e758db5727
stages/authenticator_webauthn: make more WebAuthn options configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
4d7d700afa
providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:44:57 +01:00
f9a5add01d
root: include build in analytics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:18:52 +01:00
2986b56389
root: fix backups running every minute instead of once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:09:44 +01:00
11e25617bd
crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
...
closes #2082
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:36:50 +01:00
19d5902a92
flows: handle error if flow title contains invalid format string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:49:27 +01:00
71dffb21a9
outposts: improve error handling for outpost service connection state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:44:13 +01:00
2543224c7c
core: dont return 404 when trying to view key of expired token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 17:53:09 +01:00
6b6702521f
api: don't return error reporting enabled when debug is enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 21:53:22 +01:00
c07b8d95d0
outposts/proxy: remove deprecated headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
0027dbc0e5
root: remove old api path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00
c15e4b24a1
release: 2021.12.5
2022-01-06 21:29:12 +01:00
03503363e5
core: fix UserSelfSerializer's save() overwriting other user attributes
...
closes #2070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 18:23:06 +01:00
22d6621b02
root run backup every 24 hours
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 15:29:11 +01:00
91dd33cee6
policies/reputation: trigger save on update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 22:06:20 +01:00
5a2c367e89
policies/reputation: fix test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:44:15 +01:00
6e53f1689d
policies/reputation: rework reputation to use a single entry, include geo_ip data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:02:33 +01:00
7b1373e8d6
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 23:17:37 +01:00
e70b486f20
outposts: handle error in certificate cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:53:37 +01:00
5769ff45b5
core: add goauthentik.io/user/can-change-name
...
closes #2054
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:03:12 +01:00
9d6f79558f
tenants: forbid creation of multiple default tenants
...
closes #2059
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:01:20 +01:00
935a8f4d58
core: add tests for non-applicable flows with flow manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:14:52 +01:00
7d3d17acb9
core: add error handling in source flow manager when flow isn't applicable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:57:55 +01:00
ebd476be14
sources/oauth: fix sources not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:36:14 +01:00
31ba543c62
*: don't use exception keyword with structlog
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:33:52 +01:00
a101d48b5a
core: passthrough connection and additional data to FlowManager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:31:26 +01:00
8f44c792ac
sources/oauth: fix github provider not including correct base scopes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:04:18 +01:00
212220554f
sources/oauth: add additional scopes field to get additional data from provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 16:43:52 +01:00
3e22740eac
core: add API endpoint to directly set user's password
...
closes #2040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:31:58 +01:00
d18a691f63
core: prevent LDAP password being set for internal hash upgrades
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:23:42 +01:00
90c31c2214
flows: add test helpers to simplify and improve checking of stages, remove force_str
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:32 +01:00
50e3d317b2
flows: use WithUserInfoChallenge for AccessDeniedChallenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2039
2022-01-01 19:45:34 +01:00
3eed7bb010
lib: dont send any sentry events when testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 18:56:14 +01:00
9154b9b85d
web/user: rework user source connection UI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:59:41 +01:00
fc19372709
flows: fix migration removing flow titles
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:00:00 +01:00
d03b0b8152
outposts: include outposts build hash in state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 15:16:34 +01:00
c249b55ff5
*: use py3.10 syntax for unions, remove old Type[] import when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 14:59:01 +01:00
fc7a452b0c
flows: update default flow titles
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 22:04:35 +01:00
46f12e62e8
flows: don't create EventAction.FLOW_EXECUTION
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 15:07:33 +01:00
53b10e64f8
outposts: fix error when client hasn't be initialised
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:26:48 +01:00
abe38bb16a
outposts: fix __exit__ being called without params
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 17:52:20 +01:00
b19da6d774
crypto: return private key's type (required for some oauth2 providers)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:51:28 +01:00
7c55616e29
outposts: fix creation of from_env docker client
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:48:23 +01:00
6510b97c1e
outposts: add remote docker integration via SSH
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:31:34 +01:00
22d1dd801c
root: also use analytics uuid for sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 15:13:27 +01:00
e7e0e6d213
lib: strip values for timedelta from string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:35 +01:00
ca0250e19f
core: add meta theme-color
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:24 +01:00
5c5634830f
stages/identification: add field for passwordless flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:27:00 +01:00
9c42b75567
release: 2021.12.4
2021-12-23 10:32:48 +01:00
457e17fec3
website/docs: add small let's encrypt docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:59:06 +01:00
846006f2e3
events: create test notification with event with data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:32:29 +01:00
f557b2129f
*: fix random typos
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:13:18 +01:00
6dc2003e34
providers/oauth2: fix tests validating JWT incorrectly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:00:57 +01:00
0149c89003
providers/oauth2: fix invalid assignments in JWKS view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:41:28 +01:00
f458cae954
providers/proxy: add error handing when field is already gone
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:31:53 +01:00
f01d117ce6
providers/proxy: fix imports in migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:25:02 +01:00
2bde43e5dc
crypto: use older syntax for type union
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:22:45 +01:00
2f3026084e
providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:09:49 +01:00
c1f0833c09
crypto: improve support for non-rsa private keys (discovery)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 21:46:22 +01:00
8e83209631
stages/authenticator_validate: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:14:35 +01:00
2e48e0cc2f
stages/authenticator_validate: fix prompt not triggering when using in non-authentication context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:03:02 +01:00
e72f0ab160
stages/authenticator_validation: refuse passwordless flow if flow is not for authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:02:43 +01:00
5b3a9e29fb
stages/authenticator_validate: add passwordless login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 17:34:46 +01:00
34b11524f1
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
16b6c17305
Revert "policies: don't always clear application cache on post_save"
...
This reverts commit 5ef385f0bb
2021-12-22 00:23:19 +01:00
cf4b4030aa
release: 2021.12.3
2021-12-21 20:52:08 +01:00
7fb939f97b
core: fix error when getting launch URL for application with non-existent Provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:40:29 +01:00
c78236a2a2
root: don't set secure cross opener policy
...
closes #1977
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:22 +01:00
ca314c262c
*: revert to using GHCR directly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:54:49 +01:00
8a60a7e26f
providers/proxy: revert to static list of forwarded headers
...
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others
closes #1969
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 12:04:54 +01:00
92b4244e81
providers/proxy: update traefik regex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1969
2021-12-20 22:43:58 +01:00
dfbf7027bc
providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:24:42 +01:00
4658018a90
Revert "outposts: rename outpost"
...
This reverts commit a5c30fd9c7
2021-12-20 21:37:31 +01:00
577b7ee515
providers/proxy: include auth headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:37:22 +01:00
3da526f20e
root: allow trace log level to work for core/embedded
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:11:47 +01:00
c843f18743
lib: add additional celery logger to sentry ignore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
80d0b14bb8
outposts: fix error when getting state for non-existent outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:44:47 +01:00
a5c30fd9c7
outposts: rename outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:28:05 +01:00
ef23a0da52
outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors
...
closes #1969
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:30:19 +01:00
ba527e7141
root: drop redis cache sentry errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:12:14 +01:00
602573f83f
ci: fix label
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:44:34 +01:00
8599d9efe0
web/admin: auto set the embedded outpost's authentik_host on first view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:27:04 +01:00
8e6fcfe350
root: fix inconsistent URL quoting of redis URLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 22:24:41 +01:00
e9910732bc
release: 2021.12.2
2021-12-18 21:03:50 +01:00
b6ff04694f
providers/oauth2: don't rely on expiry task for access codes and refresh tokens
...
closes #1911
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 17:42:41 +01:00
61097b9400
policies/password: add minimum digits
...
closes #1952
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 16:15:56 +01:00
4c5537ddfe
sources/oauth: allow writing to user in SourceConnection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1888
2021-12-18 15:33:46 +01:00
a95779157d
tests/integration: add rename and full update tests for k8s controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:32:16 +01:00
ac6afb2b82
stages/email: add test for non-existent directory
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 15:05:40 +01:00
71a22c2a34
outposts: add unittests for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-17 13:42:33 +01:00
273f5211a0
providers/saml: Fix typo ( #1950 )
2021-12-17 11:00:20 +00:00
2ca115285c
crypto: fix private keys not being imported correctly
...
closes #1945
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 21:14:15 +01:00
14c159500d
core: don't rotate non-api tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-16 19:32:39 +01:00
f33190caa5
release: 2021.12.1
2021-12-16 15:48:59 +01:00
741822424a
Merge branch 'master' into version-2021.12
2021-12-16 15:48:53 +01:00
a105760123
events: improve app lookup for event creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 16:46:02 +01:00
6ff8fdcc49
root: enable threading integration in sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 15:49:08 +01:00
50ca3dc772
core: fix error when attempting to provider from cached application
...
closes #1940
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 15:11:13 +01:00
2a09fc0ae2
release: 2021.12.1-rc5
2021-12-15 10:21:29 +01:00
fbb6756488
Merge branch 'master' into version-2021.12
2021-12-15 10:16:05 +01:00
6e83467481
web/flows: fix error when attempting to enroll new webauthn device
...
closes #1936
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-15 00:24:46 +01:00
72db17f23b
stages/identification: fix miscalculated sleep
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 23:31:08 +01:00
e18e681c2b
events: dont store full backtrace in systemtask
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:55:38 +01:00
10fe67e08d
sources/ldap: fix incorrect task names being referenced, use source native slug
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:53:14 +01:00
3740e65906
web/admin: add dashboard with user creation/login statistics
...
closes #1867
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 22:08:41 +01:00
30386cd899
events: add custom manager with helpers for metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:49:33 +01:00
64a10e9a46
events: fix schema for top_per_user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:08:15 +01:00
0b00768b84
events: add flow_execution event type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 16:13:51 +01:00
d162c79373
flows: fix wrong exception being caught in flow inspector
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 16:06:00 +01:00
8c16dfc478
stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 15:56:13 +01:00
32ace1bece
crypto: add additional validation before importing a certificate
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 14:49:25 +01:00
54f893b84f
flows: add additional sentry spans
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 11:59:36 +01:00
5854833240
stages/authenticator_webauthn: fix migrations for different choices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 11:06:46 +01:00
4b2437a6f1
stages/authenticator_webauthn: use correct choices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 10:51:34 +01:00
59a51c859a
stages/authenticator_webauthn: add migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 10:09:35 +01:00
4e6714fffe
stages/authenticator_webauthn: make user_verification configurable
...
closes #1921
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 09:58:20 +01:00
0131b1f6cc
sources/oauth: fix wrong redirect URL being generated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 09:34:47 +01:00
2993f506a7
sources/oauth: implement apple native sign-in using the apple JS SDK
...
closes #1881
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 00:40:29 +01:00
e4841d54a1
*: migrate ui_* properties to functions to allow context being passed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 23:56:35 +01:00
4f05dcec89
sources/oauth: allow oauth types to override their login button challenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 23:45:11 +01:00
ede6bcd31e
*: remove debug statements from tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 23:41:08 +01:00
728c8e994d
sources/oauth: strip parts of custom apple client_id
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 23:26:00 +01:00
fec6de1ba2
providers/oauth2: add additional logging to show with token path is taken
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 22:49:42 +01:00
69678dcfa6
providers/oauth2: use generate_key instead of uuid4
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 22:13:20 +01:00
4911a243ff
sources/oauth: add initial okta type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1910
2021-12-13 21:48:59 +01:00
4e63f0f215
core: add fallback for missing sentry trace
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 18:06:01 +01:00
29241cc287
core: always inject sentry trace into template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 17:41:00 +01:00
f2b3a2ec91
providers/saml: optimise excessive queries to user when evaluating attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:38:38 +01:00
69780c67a9
lib: set evaluation span's description based on filename
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:32:01 +01:00
ac9cf590bc
*: use prefixed span names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:18:42 +01:00
cb6edcb198
core: set tag with request ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:15:27 +01:00
8eecc28c3c
events: add sentry for geoip
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 16:15:20 +01:00
09b02e1aec
release: 2021.12.1-rc4
2021-12-13 12:53:58 +01:00
5914bbf173
Merge branch 'master' into version-2021.12
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Dockerfile
2021-12-13 10:54:21 +01:00
83c12ad483
flows: fix description for spans
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 21:51:51 +01:00
4224fd5c6f
lib: correctly report "faked" IPs to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 20:54:29 +01:00
597ce1eb42
Revert "*: use cache.delete_pattern instead of getting keys and deleting them"
...
This reverts commit ff481ba6e7
2021-12-12 20:41:34 +01:00
5ef385f0bb
policies: don't always clear application cache on post_save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 20:39:04 +01:00
cda4be3d47
flows: add additional tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 20:37:20 +01:00
8cdf22fc94
root: set default redis iter to 1000
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 20:24:43 +01:00
6efc7578ef
flows: add additional sentry spans to flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 20:04:21 +01:00
7859145138
outposts: don't try to create docker client for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 17:13:26 +01:00
8a8aafec81
root: enable boto3 sentry integration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-12 14:38:24 +01:00
534689895c
lib: remove old load_local_files setting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:03:06 +01:00
8a0dd6be24
outposts: handle RuntimeError during websocket connect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 22:01:55 +01:00
65d2eed82d
stagse/authenticator_webauthn: remove pydantic import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 20:32:25 +01:00
bafeff7306
outposts: improve logging for outpost controllers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 15:35:20 +01:00
7eda794070
outposts: fix docker controller not stopping containers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1859
2021-12-11 14:00:15 +01:00
e3129c1067
root: bump celery messages to info
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-11 13:59:56 +01:00
ff481ba6e7
*: use cache.delete_pattern instead of getting keys and deleting them
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-10 21:35:28 +01:00
b761659227
root: use ghcr for containers during testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-10 20:57:09 +01:00
2ee48cd039
outposts: set display name for outpost service account
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 19:59:38 +01:00
340a9bc8ee
core: fix error when using invalid key-values in attributes query
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 19:53:47 +01:00
4ba55aa8e9
flows: fix error when trying to print FlowToken objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 13:55:43 +01:00
bab6f501ec
flows: fix error in inspector view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 13:52:46 +01:00
ffb0135f06
release: 2021.12.1-rc3
2021-12-09 13:23:41 +01:00
ee0ddc3d17
Merge branch 'master' into version-2021.12
2021-12-09 13:23:28 +01:00
a9bd34f3c5
events: revert to @prefill_task decorator since base class doesn't get executed until task runs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 10:18:00 +01:00
db316b59c5
stages/prompt: use policyenginemode all
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 09:39:40 +01:00
6209714f87
policies/expression: add ak_call_policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 09:39:28 +01:00
1ed2bddba7
root: fix celery task ID not being included in log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 09:36:52 +01:00
26b35c9b7b
root: fix name conflict in threadlocal
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-08 21:42:48 +01:00
86a9271f75
root: add request_id to celery tasks, prefixed with "task-"
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-08 21:34:20 +01:00
402ed9bd20
root: allow usage of --randomly-seed for testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-08 21:33:41 +01:00
326b574d54
root: update dependencies
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-07 16:25:10 +01:00
a91204e5b9
web/user: allow custom font-awesome icons for applications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1189
2021-12-06 21:20:15 +01:00
873aa4bb22
providers/saml: remove SESSION_KEY_POST from session after using it
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1873
2021-12-06 12:47:25 +01:00
c1ea78c422
core: fix missing permission check for group creating when creating service account
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 12:33:29 +01:00
3c8bbc2621
sources/*: only allow superusers to directly create source connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 12:22:40 +01:00
4143d3fe28
events: don't set metrics on import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 10:13:48 +01:00
e3e9178ccc
web/admin: show outpost warning on application page too
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 10:10:44 +01:00
b694816e7b
sources/*: Allow creation of source connections via API
...
closes #1888
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 10:05:42 +01:00
317e9ec605
core: add FlowToken which saves the pickled flow plan, replace standard token in email stage to allow finishing flows in different sessions
...
closes #1801
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 15:20:11 +01:00
ada2a16412
tests/e2e: add post binding test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:18:01 +01:00
6a3f7e45cf
providers/saml: add ?force_binding to limit bindings for metadata endpoint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:14:42 +01:00
2b78c4ba86
*: use request.query_params instead of accessing the django request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:14:20 +01:00
680ef641fb
providers/saml: fix error when propertymapping returns invalid data in list
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 10:31:16 +01:00
2b5504ff63
release: 2021.12.1-rc2
2021-12-04 20:06:41 +01:00
639c2f5c2e
Merge branch 'master' into version-2021.12
2021-12-04 19:55:37 +01:00
426cef998f
sources/ldap: make task names more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 18:39:42 +01:00
8ddb62ed0f
sources/plex: fix plex token being included in event log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 18:37:40 +01:00
572f6d4ea0
crypto: add certificate discovery to automatically import certificates from lets encrypt
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1835
2021-12-03 18:27:36 +01:00
f1b9021e3e
sources/ldap: add optional tls verification certificate
...
closes #1875
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 10:09:13 +01:00
8ae50814fe
*: add missing migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 10:04:54 +01:00
2e2b491ec7
source/ldap: fix hanging unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 09:41:13 +01:00
ac432e78e2
sources/ldap: don't cache LDAP Connection, use random server
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 21:18:20 +01:00
83ac42ac43
stages/prompt: fix error when both default and required are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 21:11:22 +01:00
4bd1cd127b
providers/saml: fix IndexError in signature check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 20:30:03 +01:00
2eb5a5cc76
sources/ldap: handle typeerror during creation of objects when using wrong kwargs params
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 20:24:24 +01:00
75051687e6
sources/ldap: allow multiple server URIs for loadbalancing and failover
...
closes #1874
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 20:15:11 +01:00
7e316b5fc2
root: add missing sample_rate default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 19:54:37 +01:00
66c530ea06
outposts: always trigger outpost reconcile on startup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 15:06:14 +01:00
cf78c89830
events: replace @prefill_task with custom base class to prefill
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 13:47:35 +01:00
20c738c384
crypto: fix default API not having an ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 13:00:41 +01:00
4f54ce6afb
providers/saml: fix error when using post bindings and user freshly logged in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1873
2021-12-02 13:00:21 +01:00
f0d7edb963
*: fix @prefill_task
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 10:05:51 +01:00
b4963bec76
providers/proxy: fix defaults for traefik integration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 21:47:13 +01:00
7aa8e35f87
providers/proxy: use wildcard for traefik headers copy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:35 +01:00
60b95271eb
outposts/proxy: add additional headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:09 +01:00
e6818c1f6a
release: 2021.12.1-rc1
2021-12-01 13:08:13 +01:00
917eef96fb
lib: add improved log to sentry events being sent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 21:37:29 +01:00
9a393848b2
outpost: configure error reporting based off of main instance config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 14:42:19 +01:00
7d2f622f4b
web: Update Web API Client version ( #1857 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 14:17:12 +01:00
e3a5ef1907
root: make sentry sample rate configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 13:52:34 +01:00
e597bb4542
policies/expression: fix ak_user_has_authenticator evaluation when not specifying optional device_type ( #1849 )
...
* Fix ak_user_has_authenticator evaluation when not specifying optional device_type
* Simpler patch
2021-11-29 10:35:17 +01:00
5c54de66fc
*: add meta_model_name field to all models with inheritance
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-26 10:32:39 +01:00
2c0d8d8943
core: add meta_model_name to MetaNameSerializer to easily show relevant events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-26 10:27:08 +01:00
0a0eee138a
stages/authenticator_validate: catch error when attempting to configure user without flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-25 23:44:48 +01:00
de8cf65503
stages/email: prevent error with duplicate token
...
closes #1827
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-25 23:17:37 +01:00
121b36f35f
lib: log error for file:// in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-25 19:21:40 +01:00
363aed2a47
root: url quote redis passwords for connection string
...
closes https://github.com/goauthentik/helm/issues/39
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-25 18:05:36 +01:00
e1ef196283
core: remove dump_config, handle directly in config loader without booting django, don't check database
2021-11-25 13:38:31 +01:00
0b8cfd437b
*: fix typo'd signing pair name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-24 09:55:10 +01:00
75724b6f8d
root: make testing output more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 23:46:27 +01:00
5b9e6bed6c
lib: fix custom URL schemes being overwritten
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 23:23:09 +01:00
0e3602d7eb
lib: improve probability of symbols in generated key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 23:01:30 +01:00
2b94e9a687
tests/e2e: bump retries
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 22:54:08 +01:00
6ed7d842e4
*: allow URLs without domain and custom schemas
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 22:51:04 +01:00
8794c840cf
web: only show applications with http link
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 22:40:31 +01:00
9c9c00755a
core: fix test user not having password set properly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 22:30:09 +01:00
b2d2e7cbc8
tests/e2e: remove logger
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 21:19:33 +01:00
91fd792f88
tests/e2e: use generated uid
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 19:19:13 +01:00
9835785864
core: make test user's password optional
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 19:06:44 +01:00
d785998c5a
Revert "root: disable random tests for now"
...
This reverts commit 8ba9553220
2021-11-23 18:46:51 +01:00
8ba9553220
root: disable random tests for now
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 17:57:56 +01:00
6eb132c48b
tests/e2e: fix ldap provider tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 17:28:35 +01:00
355b832cc3
tests/e2e: fix email backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 13:22:28 +01:00
e32d4f0095
tests/e2e: don't run e2e tests randomly for now
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 00:32:24 +01:00
d3397c349f
stages/email: minify email css template
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-23 00:10:43 +01:00
9bb0d04aeb
root: Random tests ( #1825 )
...
* root: add pytest-randomly to randomise tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: generate flows for testing instead of relying on existing ones
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: generate users for testing instead of relying on existing ones
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: use generated certificate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: keep containers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: use websockets test case
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-22 22:56:02 +01:00
61621e7d60
lifecycle: improve backup restore by dropping database before
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-20 00:32:24 +01:00
431ba6b4ef
lib: add cli option for lib.config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 23:52:10 +01:00
bb6eed0db1
root: properly catch 404 errors for websocket connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-19 23:19:07 +01:00
e831e4fb94
root: add lifespan shim to prevent errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 13:25:03 +01:00
b0fac9c9f1
providers/saml: fix SessionNotOnOrAfter not being included
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 12:36:40 +01:00
f4db09cd59
events: add gdpr_compliance option
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1551
2021-11-16 11:29:13 +01:00
638e8d741f
*: fix multiple tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 10:38:21 +01:00
425b87a6d0
outposts: add ack and disconnect tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 09:34:37 +01:00
d12e24017e
outposts: add websocket tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 23:58:19 +01:00
078633c2af
lib: drop all sentry exceptions when debug enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 22:18:56 +01:00
4b8b800648
stages/*: add more tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 20:58:34 +01:00
6f9ed001a1
crypto: add more tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 20:38:03 +01:00
e4095dfffe
admin: add more tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 20:10:09 +01:00
d5341c2284
managed: add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 19:53:08 +01:00
867fb0dac0
root: fix settings for managed not loaded
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 19:49:03 +01:00
2666aa2c73
root: add errorhandling in log middleware
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 17:11:44 +01:00
f0e9bafa35
outposts: add tests for management commands
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 16:44:42 +01:00
0d739f5c1a
recovery: add additional tests for commands
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 16:41:37 +01:00
e08077c73a
root: replace asgi-based logger with middleware
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 16:32:56 +01:00
c43049a981
website/docs: remove deprecated docker_image_base
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 15:58:17 +01:00
f7044e41c6
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 ( #1793 )
...
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: fix bandit false positives
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 09:16:16 +01:00
59343ff441
stages/email: fix missing component in response when retrying email send
...
closes #1791
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 17:52:31 +01:00
cab564152d
lib: load json strings in config env variables
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 12:44:22 +01:00
88516ba2ca
core: make defaults for _change_email and _change_username configurable
...
closes #1789
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:33:03 +01:00
2a3b049b01
release: 2021.10.4
2021-11-12 12:31:24 +01:00
e4a5e86c93
sources/oauth: Fixed the incorrect padding issue in apple.py ( #1773 )
...
* Fixed the incorrect padding issue in apple.py
Fixed the incorrect padding issue in apple.py by adding proper padding to the raw_payload.
* Fixed the incorrect encoding of client_secret in apple.py
In the get_client_secret() method, the "sub" in the payload must be only the client ID. So I have changed self.source.consumer_key to parts[0]
* Added the decode method for the id_token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-12 12:10:29 +01:00
1cfe81887b
stages/authenticator_validate: improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:33:41 +01:00
53905d1a89
stages/authenticator_validate: enable all device classes by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:49:30 +01:00
6db1c914ee
stages/authenticator_duo: fix devices created with name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:16:47 +01:00
c98bdbacc5
providers/proxy: return list of configured scope names so outpost requests custom scopes
...
closes #1762
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
1e8d45dc15
web: write interfaces to different folders and remove custom chunk names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 17:54:50 +01:00
d5d8641b37
stages/*: disable trim_whitespace on important fields
...
closes #1765
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 16:48:19 +01:00
cc0832f487
core: force lowercase emails for gravatar usage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 12:40:20 +01:00
e73606b54d
root: catch error in analytics on startup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 11:28:08 +01:00
5d479a6c8f
root: set utm_source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 23:23:47 +01:00
4a773b2b4f
sources/ldap: set connect/receive timeout (default to 15s)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:27:58 +01:00
8003d67844
sources/ldap: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:24:33 +01:00
51783c1cbb
sorces/ldap: fix user/group sync overwriting attributes instead of merging them
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 21:16:59 +01:00
ab2b13938e
release: 2021.10.3
2021-11-08 20:52:11 +01:00
9ca15983a2
root: keep last 30 backups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 17:46:25 +01:00
99ef94b7aa
stages/prompt: only set placeholder when in context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 15:10:32 +01:00
c3faa61ed9
stages/prompt: set field placeholder based on plan context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:47:50 +01:00
da74304221
stages/prompt: add text_read_only field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:45:56 +01:00
79db0ce4c1
stages/prompt: use initial instead of default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 22:20:08 +01:00
5e23b11764
stages/prompt: default prompts to the current value of the context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:59:50 +01:00
c4e029ffe2
recovery: add create_admin_group management command
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:53:21 +01:00
61b5b36192
core: add command to output full config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:45:52 +01:00
c6cc1b1728
root: fix defaults for EMAIL_USE_TLS
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:37:14 +01:00
90151a13ae
stages/identification: only allow limited challenges for login sources
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:53:38 +01:00
f958aa6930
stages/identification: use random sleep
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:50:35 +01:00
924a13e832
core: fix auth_method for tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:41 +01:00
ae83c35dfd
events: ignore creation/deletion of AuthenticatedSession objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:34 +01:00
6424bf98da
admin: improve check to remove version notifications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 12:15:05 +01:00
2cef220a3e
providers/ldap: add/squash migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:41:50 +01:00
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
8de13d3f67
build(deps): bump goauthentik.io/api from 0.2021102.2 to 0.2021102.4 ( #1738 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 09:33:26 +01:00
7798292aa8
sources/plex: use exception_to_string in tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:16:36 +01:00
3005ca17bd
web/admin: show warning on provider when not used with outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:15:33 +01:00
909461e533
providers/*: include list of outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:06:04 +01:00
a40c3aeb68
core: make group membership lookup respect parent groups (upwards)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:53:56 +01:00
4a89be3048
core: include parent group name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:11:17 +01:00
023b97aa69
sources/ldap: remove deprecated default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 22:13:47 +01:00
738e4d5c74
web/admin: only show flows with an invitation stage configured instead of all enrollment flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1720
2021-11-04 20:54:55 +01:00
5bc1301043
stages/authenticator_*: add default name for authenticators
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 15:34:51 +01:00
8d766efecb
root: don't set signal on start when running in ci or dev
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 14:32:21 +01:00
b362d2af03
lib: fix linting issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:43:09 +01:00
bcd42fce13
root: further improve detection of environment we're running in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:35:22 +01:00
6deddd038f
internal: start embedded outpost directly after backend is healthy instead of waiting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:18:04 +01:00
3b47cb64da
root: improve compose detection, add anonymous stats
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:21 +01:00
cf5e70c759
lifecycle: revert to non-h11 worker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:10 +01:00
5374352411
sources/plex: allow users to connect their plex account without login flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 21:09:02 +01:00
08eff4cc5d
sources/plex: fix missing ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 20:21:33 +01:00
8f6d700aa8
sources/oauth: set prompt=none for Discord provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 15:48:59 +01:00
58c221e867
release: 2021.10.2
2021-11-03 10:07:28 +01:00
5dc0f3b91b
website: remove static service account, use helm chart instead
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:14:01 +01:00
f51515f3de
stages/invitation: don't throw 404 error in stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:07:13 +01:00
f978575293
stages/invitation: remove invitation from plan context after deletion
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 23:50:12 +01:00
0d02dbf55c
api: replace django sentry proxy with go proxy to prevent login issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 14:44:37 +01:00
af83308fd4
stages/prompt: fix type in Prompt not having enum set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-01 20:44:48 +01:00
6036d88392
providers/proxy: allow configuring of additional scope mappings for proxy
...
closes #1255
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 22:25:51 +01:00
bfc8a56a0b
*: fix tests for new field show_source_labels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 18:18:21 +01:00
5646141fe2
stages/identification: add show_source_labels option, to show labels for sources
...
closes #1679
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:57:48 +01:00
335d6edd11
providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:21:15 +01:00
5d9bed130a
root: fix Detection of S3 settings for backups
...
closes #1698
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 16:54:10 +01:00
2788329880
release: 2021.10.1
2021-10-31 10:56:21 +01:00
f5dc81907a
core: add created field to source connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 15:02:41 +02:00
d70c8fbcc3
core: add API for all user-source connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:36:54 +02:00
12b26e49ec
flows: optimise stage user_settings API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:16:28 +02:00
e771e1857f
core: add API to list all authenticator devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-29 09:08:48 +02:00
72a93c0959
root: pin node images to v16
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-28 10:29:48 +02:00
381010600f
release: 2021.10.1-rc3
2021-10-27 18:57:07 +02:00
1b21b50b77
providers/oauth2: fallback to uid if UPN was selected but isn't available
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 16:11:35 +02:00
fa6324ab1d
sources/ldap: prevent key `users` from being set as this is an M2M relation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:56 +02:00
9e0daf2bcf
sources/ldap: skip values which are of type bytes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:38 +02:00
0273ae16df
events: fix error when notification transport doesn't exist anymore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:38:41 +02:00
f2f12ef0ba
api: fix error when connection to websocket via secret_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:21:52 +02:00
61d3df5f02
outposts: fix docker controller not using object_naming_template
...
closes #1682
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:04:59 +02:00
971de4fcb9
core: add USER_ATTRIBUTE_CHANGE_EMAIL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1590 and #1677
2021-10-27 13:34:11 +02:00
92085f1a3c
core: add toggle to completely disable backup mechanism
...
closes #1671
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-26 17:04:33 +02:00
8eb4d53810
providers/oauth2: fix events being created from /application/o/authorize/
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 22:59:01 +02:00
731f5d0199
release: 2021.10.1-rc2
2021-10-21 16:38:30 +02:00
3647633232
core: cleanup embedded outpost logging, log user for http requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 22:12:49 +02:00
eba91c6b2b
root: add cookie domain setting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 18:26:22 +02:00
ba9f8a5795
lib: add utm_source to default links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 17:31:27 +02:00
02b4173d30
root: add utm_source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:34:39 +02:00
61fab497cf
core: add user flag to prevent users from changing their usernames
...
closes #1590
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:17:19 +02:00
621e7f564a
flows: also clear cache when deleting bindings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 15:25:38 +02:00
2df4322ecf
sources/oauth: add choices to oauth provider_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 00:11:19 +02:00
03369e2338
sources/ldap: check for existence of vendor fields before falling back
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1521
2021-10-19 15:40:40 +02:00
5da7d9a573
release: 2021.10.1-rc1
2021-10-19 15:34:59 +02:00
89bb27b95c
sources/ldap: fix missing arguments?
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 22:04:58 +02:00
2b155964c2
sources/ldap: extract vendor-specific functions
...
#1521
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 21:44:10 +02:00
922fc9b8d5
sources/oauth: add Sign in with Apple ( #1635 )
...
* sources/oauth: add apple sign in support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: apple sign in docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix missing apple in sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sources/oauth: add fallback values for name and slug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 16:35:12 +02:00
2c06eed8e7
events: don't prefill task if they already have a state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:48:14 +02:00
a1b3af401d
outposts: improve handling of recreate scenarios
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:29:37 +02:00
92d38f62b5
outposts: handle k8s 422 response code by recreating objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:23:11 +02:00
98a56c77e3
providers/proxy: update ingress controller to work with k8s 1.22
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:00:24 +02:00
ce812e14c7
core: improve detection for s3 settings to trigger backup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:56:31 +02:00
8d32a53126
outposts: add additional error checking for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:54:57 +02:00
0225bf9c99
stages/authenticator_validate: create a default authenticator validate stage with sensible defaults
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-16 00:28:56 +02:00
8040e2b6e4
build(deps): bump webauthn from 0.4.7 to 1.0.0 ( #1625 )
...
* build(deps): bump webauthn from 0.4.7 to 1.0.0
Bumps [webauthn](https://github.com/duo-labs/py_webauthn ) from 0.4.7 to 1.0.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases )
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v0.4.7...v1.0.0 )
---
updated-dependencies:
- dependency-name: webauthn
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* stages/authenticator_webauthn: migrate to new library version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_validate: migrate to new version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_webauthn: add bytes_to_base64url_dict for json encoding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* actually don't do that
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing response on web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more double json
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more base64 stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* working
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: always sync
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 23:26:29 +02:00
f62786e58b
policies: add additional filters to create flow charts on frontend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
5f9dda2e58
outposts: rename docker_image_base to container_image_base, since its not docker specific
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 20:28:30 +02:00
0c55eea678
outposts: Adding more flexibility to outposts in Kubernetes. ( #1617 )
...
* outposts/ldap: Support hard coded `uidNumber` and `gidNumber`.
* outposts: more options for image + labels
- Set outpost docker image in config.
- Set image pull secrets in outpost config.
- Add additional labels for easier targeting from
custom services.
* Fix some linting errors.
* outposts: Rename `docker_image` to `container_image
2021-10-14 19:54:56 +02:00
dd9dc7e596
root: fix error with sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 19:45:01 +02:00
797e31696a
outposts: fix attribute error in docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 13:37:56 +02:00
8eddb4b95b
admin: check for debug in worker count api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:32:30 +02:00
4b7399f454
*: add @prefill_task() decorator to "pre-fill" tasks in cache, so they can be executed even before their schedule would do so
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:21:28 +02:00
9bc9568008
stages/authenticator_sms: make fields non-nullable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 11:42:11 +02:00
634375c43f
stages/authenticator_sms: add generic provider ( #1595 )
...
* stages/sms: New SMS provider, aka wrapper for outside API
* web/pages/authenicator_sms: Conditionally show options based on provider.
* stages/authenicator_sms: Fixing up the model.
* Whoops
* stages/authenicator_sms: Adding supported auth types for Generic provider.
* web/pages/stages/authenicator_sms: Added auth type for generic provider
* web/pages/stages/authenicator_sms: Fixing up my generic provider options.
* stages/authenicator/sms: Working version of generic provider.
* stages/authenicator/sms: Cleanup and creating an event on error.
* web/ages/stages/authenicator_sms: Made a default for Auth Type and cleaned up the non-needed name attribute.
* stages/authenicator_validate: Fixing up the migration as it had no SMS.
* stages/authenicator_sms: Removd non-needed migration and better error code handling.
* stages/authenicator_sms: Removd non-needed migration and better error code handling.
* web/pages/stages/authenicator_sms: Provider default is not empty anymore.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 10:24:15 +02:00
98907ec889
root: remove structlog.processors.format_exc_info for new structlog version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 09:42:49 +02:00
3e5b05203b
Revert "root: handle liveness probe in router"
...
This reverts commit d39dbc7287
2021-10-12 18:44:37 +02:00
2b09d97522
core: fix squash migrations error when AK_ADMIN_TOKEN is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 17:45:10 +02:00
d39dbc7287
root: handle liveness probe in router
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 14:54:15 +02:00
cc69311ec0
stages/authenticator_validate: add new class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 13:13:31 +02:00
ddb70a283e
managed: don't run managed reconciler in foreground on startup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 12:10:46 +02:00
ecfc3a6d93
*: migrate everything to goauthentik.io docker proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 11:04:47 +02:00
e4f141c6c0
*: Squash Migrations ( #1593 )
...
* *: first squash pass
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sources/saml: squash less
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix docker controller not correctly checking image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix old migration reference
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 21:39:35 +02:00
aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage ( #1577 )
...
* stages/authenticator_sms: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add initial stage UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: clear invalid state when old input was invalid but new input is correct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add more logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add basic SMS settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: initial working version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: optimise totp password manager entry on authenticator_validation stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add grouping support for table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: allow sms class in authenticator stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add grouping to more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_validate: add SMS support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add throttling for flow executor based on session key and pending user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix style issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: add workflow to compile backend translations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
7bf587af24
ci: push dev images to ghcr ( #1591 )
...
* ci: push dev images to ghcr
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: use new ghcr images
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: use ghcr proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 14:08:34 +02:00
b80ecd4668
stages/prompt: fix wrong field type of field_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-10 18:54:56 +02:00
d959b7a930
Merge branch 'version-2021.9'
2021-10-10 14:35:40 +02:00
619203c177
release: 2021.9.8
2021-10-10 13:12:26 +02:00
7d9251ce2f
root: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:56:49 +02:00
846c971674
root: add translation for backend strings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:07:28 +02:00
5b7e1f97e0
stages/authenticator_duo: remove signals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:29:35 +02:00
dff0613b3d
crypto: add managed field, prepare managed JWT cert
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:14:39 +02:00
8965451073
core: add default for user's settings attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 16:01:22 +02:00
b33ea9cc61
core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 15:35:18 +02:00
f32d35b07c
policies/password: add extra sub_text field in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:27:24 +02:00
9e936e4436
outposts: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:15:57 +02:00
649abddea7
outposts: fallback to known-good outpost image if configured image cannot be pulled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:10:39 +02:00
67b88595ad
stages/prompt: fix sub_text not allowing blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:00:15 +02:00
b4ee693a5c
stages/user_write: allow recursive writing to user.attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:57:19 +02:00
57e5acaf2f
stages/prompt: add sub_text field to add HTML below prompt fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:34:37 +02:00
050ec99c89
flows: fix inspector history not being cleared when executing from API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:29:28 +02:00
cbeee27fc1
build(deps): bump @sentry/tracing from 6.13.2 to 6.13.3 in /web ( #1556 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 09:39:44 +02:00
8c27616d0c
Merge branch 'version-2021.9'
2021-10-06 21:04:16 +02:00
e444d0d640
release: 2021.9.7
2021-10-06 20:57:56 +02:00
d75c63d38b
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/fr_FR.po
2021-10-06 00:04:09 +02:00
2b730dec54
release: 2021.9.6
2021-10-05 22:22:54 +02:00
62bf79ce32
root: add docker-native healthcheck for web and celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
d29d161ac6
admin: clear update notification when notification's version matches current version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
aee58c8d53
root: add docker-native healthcheck for web and celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:18 +02:00
fa6df84de2
admin: clear update notification when notification's version matches current version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:36:38 +02:00
79eec5a3a0
core: include group uuids in self serializer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:49:14 +02:00
c1f302fb7c
core: only return group names for user_self
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:53 +02:00
782764ac73
api: ensure viewsets have default ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
73d57d6f82
core: make user's name field fully options
...
closes #1537
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
d1a1bfbbc5
web/user: don't show managed tokens in user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:49 +02:00
1ac4dacc3b
outposts: fix error when comparing ports in docker controller when port mapping is disabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:15 +02:00
9e7e22367b
core: include group uuids in self serializer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:10:44 +02:00
f5761dc70d
core: only return group names for user_self
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 12:31:25 +02:00
16380b3f7a
api: ensure viewsets have default ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:26:41 +02:00
16f2603130
core: make user's name field fully options
...
closes #1537
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:23:27 +02:00
847cfed73f
web/user: don't show managed tokens in user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:11:34 +02:00
05b587ae44
outposts: fix error when comparing ports in docker controller when port mapping is disabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:44:07 +02:00
a515afae0b
recovery: handle error when user doesn't exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:40:59 +02:00
1c340ddbbd
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/package-lock.json
# web/package.json
2021-10-04 22:02:56 +02:00
bcf7e162a4
release: 2021.9.5
2021-10-04 20:08:46 +02:00
cb37e5c10e
stages/email: add activate_user_on_success flag, add for all example flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/fr_FR.po
2021-10-04 18:50:19 +02:00
73bb778d62
stages/user_login: add check for user.is_active and tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:50:00 +02:00
b612a82e16
outposts: don't always build permissions on outpost.user access, only in signals and tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:57 +02:00
09f43ca43b
events: add missing migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:50 +02:00
1c91835a26
providers/ldap: use RDN when using posixGroup's memberUid attribute ( #1514 )
...
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.
fixes #1436
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 18:49:45 +02:00
3634bf4629
tests/integration: fix tests failing due to incorrect comparison
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:10 +02:00
0692663537
stages/email: add activate_user_on_success flag, add for all example flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:47:51 +02:00
b5649bdcc4
stages/user_login: add check for user.is_active and tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:37:05 +02:00
fab9a10487
outposts: don't always build permissions on outpost.user access, only in signals and tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:04:19 +02:00
0f00b27384
events: add missing migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 17:51:31 +02:00
ab5981836d
providers/ldap: use RDN when using posixGroup's memberUid attribute ( #1514 )
...
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.
fixes #1436
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 10:56:06 +02:00
036a4e86e2
tests/integration: fix tests failing due to incorrect comparison
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 22:54:07 +02:00
45f99fbaf0
outposts: fix circular import in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:26 +02:00
83150d9920
outposts: fix circular import in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:18 +02:00
e31a3307b5
providers/proxy: always check ingress secret in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
d28fcca344
outposts: check ports of deployment in kubernetes outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
c296e1214c
web: fix package lock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:37 +02:00
d30dcda814
providers/proxy: always check ingress secret in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:27 +02:00
c720c9f41b
outposts: check ports of deployment in kubernetes outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:09:52 +02:00
39d87841d0
outposts/proxy: add new headers with unified naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:20:44 +02:00
b285814e24
sources/ldap: fix logic error in Active Directory account disabled status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:19:07 +02:00
1c52836060
web: fix package lock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 01:17:41 +02:00
8dd77793a0
sources/ldap: fix logic error in Active Directory account disabled status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 00:30:35 +02:00
3c1ac4c7ec
outposts/proxy: add new headers with unified naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:23 +02:00
faca127217
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Pipfile.lock
2021-10-01 12:19:11 +02:00
1a6ea72c09
release: 2021.9.4
2021-10-01 09:51:51 +02:00
c251b87f8c
sources/ldap: add support for Active Directory `userAccountControl` attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
21a9aa229a
sources/ldap: don't sync ldap source when no property mappings are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
53e15bfbca
sources/ldap: add support for Active Directory `userAccountControl` attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:13:48 +02:00
8bce16e6b4
sources/ldap: don't sync ldap source when no property mappings are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 18:49:18 +02:00
10b45d954e
outposts: allow disabling of docker controller port mapping
...
closes #1474
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 00:11:50 +02:00
4cb8ae760a
outposts: allow disabling of docker controller port mapping
...
closes #1474
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-29 23:55:22 +02:00
f9ad102915
flows: inspector ( #1469 )
...
* flows: add initial inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: change naming a bit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flow: add inspector frame
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: don't use shadydom when inspecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add current stage to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/*: fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: deep-copy plan instead of just adding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: restrict inspector to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add buttons to launch flow with inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: don't automatically follow redirects when inspector is open
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: make current_plan optional, only require historry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: handle error messages in inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: improve UI when flow is done
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add is_completed flag to inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: fix monkeypatches for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add inspector tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: re-enable cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
941bc61b31
release: 2021.9.3
2021-09-27 17:31:50 +02:00
282b364606
stages/prompt: fix inconsistent policy context for validation policies
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-27 17:05:26 +02:00
674bd9e05c
web/admin: Fix typo 'username address' -> 'username' ( #1473 )
2021-09-26 12:53:37 +02:00
b248f450dd
outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
...
closes #1471
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 12:00:51 +02:00
aea1736f70
outposts/proxy: Fix failing traefik healtcheck ( #1470 )
2021-09-26 11:33:18 +02:00
4f3583cd7e
providers/proxy: make token_validity float and optional for backwards compat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:54:32 +02:00
f7408626a8
providers/proxy: return token_validity as total seconds instead of expression
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:44:16 +02:00
28eeb4798e
providers/proxy: add token_validity field for outpost configuration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1462
2021-09-25 15:00:06 +02:00
79b92e764e
*: fix typos in code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00
919336a519
outposts: ensure service is always re-created with mismatching ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 23:45:15 +02:00
93bdea3769
core: fix api return code for user self-update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 11:51:03 +02:00
64b4e851ce
events: add additional validation for event transport
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 16:29:58 +02:00
eddca478dc
release: 2021.9.2
2021-09-23 12:34:02 +02:00
74169860cf
api: add logging to sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 09:57:42 +02:00
2fe6de0505
release: 2021.9.1
2021-09-22 19:11:20 +02:00
ae07f13a87
outposts: don't map port 9300 on docker, only expose port
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:40:08 +02:00
e6b275add3
stages/invitation: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:41:05 +02:00
27016a5527
stages/invitation: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:30:51 +02:00
4c29d517f0
stages/email: use different query arguments for email and invitation tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:55:53 +02:00
180d27cc37
outposts: don't restart container when health checks are starting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:46:05 +02:00
3195640776
stages/email: slugify token identifier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:26:25 +02:00
d900a2b6a9
*: fix lookup_fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:19:36 +02:00
95a2fddfa8
policies/expression: add ak_user_has_authenticator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:13:41 +02:00
8f7d21b692
stages/email: don't throw 404 when token can't be found
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:01:25 +02:00
3f84abec2f
core: fix token identifier not being slugified when created with user-controller input
...
closes #1390
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:43:25 +02:00
b5c857aff4
api: add explicit lookup_value_regex, disable include_format_suffixes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:42:56 +02:00
ac52667327
release: 2021.9.1-rc3
2021-09-19 21:52:49 +02:00
f6e0f0282d
core: fix tokens not being viewable but superusers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 16:11:20 +02:00
3f42067a8f
web: improve display of action buttons with non-primary classes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:57:12 +02:00
ed6f5b98df
sources/ldap: improve messages of sync tasks in UI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:54:22 +02:00
c85484fc00
core: allow admins to create tokens with all parameters, re-add user to token form
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:25:48 +02:00
8279690a8f
sources/ldap: prevent error when retrying old system task with no arguments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 16:49:26 +02:00
3d8d93ece5
root: log failed celery tasks to event log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:42 +02:00
06af306e8a
sources/ldap: bump timeout, run each sync component in its own task
...
closes #1411
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:20 +02:00
3e4ce62dfe
build(deps-dev): bump pylint from 2.10.2 to 2.11.1 ( #1409 )
...
* build(deps-dev): bump pylint from 2.10.2 to 2.11.1
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.10.2 to 2.11.1.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.10.2...v2.11.1 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* root: update pylint config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 09:46:39 +02:00
28189bdddf
release: 2021.9.1-rc2
2021-09-16 23:23:36 +02:00
13e2eea72f
web/user: new end-user interface ( #1404 )
...
* web/user: migrate to top navbar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: prepare config from server
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-sort
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove old interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update issue template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use notification badge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: re-add go-to-admin button
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix remaining redirects directly to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make settings better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: ensure sources and stages are sorted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add sessions and consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/oauth2: add post wrapper to stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add new interface to release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 22:17:05 +02:00
9441be1ee2
interface split ( #943 )
2021-09-16 17:30:16 +02:00
17503365f7
policies: improve error handling when using bindings without policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:31 +02:00
ebf9f0ca63
stages/email: don't crash when testing stage does not exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:08 +02:00
ae26d2756f
providers/saml: improved error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:58:51 +02:00
124071f9be
root: remove python requirement from pipfile
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:37:43 +02:00
341c58a722
core: fix token expiry for service accounts being only 30 minutes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 09:57:34 +02:00
bdd5e16db1
release: 2021.9.1-rc1
2021-09-15 20:20:54 +02:00
d4672bfe79
events: log parsed query string instead of just full path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 20:15:04 +02:00
abd9fab41a
api: fix call of sentry proxy task
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:39:58 +02:00
7c8bf42ef9
api: send proxied sentry events in background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:12:20 +02:00
274b555912
api: add timeout for sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 18:59:27 +02:00
916530f0d8
providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui
...
closes #1369
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 17:14:53 +02:00
95efd47f65
root: remove asgi error handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 12:23:14 +02:00
90ecb1af7f
outposts: fix service account's permissions being checked twice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:55:27 +02:00
d7fdca1b44
stages/email: fix error when retrying email delivery after stage has been deleted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:50:11 +02:00
37346763dc
sources/oauth: Updating token url to new google url ( #1397 )
...
the present url goes to a 404
google openid (https://accounts.google.com/.well-known/openid-configuration ) says the new url is `https://oauth2.googleapis.com/token `
not using the new url makes authentik fallback on the default auth flow
2021-09-15 09:15:19 +02:00
ef341dd405
stages/user_write: add option to add newly created users to a group
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 21:45:34 +02:00
3ddf2d6f85
sources/oauth: fix type lookup for openid not matching
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 14:38:35 +02:00
ba6849f29c
*: remove string.format()
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 12:06:47 +02:00
942170f902
Revert "sources/oauth: fix access_token being sent as query param and not authorization header"
...
This reverts commit 248f993541
2021-09-14 11:59:32 +02:00
248f993541
sources/oauth: fix access_token being sent as query param and not authorization header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 11:07:36 +02:00
3a700a449a
sources/oauth: don't try to load azure AD user ID as UUID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 09:33:44 +02:00
23444f4df0
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:19:28 +02:00
71e68b498e
core: optimise groups api by removing member superuser status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:06:37 +02:00
fb267ee223
tenants: optimise db queries in middleware
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 17:54:37 +02:00
a4b3519428
api: fix possible error in sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 16:36:04 +02:00
9a7fa39de4
events: allow setting a mapping for webhook transport to customise request payloads
...
closes #1383
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-12 01:05:42 +02:00
c779ad2e3b
*: use common user agent for all outgoing requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 21:08:26 +02:00
7e7ef289ba
admin: migrate to new update check, add option to disable update check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 20:35:23 +02:00
bf771f8b6c
release: 2021.8.5
2021-09-11 19:20:13 +02:00
df4c8003b8
api: fix items of list fields having nullable set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 18:15:59 +02:00
39b365c6ae
sources/oauth: don't cancel flow when redirecting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 16:36:10 +02:00
e229eda96e
outposts/controllers/kubernetes: don't create service monitor for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 15:59:39 +02:00
4448145aa9
providers/proxy: use auth/traefik subpath
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 13:53:04 +02:00
7dfbcdbb81
stages/authenticator_duo: add API to "import" devices from duo
...
closes #1371
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 11:35:09 +02:00
2862b4ecfb
core: remove ?v from static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 20:09:12 +02:00
13d17dc729
lib: fix default listening port for metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:40:39 +02:00
5cf3a13ca8
flows: fix invalid parameter in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:36:51 +02:00
d0898a3869
flows: ensure all StageViews accept post, add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:30:14 +02:00
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
da58796768
providers/proxy: fix defaults for old proxy providers (load providers directly)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:54:24 +02:00
d98499a3fa
providers/proxy: fix defaults for old proxy providers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:26:36 +02:00
f3ff398a44
providers/proxy: add metrics port to controllers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:01:22 +02:00
533eb59a04
outposts/controllers: re-create service when mismatched ports to prevent errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:00:53 +02:00
502393ee56
outpost/proxyv2: allow port offset via yaml
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 21:07:06 +02:00
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
de3e1c3dbc
sources/oauth: fix FlowExecutor view call
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:39:03 +02:00
3c6aac5435
sources/oauth: prevent potentially confidential data from being logged
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:05:18 +02:00
eeb755ab7d
root: show location header in logs when redirecting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:04:00 +02:00
70d0dd51a5
sources/oauth: cancel currently active flows before redirecting out
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:03:45 +02:00
0bae550520
root: include authentik version in backup naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-05 20:25:02 +02:00
9dbafaaea2
web: Update Web API Client version ( #1348 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:49:16 +02:00
2db8b07578
events: add mark_all_seen
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:08:12 +02:00
b7ef076798
outposts: add expected outpost replica count to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:56:57 +02:00
37c29a073e
policies/password: fix symbols not being checked correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:21:48 +02:00
6ec8432217
policies/password: don't use regex for symbol detection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:36:01 +02:00
3ba84a8e8b
stages/identification: fix empty user_fields query returning first user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:07:14 +02:00
3378e82ec7
root: fix is_secure with safari on debug environments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 13:45:50 +02:00
e09a27cf87
events: remove authentik_events gauge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 18:04:26 +02:00
200e409d91
core: minor query optimization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 14:02:57 +02:00
d92d8e6dbb
api: add additional filters for ldap and proxy providers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
c2b9dc5c75
api: cache schema, fix server urls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:23:14 +02:00
276d8fe5cf
release: 2021.8.4
2021-09-02 20:21:21 +02:00
7fea20375f
*: fix tests not using APITestCase
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 19:14:21 +02:00
f0db408699
api: add v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00
cc5cc43baa
api: fix sentry endpoint not working due to mime-media
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 16:56:53 +02:00
e512f085db
root: allow enabling s3 backup ssl verification
...
closes #1332
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 09:41:55 +02:00
26fd66d831
stages/authenticator_validate: fix variable shadowing, optimization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:54:54 +02:00
4fc8e61f8c
stages/authenticator_validate: show single button for multiple webauthn authenticators
...
tested with browser + yubikey 5
closes #1096
The order of allowCredentials doesn't seem to matter, chrome seems to always choose the internal authenticator first.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:28:52 +02:00
17cb76c334
stages/invitation: fix invitation not inheriting ExpiringModel
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 14:25:19 +02:00
5745ffa0a8
ci: don't login to docker on forks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-31 09:31:10 +02:00
1b8271d767
flows: disable compatibility_mode by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 17:18:43 +02:00
3e9f5ec5ef
providers/proxy: improve error handling for non-tls ingresses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:57 +02:00
63f57b6a77
events: improve logging for task exceptions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:44 +02:00
a016f99450
core: fix user_obj being empty on token API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 12:51:17 +02:00
0c6e781e5b
providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 20:49:11 +02:00
523b96a6d2
api: add basic rate limiting for sentry endpoint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 19:33:18 +02:00
b1ed2154ac
policies/password: fix PasswordStage not being usable with prompt stages, rework validation logic
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 00:40:36 +02:00
160139813d
release: 2021.8.3
2021-08-28 16:58:44 +02:00
582ad92c76
outposts/k8s: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 14:58:26 +02:00
f61736e3d1
stages/identification: add error handling when password isn't set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 12:54:10 +02:00
2d8b4f543b
providers/proxy: fix url parsing for traefik labels on docker containers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 22:21:16 +02:00
8542dc10ab
providers/proxy: fix docker container labels not being inherited correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 20:20:34 +02:00
12ddee3bb6
outpost: add additional labels to docker container
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:27 +02:00
dc41d0af27
outposts: add configurable docker_network for outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:11 +02:00
c4f72c2bc1
release: 2021.8.2
2021-08-26 17:58:20 +02:00
e92f9836e3
root: allow django auth backend for upgrading users with cache
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 17:57:25 +02:00
897f6f3473
release: 2021.8.1
2021-08-26 16:03:45 +02:00
2ae164df78
*: cleanup api schema warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 09:36:41 +02:00
0ccec96490
core: make user optional in token creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 21:21:51 +02:00
d79975c409
core: fix user object for token not be setable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 20:43:34 +02:00
20d65035d5
core: fix error when user updates themselves
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 17:52:50 +02:00
8d6227377f
core: fix error for asgi error handler with websockets
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 10:24:01 +02:00
4d27694706
release: 2021.8.1-rc2
2021-08-24 21:29:29 +02:00
d7ad5f6a16
core: add API to create service account with token for app password
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 20:09:22 +02:00
5af9a3d3be
sources/saml: fix error when getting metadata
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:51:08 +02:00
dec34bc948
stages/password: fix replace_inbuilt not being called
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:37:39 +02:00
cc6d5765f2
web/admin: fix inconsistent ordering for ldap property mappings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:04:19 +02:00
2ec1ff2ebb
sources/ldap: fix error when modifying ldap source with password write-back
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:41 +02:00
884c2bd0e9
root: fix missing ldap backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:19 +02:00
2c938ec9dc
stages/password: sort backends in migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 12:44:45 +02:00
9733caf3b7
admin: use copy for environ api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 11:39:49 +02:00
10e50bc77f
stages/user_login: improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:58:50 +02:00
5be152e12d
stages/password: fix migration error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:57:20 +02:00
b0efab6d6d
admin: add env to API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:55:46 +02:00
c60ba91fee
core: fix auth saving entire models into session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 23:59:43 +02:00
cba255eaaa
Merge branch 'master' into app-passwords
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/tests/test_source_flow_manager.py
# authentik/stages/authenticator_validate/tests.py
# authentik/stages/password/tests.py
# scripts/generate_ci_config.py
2021-08-23 21:21:12 +02:00
859cf2bd8f
lib: move id and key generators to lib ( #1286 )
...
* lib: move generators to lib
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: bump default token key size
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix split being used for http basic auth instead of partition
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: don't rethrow error in ActionButton
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:27:38 +02:00
a2578ffaad
core: add token tests for invalid intent and token auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:21:54 +02:00
888526a2a7
stages/user_write: fix wrong fallback authentication backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:31:23 +02:00
27cc5d7138
core: fix authentication error when no request is given
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:09:53 +02:00
5face5410f
web/admin: select all password stage backends by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 18:08:29 +02:00
e27a6fdeeb
events: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:48:28 +02:00
033c9a3bd3
core: fix token intent not defaulting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:33:35 +02:00
0b280c0a47
website: fix example flows using incorrect backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:26:07 +02:00
07a4f474f4
website/docs: add docs for `auth_method` and `auth_method_args` fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00
244dc671db
Merge branch 'master' into app-passwords
2021-08-23 17:12:17 +02:00
4308136108
root: fix error_handler for websocket
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:12:11 +02:00
69a0153619
core: use custom inbuilt backend, set backend login information in flow plan for events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:09:53 +02:00
00e9b91f56
web/admin: fix missing app passwords backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:47:38 +02:00
4cf76fdcda
stages/password: auto-enable app password backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:39:39 +02:00
f217d34a98
web/admin: allow users to create app password tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:27:39 +02:00
9a6a3e66b8
root: update schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:14:33 +02:00
20572c728d
core: add new token intent and auth backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:05:29 +02:00
f6953296d8
outposts: add recursion limit for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:28 +02:00
e4790f9060
core: handle error when ?for_user is not numberical
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:18 +02:00
58712047e1
root: add ASGI Error handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:15:12 +02:00
85915905dc
web/flows: fix error during error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:11:30 +02:00
12e2f7b945
outposts: add repair_permissions command
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:53:53 +02:00
45d47f828a
outpost: handle non-existant permission
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:39:47 +02:00
7efec281be
build(deps-dev): bump pylint from 2.9.6 to 2.10.2 ( #1280 )
...
* build(deps-dev): bump pylint from 2.9.6 to 2.10.2
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.9.6 to 2.10.2.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.9.6...v2.10.2 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: add missing encoding to open() calls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 10:10:31 +02:00
7639cdad0a
release: 2021.8.1-rc1
2021-08-22 20:17:35 +02:00
b003e8e1e8
sources/oauth: fix openidconnect provider name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 18:36:06 +02:00
294d70ae4d
outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 17:53:09 +02:00
3e909ae6bb
core: allow filtering users by the groups they are in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
b4f738492d
sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:52:41 +02:00
bff7addb55
stages/password: adjust name of default prompt stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:16:18 +02:00
2a90c0b35e
sources/oauth2: migrate to microsoft graph instead of azure graph
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:15:29 +02:00
93e27d1959
web: improve failed request handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:40:45 +02:00
02c736d784
lib: ignore installation specific errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
6433b5982e
api: add cache timeouts to config API for outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
18eccd995d
sources/plex: fix linting error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:44:54 +02:00
495b068be5
web: add plex connection deletion support
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
84c4547005
sources/plex: add API for user connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
8fe38b528b
outposts: fix managed check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-16 09:36:01 +02:00
0a6efab7cb
outposts: fix syntax
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 20:59:37 +02:00
b35e62e5ae
outposts: don't start docker container for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 18:10:49 +02:00
2592fc3826
sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 19:09:29 +02:00
d9ece98bbc
core: fix token expiration not being updated upon key rotation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:22:42 +02:00
1524efcf51
core: fix expired tokens not being returned by API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:21:53 +02:00
c92c0102ca
website/docs: add database port parameter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 02:24:36 +02:00
c6dddc97f0
core: fix error when migrating with AK_ADMIN_TOKEN set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 22:36:52 +02:00
38292a588b
website/docs: add docs for automated installs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:57:58 +02:00
e90da9283e
core: add support to bootstrap token on initial install using AK_ADMIN_TOKEN in environment
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:45:49 +02:00
e0e0f4fa6c
core: fix users's group list not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 20:16:45 +02:00
ec95a2bddc
core: allow changing of groups a user is in from user api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00
de9d483b9f
admin: add API to show embedded outpost status, add notice when its not configured properly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:16:11 +02:00
557724768a
core: add API to directly send recovery link to user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 13:54:59 +02:00
d18e829d80
providers/ldap: fix error in outpost when certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 20:47:26 +02:00
7a836e0d7e
api: fix backup capability not being detected correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:32:29 +02:00
f496b8b5d7
providers/oauth2: add more test cases for token view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:20:32 +02:00
837fa23af0
outpost: only set embedded outpost config on creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 22:23:33 +02:00
665c1aa81b
providers/proxy: don't create ingress when no hosts are defined
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:46:05 +02:00
ebc6afe015
outpost: fix detection of embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:39:08 +02:00
45bee4b4dc
outposts: fix test for config validation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 17:14:05 +02:00
c025d64ba3
outpost: revert managed config, make authentik_host field optional
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:58:01 +02:00
2a53bc4330
outpost: add fallback for authentik_host when its not set in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:32:26 +02:00
8180d6f9e8
outposts: don't override authentik_host for embedded outpost authentik_host
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:29:33 +02:00
ccfc1dbcc2
*: make all PropertyMappings filterable by multiple managed attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:06:44 +02:00
3367b83368
providers/saml: use idp-initiated sso flow as launch url
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 15:01:52 +02:00
f0a8c30ce9
outposts: create different service when using embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 14:01:39 +02:00
b36a3100e6
outposts: allow empty provider list for embedded provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:32:44 +02:00
e02207f38d
outpost/embedded: use redis session backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:12:22 +02:00
9a8240bdd1
proviers/saml: fix validation error not being raised
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:39:30 +02:00
f6ab241219
providers/oauth2: fix accessing undefined variable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:35:17 +02:00
b0f09eb2c4
web/admin: fix Table not updating selectedElements correctly after update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 20:53:28 +02:00
9c9addb0ce
*: ensure all resources can be filtered
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
2d5094fdf7
root: fix formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-06 00:11:24 +02:00
8044818a4d
core: add additional cleanup for authenticated sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 23:25:40 +02:00
a43fb026a0
Merge branch 'version-2021.7'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/api/users.py
# authentik/providers/saml/processors/metadata_parser.py
# web/src/pages/sources/oauth/OAuthSourceForm.ts
# web/src/pages/sources/plex/PlexSourceForm.ts
# web/src/pages/users/UserForm.ts
2021-08-05 20:23:32 +02:00
18211a2033
release: 2021.7.3
2021-08-05 19:23:03 +02:00
1b91543add
core: add UserSelfSerializer and separate method for users to update themselves with limited fields
...
rework user settings page to better use form
closes #1227
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/api/users.py
# web/src/elements/forms/ModelForm.ts
# web/src/pages/user-settings/UserDetailsPage.ts
# web/src/pages/user-settings/UserSettingsPage.ts
2021-08-05 17:47:45 +02:00
6fe5175f21
core: add UserSelfSerializer and separate method for users to update themselves with limited fields
...
rework user settings page to better use form
closes #1227
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 17:42:19 +02:00
aa4f7fb2b6
providers/saml: fix error when PropertyMapping return value isn't string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-04 00:22:07 +02:00
4f1c11c5ef
providers/saml: add WantAssertionsSigned
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/saml/processors/metadata_parser.py
2021-08-04 00:21:54 +02:00
a449f9c69b
providers/saml: fix error when PropertyMapping return value isn't string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:56 +02:00
36b346662c
providers/saml: add WantAssertionsSigned
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:13 +02:00
9d392931df
root: fix lint errors from re-format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 18:09:16 +02:00
77ed25ae34
root: reformat to 100 line width
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
9c9bcb7a01
Merge branch 'version-2021.7'
2021-08-01 19:23:22 +02:00
add7a80fdc
release: 2021.7.2
2021-08-01 19:11:50 +02:00
aac91c2e9d
stages/email: handle OSError
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
85e86351cd
flows: fix flows not redirecting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
a939e224fc
stages/email: handle OSError
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:53:13 +02:00
1fc2bcf02b
flows: fix flows not redirecting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:50:43 +02:00
d767504474
flows: don't check redirect URL when set from flow plan (set from authentik or policy)
...
closes #1203
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
f84cd6208c
flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
1ec540ea9a
providers/saml: fix metadata being inaccessible without authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
4e5dba1d0b
flows: don't check redirect URL when set from flow plan (set from authentik or policy)
...
closes #1203
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:10:45 +02:00
92a448b677
flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:56:48 +02:00
f875149983
providers/saml: fix metadata being inaccessible without authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:50:17 +02:00
29fe731bbf
providers/saml: fix Error when getting metadata for invalid ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:09:22 +02:00
d70b81fe43
providers/saml: fix Error when getting metadata for invalid ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:50:54 +02:00
26e66969c9
stages/invitation: delete invite only after full enrollment flow is completed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:22:02 +02:00
b58c913618
stages/invitation: delete invite only after full enrollment flow is completed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:21:27 +02:00
72b7642c5a
outposts: catch invalid ServiceConnection error in outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
a97f842112
sources/plex: add background task to monitor validity of plex token
...
closes #1205
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
35c1476bbe
outposts: catch invalid ServiceConnection error in outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:25:11 +02:00
18bb4fd0bf
sources/plex: add background task to monitor validity of plex token
...
closes #1205
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:24:52 +02:00
293c479364
outposts: ensure embedded outpost is created with integration selected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-31 21:09:38 +02:00
0cb4d64b57
stages/email: fix error when re-requesting email after token has expired
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
a4fd58a0db
events: ensure fallback result is set for on_failure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
8ceef82c55
stages/email: fix error when re-requesting email after token has expired
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:24 +02:00
f933cd99ad
events: ensure fallback result is set for on_failure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:37:53 +02:00
fb6e8ca1eb
events: remove default result for MonitoredTasks, only save when result was set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:43:29 +02:00
7ac5091e5a
events: remove default result for MonitoredTasks, only save when result was set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:42:56 +02:00
bc9ff792a8
outposts: manage config for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:29:38 +02:00
a5c8caf909
providers/oauth2: fix error when requesting jwks keys with no rs256 aet
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:59 +02:00
8495ff9fc0
providers/oauth2: fix error when requesting jwks keys with no rs256 aet
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:31 +02:00
a3981dd3cd
providers/proxy: fix hosts for ingress not being compared correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:35:50 +02:00
Jens Langhammer
NeroPcStation
github-actions[bot]
Matthew R. McDougal
Jens L
dependabot[bot]
Rizwan Ahmed
Ilya Kogan
Skyler Mäntysaari
Steven Armstrong
pemontto
Denis Teyssier