authentik

Commit Graph

Author	SHA1	Message	Date
risson	4a434d581d	root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630 ) Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-27 11:34:29 +00:00
Jens L	fd561ac802	root: connect to backend via socket (#6720 ) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-02 17:58:37 +02:00
Jens L	d22d147c8e	security: fix CVE-2023-36456 (#6171 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-06 18:16:26 +02:00
Jens L	41d17dc543	internal: fix crash when port 9000 is in use (#4863 ) fix crash when port 9000 is in use Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 13:27:46 +01:00
Jens Langhammer	bacf2afed1	internal: remove sentry proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-19 17:52:07 +01:00
Jens L	276af8457d	root: make sentry DSN configurable (#4016 ) * make sentry DSN configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make proxy smarter Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typo in config struct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:05:29 +01:00
Jens Langhammer	242423cf3c	internal: remove sentryhttp from main server mux to prevent double traces Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-03 16:41:47 +02:00
Jens L	2ce8e18bab	internal: centralise config for listeners to use same config system everywhere (#3367 ) * centralise config for listeners to use same config system everywhere Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3360 * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-03 21:33:27 +02:00
Jens L	393d7ec486	providers/proxy: no exposed urls (#3151 ) * test any callback Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont detect callback in per-server handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use full redirect uri with both path and query param Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * correctly route to embedded outpost for callback signature Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix allowed redirects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 17:51:01 +02:00
Jens Langhammer	10b48b27b0	internal: walk config in go, check, parse and load from scheme like in python closes #2719 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-26 11:33:37 +02:00
Jens Langhammer	34b11524f1	tenants: add web certificate field, make authentik's core certificate configurable based on keypair Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 11:43:45 +01:00
Jens Langhammer	b3ba083ff0	internal: cleanup logging, remove duplicate code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-22 10:33:21 +01:00
Jens Langhammer	f8aab40e3e	internal: cleanup duplicate and redundant code, properly set sentry SDK scope settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-16 11:00:19 +01:00
Jens Langhammer	2ac9f5426d	outposts: don't panic when listening for metrics fails Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-19 10:37:13 +01:00
Jens Langhammer	74382c6287	cmd/server: improve cleanup on shutdown Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-07 18:03:29 +01:00
Jens Langhammer	0d02dbf55c	api: replace django sentry proxy with go proxy to prevent login issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-11-02 14:44:37 +01:00
Jens L	aef9d27706	stages/authenticator_sms: Add SMS Authenticator Stage (#1577 ) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-11 17:51:49 +02:00
Jens Langhammer	6c603cdf80	internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-10-05 22:21:14 +02:00
Jens L	3c1b70c355	outposts/proxyv2 (#1365 ) * outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-08 18:04:56 +00:00
Jens Langhammer	75476217a0	internal: fix web requests not having a logger set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-04 13:52:47 +02:00
Jens L	f01bc20d44	Embedded outpost (#1193 ) * api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-29 11:30:30 +02:00
Jens Langhammer	d678d33756	root: add support for PROXY protocol on listeners closes #1161 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-20 11:03:09 +02:00
Jens Langhammer	6ddd6bfa72	root: fix linting errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-07-18 20:54:34 +02:00
Jens Langhammer	ff42663d3c	root: more code merging Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-29 16:21:00 +02:00
Jens Langhammer	1005f341e4	Merge branch 'master' into inbuilt-proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # internal/constants/constants.go # outpost/pkg/version.go	2021-06-23 20:41:06 +02:00
Jens Langhammer	5d26fa0403	gproxy: add sentry integration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-04 14:28:48 +02:00
Jens Langhammer	6725569ba8	gproxy: listen on tls Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-03 23:19:22 +02:00
Jens Langhammer	988cf15b71	root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-03 09:39:09 +02:00

28 Commits