace Dict from typing with normal dict 2021-02-18 13:41:03 +01:00
Jens L 8708e487ae
stages: add WebAuthn stage (#550)
* core: add User.uid for globally unique user ID

* admin: fix ?next for Flow list

* stages: add initial webauthn implementation

* web: add ak-flow-submit event to submit flow stage

* web: show error message for webauthn registration

* admin: fix next param not redirecting correctly

* stages/webauthn: remove form

* stages/webauthn: add API

* web: update flow diagram on ak-refresh

* stages/webauthn: add initial authentication

* stages/webauthn: initial authentication implementation

* web: cleanup webauthn utils

* stages: rename otp_* to authenticator and move webauthn to authenticator

* docs: fix broken links

* stages/authenticator_*: fix template paths

* stages/authenticator_validate: add device classes

* stages/authenticator_webauthn: implement django_otp.devices

* stages/authenticator_*: update default stage names

* web: add button to create stage on flow page

* web: don't minify HTML, remove nbsp

* admin: fix typo in stage list

* stages/*: use common base class for stage serializer

* stages/authenticator_*: create default objects after rename

* tests/e2e: adjust stage order
2021-02-17 20:49:58 +01:00
Jens Langhammer 099197ba8c providers/saml: fix AuthnRequestsSigned and WantAssertionsSigned not loaded correctly 2021-02-16 21:30:15 +01:00
Jens Langhammer f8ba623fc1 web: add more related links, add policy/user/group support for bindings 2021-02-16 20:52:59 +01:00
Jens Langhammer 5417d0a90c *: bump pyright version 2021-02-12 10:19:38 +01:00
Jens Langhammer 417b5d61a4 root: add initial geoip implementation 2021-02-12 09:52:14 +01:00
Jens Langhammer 1afb4a7a76 policies: add ability to directly assign groups in bindings 2021-02-11 20:36:48 +01:00
Jens Langhammer aa0f5df218 policies/*: cleanup api and forms, use correct inheritance 2021-02-11 19:50:02 +01:00
Jens Langhammer 71c9108f89 events: rename token_view to secret_view 2021-02-09 18:20:28 +01:00
Jens Langhammer 52016e0806 policies: skip cache on debug request 2021-02-08 22:14:23 +01:00
Jens Langhammer e555bdd42b lib: fix stacktrace for general expressions 2021-02-08 22:14:13 +01:00
Jens Langhammer ec42869e00 policies: add debug flag to PolicyRequest to prevent alerts from testing policies 2021-02-06 21:45:38 +01:00
Jens L e25d03d8f4
Managed objects (#519)
* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting
2021-02-03 21:18:31 +01:00
Jens Langhammer cfed41439e events: add send_once flag to send webhooks only once 2021-02-02 19:34:55 +01:00
Jens Langhammer 624206281e policies: optimise logging 2021-02-02 16:12:41 +01:00
Jens Langhammer 7fbf915e0a policies: fix application cached not being cleared correctly 2021-01-30 18:12:01 +01:00
Jens Langhammer 3d3a0cd9e3 events: create event when system task fails 2021-01-18 10:09:14 +01:00
Jens Langhammer 8ffa3e5885 policies: fix logic error for sync mode 2021-01-17 23:31:34 +01:00
Jens Langhammer d19bfebce3 policies: detect when running in a daemon process and run policies sync 2021-01-17 19:59:58 +01:00
Jens Langhammer b86d4a455d policies: use custom context for fork instead of changing global context 2021-01-17 19:59:19 +01:00
Jens Langhammer aad3b43ac3 core: cache applications API 2021-01-16 22:38:09 +01:00
Jens Langhammer 4baf9e4a22 web: fix unread count, use white-space pre 2021-01-16 18:04:09 +01:00
Jens Langhammer 4f28a89e63 policies: improve recording of error messages during policy process 2021-01-16 16:38:57 +01:00
Jens Langhammer f8b4b92e8d policies: pass direct exception from expression policies 2021-01-16 15:41:59 +01:00
Jens Langhammer a2bddc6d91 policies: fix engine tests checking wrong key 2021-01-15 11:27:07 +01:00
Jens Langhammer 2e42da11ea policies/event_matcher: simplify validity checking 2021-01-15 11:26:55 +01:00
Jens Langhammer da59e7c4a7 events: fix infinite loop in unittests 2021-01-15 00:32:59 +01:00
Jens Langhammer 7f5caf901d expressions: set exception as message field 2021-01-14 21:58:10 +01:00
Jens Langhammer 1c686e19b5 policies: set message instead of error for Event 2021-01-14 20:17:21 +01:00
Jens Langhammer 4447345345 policies: fix display of stacktrace in events 2021-01-14 18:07:41 +01:00
Jens Langhammer 7ff679b1a3 policies: fix error when error occurs during policy process with no target 2021-01-14 17:22:02 +01:00
Jens Langhammer b6948334f2 policies/event_matcher: fix verbose_name 2021-01-12 23:06:24 +01:00
Jens L c727c845df
policies: add and/or mode (#463)
* policies: add mode to PolicyEngine for AND and OR modes

* events: use PolicyEngine in OR mode
2021-01-12 18:22:25 +01:00