authentik

Archived

Author	SHA1	Message	Date
Jens Langhammer	c249b55ff5	*: use py3.10 syntax for unions, remove old Type[] import when possible Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-30 14:59:01 +01:00
Jens Langhammer	6dc2003e34	providers/oauth2: fix tests validating JWT incorrectly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 23:00:57 +01:00
Jens Langhammer	0149c89003	providers/oauth2: fix invalid assignments in JWKS view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 22:41:28 +01:00
Jens Langhammer	f458cae954	providers/proxy: add error handing when field is already gone Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 22:31:53 +01:00
Jens Langhammer	f01d117ce6	providers/proxy: fix imports in migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 22:25:02 +01:00
Jens Langhammer	2bde43e5dc	crypto: use older syntax for type union Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 22:22:45 +01:00
Jens Langhammer	2f3026084e	providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 22:09:49 +01:00
Jens Langhammer	8a60a7e26f	providers/proxy: revert to static list of forwarded headers wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others closes #1969 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-21 12:04:54 +01:00
Jens Langhammer	92b4244e81	providers/proxy: update traefik regex Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1969	2021-12-20 22:43:58 +01:00
Jens Langhammer	dfbf7027bc	providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-20 22:24:42 +01:00
Jens Langhammer	577b7ee515	providers/proxy: include auth headers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-20 21:37:22 +01:00
Jens Langhammer	ef23a0da52	outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors closes #1969 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-20 13:30:19 +01:00
Jens Langhammer	b6ff04694f	providers/oauth2: don't rely on expiry task for access codes and refresh tokens closes #1911 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-18 17:42:41 +01:00
NeroPcStation	273f5211a0	providers/saml: Fix typo (#1950 )	2021-12-17 11:00:20 +00:00
Jens Langhammer	fec6de1ba2	providers/oauth2: add additional logging to show with token path is taken Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-13 22:49:42 +01:00
Jens Langhammer	69678dcfa6	providers/oauth2: use generate_key instead of uuid4 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-13 22:13:20 +01:00
Jens Langhammer	f2b3a2ec91	providers/saml: optimise excessive queries to user when evaluating attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-13 16:38:38 +01:00
Jens Langhammer	326b574d54	root: update dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-07 16:25:10 +01:00
Jens Langhammer	873aa4bb22	providers/saml: remove SESSION_KEY_POST from session after using it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1873	2021-12-06 12:47:25 +01:00
Jens Langhammer	ada2a16412	tests/e2e: add post binding test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-05 11:18:01 +01:00
Jens Langhammer	6a3f7e45cf	providers/saml: add ?force_binding to limit bindings for metadata endpoint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-05 11:14:42 +01:00
Jens Langhammer	2b78c4ba86	*: use request.query_params instead of accessing the django request Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-05 11:14:20 +01:00
Jens Langhammer	680ef641fb	providers/saml: fix error when propertymapping returns invalid data in list Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-05 10:31:16 +01:00
Jens Langhammer	4bd1cd127b	providers/saml: fix IndexError in signature check Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-02 20:30:03 +01:00
Jens Langhammer	4f54ce6afb	providers/saml: fix error when using post bindings and user freshly logged in Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1873	2021-12-02 13:00:21 +01:00
Jens Langhammer	b4963bec76	providers/proxy: fix defaults for traefik integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-01 21:47:13 +01:00
Jens Langhammer	7aa8e35f87	providers/proxy: use wildcard for traefik headers copy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-01 20:19:35 +01:00
Jens Langhammer	60b95271eb	outposts/proxy: add additional headers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-01 20:19:09 +01:00
Jens Langhammer	0b8cfd437b	*: fix typo'd signing pair name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-24 09:55:10 +01:00
Jens L	9bb0d04aeb	root: Random tests (#1825 ) * root: add pytest-randomly to randomise tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : generate flows for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : generate users for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : use generated certificate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> tests/e2e: keep containers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: use websockets test case Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-22 22:56:02 +01:00
Jens Langhammer	b0fac9c9f1	providers/saml: fix SessionNotOnOrAfter not being included Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-16 12:36:40 +01:00
dependabot[bot]	f7044e41c6	build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793 ) * build(deps-dev): bump bandit from 1.7.0 to 1.7.1 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * *: fix bandit false positives Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-15 09:16:16 +01:00
Jens Langhammer	c98bdbacc5	providers/proxy: return list of configured scope names so outpost requests custom scopes closes #1762 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-10 23:06:21 +01:00
Jens Langhammer	2cef220a3e	providers/ldap: add/squash migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-05 10:41:50 +01:00
Jens L	5a8c66d325	providers/ldap: memory Query (#1681 ) * outposts/ldap: modularise ldap outpost, to allow different searchers and binders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/ldap: add basic in-memory searcher Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/ldap: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add search mode field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-05 10:37:30 +01:00
Jens Langhammer	3005ca17bd	web/admin: show warning on provider when not used with outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-05 01:15:33 +01:00
Jens Langhammer	909461e533	providers/*: include list of outposts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-05 01:06:04 +01:00
Jens Langhammer	6036d88392	providers/proxy: allow configuring of additional scope mappings for proxy closes #1255 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-31 22:25:51 +01:00
Jens Langhammer	335d6edd11	providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-31 17:21:15 +01:00
Jens Langhammer	1b21b50b77	providers/oauth2: fallback to uid if UPN was selected but isn't available Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-27 16:11:35 +02:00
Jens Langhammer	8eb4d53810	providers/oauth2: fix events being created from /application/o/authorize/ Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-21 22:59:01 +02:00
Jens Langhammer	98a56c77e3	providers/proxy: update ingress controller to work with k8s 1.22 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-18 10:00:24 +02:00
Jens Langhammer	2b09d97522	core: fix squash migrations error when AK_ADMIN_TOKEN is set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-12 17:45:10 +02:00
Jens L	e4f141c6c0	: Squash Migrations (#1593 ) : first squash pass Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> sources/saml: squash less Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix docker controller not correctly checking image Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix old migration reference Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-11 21:39:35 +02:00
Jens Langhammer	83150d9920	outposts: fix circular import in kubernetes controller Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-03 19:25:18 +02:00
Jens Langhammer	d30dcda814	providers/proxy: always check ingress secret in kubernetes controller Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-03 19:14:27 +02:00
Jens Langhammer	3c1ac4c7ec	outposts/proxy: add new headers with unified naming Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-02 22:00:23 +02:00
Jens L	f9ad102915	flows: inspector (#1469 ) * flows: add initial inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: change naming a bit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flow: add inspector frame Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: don't use shadydom when inspecting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add current stage to api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/: fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> flows: deep-copy plan instead of just adding Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: restrict inspector to admin Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add buttons to launch flow with inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: don't automatically follow redirects when inspector is open Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: make current_plan optional, only require historry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: handle error messages in inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: improve UI when flow is done Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add is_completed flag to inspector Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: fix monkeypatches for tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add inspector tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: re-enable cache Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-28 09:36:48 +02:00
pemontto	aea1736f70	outposts/proxy: Fix failing traefik healtcheck (#1470 )	2021-09-26 11:33:18 +02:00
Jens Langhammer	4f3583cd7e	providers/proxy: make token_validity float and optional for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-25 15:54:32 +02:00
Jens Langhammer	f7408626a8	providers/proxy: return token_validity as total seconds instead of expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-25 15:44:16 +02:00
Jens Langhammer	28eeb4798e	providers/proxy: add token_validity field for outpost configuration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1462	2021-09-25 15:00:06 +02:00
Jens Langhammer	79b92e764e	*: fix typos in code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-25 00:01:11 +02:00
Jens Langhammer	ae07f13a87	outposts: don't map port 9300 on docker, only expose port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-21 21:40:08 +02:00
Jens L	13e2eea72f	web/user: new end-user interface (#1404 ) * web/user: migrate to top navbar Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: prepare config from server Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * re-sort Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove old interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update issue template Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use notification badge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add go-to-admin button Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : fix remaining redirects directly to admin Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> make settings better Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: ensure sources and stages are sorted Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add sessions and consent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/oauth2: add post wrapper to stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add new interface to release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-16 22:17:05 +02:00
Jens Langhammer	ae26d2756f	providers/saml: improved error handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-16 10:58:51 +02:00
Jens Langhammer	916530f0d8	providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui closes #1369 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-15 17:14:53 +02:00
Jens Langhammer	ba6849f29c	*: remove string.format() Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-14 12:06:47 +02:00
Jens Langhammer	df4c8003b8	api: fix items of list fields having nullable set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-10 18:15:59 +02:00
Jens Langhammer	4448145aa9	providers/proxy: use auth/traefik subpath Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-10 13:53:04 +02:00
Jens L	7158c9d2ea	core: metrics v2 (#1370 ) * outposts: add ldap metrics, move ping to 9100 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: add flow_executor metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use port 9300 for metrics, add core metrics port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/controllers/k8s: add service monitor creation support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-09 15:52:24 +02:00
Jens Langhammer	da58796768	providers/proxy: fix defaults for old proxy providers (load providers directly) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-09 13:54:24 +02:00
Jens Langhammer	d98499a3fa	providers/proxy: fix defaults for old proxy providers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-09 13:26:36 +02:00
Jens Langhammer	f3ff398a44	providers/proxy: add metrics port to controllers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-08 23:01:22 +02:00
Jens L	3c1b70c355	outposts/proxyv2 (#1365 ) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-08 18:04:56 +00:00
Jens Langhammer	d92d8e6dbb	api: add additional filters for ldap and proxy providers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-03 10:43:09 +02:00
Jens Langhammer	3e9f5ec5ef	providers/proxy: improve error handling for non-tls ingresses Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-30 14:43:57 +02:00
Jens Langhammer	0c6e781e5b	providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-29 20:49:11 +02:00
Jens Langhammer	2d8b4f543b	providers/proxy: fix url parsing for traefik labels on docker containers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-27 22:21:16 +02:00
Jens Langhammer	8542dc10ab	providers/proxy: fix docker container labels not being inherited correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-27 20:20:34 +02:00
Jens Langhammer	2ae164df78	*: cleanup api schema warnings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-26 09:36:41 +02:00
Jens Langhammer	cba255eaaa	Merge branch 'master' into app-passwords Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/core/tests/test_source_flow_manager.py # authentik/stages/authenticator_validate/tests.py # authentik/stages/password/tests.py # scripts/generate_ci_config.py	2021-08-23 21:21:12 +02:00
Jens L	859cf2bd8f	lib: move id and key generators to lib (#1286 ) * lib: move generators to lib Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: bump default token key size Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : fix split being used for http basic auth instead of partition Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> web/elements: don't rethrow error in ActionButton Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-23 20:27:38 +02:00
Jens Langhammer	a2578ffaad	core: add token tests for invalid intent and token auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-23 20:21:54 +02:00
Jens Langhammer	d18e829d80	providers/ldap: fix error in outpost when certificate is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-09 20:47:26 +02:00
Jens Langhammer	f496b8b5d7	providers/oauth2: add more test cases for token view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-09 00:20:32 +02:00
Jens Langhammer	665c1aa81b	providers/proxy: don't create ingress when no hosts are defined Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-08 21:46:05 +02:00
Jens Langhammer	ccfc1dbcc2	*: make all PropertyMappings filterable by multiple managed attributes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-08 16:06:44 +02:00
Jens Langhammer	3367b83368	providers/saml: use idp-initiated sso flow as launch url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-08 15:01:52 +02:00
Jens Langhammer	9a8240bdd1	proviers/saml: fix validation error not being raised Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-07 21:39:30 +02:00
Jens Langhammer	f6ab241219	providers/oauth2: fix accessing undefined variable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-07 21:35:17 +02:00
Jens Langhammer	b0f09eb2c4	web/admin: fix Table not updating selectedElements correctly after update Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-07 20:53:28 +02:00
Jens Langhammer	9c9addb0ce	*: ensure all resources can be filtered Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-07 16:34:14 +02:00
Jens Langhammer	a449f9c69b	providers/saml: fix error when PropertyMapping return value isn't string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-03 22:40:56 +02:00
Jens Langhammer	36b346662c	providers/saml: add WantAssertionsSigned Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-03 22:40:13 +02:00
Jens Langhammer	9d392931df	root: fix lint errors from re-format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-03 18:09:16 +02:00
Jens Langhammer	77ed25ae34	root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-03 17:45:16 +02:00
Jens Langhammer	f875149983	providers/saml: fix metadata being inaccessible without authentication Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-01 14:50:17 +02:00
Jens Langhammer	d70b81fe43	providers/saml: fix Error when getting metadata for invalid ID Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-01 13:50:54 +02:00
Jens Langhammer	8495ff9fc0	providers/oauth2: fix error when requesting jwks keys with no rs256 aet Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-29 21:22:31 +02:00
Jens Langhammer	75ff2480e2	providers/proxy: fix hosts for ingress not being compared correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-28 16:08:06 +02:00
Jens Langhammer	e7b7bfddd6	providers/oauth2: fix blank redirect_uri not working with TokenView Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-26 11:29:16 +02:00
Jens Langhammer	0a3fade1fd	providers/proxy: remove deprecated field Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-22 16:20:26 +02:00
Jens Langhammer	66bfa6879d	outposts/proxy: add X-Auth-Groups header to pass groups Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-22 10:47:58 +02:00
Jens Langhammer	70e000d327	providers/saml: improve error handling for property mappings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 23:14:03 +02:00
Jens Langhammer	a7467e6740	providers/oauth2: handler PropertyMapping exceptions and create event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 22:51:39 +02:00
Jens Langhammer	ba9a4efc9b	providers/oauth2: fix nonce field not being optional Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 00:34:01 +02:00
Jens Langhammer	902378af53	providers/oauth2: fix redirect_uris not having blank set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 00:22:09 +02:00
Jens Langhammer	2352a7f4d6	providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-21 00:21:08 +02:00
Jens Langhammer	7c2decf5ec	providers/ldap: squash migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-14 09:22:25 +02:00
Lukas Söder	7f39399c32	providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138 ) * Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. The starting number for uid/gid can be configured iva environtment variables and is by default 2000 which should work fine for most instances unless there are more than 999 local accounts on the server/computer. The uidNumber is just the users Pk + the starting number. The guidNumber is calculated by the last couple of bytes in the uuid of the group + the starting number, this should have a low enough chance for collisions that it's going to be fine for most use cases. I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases. * Add a 'fake' primary group for each user * First attempt att adding config to interface * Updated API to support new fields * Refactor code, update documentation and remove obsolete comment Simplify `GetRIDForGroup`, was a bit overcomplicated before. Add an additional class/struct `LDAPGroup` which is the new argument for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User Add proper support in the interface for changing gidNumber and uidNumber starting points * make lint-fix for the migration files	2021-07-14 09:17:01 +02:00
Jens L	7dfc621ae4	LDAP Provider: TLS support (#1137 )	2021-07-13 18:24:18 +02:00
Jens Langhammer	90fe1c2ce8	providers/oauth2: allow blank redirect_uris to allow any redirect_uri Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-08 19:28:35 +02:00
Jens Langhammer	40428f5a82	providers/saml: fix parsing of POST bindings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-06 16:54:58 +02:00
Jens Langhammer	77a507d2f8	providers/oauth2: add revoked field, create suspicious event when previous token is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-03 15:59:01 +02:00
Jens Langhammer	3e60e956f4	providers/oauth2: fix CORS headers not being set for unsuccessful requests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-03 15:49:00 +02:00
Jens Langhammer	84ec70c2a2	providers/oauth2: use self.expires for exp field instead of calculating it again Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-03 15:32:58 +02:00
Jens Langhammer	3e26170f4b	providers/oauth2: deepmerge claims Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-01 17:33:46 +02:00
dependabot[bot]	d102c59654	build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095 ) * build(deps-dev): bump pylint from 2.8.3 to 2.9.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog) - [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * *: update source for new pylint version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-30 10:37:28 +02:00
Jens Langhammer	ba9edd6c44	flows: handle possible errors with FlowPlans received from cache Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-27 22:03:48 +02:00
Jens Langhammer	3b2b3262d7	flows: add FlowStageBinding to flow plan instead of just stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-27 18:47:04 +02:00
Jens Langhammer	a3ff7cea23	providers/oauth2: fix usage of timedelta.seconds Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-25 11:55:00 +02:00
Jens Langhammer	9b5e3921cb	providers/saml: better handle decoding errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-21 22:48:34 +02:00
Jens Langhammer	831b32c279	core: fix PropertyMapping's globals not matching Expression policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-21 15:54:43 +02:00
Jens Langhammer	19cac4bf43	providers/saml: fix error when getting transient user identifier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-17 13:52:10 +02:00
Jens Langhammer	4ca564490e	providers/saml: add support for NameID type unspecified Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-17 12:45:53 +02:00
Jens Langhammer	fcb795c273	providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-17 12:22:40 +02:00
Jens Langhammer	0e02925a3d	stages/authenticator_validate: add tests for authenticator validation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-14 16:32:36 +02:00
Jens Langhammer	5b837c3ccc	providers/saml: improve error handling for signature errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-14 12:51:42 +02:00
Jens Langhammer	31d2ea65fd	provider/proxy: mark forward_auth flag as deprecated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-13 12:39:25 +02:00
Jens Langhammer	d878d2140e	providers/saml: add metadata download link to api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-10 14:06:44 +02:00
Jens L	34ae9e6dab	API: add endpoint to show by what objects an object is used (#995 ) * core: add used_by API to show what objects are affected before deletion Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add support for used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add authentik_used_by_shadows to shadow other models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: implement used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : fix duplicate imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add action field to used_by api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add UI for used_by action Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add notice to tenant form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix naming in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: check length for used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix used_by for non-pk models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : improve __str__ on models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add support for many to many in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-10 11:58:12 +02:00
Jens L	dad24c03ff	outposts: set cookies for a domain to authenticate an entire domain (#971 ) * outposts: initial cookie domain implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: replace forward_auth_mode with general mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: rebuild proxy provider form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: re-add forward_auth_mode for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix data.mode not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: always set log level to debug when testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: use new mode attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only ingress /akprox on forward_domain Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: fix lint error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix error on ProxyProviderForm when not using proxy mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix default for outpost form's type missing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add additional desc for proxy modes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: fix service account permissions not always being updated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: fix redirecting to incorrect host for domain mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: improve error handling for network errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: fix image naming not matching main imaeg Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: fix redirects for domain mode and traefik Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix colour for paragraphs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix consent stage not showing permissions correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add domain-level docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: fix broken links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts/proxy: remove dead code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix missing id for #header-text Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-08 23:10:17 +02:00
Jens Langhammer	029d58191e	sources/saml: include metadata download link in API response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-08 17:22:03 +02:00
Jens Langhammer	9180d448df	core: move end-session to core Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-06 13:56:38 +02:00
Jens Langhammer	cec47c3cfc	providers/oauth2: show id_token issues for refresh token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-02 22:05:04 +02:00
Jens Langhammer	b50ac96605	providers/oauth2: remove size limit on Access code nonce Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-02 20:20:07 +02:00
Jens Langhammer	14f85ec980	tenants: migrate context_processor to tenants Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-29 18:01:48 +02:00
Jens Langhammer	58a4b20297	outposts: handle disconnects without outpost better Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-25 12:06:55 +02:00
Jens Langhammer	c6bb6709fd	flows: add default challenge response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-24 20:27:50 +02:00
Jens Langhammer	fb4e0723ee	stages: fix stage unittests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-24 17:12:48 +02:00
Jens Langhammer	6f6ae7831e	flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-24 14:11:23 +02:00
Jens Langhammer	9b57f0b81d	Merge branch 'version-2021.5' into next Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # web/src/locales/en.po # web/src/locales/pseudo-LOCALE.po	2021-05-22 20:01:16 +02:00
Jens Langhammer	2c816e6162	providers/proxy: don't use https to communicate with outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-22 18:56:38 +02:00
Jens Langhammer	bb89b9b572	Merge branch 'version-2021.5' into next	2021-05-21 23:50:43 +02:00
Jens Langhammer	6600da7d98	providers/oauth2: add missing kid header to JWT Tokens Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-21 23:40:00 +02:00
Jens Langhammer	92f2a82c03	providers/oauth2: fix double login required when prompt=login Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-20 01:10:08 +02:00
Jens Langhammer	dcf074650e	providers/proxy: fix redirect_uris not always being set on save Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-20 01:10:04 +02:00
Jens Langhammer	acf1ad91d9	providers/oauth2: fix double login required when prompt=login Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-19 23:34:27 +02:00
Jens Langhammer	a74419214c	providers/proxy: fix redirect_uris not always being set on save Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-19 23:10:00 +02:00
Jens Langhammer	3cf0f07baf	*: fix API Schema for file uploads Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-17 23:12:52 +02:00
Jens Langhammer	ef9f08553c	*: linting pass, rename from swagger to schema Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-16 15:22:57 +02:00
Jens Langhammer	4fb71a6bdd	api: fix pagination schema Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-16 15:08:51 +02:00
Jens Langhammer	0bac738090	*: fix static response descriptions Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-16 14:07:29 +02:00
Jens Langhammer	1324d03815	*: initial migration to openapi v3 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-15 23:57:28 +02:00
Jens Langhammer	6600d5bf69	providers/oauth2: use user.uid Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-15 14:08:49 +02:00
Jens Langhammer	a4278833d8	providers/proxy: fix ingress not being created with full https Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-15 13:45:41 +02:00
Jens Langhammer	942905b9b1	providers/proxy: fix formatting issue Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-14 16:24:35 +02:00
Jens Langhammer	8d7bb7da17	providers/proxy: connect ingress to https instead of http Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #882	2021-05-14 11:42:03 +02:00
Jens Langhammer	0620324702	root: bump version of psf black Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-12 00:42:46 +02:00

1 2 3 4 5 ...

423 commits