Commit Graph

2711 Commits

Author SHA1 Message Date
dependabot[bot] f7044e41c6
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793)
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: fix bandit false positives

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 09:16:16 +01:00
Jens Langhammer 59343ff441 stages/email: fix missing component in response when retrying email send
closes #1791

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 17:52:31 +01:00
Jens Langhammer cab564152d lib: load json strings in config env variables
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 12:44:22 +01:00
Jens Langhammer 88516ba2ca core: make defaults for _change_email and _change_username configurable
closes #1789

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:33:03 +01:00
Jens Langhammer 2a3b049b01 release: 2021.10.4 2021-11-12 12:31:24 +01:00
Rizwan Ahmed e4a5e86c93 sources/oauth: Fixed the incorrect padding issue in apple.py (#1773)
* Fixed the incorrect padding issue in apple.py

Fixed the incorrect padding issue in apple.py by adding proper padding to the raw_payload.

* Fixed the incorrect encoding of client_secret in apple.py

In the get_client_secret() method, the "sub" in the payload must be only the client ID. So I have changed self.source.consumer_key to parts[0]

* Added the decode method for the id_token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-12 12:10:29 +01:00
Jens Langhammer 1cfe81887b stages/authenticator_validate: improve logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:33:41 +01:00
Jens Langhammer 53905d1a89 stages/authenticator_validate: enable all device classes by default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:49:30 +01:00
Jens Langhammer 6db1c914ee stages/authenticator_duo: fix devices created with name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:16:47 +01:00
Jens Langhammer c98bdbacc5 providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
Jens Langhammer 1e8d45dc15 web: write interfaces to different folders and remove custom chunk names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 17:54:50 +01:00
Jens Langhammer d5d8641b37 stages/*: disable trim_whitespace on important fields
closes #1765

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 16:48:19 +01:00
Jens Langhammer cc0832f487 core: force lowercase emails for gravatar usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 12:40:20 +01:00
Jens Langhammer e73606b54d root: catch error in analytics on startup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 11:28:08 +01:00
Jens Langhammer 5d479a6c8f root: set utm_source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 23:23:47 +01:00
Jens Langhammer 4a773b2b4f sources/ldap: set connect/receive timeout (default to 15s)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:27:58 +01:00
Jens Langhammer 8003d67844 sources/ldap: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:24:33 +01:00
Jens Langhammer 51783c1cbb sorces/ldap: fix user/group sync overwriting attributes instead of merging them
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 21:16:59 +01:00
Jens Langhammer ab2b13938e release: 2021.10.3 2021-11-08 20:52:11 +01:00
Jens Langhammer 9ca15983a2 root: keep last 30 backups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 17:46:25 +01:00
Jens Langhammer 99ef94b7aa stages/prompt: only set placeholder when in context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 15:10:32 +01:00
Jens Langhammer c3faa61ed9 stages/prompt: set field placeholder based on plan context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:47:50 +01:00
Jens Langhammer da74304221 stages/prompt: add text_read_only field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:45:56 +01:00
Jens Langhammer 79db0ce4c1 stages/prompt: use initial instead of default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 22:20:08 +01:00
Jens Langhammer 5e23b11764 stages/prompt: default prompts to the current value of the context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:59:50 +01:00
Jens Langhammer c4e029ffe2 recovery: add create_admin_group management command
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:53:21 +01:00
Jens Langhammer 61b5b36192 core: add command to output full config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:45:52 +01:00
Jens Langhammer c6cc1b1728 root: fix defaults for EMAIL_USE_TLS
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:37:14 +01:00
Jens Langhammer 90151a13ae stages/identification: only allow limited challenges for login sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:53:38 +01:00
Jens Langhammer f958aa6930 stages/identification: use random sleep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:50:35 +01:00
Jens Langhammer 924a13e832 core: fix auth_method for tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:41 +01:00
Jens Langhammer ae83c35dfd events: ignore creation/deletion of AuthenticatedSession objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:34 +01:00
Jens Langhammer 6424bf98da admin: improve check to remove version notifications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 12:15:05 +01:00
Jens Langhammer 2cef220a3e providers/ldap: add/squash migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:41:50 +01:00
Jens L 5a8c66d325
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/ldap: add basic in-memory searcher

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/ldap: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
dependabot[bot] 8de13d3f67 build(deps): bump goauthentik.io/api from 0.2021102.2 to 0.2021102.4 (#1738)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 09:33:26 +01:00
Jens Langhammer 7798292aa8 sources/plex: use exception_to_string in tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:16:36 +01:00
Jens Langhammer 3005ca17bd web/admin: show warning on provider when not used with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:15:33 +01:00
Jens Langhammer 909461e533 providers/*: include list of outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:06:04 +01:00
Jens Langhammer a40c3aeb68 core: make group membership lookup respect parent groups (upwards)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:53:56 +01:00
Jens Langhammer 4a89be3048 core: include parent group name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:11:17 +01:00
Jens Langhammer 023b97aa69 sources/ldap: remove deprecated default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 22:13:47 +01:00
Jens Langhammer 738e4d5c74 web/admin: only show flows with an invitation stage configured instead of all enrollment flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1720
2021-11-04 20:54:55 +01:00
Jens Langhammer 5bc1301043 stages/authenticator_*: add default name for authenticators
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 15:34:51 +01:00
Jens Langhammer 8d766efecb root: don't set signal on start when running in ci or dev
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 14:32:21 +01:00
Jens Langhammer b362d2af03 lib: fix linting issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:43:09 +01:00
Jens Langhammer bcd42fce13 root: further improve detection of environment we're running in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:35:22 +01:00
Jens Langhammer 6deddd038f internal: start embedded outpost directly after backend is healthy instead of waiting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:18:04 +01:00
Jens Langhammer 3b47cb64da root: improve compose detection, add anonymous stats
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:21 +01:00
Jens Langhammer cf5e70c759 lifecycle: revert to non-h11 worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:10 +01:00
Jens Langhammer 5374352411 sources/plex: allow users to connect their plex account without login flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 21:09:02 +01:00
Jens Langhammer 08eff4cc5d sources/plex: fix missing ordering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 20:21:33 +01:00
Jens Langhammer 8f6d700aa8 sources/oauth: set prompt=none for Discord provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 15:48:59 +01:00
Jens Langhammer 58c221e867 release: 2021.10.2 2021-11-03 10:07:28 +01:00
Jens Langhammer 5dc0f3b91b website: remove static service account, use helm chart instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:14:01 +01:00
Jens Langhammer f51515f3de stages/invitation: don't throw 404 error in stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:07:13 +01:00
Jens Langhammer f978575293 stages/invitation: remove invitation from plan context after deletion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 23:50:12 +01:00
Jens Langhammer 0d02dbf55c api: replace django sentry proxy with go proxy to prevent login issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 14:44:37 +01:00
Jens Langhammer af83308fd4 stages/prompt: fix type in Prompt not having enum set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-01 20:44:48 +01:00
Jens Langhammer 6036d88392 providers/proxy: allow configuring of additional scope mappings for proxy
closes #1255

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 22:25:51 +01:00
Jens Langhammer bfc8a56a0b *: fix tests for new field show_source_labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 18:18:21 +01:00
Jens Langhammer 5646141fe2 stages/identification: add show_source_labels option, to show labels for sources
closes #1679

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:57:48 +01:00
Jens Langhammer 335d6edd11 providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:21:15 +01:00
Jens Langhammer 5d9bed130a root: fix Detection of S3 settings for backups
closes #1698

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 16:54:10 +01:00
Jens Langhammer 2788329880 release: 2021.10.1 2021-10-31 10:56:21 +01:00
Jens Langhammer f5dc81907a core: add created field to source connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 15:02:41 +02:00
Jens Langhammer d70c8fbcc3 core: add API for all user-source connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:36:54 +02:00
Jens Langhammer 12b26e49ec flows: optimise stage user_settings API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:16:28 +02:00
Jens Langhammer e771e1857f core: add API to list all authenticator devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-29 09:08:48 +02:00
Jens Langhammer 72a93c0959 root: pin node images to v16
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-28 10:29:48 +02:00
Jens Langhammer 381010600f release: 2021.10.1-rc3 2021-10-27 18:57:07 +02:00
Jens Langhammer 1b21b50b77 providers/oauth2: fallback to uid if UPN was selected but isn't available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 16:11:35 +02:00
Jens Langhammer fa6324ab1d sources/ldap: prevent key `users` from being set as this is an M2M relation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:56 +02:00
Jens Langhammer 9e0daf2bcf sources/ldap: skip values which are of type bytes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:38 +02:00
Jens Langhammer 0273ae16df events: fix error when notification transport doesn't exist anymore
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:38:41 +02:00
Jens Langhammer f2f12ef0ba api: fix error when connection to websocket via secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:21:52 +02:00
Jens Langhammer 61d3df5f02 outposts: fix docker controller not using object_naming_template
closes #1682

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:04:59 +02:00
Jens Langhammer 971de4fcb9 core: add USER_ATTRIBUTE_CHANGE_EMAIL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1590 and #1677
2021-10-27 13:34:11 +02:00
Jens Langhammer 92085f1a3c core: add toggle to completely disable backup mechanism
closes #1671

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-26 17:04:33 +02:00
Jens Langhammer 8eb4d53810 providers/oauth2: fix events being created from /application/o/authorize/
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 22:59:01 +02:00
Jens Langhammer 731f5d0199 release: 2021.10.1-rc2 2021-10-21 16:38:30 +02:00
Jens Langhammer 3647633232 core: cleanup embedded outpost logging, log user for http requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 22:12:49 +02:00
Jens Langhammer eba91c6b2b root: add cookie domain setting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 18:26:22 +02:00
Jens Langhammer ba9f8a5795 lib: add utm_source to default links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 17:31:27 +02:00
Jens Langhammer 02b4173d30 root: add utm_source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:34:39 +02:00
Jens Langhammer 61fab497cf core: add user flag to prevent users from changing their usernames
closes #1590

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:17:19 +02:00
Jens Langhammer 621e7f564a flows: also clear cache when deleting bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 15:25:38 +02:00
Jens Langhammer 2df4322ecf sources/oauth: add choices to oauth provider_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 00:11:19 +02:00
Jens Langhammer 03369e2338 sources/ldap: check for existence of vendor fields before falling back
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1521
2021-10-19 15:40:40 +02:00
Jens Langhammer 5da7d9a573 release: 2021.10.1-rc1 2021-10-19 15:34:59 +02:00
Jens Langhammer 89bb27b95c sources/ldap: fix missing arguments?
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 22:04:58 +02:00
Jens Langhammer 2b155964c2 sources/ldap: extract vendor-specific functions
#1521

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 21:44:10 +02:00
Jens L 922fc9b8d5
sources/oauth: add Sign in with Apple (#1635)
* sources/oauth: add apple sign in support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: apple sign in docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix missing apple in sidebar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: add fallback values for name and slug

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 16:35:12 +02:00
Jens Langhammer 2c06eed8e7 events: don't prefill task if they already have a state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:48:14 +02:00
Jens Langhammer a1b3af401d outposts: improve handling of recreate scenarios
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:29:37 +02:00
Jens Langhammer 92d38f62b5 outposts: handle k8s 422 response code by recreating objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:23:11 +02:00
Jens Langhammer 98a56c77e3 providers/proxy: update ingress controller to work with k8s 1.22
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:00:24 +02:00
Jens Langhammer ce812e14c7 core: improve detection for s3 settings to trigger backup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:56:31 +02:00
Jens Langhammer 8d32a53126 outposts: add additional error checking for docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:54:57 +02:00
Jens Langhammer 0225bf9c99 stages/authenticator_validate: create a default authenticator validate stage with sensible defaults
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-16 00:28:56 +02:00
dependabot[bot] 8040e2b6e4
build(deps): bump webauthn from 0.4.7 to 1.0.0 (#1625)
* build(deps): bump webauthn from 0.4.7 to 1.0.0

Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 0.4.7 to 1.0.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v0.4.7...v1.0.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* stages/authenticator_webauthn: migrate to new library version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: migrate to new version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_webauthn: add bytes_to_base64url_dict for json encoding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* actually don't do that

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing response on web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more double json

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more base64 stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* working

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: always sync

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 23:26:29 +02:00
Jens Langhammer f62786e58b policies: add additional filters to create flow charts on frontend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
Jens Langhammer 5f9dda2e58 outposts: rename docker_image_base to container_image_base, since its not docker specific
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 20:28:30 +02:00
Ilya Kogan 0c55eea678
outposts: Adding more flexibility to outposts in Kubernetes. (#1617)
* outposts/ldap: Support hard coded `uidNumber` and `gidNumber`.

* outposts: more options for image + labels

- Set outpost docker image in config.
- Set image pull secrets in outpost config.
- Add additional labels for easier targeting from
  custom services.

* Fix some linting errors.

* outposts: Rename `docker_image` to `container_image
2021-10-14 19:54:56 +02:00
Jens Langhammer dd9dc7e596 root: fix error with sentry proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 19:45:01 +02:00
Jens Langhammer 797e31696a outposts: fix attribute error in docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 13:37:56 +02:00
Jens Langhammer 8eddb4b95b admin: check for debug in worker count api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:32:30 +02:00
Jens Langhammer 4b7399f454 *: add @prefill_task() decorator to "pre-fill" tasks in cache, so they can be executed even before their schedule would do so
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:21:28 +02:00
Jens Langhammer 9bc9568008 stages/authenticator_sms: make fields non-nullable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 11:42:11 +02:00
Skyler Mäntysaari 634375c43f stages/authenticator_sms: add generic provider (#1595)
* stages/sms: New SMS provider, aka wrapper for outside API

* web/pages/authenicator_sms: Conditionally show options based on provider.

* stages/authenicator_sms: Fixing up the model.

* Whoops

* stages/authenicator_sms: Adding supported auth types for Generic provider.

* web/pages/stages/authenicator_sms: Added auth type for generic provider

* web/pages/stages/authenicator_sms: Fixing up my generic provider options.

* stages/authenicator/sms: Working version of generic provider.

* stages/authenicator/sms: Cleanup and creating an event on error.

* web/ages/stages/authenicator_sms: Made a default for Auth Type and cleaned up the non-needed name attribute.

* stages/authenicator_validate: Fixing up the migration as it had no SMS.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* web/pages/stages/authenicator_sms: Provider default is not empty anymore.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 10:24:15 +02:00
Jens Langhammer 98907ec889 root: remove structlog.processors.format_exc_info for new structlog version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 09:42:49 +02:00
Jens Langhammer 3e5b05203b Revert "root: handle liveness probe in router"
This reverts commit d39dbc7287.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 18:44:37 +02:00
Jens Langhammer 2b09d97522 core: fix squash migrations error when AK_ADMIN_TOKEN is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 17:45:10 +02:00
Jens Langhammer d39dbc7287 root: handle liveness probe in router
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 14:54:15 +02:00
Jens Langhammer cc69311ec0 stages/authenticator_validate: add new class
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 13:13:31 +02:00
Jens Langhammer ddb70a283e managed: don't run managed reconciler in foreground on startup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 12:10:46 +02:00
Jens Langhammer ecfc3a6d93 *: migrate everything to goauthentik.io docker proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 11:04:47 +02:00
Jens L e4f141c6c0
*: Squash Migrations (#1593)
* *: first squash pass

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/saml: squash less

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix docker controller not correctly checking image

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix old migration reference

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 21:39:35 +02:00
Jens L aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
* stages/authenticator_sms: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add initial stage UI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: clear invalid state when old input was invalid but new input is correct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add more logic

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add basic SMS settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: initial working version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: optimise totp password manager entry on authenticator_validation stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add grouping support for table

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: allow sms class in authenticator stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add grouping to more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: add SMS support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add throttling for flow executor based on session key and pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix style issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: add workflow to compile backend translations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
Jens L 7bf587af24
ci: push dev images to ghcr (#1591)
* ci: push dev images to ghcr

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: use new ghcr images

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: use ghcr proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 14:08:34 +02:00
Jens Langhammer b80ecd4668 stages/prompt: fix wrong field type of field_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-10 18:54:56 +02:00
Jens Langhammer d959b7a930 Merge branch 'version-2021.9' 2021-10-10 14:35:40 +02:00
Jens Langhammer 619203c177 release: 2021.9.8 2021-10-10 13:12:26 +02:00
Jens Langhammer 7d9251ce2f root: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:56:49 +02:00
Jens Langhammer 846c971674 root: add translation for backend strings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:07:28 +02:00
Jens Langhammer 5b7e1f97e0 stages/authenticator_duo: remove signals
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:29:35 +02:00
Jens Langhammer dff0613b3d crypto: add managed field, prepare managed JWT cert
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:14:39 +02:00
Jens Langhammer 8965451073 core: add default for user's settings attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 16:01:22 +02:00
Jens Langhammer b33ea9cc61 core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 15:35:18 +02:00
Jens Langhammer f32d35b07c policies/password: add extra sub_text field in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:27:24 +02:00
Jens Langhammer 9e936e4436 outposts: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:15:57 +02:00
Jens Langhammer 649abddea7 outposts: fallback to known-good outpost image if configured image cannot be pulled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:10:39 +02:00
Jens Langhammer 67b88595ad stages/prompt: fix sub_text not allowing blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:00:15 +02:00
Jens Langhammer b4ee693a5c stages/user_write: allow recursive writing to user.attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:57:19 +02:00
Jens Langhammer 57e5acaf2f stages/prompt: add sub_text field to add HTML below prompt fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:34:37 +02:00
Jens Langhammer 050ec99c89 flows: fix inspector history not being cleared when executing from API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:29:28 +02:00
dependabot[bot] cbeee27fc1 build(deps): bump @sentry/tracing from 6.13.2 to 6.13.3 in /web (#1556)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 09:39:44 +02:00
Jens Langhammer 8c27616d0c Merge branch 'version-2021.9' 2021-10-06 21:04:16 +02:00
Jens Langhammer e444d0d640 release: 2021.9.7 2021-10-06 20:57:56 +02:00
Jens Langhammer d75c63d38b Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-06 00:04:09 +02:00
Jens Langhammer 2b730dec54 release: 2021.9.6 2021-10-05 22:22:54 +02:00
Jens Langhammer 62bf79ce32 root: add docker-native healthcheck for web and celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
Jens Langhammer d29d161ac6 admin: clear update notification when notification's version matches current version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
Jens Langhammer aee58c8d53 root: add docker-native healthcheck for web and celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:18 +02:00
Jens Langhammer fa6df84de2 admin: clear update notification when notification's version matches current version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:36:38 +02:00
Jens Langhammer 79eec5a3a0 core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:49:14 +02:00
Jens Langhammer c1f302fb7c core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:53 +02:00
Jens Langhammer 782764ac73 api: ensure viewsets have default ordering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
Jens Langhammer 73d57d6f82 core: make user's name field fully options
closes #1537

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
Jens Langhammer d1a1bfbbc5 web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:49 +02:00
Jens Langhammer 1ac4dacc3b outposts: fix error when comparing ports in docker controller when port mapping is disabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:15 +02:00
Jens Langhammer 9e7e22367b core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:10:44 +02:00
Jens Langhammer f5761dc70d core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 12:31:25 +02:00
Jens Langhammer 16380b3f7a api: ensure viewsets have default ordering
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:26:41 +02:00
Jens Langhammer 16f2603130 core: make user's name field fully options
closes #1537

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:23:27 +02:00
Jens Langhammer 847cfed73f web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:11:34 +02:00
Jens Langhammer 05b587ae44 outposts: fix error when comparing ports in docker controller when port mapping is disabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:44:07 +02:00
Jens Langhammer a515afae0b recovery: handle error when user doesn't exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:40:59 +02:00
Jens Langhammer 1c340ddbbd Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/package-lock.json
#	web/package.json
2021-10-04 22:02:56 +02:00
Jens Langhammer bcf7e162a4 release: 2021.9.5 2021-10-04 20:08:46 +02:00
Jens Langhammer cb37e5c10e stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-04 18:50:19 +02:00
Jens Langhammer 73bb778d62 stages/user_login: add check for user.is_active and tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:50:00 +02:00
Jens Langhammer b612a82e16 outposts: don't always build permissions on outpost.user access, only in signals and tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:57 +02:00
Jens Langhammer 09f43ca43b events: add missing migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:50 +02:00
Steven Armstrong 1c91835a26 providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514)
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.

fixes #1436

Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 18:49:45 +02:00
Jens Langhammer 3634bf4629 tests/integration: fix tests failing due to incorrect comparison
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:10 +02:00
Jens Langhammer 0692663537 stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:47:51 +02:00
Jens Langhammer b5649bdcc4 stages/user_login: add check for user.is_active and tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:37:05 +02:00
Jens Langhammer fab9a10487 outposts: don't always build permissions on outpost.user access, only in signals and tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:04:19 +02:00
Jens Langhammer 0f00b27384 events: add missing migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 17:51:31 +02:00
Steven Armstrong ab5981836d
providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514)
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.

fixes #1436

Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 10:56:06 +02:00
Jens Langhammer 036a4e86e2 tests/integration: fix tests failing due to incorrect comparison
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 22:54:07 +02:00
Jens Langhammer 45f99fbaf0 outposts: fix circular import in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:26 +02:00
Jens Langhammer 83150d9920 outposts: fix circular import in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:18 +02:00
Jens Langhammer e31a3307b5 providers/proxy: always check ingress secret in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
Jens Langhammer d28fcca344 outposts: check ports of deployment in kubernetes outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
Jens Langhammer c296e1214c web: fix package lock
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:37 +02:00
Jens Langhammer d30dcda814 providers/proxy: always check ingress secret in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:27 +02:00
Jens Langhammer c720c9f41b outposts: check ports of deployment in kubernetes outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:09:52 +02:00
Jens Langhammer 39d87841d0 outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:20:44 +02:00
Jens Langhammer b285814e24 sources/ldap: fix logic error in Active Directory account disabled status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:19:07 +02:00
Jens Langhammer 1c52836060 web: fix package lock
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 01:17:41 +02:00
Jens Langhammer 8dd77793a0 sources/ldap: fix logic error in Active Directory account disabled status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 00:30:35 +02:00
Jens Langhammer 3c1ac4c7ec outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:23 +02:00
Jens Langhammer faca127217 Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-10-01 12:19:11 +02:00
Jens Langhammer 1a6ea72c09 release: 2021.9.4 2021-10-01 09:51:51 +02:00
Jens Langhammer c251b87f8c sources/ldap: add support for Active Directory `userAccountControl` attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
Jens Langhammer 21a9aa229a sources/ldap: don't sync ldap source when no property mappings are set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
Jens Langhammer 53e15bfbca sources/ldap: add support for Active Directory `userAccountControl` attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:13:48 +02:00
Jens Langhammer 8bce16e6b4 sources/ldap: don't sync ldap source when no property mappings are set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 18:49:18 +02:00
Jens Langhammer 10b45d954e outposts: allow disabling of docker controller port mapping
closes #1474

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 00:11:50 +02:00
Jens Langhammer 4cb8ae760a outposts: allow disabling of docker controller port mapping
closes #1474

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-29 23:55:22 +02:00
Jens L f9ad102915
flows: inspector (#1469)
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
Jens Langhammer 941bc61b31 release: 2021.9.3 2021-09-27 17:31:50 +02:00
Jens Langhammer 282b364606 stages/prompt: fix inconsistent policy context for validation policies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-27 17:05:26 +02:00
pemontto 674bd9e05c
web/admin: Fix typo 'username address' -> 'username' (#1473) 2021-09-26 12:53:37 +02:00
Jens Langhammer b248f450dd outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
closes #1471

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 12:00:51 +02:00
pemontto aea1736f70
outposts/proxy: Fix failing traefik healtcheck (#1470) 2021-09-26 11:33:18 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
2021-09-25 15:00:06 +02:00
Jens Langhammer 79b92e764e *: fix typos in code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00
Jens Langhammer 919336a519 outposts: ensure service is always re-created with mismatching ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 23:45:15 +02:00
Jens Langhammer 93bdea3769 core: fix api return code for user self-update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 11:51:03 +02:00
Jens Langhammer 64b4e851ce events: add additional validation for event transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 16:29:58 +02:00
Jens Langhammer eddca478dc release: 2021.9.2 2021-09-23 12:34:02 +02:00
Jens Langhammer 74169860cf api: add logging to sentry proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 09:57:42 +02:00
Jens Langhammer 2fe6de0505 release: 2021.9.1 2021-09-22 19:11:20 +02:00
Jens Langhammer ae07f13a87 outposts: don't map port 9300 on docker, only expose port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:40:08 +02:00
Jens Langhammer e6b275add3 stages/invitation: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:41:05 +02:00
Jens Langhammer 27016a5527 stages/invitation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:30:51 +02:00
Jens Langhammer 4c29d517f0 stages/email: use different query arguments for email and invitation tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:55:53 +02:00
Jens Langhammer 180d27cc37 outposts: don't restart container when health checks are starting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:46:05 +02:00
Jens Langhammer 3195640776 stages/email: slugify token identifier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:26:25 +02:00
Jens Langhammer d900a2b6a9 *: fix lookup_fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:19:36 +02:00
Jens Langhammer 95a2fddfa8 policies/expression: add ak_user_has_authenticator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:13:41 +02:00
Jens Langhammer 8f7d21b692 stages/email: don't throw 404 when token can't be found
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:01:25 +02:00
Jens Langhammer 3f84abec2f core: fix token identifier not being slugified when created with user-controller input
closes #1390

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:43:25 +02:00
Jens Langhammer b5c857aff4 api: add explicit lookup_value_regex, disable include_format_suffixes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:42:56 +02:00
Jens Langhammer ac52667327 release: 2021.9.1-rc3 2021-09-19 21:52:49 +02:00
Jens Langhammer f6e0f0282d core: fix tokens not being viewable but superusers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 16:11:20 +02:00
Jens Langhammer 3f42067a8f web: improve display of action buttons with non-primary classes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:57:12 +02:00
Jens Langhammer ed6f5b98df sources/ldap: improve messages of sync tasks in UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:54:22 +02:00
Jens Langhammer c85484fc00 core: allow admins to create tokens with all parameters, re-add user to token form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:25:48 +02:00
Jens Langhammer 8279690a8f sources/ldap: prevent error when retrying old system task with no arguments
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 16:49:26 +02:00
Jens Langhammer 3d8d93ece5 root: log failed celery tasks to event log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:42 +02:00
Jens Langhammer 06af306e8a sources/ldap: bump timeout, run each sync component in its own task
closes #1411

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:20 +02:00
dependabot[bot] 3e4ce62dfe
build(deps-dev): bump pylint from 2.10.2 to 2.11.1 (#1409)
* build(deps-dev): bump pylint from 2.10.2 to 2.11.1

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.10.2 to 2.11.1.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.10.2...v2.11.1)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* root: update pylint config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 09:46:39 +02:00
Jens Langhammer 28189bdddf release: 2021.9.1-rc2 2021-09-16 23:23:36 +02:00
Jens L 13e2eea72f
web/user: new end-user interface (#1404)
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 22:17:05 +02:00
Jens L 9441be1ee2
interface split (#943) 2021-09-16 17:30:16 +02:00
Jens Langhammer 17503365f7 policies: improve error handling when using bindings without policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:31 +02:00
Jens Langhammer ebf9f0ca63 stages/email: don't crash when testing stage does not exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:08 +02:00
Jens Langhammer ae26d2756f providers/saml: improved error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:58:51 +02:00
Jens Langhammer 124071f9be root: remove python requirement from pipfile
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:37:43 +02:00
Jens Langhammer 341c58a722 core: fix token expiry for service accounts being only 30 minutes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 09:57:34 +02:00
Jens Langhammer bdd5e16db1 release: 2021.9.1-rc1 2021-09-15 20:20:54 +02:00
Jens Langhammer d4672bfe79 events: log parsed query string instead of just full path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 20:15:04 +02:00
Jens Langhammer abd9fab41a api: fix call of sentry proxy task
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:39:58 +02:00
Jens Langhammer 7c8bf42ef9 api: send proxied sentry events in background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:12:20 +02:00
Jens Langhammer 274b555912 api: add timeout for sentry proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 18:59:27 +02:00
Jens Langhammer 916530f0d8 providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui
closes #1369

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 17:14:53 +02:00
Jens Langhammer 95efd47f65 root: remove asgi error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 12:23:14 +02:00
Jens Langhammer 90ecb1af7f outposts: fix service account's permissions being checked twice
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:55:27 +02:00
Jens Langhammer d7fdca1b44 stages/email: fix error when retrying email delivery after stage has been deleted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:50:11 +02:00
Denis Teyssier 37346763dc
sources/oauth: Updating token url to new google url (#1397)
the present url goes to a 404
google openid (https://accounts.google.com/.well-known/openid-configuration) says the new url is `https://oauth2.googleapis.com/token`

not using the new url makes authentik fallback on the default auth flow
2021-09-15 09:15:19 +02:00
Jens Langhammer ef341dd405 stages/user_write: add option to add newly created users to a group
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 21:45:34 +02:00
Jens Langhammer 3ddf2d6f85 sources/oauth: fix type lookup for openid not matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 14:38:35 +02:00
Jens Langhammer ba6849f29c *: remove string.format()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 12:06:47 +02:00
Jens Langhammer 942170f902 Revert "sources/oauth: fix access_token being sent as query param and not authorization header"
This reverts commit 248f993541.
2021-09-14 11:59:32 +02:00
Jens Langhammer 248f993541 sources/oauth: fix access_token being sent as query param and not authorization header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 11:07:36 +02:00
Jens Langhammer 3a700a449a sources/oauth: don't try to load azure AD user ID as UUID
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 09:33:44 +02:00
Jens Langhammer 23444f4df0 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:19:28 +02:00
Jens Langhammer 71e68b498e core: optimise groups api by removing member superuser status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:06:37 +02:00
Jens Langhammer fb267ee223 tenants: optimise db queries in middleware
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 17:54:37 +02:00
Jens Langhammer a4b3519428 api: fix possible error in sentry proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 16:36:04 +02:00
Jens Langhammer 9a7fa39de4 events: allow setting a mapping for webhook transport to customise request payloads
closes #1383

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-12 01:05:42 +02:00
Jens Langhammer c779ad2e3b *: use common user agent for all outgoing requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 21:08:26 +02:00
Jens Langhammer 7e7ef289ba admin: migrate to new update check, add option to disable update check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 20:35:23 +02:00
Jens Langhammer bf771f8b6c release: 2021.8.5 2021-09-11 19:20:13 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 18:15:59 +02:00
Jens Langhammer 39b365c6ae sources/oauth: don't cancel flow when redirecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 16:36:10 +02:00
Jens Langhammer e229eda96e outposts/controllers/kubernetes: don't create service monitor for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 15:59:39 +02:00
Jens Langhammer 4448145aa9 providers/proxy: use auth/traefik subpath
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 13:53:04 +02:00
Jens Langhammer 7dfbcdbb81 stages/authenticator_duo: add API to "import" devices from duo
closes #1371

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 11:35:09 +02:00
Jens Langhammer 2862b4ecfb core: remove ?v from static files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 20:09:12 +02:00
Jens Langhammer 13d17dc729 lib: fix default listening port for metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:40:39 +02:00
Jens Langhammer 5cf3a13ca8 flows: fix invalid parameter in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:36:51 +02:00
Jens Langhammer d0898a3869 flows: ensure all StageViews accept post, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:30:14 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens Langhammer da58796768 providers/proxy: fix defaults for old proxy providers (load providers directly)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:54:24 +02:00
Jens Langhammer d98499a3fa providers/proxy: fix defaults for old proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:26:36 +02:00
Jens Langhammer f3ff398a44 providers/proxy: add metrics port to controllers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:01:22 +02:00
Jens Langhammer 533eb59a04 outposts/controllers: re-create service when mismatched ports to prevent errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:00:53 +02:00
Jens Langhammer 502393ee56 outpost/proxyv2: allow port offset via yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 21:07:06 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer de3e1c3dbc sources/oauth: fix FlowExecutor view call
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:39:03 +02:00
Jens Langhammer 3c6aac5435 sources/oauth: prevent potentially confidential data from being logged
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:05:18 +02:00
Jens Langhammer eeb755ab7d root: show location header in logs when redirecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:04:00 +02:00
Jens Langhammer 70d0dd51a5 sources/oauth: cancel currently active flows before redirecting out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:03:45 +02:00
Jens Langhammer 0bae550520 root: include authentik version in backup naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-05 20:25:02 +02:00
github-actions[bot] 9dbafaaea2 web: Update Web API Client version (#1348)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:49:16 +02:00
Jens Langhammer 2db8b07578 events: add mark_all_seen
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:08:12 +02:00
Jens Langhammer b7ef076798 outposts: add expected outpost replica count to metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:56:57 +02:00
Jens Langhammer 37c29a073e policies/password: fix symbols not being checked correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:21:48 +02:00
Jens Langhammer 6ec8432217 policies/password: don't use regex for symbol detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:36:01 +02:00
Jens Langhammer 3ba84a8e8b stages/identification: fix empty user_fields query returning first user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:07:14 +02:00
Jens Langhammer 3378e82ec7 root: fix is_secure with safari on debug environments
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 13:45:50 +02:00
Jens Langhammer e09a27cf87 events: remove authentik_events gauge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 18:04:26 +02:00
Jens Langhammer 200e409d91 core: minor query optimization
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 14:02:57 +02:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
Jens Langhammer c2b9dc5c75 api: cache schema, fix server urls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:23:14 +02:00
Jens Langhammer 276d8fe5cf release: 2021.8.4 2021-09-02 20:21:21 +02:00
Jens Langhammer 7fea20375f *: fix tests not using APITestCase
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 19:14:21 +02:00
Jens Langhammer f0db408699 api: add v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00
Jens Langhammer cc5cc43baa api: fix sentry endpoint not working due to mime-media
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 16:56:53 +02:00
Jens Langhammer e512f085db root: allow enabling s3 backup ssl verification
closes #1332

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 09:41:55 +02:00
Jens Langhammer 26fd66d831 stages/authenticator_validate: fix variable shadowing, optimization
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:54:54 +02:00
Jens Langhammer 4fc8e61f8c stages/authenticator_validate: show single button for multiple webauthn authenticators
tested with browser + yubikey 5

closes #1096

The order of allowCredentials doesn't seem to matter, chrome seems to always choose the internal authenticator first.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:28:52 +02:00
Jens Langhammer 17cb76c334 stages/invitation: fix invitation not inheriting ExpiringModel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 14:25:19 +02:00
Jens Langhammer 5745ffa0a8 ci: don't login to docker on forks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-31 09:31:10 +02:00
Jens Langhammer 1b8271d767 flows: disable compatibility_mode by default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 17:18:43 +02:00
Jens Langhammer 3e9f5ec5ef providers/proxy: improve error handling for non-tls ingresses
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:57 +02:00
Jens Langhammer 63f57b6a77 events: improve logging for task exceptions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:44 +02:00
Jens Langhammer a016f99450 core: fix user_obj being empty on token API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 12:51:17 +02:00
Jens Langhammer 0c6e781e5b providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 20:49:11 +02:00
Jens Langhammer 523b96a6d2 api: add basic rate limiting for sentry endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 19:33:18 +02:00
Jens Langhammer b1ed2154ac policies/password: fix PasswordStage not being usable with prompt stages, rework validation logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 00:40:36 +02:00
Jens Langhammer 160139813d release: 2021.8.3 2021-08-28 16:58:44 +02:00
Jens Langhammer 582ad92c76 outposts/k8s: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 14:58:26 +02:00
Jens Langhammer f61736e3d1 stages/identification: add error handling when password isn't set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 12:54:10 +02:00
Jens Langhammer 2d8b4f543b providers/proxy: fix url parsing for traefik labels on docker containers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 22:21:16 +02:00
Jens Langhammer 8542dc10ab providers/proxy: fix docker container labels not being inherited correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 20:20:34 +02:00
Jens Langhammer 12ddee3bb6 outpost: add additional labels to docker container
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:27 +02:00
Jens Langhammer dc41d0af27 outposts: add configurable docker_network for outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:11 +02:00
Jens Langhammer c4f72c2bc1 release: 2021.8.2 2021-08-26 17:58:20 +02:00
Jens Langhammer e92f9836e3 root: allow django auth backend for upgrading users with cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 17:57:25 +02:00
Jens Langhammer 897f6f3473 release: 2021.8.1 2021-08-26 16:03:45 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 09:36:41 +02:00
Jens Langhammer 0ccec96490 core: make user optional in token creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 21:21:51 +02:00
Jens Langhammer d79975c409 core: fix user object for token not be setable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 20:43:34 +02:00
Jens Langhammer 20d65035d5 core: fix error when user updates themselves
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 17:52:50 +02:00
Jens Langhammer 8d6227377f core: fix error for asgi error handler with websockets
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 10:24:01 +02:00
Jens Langhammer 4d27694706 release: 2021.8.1-rc2 2021-08-24 21:29:29 +02:00
Jens Langhammer d7ad5f6a16 core: add API to create service account with token for app password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 20:09:22 +02:00
Jens Langhammer 5af9a3d3be sources/saml: fix error when getting metadata
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:51:08 +02:00
Jens Langhammer dec34bc948 stages/password: fix replace_inbuilt not being called
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:37:39 +02:00
Jens Langhammer cc6d5765f2 web/admin: fix inconsistent ordering for ldap property mappings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:04:19 +02:00
Jens Langhammer 2ec1ff2ebb sources/ldap: fix error when modifying ldap source with password write-back
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:41 +02:00
Jens Langhammer 884c2bd0e9 root: fix missing ldap backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:19 +02:00
Jens Langhammer 2c938ec9dc stages/password: sort backends in migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 12:44:45 +02:00
Jens Langhammer 9733caf3b7 admin: use copy for environ api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 11:39:49 +02:00
Jens Langhammer 10e50bc77f stages/user_login: improve logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:58:50 +02:00
Jens Langhammer 5be152e12d stages/password: fix migration error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:57:20 +02:00
Jens Langhammer b0efab6d6d admin: add env to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:55:46 +02:00
Jens Langhammer c60ba91fee core: fix auth saving entire models into session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 23:59:43 +02:00
Jens Langhammer cba255eaaa Merge branch 'master' into app-passwords
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/tests/test_source_flow_manager.py
#	authentik/stages/authenticator_validate/tests.py
#	authentik/stages/password/tests.py
#	scripts/generate_ci_config.py
2021-08-23 21:21:12 +02:00
Jens L 859cf2bd8f
lib: move id and key generators to lib (#1286)
* lib: move generators to lib

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: bump default token key size

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix split being used for http basic auth instead of partition

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: don't rethrow error in ActionButton

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:27:38 +02:00
Jens Langhammer a2578ffaad core: add token tests for invalid intent and token auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:21:54 +02:00
Jens Langhammer 888526a2a7 stages/user_write: fix wrong fallback authentication backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:31:23 +02:00
Jens Langhammer 27cc5d7138 core: fix authentication error when no request is given
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:09:53 +02:00
Jens Langhammer 5face5410f web/admin: select all password stage backends by default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 18:08:29 +02:00
Jens Langhammer e27a6fdeeb events: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:48:28 +02:00
Jens Langhammer 033c9a3bd3 core: fix token intent not defaulting correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:33:35 +02:00
Jens Langhammer 0b280c0a47 website: fix example flows using incorrect backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:26:07 +02:00
Jens Langhammer 07a4f474f4 website/docs: add docs for `auth_method` and `auth_method_args` fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00
Jens Langhammer 244dc671db Merge branch 'master' into app-passwords 2021-08-23 17:12:17 +02:00
Jens Langhammer 4308136108 root: fix error_handler for websocket
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:12:11 +02:00
Jens Langhammer 69a0153619 core: use custom inbuilt backend, set backend login information in flow plan for events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:09:53 +02:00
Jens Langhammer 00e9b91f56 web/admin: fix missing app passwords backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:47:38 +02:00
Jens Langhammer 4cf76fdcda stages/password: auto-enable app password backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:39:39 +02:00
Jens Langhammer f217d34a98 web/admin: allow users to create app password tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:27:39 +02:00
Jens Langhammer 9a6a3e66b8 root: update schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:14:33 +02:00
Jens Langhammer 20572c728d core: add new token intent and auth backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:05:29 +02:00
Jens Langhammer f6953296d8 outposts: add recursion limit for docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:28 +02:00
Jens Langhammer e4790f9060 core: handle error when ?for_user is not numberical
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:18 +02:00
Jens Langhammer 58712047e1 root: add ASGI Error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:15:12 +02:00
Jens Langhammer 85915905dc web/flows: fix error during error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:11:30 +02:00
Jens Langhammer 12e2f7b945 outposts: add repair_permissions command
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:53:53 +02:00
Jens Langhammer 45d47f828a outpost: handle non-existant permission
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:39:47 +02:00
dependabot[bot] 7efec281be
build(deps-dev): bump pylint from 2.9.6 to 2.10.2 (#1280)
* build(deps-dev): bump pylint from 2.9.6 to 2.10.2

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.9.6 to 2.10.2.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.9.6...v2.10.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: add missing encoding to open() calls

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 10:10:31 +02:00
Jens Langhammer 7639cdad0a release: 2021.8.1-rc1 2021-08-22 20:17:35 +02:00
Jens Langhammer b003e8e1e8 sources/oauth: fix openidconnect provider name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 18:36:06 +02:00
Jens Langhammer 294d70ae4d outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 17:53:09 +02:00
Jens Langhammer 3e909ae6bb core: allow filtering users by the groups they are in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer b4f738492d sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:52:41 +02:00
Jens Langhammer bff7addb55 stages/password: adjust name of default prompt stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:16:18 +02:00
Jens Langhammer 2a90c0b35e sources/oauth2: migrate to microsoft graph instead of azure graph
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:15:29 +02:00
Jens Langhammer 93e27d1959 web: improve failed request handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:40:45 +02:00
Jens Langhammer 02c736d784 lib: ignore installation specific errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer 6433b5982e api: add cache timeouts to config API for outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer 18eccd995d sources/plex: fix linting error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:44:54 +02:00
Jens Langhammer 495b068be5 web: add plex connection deletion support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer 84c4547005 sources/plex: add API for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer 8fe38b528b outposts: fix managed check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-16 09:36:01 +02:00
Jens Langhammer 0a6efab7cb outposts: fix syntax
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 20:59:37 +02:00
Jens Langhammer b35e62e5ae outposts: don't start docker container for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 18:10:49 +02:00
Jens Langhammer 2592fc3826 sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 19:09:29 +02:00
Jens Langhammer d9ece98bbc core: fix token expiration not being updated upon key rotation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:22:42 +02:00
Jens Langhammer 1524efcf51 core: fix expired tokens not being returned by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:21:53 +02:00
Jens Langhammer c92c0102ca website/docs: add database port parameter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 02:24:36 +02:00
Jens Langhammer c6dddc97f0 core: fix error when migrating with AK_ADMIN_TOKEN set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 22:36:52 +02:00
Jens Langhammer 38292a588b website/docs: add docs for automated installs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:57:58 +02:00
Jens Langhammer e90da9283e core: add support to bootstrap token on initial install using AK_ADMIN_TOKEN in environment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:45:49 +02:00
Jens Langhammer e0e0f4fa6c core: fix users's group list not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 20:16:45 +02:00
Jens Langhammer ec95a2bddc core: allow changing of groups a user is in from user api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00
Jens Langhammer de9d483b9f admin: add API to show embedded outpost status, add notice when its not configured properly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:16:11 +02:00
Jens Langhammer 557724768a core: add API to directly send recovery link to user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 13:54:59 +02:00
Jens Langhammer d18e829d80 providers/ldap: fix error in outpost when certificate is configured
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 20:47:26 +02:00
Jens Langhammer 7a836e0d7e api: fix backup capability not being detected correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:32:29 +02:00
Jens Langhammer f496b8b5d7 providers/oauth2: add more test cases for token view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:20:32 +02:00
Jens Langhammer 837fa23af0 outpost: only set embedded outpost config on creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 22:23:33 +02:00
Jens Langhammer 665c1aa81b providers/proxy: don't create ingress when no hosts are defined
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:46:05 +02:00
Jens Langhammer ebc6afe015 outpost: fix detection of embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:39:08 +02:00
Jens Langhammer 45bee4b4dc outposts: fix test for config validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 17:14:05 +02:00
Jens Langhammer c025d64ba3 outpost: revert managed config, make authentik_host field optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:58:01 +02:00
Jens Langhammer 2a53bc4330 outpost: add fallback for authentik_host when its not set in config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:32:26 +02:00
Jens Langhammer 8180d6f9e8 outposts: don't override authentik_host for embedded outpost authentik_host
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:29:33 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:06:44 +02:00
Jens Langhammer 3367b83368 providers/saml: use idp-initiated sso flow as launch url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 15:01:52 +02:00
Jens Langhammer f0a8c30ce9 outposts: create different service when using embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 14:01:39 +02:00
Jens Langhammer b36a3100e6 outposts: allow empty provider list for embedded provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:32:44 +02:00
Jens Langhammer e02207f38d outpost/embedded: use redis session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:12:22 +02:00
Jens Langhammer 9a8240bdd1 proviers/saml: fix validation error not being raised
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:39:30 +02:00
Jens Langhammer f6ab241219 providers/oauth2: fix accessing undefined variable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:35:17 +02:00
Jens Langhammer b0f09eb2c4 web/admin: fix Table not updating selectedElements correctly after update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 20:53:28 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
Jens Langhammer 2d5094fdf7 root: fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-06 00:11:24 +02:00
Jens Langhammer 8044818a4d core: add additional cleanup for authenticated sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 23:25:40 +02:00
Jens Langhammer a43fb026a0 Merge branch 'version-2021.7'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/providers/saml/processors/metadata_parser.py
#	web/src/pages/sources/oauth/OAuthSourceForm.ts
#	web/src/pages/sources/plex/PlexSourceForm.ts
#	web/src/pages/users/UserForm.ts
2021-08-05 20:23:32 +02:00
Jens Langhammer 18211a2033 release: 2021.7.3 2021-08-05 19:23:03 +02:00
Jens Langhammer 1b91543add core: add UserSelfSerializer and separate method for users to update themselves with limited fields
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	web/src/elements/forms/ModelForm.ts
#	web/src/pages/user-settings/UserDetailsPage.ts
#	web/src/pages/user-settings/UserSettingsPage.ts
2021-08-05 17:47:45 +02:00
Jens Langhammer 6fe5175f21 core: add UserSelfSerializer and separate method for users to update themselves with limited fields
rework user settings page to better use form
closes #1227

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 17:42:19 +02:00
Jens Langhammer aa4f7fb2b6 providers/saml: fix error when PropertyMapping return value isn't string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-04 00:22:07 +02:00
Jens Langhammer 4f1c11c5ef providers/saml: add WantAssertionsSigned
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/saml/processors/metadata_parser.py
2021-08-04 00:21:54 +02:00
Jens Langhammer a449f9c69b providers/saml: fix error when PropertyMapping return value isn't string
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:56 +02:00
Jens Langhammer 36b346662c providers/saml: add WantAssertionsSigned
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:13 +02:00
Jens Langhammer 9d392931df root: fix lint errors from re-format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 18:09:16 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
Jens Langhammer 9c9bcb7a01 Merge branch 'version-2021.7' 2021-08-01 19:23:22 +02:00
Jens Langhammer add7a80fdc release: 2021.7.2 2021-08-01 19:11:50 +02:00
Jens Langhammer aac91c2e9d stages/email: handle OSError
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
Jens Langhammer 85e86351cd flows: fix flows not redirecting correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
Jens Langhammer a939e224fc stages/email: handle OSError
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:53:13 +02:00
Jens Langhammer 1fc2bcf02b flows: fix flows not redirecting correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:50:43 +02:00
Jens Langhammer d767504474 flows: don't check redirect URL when set from flow plan (set from authentik or policy)
closes #1203

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer f84cd6208c flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer 1ec540ea9a providers/saml: fix metadata being inaccessible without authentication
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer 4e5dba1d0b flows: don't check redirect URL when set from flow plan (set from authentik or policy)
closes #1203

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:10:45 +02:00
Jens Langhammer 92a448b677 flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:56:48 +02:00
Jens Langhammer f875149983 providers/saml: fix metadata being inaccessible without authentication
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:50:17 +02:00
Jens Langhammer 29fe731bbf providers/saml: fix Error when getting metadata for invalid ID
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:09:22 +02:00
Jens Langhammer d70b81fe43 providers/saml: fix Error when getting metadata for invalid ID
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:50:54 +02:00
Jens Langhammer 26e66969c9 stages/invitation: delete invite only after full enrollment flow is completed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:22:02 +02:00
Jens Langhammer b58c913618 stages/invitation: delete invite only after full enrollment flow is completed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:21:27 +02:00
Jens Langhammer 72b7642c5a outposts: catch invalid ServiceConnection error in outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
Jens Langhammer a97f842112 sources/plex: add background task to monitor validity of plex token
closes #1205

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
Jens Langhammer 35c1476bbe outposts: catch invalid ServiceConnection error in outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:25:11 +02:00
Jens Langhammer 18bb4fd0bf sources/plex: add background task to monitor validity of plex token
closes #1205

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:24:52 +02:00
Jens Langhammer 293c479364 outposts: ensure embedded outpost is created with integration selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-31 21:09:38 +02:00
Jens Langhammer 0cb4d64b57 stages/email: fix error when re-requesting email after token has expired
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
Jens Langhammer a4fd58a0db events: ensure fallback result is set for on_failure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
Jens Langhammer 8ceef82c55 stages/email: fix error when re-requesting email after token has expired
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:24 +02:00
Jens Langhammer f933cd99ad events: ensure fallback result is set for on_failure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:37:53 +02:00
Jens Langhammer fb6e8ca1eb events: remove default result for MonitoredTasks, only save when result was set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:43:29 +02:00
Jens Langhammer 7ac5091e5a events: remove default result for MonitoredTasks, only save when result was set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:42:56 +02:00
Jens Langhammer bc9ff792a8 outposts: manage config for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:29:38 +02:00
Jens Langhammer a5c8caf909 providers/oauth2: fix error when requesting jwks keys with no rs256 aet
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:59 +02:00
Jens Langhammer 8495ff9fc0 providers/oauth2: fix error when requesting jwks keys with no rs256 aet
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:31 +02:00
Jens Langhammer a3981dd3cd providers/proxy: fix hosts for ingress not being compared correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:35:50 +02:00
Jens Langhammer affafc31cf sources/ldap: improve ms-ad password complexity checking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:35:47 +02:00
Jens L f01bc20d44
Embedded outpost (#1193)
* api: allow API requests as managed outpost's account when using secret_key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: load secret key from env

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: make listener IP configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: run outpost in background and pass requests conditionally

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: unify branding to embedded

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix embedded outpost not being editable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix mismatched host detection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix LDAP test not including user for embedded outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix user matching

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add tests for secret_key auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: load environment variables using github.com/Netflix/go-env

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:30:30 +02:00
Jens Langhammer 75ff2480e2 providers/proxy: fix hosts for ingress not being compared correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-28 16:08:06 +02:00
Jens Langhammer bc7f84fff4 sources/ldap: improve ms-ad password complexity checking
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-28 12:47:52 +02:00
Jens Langhammer e6b515e3f7 release: 2021.7.1 2021-07-27 10:35:45 +02:00
Jens Langhammer b752540800 core: fix pagination not working correctly with applications API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-26 19:12:23 +02:00
Jens Langhammer e7b7bfddd6 providers/oauth2: fix blank redirect_uri not working with TokenView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-26 11:29:16 +02:00
Jens Langhammer f21ebf5488 core: add tests for flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 23:20:38 +02:00
Jens Langhammer 5615613ed1 core: fix CheckApplication's for_user flag not being checked correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 22:29:15 +02:00
Jens Langhammer 669329e49c tenants: set tenant uuid in sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 22:28:09 +02:00
Jens Langhammer 3c9cc9d421 Merge branch 'version-2021.7' 2021-07-24 20:07:42 +02:00
Jens Langhammer 1972464a20 tenants: make event retention configurable on tenant level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-24 20:07:12 +02:00
Jens Langhammer 3041a30193 release: 2021.7.1-rc2 2021-07-24 18:32:05 +02:00
Jens Langhammer 8ae7403abc core: add group filter by member username and pk
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 19:35:41 +02:00
Jens Langhammer f6e1bfdfc8 outpost: fix 100% CPU Usage when not connected to websocket
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 18:57:26 +02:00
Jens Langhammer 8cd1223081 core: add email filter for user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:10:42 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 16:20:26 +02:00
Jens Langhammer ff64814f40 web/admin: improve UI for notification toggle
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 14:17:56 +02:00
Jens Langhammer 66bfa6879d outposts/proxy: add X-Auth-Groups header to pass groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:47:58 +02:00
Jens Langhammer c05240afbf lib: fix outpost fake-ip not working, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:10:25 +02:00
Jens Langhammer 7370dd5f3f outposts: ensure outpost SAs always have permissions to fake IP
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:02:20 +02:00
Jens Langhammer 896e5adce2 sources/ldap: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 00:40:55 +02:00
Jens Langhammer a3abbcec6a sources/ldap: improve error handling for property mappings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:49:09 +02:00
Jens Langhammer 70e000d327 providers/saml: improve error handling for property mappings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:14:03 +02:00
Jens Langhammer a7467e6740 providers/oauth2: handler PropertyMapping exceptions and create event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 22:51:39 +02:00
Jens Langhammer b3da94bbb8 core: broaden error catching for propertymappings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 22:50:39 +02:00
Jens Langhammer 39ad9d7c9d release: 2021.7.1-rc1 2021-07-21 10:44:40 +02:00
Jens Langhammer ba9a4efc9b providers/oauth2: fix nonce field not being optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:34:01 +02:00
Jens Langhammer 902378af53 providers/oauth2: fix redirect_uris not having blank set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:22:09 +02:00
Jens Langhammer 2352a7f4d6 providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:21:08 +02:00
Jens Langhammer a2c587be43 outposts: don't authenticate as service user for flows to set remote-ip
set outpost token as additional header and check that token (user) if they can override remote-ip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:17:13 +02:00
Jens Langhammer 538a466090 root: fix middleware exception for outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 22:10:50 +02:00
Jens Langhammer 322a343c81 root: fix log level not being set to DEBUG for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 21:45:08 +02:00
Jens Langhammer b3159a74e5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
#	internal/outpost/ak/api.go
#	internal/outpost/ak/api_uag.go
#	internal/outpost/ak/global.go
#	internal/outpost/ldap/api_tls.go
#	internal/outpost/ldap/instance_bind.go
#	internal/outpost/ldap/utils.go
#	internal/outpost/proxy/api_bundle.go
#	outpost/go.mod
#	outpost/go.sum
#	outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Starz0r ae77c872a0
root: celery requires additional parameters when tls is enabled (#1148) 2021-07-16 08:51:09 +02:00
Starz0r a5bb583268
root: optional TLS support on redis connections (#1147)
* root: optional TLS support on redis connections

* root: don't use f-strings when not interpolating variables

* root: use f-string in redis protocol prefix interpolation

* root: glaring typo

* formatting

* small formatting change I missed

* root: swap around default redis protocol prefixes
2021-07-15 11:48:52 +02:00
Jens Langhammer 212ff11b6d api: fix Capabilities check for s3 backup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-15 09:58:07 +02:00
Jens Langhammer aa701c5725 core: don't delete expired tokens, rotate their key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer 6f98833150 core: allow users to create non-expiring tokens when flag is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer 7c2decf5ec providers/ldap: squash migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 09:22:25 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138)
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens Langhammer 84e9748340 policies/reputation: handle cache error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-13 18:47:32 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 2036827f04 api: add sentry tunnel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-13 10:58:14 +02:00
Starz0r 5cfbb0993a
Allow for Configurable Redis Port (#1124)
* root: make redis port configurable

* root: parse redis port from config as an integer

* code formatting

* lifecycle: truncate line under 100 chars

* lifecycle: incorrect indenting on newline
2021-07-12 11:01:41 +02:00
Jens Langhammer 02f87032cc Merge branch 'master' into inbuilt-proxy 2021-07-11 12:41:16 +02:00
Jens Langhammer 3c0cc27ea1 events: fix error when slack notification request failed without a response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:52:19 +02:00
Jens Langhammer ec254d5927 flows: allow variable substitution in flow titles
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:46:39 +02:00
Jens Langhammer 92ba77e9e5 core: fix error when setting icon/background to url longer than 100 chars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:31:32 +02:00
Jens Langhammer 90fe1c2ce8 providers/oauth2: allow blank redirect_uris to allow any redirect_uri
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-08 19:28:35 +02:00
Jens Langhammer 40428f5a82 providers/saml: fix parsing of POST bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 16:54:58 +02:00
Jens Langhammer 007838fcf2 root: subclass SessionMiddleware to set Secure and SameSite flag depending on context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 14:48:36 +02:00
Jens Langhammer 7c51afa36c root: set samesite to None for SAML POST flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 12:39:51 +02:00
Jens Langhammer 948db46406 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
Jens Langhammer adc4cd9c0d release: 2021.6.4 2021-07-05 16:59:29 +02:00
Jens Langhammer df92111296 outposts: update outpost permissions on m2m change
closes #1105

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 19:37:12 +02:00
Jens Langhammer 5afe88a605 outposts: fix empty message when docker outpost controller has changed nothing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 13:48:43 +02:00
Jens Langhammer 320dab3425 core: only show `Reset password` link when recovery flow is configured
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:59:41 +02:00
Jens Langhammer 5fd408ca82 outposts: fix docker controller not checking ports correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:32:55 +02:00
Jens Langhammer becb9e34b5 outposts: fix docker controller not checking env correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 22:17:29 +02:00
Jens Langhammer 4917ab9985 outposts: fix container not being started after creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 21:59:47 +02:00
Jens Langhammer bd92505bc2 core: add notice about duplicate keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 21:52:28 +02:00
Jens Langhammer bf0141acc6 crypto: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:57:25 +02:00
Jens Langhammer 0c8d513567 stages/user_write: add wrapper for post to user_write
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:37 +02:00
Jens Langhammer d07704fdf1 crypto: show both sha1 and sha256 fingerprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:27 +02:00
Jens Langhammer 086a8753c0 flows: handle old cached flow plans better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:22:09 +02:00
Jens Langhammer 2c9b596f01 web/admin: run explicit update after loading instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:41:42 +02:00
Jens Langhammer 7257108091 sources/oauth: create configuration error event when profile can't be parsed as json
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:11:49 +02:00
Jens Langhammer 77a507d2f8 providers/oauth2: add revoked field, create suspicious event when previous token is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:59:01 +02:00
Jens Langhammer 3e60e956f4 providers/oauth2: fix CORS headers not being set for unsuccessful requests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:49:00 +02:00
Jens Langhammer 84ec70c2a2 providers/oauth2: use self.expires for exp field instead of calculating it again
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:32:58 +02:00
Jens Langhammer 3dc9e247d5 Merge branch 'master' into inbuilt-proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	internal/constants/constants.go
#	outpost/pkg/version.go
2021-07-02 16:23:30 +02:00
Jens Langhammer 3e26170f4b providers/oauth2: deepmerge claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-01 17:33:46 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095)
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-30 10:37:28 +02:00
Jens Langhammer 2a0bd50e23 outposts: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 17:08:12 +02:00
Jens Langhammer ce49d7ea5b outposts: make managed outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:20:44 +02:00
Jens Langhammer 8429dd19b2 Merge branch 'master' into inbuilt-proxy 2021-06-29 16:20:24 +02:00
Jens Langhammer 680b182d95 release: 2021.6.3 2021-06-29 16:19:07 +02:00
Jens Langhammer 621843c60c flows: fix migration dependency issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:55:07 +02:00
Jens Langhammer c19da839b1 stages/user_write: add create_users_as_inactive flag
close #1086

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:24:54 +02:00
Jens Langhammer fea1f3be6f stages/prompt: ensure hidden and static fields keep the value they had set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 22:29:36 +02:00
Jens Langhammer 6f5ec7838f events: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:57:28 +02:00
Jens Langhammer 5d3931c128 events: ignore notification non-existent in transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:15:00 +02:00
Jens Langhammer 262a8b5ae8 api: use partition instead of split for token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:13:08 +02:00
Jens Langhammer 2b1356bb91 flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses
closes #1079

Default value of `retry` behaves like previous version.

`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 00:22:09 +02:00
Jens Langhammer ba9edd6c44 flows: handle possible errors with FlowPlans received from cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 22:03:48 +02:00
Jens Langhammer 3b2b3262d7 flows: add FlowStageBinding to flow plan instead of just stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 18:47:04 +02:00
Jens Langhammer 5431e7fe9d tenants: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 15:12:47 +02:00
Jens Langhammer 7d9c74ce04 tenants: include all default flows in current_tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:47:49 +02:00
Jens Langhammer 60c3cf890a events: add ability to create events via API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:37:03 +02:00
Jens Langhammer 0403f6d373 web/admin: add flow export button on flow view page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 22:03:19 +02:00
Jens Langhammer 9bd613a31d stages/authenticator_duo: fix component not being set in API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 20:49:58 +02:00
Jens Langhammer 3fe0483dbf core: fix flow background not correctly loading on initial draw
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 20:29:45 +02:00
Jens Langhammer b8bdf7a035 outposts: fix outpost being re-created when in host mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 15:15:18 +02:00
Jens Langhammer a3ff7cea23 providers/oauth2: fix usage of timedelta.seconds
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 11:55:00 +02:00
Jens Langhammer bb776c2710 outposts: check docker container ports match
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 11:54:35 +02:00
Jens Langhammer 6930c84425 events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-24 13:01:41 +02:00
Jens Langhammer 1554dc9feb outposts: make outpost managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 21:26:24 +02:00
Jens Langhammer 2b98637ca5 lib: fix regex_match result being inverted, add tests
closes #1073

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 20:06:43 +02:00
Jens Langhammer d1198fc6c1 sources/ldap: improve error handling when checking for password complexity on non-ad setups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1067
2021-06-23 00:24:05 +02:00
Jens Langhammer 31a58e2c25 release: 2021.6.2 2021-06-22 23:35:10 +02:00
Jens Langhammer b69248dd55 stages/authenticator_validate: fix error when using not_configured_action=configure
closes #1048

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 20:08:58 +02:00
Jens Langhammer 5ff5edf769 outposts: improve logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 18:51:02 +02:00
Jens Langhammer 939889e0ec tenants: fix footer_links for moved config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 15:48:17 +02:00
Jens Langhammer 19ae6585dc lib: add tests for config loader
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 13:12:07 +02:00
Jens Langhammer c6ede78fba core: add support for custom urls for avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 12:25:24 +02:00
Jens Langhammer 9b5e3921cb providers/saml: better handle decoding errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 22:48:34 +02:00
Jens Langhammer f6026fdb13 root: allow loading local /static files without debug flag
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 21:21:35 +02:00
Jens Langhammer a4856969f4 outposts: fix port and inner_port being mixed on docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 19:19:06 +02:00
Jens Langhammer 2aa7266688 crypto: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 16:24:03 +02:00
Jens Langhammer c0c246edab crypto: catch error when loading private key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 15:57:48 +02:00
Jens Langhammer 831b32c279 core: fix PropertyMapping's globals not matching Expression policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 15:54:43 +02:00
Jens Langhammer 70ccc63702 core: remove default flow background from default css, set static in base_full and dynamically in if/flow
closes #1056

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:37:34 +02:00
Jens Langhammer de954250e5 root: make general cache timeouts configurable
closes #974

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:18:49 +02:00
Jens Langhammer f268bd4c69 policies: make policy result cache timeout configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:17:58 +02:00
Jens Langhammer 57a48b6350 flows: make flow plan cache timeout configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:17:11 +02:00
Jens Langhammer 9aac114115 root: save temporary database dump in /tmp
closes #1055

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 09:58:19 +02:00
Jens Langhammer 4327b35bc3 tenants: fix tenant not being queried correctly when using accessing over a child domain
closes #1044

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 14:39:21 +02:00
Jens Langhammer f7047df40e policies: don't use policy cache when checking application access
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 13:30:07 +02:00
Jens Langhammer ede072889e core: deepmerge user.group_attributes, use group_attributes for user settings
closes #1051

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-19 19:52:55 +02:00
Jens Langhammer 9cb7e6c606 root: set outposts.docker_image_base to gh-master for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-19 15:49:49 +02:00
Jens Langhammer fe6963c428 release: 2021.6.1 2021-06-17 22:14:52 +02:00
Jens Langhammer 19cac4bf43 providers/saml: fix error when getting transient user identifier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 13:52:10 +02:00
Jens Langhammer 4ca564490e providers/saml: add support for NameID type unspecified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 12:45:53 +02:00
Jens Langhammer fcb795c273 providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 12:22:40 +02:00
Jens Langhammer cbea51ae5b stages/authenticator_duo: make Duo-admin viewset writeable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:17:26 +02:00
Jens Langhammer e743f13f81 recovery: fix error when creating multiple keys for the same user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:04:35 +02:00
Jens Langhammer b20a8b7c17 stages/authenticator_duo: fix error when enrolling an existing user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:04:24 +02:00
Jens Langhammer b53c94d76a flows: fix error when stage has incorrect type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:52:00 +02:00
Jens Langhammer d4419d66c1 core: fix error when creating AuthenticatedSession without key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:51:48 +02:00
Jens Langhammer 79044368d2 core: fix error getting stages when enrollment flow isn't set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:45:42 +02:00
Jens Langhammer d9287d0c0e Merge branch 'next' 2021-06-15 23:43:44 +02:00
Jens Langhammer dec7a9cfb9 website/docs: add docs for flow executor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 22:14:23 +02:00
Jens Langhammer e0f48a30b7 release: 2021.6.1-rc6 2021-06-15 21:18:33 +02:00
Jens Langhammer e8978adc1b outpost: fix syntax error when creating an outpost with connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 18:39:51 +02:00
Jens Langhammer 800df332b5 stages/authenticator_duo: don't create default duo stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:55:37 +02:00
Jens Langhammer 16c194d2dc core: fix upload api not checking clear properly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:34:47 +02:00
Jens Langhammer 53100a72fe stages/identification: fix challenges not being annotated correctly and API client not loading data correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:28:11 +02:00
Jens Langhammer ec4c3f44cb events: don't create system exception event in debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:16:27 +02:00
Jens Langhammer f10bd432b3 policies/reputation: fix race condition in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 20:40:40 +02:00
Jens Langhammer 74e578c2bf events: add tenant to event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 18:43:29 +02:00
Jens Langhammer e584fd1344 events: catch unhandled exceptions from request as event, add button to open github issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 17:22:58 +02:00
Jens Langhammer 0e02925a3d stages/authenticator_validate: add tests for authenticator validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 16:32:36 +02:00
Jens Langhammer 5b837c3ccc providers/saml: improve error handling for signature errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 12:51:42 +02:00
Jens Langhammer 2580371f94 outposts: fix error when getting component for base service connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 12:38:29 +02:00
Jens Langhammer 4e9be85353 website/docs: add docs for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 09:21:35 +02:00
Jens Langhammer 79508e1965 core: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 23:41:50 +02:00
Jens Langhammer 3a88dde545 web: fix declaration of Intl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 23:13:43 +02:00
Jens Langhammer cabbd18880 core: revert check_access API to get to prevent CSRF errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 21:47:49 +02:00
Jens Langhammer bb8559ee18 web: remove base interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 19:54:27 +02:00
Jens Langhammer afb84c7bc5 flows: fix error clearing flow background when no files have been uploaded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 14:14:41 +02:00
Jens Langhammer fc8004db2b outposts: fix integrity error with tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 13:36:54 +02:00
Jens Langhammer ddfc943bba root: fix build_hash being set incorrectly for tagged versions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 13:32:18 +02:00
Jens Langhammer 572b8d87b5 api: fix import error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:59:28 +02:00
Jens Langhammer 31d2ea65fd provider/proxy: mark forward_auth flag as deprecated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:39:25 +02:00
Jens Langhammer f4ac2f50e2 sources/saml: check sessions before deleting user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:39:10 +02:00
Jens Langhammer f10286edf8 Merge branch 'version-2021.6' into next 2021-06-12 20:43:12 +02:00
Jens Langhammer d789dcc28f core: fix impersonation not working with inactive users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 20:41:02 +02:00
Jens Langhammer 74e4e8f6aa core: delete real session when AuthenticatedSession is deleted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 17:37:32 +02:00
Jens Langhammer d78fda990a release: 2021.6.1-rc5 2021-06-12 15:19:24 +02:00
Jens Langhammer 10d949f7a9 stages/password: add constants for password backends
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 12:14:55 +02:00
Jens Langhammer 676b77aa7c stages/identification: add UPN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:48:39 +02:00
Jens Langhammer e35e096266 stages/authenticator_webauthn: use tenant title as RP_NAME
closes #1004

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:17:25 +02:00
Jens Langhammer 7af12d4fec stages/authenticator_totp: set TOTP issuer based on slug'd tenant title
closes #1004

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:16:37 +02:00
Jens Langhammer 8d6db0fabf flows: fix configuration URL being set when no flow is configure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:07:26 +02:00
Jens Langhammer e25f6aea8c release: 2021.6.1-rc4 2021-06-10 18:59:00 +02:00
Jens Langhammer 2c15ab9995 release: 2021.6.1-rc3 2021-06-10 18:04:59 +02:00
Jens Langhammer 6c985acb36 release: 2021.6.1-rc2 2021-06-10 14:10:47 +02:00
Jens Langhammer d878d2140e providers/saml: add metadata download link to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 14:06:44 +02:00
Jens Langhammer 4766d6ff3d flows: add export URL to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:52:50 +02:00
Jens Langhammer 3a64d97040 crypto: add download links as API fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:46:12 +02:00
Jens Langhammer 2275ba3add flows: fix get_pending_user returning in-memory user when PLAN_CONTEXT_PENDING_USER_IDENTIFIER is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 12:17:46 +02:00
Jens Langhammer 9f7c941426 Merge branch 'master' into next 2021-06-10 11:59:10 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995)
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 11:58:12 +02:00
Jens Langhammer 5235e00d3c stages/authenticator_validate: add more logging for challenges
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 23:58:08 +02:00
Jens Langhammer d4379ecd31 flows: fix configure_url not being set correctly User settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 19:25:27 +02:00
Jens Langhammer f4a53c89ef release: 2021.6.1-rc1 2021-06-09 11:01:14 +02:00
Jens Langhammer 2210497569 events: add EMAIL_SENT event, show sent emails in event log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:28:32 +02:00
Jens Langhammer 2addf71f37 outposts: add service connection to outpost API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 09:45:14 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
Jens Langhammer fb8d67a9d9 core: add configure_url to UserSettings for both stages and sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 19:21:27 +02:00
Jens Langhammer 029d58191e sources/saml: include metadata download link in API response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:22:03 +02:00
Jens Langhammer 75404f1345 web/admin: pass full configure flow URL instead of just boolean
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:14:54 +02:00
Jens Langhammer ba1b23c879 flows: move flow relevant info into ContextualFlowInfo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 16:53:28 +02:00
Jens Langhammer 25f987ba2b stages/prompt: add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 17:40:06 +02:00
Jens Langhammer f23111beff stages/user_write: add tests for duplicate data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 16:42:01 +02:00
Jens Langhammer 0f693158b6 stages/email: add tests for inaccessible email templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 16:09:39 +02:00
Jens Langhammer fceab788d2 outposts: fix error during outpost disconnect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 19:25:09 +02:00
Jens Langhammer 88cc38394e root: improve sentry tags to simplify queries
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 14:51:43 +02:00
Jens Langhammer 90a5c84ac8 core: make EndSessionView inherit PolicyAccessView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 14:07:50 +02:00
Jens Langhammer 9180d448df core: move end-session to core
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 13:56:38 +02:00
Jens Langhammer 1f35f73c66 api: add CAN_BACKUP capability
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 12:44:43 +02:00
Jens Langhammer 0032f535da core: add minor tests for users api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 01:23:04 +02:00
Jens Langhammer 17326615b7 events: rewrite GeoIP to a wrapper, reload file every 8 hours
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 00:42:41 +02:00
Jens Langhammer f5dbdbd48b *: add clear param to file upload API to delete stored file and reset field
closes #949

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 21:33:03 +02:00
Jens Langhammer 277c2f4aad core: make application.meta_icon nullable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#949
2021-06-05 21:06:52 +02:00
Jens Langhammer ba3e0a0586 core: fix flow query
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:30:56 +02:00
Jens Langhammer 7581c84a37 flows: fix tests using flow.background.url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:29:31 +02:00
Jens Langhammer 86b450c6d1 flows: add compatibility_mode to toggle ShadyDOM
closes #894

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:04:30 +02:00
Jens Langhammer 0b90cfcec4 flows: set default background in code not model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 19:38:13 +02:00
Jens Langhammer cefe3fa6dd outposts: fix docker controller always replacing beta images
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 16:08:20 +02:00
Jens Langhammer 24da24b5d5 stages/identification: allow setting of a password stage to check password and identity in a single step
closes #970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 16:05:03 +02:00
Jens Langhammer f996f9d4e3 tests/e2e: ensure outpost service account has correct permissions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-04 09:46:31 +02:00
Jens Langhammer 7b39718bd1 tenants: fix fallback for unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 22:40:01 +02:00
Jens Langhammer e9621bae06 tests: show logs for containers on failed e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 22:17:18 +02:00
Jens Langhammer 0eaabbc0f3 admin: fix upgrading deletion of tasks when listing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:42:13 +02:00
Jens Langhammer 5e3628bea6 core: add fallback URLs for websocket to cleanup test logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:26:18 +02:00
Jens Langhammer 290ebef8e3 core: instead of migrating sessions, clear cache on initial upgrade
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:20:25 +02:00
Jens Langhammer 46ab1d20df stages/email: fix token being created without identifier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 14:54:07 +02:00
Jens Langhammer 48e68d6852 core: fix token identifier not being set to unique
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 11:45:48 +02:00
Jens Langhammer ed3859800c core: improve API validation for Application's set_icon_url (fix JSON Syntax Error)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 00:39:56 +02:00
Jens Langhammer 06b7f62a40 core: make app's meta_launch_url textfield
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 00:21:20 +02:00
Jens Langhammer d32e40b1f8 tenants: fix unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 22:38:30 +02:00
Jens Langhammer cec47c3cfc providers/oauth2: show id_token issues for refresh token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 22:05:04 +02:00
Jens Langhammer 3ea2b16a12 tenants: add separate field for favicon url
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:31:04 +02:00
Jens Langhammer 974ddc07f7 web: improve loading of custom favicon
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:19:39 +02:00
Jens Langhammer 2f64b76eba flows: fix invalid background URL when using manually set static or http
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:09:54 +02:00
Jens Langhammer b50ac96605 providers/oauth2: remove size limit on Access code nonce
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 20:20:07 +02:00
Jens Langhammer 6d0e0cbe5a outposts: improve validation of providers (must match outpost type)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 16:04:41 +02:00
Jens Langhammer 4f04ab7a5f sources/oauth: fix azure AD get_profile_info not working
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 11:34:59 +02:00
Jens Langhammer 35bcd5d174 sources/oauth: improve debug logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 11:34:18 +02:00
Jens Langhammer 644ff4a90c outposts: fix error when validating kubeconfig
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 10:25:59 +02:00
Alex ef8b26db13
Fix typo in migrations for authenticator_webauthn (#950) 2021-06-01 00:24:20 +02:00
Jens Langhammer e24a9e3119 policies: fix missing negate flag of policy bindings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-31 11:50:29 +02:00
Jens Langhammer 80adafdb48 admin: fix attribute error when loading old taskinfo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 16:22:13 +02:00
Jens Langhammer 72f5a4c460 outposts: fix possible recursion error in docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 16:22:02 +02:00
Jens L fb6242d2d3
Merge pull request #941 from goauthentik/authenticated-sessions
Session management
2021-05-30 15:12:49 +02:00
Jens Langhammer b9773d39c0 core: add tests for authenticated sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:43:00 +02:00
Jens Langhammer 0e8d9aa45d api: add System info API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:01:20 +02:00
Jens Langhammer fc45d35699 core: add migration for sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 13:08:29 +02:00
Jens Langhammer 7e8044619c lib: return default IP if none could be extracted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 12:49:44 +02:00
Jens Langhammer 66a04aeec5 api: add can_geo_ip capability
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 01:02:03 +02:00
Jens Langhammer 73338bdf32 core: add geo_ip to authenticated sessions if enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 01:01:20 +02:00
Jens Langhammer 059da74d1c core: add current attribute to authenticated_session API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:31:41 +02:00
Jens Langhammer 45b8b1e198 core: delete AuthenticatedSession on logout
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:27:33 +02:00
Jens Langhammer 133fc38c05 core: initial authenticated sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:15:16 +02:00
Jens Langhammer f51ab7a878 policies/reputation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 23:46:13 +02:00
Jens Langhammer 31ad09c391 stages/identification: add signal which is sent upon identification failure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:58:32 +02:00
Jens Langhammer 05b3c4ddb3 policies/reputation: save username instead of user object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:49:58 +02:00
Jens Langhammer a4c28a28b4 website/docs: improve docs for expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 21:47:35 +02:00
Jens Langhammer a1203cf4b2 flows: fix ToDefaultFlow not using tenants
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 20:32:42 +02:00
Jens Langhammer 8427fb87f6 tenants: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:47:55 +02:00
Jens Langhammer e3578eb7ae Merge branch 'master' into tenant 2021-05-29 19:17:23 +02:00
Jens Langhammer 5990b8d4de outposts: fix docker container not being stopped correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:16:39 +02:00
Jens Langhammer 3b31b7ce83 core: add http host in log messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:07:54 +02:00
Jens Langhammer 4d9b362dbf tenants: add migration to add default tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:06:35 +02:00
Jens Langhammer 477ff85109 flows: migrate flow_unenrollment to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:44:02 +02:00
Jens Langhammer fae8b80ceb core: fix usage of config on templates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:31:05 +02:00
Jens Langhammer df92f01719 flows: remove default-recovery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:30:55 +02:00
Jens Langhammer 9dd6b7d436 flows: remove default-enrollment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:14:37 +02:00
Jens Langhammer 14f85ec980 tenants: migrate context_processor to tenants
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:01:48 +02:00
Jens Langhammer ff611f21cd tenants: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 17:47:25 +02:00
Jens Langhammer a1b6e09e8a outposts: set restart-policy on docker container
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-28 17:18:11 +02:00
Jens Langhammer 02b5742228 stages/authenticator_duo: add default setup flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-28 16:47:39 +02:00
Jens Langhammer 523621daa2 core: make application's check_access API return a PolicyResult and accept for_user as superuser
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-26 11:47:23 +02:00
Jens Langhammer c4453f38a2 stages/identification: make shown sources configurable
closes #918

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 16:37:53 +02:00
Jens Langhammer 6f3eb4c068 flows: allow blank on WithUserInfo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 12:53:48 +02:00
Jens Langhammer 58a4b20297 outposts: handle disconnects without outpost better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 12:06:55 +02:00
Jens Langhammer 6d3e067a2b stages/user_write: handle integrity error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:46:15 +02:00
Jens Langhammer 6db2bf2a21 api: fix error when authorization header has no spaces
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:40:49 +02:00
Jens Langhammer 6893948fa0 tests/e2e: fix invalid flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:18:47 +02:00
Jens Langhammer 6317a8c5d0 Merge branch 'master' into duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-05-25 09:58:38 +02:00
Jens Langhammer 8ecac59eca stages/prompt: annotate PromptChallengeResponse's additionalProperties
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 22:55:24 +02:00
Jens Langhammer 8183a51b72 stages/authenticator_duo: add missing duo device
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 22:16:29 +02:00
Jens Langhammer 127ebed5c6 flows: fix mismatched names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 21:09:18 +02:00
Jens Langhammer 716923e17a web/flows: update types
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 20:59:44 +02:00
Jens Langhammer c6bb6709fd flows: add default challenge response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 20:27:50 +02:00
Jens Langhammer fb4e0723ee stages: fix stage unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 17:12:48 +02:00
Jens Langhammer 763c3fcfe0 outposts/ldap: fix client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 15:58:59 +02:00
Jens Langhammer 1b346866da Merge branch 'master' into duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-05-24 14:54:24 +02:00
Jens Langhammer 6f6ae7831e flows: make use of oneOf OpenAPI to annotate all challenge types
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 14:11:23 +02:00
Jens Langhammer 3b41c662ed stages/authenticator_validate: add Duo support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 22:31:12 +02:00
Jens Langhammer 65522186f1 stages/authenticator_duo: improve setup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 21:44:52 +02:00
Jens Langhammer 9f5a3c396d stages/authenticator_duo: initial duo stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 21:10:39 +02:00
Jens L 53e2b2c784
Prometheus metrics (#914)
* admin: add worker metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* admin: add version metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add gauge for system tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: add gauge for last hello and connection status

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: re-add prometheus metrics to database

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: allow access to metrics without credentials when debug is on

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: add UpdatingGauge to auto-set value on load

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add metrics for cache and building

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: add metrics for policy engine

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add histogram for task durations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: revert to gauge because values are updated on export view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add gauge to count all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add metrics for events

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 20:29:34 +02:00
Jens Langhammer a5cd9fa141 outposts: improve logging for docker controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 19:27:24 +02:00
Jens Langhammer 0768b201a7 Merge branch 'version-2021.5' 2021-05-22 20:47:48 +02:00
Jens Langhammer 2d5c45543b release: 2021.5.4 2021-05-22 20:15:23 +02:00
Jens Langhammer 9b57f0b81d Merge branch 'version-2021.5' into next
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/en.po
#	web/src/locales/pseudo-LOCALE.po
2021-05-22 20:01:16 +02:00
Jens Langhammer 2c816e6162 providers/proxy: don't use https to communicate with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-22 18:56:38 +02:00
Jens Langhammer bb89b9b572 Merge branch 'version-2021.5' into next 2021-05-21 23:50:43 +02:00
Jens Langhammer 6600da7d98 providers/oauth2: add missing kid header to JWT Tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 23:40:00 +02:00
Jens Langhammer 1a0f72d0a8 Merge branch 'version-2021.5' into next
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/stages/authenticator_static/api.py
#	swagger.yaml
2021-05-21 21:33:18 +02:00
Jens Langhammer a265dd54cc stages/authenticator_*: fix Permission Error when disabling Authenticator as non-superuser
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 21:25:03 +02:00
Jens Langhammer a603f42cc0 api: add OwnerFilter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 20:46:59 +02:00
Jens Langhammer d9a788aac8 api: rename auth to authentication, add authorization for rest_framework permission class
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 20:14:03 +02:00
Jens Langhammer 7c6185b581 api: fix URL names for admin Authenticator Views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:53:40 +02:00
Jens Langhammer 41a1305555 policies: improve debug logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:47 +02:00
Jens Langhammer 75f252b530 flows: rename oob to oobe
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:42 +02:00
Jens Langhammer c526e5fb9a policies: improve debug logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:15 +02:00
Jens Langhammer b826eb264e flows: rename oob to oobe
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 12:06:39 +02:00
Jens Langhammer 7666c246c3 Merge branch 'version-2021.5' 2021-05-20 20:46:18 +02:00
Jens Langhammer bf4cbb25fe release: 2021.5.3 2021-05-20 20:17:39 +02:00
Jens Langhammer a925418f60 lib: don't send ImproperlyConfigured to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:18:35 +02:00
Jens Langhammer 71d112bdcf sources/plex: remove default for plex_token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:13:54 +02:00
Jens Langhammer d2c06c40ea sources/plex: remove default for plex_token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:09:51 +02:00
Jens Langhammer 590c7f4c9d outposts: fix error on outpost disconnect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 18:07:27 +02:00
Jens Langhammer 9a48c2fd9a outposts: fix error on outpost disconnect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 18:07:07 +02:00
Jens Langhammer be5a6c0310 api: add set_*_url method for Application and Flow to set icon/background to URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 17:18:40 +02:00
Jens Langhammer 92106ca4bf api: add capabilities to API, add can_save_media
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 17:00:47 +02:00
Jens Langhammer 56f1204c9b outposts: fix update signal not being sent to correct instances
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 15:23:38 +02:00
Jens Langhammer f6f93640c5 outposts: fix update signal not being sent to correct instances
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 15:23:18 +02:00
Jens Langhammer 92f2a82c03 providers/oauth2: fix double login required when prompt=login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 01:10:08 +02:00
Jens Langhammer dcf074650e providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 01:10:04 +02:00
Jens Langhammer acf1ad91d9 providers/oauth2: fix double login required when prompt=login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-19 23:34:27 +02:00
Jens Langhammer a74419214c providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-19 23:10:00 +02:00
Jens Langhammer bc6aef7af2 lib: improve sentry integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-18 11:29:36 +02:00
Jens Langhammer 788ea46d8c flows: fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-18 09:23:22 +02:00
Jens Langhammer 06dee5d5d8 flows: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-17 23:38:31 +02:00
Jens Langhammer 3cf0f07baf *: fix API Schema for file uploads
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-17 23:12:52 +02:00
Jens Langhammer f016095891 Merge branch 'master' into openapi-v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-05-17 20:37:18 +02:00
Jens Langhammer 5a465fbc36 release: 2021.5.2 2021-05-17 19:54:10 +02:00
Jens Langhammer 7f4bd27b85 Merge branch 'master' into openapi-v3 2021-05-16 23:51:45 +02:00
Jens Langhammer b66626f9c4 ci: generate secert_key for CI runs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 23:46:23 +02:00
Jens Langhammer f9ce41229d api: fix unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:36:26 +02:00
Jens Langhammer ae6a406b1d Merge branch 'master' into openapi-v3 2021-05-16 22:29:39 +02:00
Jens Langhammer 45c1a603e7 root: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:29:28 +02:00
Jens Langhammer 330219e76f Merge branch 'master' into openapi-v3 2021-05-16 22:26:07 +02:00
Jens Langhammer 583271d5ed root: only load debug secret key when debug is enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:25:55 +02:00
Jens Langhammer 0db17b9729 root: remove yasg
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:18:04 +02:00
Jens Langhammer 9f9ee66cc4 api: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 21:57:04 +02:00
Jens Langhammer ab2bd622a8 Merge branch 'master' into openapi-v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	outpost/pkg/ak/api.go
#	outpost/pkg/ak/global.go
#	outpost/pkg/ldap/instance_bind.go
2021-05-16 21:36:24 +02:00
Tom Pansino 8d2a3b67b9
lib: Fix config loading of secrets from files (#887) 2021-05-16 21:10:31 +02:00
Jens Langhammer 8b6292b3de api: don't overwrite 400 and 403
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 20:54:58 +02:00
Jens Langhammer cbed5a6522 api: fix missing error definitions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 19:53:04 +02:00
Jens Langhammer 589f806b7c flows: fix schema for flow executor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 19:13:31 +02:00
Jens Langhammer 07dc648470 web: fix mixed Static/TOTP pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:59:33 +02:00
Jens Langhammer 41f6d3b6e7 stages/authenticator_static: add serializer for tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:55:47 +02:00
Jens Langhammer d0f1daf025 admin: make tasks's retry api not ask for a body
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:43:47 +02:00
Jens Langhammer d38fd603dd web: fix more special API Calls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:41:02 +02:00
Jens Langhammer ba5374f6e1 web: mass update API calls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:24:15 +02:00
Jens Langhammer 7152d7ee01 outposts: fix schema for outposts health
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:10:11 +02:00
Jens Langhammer ab07113530 admin: migrate WorkerViewSet to APIView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:06:46 +02:00
Jens Langhammer a7d7b46747 admin: migrate version view to APIView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:00:02 +02:00
Jens Langhammer 9a44088d2b admin: migrate metrics viewset to APIView
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:49:37 +02:00
Jens Langhammer b351ae12c5 api: make config viewset single view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:44:19 +02:00
Jens Langhammer 759bf59780 core: make filefields readonly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:34:55 +02:00
Jens Langhammer 10cb60f48e api: fix pagination not being required in schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:32:13 +02:00
Jens Langhammer ef9f08553c *: linting pass, rename from swagger to schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 15:22:57 +02:00
Jens Langhammer 4fb71a6bdd api: fix pagination schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 15:08:51 +02:00
Jens Langhammer cac1f242dc *: replace swagger with openapi
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 14:23:05 +02:00
Jens Langhammer 0bac738090 *: fix static response descriptions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 14:07:29 +02:00
Jens Langhammer 1324d03815 *: initial migration to openapi v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 23:57:28 +02:00
Jens Langhammer c55f2ad10a root: set additional sentry tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 19:53:43 +02:00
Jens Langhammer a30b32fbbf outposts: fix missing default for OutpostState.for_channel
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:46:53 +02:00
Jens Langhammer 1745306cc6 outposts: fix error when controller loads from cache but cache has expired
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:45:33 +02:00
Jens Langhammer 8925787a13 flows: fix error when using cancel flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:42:37 +02:00
Jens Langhammer 968b7ec17a lib: fix parsing of remote IP header when behind multiple reverse proxies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 15:08:53 +02:00
Jens Langhammer 6600d5bf69 providers/oauth2: use user.uid
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 14:08:49 +02:00
Jens Langhammer a4278833d8 providers/proxy: fix ingress not being created with full https
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 13:45:41 +02:00
Jens Langhammer 942905b9b1 providers/proxy: fix formatting issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 16:24:35 +02:00
Jens Langhammer 8d7bb7da17 providers/proxy: connect ingress to https instead of http
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882
2021-05-14 11:42:03 +02:00
Jens Langhammer 9939db13c3 outposts: fix reload notification not working due to wrong ID being saved
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 11:13:04 +02:00
Jens Langhammer 465750276c core: fix application's slug field not being set to unique
closes #881

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 10:49:42 +02:00
Jens Langhammer 0b7ebf0e07 release: 2021.5.1 2021-05-13 20:50:31 +02:00
Jens Langhammer 709581f5a8 root: use ghcr images by default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 20:15:29 +02:00
Jens Langhammer 1df8790050 stages/authenticator_static: fix error when listing devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 18:09:55 +02:00
Jens Langhammer 3c23ad340f web/admin: improve diagram api for flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 18:01:40 +02:00
Jens Langhammer f9f2e00913 core: improve error handling for backups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 17:56:49 +02:00
Jens Langhammer 8f99891a9d release: 2021.5.1-rc10 2021-05-12 21:25:18 +02:00
Jens Langhammer 97a3c2d88b release: 2021.5.1-rc9 2021-05-12 20:50:29 +02:00
Jens Langhammer e91ff4566d Merge branch 'next' into version-2021.5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	outpost/pkg/version.go
2021-05-12 20:49:58 +02:00
Jens Langhammer a3fccbdaff outposts: add build_hash for docker image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 20:36:18 +02:00
Jens Langhammer bdf9f26d07 outposts: compare build hash in outdated check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 19:05:29 +02:00
Jens Langhammer 9a0aa4c79b outposts/ldap: add infinite loop prevention
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 18:31:44 +02:00
Jens Langhammer 52cf4890cf root: remove servername from backup files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 17:53:23 +02:00
Jens Langhammer 8e5d03cb86 outposts: remove legacy API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 16:41:54 +02:00
Jens Langhammer 2190fa555b events/api: fix error when updating transports
closes #866

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 16:41:30 +02:00
Jens Langhammer 3665e2fefa release: 2021.5.1-rc8 2021-05-12 14:52:34 +02:00
Jens Langhammer 3dbe35cf9e stages/invitation: fix wrong serializer used for user model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	swagger.yaml
2021-05-12 14:22:16 +02:00
Jens Langhammer c7f0ea8a4b root: update dbbackup to git version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 01:20:31 +02:00
Jens Langhammer 0620324702 root: bump version of psf black
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 00:42:46 +02:00
Jens Langhammer 5a0e78c698 outposts: fix issue with duplicate outpost health
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 21:46:30 +02:00
Jens Langhammer 84dfbcaaae providers/api: return redirect_uris for proxy provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 20:02:17 +02:00
Jens Langhammer e649e9fb03 core: don't use self.get_object for application permission check to prevent 404 when view permission is missing
closes #864

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 17:35:11 +02:00
Jens Langhammer 266ef66a6f Merge branch 'master' into next 2021-05-11 14:57:52 +02:00
Andreas Egli 842fdb0b0c
fixed session durations of more than 1 day (#863) 2021-05-11 14:57:33 +02:00
Jens L 36f7cad23b
Merge pull request #862 from goauthentik/form-refresh-on-save
Form refresh on save
2021-05-11 14:23:32 +02:00
Jens Langhammer 24f2932777 crypto: add ?download flag
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#861
2021-05-11 14:21:35 +02:00
Jens Langhammer 124ce80694 sources/plex: make plex_token readable from API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:32:28 +02:00
Jens Langhammer 4e2443d60b flows: make cancel link always logout user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:13:05 +02:00
Jens Langhammer 17b65adcc5 lib: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:07:47 +02:00
Jens Langhammer 96ea7ae09c root: allow configuration of s3 backup location
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 02:10:00 +02:00
Jens Langhammer 172bfceb31 root: fix db backup failing when password has special chars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 02:01:22 +02:00
Jens Langhammer 932b19999e providers/proxy: missing @property for noop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 01:26:01 +02:00
Jens Langhammer 788fd00390 outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 00:27:29 +02:00
Jens Langhammer a293a14f2a outposts: re-add _config for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 22:28:46 +02:00
Jens Langhammer 51e3453dca admin: fix linting in api tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 20:14:21 +02:00
Jens Langhammer 6f58fdf158 api: add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:51:29 +02:00
Jens Langhammer 219b8d1a57 outposts: allow individual components of managed outposts to be disabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:27:48 +02:00
Jens Langhammer c7d4e69669 root: make database port configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:25:15 +02:00
Jens Langhammer cd629dfbaa outposts: improve API validation for config attribute, ensure all required attributes are set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:24:42 +02:00
Jens Langhammer 3d0a853449 Merge branch 'version-2021.5' into next 2021-05-10 18:07:39 +02:00
Jens Langhammer c2f8ff55cf outposts: fix outpost delete hanging thread, run cleanup in async task with info from cache with ability to retry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 17:11:31 +02:00
Jens Langhammer 80fae44f47 release: 2021.5.1-rc7 2021-05-10 12:13:10 +02:00
Jens Langhammer 73eb97ca6e release: 2021.5.1-rc6 2021-05-10 11:44:23 +02:00
Jens Langhammer ebe90d8886 Merge branch 'next' into version-2021.5 2021-05-10 11:43:50 +02:00
Jens Langhammer a1a1b113b1 release: 2021.5.1-rc5 2021-05-10 11:34:00 +02:00
Jens Langhammer 1fb3642701 sources/oauth: fix google tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:27:37 +02:00
Jens Langhammer 847d97b813 sources/oauth: fix google tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:27:20 +02:00
Jens Langhammer 1f1d322958 *: fix api results when non-superuser
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:01:35 +02:00
Jens Langhammer e4841ce1a4 Merge branch 'version-2021.5' into next 2021-05-09 23:41:23 +02:00
Jens Langhammer e33a5528f7 core: catch IntegrityError in flow_manager and deny request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 23:31:39 +02:00
Jens Langhammer b7d828702d sources/oauth: don't set username on google source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 22:56:44 +02:00
Jens Langhammer f7fd31cc84 release: 2021.5.1-rc4 2021-05-09 21:43:38 +02:00
Jens Langhammer 04aae8f584 sources/oauth: make secret write_only
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 21:40:25 +02:00
Jens Langhammer bbca90c93a Merge branch 'next' into version-2021.5 2021-05-09 20:57:23 +02:00
Jens Langhammer dda1d4e0fb core: add more logs to flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:27:37 +02:00
Jens Langhammer f072c600cc lifecycle: use URl for redis on startup to prevent errors with no paswords
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:13:58 +02:00
Jens Langhammer 92537a6c8d Merge branch 'next' into version-2021.5 2021-05-09 18:46:26 +02:00
Jens Langhammer 72836ecd9d outposts: default to currently running namespace if possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 18:44:32 +02:00
Jens Langhammer 251a97c77e Merge branch 'next' into version-2021.5 2021-05-09 18:13:52 +02:00
Jens Langhammer 7f7046f0e4 outposts: lowercase k8s object names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 18:13:21 +02:00
Jens Langhammer cd3f02fd3b release: 2021.5.1-rc3 2021-05-09 17:25:48 +02:00
Jens Langhammer d3feab9463 release: 2021.5.1-rc2 2021-05-09 16:43:36 +02:00
Jens Langhammer 70c25692eb release: 2021.5.1-rc1 2021-05-09 16:07:50 +02:00
Jens Langhammer a6a8eddf7c providers/proxy: create ingress for forward_auth /akprox path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 12:40:44 +02:00
Jens Langhammer 8c0a87b710 outposts: improve logging for outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 12:34:44 +02:00
Jens Langhammer 5cad59a9f8 providers/proxy: fix being able to set empty internal_host
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 00:07:34 +02:00
Jens Langhammer 5ac6a6910e outposts: check if traefik CRD exists before attempting to delete
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 21:59:13 +02:00
Jens Langhammer d751a7fc4c lib: add user attribute "goauthentik.io/user/override-ips" to allow overriding of client ips
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 21:42:31 +02:00
Jens Langhammer 1b87375661 lib: add default to config from file://
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 17:13:13 +02:00
Jens Langhammer 6868b7722c outposts: delete old outpost deployment when name or namespace is changed
closes #845

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 16:11:38 +02:00
Jens Langhammer 7a1935b4e2 outposts: fix error on k8s when name has spaces
closes #846

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 14:09:21 +02:00
Jens Langhammer 5e7521915a stages/password: fix configure_flow not being set on initial setup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 14:08:43 +02:00
Jens Langhammer 9fc072e4df outposts: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:56:44 +02:00
Jens Langhammer 55ea9afeec core: fix dark mode on server-side rendered pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:53:53 +02:00
Jens Langhammer 9485f0b8cc outpost/ldap: make users and groups OU instead of CN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:46:26 +02:00
Jens Langhammer e6dfa8294e providers/proxy: use name.namespace for middleware service
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 10:07:30 +02:00
Jens Langhammer e5a5a5c603 outposts: fix k8s controller not handing Disabled() in static deployment
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 09:52:43 +02:00
Jens Langhammer ea7f9f291f outposts: create traefikmiddleware if forwardAuth is enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 00:01:35 +02:00
Jens Langhammer 241d790e69 stages/user_write: if any connection is being sent in the plan context, save it to the user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 22:10:20 +02:00
Jens Langhammer 83e08f12ae core: fix arguments not being passed in FlowManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 22:07:48 +02:00
Jens Langhammer 6526659b51 sources/plex: allow auth for owner (when identifier of source plex token matches)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 21:50:15 +02:00
Jens Langhammer 6c3b7c8d3e events: handle error when notifications are triggered and no users exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:13:04 +02:00
Jens Langhammer d51ecc4554 sources/saml: handle internal error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:10:56 +02:00
Jens Langhammer ef63e35ad2 outposts: improve messaging from controller on k8s
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:07:29 +02:00
Jens Langhammer 4e9176ed2e outposts: support different port on container vs exposed port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:59:49 +02:00
Jens Langhammer d1296e9cc7 outposts: fix deployments referencing the wrong secret
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:51:14 +02:00
Jens Langhammer d85e0593f1 core: set attributes on users which are enrolled via source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:35:05 +02:00
Jens Langhammer b3a3852a54 core: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:58:58 +02:00
Jens Langhammer 49bf82a0a4 core: add user filter by superuser status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:44:42 +02:00
Jens Langhammer 73b87a5e3d events: fix error in API when specifying max_n
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:15:54 +02:00
Jens Langhammer ac9cac302c outposts: fix outpost state showing last time without version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:49:13 +02:00
Jens Langhammer 701c140cfd providers/proxy: fix logic error for ingress lookup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:28:13 +02:00
Jens Langhammer fa2ff5fc2b sources/plex: save user's plex token, add option to allow friends
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 19:37:59 +02:00
Jens Langhammer d5cab5d580 sources/plex: fix default for client_id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 19:23:51 +02:00
Jens Langhammer be8b2bf6f6 providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 17:53:12 +02:00
Jens Langhammer b266a2cdfb outposts: make k8s service type configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 15:37:56 +02:00
Jens Langhammer 9a15a66d85 outposts: make k8s object naming configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 15:36:27 +02:00
Jens Langhammer 446f104c90 core: add user UID to API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 11:54:28 +02:00
Jens Langhammer 86c2a5d69d lib: handle errors when reading config from file://
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 01:03:00 +02:00
Jens Langhammer 1a02049104 core: show users and groups when user has overall user permissions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 01:02:47 +02:00
Jens Langhammer 32934fcd38 outpost/ldap: check access based on Group Membership
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 00:03:19 +02:00
Jens Langhammer d84d7c26ca Merge branch 'master' into outpost-ldap 2021-05-04 23:34:31 +02:00
Jens Langhammer 2f6e6a3123 core: improve messaging when flow manager denied request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 23:30:21 +02:00
Jens Langhammer ba57bf4fa2 lib: add support for file:// protocol in config file
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 22:53:59 +02:00
Jens Langhammer e674f03064 */api: fix lookups per user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 21:58:20 +02:00
Jens Langhammer 08451c15f4 outposts/ldap: save user DN to determine who can search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 21:49:15 +02:00
Jens Langhammer 99d161e212 Merge branch 'master' into outpost-ldap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/policies/event_matcher/migrations/0013_alter_eventmatcherpolicy_app.py
2021-05-04 21:02:20 +02:00
Jens Langhammer 4acbda2b77 core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:49:27 +02:00
Jens Langhammer 83cfb5f8c2 stages/email: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:30:23 +02:00
Jens Langhammer 0d370ef0a9 web/admin: filter out service accounts by default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:23:13 +02:00
Jens Langhammer 42f9ba8efe gproxy: load default config file for debug and listen statements
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 14:10:34 +02:00
Jens Langhammer 812be495a5 Merge branch 'master' into go-proxy 2021-05-03 22:53:33 +02:00
Jens Langhammer dbc3df1f63 events: handle error when notification rule doesn't exist during task
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 22:52:39 +02:00
Jens Langhammer d330e9ee7f web/flows: fix rendering for plex login
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 22:08:25 +02:00
Jens Langhammer be21a5d172 sources/plex: add general tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 21:55:55 +02:00
Jens Langhammer 6fc38436f4 sources/plex: set better defaults on model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 21:23:13 +02:00
Jens Langhammer 35faf269db sources: rewrite onboarding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 20:27:52 +02:00
Jens Langhammer e56c3fc54c Merge branch 'master' into plex-auth 2021-05-03 18:28:53 +02:00
Jens Langhammer 1041718e27 sources/saml: fix redirect url dropping non-standard ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 14:51:46 +02:00
Jens Langhammer 2507c0eec9 stages/invitation: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 12:44:19 +02:00
Jens Langhammer 4523550422 stages/invitation: add single_use flag to delete invitation after use
closes #821

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:52:38 +02:00
Jens Langhammer 988cf15b71 root: initial go proxy, update compose and helm
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:39:09 +02:00
Jens Langhammer 01d29134b9 sources/plex: add API to redeem token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 16:47:20 +02:00
Jens Langhammer 55250e88e5 sources/*: rewrite UILoginButton to return challenge instead
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 16:46:27 +02:00
Jens Langhammer f1b100c8a5 sources/plex: initial plex source implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 14:43:51 +02:00
Jens Langhammer 19708bc67b core: add additional_data to UILoginButton to pass additional data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 14:43:26 +02:00
Jens Langhammer c529340d6c *: fix title not being set correctly for server-side rendered views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 12:22:50 +02:00
Jens Langhammer c317efa14c Merge branch 'master' into outpost-ldap 2021-05-01 00:26:55 +02:00
Jens Langhammer 379fcf9c1f sources/saml: fix error ValueError while decoding XML
closes #812

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-01 00:18:57 +02:00
Jens Langhammer e10a7b48b7 sources/saml: fix Redirect bindings when SSO Url already has query params
related to #812

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 23:44:04 +02:00
Jens Langhammer 3e666de91d outposts: fix formatting of image name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 16:52:28 +02:00
Jens Langhammer 333758d91f crypto: handle encrypted private keys
closes #811

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 15:25:42 +02:00
Jens Langhammer eb8f52b870 stages/identification: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 10:15:27 +02:00
Jens Langhammer 9ce49c2089 stages/identification: fix unused import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 09:34:33 +02:00
Jens Langhammer 34c45900c2 stages/identification: allow selection of no user fields to only allow login via sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 01:07:37 +02:00
Jens Langhammer bf7d110af3 Merge branch 'version-2021.4'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	.github/workflows/release.yml
#	helm/README.md
#	helm/values.yaml
#	website/docs/installation/kubernetes.md
2021-04-29 23:50:52 +02:00
Jens Langhammer 4e5eeacf0a release: 2021.4.5 2021-04-29 23:03:09 +02:00
Jens Langhammer b55cb2b40c Merge branch 'master' into outpost-ldap 2021-04-29 20:13:47 +02:00
Jens Langhammer 25c001f2cd outposts: allow better configuration of outpost image name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 20:07:53 +02:00
Jens L 2a409215d3
outpost: forwardAuth mode (#790) 2021-04-29 18:17:10 +02:00
Jens Langhammer d1d28722d2 lib: don't send 404 errors to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:27:41 +02:00
Jens Langhammer 35f0e6b88d lib: don't send 404 errors to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:25:54 +02:00
Jens Langhammer a6e528d209 core: fix text color of error pages not being white
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:18:28 +02:00
Jens Langhammer bb2c4423b0 core: fix text color of error pages not being white
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:17:10 +02:00
Jens Langhammer 2c70301f56 stages/invitation: accept token from prompt_data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:40 +02:00
Jens Langhammer 07b9923bf6 stages/invitation: fix token not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:40 +02:00
Jens Langhammer 3dcd67c1a3 outposts: only kill docker container if its running
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:32 +02:00