dependabot[bot]
f7044e41c6
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 ( #1793 )
...
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: fix bandit false positives
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 09:16:16 +01:00
Jens Langhammer
59343ff441
stages/email: fix missing component in response when retrying email send
...
closes #1791
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 17:52:31 +01:00
Jens Langhammer
cab564152d
lib: load json strings in config env variables
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-14 12:44:22 +01:00
Jens Langhammer
88516ba2ca
core: make defaults for _change_email and _change_username configurable
...
closes #1789
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:33:03 +01:00
Jens Langhammer
2a3b049b01
release: 2021.10.4
2021-11-12 12:31:24 +01:00
Rizwan Ahmed
e4a5e86c93
sources/oauth: Fixed the incorrect padding issue in apple.py ( #1773 )
...
* Fixed the incorrect padding issue in apple.py
Fixed the incorrect padding issue in apple.py by adding proper padding to the raw_payload.
* Fixed the incorrect encoding of client_secret in apple.py
In the get_client_secret() method, the "sub" in the payload must be only the client ID. So I have changed self.source.consumer_key to parts[0]
* Added the decode method for the id_token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-12 12:10:29 +01:00
Jens Langhammer
1cfe81887b
stages/authenticator_validate: improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:33:41 +01:00
Jens Langhammer
53905d1a89
stages/authenticator_validate: enable all device classes by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:49:30 +01:00
Jens Langhammer
6db1c914ee
stages/authenticator_duo: fix devices created with name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 22:16:47 +01:00
Jens Langhammer
c98bdbacc5
providers/proxy: return list of configured scope names so outpost requests custom scopes
...
closes #1762
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
Jens Langhammer
1e8d45dc15
web: write interfaces to different folders and remove custom chunk names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 17:54:50 +01:00
Jens Langhammer
d5d8641b37
stages/*: disable trim_whitespace on important fields
...
closes #1765
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 16:48:19 +01:00
Jens Langhammer
cc0832f487
core: force lowercase emails for gravatar usage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 12:40:20 +01:00
Jens Langhammer
e73606b54d
root: catch error in analytics on startup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 11:28:08 +01:00
Jens Langhammer
5d479a6c8f
root: set utm_source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 23:23:47 +01:00
Jens Langhammer
4a773b2b4f
sources/ldap: set connect/receive timeout (default to 15s)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:27:58 +01:00
Jens Langhammer
8003d67844
sources/ldap: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 22:24:33 +01:00
Jens Langhammer
51783c1cbb
sorces/ldap: fix user/group sync overwriting attributes instead of merging them
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-09 21:16:59 +01:00
Jens Langhammer
ab2b13938e
release: 2021.10.3
2021-11-08 20:52:11 +01:00
Jens Langhammer
9ca15983a2
root: keep last 30 backups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 17:46:25 +01:00
Jens Langhammer
99ef94b7aa
stages/prompt: only set placeholder when in context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 15:10:32 +01:00
Jens Langhammer
c3faa61ed9
stages/prompt: set field placeholder based on plan context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:47:50 +01:00
Jens Langhammer
da74304221
stages/prompt: add text_read_only field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:45:56 +01:00
Jens Langhammer
79db0ce4c1
stages/prompt: use initial instead of default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 22:20:08 +01:00
Jens Langhammer
5e23b11764
stages/prompt: default prompts to the current value of the context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:59:50 +01:00
Jens Langhammer
c4e029ffe2
recovery: add create_admin_group management command
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:53:21 +01:00
Jens Langhammer
61b5b36192
core: add command to output full config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:45:52 +01:00
Jens Langhammer
c6cc1b1728
root: fix defaults for EMAIL_USE_TLS
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-07 21:37:14 +01:00
Jens Langhammer
90151a13ae
stages/identification: only allow limited challenges for login sources
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:53:38 +01:00
Jens Langhammer
f958aa6930
stages/identification: use random sleep
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:50:35 +01:00
Jens Langhammer
924a13e832
core: fix auth_method for tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:41 +01:00
Jens Langhammer
ae83c35dfd
events: ignore creation/deletion of AuthenticatedSession objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 13:04:34 +01:00
Jens Langhammer
6424bf98da
admin: improve check to remove version notifications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 12:15:05 +01:00
Jens Langhammer
2cef220a3e
providers/ldap: add/squash migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:41:50 +01:00
Jens L
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
dependabot[bot]
8de13d3f67
build(deps): bump goauthentik.io/api from 0.2021102.2 to 0.2021102.4 ( #1738 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 09:33:26 +01:00
Jens Langhammer
7798292aa8
sources/plex: use exception_to_string in tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:16:36 +01:00
Jens Langhammer
3005ca17bd
web/admin: show warning on provider when not used with outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:15:33 +01:00
Jens Langhammer
909461e533
providers/*: include list of outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:06:04 +01:00
Jens Langhammer
a40c3aeb68
core: make group membership lookup respect parent groups (upwards)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:53:56 +01:00
Jens Langhammer
4a89be3048
core: include parent group name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:11:17 +01:00
Jens Langhammer
023b97aa69
sources/ldap: remove deprecated default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 22:13:47 +01:00
Jens Langhammer
738e4d5c74
web/admin: only show flows with an invitation stage configured instead of all enrollment flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1720
2021-11-04 20:54:55 +01:00
Jens Langhammer
5bc1301043
stages/authenticator_*: add default name for authenticators
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 15:34:51 +01:00
Jens Langhammer
8d766efecb
root: don't set signal on start when running in ci or dev
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 14:32:21 +01:00
Jens Langhammer
b362d2af03
lib: fix linting issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:43:09 +01:00
Jens Langhammer
bcd42fce13
root: further improve detection of environment we're running in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:35:22 +01:00
Jens Langhammer
6deddd038f
internal: start embedded outpost directly after backend is healthy instead of waiting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:18:04 +01:00
Jens Langhammer
3b47cb64da
root: improve compose detection, add anonymous stats
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:21 +01:00
Jens Langhammer
cf5e70c759
lifecycle: revert to non-h11 worker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:10 +01:00
Jens Langhammer
5374352411
sources/plex: allow users to connect their plex account without login flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 21:09:02 +01:00
Jens Langhammer
08eff4cc5d
sources/plex: fix missing ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 20:21:33 +01:00
Jens Langhammer
8f6d700aa8
sources/oauth: set prompt=none for Discord provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 15:48:59 +01:00
Jens Langhammer
58c221e867
release: 2021.10.2
2021-11-03 10:07:28 +01:00
Jens Langhammer
5dc0f3b91b
website: remove static service account, use helm chart instead
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:14:01 +01:00
Jens Langhammer
f51515f3de
stages/invitation: don't throw 404 error in stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 00:07:13 +01:00
Jens Langhammer
f978575293
stages/invitation: remove invitation from plan context after deletion
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 23:50:12 +01:00
Jens Langhammer
0d02dbf55c
api: replace django sentry proxy with go proxy to prevent login issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-02 14:44:37 +01:00
Jens Langhammer
af83308fd4
stages/prompt: fix type in Prompt not having enum set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-01 20:44:48 +01:00
Jens Langhammer
6036d88392
providers/proxy: allow configuring of additional scope mappings for proxy
...
closes #1255
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 22:25:51 +01:00
Jens Langhammer
bfc8a56a0b
*: fix tests for new field show_source_labels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 18:18:21 +01:00
Jens Langhammer
5646141fe2
stages/identification: add show_source_labels option, to show labels for sources
...
closes #1679
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:57:48 +01:00
Jens Langhammer
335d6edd11
providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:21:15 +01:00
Jens Langhammer
5d9bed130a
root: fix Detection of S3 settings for backups
...
closes #1698
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 16:54:10 +01:00
Jens Langhammer
2788329880
release: 2021.10.1
2021-10-31 10:56:21 +01:00
Jens Langhammer
f5dc81907a
core: add created field to source connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 15:02:41 +02:00
Jens Langhammer
d70c8fbcc3
core: add API for all user-source connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:36:54 +02:00
Jens Langhammer
12b26e49ec
flows: optimise stage user_settings API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:16:28 +02:00
Jens Langhammer
e771e1857f
core: add API to list all authenticator devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-29 09:08:48 +02:00
Jens Langhammer
72a93c0959
root: pin node images to v16
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-28 10:29:48 +02:00
Jens Langhammer
381010600f
release: 2021.10.1-rc3
2021-10-27 18:57:07 +02:00
Jens Langhammer
1b21b50b77
providers/oauth2: fallback to uid if UPN was selected but isn't available
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 16:11:35 +02:00
Jens Langhammer
fa6324ab1d
sources/ldap: prevent key `users` from being set as this is an M2M relation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:56 +02:00
Jens Langhammer
9e0daf2bcf
sources/ldap: skip values which are of type bytes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:43:38 +02:00
Jens Langhammer
0273ae16df
events: fix error when notification transport doesn't exist anymore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:38:41 +02:00
Jens Langhammer
f2f12ef0ba
api: fix error when connection to websocket via secret_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:21:52 +02:00
Jens Langhammer
61d3df5f02
outposts: fix docker controller not using object_naming_template
...
closes #1682
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 15:04:59 +02:00
Jens Langhammer
971de4fcb9
core: add USER_ATTRIBUTE_CHANGE_EMAIL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1590 and #1677
2021-10-27 13:34:11 +02:00
Jens Langhammer
92085f1a3c
core: add toggle to completely disable backup mechanism
...
closes #1671
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-26 17:04:33 +02:00
Jens Langhammer
8eb4d53810
providers/oauth2: fix events being created from /application/o/authorize/
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 22:59:01 +02:00
Jens Langhammer
731f5d0199
release: 2021.10.1-rc2
2021-10-21 16:38:30 +02:00
Jens Langhammer
3647633232
core: cleanup embedded outpost logging, log user for http requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 22:12:49 +02:00
Jens Langhammer
eba91c6b2b
root: add cookie domain setting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 18:26:22 +02:00
Jens Langhammer
ba9f8a5795
lib: add utm_source to default links
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 17:31:27 +02:00
Jens Langhammer
02b4173d30
root: add utm_source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:34:39 +02:00
Jens Langhammer
61fab497cf
core: add user flag to prevent users from changing their usernames
...
closes #1590
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 16:17:19 +02:00
Jens Langhammer
621e7f564a
flows: also clear cache when deleting bindings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 15:25:38 +02:00
Jens Langhammer
2df4322ecf
sources/oauth: add choices to oauth provider_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 00:11:19 +02:00
Jens Langhammer
03369e2338
sources/ldap: check for existence of vendor fields before falling back
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1521
2021-10-19 15:40:40 +02:00
Jens Langhammer
5da7d9a573
release: 2021.10.1-rc1
2021-10-19 15:34:59 +02:00
Jens Langhammer
89bb27b95c
sources/ldap: fix missing arguments?
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 22:04:58 +02:00
Jens Langhammer
2b155964c2
sources/ldap: extract vendor-specific functions
...
#1521
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 21:44:10 +02:00
Jens L
922fc9b8d5
sources/oauth: add Sign in with Apple ( #1635 )
...
* sources/oauth: add apple sign in support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: apple sign in docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix missing apple in sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sources/oauth: add fallback values for name and slug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 16:35:12 +02:00
Jens Langhammer
2c06eed8e7
events: don't prefill task if they already have a state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:48:14 +02:00
Jens Langhammer
a1b3af401d
outposts: improve handling of recreate scenarios
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 14:29:37 +02:00
Jens Langhammer
92d38f62b5
outposts: handle k8s 422 response code by recreating objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:23:11 +02:00
Jens Langhammer
98a56c77e3
providers/proxy: update ingress controller to work with k8s 1.22
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:00:24 +02:00
Jens Langhammer
ce812e14c7
core: improve detection for s3 settings to trigger backup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:56:31 +02:00
Jens Langhammer
8d32a53126
outposts: add additional error checking for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-17 15:54:57 +02:00
Jens Langhammer
0225bf9c99
stages/authenticator_validate: create a default authenticator validate stage with sensible defaults
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-16 00:28:56 +02:00
dependabot[bot]
8040e2b6e4
build(deps): bump webauthn from 0.4.7 to 1.0.0 ( #1625 )
...
* build(deps): bump webauthn from 0.4.7 to 1.0.0
Bumps [webauthn](https://github.com/duo-labs/py_webauthn ) from 0.4.7 to 1.0.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases )
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v0.4.7...v1.0.0 )
---
updated-dependencies:
- dependency-name: webauthn
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* stages/authenticator_webauthn: migrate to new library version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_validate: migrate to new version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_webauthn: add bytes_to_base64url_dict for json encoding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* actually don't do that
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing response on web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more double json
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more base64 stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* working
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: always sync
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 23:26:29 +02:00
Jens Langhammer
f62786e58b
policies: add additional filters to create flow charts on frontend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
Jens Langhammer
5f9dda2e58
outposts: rename docker_image_base to container_image_base, since its not docker specific
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 20:28:30 +02:00
Ilya Kogan
0c55eea678
outposts: Adding more flexibility to outposts in Kubernetes. ( #1617 )
...
* outposts/ldap: Support hard coded `uidNumber` and `gidNumber`.
* outposts: more options for image + labels
- Set outpost docker image in config.
- Set image pull secrets in outpost config.
- Add additional labels for easier targeting from
custom services.
* Fix some linting errors.
* outposts: Rename `docker_image` to `container_image
2021-10-14 19:54:56 +02:00
Jens Langhammer
dd9dc7e596
root: fix error with sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 19:45:01 +02:00
Jens Langhammer
797e31696a
outposts: fix attribute error in docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 13:37:56 +02:00
Jens Langhammer
8eddb4b95b
admin: check for debug in worker count api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:32:30 +02:00
Jens Langhammer
4b7399f454
*: add @prefill_task() decorator to "pre-fill" tasks in cache, so they can be executed even before their schedule would do so
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 12:21:28 +02:00
Jens Langhammer
9bc9568008
stages/authenticator_sms: make fields non-nullable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 11:42:11 +02:00
Skyler Mäntysaari
634375c43f
stages/authenticator_sms: add generic provider ( #1595 )
...
* stages/sms: New SMS provider, aka wrapper for outside API
* web/pages/authenicator_sms: Conditionally show options based on provider.
* stages/authenicator_sms: Fixing up the model.
* Whoops
* stages/authenicator_sms: Adding supported auth types for Generic provider.
* web/pages/stages/authenicator_sms: Added auth type for generic provider
* web/pages/stages/authenicator_sms: Fixing up my generic provider options.
* stages/authenicator/sms: Working version of generic provider.
* stages/authenicator/sms: Cleanup and creating an event on error.
* web/ages/stages/authenicator_sms: Made a default for Auth Type and cleaned up the non-needed name attribute.
* stages/authenicator_validate: Fixing up the migration as it had no SMS.
* stages/authenicator_sms: Removd non-needed migration and better error code handling.
* stages/authenicator_sms: Removd non-needed migration and better error code handling.
* web/pages/stages/authenicator_sms: Provider default is not empty anymore.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 10:24:15 +02:00
Jens Langhammer
98907ec889
root: remove structlog.processors.format_exc_info for new structlog version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 09:42:49 +02:00
Jens Langhammer
3e5b05203b
Revert "root: handle liveness probe in router"
...
This reverts commit d39dbc7287
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 18:44:37 +02:00
Jens Langhammer
2b09d97522
core: fix squash migrations error when AK_ADMIN_TOKEN is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 17:45:10 +02:00
Jens Langhammer
d39dbc7287
root: handle liveness probe in router
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 14:54:15 +02:00
Jens Langhammer
cc69311ec0
stages/authenticator_validate: add new class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 13:13:31 +02:00
Jens Langhammer
ddb70a283e
managed: don't run managed reconciler in foreground on startup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 12:10:46 +02:00
Jens Langhammer
ecfc3a6d93
*: migrate everything to goauthentik.io docker proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 11:04:47 +02:00
Jens L
e4f141c6c0
*: Squash Migrations ( #1593 )
...
* *: first squash pass
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sources/saml: squash less
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix docker controller not correctly checking image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix old migration reference
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 21:39:35 +02:00
Jens L
aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage ( #1577 )
...
* stages/authenticator_sms: initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add initial stage UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: clear invalid state when old input was invalid but new input is correct
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add more logic
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add basic SMS settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: initial working version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_sms: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: optimise totp password manager entry on authenticator_validation stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add grouping support for table
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: allow sms class in authenticator stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add grouping to more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/authenticator_validate: add SMS support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add throttling for flow executor based on session key and pending user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix style issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: add workflow to compile backend translations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
Jens L
7bf587af24
ci: push dev images to ghcr ( #1591 )
...
* ci: push dev images to ghcr
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: use new ghcr images
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: use ghcr proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 14:08:34 +02:00
Jens Langhammer
b80ecd4668
stages/prompt: fix wrong field type of field_key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-10 18:54:56 +02:00
Jens Langhammer
d959b7a930
Merge branch 'version-2021.9'
2021-10-10 14:35:40 +02:00
Jens Langhammer
619203c177
release: 2021.9.8
2021-10-10 13:12:26 +02:00
Jens Langhammer
7d9251ce2f
root: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:56:49 +02:00
Jens Langhammer
846c971674
root: add translation for backend strings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 20:07:28 +02:00
Jens Langhammer
5b7e1f97e0
stages/authenticator_duo: remove signals
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:29:35 +02:00
Jens Langhammer
dff0613b3d
crypto: add managed field, prepare managed JWT cert
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:14:39 +02:00
Jens Langhammer
8965451073
core: add default for user's settings attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 16:01:22 +02:00
Jens Langhammer
b33ea9cc61
core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 15:35:18 +02:00
Jens Langhammer
f32d35b07c
policies/password: add extra sub_text field in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:27:24 +02:00
Jens Langhammer
9e936e4436
outposts: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:15:57 +02:00
Jens Langhammer
649abddea7
outposts: fallback to known-good outpost image if configured image cannot be pulled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:10:39 +02:00
Jens Langhammer
67b88595ad
stages/prompt: fix sub_text not allowing blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 19:00:15 +02:00
Jens Langhammer
b4ee693a5c
stages/user_write: allow recursive writing to user.attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:57:19 +02:00
Jens Langhammer
57e5acaf2f
stages/prompt: add sub_text field to add HTML below prompt fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:34:37 +02:00
Jens Langhammer
050ec99c89
flows: fix inspector history not being cleared when executing from API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:29:28 +02:00
dependabot[bot]
cbeee27fc1
build(deps): bump @sentry/tracing from 6.13.2 to 6.13.3 in /web ( #1556 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 09:39:44 +02:00
Jens Langhammer
8c27616d0c
Merge branch 'version-2021.9'
2021-10-06 21:04:16 +02:00
Jens Langhammer
e444d0d640
release: 2021.9.7
2021-10-06 20:57:56 +02:00
Jens Langhammer
d75c63d38b
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/fr_FR.po
2021-10-06 00:04:09 +02:00
Jens Langhammer
2b730dec54
release: 2021.9.6
2021-10-05 22:22:54 +02:00
Jens Langhammer
62bf79ce32
root: add docker-native healthcheck for web and celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
Jens Langhammer
d29d161ac6
admin: clear update notification when notification's version matches current version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:38 +02:00
Jens Langhammer
aee58c8d53
root: add docker-native healthcheck for web and celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:18 +02:00
Jens Langhammer
fa6df84de2
admin: clear update notification when notification's version matches current version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:36:38 +02:00
Jens Langhammer
79eec5a3a0
core: include group uuids in self serializer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:49:14 +02:00
Jens Langhammer
c1f302fb7c
core: only return group names for user_self
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:53 +02:00
Jens Langhammer
782764ac73
api: ensure viewsets have default ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
Jens Langhammer
73d57d6f82
core: make user's name field fully options
...
closes #1537
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:42 +02:00
Jens Langhammer
d1a1bfbbc5
web/user: don't show managed tokens in user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:49 +02:00
Jens Langhammer
1ac4dacc3b
outposts: fix error when comparing ports in docker controller when port mapping is disabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:15 +02:00
Jens Langhammer
9e7e22367b
core: include group uuids in self serializer
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:10:44 +02:00
Jens Langhammer
f5761dc70d
core: only return group names for user_self
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 12:31:25 +02:00
Jens Langhammer
16380b3f7a
api: ensure viewsets have default ordering
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:26:41 +02:00
Jens Langhammer
16f2603130
core: make user's name field fully options
...
closes #1537
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:23:27 +02:00
Jens Langhammer
847cfed73f
web/user: don't show managed tokens in user interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:11:34 +02:00
Jens Langhammer
05b587ae44
outposts: fix error when comparing ports in docker controller when port mapping is disabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:44:07 +02:00
Jens Langhammer
a515afae0b
recovery: handle error when user doesn't exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 10:40:59 +02:00
Jens Langhammer
1c340ddbbd
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/package-lock.json
# web/package.json
2021-10-04 22:02:56 +02:00
Jens Langhammer
bcf7e162a4
release: 2021.9.5
2021-10-04 20:08:46 +02:00
Jens Langhammer
cb37e5c10e
stages/email: add activate_user_on_success flag, add for all example flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/fr_FR.po
2021-10-04 18:50:19 +02:00
Jens Langhammer
73bb778d62
stages/user_login: add check for user.is_active and tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:50:00 +02:00
Jens Langhammer
b612a82e16
outposts: don't always build permissions on outpost.user access, only in signals and tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:57 +02:00
Jens Langhammer
09f43ca43b
events: add missing migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:50 +02:00
Steven Armstrong
1c91835a26
providers/ldap: use RDN when using posixGroup's memberUid attribute ( #1514 )
...
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.
fixes #1436
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 18:49:45 +02:00
Jens Langhammer
3634bf4629
tests/integration: fix tests failing due to incorrect comparison
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:49:10 +02:00
Jens Langhammer
0692663537
stages/email: add activate_user_on_success flag, add for all example flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:47:51 +02:00
Jens Langhammer
b5649bdcc4
stages/user_login: add check for user.is_active and tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:37:05 +02:00
Jens Langhammer
fab9a10487
outposts: don't always build permissions on outpost.user access, only in signals and tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:04:19 +02:00
Jens Langhammer
0f00b27384
events: add missing migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 17:51:31 +02:00
Steven Armstrong
ab5981836d
providers/ldap: use RDN when using posixGroup's memberUid attribute ( #1514 )
...
Use the RDN instead of the FDN when establishing group memberships based on posixGroup's 'memberUid' attribute.
fixes #1436
Signed-off-by: Steven Armstrong <steven@armstrong.cc>
2021-10-04 10:56:06 +02:00
Jens Langhammer
036a4e86e2
tests/integration: fix tests failing due to incorrect comparison
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 22:54:07 +02:00
Jens Langhammer
45f99fbaf0
outposts: fix circular import in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:26 +02:00
Jens Langhammer
83150d9920
outposts: fix circular import in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:18 +02:00
Jens Langhammer
e31a3307b5
providers/proxy: always check ingress secret in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
Jens Langhammer
d28fcca344
outposts: check ports of deployment in kubernetes outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:42 +02:00
Jens Langhammer
c296e1214c
web: fix package lock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:37 +02:00
Jens Langhammer
d30dcda814
providers/proxy: always check ingress secret in kubernetes controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:27 +02:00
Jens Langhammer
c720c9f41b
outposts: check ports of deployment in kubernetes outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:09:52 +02:00
Jens Langhammer
39d87841d0
outposts/proxy: add new headers with unified naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:20:44 +02:00
Jens Langhammer
b285814e24
sources/ldap: fix logic error in Active Directory account disabled status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 18:19:07 +02:00
Jens Langhammer
1c52836060
web: fix package lock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 01:17:41 +02:00
Jens Langhammer
8dd77793a0
sources/ldap: fix logic error in Active Directory account disabled status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 00:30:35 +02:00
Jens Langhammer
3c1ac4c7ec
outposts/proxy: add new headers with unified naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:23 +02:00
Jens Langhammer
faca127217
Merge branch 'version-2021.9'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Pipfile.lock
2021-10-01 12:19:11 +02:00
Jens Langhammer
1a6ea72c09
release: 2021.9.4
2021-10-01 09:51:51 +02:00
Jens Langhammer
c251b87f8c
sources/ldap: add support for Active Directory `userAccountControl` attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
Jens Langhammer
21a9aa229a
sources/ldap: don't sync ldap source when no property mappings are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:34:43 +02:00
Jens Langhammer
53e15bfbca
sources/ldap: add support for Active Directory `userAccountControl` attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 19:13:48 +02:00
Jens Langhammer
8bce16e6b4
sources/ldap: don't sync ldap source when no property mappings are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 18:49:18 +02:00
Jens Langhammer
10b45d954e
outposts: allow disabling of docker controller port mapping
...
closes #1474
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-30 00:11:50 +02:00
Jens Langhammer
4cb8ae760a
outposts: allow disabling of docker controller port mapping
...
closes #1474
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-29 23:55:22 +02:00
Jens L
f9ad102915
flows: inspector ( #1469 )
...
* flows: add initial inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: change naming a bit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flow: add inspector frame
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: don't use shadydom when inspecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add current stage to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/*: fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: deep-copy plan instead of just adding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: restrict inspector to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add buttons to launch flow with inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: don't automatically follow redirects when inspector is open
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: make current_plan optional, only require historry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: handle error messages in inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: improve UI when flow is done
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add is_completed flag to inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: fix monkeypatches for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add inspector tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: re-enable cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
Jens Langhammer
941bc61b31
release: 2021.9.3
2021-09-27 17:31:50 +02:00
Jens Langhammer
282b364606
stages/prompt: fix inconsistent policy context for validation policies
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-27 17:05:26 +02:00
pemontto
674bd9e05c
web/admin: Fix typo 'username address' -> 'username' ( #1473 )
2021-09-26 12:53:37 +02:00
Jens Langhammer
b248f450dd
outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
...
closes #1471
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-26 12:00:51 +02:00
pemontto
aea1736f70
outposts/proxy: Fix failing traefik healtcheck ( #1470 )
2021-09-26 11:33:18 +02:00
Jens Langhammer
4f3583cd7e
providers/proxy: make token_validity float and optional for backwards compat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:54:32 +02:00
Jens Langhammer
f7408626a8
providers/proxy: return token_validity as total seconds instead of expression
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:44:16 +02:00
Jens Langhammer
28eeb4798e
providers/proxy: add token_validity field for outpost configuration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1462
2021-09-25 15:00:06 +02:00
Jens Langhammer
79b92e764e
*: fix typos in code
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00
Jens Langhammer
919336a519
outposts: ensure service is always re-created with mismatching ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 23:45:15 +02:00
Jens Langhammer
93bdea3769
core: fix api return code for user self-update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-24 11:51:03 +02:00
Jens Langhammer
64b4e851ce
events: add additional validation for event transport
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 16:29:58 +02:00
Jens Langhammer
eddca478dc
release: 2021.9.2
2021-09-23 12:34:02 +02:00
Jens Langhammer
74169860cf
api: add logging to sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-23 09:57:42 +02:00
Jens Langhammer
2fe6de0505
release: 2021.9.1
2021-09-22 19:11:20 +02:00
Jens Langhammer
ae07f13a87
outposts: don't map port 9300 on docker, only expose port
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:40:08 +02:00
Jens Langhammer
e6b275add3
stages/invitation: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:41:05 +02:00
Jens Langhammer
27016a5527
stages/invitation: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 20:30:51 +02:00
Jens Langhammer
4c29d517f0
stages/email: use different query arguments for email and invitation tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:55:53 +02:00
Jens Langhammer
180d27cc37
outposts: don't restart container when health checks are starting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:46:05 +02:00
Jens Langhammer
3195640776
stages/email: slugify token identifier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:26:25 +02:00
Jens Langhammer
d900a2b6a9
*: fix lookup_fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:19:36 +02:00
Jens Langhammer
95a2fddfa8
policies/expression: add ak_user_has_authenticator
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:13:41 +02:00
Jens Langhammer
8f7d21b692
stages/email: don't throw 404 when token can't be found
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:01:25 +02:00
Jens Langhammer
3f84abec2f
core: fix token identifier not being slugified when created with user-controller input
...
closes #1390
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:43:25 +02:00
Jens Langhammer
b5c857aff4
api: add explicit lookup_value_regex, disable include_format_suffixes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 13:42:56 +02:00
Jens Langhammer
ac52667327
release: 2021.9.1-rc3
2021-09-19 21:52:49 +02:00
Jens Langhammer
f6e0f0282d
core: fix tokens not being viewable but superusers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 16:11:20 +02:00
Jens Langhammer
3f42067a8f
web: improve display of action buttons with non-primary classes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:57:12 +02:00
Jens Langhammer
ed6f5b98df
sources/ldap: improve messages of sync tasks in UI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:54:22 +02:00
Jens Langhammer
c85484fc00
core: allow admins to create tokens with all parameters, re-add user to token form
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-19 15:25:48 +02:00
Jens Langhammer
8279690a8f
sources/ldap: prevent error when retrying old system task with no arguments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 16:49:26 +02:00
Jens Langhammer
3d8d93ece5
root: log failed celery tasks to event log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:42 +02:00
Jens Langhammer
06af306e8a
sources/ldap: bump timeout, run each sync component in its own task
...
closes #1411
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 12:42:20 +02:00
dependabot[bot]
3e4ce62dfe
build(deps-dev): bump pylint from 2.10.2 to 2.11.1 ( #1409 )
...
* build(deps-dev): bump pylint from 2.10.2 to 2.11.1
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.10.2 to 2.11.1.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.10.2...v2.11.1 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* root: update pylint config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-17 09:46:39 +02:00
Jens Langhammer
28189bdddf
release: 2021.9.1-rc2
2021-09-16 23:23:36 +02:00
Jens L
13e2eea72f
web/user: new end-user interface ( #1404 )
...
* web/user: migrate to top navbar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: prepare config from server
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-sort
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove old interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update issue template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use notification badge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: re-add go-to-admin button
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix remaining redirects directly to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make settings better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: ensure sources and stages are sorted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add sessions and consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/oauth2: add post wrapper to stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add new interface to release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 22:17:05 +02:00
Jens L
9441be1ee2
interface split ( #943 )
2021-09-16 17:30:16 +02:00
Jens Langhammer
17503365f7
policies: improve error handling when using bindings without policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:31 +02:00
Jens Langhammer
ebf9f0ca63
stages/email: don't crash when testing stage does not exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 11:04:08 +02:00
Jens Langhammer
ae26d2756f
providers/saml: improved error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:58:51 +02:00
Jens Langhammer
124071f9be
root: remove python requirement from pipfile
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:37:43 +02:00
Jens Langhammer
341c58a722
core: fix token expiry for service accounts being only 30 minutes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 09:57:34 +02:00
Jens Langhammer
bdd5e16db1
release: 2021.9.1-rc1
2021-09-15 20:20:54 +02:00
Jens Langhammer
d4672bfe79
events: log parsed query string instead of just full path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 20:15:04 +02:00
Jens Langhammer
abd9fab41a
api: fix call of sentry proxy task
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:39:58 +02:00
Jens Langhammer
7c8bf42ef9
api: send proxied sentry events in background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 19:12:20 +02:00
Jens Langhammer
274b555912
api: add timeout for sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 18:59:27 +02:00
Jens Langhammer
916530f0d8
providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui
...
closes #1369
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 17:14:53 +02:00
Jens Langhammer
95efd47f65
root: remove asgi error handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 12:23:14 +02:00
Jens Langhammer
90ecb1af7f
outposts: fix service account's permissions being checked twice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:55:27 +02:00
Jens Langhammer
d7fdca1b44
stages/email: fix error when retrying email delivery after stage has been deleted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 09:50:11 +02:00
Denis Teyssier
37346763dc
sources/oauth: Updating token url to new google url ( #1397 )
...
the present url goes to a 404
google openid (https://accounts.google.com/.well-known/openid-configuration ) says the new url is `https://oauth2.googleapis.com/token `
not using the new url makes authentik fallback on the default auth flow
2021-09-15 09:15:19 +02:00
Jens Langhammer
ef341dd405
stages/user_write: add option to add newly created users to a group
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 21:45:34 +02:00
Jens Langhammer
3ddf2d6f85
sources/oauth: fix type lookup for openid not matching
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 14:38:35 +02:00
Jens Langhammer
ba6849f29c
*: remove string.format()
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 12:06:47 +02:00
Jens Langhammer
942170f902
Revert "sources/oauth: fix access_token being sent as query param and not authorization header"
...
This reverts commit 248f993541
.
2021-09-14 11:59:32 +02:00
Jens Langhammer
248f993541
sources/oauth: fix access_token being sent as query param and not authorization header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 11:07:36 +02:00
Jens Langhammer
3a700a449a
sources/oauth: don't try to load azure AD user ID as UUID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 09:33:44 +02:00
Jens Langhammer
23444f4df0
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:19:28 +02:00
Jens Langhammer
71e68b498e
core: optimise groups api by removing member superuser status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 18:06:37 +02:00
Jens Langhammer
fb267ee223
tenants: optimise db queries in middleware
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 17:54:37 +02:00
Jens Langhammer
a4b3519428
api: fix possible error in sentry proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 16:36:04 +02:00
Jens Langhammer
9a7fa39de4
events: allow setting a mapping for webhook transport to customise request payloads
...
closes #1383
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-12 01:05:42 +02:00
Jens Langhammer
c779ad2e3b
*: use common user agent for all outgoing requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 21:08:26 +02:00
Jens Langhammer
7e7ef289ba
admin: migrate to new update check, add option to disable update check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-11 20:35:23 +02:00
Jens Langhammer
bf771f8b6c
release: 2021.8.5
2021-09-11 19:20:13 +02:00
Jens Langhammer
df4c8003b8
api: fix items of list fields having nullable set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 18:15:59 +02:00
Jens Langhammer
39b365c6ae
sources/oauth: don't cancel flow when redirecting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 16:36:10 +02:00
Jens Langhammer
e229eda96e
outposts/controllers/kubernetes: don't create service monitor for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 15:59:39 +02:00
Jens Langhammer
4448145aa9
providers/proxy: use auth/traefik subpath
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 13:53:04 +02:00
Jens Langhammer
7dfbcdbb81
stages/authenticator_duo: add API to "import" devices from duo
...
closes #1371
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 11:35:09 +02:00
Jens Langhammer
2862b4ecfb
core: remove ?v from static files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 20:09:12 +02:00
Jens Langhammer
13d17dc729
lib: fix default listening port for metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:40:39 +02:00
Jens Langhammer
5cf3a13ca8
flows: fix invalid parameter in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:36:51 +02:00
Jens Langhammer
d0898a3869
flows: ensure all StageViews accept post, add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 16:30:14 +02:00
Jens L
7158c9d2ea
core: metrics v2 ( #1370 )
...
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens Langhammer
da58796768
providers/proxy: fix defaults for old proxy providers (load providers directly)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:54:24 +02:00
Jens Langhammer
d98499a3fa
providers/proxy: fix defaults for old proxy providers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:26:36 +02:00
Jens Langhammer
f3ff398a44
providers/proxy: add metrics port to controllers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:01:22 +02:00
Jens Langhammer
533eb59a04
outposts/controllers: re-create service when mismatched ports to prevent errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:00:53 +02:00
Jens Langhammer
502393ee56
outpost/proxyv2: allow port offset via yaml
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 21:07:06 +02:00
Jens L
3c1b70c355
outposts/proxyv2 ( #1365 )
...
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer
de3e1c3dbc
sources/oauth: fix FlowExecutor view call
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:39:03 +02:00
Jens Langhammer
3c6aac5435
sources/oauth: prevent potentially confidential data from being logged
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:05:18 +02:00
Jens Langhammer
eeb755ab7d
root: show location header in logs when redirecting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:04:00 +02:00
Jens Langhammer
70d0dd51a5
sources/oauth: cancel currently active flows before redirecting out
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-07 11:03:45 +02:00
Jens Langhammer
0bae550520
root: include authentik version in backup naming
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-05 20:25:02 +02:00
github-actions[bot]
9dbafaaea2
web: Update Web API Client version ( #1348 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:49:16 +02:00
Jens Langhammer
2db8b07578
events: add mark_all_seen
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 22:08:12 +02:00
Jens Langhammer
b7ef076798
outposts: add expected outpost replica count to metrics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:56:57 +02:00
Jens Langhammer
37c29a073e
policies/password: fix symbols not being checked correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 15:21:48 +02:00
Jens Langhammer
6ec8432217
policies/password: don't use regex for symbol detection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:36:01 +02:00
Jens Langhammer
3ba84a8e8b
stages/identification: fix empty user_fields query returning first user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 14:07:14 +02:00
Jens Langhammer
3378e82ec7
root: fix is_secure with safari on debug environments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-04 13:45:50 +02:00
Jens Langhammer
e09a27cf87
events: remove authentik_events gauge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 18:04:26 +02:00
Jens Langhammer
200e409d91
core: minor query optimization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 14:02:57 +02:00
Jens Langhammer
d92d8e6dbb
api: add additional filters for ldap and proxy providers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
Jens Langhammer
c2b9dc5c75
api: cache schema, fix server urls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:23:14 +02:00
Jens Langhammer
276d8fe5cf
release: 2021.8.4
2021-09-02 20:21:21 +02:00
Jens Langhammer
7fea20375f
*: fix tests not using APITestCase
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 19:14:21 +02:00
Jens Langhammer
f0db408699
api: add v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00
Jens Langhammer
cc5cc43baa
api: fix sentry endpoint not working due to mime-media
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 16:56:53 +02:00
Jens Langhammer
e512f085db
root: allow enabling s3 backup ssl verification
...
closes #1332
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 09:41:55 +02:00
Jens Langhammer
26fd66d831
stages/authenticator_validate: fix variable shadowing, optimization
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:54:54 +02:00
Jens Langhammer
4fc8e61f8c
stages/authenticator_validate: show single button for multiple webauthn authenticators
...
tested with browser + yubikey 5
closes #1096
The order of allowCredentials doesn't seem to matter, chrome seems to always choose the internal authenticator first.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 19:28:52 +02:00
Jens Langhammer
17cb76c334
stages/invitation: fix invitation not inheriting ExpiringModel
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-01 14:25:19 +02:00
Jens Langhammer
5745ffa0a8
ci: don't login to docker on forks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-31 09:31:10 +02:00
Jens Langhammer
1b8271d767
flows: disable compatibility_mode by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 17:18:43 +02:00
Jens Langhammer
3e9f5ec5ef
providers/proxy: improve error handling for non-tls ingresses
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:57 +02:00
Jens Langhammer
63f57b6a77
events: improve logging for task exceptions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:44 +02:00
Jens Langhammer
a016f99450
core: fix user_obj being empty on token API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 12:51:17 +02:00
Jens Langhammer
0c6e781e5b
providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 20:49:11 +02:00
Jens Langhammer
523b96a6d2
api: add basic rate limiting for sentry endpoint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 19:33:18 +02:00
Jens Langhammer
b1ed2154ac
policies/password: fix PasswordStage not being usable with prompt stages, rework validation logic
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-29 00:40:36 +02:00
Jens Langhammer
160139813d
release: 2021.8.3
2021-08-28 16:58:44 +02:00
Jens Langhammer
582ad92c76
outposts/k8s: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 14:58:26 +02:00
Jens Langhammer
f61736e3d1
stages/identification: add error handling when password isn't set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-28 12:54:10 +02:00
Jens Langhammer
2d8b4f543b
providers/proxy: fix url parsing for traefik labels on docker containers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 22:21:16 +02:00
Jens Langhammer
8542dc10ab
providers/proxy: fix docker container labels not being inherited correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 20:20:34 +02:00
Jens Langhammer
12ddee3bb6
outpost: add additional labels to docker container
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:27 +02:00
Jens Langhammer
dc41d0af27
outposts: add configurable docker_network for outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-27 19:26:11 +02:00
Jens Langhammer
c4f72c2bc1
release: 2021.8.2
2021-08-26 17:58:20 +02:00
Jens Langhammer
e92f9836e3
root: allow django auth backend for upgrading users with cache
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 17:57:25 +02:00
Jens Langhammer
897f6f3473
release: 2021.8.1
2021-08-26 16:03:45 +02:00
Jens Langhammer
2ae164df78
*: cleanup api schema warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-26 09:36:41 +02:00
Jens Langhammer
0ccec96490
core: make user optional in token creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 21:21:51 +02:00
Jens Langhammer
d79975c409
core: fix user object for token not be setable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 20:43:34 +02:00
Jens Langhammer
20d65035d5
core: fix error when user updates themselves
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 17:52:50 +02:00
Jens Langhammer
8d6227377f
core: fix error for asgi error handler with websockets
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-25 10:24:01 +02:00
Jens Langhammer
4d27694706
release: 2021.8.1-rc2
2021-08-24 21:29:29 +02:00
Jens Langhammer
d7ad5f6a16
core: add API to create service account with token for app password
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 20:09:22 +02:00
Jens Langhammer
5af9a3d3be
sources/saml: fix error when getting metadata
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:51:08 +02:00
Jens Langhammer
dec34bc948
stages/password: fix replace_inbuilt not being called
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 16:37:39 +02:00
Jens Langhammer
cc6d5765f2
web/admin: fix inconsistent ordering for ldap property mappings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:04:19 +02:00
Jens Langhammer
2ec1ff2ebb
sources/ldap: fix error when modifying ldap source with password write-back
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:41 +02:00
Jens Langhammer
884c2bd0e9
root: fix missing ldap backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 13:03:19 +02:00
Jens Langhammer
2c938ec9dc
stages/password: sort backends in migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 12:44:45 +02:00
Jens Langhammer
9733caf3b7
admin: use copy for environ api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 11:39:49 +02:00
Jens Langhammer
10e50bc77f
stages/user_login: improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:58:50 +02:00
Jens Langhammer
5be152e12d
stages/password: fix migration error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:57:20 +02:00
Jens Langhammer
b0efab6d6d
admin: add env to API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-24 10:55:46 +02:00
Jens Langhammer
c60ba91fee
core: fix auth saving entire models into session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 23:59:43 +02:00
Jens Langhammer
cba255eaaa
Merge branch 'master' into app-passwords
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/tests/test_source_flow_manager.py
# authentik/stages/authenticator_validate/tests.py
# authentik/stages/password/tests.py
# scripts/generate_ci_config.py
2021-08-23 21:21:12 +02:00
Jens L
859cf2bd8f
lib: move id and key generators to lib ( #1286 )
...
* lib: move generators to lib
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: bump default token key size
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix split being used for http basic auth instead of partition
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: don't rethrow error in ActionButton
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:27:38 +02:00
Jens Langhammer
a2578ffaad
core: add token tests for invalid intent and token auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 20:21:54 +02:00
Jens Langhammer
888526a2a7
stages/user_write: fix wrong fallback authentication backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:31:23 +02:00
Jens Langhammer
27cc5d7138
core: fix authentication error when no request is given
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 19:09:53 +02:00
Jens Langhammer
5face5410f
web/admin: select all password stage backends by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 18:08:29 +02:00
Jens Langhammer
e27a6fdeeb
events: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:48:28 +02:00
Jens Langhammer
033c9a3bd3
core: fix token intent not defaulting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:33:35 +02:00
Jens Langhammer
0b280c0a47
website: fix example flows using incorrect backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:26:07 +02:00
Jens Langhammer
07a4f474f4
website/docs: add docs for `auth_method` and `auth_method_args` fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00
Jens Langhammer
244dc671db
Merge branch 'master' into app-passwords
2021-08-23 17:12:17 +02:00
Jens Langhammer
4308136108
root: fix error_handler for websocket
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:12:11 +02:00
Jens Langhammer
69a0153619
core: use custom inbuilt backend, set backend login information in flow plan for events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:09:53 +02:00
Jens Langhammer
00e9b91f56
web/admin: fix missing app passwords backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:47:38 +02:00
Jens Langhammer
4cf76fdcda
stages/password: auto-enable app password backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:39:39 +02:00
Jens Langhammer
f217d34a98
web/admin: allow users to create app password tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:27:39 +02:00
Jens Langhammer
9a6a3e66b8
root: update schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:14:33 +02:00
Jens Langhammer
20572c728d
core: add new token intent and auth backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:05:29 +02:00
Jens Langhammer
f6953296d8
outposts: add recursion limit for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:28 +02:00
Jens Langhammer
e4790f9060
core: handle error when ?for_user is not numberical
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:25:18 +02:00
Jens Langhammer
58712047e1
root: add ASGI Error handler
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:15:12 +02:00
Jens Langhammer
85915905dc
web/flows: fix error during error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 15:11:30 +02:00
Jens Langhammer
12e2f7b945
outposts: add repair_permissions command
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:53:53 +02:00
Jens Langhammer
45d47f828a
outpost: handle non-existant permission
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:39:47 +02:00
dependabot[bot]
7efec281be
build(deps-dev): bump pylint from 2.9.6 to 2.10.2 ( #1280 )
...
* build(deps-dev): bump pylint from 2.9.6 to 2.10.2
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.9.6 to 2.10.2.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.9.6...v2.10.2 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: add missing encoding to open() calls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 10:10:31 +02:00
Jens Langhammer
7639cdad0a
release: 2021.8.1-rc1
2021-08-22 20:17:35 +02:00
Jens Langhammer
b003e8e1e8
sources/oauth: fix openidconnect provider name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 18:36:06 +02:00
Jens Langhammer
294d70ae4d
outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 17:53:09 +02:00
Jens Langhammer
3e909ae6bb
core: allow filtering users by the groups they are in
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 16:27:48 +02:00
Jens Langhammer
b4f738492d
sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:52:41 +02:00
Jens Langhammer
bff7addb55
stages/password: adjust name of default prompt stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:16:18 +02:00
Jens Langhammer
2a90c0b35e
sources/oauth2: migrate to microsoft graph instead of azure graph
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 15:15:29 +02:00
Jens Langhammer
93e27d1959
web: improve failed request handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:40:45 +02:00
Jens Langhammer
02c736d784
lib: ignore installation specific errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer
6433b5982e
api: add cache timeouts to config API for outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-21 14:14:18 +02:00
Jens Langhammer
18eccd995d
sources/plex: fix linting error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:44:54 +02:00
Jens Langhammer
495b068be5
web: add plex connection deletion support
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer
84c4547005
sources/plex: add API for user connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-17 13:02:40 +02:00
Jens Langhammer
8fe38b528b
outposts: fix managed check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-16 09:36:01 +02:00
Jens Langhammer
0a6efab7cb
outposts: fix syntax
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 20:59:37 +02:00
Jens Langhammer
b35e62e5ae
outposts: don't start docker container for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-15 18:10:49 +02:00
Jens Langhammer
2592fc3826
sources/ldap: allow for anonymous binds, fix sync_users_password not working correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 19:09:29 +02:00
Jens Langhammer
d9ece98bbc
core: fix token expiration not being updated upon key rotation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:22:42 +02:00
Jens Langhammer
1524efcf51
core: fix expired tokens not being returned by API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 17:21:53 +02:00
Jens Langhammer
c92c0102ca
website/docs: add database port parameter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-12 02:24:36 +02:00
Jens Langhammer
c6dddc97f0
core: fix error when migrating with AK_ADMIN_TOKEN set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 22:36:52 +02:00
Jens Langhammer
38292a588b
website/docs: add docs for automated installs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:57:58 +02:00
Jens Langhammer
e90da9283e
core: add support to bootstrap token on initial install using AK_ADMIN_TOKEN in environment
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 21:45:49 +02:00
Jens Langhammer
e0e0f4fa6c
core: fix users's group list not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-11 20:16:45 +02:00
Jens Langhammer
ec95a2bddc
core: allow changing of groups a user is in from user api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:31:30 +02:00
Jens Langhammer
de9d483b9f
admin: add API to show embedded outpost status, add notice when its not configured properly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 19:16:11 +02:00
Jens Langhammer
557724768a
core: add API to directly send recovery link to user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-10 13:54:59 +02:00
Jens Langhammer
d18e829d80
providers/ldap: fix error in outpost when certificate is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 20:47:26 +02:00
Jens Langhammer
7a836e0d7e
api: fix backup capability not being detected correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:32:29 +02:00
Jens Langhammer
f496b8b5d7
providers/oauth2: add more test cases for token view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:20:32 +02:00
Jens Langhammer
837fa23af0
outpost: only set embedded outpost config on creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 22:23:33 +02:00
Jens Langhammer
665c1aa81b
providers/proxy: don't create ingress when no hosts are defined
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:46:05 +02:00
Jens Langhammer
ebc6afe015
outpost: fix detection of embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 21:39:08 +02:00
Jens Langhammer
45bee4b4dc
outposts: fix test for config validation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 17:14:05 +02:00
Jens Langhammer
c025d64ba3
outpost: revert managed config, make authentik_host field optional
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:58:01 +02:00
Jens Langhammer
2a53bc4330
outpost: add fallback for authentik_host when its not set in config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:32:26 +02:00
Jens Langhammer
8180d6f9e8
outposts: don't override authentik_host for embedded outpost authentik_host
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:29:33 +02:00
Jens Langhammer
ccfc1dbcc2
*: make all PropertyMappings filterable by multiple managed attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 16:06:44 +02:00
Jens Langhammer
3367b83368
providers/saml: use idp-initiated sso flow as launch url
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 15:01:52 +02:00
Jens Langhammer
f0a8c30ce9
outposts: create different service when using embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-08 14:01:39 +02:00
Jens Langhammer
b36a3100e6
outposts: allow empty provider list for embedded provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:32:44 +02:00
Jens Langhammer
e02207f38d
outpost/embedded: use redis session backend
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 22:12:22 +02:00
Jens Langhammer
9a8240bdd1
proviers/saml: fix validation error not being raised
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:39:30 +02:00
Jens Langhammer
f6ab241219
providers/oauth2: fix accessing undefined variable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 21:35:17 +02:00
Jens Langhammer
b0f09eb2c4
web/admin: fix Table not updating selectedElements correctly after update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 20:53:28 +02:00
Jens Langhammer
9c9addb0ce
*: ensure all resources can be filtered
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-07 16:34:14 +02:00
Jens Langhammer
2d5094fdf7
root: fix formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-06 00:11:24 +02:00
Jens Langhammer
8044818a4d
core: add additional cleanup for authenticated sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 23:25:40 +02:00
Jens Langhammer
a43fb026a0
Merge branch 'version-2021.7'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/api/users.py
# authentik/providers/saml/processors/metadata_parser.py
# web/src/pages/sources/oauth/OAuthSourceForm.ts
# web/src/pages/sources/plex/PlexSourceForm.ts
# web/src/pages/users/UserForm.ts
2021-08-05 20:23:32 +02:00
Jens Langhammer
18211a2033
release: 2021.7.3
2021-08-05 19:23:03 +02:00
Jens Langhammer
1b91543add
core: add UserSelfSerializer and separate method for users to update themselves with limited fields
...
rework user settings page to better use form
closes #1227
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/api/users.py
# web/src/elements/forms/ModelForm.ts
# web/src/pages/user-settings/UserDetailsPage.ts
# web/src/pages/user-settings/UserSettingsPage.ts
2021-08-05 17:47:45 +02:00
Jens Langhammer
6fe5175f21
core: add UserSelfSerializer and separate method for users to update themselves with limited fields
...
rework user settings page to better use form
closes #1227
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 17:42:19 +02:00
Jens Langhammer
aa4f7fb2b6
providers/saml: fix error when PropertyMapping return value isn't string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-04 00:22:07 +02:00
Jens Langhammer
4f1c11c5ef
providers/saml: add WantAssertionsSigned
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/saml/processors/metadata_parser.py
2021-08-04 00:21:54 +02:00
Jens Langhammer
a449f9c69b
providers/saml: fix error when PropertyMapping return value isn't string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:56 +02:00
Jens Langhammer
36b346662c
providers/saml: add WantAssertionsSigned
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 22:40:13 +02:00
Jens Langhammer
9d392931df
root: fix lint errors from re-format
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 18:09:16 +02:00
Jens Langhammer
77ed25ae34
root: reformat to 100 line width
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
Jens Langhammer
9c9bcb7a01
Merge branch 'version-2021.7'
2021-08-01 19:23:22 +02:00
Jens Langhammer
add7a80fdc
release: 2021.7.2
2021-08-01 19:11:50 +02:00
Jens Langhammer
aac91c2e9d
stages/email: handle OSError
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
Jens Langhammer
85e86351cd
flows: fix flows not redirecting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 18:25:53 +02:00
Jens Langhammer
a939e224fc
stages/email: handle OSError
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:53:13 +02:00
Jens Langhammer
1fc2bcf02b
flows: fix flows not redirecting correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 17:50:43 +02:00
Jens Langhammer
d767504474
flows: don't check redirect URL when set from flow plan (set from authentik or policy)
...
closes #1203
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer
f84cd6208c
flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer
1ec540ea9a
providers/saml: fix metadata being inaccessible without authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:23:46 +02:00
Jens Langhammer
4e5dba1d0b
flows: don't check redirect URL when set from flow plan (set from authentik or policy)
...
closes #1203
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 15:10:45 +02:00
Jens Langhammer
92a448b677
flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:56:48 +02:00
Jens Langhammer
f875149983
providers/saml: fix metadata being inaccessible without authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:50:17 +02:00
Jens Langhammer
29fe731bbf
providers/saml: fix Error when getting metadata for invalid ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 14:09:22 +02:00
Jens Langhammer
d70b81fe43
providers/saml: fix Error when getting metadata for invalid ID
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:50:54 +02:00
Jens Langhammer
26e66969c9
stages/invitation: delete invite only after full enrollment flow is completed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:22:02 +02:00
Jens Langhammer
b58c913618
stages/invitation: delete invite only after full enrollment flow is completed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 13:21:27 +02:00
Jens Langhammer
72b7642c5a
outposts: catch invalid ServiceConnection error in outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
Jens Langhammer
a97f842112
sources/plex: add background task to monitor validity of plex token
...
closes #1205
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:33:21 +02:00
Jens Langhammer
35c1476bbe
outposts: catch invalid ServiceConnection error in outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:25:11 +02:00
Jens Langhammer
18bb4fd0bf
sources/plex: add background task to monitor validity of plex token
...
closes #1205
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-01 12:24:52 +02:00
Jens Langhammer
293c479364
outposts: ensure embedded outpost is created with integration selected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-31 21:09:38 +02:00
Jens Langhammer
0cb4d64b57
stages/email: fix error when re-requesting email after token has expired
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
Jens Langhammer
a4fd58a0db
events: ensure fallback result is set for on_failure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:42 +02:00
Jens Langhammer
8ceef82c55
stages/email: fix error when re-requesting email after token has expired
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:39:24 +02:00
Jens Langhammer
f933cd99ad
events: ensure fallback result is set for on_failure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-30 09:37:53 +02:00
Jens Langhammer
fb6e8ca1eb
events: remove default result for MonitoredTasks, only save when result was set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:43:29 +02:00
Jens Langhammer
7ac5091e5a
events: remove default result for MonitoredTasks, only save when result was set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:42:56 +02:00
Jens Langhammer
bc9ff792a8
outposts: manage config for embedded outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 22:29:38 +02:00
Jens Langhammer
a5c8caf909
providers/oauth2: fix error when requesting jwks keys with no rs256 aet
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:59 +02:00
Jens Langhammer
8495ff9fc0
providers/oauth2: fix error when requesting jwks keys with no rs256 aet
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 21:22:31 +02:00
Jens Langhammer
a3981dd3cd
providers/proxy: fix hosts for ingress not being compared correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:35:50 +02:00
Jens Langhammer
affafc31cf
sources/ldap: improve ms-ad password complexity checking
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:35:47 +02:00
Jens L
f01bc20d44
Embedded outpost ( #1193 )
...
* api: allow API requests as managed outpost's account when using secret_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load secret key from env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: make listener IP configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: run outpost in background and pass requests conditionally
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: unify branding to embedded
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix embedded outpost not being editable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix mismatched host detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix LDAP test not including user for embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix user matching
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: add tests for secret_key auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: load environment variables using github.com/Netflix/go-env
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:30:30 +02:00
Jens Langhammer
75ff2480e2
providers/proxy: fix hosts for ingress not being compared correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-28 16:08:06 +02:00
Jens Langhammer
bc7f84fff4
sources/ldap: improve ms-ad password complexity checking
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-28 12:47:52 +02:00
Jens Langhammer
e6b515e3f7
release: 2021.7.1
2021-07-27 10:35:45 +02:00
Jens Langhammer
b752540800
core: fix pagination not working correctly with applications API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-26 19:12:23 +02:00
Jens Langhammer
e7b7bfddd6
providers/oauth2: fix blank redirect_uri not working with TokenView
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-26 11:29:16 +02:00
Jens Langhammer
f21ebf5488
core: add tests for flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 23:20:38 +02:00
Jens Langhammer
5615613ed1
core: fix CheckApplication's for_user flag not being checked correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 22:29:15 +02:00
Jens Langhammer
669329e49c
tenants: set tenant uuid in sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-25 22:28:09 +02:00
Jens Langhammer
3c9cc9d421
Merge branch 'version-2021.7'
2021-07-24 20:07:42 +02:00
Jens Langhammer
1972464a20
tenants: make event retention configurable on tenant level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-24 20:07:12 +02:00
Jens Langhammer
3041a30193
release: 2021.7.1-rc2
2021-07-24 18:32:05 +02:00
Jens Langhammer
8ae7403abc
core: add group filter by member username and pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 19:35:41 +02:00
Jens Langhammer
f6e1bfdfc8
outpost: fix 100% CPU Usage when not connected to websocket
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-23 18:57:26 +02:00
Jens Langhammer
8cd1223081
core: add email filter for user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 20:10:42 +02:00
Jens Langhammer
0a3fade1fd
providers/proxy: remove deprecated field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 16:20:26 +02:00
Jens Langhammer
ff64814f40
web/admin: improve UI for notification toggle
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 14:17:56 +02:00
Jens Langhammer
66bfa6879d
outposts/proxy: add X-Auth-Groups header to pass groups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:47:58 +02:00
Jens Langhammer
c05240afbf
lib: fix outpost fake-ip not working, add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:10:25 +02:00
Jens Langhammer
7370dd5f3f
outposts: ensure outpost SAs always have permissions to fake IP
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:02:20 +02:00
Jens Langhammer
896e5adce2
sources/ldap: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 00:40:55 +02:00
Jens Langhammer
a3abbcec6a
sources/ldap: improve error handling for property mappings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:49:09 +02:00
Jens Langhammer
70e000d327
providers/saml: improve error handling for property mappings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 23:14:03 +02:00
Jens Langhammer
a7467e6740
providers/oauth2: handler PropertyMapping exceptions and create event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 22:51:39 +02:00
Jens Langhammer
b3da94bbb8
core: broaden error catching for propertymappings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 22:50:39 +02:00
Jens Langhammer
39ad9d7c9d
release: 2021.7.1-rc1
2021-07-21 10:44:40 +02:00
Jens Langhammer
ba9a4efc9b
providers/oauth2: fix nonce field not being optional
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:34:01 +02:00
Jens Langhammer
902378af53
providers/oauth2: fix redirect_uris not having blank set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:22:09 +02:00
Jens Langhammer
2352a7f4d6
providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-21 00:21:08 +02:00
Jens Langhammer
a2c587be43
outposts: don't authenticate as service user for flows to set remote-ip
...
set outpost token as additional header and check that token (user) if they can override remote-ip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-19 13:17:13 +02:00
Jens Langhammer
538a466090
root: fix middleware exception for outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 22:10:50 +02:00
Jens Langhammer
322a343c81
root: fix log level not being set to DEBUG for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-18 21:45:08 +02:00
Jens Langhammer
b3159a74e5
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Dockerfile
# internal/outpost/ak/api.go
# internal/outpost/ak/api_uag.go
# internal/outpost/ak/global.go
# internal/outpost/ldap/api_tls.go
# internal/outpost/ldap/instance_bind.go
# internal/outpost/ldap/utils.go
# internal/outpost/proxy/api_bundle.go
# outpost/go.mod
# outpost/go.sum
# outpost/pkg/ak/cert.go
2021-07-17 12:49:38 +02:00
Starz0r
ae77c872a0
root: celery requires additional parameters when tls is enabled ( #1148 )
2021-07-16 08:51:09 +02:00
Starz0r
a5bb583268
root: optional TLS support on redis connections ( #1147 )
...
* root: optional TLS support on redis connections
* root: don't use f-strings when not interpolating variables
* root: use f-string in redis protocol prefix interpolation
* root: glaring typo
* formatting
* small formatting change I missed
* root: swap around default redis protocol prefixes
2021-07-15 11:48:52 +02:00
Jens Langhammer
212ff11b6d
api: fix Capabilities check for s3 backup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-15 09:58:07 +02:00
Jens Langhammer
aa701c5725
core: don't delete expired tokens, rotate their key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:47:32 +02:00
Jens Langhammer
6f98833150
core: allow users to create non-expiring tokens when flag is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 21:15:14 +02:00
Jens Langhammer
7c2decf5ec
providers/ldap: squash migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-14 09:22:25 +02:00
Lukas Söder
7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. ( #1138 )
...
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.
The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.
The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.
I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.
* Add a 'fake' primary group for each user
* First attempt att adding config to interface
* Updated API to support new fields
* Refactor code, update documentation and remove obsolete comment
Simplify `GetRIDForGroup`, was a bit overcomplicated before.
Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User
Add proper support in the interface for changing gidNumber and uidNumber starting points
* make lint-fix for the migration files
2021-07-14 09:17:01 +02:00
Jens Langhammer
84e9748340
policies/reputation: handle cache error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-13 18:47:32 +02:00
Jens L
7dfc621ae4
LDAP Provider: TLS support ( #1137 )
2021-07-13 18:24:18 +02:00
Jens Langhammer
2036827f04
api: add sentry tunnel
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-13 10:58:14 +02:00
Starz0r
5cfbb0993a
Allow for Configurable Redis Port ( #1124 )
...
* root: make redis port configurable
* root: parse redis port from config as an integer
* code formatting
* lifecycle: truncate line under 100 chars
* lifecycle: incorrect indenting on newline
2021-07-12 11:01:41 +02:00
Jens Langhammer
02f87032cc
Merge branch 'master' into inbuilt-proxy
2021-07-11 12:41:16 +02:00
Jens Langhammer
3c0cc27ea1
events: fix error when slack notification request failed without a response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:52:19 +02:00
Jens Langhammer
ec254d5927
flows: allow variable substitution in flow titles
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:46:39 +02:00
Jens Langhammer
92ba77e9e5
core: fix error when setting icon/background to url longer than 100 chars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-09 19:31:32 +02:00
Jens Langhammer
90fe1c2ce8
providers/oauth2: allow blank redirect_uris to allow any redirect_uri
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-08 19:28:35 +02:00
Jens Langhammer
40428f5a82
providers/saml: fix parsing of POST bindings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 16:54:58 +02:00
Jens Langhammer
007838fcf2
root: subclass SessionMiddleware to set Secure and SameSite flag depending on context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 14:48:36 +02:00
Jens Langhammer
7c51afa36c
root: set samesite to None for SAML POST flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-06 12:39:51 +02:00
Jens Langhammer
948db46406
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
2021-07-05 19:11:26 +02:00
Jens Langhammer
adc4cd9c0d
release: 2021.6.4
2021-07-05 16:59:29 +02:00
Jens Langhammer
df92111296
outposts: update outpost permissions on m2m change
...
closes #1105
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 19:37:12 +02:00
Jens Langhammer
5afe88a605
outposts: fix empty message when docker outpost controller has changed nothing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 13:48:43 +02:00
Jens Langhammer
320dab3425
core: only show `Reset password` link when recovery flow is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:59:41 +02:00
Jens Langhammer
5fd408ca82
outposts: fix docker controller not checking ports correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:32:55 +02:00
Jens Langhammer
becb9e34b5
outposts: fix docker controller not checking env correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 22:17:29 +02:00
Jens Langhammer
4917ab9985
outposts: fix container not being started after creation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 21:59:47 +02:00
Jens Langhammer
bd92505bc2
core: add notice about duplicate keys
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 21:52:28 +02:00
Jens Langhammer
bf0141acc6
crypto: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:57:25 +02:00
Jens Langhammer
0c8d513567
stages/user_write: add wrapper for post to user_write
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:37 +02:00
Jens Langhammer
d07704fdf1
crypto: show both sha1 and sha256 fingerprints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:25:27 +02:00
Jens Langhammer
086a8753c0
flows: handle old cached flow plans better
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 19:22:09 +02:00
Jens Langhammer
2c9b596f01
web/admin: run explicit update after loading instance
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:41:42 +02:00
Jens Langhammer
7257108091
sources/oauth: create configuration error event when profile can't be parsed as json
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 16:11:49 +02:00
Jens Langhammer
77a507d2f8
providers/oauth2: add revoked field, create suspicious event when previous token is used
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:59:01 +02:00
Jens Langhammer
3e60e956f4
providers/oauth2: fix CORS headers not being set for unsuccessful requests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:49:00 +02:00
Jens Langhammer
84ec70c2a2
providers/oauth2: use self.expires for exp field instead of calculating it again
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-03 15:32:58 +02:00
Jens Langhammer
3dc9e247d5
Merge branch 'master' into inbuilt-proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# internal/constants/constants.go
# outpost/pkg/version.go
2021-07-02 16:23:30 +02:00
Jens Langhammer
3e26170f4b
providers/oauth2: deepmerge claims
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-01 17:33:46 +02:00
dependabot[bot]
d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 ( #1095 )
...
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: update source for new pylint version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-30 10:37:28 +02:00
Jens Langhammer
2a0bd50e23
outposts: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 17:08:12 +02:00
Jens Langhammer
ce49d7ea5b
outposts: make managed outposts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-29 16:20:44 +02:00
Jens Langhammer
8429dd19b2
Merge branch 'master' into inbuilt-proxy
2021-06-29 16:20:24 +02:00
Jens Langhammer
680b182d95
release: 2021.6.3
2021-06-29 16:19:07 +02:00
Jens Langhammer
621843c60c
flows: fix migration dependency issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:55:07 +02:00
Jens Langhammer
c19da839b1
stages/user_write: add create_users_as_inactive flag
...
close #1086
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 23:24:54 +02:00
Jens Langhammer
fea1f3be6f
stages/prompt: ensure hidden and static fields keep the value they had set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 22:29:36 +02:00
Jens Langhammer
6f5ec7838f
events: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:57:28 +02:00
Jens Langhammer
5d3931c128
events: ignore notification non-existent in transport
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:15:00 +02:00
Jens Langhammer
262a8b5ae8
api: use partition instead of split for token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 20:13:08 +02:00
Jens Langhammer
2b1356bb91
flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses
...
closes #1079
Default value of `retry` behaves like previous version.
`restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-28 00:22:09 +02:00
Jens Langhammer
ba9edd6c44
flows: handle possible errors with FlowPlans received from cache
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 22:03:48 +02:00
Jens Langhammer
3b2b3262d7
flows: add FlowStageBinding to flow plan instead of just stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 18:47:04 +02:00
Jens Langhammer
5431e7fe9d
tenants: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 15:12:47 +02:00
Jens Langhammer
7d9c74ce04
tenants: include all default flows in current_tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:47:49 +02:00
Jens Langhammer
60c3cf890a
events: add ability to create events via API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 23:37:03 +02:00
Jens Langhammer
0403f6d373
web/admin: add flow export button on flow view page
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 22:03:19 +02:00
Jens Langhammer
9bd613a31d
stages/authenticator_duo: fix component not being set in API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 20:49:58 +02:00
Jens Langhammer
3fe0483dbf
core: fix flow background not correctly loading on initial draw
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-26 20:29:45 +02:00
Jens Langhammer
b8bdf7a035
outposts: fix outpost being re-created when in host mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 15:15:18 +02:00
Jens Langhammer
a3ff7cea23
providers/oauth2: fix usage of timedelta.seconds
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 11:55:00 +02:00
Jens Langhammer
bb776c2710
outposts: check docker container ports match
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-25 11:54:35 +02:00
Jens Langhammer
6930c84425
events: only create SYSTEM_EXCEPTION event when error would've been sent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-24 13:01:41 +02:00
Jens Langhammer
1554dc9feb
outposts: make outpost managed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 21:26:24 +02:00
Jens Langhammer
2b98637ca5
lib: fix regex_match result being inverted, add tests
...
closes #1073
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-23 20:06:43 +02:00
Jens Langhammer
d1198fc6c1
sources/ldap: improve error handling when checking for password complexity on non-ad setups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1067
2021-06-23 00:24:05 +02:00
Jens Langhammer
31a58e2c25
release: 2021.6.2
2021-06-22 23:35:10 +02:00
Jens Langhammer
b69248dd55
stages/authenticator_validate: fix error when using not_configured_action=configure
...
closes #1048
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 20:08:58 +02:00
Jens Langhammer
5ff5edf769
outposts: improve logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 18:51:02 +02:00
Jens Langhammer
939889e0ec
tenants: fix footer_links for moved config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 15:48:17 +02:00
Jens Langhammer
19ae6585dc
lib: add tests for config loader
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 13:12:07 +02:00
Jens Langhammer
c6ede78fba
core: add support for custom urls for avatars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-22 12:25:24 +02:00
Jens Langhammer
9b5e3921cb
providers/saml: better handle decoding errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 22:48:34 +02:00
Jens Langhammer
f6026fdb13
root: allow loading local /static files without debug flag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 21:21:35 +02:00
Jens Langhammer
a4856969f4
outposts: fix port and inner_port being mixed on docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 19:19:06 +02:00
Jens Langhammer
2aa7266688
crypto: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 16:24:03 +02:00
Jens Langhammer
c0c246edab
crypto: catch error when loading private key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 15:57:48 +02:00
Jens Langhammer
831b32c279
core: fix PropertyMapping's globals not matching Expression policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 15:54:43 +02:00
Jens Langhammer
70ccc63702
core: remove default flow background from default css, set static in base_full and dynamically in if/flow
...
closes #1056
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:37:34 +02:00
Jens Langhammer
de954250e5
root: make general cache timeouts configurable
...
closes #974
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:18:49 +02:00
Jens Langhammer
f268bd4c69
policies: make policy result cache timeout configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:17:58 +02:00
Jens Langhammer
57a48b6350
flows: make flow plan cache timeout configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 10:17:11 +02:00
Jens Langhammer
9aac114115
root: save temporary database dump in /tmp
...
closes #1055
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-21 09:58:19 +02:00
Jens Langhammer
4327b35bc3
tenants: fix tenant not being queried correctly when using accessing over a child domain
...
closes #1044
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 14:39:21 +02:00
Jens Langhammer
f7047df40e
policies: don't use policy cache when checking application access
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-20 13:30:07 +02:00
Jens Langhammer
ede072889e
core: deepmerge user.group_attributes, use group_attributes for user settings
...
closes #1051
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-19 19:52:55 +02:00
Jens Langhammer
9cb7e6c606
root: set outposts.docker_image_base to gh-master for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-19 15:49:49 +02:00
Jens Langhammer
fe6963c428
release: 2021.6.1
2021-06-17 22:14:52 +02:00
Jens Langhammer
19cac4bf43
providers/saml: fix error when getting transient user identifier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 13:52:10 +02:00
Jens Langhammer
4ca564490e
providers/saml: add support for NameID type unspecified
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 12:45:53 +02:00
Jens Langhammer
fcb795c273
providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-17 12:22:40 +02:00
Jens Langhammer
cbea51ae5b
stages/authenticator_duo: make Duo-admin viewset writeable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:17:26 +02:00
Jens Langhammer
e743f13f81
recovery: fix error when creating multiple keys for the same user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:04:35 +02:00
Jens Langhammer
b20a8b7c17
stages/authenticator_duo: fix error when enrolling an existing user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 23:04:24 +02:00
Jens Langhammer
b53c94d76a
flows: fix error when stage has incorrect type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:52:00 +02:00
Jens Langhammer
d4419d66c1
core: fix error when creating AuthenticatedSession without key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:51:48 +02:00
Jens Langhammer
79044368d2
core: fix error getting stages when enrollment flow isn't set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-16 22:45:42 +02:00
Jens Langhammer
d9287d0c0e
Merge branch 'next'
2021-06-15 23:43:44 +02:00
Jens Langhammer
dec7a9cfb9
website/docs: add docs for flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 22:14:23 +02:00
Jens Langhammer
e0f48a30b7
release: 2021.6.1-rc6
2021-06-15 21:18:33 +02:00
Jens Langhammer
e8978adc1b
outpost: fix syntax error when creating an outpost with connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-15 18:39:51 +02:00
Jens Langhammer
800df332b5
stages/authenticator_duo: don't create default duo stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:55:37 +02:00
Jens Langhammer
16c194d2dc
core: fix upload api not checking clear properly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:34:47 +02:00
Jens Langhammer
53100a72fe
stages/identification: fix challenges not being annotated correctly and API client not loading data correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:28:11 +02:00
Jens Langhammer
ec4c3f44cb
events: don't create system exception event in debug
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 22:16:27 +02:00
Jens Langhammer
f10bd432b3
policies/reputation: fix race condition in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 20:40:40 +02:00
Jens Langhammer
74e578c2bf
events: add tenant to event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 18:43:29 +02:00
Jens Langhammer
e584fd1344
events: catch unhandled exceptions from request as event, add button to open github issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 17:22:58 +02:00
Jens Langhammer
0e02925a3d
stages/authenticator_validate: add tests for authenticator validation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 16:32:36 +02:00
Jens Langhammer
5b837c3ccc
providers/saml: improve error handling for signature errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 12:51:42 +02:00
Jens Langhammer
2580371f94
outposts: fix error when getting component for base service connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 12:38:29 +02:00
Jens Langhammer
4e9be85353
website/docs: add docs for outpost configuration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-14 09:21:35 +02:00
Jens Langhammer
79508e1965
core: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 23:41:50 +02:00
Jens Langhammer
3a88dde545
web: fix declaration of Intl
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 23:13:43 +02:00
Jens Langhammer
cabbd18880
core: revert check_access API to get to prevent CSRF errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 21:47:49 +02:00
Jens Langhammer
bb8559ee18
web: remove base interface
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 19:54:27 +02:00
Jens Langhammer
afb84c7bc5
flows: fix error clearing flow background when no files have been uploaded
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 14:14:41 +02:00
Jens Langhammer
fc8004db2b
outposts: fix integrity error with tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 13:36:54 +02:00
Jens Langhammer
ddfc943bba
root: fix build_hash being set incorrectly for tagged versions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 13:32:18 +02:00
Jens Langhammer
572b8d87b5
api: fix import error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:59:28 +02:00
Jens Langhammer
31d2ea65fd
provider/proxy: mark forward_auth flag as deprecated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:39:25 +02:00
Jens Langhammer
f4ac2f50e2
sources/saml: check sessions before deleting user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-13 12:39:10 +02:00
Jens Langhammer
f10286edf8
Merge branch 'version-2021.6' into next
2021-06-12 20:43:12 +02:00
Jens Langhammer
d789dcc28f
core: fix impersonation not working with inactive users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 20:41:02 +02:00
Jens Langhammer
74e4e8f6aa
core: delete real session when AuthenticatedSession is deleted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 17:37:32 +02:00
Jens Langhammer
d78fda990a
release: 2021.6.1-rc5
2021-06-12 15:19:24 +02:00
Jens Langhammer
10d949f7a9
stages/password: add constants for password backends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-12 12:14:55 +02:00
Jens Langhammer
676b77aa7c
stages/identification: add UPN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:48:39 +02:00
Jens Langhammer
e35e096266
stages/authenticator_webauthn: use tenant title as RP_NAME
...
closes #1004
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:17:25 +02:00
Jens Langhammer
7af12d4fec
stages/authenticator_totp: set TOTP issuer based on slug'd tenant title
...
closes #1004
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:16:37 +02:00
Jens Langhammer
8d6db0fabf
flows: fix configuration URL being set when no flow is configure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 22:07:26 +02:00
Jens Langhammer
e25f6aea8c
release: 2021.6.1-rc4
2021-06-10 18:59:00 +02:00
Jens Langhammer
2c15ab9995
release: 2021.6.1-rc3
2021-06-10 18:04:59 +02:00
Jens Langhammer
6c985acb36
release: 2021.6.1-rc2
2021-06-10 14:10:47 +02:00
Jens Langhammer
d878d2140e
providers/saml: add metadata download link to api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 14:06:44 +02:00
Jens Langhammer
4766d6ff3d
flows: add export URL to API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:52:50 +02:00
Jens Langhammer
3a64d97040
crypto: add download links as API fields
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 13:46:12 +02:00
Jens Langhammer
2275ba3add
flows: fix get_pending_user returning in-memory user when PLAN_CONTEXT_PENDING_USER_IDENTIFIER is set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 12:17:46 +02:00
Jens Langhammer
9f7c941426
Merge branch 'master' into next
2021-06-10 11:59:10 +02:00
Jens L
34ae9e6dab
API: add endpoint to show by what objects an object is used ( #995 )
...
* core: add used_by API to show what objects are affected before deletion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add support for used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add authentik_used_by_shadows to shadow other models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: implement used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix duplicate imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add action field to used_by api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add UI for used_by action
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add notice to tenant form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix naming in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: check length for used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix used_by for non-pk models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: improve __str__ on models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add support for many to many in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-10 11:58:12 +02:00
Jens Langhammer
5235e00d3c
stages/authenticator_validate: add more logging for challenges
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 23:58:08 +02:00
Jens Langhammer
d4379ecd31
flows: fix configure_url not being set correctly User settings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 19:25:27 +02:00
Jens Langhammer
f4a53c89ef
release: 2021.6.1-rc1
2021-06-09 11:01:14 +02:00
Jens Langhammer
2210497569
events: add EMAIL_SENT event, show sent emails in event log
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:28:32 +02:00
Jens Langhammer
2addf71f37
outposts: add service connection to outpost API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 09:45:14 +02:00
Jens L
dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain ( #971 )
...
* outposts: initial cookie domain implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add cookie domain setting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: replace forward_auth_mode with general mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: rebuild proxy provider form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: re-add forward_auth_mode for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix data.mode not being set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: always set log level to debug when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: use new mode attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only ingress /akprox on forward_domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix error on ProxyProviderForm when not using proxy mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix default for outpost form's type missing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add additional desc for proxy modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix service account permissions not always being updated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: fix redirecting to incorrect host for domain mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling for network errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: fix image naming not matching main imaeg
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: fix redirects for domain mode and traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix colour for paragraphs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix consent stage not showing permissions correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add domain-level docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix broken links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: remove dead code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix missing id for #header-text
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 23:10:17 +02:00
Jens Langhammer
fb8d67a9d9
core: add configure_url to UserSettings for both stages and sources
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 19:21:27 +02:00
Jens Langhammer
029d58191e
sources/saml: include metadata download link in API response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:22:03 +02:00
Jens Langhammer
75404f1345
web/admin: pass full configure flow URL instead of just boolean
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 17:14:54 +02:00
Jens Langhammer
ba1b23c879
flows: move flow relevant info into ContextualFlowInfo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 16:53:28 +02:00
Jens Langhammer
25f987ba2b
stages/prompt: add more tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 17:40:06 +02:00
Jens Langhammer
f23111beff
stages/user_write: add tests for duplicate data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 16:42:01 +02:00
Jens Langhammer
0f693158b6
stages/email: add tests for inaccessible email templates
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-07 16:09:39 +02:00
Jens Langhammer
fceab788d2
outposts: fix error during outpost disconnect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 19:25:09 +02:00
Jens Langhammer
88cc38394e
root: improve sentry tags to simplify queries
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 14:51:43 +02:00
Jens Langhammer
90a5c84ac8
core: make EndSessionView inherit PolicyAccessView
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 14:07:50 +02:00
Jens Langhammer
9180d448df
core: move end-session to core
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 13:56:38 +02:00
Jens Langhammer
1f35f73c66
api: add CAN_BACKUP capability
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 12:44:43 +02:00
Jens Langhammer
0032f535da
core: add minor tests for users api
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 01:23:04 +02:00
Jens Langhammer
17326615b7
events: rewrite GeoIP to a wrapper, reload file every 8 hours
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 00:42:41 +02:00
Jens Langhammer
f5dbdbd48b
*: add clear param to file upload API to delete stored file and reset field
...
closes #949
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 21:33:03 +02:00
Jens Langhammer
277c2f4aad
core: make application.meta_icon nullable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#949
2021-06-05 21:06:52 +02:00
Jens Langhammer
ba3e0a0586
core: fix flow query
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:30:56 +02:00
Jens Langhammer
7581c84a37
flows: fix tests using flow.background.url
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:29:31 +02:00
Jens Langhammer
86b450c6d1
flows: add compatibility_mode to toggle ShadyDOM
...
closes #894
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 20:04:30 +02:00
Jens Langhammer
0b90cfcec4
flows: set default background in code not model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 19:38:13 +02:00
Jens Langhammer
cefe3fa6dd
outposts: fix docker controller always replacing beta images
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 16:08:20 +02:00
Jens Langhammer
24da24b5d5
stages/identification: allow setting of a password stage to check password and identity in a single step
...
closes #970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-05 16:05:03 +02:00
Jens Langhammer
f996f9d4e3
tests/e2e: ensure outpost service account has correct permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-04 09:46:31 +02:00
Jens Langhammer
7b39718bd1
tenants: fix fallback for unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 22:40:01 +02:00
Jens Langhammer
e9621bae06
tests: show logs for containers on failed e2e tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 22:17:18 +02:00
Jens Langhammer
0eaabbc0f3
admin: fix upgrading deletion of tasks when listing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:42:13 +02:00
Jens Langhammer
5e3628bea6
core: add fallback URLs for websocket to cleanup test logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:26:18 +02:00
Jens Langhammer
290ebef8e3
core: instead of migrating sessions, clear cache on initial upgrade
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 17:20:25 +02:00
Jens Langhammer
46ab1d20df
stages/email: fix token being created without identifier
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 14:54:07 +02:00
Jens Langhammer
48e68d6852
core: fix token identifier not being set to unique
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 11:45:48 +02:00
Jens Langhammer
ed3859800c
core: improve API validation for Application's set_icon_url (fix JSON Syntax Error)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 00:39:56 +02:00
Jens Langhammer
06b7f62a40
core: make app's meta_launch_url textfield
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-03 00:21:20 +02:00
Jens Langhammer
d32e40b1f8
tenants: fix unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 22:38:30 +02:00
Jens Langhammer
cec47c3cfc
providers/oauth2: show id_token issues for refresh token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 22:05:04 +02:00
Jens Langhammer
3ea2b16a12
tenants: add separate field for favicon url
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:31:04 +02:00
Jens Langhammer
974ddc07f7
web: improve loading of custom favicon
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:19:39 +02:00
Jens Langhammer
2f64b76eba
flows: fix invalid background URL when using manually set static or http
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 21:09:54 +02:00
Jens Langhammer
b50ac96605
providers/oauth2: remove size limit on Access code nonce
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 20:20:07 +02:00
Jens Langhammer
6d0e0cbe5a
outposts: improve validation of providers (must match outpost type)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 16:04:41 +02:00
Jens Langhammer
4f04ab7a5f
sources/oauth: fix azure AD get_profile_info not working
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 11:34:59 +02:00
Jens Langhammer
35bcd5d174
sources/oauth: improve debug logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 11:34:18 +02:00
Jens Langhammer
644ff4a90c
outposts: fix error when validating kubeconfig
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-02 10:25:59 +02:00
Alex
ef8b26db13
Fix typo in migrations for authenticator_webauthn ( #950 )
2021-06-01 00:24:20 +02:00
Jens Langhammer
e24a9e3119
policies: fix missing negate flag of policy bindings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-31 11:50:29 +02:00
Jens Langhammer
80adafdb48
admin: fix attribute error when loading old taskinfo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 16:22:13 +02:00
Jens Langhammer
72f5a4c460
outposts: fix possible recursion error in docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 16:22:02 +02:00
Jens L
fb6242d2d3
Merge pull request #941 from goauthentik/authenticated-sessions
...
Session management
2021-05-30 15:12:49 +02:00
Jens Langhammer
b9773d39c0
core: add tests for authenticated sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:43:00 +02:00
Jens Langhammer
0e8d9aa45d
api: add System info API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 14:01:20 +02:00
Jens Langhammer
fc45d35699
core: add migration for sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 13:08:29 +02:00
Jens Langhammer
7e8044619c
lib: return default IP if none could be extracted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 12:49:44 +02:00
Jens Langhammer
66a04aeec5
api: add can_geo_ip capability
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 01:02:03 +02:00
Jens Langhammer
73338bdf32
core: add geo_ip to authenticated sessions if enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 01:01:20 +02:00
Jens Langhammer
059da74d1c
core: add current attribute to authenticated_session API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:31:41 +02:00
Jens Langhammer
45b8b1e198
core: delete AuthenticatedSession on logout
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:27:33 +02:00
Jens Langhammer
133fc38c05
core: initial authenticated sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-30 00:15:16 +02:00
Jens Langhammer
f51ab7a878
policies/reputation: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 23:46:13 +02:00
Jens Langhammer
31ad09c391
stages/identification: add signal which is sent upon identification failure
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:58:32 +02:00
Jens Langhammer
05b3c4ddb3
policies/reputation: save username instead of user object
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 22:49:58 +02:00
Jens Langhammer
a4c28a28b4
website/docs: improve docs for expressions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 21:47:35 +02:00
Jens Langhammer
a1203cf4b2
flows: fix ToDefaultFlow not using tenants
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 20:32:42 +02:00
Jens Langhammer
8427fb87f6
tenants: add tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:47:55 +02:00
Jens Langhammer
e3578eb7ae
Merge branch 'master' into tenant
2021-05-29 19:17:23 +02:00
Jens Langhammer
5990b8d4de
outposts: fix docker container not being stopped correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:16:39 +02:00
Jens Langhammer
3b31b7ce83
core: add http host in log messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:07:54 +02:00
Jens Langhammer
4d9b362dbf
tenants: add migration to add default tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 19:06:35 +02:00
Jens Langhammer
477ff85109
flows: migrate flow_unenrollment to tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:44:02 +02:00
Jens Langhammer
fae8b80ceb
core: fix usage of config on templates
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:31:05 +02:00
Jens Langhammer
df92f01719
flows: remove default-recovery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:30:55 +02:00
Jens Langhammer
9dd6b7d436
flows: remove default-enrollment
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:14:37 +02:00
Jens Langhammer
14f85ec980
tenants: migrate context_processor to tenants
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 18:01:48 +02:00
Jens Langhammer
ff611f21cd
tenants: initial implementation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-29 17:47:25 +02:00
Jens Langhammer
a1b6e09e8a
outposts: set restart-policy on docker container
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-28 17:18:11 +02:00
Jens Langhammer
02b5742228
stages/authenticator_duo: add default setup flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-28 16:47:39 +02:00
Jens Langhammer
523621daa2
core: make application's check_access API return a PolicyResult and accept for_user as superuser
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-26 11:47:23 +02:00
Jens Langhammer
c4453f38a2
stages/identification: make shown sources configurable
...
closes #918
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 16:37:53 +02:00
Jens Langhammer
6f3eb4c068
flows: allow blank on WithUserInfo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 12:53:48 +02:00
Jens Langhammer
58a4b20297
outposts: handle disconnects without outpost better
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 12:06:55 +02:00
Jens Langhammer
6d3e067a2b
stages/user_write: handle integrity error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:46:15 +02:00
Jens Langhammer
6db2bf2a21
api: fix error when authorization header has no spaces
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:40:49 +02:00
Jens Langhammer
6893948fa0
tests/e2e: fix invalid flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 11:18:47 +02:00
Jens Langhammer
6317a8c5d0
Merge branch 'master' into duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Pipfile.lock
2021-05-25 09:58:38 +02:00
Jens Langhammer
8ecac59eca
stages/prompt: annotate PromptChallengeResponse's additionalProperties
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 22:55:24 +02:00
Jens Langhammer
8183a51b72
stages/authenticator_duo: add missing duo device
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 22:16:29 +02:00
Jens Langhammer
127ebed5c6
flows: fix mismatched names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 21:09:18 +02:00
Jens Langhammer
716923e17a
web/flows: update types
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 20:59:44 +02:00
Jens Langhammer
c6bb6709fd
flows: add default challenge response
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 20:27:50 +02:00
Jens Langhammer
fb4e0723ee
stages: fix stage unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 17:12:48 +02:00
Jens Langhammer
763c3fcfe0
outposts/ldap: fix client usage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 15:58:59 +02:00
Jens Langhammer
1b346866da
Merge branch 'master' into duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Pipfile.lock
2021-05-24 14:54:24 +02:00
Jens Langhammer
6f6ae7831e
flows: make use of oneOf OpenAPI to annotate all challenge types
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 14:11:23 +02:00
Jens Langhammer
3b41c662ed
stages/authenticator_validate: add Duo support
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 22:31:12 +02:00
Jens Langhammer
65522186f1
stages/authenticator_duo: improve setup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 21:44:52 +02:00
Jens Langhammer
9f5a3c396d
stages/authenticator_duo: initial duo stage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 21:10:39 +02:00
Jens L
53e2b2c784
Prometheus metrics ( #914 )
...
* admin: add worker metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* admin: add version metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* events: add gauge for system tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: add gauge for last hello and connection status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: re-add prometheus metrics to database
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: allow access to metrics without credentials when debug is on
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: add UpdatingGauge to auto-set value on load
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add metrics for cache and building
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* policies: add metrics for policy engine
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* events: add histogram for task durations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* events: revert to gauge because values are updated on export view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add gauge to count all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* events: add metrics for events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 20:29:34 +02:00
Jens Langhammer
a5cd9fa141
outposts: improve logging for docker controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-23 19:27:24 +02:00
Jens Langhammer
0768b201a7
Merge branch 'version-2021.5'
2021-05-22 20:47:48 +02:00
Jens Langhammer
2d5c45543b
release: 2021.5.4
2021-05-22 20:15:23 +02:00
Jens Langhammer
9b57f0b81d
Merge branch 'version-2021.5' into next
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/en.po
# web/src/locales/pseudo-LOCALE.po
2021-05-22 20:01:16 +02:00
Jens Langhammer
2c816e6162
providers/proxy: don't use https to communicate with outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-22 18:56:38 +02:00
Jens Langhammer
bb89b9b572
Merge branch 'version-2021.5' into next
2021-05-21 23:50:43 +02:00
Jens Langhammer
6600da7d98
providers/oauth2: add missing kid header to JWT Tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 23:40:00 +02:00
Jens Langhammer
1a0f72d0a8
Merge branch 'version-2021.5' into next
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/stages/authenticator_static/api.py
# swagger.yaml
2021-05-21 21:33:18 +02:00
Jens Langhammer
a265dd54cc
stages/authenticator_*: fix Permission Error when disabling Authenticator as non-superuser
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 21:25:03 +02:00
Jens Langhammer
a603f42cc0
api: add OwnerFilter
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 20:46:59 +02:00
Jens Langhammer
d9a788aac8
api: rename auth to authentication, add authorization for rest_framework permission class
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 20:14:03 +02:00
Jens Langhammer
7c6185b581
api: fix URL names for admin Authenticator Views
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:53:40 +02:00
Jens Langhammer
41a1305555
policies: improve debug logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:47 +02:00
Jens Langhammer
75f252b530
flows: rename oob to oobe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:42 +02:00
Jens Langhammer
c526e5fb9a
policies: improve debug logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 19:10:15 +02:00
Jens Langhammer
b826eb264e
flows: rename oob to oobe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-21 12:06:39 +02:00
Jens Langhammer
7666c246c3
Merge branch 'version-2021.5'
2021-05-20 20:46:18 +02:00
Jens Langhammer
bf4cbb25fe
release: 2021.5.3
2021-05-20 20:17:39 +02:00
Jens Langhammer
a925418f60
lib: don't send ImproperlyConfigured to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:18:35 +02:00
Jens Langhammer
71d112bdcf
sources/plex: remove default for plex_token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:13:54 +02:00
Jens Langhammer
d2c06c40ea
sources/plex: remove default for plex_token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 19:09:51 +02:00
Jens Langhammer
590c7f4c9d
outposts: fix error on outpost disconnect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 18:07:27 +02:00
Jens Langhammer
9a48c2fd9a
outposts: fix error on outpost disconnect
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 18:07:07 +02:00
Jens Langhammer
be5a6c0310
api: add set_*_url method for Application and Flow to set icon/background to URL
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 17:18:40 +02:00
Jens Langhammer
92106ca4bf
api: add capabilities to API, add can_save_media
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 17:00:47 +02:00
Jens Langhammer
56f1204c9b
outposts: fix update signal not being sent to correct instances
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 15:23:38 +02:00
Jens Langhammer
f6f93640c5
outposts: fix update signal not being sent to correct instances
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 15:23:18 +02:00
Jens Langhammer
92f2a82c03
providers/oauth2: fix double login required when prompt=login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 01:10:08 +02:00
Jens Langhammer
dcf074650e
providers/proxy: fix redirect_uris not always being set on save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-20 01:10:04 +02:00
Jens Langhammer
acf1ad91d9
providers/oauth2: fix double login required when prompt=login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-19 23:34:27 +02:00
Jens Langhammer
a74419214c
providers/proxy: fix redirect_uris not always being set on save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-19 23:10:00 +02:00
Jens Langhammer
bc6aef7af2
lib: improve sentry integration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-18 11:29:36 +02:00
Jens Langhammer
788ea46d8c
flows: fix formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-18 09:23:22 +02:00
Jens Langhammer
06dee5d5d8
flows: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-17 23:38:31 +02:00
Jens Langhammer
3cf0f07baf
*: fix API Schema for file uploads
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-17 23:12:52 +02:00
Jens Langhammer
f016095891
Merge branch 'master' into openapi-v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# Pipfile.lock
2021-05-17 20:37:18 +02:00
Jens Langhammer
5a465fbc36
release: 2021.5.2
2021-05-17 19:54:10 +02:00
Jens Langhammer
7f4bd27b85
Merge branch 'master' into openapi-v3
2021-05-16 23:51:45 +02:00
Jens Langhammer
b66626f9c4
ci: generate secert_key for CI runs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 23:46:23 +02:00
Jens Langhammer
f9ce41229d
api: fix unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:36:26 +02:00
Jens Langhammer
ae6a406b1d
Merge branch 'master' into openapi-v3
2021-05-16 22:29:39 +02:00
Jens Langhammer
45c1a603e7
root: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:29:28 +02:00
Jens Langhammer
330219e76f
Merge branch 'master' into openapi-v3
2021-05-16 22:26:07 +02:00
Jens Langhammer
583271d5ed
root: only load debug secret key when debug is enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:25:55 +02:00
Jens Langhammer
0db17b9729
root: remove yasg
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 22:18:04 +02:00
Jens Langhammer
9f9ee66cc4
api: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 21:57:04 +02:00
Jens Langhammer
ab2bd622a8
Merge branch 'master' into openapi-v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# outpost/pkg/ak/api.go
# outpost/pkg/ak/global.go
# outpost/pkg/ldap/instance_bind.go
2021-05-16 21:36:24 +02:00
Tom Pansino
8d2a3b67b9
lib: Fix config loading of secrets from files ( #887 )
2021-05-16 21:10:31 +02:00
Jens Langhammer
8b6292b3de
api: don't overwrite 400 and 403
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 20:54:58 +02:00
Jens Langhammer
cbed5a6522
api: fix missing error definitions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 19:53:04 +02:00
Jens Langhammer
589f806b7c
flows: fix schema for flow executor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 19:13:31 +02:00
Jens Langhammer
07dc648470
web: fix mixed Static/TOTP pages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:59:33 +02:00
Jens Langhammer
41f6d3b6e7
stages/authenticator_static: add serializer for tokens
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:55:47 +02:00
Jens Langhammer
d0f1daf025
admin: make tasks's retry api not ask for a body
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:43:47 +02:00
Jens Langhammer
d38fd603dd
web: fix more special API Calls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:41:02 +02:00
Jens Langhammer
ba5374f6e1
web: mass update API calls
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:24:15 +02:00
Jens Langhammer
7152d7ee01
outposts: fix schema for outposts health
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:10:11 +02:00
Jens Langhammer
ab07113530
admin: migrate WorkerViewSet to APIView
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:06:46 +02:00
Jens Langhammer
a7d7b46747
admin: migrate version view to APIView
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 18:00:02 +02:00
Jens Langhammer
9a44088d2b
admin: migrate metrics viewset to APIView
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:49:37 +02:00
Jens Langhammer
b351ae12c5
api: make config viewset single view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:44:19 +02:00
Jens Langhammer
759bf59780
core: make filefields readonly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:34:55 +02:00
Jens Langhammer
10cb60f48e
api: fix pagination not being required in schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 17:32:13 +02:00
Jens Langhammer
ef9f08553c
*: linting pass, rename from swagger to schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 15:22:57 +02:00
Jens Langhammer
4fb71a6bdd
api: fix pagination schema
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 15:08:51 +02:00
Jens Langhammer
cac1f242dc
*: replace swagger with openapi
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 14:23:05 +02:00
Jens Langhammer
0bac738090
*: fix static response descriptions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-16 14:07:29 +02:00
Jens Langhammer
1324d03815
*: initial migration to openapi v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 23:57:28 +02:00
Jens Langhammer
c55f2ad10a
root: set additional sentry tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 19:53:43 +02:00
Jens Langhammer
a30b32fbbf
outposts: fix missing default for OutpostState.for_channel
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:46:53 +02:00
Jens Langhammer
1745306cc6
outposts: fix error when controller loads from cache but cache has expired
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:45:33 +02:00
Jens Langhammer
8925787a13
flows: fix error when using cancel flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 17:42:37 +02:00
Jens Langhammer
968b7ec17a
lib: fix parsing of remote IP header when behind multiple reverse proxies
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 15:08:53 +02:00
Jens Langhammer
6600d5bf69
providers/oauth2: use user.uid
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 14:08:49 +02:00
Jens Langhammer
a4278833d8
providers/proxy: fix ingress not being created with full https
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-15 13:45:41 +02:00
Jens Langhammer
942905b9b1
providers/proxy: fix formatting issue
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 16:24:35 +02:00
Jens Langhammer
8d7bb7da17
providers/proxy: connect ingress to https instead of http
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#882
2021-05-14 11:42:03 +02:00
Jens Langhammer
9939db13c3
outposts: fix reload notification not working due to wrong ID being saved
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 11:13:04 +02:00
Jens Langhammer
465750276c
core: fix application's slug field not being set to unique
...
closes #881
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 10:49:42 +02:00
Jens Langhammer
0b7ebf0e07
release: 2021.5.1
2021-05-13 20:50:31 +02:00
Jens Langhammer
709581f5a8
root: use ghcr images by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 20:15:29 +02:00
Jens Langhammer
1df8790050
stages/authenticator_static: fix error when listing devices
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 18:09:55 +02:00
Jens Langhammer
3c23ad340f
web/admin: improve diagram api for flows
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 18:01:40 +02:00
Jens Langhammer
f9f2e00913
core: improve error handling for backups
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 17:56:49 +02:00
Jens Langhammer
8f99891a9d
release: 2021.5.1-rc10
2021-05-12 21:25:18 +02:00
Jens Langhammer
97a3c2d88b
release: 2021.5.1-rc9
2021-05-12 20:50:29 +02:00
Jens Langhammer
e91ff4566d
Merge branch 'next' into version-2021.5
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# outpost/pkg/version.go
2021-05-12 20:49:58 +02:00
Jens Langhammer
a3fccbdaff
outposts: add build_hash for docker image
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 20:36:18 +02:00
Jens Langhammer
bdf9f26d07
outposts: compare build hash in outdated check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 19:05:29 +02:00
Jens Langhammer
9a0aa4c79b
outposts/ldap: add infinite loop prevention
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 18:31:44 +02:00
Jens Langhammer
52cf4890cf
root: remove servername from backup files
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 17:53:23 +02:00
Jens Langhammer
8e5d03cb86
outposts: remove legacy API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 16:41:54 +02:00
Jens Langhammer
2190fa555b
events/api: fix error when updating transports
...
closes #866
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 16:41:30 +02:00
Jens Langhammer
3665e2fefa
release: 2021.5.1-rc8
2021-05-12 14:52:34 +02:00
Jens Langhammer
3dbe35cf9e
stages/invitation: fix wrong serializer used for user model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# swagger.yaml
2021-05-12 14:22:16 +02:00
Jens Langhammer
c7f0ea8a4b
root: update dbbackup to git version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 01:20:31 +02:00
Jens Langhammer
0620324702
root: bump version of psf black
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-12 00:42:46 +02:00
Jens Langhammer
5a0e78c698
outposts: fix issue with duplicate outpost health
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 21:46:30 +02:00
Jens Langhammer
84dfbcaaae
providers/api: return redirect_uris for proxy provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 20:02:17 +02:00
Jens Langhammer
e649e9fb03
core: don't use self.get_object for application permission check to prevent 404 when view permission is missing
...
closes #864
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 17:35:11 +02:00
Jens Langhammer
266ef66a6f
Merge branch 'master' into next
2021-05-11 14:57:52 +02:00
Andreas Egli
842fdb0b0c
fixed session durations of more than 1 day ( #863 )
2021-05-11 14:57:33 +02:00
Jens L
36f7cad23b
Merge pull request #862 from goauthentik/form-refresh-on-save
...
Form refresh on save
2021-05-11 14:23:32 +02:00
Jens Langhammer
24f2932777
crypto: add ?download flag
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#861
2021-05-11 14:21:35 +02:00
Jens Langhammer
124ce80694
sources/plex: make plex_token readable from API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:32:28 +02:00
Jens Langhammer
4e2443d60b
flows: make cancel link always logout user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:13:05 +02:00
Jens Langhammer
17b65adcc5
lib: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 13:07:47 +02:00
Jens Langhammer
96ea7ae09c
root: allow configuration of s3 backup location
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 02:10:00 +02:00
Jens Langhammer
172bfceb31
root: fix db backup failing when password has special chars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 02:01:22 +02:00
Jens Langhammer
932b19999e
providers/proxy: missing @property for noop
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 01:26:01 +02:00
Jens Langhammer
788fd00390
outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-11 00:27:29 +02:00
Jens Langhammer
a293a14f2a
outposts: re-add _config for backwards compat
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 22:28:46 +02:00
Jens Langhammer
51e3453dca
admin: fix linting in api tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 20:14:21 +02:00
Jens Langhammer
6f58fdf158
api: add more tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:51:29 +02:00
Jens Langhammer
219b8d1a57
outposts: allow individual components of managed outposts to be disabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:27:48 +02:00
Jens Langhammer
c7d4e69669
root: make database port configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:25:15 +02:00
Jens Langhammer
cd629dfbaa
outposts: improve API validation for config attribute, ensure all required attributes are set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:24:42 +02:00
Jens Langhammer
3d0a853449
Merge branch 'version-2021.5' into next
2021-05-10 18:07:39 +02:00
Jens Langhammer
c2f8ff55cf
outposts: fix outpost delete hanging thread, run cleanup in async task with info from cache with ability to retry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 17:11:31 +02:00
Jens Langhammer
80fae44f47
release: 2021.5.1-rc7
2021-05-10 12:13:10 +02:00
Jens Langhammer
73eb97ca6e
release: 2021.5.1-rc6
2021-05-10 11:44:23 +02:00
Jens Langhammer
ebe90d8886
Merge branch 'next' into version-2021.5
2021-05-10 11:43:50 +02:00
Jens Langhammer
a1a1b113b1
release: 2021.5.1-rc5
2021-05-10 11:34:00 +02:00
Jens Langhammer
1fb3642701
sources/oauth: fix google tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:27:37 +02:00
Jens Langhammer
847d97b813
sources/oauth: fix google tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:27:20 +02:00
Jens Langhammer
1f1d322958
*: fix api results when non-superuser
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 00:01:35 +02:00
Jens Langhammer
e4841ce1a4
Merge branch 'version-2021.5' into next
2021-05-09 23:41:23 +02:00
Jens Langhammer
e33a5528f7
core: catch IntegrityError in flow_manager and deny request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 23:31:39 +02:00
Jens Langhammer
b7d828702d
sources/oauth: don't set username on google source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 22:56:44 +02:00
Jens Langhammer
f7fd31cc84
release: 2021.5.1-rc4
2021-05-09 21:43:38 +02:00
Jens Langhammer
04aae8f584
sources/oauth: make secret write_only
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 21:40:25 +02:00
Jens Langhammer
bbca90c93a
Merge branch 'next' into version-2021.5
2021-05-09 20:57:23 +02:00
Jens Langhammer
dda1d4e0fb
core: add more logs to flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:27:37 +02:00
Jens Langhammer
f072c600cc
lifecycle: use URl for redis on startup to prevent errors with no paswords
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:13:58 +02:00
Jens Langhammer
92537a6c8d
Merge branch 'next' into version-2021.5
2021-05-09 18:46:26 +02:00
Jens Langhammer
72836ecd9d
outposts: default to currently running namespace if possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 18:44:32 +02:00
Jens Langhammer
251a97c77e
Merge branch 'next' into version-2021.5
2021-05-09 18:13:52 +02:00
Jens Langhammer
7f7046f0e4
outposts: lowercase k8s object names
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 18:13:21 +02:00
Jens Langhammer
cd3f02fd3b
release: 2021.5.1-rc3
2021-05-09 17:25:48 +02:00
Jens Langhammer
d3feab9463
release: 2021.5.1-rc2
2021-05-09 16:43:36 +02:00
Jens Langhammer
70c25692eb
release: 2021.5.1-rc1
2021-05-09 16:07:50 +02:00
Jens Langhammer
a6a8eddf7c
providers/proxy: create ingress for forward_auth /akprox path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 12:40:44 +02:00
Jens Langhammer
8c0a87b710
outposts: improve logging for outpost controller
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 12:34:44 +02:00
Jens Langhammer
5cad59a9f8
providers/proxy: fix being able to set empty internal_host
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 00:07:34 +02:00
Jens Langhammer
5ac6a6910e
outposts: check if traefik CRD exists before attempting to delete
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 21:59:13 +02:00
Jens Langhammer
d751a7fc4c
lib: add user attribute "goauthentik.io/user/override-ips" to allow overriding of client ips
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 21:42:31 +02:00
Jens Langhammer
1b87375661
lib: add default to config from file://
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 17:13:13 +02:00
Jens Langhammer
6868b7722c
outposts: delete old outpost deployment when name or namespace is changed
...
closes #845
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 16:11:38 +02:00
Jens Langhammer
7a1935b4e2
outposts: fix error on k8s when name has spaces
...
closes #846
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-08 14:09:21 +02:00
Jens Langhammer
5e7521915a
stages/password: fix configure_flow not being set on initial setup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 14:08:43 +02:00
Jens Langhammer
9fc072e4df
outposts: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:56:44 +02:00
Jens Langhammer
55ea9afeec
core: fix dark mode on server-side rendered pages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:53:53 +02:00
Jens Langhammer
9485f0b8cc
outpost/ldap: make users and groups OU instead of CN
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 11:46:26 +02:00
Jens Langhammer
e6dfa8294e
providers/proxy: use name.namespace for middleware service
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 10:07:30 +02:00
Jens Langhammer
e5a5a5c603
outposts: fix k8s controller not handing Disabled() in static deployment
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 09:52:43 +02:00
Jens Langhammer
ea7f9f291f
outposts: create traefikmiddleware if forwardAuth is enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-07 00:01:35 +02:00
Jens Langhammer
241d790e69
stages/user_write: if any connection is being sent in the plan context, save it to the user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 22:10:20 +02:00
Jens Langhammer
83e08f12ae
core: fix arguments not being passed in FlowManager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 22:07:48 +02:00
Jens Langhammer
6526659b51
sources/plex: allow auth for owner (when identifier of source plex token matches)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 21:50:15 +02:00
Jens Langhammer
6c3b7c8d3e
events: handle error when notifications are triggered and no users exist
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:13:04 +02:00
Jens Langhammer
d51ecc4554
sources/saml: handle internal error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:10:56 +02:00
Jens Langhammer
ef63e35ad2
outposts: improve messaging from controller on k8s
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 20:07:29 +02:00
Jens Langhammer
4e9176ed2e
outposts: support different port on container vs exposed port
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:59:49 +02:00
Jens Langhammer
d1296e9cc7
outposts: fix deployments referencing the wrong secret
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:51:14 +02:00
Jens Langhammer
d85e0593f1
core: set attributes on users which are enrolled via source
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 19:35:05 +02:00
Jens Langhammer
b3a3852a54
core: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:58:58 +02:00
Jens Langhammer
49bf82a0a4
core: add user filter by superuser status
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:44:42 +02:00
Jens Langhammer
73b87a5e3d
events: fix error in API when specifying max_n
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-06 13:15:54 +02:00
Jens Langhammer
ac9cac302c
outposts: fix outpost state showing last time without version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:49:13 +02:00
Jens Langhammer
701c140cfd
providers/proxy: fix logic error for ingress lookup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:28:13 +02:00
Jens Langhammer
fa2ff5fc2b
sources/plex: save user's plex token, add option to allow friends
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 19:37:59 +02:00
Jens Langhammer
d5cab5d580
sources/plex: fix default for client_id
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 19:23:51 +02:00
Jens Langhammer
be8b2bf6f6
providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 17:53:12 +02:00
Jens Langhammer
b266a2cdfb
outposts: make k8s service type configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 15:37:56 +02:00
Jens Langhammer
9a15a66d85
outposts: make k8s object naming configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 15:36:27 +02:00
Jens Langhammer
446f104c90
core: add user UID to API
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 11:54:28 +02:00
Jens Langhammer
86c2a5d69d
lib: handle errors when reading config from file://
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 01:03:00 +02:00
Jens Langhammer
1a02049104
core: show users and groups when user has overall user permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 01:02:47 +02:00
Jens Langhammer
32934fcd38
outpost/ldap: check access based on Group Membership
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 00:03:19 +02:00
Jens Langhammer
d84d7c26ca
Merge branch 'master' into outpost-ldap
2021-05-04 23:34:31 +02:00
Jens Langhammer
2f6e6a3123
core: improve messaging when flow manager denied request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 23:30:21 +02:00
Jens Langhammer
ba57bf4fa2
lib: add support for file:// protocol in config file
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 22:53:59 +02:00
Jens Langhammer
e674f03064
*/api: fix lookups per user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 21:58:20 +02:00
Jens Langhammer
08451c15f4
outposts/ldap: save user DN to determine who can search
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 21:49:15 +02:00
Jens Langhammer
99d161e212
Merge branch 'master' into outpost-ldap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/core/api/users.py
# authentik/policies/event_matcher/migrations/0013_alter_eventmatcherpolicy_app.py
2021-05-04 21:02:20 +02:00
Jens Langhammer
4acbda2b77
core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:49:27 +02:00
Jens Langhammer
83cfb5f8c2
stages/email: improve error handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:30:23 +02:00
Jens Langhammer
0d370ef0a9
web/admin: filter out service accounts by default
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 18:23:13 +02:00
Jens Langhammer
42f9ba8efe
gproxy: load default config file for debug and listen statements
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 14:10:34 +02:00
Jens Langhammer
812be495a5
Merge branch 'master' into go-proxy
2021-05-03 22:53:33 +02:00
Jens Langhammer
dbc3df1f63
events: handle error when notification rule doesn't exist during task
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 22:52:39 +02:00
Jens Langhammer
d330e9ee7f
web/flows: fix rendering for plex login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 22:08:25 +02:00
Jens Langhammer
be21a5d172
sources/plex: add general tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 21:55:55 +02:00
Jens Langhammer
6fc38436f4
sources/plex: set better defaults on model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 21:23:13 +02:00
Jens Langhammer
35faf269db
sources: rewrite onboarding
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 20:27:52 +02:00
Jens Langhammer
e56c3fc54c
Merge branch 'master' into plex-auth
2021-05-03 18:28:53 +02:00
Jens Langhammer
1041718e27
sources/saml: fix redirect url dropping non-standard ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 14:51:46 +02:00
Jens Langhammer
2507c0eec9
stages/invitation: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 12:44:19 +02:00
Jens Langhammer
4523550422
stages/invitation: add single_use flag to delete invitation after use
...
closes #821
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:52:38 +02:00
Jens Langhammer
988cf15b71
root: initial go proxy, update compose and helm
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:39:09 +02:00
Jens Langhammer
01d29134b9
sources/plex: add API to redeem token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 16:47:20 +02:00
Jens Langhammer
55250e88e5
sources/*: rewrite UILoginButton to return challenge instead
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 16:46:27 +02:00
Jens Langhammer
f1b100c8a5
sources/plex: initial plex source implementation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 14:43:51 +02:00
Jens Langhammer
19708bc67b
core: add additional_data to UILoginButton to pass additional data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 14:43:26 +02:00
Jens Langhammer
c529340d6c
*: fix title not being set correctly for server-side rendered views
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-02 12:22:50 +02:00
Jens Langhammer
c317efa14c
Merge branch 'master' into outpost-ldap
2021-05-01 00:26:55 +02:00
Jens Langhammer
379fcf9c1f
sources/saml: fix error ValueError while decoding XML
...
closes #812
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-01 00:18:57 +02:00
Jens Langhammer
e10a7b48b7
sources/saml: fix Redirect bindings when SSO Url already has query params
...
related to #812
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 23:44:04 +02:00
Jens Langhammer
3e666de91d
outposts: fix formatting of image name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 16:52:28 +02:00
Jens Langhammer
333758d91f
crypto: handle encrypted private keys
...
closes #811
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 15:25:42 +02:00
Jens Langhammer
eb8f52b870
stages/identification: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 10:15:27 +02:00
Jens Langhammer
9ce49c2089
stages/identification: fix unused import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 09:34:33 +02:00
Jens Langhammer
34c45900c2
stages/identification: allow selection of no user fields to only allow login via sources
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-30 01:07:37 +02:00
Jens Langhammer
bf7d110af3
Merge branch 'version-2021.4'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# .github/workflows/release.yml
# helm/README.md
# helm/values.yaml
# website/docs/installation/kubernetes.md
2021-04-29 23:50:52 +02:00
Jens Langhammer
4e5eeacf0a
release: 2021.4.5
2021-04-29 23:03:09 +02:00
Jens Langhammer
b55cb2b40c
Merge branch 'master' into outpost-ldap
2021-04-29 20:13:47 +02:00
Jens Langhammer
25c001f2cd
outposts: allow better configuration of outpost image name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 20:07:53 +02:00
Jens L
2a409215d3
outpost: forwardAuth mode ( #790 )
2021-04-29 18:17:10 +02:00
Jens Langhammer
d1d28722d2
lib: don't send 404 errors to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:27:41 +02:00
Jens Langhammer
35f0e6b88d
lib: don't send 404 errors to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:25:54 +02:00
Jens Langhammer
a6e528d209
core: fix text color of error pages not being white
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:18:28 +02:00
Jens Langhammer
bb2c4423b0
core: fix text color of error pages not being white
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-29 15:17:10 +02:00
Jens Langhammer
2c70301f56
stages/invitation: accept token from prompt_data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:40 +02:00
Jens Langhammer
07b9923bf6
stages/invitation: fix token not being loaded correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:40 +02:00
Jens Langhammer
3dcd67c1a3
outposts: only kill docker container if its running
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-28 22:43:32 +02:00