trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10,733 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

2711 Commits

Author SHA1 Message Date
Jens Langhammer 327df6529b sources/oauth: use oidc preferred_username if set, otherwise nickname 2022-07-19 16:41:10 +00:00
Jens Langhammer 658dc63c4c lifecycle: revert waiting for lock, launch managed reconcile on app import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-19 12:06:57 +02:00
Jens Langhammer 549f6f2077 providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-18 22:20:09 +02:00
Jens L e9d9d658c4
lifecycle: make worker wait for migrations to be done (#3254) 
* lifecycle: make worker wait for migrations to be done

* retry managed reconcile task
 2022-07-15 19:44:45 +02:00
Jens Langhammer 9a9ba2560b core: delete expired models when filtering instead of excluding them 
closes #3233

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-09 13:40:39 +02:00
Jens Langhammer 47434cd62d stages/prompt: try to base64 decode file, fallback to keeping value as-is 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-08 22:45:31 +02:00
Jens Langhammer ff500b44a6 stages/prompt: force required to false when using readonlyfield 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-08 22:38:37 +02:00
Jens Langhammer 8e19fb3a8c release: 2022.7.2 2022-07-06 20:31:48 +02:00
Jens Langhammer d497db3010 flows: fix OOB flow incorrectly setting pending user 
closes #3224

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-06 09:51:20 +02:00
Jens Langhammer 24f95fdeaa tenants: fix tests for current tenant 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-05 23:47:49 +02:00
Jens Langhammer d1c4818724 policies: improve api test coverage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-05 23:20:48 +02:00
Jens L 49cce6a968
stages/prompt: add basic file field (#3156) 
add basic file field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-05 23:09:41 +02:00
Jens Langhammer 0a73e7ac9f tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-05 23:04:25 +02:00
Jens Langhammer 3344af72c2 outposts: cleanup user handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-05 22:41:19 +02:00
Jens Langhammer f316a3000b release: 2022.7.1 2022-07-04 21:10:20 +02:00
Jens Langhammer 6a497b32f6 core: use Exception for fallback case in flow_manager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-04 20:05:03 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-03 22:03:03 +02:00
Jens Langhammer 14a4047bdd flows: show messages from ak_message when flow is denied 
fallback to same generic message

closes #3197

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-03 21:36:13 +02:00
Jens L 17d33f4b19
flows: denied action (#3194) 2022-07-02 17:37:57 +02:00
Jens L c39a5933e1
core: create FlowToken instead of regular token for generated recovery links (#3193) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2749
 2022-07-02 14:17:41 +02:00
Jens L 5e3f44dd87
flows: add shortcut to redirect current flow (#3192) 2022-07-01 23:19:41 +02:00
Jens Langhammer 1c64616ebd sources/ldap: add configuration for LDAP Source ciphers 
closes #3110

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 19:53:49 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes 
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 19:45:26 +02:00
Jens Langhammer d11ce0a86e providers/proxy: set default scopes based on managed attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 18:26:49 +02:00
Jens Langhammer 766ceda57a core: re-create anonymous user when repairing permissions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 17:20:06 +02:00
Jens Langhammer e758c434ea web: ignore module load errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 16:49:37 +02:00
Jens Langhammer 90e3ae9457 *: define prometheus metrics in apps to prevent re-import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-07-01 16:49:24 +02:00
Jens Langhammer 56fd436e5d web: fix redirect when accessing authentik URLs authenticated 
closes #3174

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-30 23:04:39 +02:00
Jens Langhammer ea60c389be providers/saml: include SSO Binding URLs in Provider API 
closes #3179

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-30 22:18:21 +02:00
Jens Langhammer 983882f5a0 providers/oauth2: ensure refresh tokens are URL safe 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
 2022-06-30 12:43:08 +02:00
Jens L c5a2831665
api: add basic jwt support with required scope (#2624) 
* api: add basic jwt support with required scope

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: only set auth_via when actually authenticating via token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* save consented permissions in user consent, re-prompt when new permissions are required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate special scope map

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more api auth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* build web api in e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* link generated client instead of copying

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-26 17:51:15 +02:00
Jens L 504338ea66
web/admin: application wizard (part 1) (#2745) 
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove log

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use form for all type wizard pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic wizard actions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make resets work

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add hint in provider wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* render correct icon in empty state in table page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve empty state

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add group PK to service account creation response

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use wizard-level isValid prop

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-add old buttons

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-26 00:46:40 +02:00
Jens Langhammer f28509608b core: mark session as modified instead of saving it directly to bump expiry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-22 08:48:14 +02:00
Jens Langhammer 6c9dc7a15b providers/oauth2: fix OAuth form_post response mode for code response_type 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3113
 2022-06-20 21:52:36 +02:00
Jens Langhammer b6267fdf28 *: add versioned user agent to sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-20 11:54:10 +02:00
Jens Langhammer 1f0fc0a6a2 Merge branch 'version-2022.6' 2022-06-20 10:19:25 +02:00
Jens Langhammer 9201fc1834 release: 2022.6.3 2022-06-19 22:01:06 +02:00
Jens Langhammer 1faba11a57 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
 2022-06-19 21:37:20 +02:00
9p4 f0c72e8536 providers/oauth2: dont lowercase URL for token requests (#3114) 
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
 2022-06-19 21:37:17 +02:00
Jens Langhammer 91f91b08e5 core: fix migrations when creating bootstrap token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:37:14 +02:00
Jens L caed306346 providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:36:19 +02:00
Jens Langhammer 59b899ddff internal: skip tracing for go healthcheck and metrics endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:35:48 +02:00
Jens Langhammer 85784f796c root: ignore healthcheck routes in sentry tracing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:35:46 +02:00
Jens Langhammer b42eb9464f lifecycle: run bootstrap tasks inline when using automated install 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:35:33 +02:00
Jens L 6559fdee15 stages/authenticator_validate: add webauthn tests (#3069) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:35:23 +02:00
Jens Langhammer 3455bf3d27 policies: consolidate log user and application 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:35:04 +02:00
Jens Langhammer 0d96e68c1e core: add limit of 20 to group recursion 
closes #3116

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-19 21:24:57 +02:00
Jens Langhammer 7caac1d0c7 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
 2022-06-18 13:13:36 +02:00
9p4 45364d6553
providers/oauth2: dont lowercase URL for token requests (#3114) 
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
 2022-06-18 13:08:15 +02:00
Jens Langhammer 2298eb124f core: fix migrations when creating bootstrap token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-17 10:10:04 +02:00
Jens Langhammer e892ed14da providers/oauth2: include source's user path in M2M created users 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-15 14:07:28 +02:00
Jens L 1c62a3db6e
core: user paths (#3085) 
* init

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add user_path_template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to sources and flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add outposts & api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dark theme for treeview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add search

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs and tests for validation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to user write stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-15 12:12:26 +02:00
Jens L 6821402fef
providers/oauth2: remove deprecated verification_keys (#3071) 
remove verification_keys

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-11 19:48:07 +02:00
Jens L 8dbb0bd2c6
providers/oauth2: token revoke (#3077) 2022-06-11 18:49:16 +02:00
Jens L 0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-10 23:32:57 +02:00
Jens Langhammer bdf76bb4b7 internal: skip tracing for go healthcheck and metrics endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-10 22:21:11 +02:00
Jens Langhammer 74ce9cc6fd root: ignore healthcheck routes in sentry tracing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-10 20:10:27 +02:00
Jens Langhammer 5e2d647a6c core: trigger bootstrap tasks in server if we're debugging 
closes #3040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-09 20:21:31 +02:00
Jens Langhammer 7beebe030d lifecycle: run bootstrap tasks inline when using automated install 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-09 20:09:55 +02:00
Jens L 66f4a31b4c
stages/authenticator_validate: add webauthn tests (#3069) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-08 20:50:48 +02:00
Jens Langhammer 039d896dee policies: consolidate log user and application 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-07 22:26:01 +02:00
Jens Langhammer ff2baf502b release: 2022.6.2 2022-06-07 21:36:18 +02:00
Jens Langhammer 23023ec727 providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-07 20:17:06 +02:00
Jens Langhammer 7d84a71a01 stages/authenticator_validate: fix double-negation of password-less check 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-07 09:52:10 +02:00
Jens Langhammer 9add8479ca stages/authenticator_validate: fix error in passwordless webauthn 
closes #3050

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-06 13:50:11 +02:00
Jens Langhammer ca40d31dac *: make user logging more consistent 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-05 18:50:44 +02:00
Frédérick Permantier 2dfa6c2c82
core: add setting to open application launch URL in a new browser tab (#3037) 
* core: add setting to open application launch URL in a new browser tab

* core: fix failing applications unit tests

* core: fix formatting

* core: include models only generated when debug mode is enabled
 2022-06-05 14:32:22 +02:00
Jens Langhammer c11435780d sources/oauth: fix twitter client missing basic auth 
closes #3038

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-05 14:21:32 +02:00
Jens Langhammer 817d538b8f core: add additional filters to source viewset 
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-05 00:56:46 +02:00
Jens Langhammer 210775776f core: add slug to built-in source 
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-05 00:50:10 +02:00
Jens Langhammer b26111fb42 events: fix error when attempting to create event with GeoIP City in context 
closes #2709

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-05 00:16:07 +02:00
Jens Langhammer 67d54c5209 release: 2022.6.1 2022-06-04 21:23:33 +02:00
Jens L fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context (#3039) 
* use custom login failed signal, also send for mfa errors, add stage and more to context

closes #3027

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include device class in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-04 15:30:56 +02:00
Jens L 36cbc44ed6
migrate to main (#3035) 
closes #3032

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 19:40:09 +02:00
Jens L 0c591a50e3
*: don't dispatch tasks on startup of server (#3033) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 18:29:24 +02:00
Jens L 7ee655a318
core: add bootstrap variables with authentik prefix for helm charts (#3031) 
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-03 15:22:56 +02:00
Jens Langhammer eba339ba27 core: improve loading speed of flow background 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-02 14:20:23 +02:00
Jens Langhammer 558c7bba2a lib: add lxml wrapper 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-02 13:25:24 +02:00
Jens Langhammer 8cd1a42fb9 *: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-02 11:50:10 +02:00
Jens L c0cb891078
stages/authenticator_sms: verify-only (#3011) 2022-06-01 23:16:28 +02:00
Jens L fc1c1a849a
stages/*: use bound logger (#3012) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-06-01 23:01:58 +02:00
Jens L 2c6d82593e
root: cleanup session keys to use common format (#3003) 
cleanup session keys to use common format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-31 21:53:23 +02:00
Jens Langhammer 34bcc2df1a root: disable session_save_every_request as it overwrites the session with old data 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2991
 2022-05-31 20:46:27 +02:00
Jens Langhammer b4d528a789 policies: fix incorrect bound_to count 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-31 10:16:09 +02:00
Jens Langhammer a0397fdcf4 events: set default transport mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-30 21:32:48 +02:00
Jens L 8faa1bf865
events: add local transport mode (#2992) 
* events: add local transport mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default local transport

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-30 20:55:05 +02:00
Jens Langhammer fc75867218 events: ignore session model 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-30 20:23:07 +02:00
Jens L 3eb466ff4b
lifecycle: cleanup prometheus (#2972) 
* remove high cardinality labels

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* retry worker number for prometheus multiprocess id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert to pid, use subdirectories

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing app label

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: remove static names

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-29 21:45:25 +02:00
Jens L 9f2529c886
stages/authentiactor_validate: cookies (#2978) 
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-29 19:47:34 +02:00
Jens L fb25b28976
core: db sessions (#2979) 
* use db session backend

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: wrap session cookie in JWT and add useful claims

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix compatibility with tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use standard session key for writing in sessions too

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-29 18:58:54 +02:00
Jens Langhammer fb69f67f47 *: cleanup vendor 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-28 21:26:33 +02:00
Jens Langhammer 18b48684eb providers/oauth2: add configuration error event when wrong redirect uri is used in token request 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-28 21:15:58 +02:00
Jens Langhammer 098b0aef6e *: use create_test_admin_user for all unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-28 21:13:16 +02:00
Jens Langhammer 082df0ec51 Merge branch 'version-2022.5' 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/oauth2/views/token.py
#	web/src/locales/zh-Hans.po
 2022-05-28 13:19:58 +02:00
Jens Langhammer 1883402b3d release: 2022.5.3 2022-05-28 12:04:26 +02:00
Jens Langhammer 1b3aacfa1d providers/oauth2: add migration from "*" to ".*" 
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-27 21:43:51 +02:00
Jens Langhammer 2b68363452 providers/oauth2: add migration from "*" to ".*" 
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-27 10:23:13 +02:00
Jens Langhammer 6105956847 providers/oauth2: regex-escape URLs when set to blank 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 22:17:34 +02:00
Jens Langhammer 4ff32af343 flows: fix flakiness in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 22:17:03 +02:00
Jens Langhammer 972868c15c providers/oauth2: only set expiry on user when it was freshly created 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 22:16:55 +02:00
Jens Langhammer 0bc57f571b api: update API browser to match admin UI and auto-switch theme 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 22:16:34 +02:00
Jens Langhammer a81d5a3d41 providers/oauth2: regex-escape URLs when set to blank 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 12:52:56 +02:00
Jens Langhammer 34ef4af799 flows: fix flakiness in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-26 09:53:40 +02:00
Jens Langhammer 5da47b69dd providers/oauth2: only set expiry on user when it was freshly created 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-25 23:02:33 +02:00
Jens Langhammer 0e0dd2437b providers/oauth2: handle attribute errors when validation JWK contains private key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-25 22:23:05 +02:00
Jens Langhammer e42386b150 api: update API browser to match admin UI and auto-switch theme 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-25 20:09:29 +02:00
Jens Langhammer ef219198d4 flows: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-25 00:05:04 +02:00
Jens Langhammer cc744dc581 flows: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-25 00:04:58 +02:00
Jens Langhammer 816b0c7d83 flows: fix re-imports of entries with identical PK re-creating objects 
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 23:35:06 +02:00
Jens Langhammer 56babb2649 flows: fix re-imports of entries with identical PK re-creating objects 
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 23:32:08 +02:00
Jens L b8fdda50ec ensure all viewsets have filter and search and add tests (#2946) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 22:13:59 +02:00
Jens Langhammer 4a9b788703 providers/oauth2: set related_name for many-to-many so used by detects the connection 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 22:12:35 +02:00
Jens L 80c1dbdfbb
ensure all viewsets have filter and search and add tests (#2946) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 22:01:18 +02:00
Jens L b4e75218f5
sources/oauth: OIDC well-known and JWKS (#2936) 
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 21:02:50 +02:00
Jens Langhammer 482491e93c core: fix username validator not allowing changes that can be done via flows 
closes #2755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-24 19:40:54 +02:00
Jens Langhammer 61a876b582 providers/saml: handle parse error 
AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 22:03:12 +02:00
Jens Langhammer 8c9748e4a0 providers/oauth2: improve error handling for invalid regular expressions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 20:47:36 +02:00
Jens Langhammer b7979ad48e Revert "events: ignore silk SQLQuery object" 
This reverts commit a26f25ccd6.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 20:29:05 +02:00
Jens Langhammer 4704de937a stages/user_write: fix typo in request context variable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 20:18:37 +02:00
Jens Langhammer 394d8e99a4 policies: improve error logging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 20:18:00 +02:00
Jens Langhammer a26f25ccd6 events: ignore silk SQLQuery object 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-23 20:17:52 +02:00
Jens Langhammer 63dc8fe7dc crypto: set SAN in default generated Certificate to semi-random domain 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
 2022-05-22 23:22:06 +02:00
Jens Langhammer cfe2648b62 events: fix transport not allowing blank values 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-22 19:32:58 +02:00
Jens Langhammer 3d4a45c93f release: 2022.5.2 2022-05-21 17:17:21 +02:00
Jens Langhammer 75d6cd1674 outposts: ensure the user and token are created on initial outpost save 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-21 15:55:19 +02:00
Jens L 2dee8034d3
outposts: allow externally managed SSH Config for outposts (#2917) 2022-05-21 12:10:08 +02:00
Jens Langhammer 220d21c3e0 release: 2022.5.1 2022-05-20 19:34:45 +02:00
Jens L b43df2ae27
stages/identification: redirect with QS to keep next parameters (#2909) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-20 16:10:10 +02:00
Jens L d570feffac
flows: add types to diagrams (#2902) 
* add policy and stage types to diagram

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show policies bound to the root flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix get_build_hash being empty

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:50:28 +02:00
Jens Langhammer 3d52266773 flows: handle missing `initial_data` in challenge 
AUTHENTIK-1HK

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:31:28 +02:00
Jens L 7bdecd2ee6
stages/user_write: dynamic groups (#2901) 
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-19 20:28:16 +02:00
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
 2022-05-18 21:22:27 +02:00
Jens L 75b0fb3393
sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
Jens Langhammer 538c2ca4d3 stages/authenticator_*: directly save devices into db instead of session to prevent race conditions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-17 10:02:30 +02:00
Jens Langhammer 5080840ed9 admin: ensure disable_update_check is set to false for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-17 10:00:26 +02:00
Jens L 333e58ce2f
flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
Jens Langhammer 4de2ac3248 events: add task to expire seen notifications 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 22:41:50 +02:00
Jens Langhammer eb4dce91c3 events: add user filter to notifications 
as superuser all notifications are returned regardless of permission so we need to filter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 22:31:13 +02:00
Jens Langhammer d4fd6153c8 api: fix OwnerFilter filtering out objects for superusers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 21:36:00 +02:00
Jens Langhammer 85b6bfbe5f sources: fix parent serializer for user connections 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 21:26:02 +02:00
Jens Langhammer 5644d5f3f7 stages/authenticator_totp: fix key error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 19:57:00 +02:00
Jens Langhammer f391c33bdf providers/oauth2: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:41:40 +02:00
Jens Langhammer 18f450bd49 root: enable sentry for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:29:30 +02:00
Jens Langhammer ee36b7f3eb flows: move autosubmit stage into flows package 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 12:06:19 +02:00
Jens Langhammer a9a62bbfc8 providers/oauth2: use correct title based on flow context and translated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:08:29 +02:00
Jens Langhammer ddd785898b providers/saml: add title attribute to autosubmit stage and render correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:08:14 +02:00
Jens Langhammer 8ba45a5f6a providers/oauth2: don't create events before client_id can be verified to prevent spam 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-14 00:02:01 +02:00
Jens Langhammer 7d41e6227b providers/oauth2: add tests for form_post, fix attrs not being flattened 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-13 23:52:50 +02:00
Jens Langhammer 1363226697 providers/saml: make SAML metadata generation consistent 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-13 17:40:18 +02:00
scheibling d4abf5621e
providers/oauth2: add support for form_post response mode (#2818) 
* Added request verification and parameter generation

* response_mode added to OAuthAuthorizationParams return

* Added class OauthPostFulfillmentStage
Check response_mode in initialization

* Corrected typo

* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class

* Fixed pylint error (trailing-whitespace)
Removed comment

* Reformatted authorize.py with black
 2022-05-12 21:36:31 +02:00
Jens L ec67b60219
policies/hibp: check in prompt data (#2845) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 23:47:36 +02:00
Jens L fd1d38f844
stages/authenticator_validate: remember (#2828) 
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 21:05:22 +02:00
Jens Langhammer 3554406aa5 root: fix duplicate enum in api scheme 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-10 10:24:18 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824) 
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-08 16:48:53 +02:00
Jens Langhammer 860269acf0 root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1878
 2022-05-07 22:32:56 +02:00
scheibling 30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819) 2022-05-06 10:09:09 +02:00
Jens Langhammer 59df02b3b8 root: disable stdout capturing for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-05 23:08:36 +02:00
Jens Langhammer ddbe0aaf13 stages/user_delete: fix delete stage failing when pending user is not explicitly set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-05-01 13:59:33 +02:00
Jens Langhammer 84930b4924 Revert "internal: fix high cpu when backend isnt healthy" 
This reverts commit eb6cfd22a7.

Revert "root: handle JSON error in metrics too"

This reverts commit 1ede972222.

Revert "root: don't force multiprocess prometheus registry"

This reverts commit cd1d1b4402.

Revert "root: add error handling for prometheus view"

This reverts commit c0a883f76f.
 2022-04-29 18:13:26 +02:00
Jens Langhammer 1ede972222 root: handle JSON error in metrics too 
this can happen when the worker is killed while writing metrics
 2022-04-29 11:01:04 +00:00
Jens Langhammer cd1d1b4402 root: don't force multiprocess prometheus registry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-29 10:53:47 +02:00
Jens Langhammer c0a883f76f root: add error handling for prometheus view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-29 10:17:53 +02:00
Jens Langhammer ab8b37a899 events: fix ignored instances not being a tuple 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-25 11:19:58 +02:00
Jens Langhammer 9077eff34d root: add silk and debugging views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-21 22:38:32 +02:00
Jens Langhammer 2399fa456b policies: fix current user not being set in server-side policy deny 
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-21 22:30:27 +02:00
Jens Langhammer 0b4ac54363 *: default to max 60 for fqdn_rand 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-20 20:07:25 +02:00
Jens Langhammer 1a1434bfda *: decrease frequency of background tasks, smear tasks based on name and fqdn 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
 2022-04-20 18:43:40 +02:00
Jens Langhammer d283a5236c core: add custom shell command which imports all models and creates events for model events 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 18:14:57 +02:00
github-actions[bot] e4486b98fc web: Update Web API Client version (#2733) 
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 17:05:43 +02:00
Jens Langhammer 778065f468 core: add flag to globally disable impersonation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-17 16:52:55 +02:00
Behn 70794d79dd
sources/oauth: Fix wording for OAuth source names (#2732) 2022-04-17 16:40:10 +02:00
Jens Langhammer a3bb5d89cc events: fix created events only being logged as debug level 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:37:30 +02:00
Jens Langhammer f4f9f525d7 providers/oauth2: include application in login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:36:45 +02:00
Jens Langhammer 4c14e88a25 flows: pin dependency in migration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-14 22:28:26 +02:00
Jens Langhammer 7561ea15de providers/oauth2: add additional tracing to token view 2022-04-14 16:48:17 +00:00
Jens Langhammer 8242b09394 flows: handle flow title formatting error better, add user to flow title context 2022-04-14 13:56:20 +00:00
Jens Langhammer 9b9c0fe663 release: 2022.4.1 2022-04-12 22:07:34 +02:00
Jens Langhammer 5a58f6ee64 providers/oauth2: remove test for non sa user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-12 20:35:13 +02:00
Jens Langhammer e84b17d550 providers/oauth2: don't force service accounts for client_credentials flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-12 10:23:25 +02:00
Jens Langhammer 9da439623b stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
 2022-04-11 21:02:32 +02:00
Jens Langhammer 957bb1c5ef core: make generated token length configurable 
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-11 20:57:16 +02:00
Jens Langhammer 2303a97bb9 core: add method to set key of token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
 2022-04-11 20:43:39 +02:00
Jens Langhammer 8be04cc013 providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256 
closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-11 20:05:58 +02:00
Jens Langhammer cca33a74b6 core: fix error when checking generated users with no expiry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 17:53:46 +02:00
Jens Langhammer f977bf61eb providers/oauth2: make exp optional on jwt client_credentials flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 17:25:35 +02:00
Jens Langhammer f8f8a9bbb9 providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-10 16:27:53 +02:00
Jens Langhammer e64ca4ab04 core: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-08 10:10:30 +02:00
Jens Langhammer e2f0a76309 outposts: check if docker ports should be mapped before comparing ports 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-07 17:30:33 +02:00
Jens Langhammer 5861d41ad3 tenants: add tenant-level attributes, applied to users based on request 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-06 10:41:35 +02:00
Jens Langhammer 20262f3f4b core: mark provider_obj as read_only 
closes #2637

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-04 10:17:59 +02:00
Jens L 633296503d
core: add grouping to applications (#2648) 
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 23:08:58 +02:00
Jens L 508cec2fd5
web: migrate dropdowns to wizards (#2633) 
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 19:48:17 +02:00
Jens Langhammer 7a93614e4b policies: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 18:31:02 +02:00
Jens Langhammer 4f319eaa4f policies/dummy: bump to info to always get message 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 17:28:51 +02:00
Jens Langhammer 86a8d00b3f policies: sanitze_dict when returning log messages during tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 17:15:44 +02:00
Jens Langhammer 5fe8c1f3d7 policies: fix missing default for log_messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-02 16:44:49 +02:00
Jens Langhammer d84ff2bbca policies: add policy log messages to test endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-04-01 22:07:35 +02:00
Jens Langhammer 4be238018b providers/oauth2: pass scope and other parameters to access policy request context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
 2022-04-01 21:39:05 +02:00
Jens Langhammer 99008252f8 providers/oauth2: fix verification_keys being required 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 20:19:13 +02:00
Jens Langhammer 8689444954 providers/oauth2: add password grant support (treated as client_credentials) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 18:02:17 +02:00
Jens L bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
Jens Langhammer 996bd05ba6 api: fix API header auth not passing to next auth method 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-31 00:06:01 +02:00
Jens Langhammer a1a64e25ee api: remove legacy http basic auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-30 23:39:08 +02:00
Jens Langhammer 993c6472db crypto: only count discovered when cert was loaded successfully 2022-03-28 08:58:23 +00:00
Jens Langhammer 123b0b2f05 core: fix pylint renamed variable 2022-03-28 08:58:13 +00:00
Jens Langhammer 7cbd5174f0 stages/invitation: fix tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-26 19:12:22 +01:00
Jens Langhammer c7a83e6182 stages/invitation: add invitation name 
closes #2583

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-26 18:32:59 +01:00
Jens Langhammer 74ff9d04dd stages/prompt: set field default based on placeholder, fix duplicate fields 
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-23 22:26:06 +01:00
Jens Langhammer 969902f503 stages/prompt: filter rest_framework.fields.empty when field is not required 
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-23 20:21:12 +01:00
Jens Langhammer 04372e21dd events: handle types in event contexts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
 2022-03-23 19:49:55 +01:00
Adam G d75a864f0e
providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497) 
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2

This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.

* providers/oauth2: Move org template inside loop; Change slug to use Django slugify

* providers/oauth2: Remove placeholder replacement

* Possibly fix complaints from the linters

* Update github.py

* Change organization name

* Update github.py
 2022-03-23 12:05:20 +01:00
Jens Langhammer 0c2b32da31 core: add num_pk to group for applications that need a numerical group id 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2497
 2022-03-22 21:37:11 +01:00
Jens Langhammer 9ad4c736f1 stages/email: allow overriding of destination email in plan context 
closes #2445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-22 21:19:34 +01:00
Jens Langhammer 4154b62565 stages/prompt: fix non-required fields not allowing blank values, add more tests 
closes #2544

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-22 20:38:04 +01:00
Jens Langhammer 86a4a7dcee release: 2022.3.3 2022-03-21 22:37:13 +01:00
Angel Nunez Mencias 8b95e9f97a
crypto: open files in read-only mode for importing (#2536) 
closes #2535
 2022-03-21 10:46:09 +01:00
Jens Langhammer be232e2b77 core: fix provider launch URL being prioritised over manually configured launch URL 
closes #2493

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-16 10:26:55 +01:00
Jens Langhammer 53d0205e86 outposts/proxy: use Prefix in ingress for k8s 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-15 19:01:08 +01:00
Jens Langhammer 260a7aac63 release: 2022.3.2 2022-03-15 00:01:01 +01:00
Jens Langhammer a3df414f24 sources/ldap: fix parent_group not being applied 
closes #2464

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 22:13:20 +01:00
Jens Langhammer dcaa8d6322 flows: revert default flow user change 
closes #2483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 22:05:30 +01:00
Jens Langhammer ceb894039e stages/authenticator_validate: fix passwordless flows not working 
closes #2484

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 21:15:47 +01:00
Jens Langhammer c7a825c393 lib: lower default sample rate 2022-03-14 12:38:14 +00:00
Jens Langhammer 54f170650a core: replace uid with uuid search 
uid can't be searched it as its a computed field

closes #2480

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-14 10:35:55 +01:00
Jens Langhammer fedb81571d release: 2022.3.1 2022-03-10 19:12:29 +01:00
Jens Langhammer 37528e1bba stages/authenticator_validate: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 09:56:04 +01:00
Jens Langhammer cc1509cf57 stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected 
closes #2290

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 00:46:42 +01:00
Jens Langhammer 0dfecc6ae2 stages/authenticator_*: fix device.confirmed being set incorrectly 
closes #2330

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-10 00:19:49 +01:00
Jens Langhammer de17207c68 lib: fix default geoip path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2453
 2022-03-09 21:57:29 +01:00
Jens L 920d1f1b0e
providers/oauth2: initial client_credentials grant support (#2437) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-05 23:24:55 +01:00
Jens Langhammer b1fd801ceb tenants: fix syntax error in expression for locale 2022-03-03 11:50:46 +00:00
Jens Langhammer 1e1d9f1bdd core/api: allow filtering users by uid, add uid to search 
closes #2428

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-03 10:19:56 +01:00
Jens L 4f4f954693
core: customisable user settings (#2397) 
* tenants: add user_settings flow, add basic flow and basic new executor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: use flow PromptStage instead of custom stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: add tenant to StageHost interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: fix form missing component

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add success message

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: improve support for multiple error messages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: allow expressions in prompt placeholders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: always set pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: never cache stage configuration flow plans

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/user_write: fix error when pending user is anonymous user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add checkbox for prompt placeholder expression

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add prompt expression docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/prompt: add ak-locale field type

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add function to do global refresh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix rendering of ak-locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tenants: fix default policy, add error handling to placeholder, fix locale attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-03 00:13:06 +01:00
Jens Langhammer c57fbcfd89 sources/oauth: log body when get_profile fails 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-02 20:37:42 +01:00
Jens Langhammer 08acc7ba41 providers/oauth2: fix invalid launch URL being generated 2022-03-01 15:29:21 +00:00
Jens Langhammer 7bdd32506e web: cleanup default footer links 2022-03-01 15:27:21 +00:00
dependabot[bot] f98a9bed9f
build(deps-dev): bump bandit from 1.7.2 to 1.7.3 (#2403) 
* build(deps-dev): bump bandit from 1.7.2 to 1.7.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-28 10:13:51 +01:00
Dorian Zedler e9064509fe
sources/oauth: Add Mailcow oauth source (#2380) 
* Feat: Add Mailcow oauth source

* Feat: Add mailcow icon

* Run make

* Feat: Add tests

* Fix: Remainder from discord test

* Docs: Add mailcow oauth source docs

* Docs: add mailcow source to menu

* Fix: Mailcow provider type in test

* Fix: Formatting

* Fix: Doc file name
 2022-02-27 15:06:02 +01:00
Jens Langhammer 7e5d8624c8 web: fix locale change not updating all elements 
closes #2365

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-26 16:29:12 +01:00
Jens Langhammer 2f8dbe9b97 core: handle all exceptions for applications listing 
closes #2382

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-26 16:08:38 +01:00
Jens L 677bcaadd7
core: add initial app launch url (#2367) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-23 22:48:55 +01:00
Jens Langhammer 80f218a6bf core: also handle TypeError for invalid app URL formatting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-17 18:23:11 +01:00
Jens Langhammer 4a1acd377b release: 2022.2.1 2022-02-16 10:51:55 +01:00
Jens Langhammer 72259f6479 events: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 23:15:45 +01:00
Jens Langhammer 0973c74b9d providers/oauth2: fix redirect_uri being lowercased on successful validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 23:04:00 +01:00
Jens Langhammer c7ed4f7ac1 events: check mtime on geoip database 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 22:42:46 +01:00
Jens Langhammer 3d577cf15e *: add placeholder custom.css to easily allow user customisation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 20:05:00 +01:00
Jens Langhammer c040b13b29 providers/proxy: remove leading slash to allow subdirectories in proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2305
 2022-02-14 12:51:04 +01:00
Jens L df362dd9ea
core: handle error when formatting launch URL fails closes #2304 2022-02-14 12:02:51 +01:00
Jens Langhammer 3af0de6a00 Revert "root: disable sentry's auto_session_tracking" 
This reverts commit 4f24d61290.
 2022-02-14 09:55:35 +01:00
Jens Langhammer 4f24d61290 root: disable sentry's auto_session_tracking 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 09:44:12 +01:00
Jens Langhammer 3b6497cd51 outposts: ensure keypair is set for SSH connections 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-13 15:39:37 +01:00
Jens Langhammer bb4be944dc sources/ldap: use merger that only appends unique items to list 
closes #2211

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-13 14:20:13 +01:00
Jens Langhammer 21efee8f44 admin: add additional logging when restarting a task 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 18:40:21 +01:00
Jens Langhammer f61549a60f providers/proxy: enable TLS in ingress via traefik annotation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
 2022-02-12 18:35:24 +01:00
Jens Langhammer 0da043a9fe outposts: make local discovery configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 17:27:41 +01:00
Jens Langhammer f336f204cb stages/authenticator_validate: fix handling when single configuration stage is selected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 17:27:33 +01:00
Jens Langhammer b5d43b15f8 providers/oauth2: add support for explicit response_mode 
closes #1953

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 16:56:47 +01:00
Jens Langhammer 2ccab75021 stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose 
closes #1843

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 16:55:50 +01:00
Jens Langhammer 8bc3db7c90 release: 2022.1.5 2022-02-09 22:42:34 +01:00
Jens Langhammer e741caa6b3 core: allow formatting strings to be used for applications' launch URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 23:46:23 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 20:25:38 +01:00
Jens Langhammer c63e1c9b87 outposts: fix compare_ports to support both service and container ports 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 17:40:49 +01:00
Jens Langhammer f44cf06d22 outposts: fix service reconciler re-creating services 
closes #2095

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 17:23:00 +01:00
Jens Langhammer 15e2032493 stages/authenticator_validate: handle non-existent device_challenges 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-07 20:31:49 +01:00
Jens Langhammer c87f6cd9d9 outposts: remove node_port on V1ServicePort checks to prevent service creation loops 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2095
 2022-02-07 20:26:14 +01:00
Jens Langhammer b0936ea8f3 sources/ldap: log entire exception 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-07 19:37:39 +01:00
Jens L d5e04a2301
*: remove deprecated backup (#2129) 
* *: remove backup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: final cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use correct pyproject when migrating from stable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-05 18:54:15 +01:00
Jens Langhammer 4e4e2b36b6 sources/saml: fix server error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-05 15:41:26 +01:00
Jens Langhammer eaba8006e6 sources/saml: fix incorrect ProtocolBinding being sent 
closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-03 18:20:06 +01:00
Jens Langhammer 39ff202f8c outposts: fix channel not always having a logger attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-03 17:58:54 +01:00
Jens Langhammer 49dfb4756e release: 2022.1.4 2022-02-01 20:12:55 +01:00
Jens Langhammer 88603fa4f7 providers/proxy: set traefik labels using object_naming_template instead of UUID 2022-02-01 17:13:27 +00:00
Jens Langhammer 0232c4e162 lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-01 15:01:43 +01:00
Jens Langhammer e93be0de9a sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings 
closes #2199

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-31 23:07:32 +01:00
Jens Langhammer a5adc4f8ed core: fix view_token permission not being assigned on token creation for non-admin user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-31 20:00:30 +01:00
Jens Langhammer ceaf832e63 root: remove boto integration in sentry to ease backup removal 2022-01-31 13:47:18 +00:00
Jens Langhammer c55f503b9b release: 2022.1.3 2022-01-26 22:15:28 +01:00
Jens Langhammer c2586557d8 root: fix redis passwords not being encoded correctly 
closes #2130

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-26 20:45:45 +01:00
Jens Langhammer 0d47654651 root: add max-requests for gunicorn and max tasks for celery 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-26 10:04:58 +01:00
Jens Langhammer 2f4c92deb9 Merge branch 'version-2022.1' 2022-01-24 21:42:12 +01:00
Jens Langhammer c7ba183dc0 providers/proxy: fix traefik label 
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 17:45:09 +01:00
Jens Langhammer 3d724db0e3 release: 2022.1.2 2022-01-24 11:28:00 +01:00
Jens Langhammer 2997542114 lib: disable backup by default, add note to configuration 2022-01-24 10:00:15 +00:00
Jens Langhammer 42f5cf8c93 outposts: allow custom label for docker containers 
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-23 21:55:58 +01:00
Jens Langhammer 82cc1d536a providers/proxy: add PathPrefix to auto-traefik labels 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2128
 2022-01-23 21:55:46 +01:00
Jens Langhammer 6a411d7960 policies/hibp: ensure password is encodable 
closes AUTHENTIK-1SA

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-23 21:23:24 +01:00
Jens Langhammer f4a6c70e98 release: 2022.1.1 2022-01-22 18:28:40 +01:00
Jens Langhammer dd8b579dd6 lib: ignore paramiko logger 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-21 10:46:33 +01:00
Jens Langhammer 994c5882ab root: fix error if secret_key is purely numerical 
closes #2099

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-18 09:17:33 +01:00
Jens Langhammer 0db0a12ef3 root: rename csrf header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-16 16:17:44 +01:00
Jens Langhammer eaeab27004 lib: add support for custom env 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-16 14:56:02 +01:00
Jens Langhammer 111fbf119b *: refactor prometheus gauges to directly updating metrics view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-16 13:57:07 +01:00
Jens Langhammer 92cc0c9c64 root: decrease to 10 backup history 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-14 19:59:50 +01:00
Jens Langhammer 18ff803370 outposts: trigger service update on k8s when selector doesnt match 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-14 11:42:57 +01:00
Jens Langhammer 6338785ce1 outposts: change label app.kubernetes.io/name to include outpost type 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-14 10:34:54 +01:00
Jens Langhammer 973e151dff outposts: add Additional version labels to managed k8s deployments 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-13 17:48:01 +01:00
Jens Langhammer fae6d83f27 *: simplify extracting current version info 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-13 17:47:31 +01:00
Jens Langhammer ed84fe0b8d root: set samesite for csrf cookie 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 23:14:14 +01:00
Jens Langhammer 7db7b7cc4d stages/authenticator_validate: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 23:00:28 +01:00
Jens Langhammer e758db5727 stages/authenticator_webauthn: make more WebAuthn options configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:57:49 +01:00
Jens Langhammer 4d7d700afa providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:44:57 +01:00
Jens Langhammer f9a5add01d root: include build in analytics 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:18:52 +01:00
Jens Langhammer 2986b56389 root: fix backups running every minute instead of once 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:09:44 +01:00
Jens Langhammer 11e25617bd crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved 
closes #2082

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-10 20:36:50 +01:00
Jens Langhammer 19d5902a92 flows: handle error if flow title contains invalid format string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-10 19:49:27 +01:00
Jens Langhammer 71dffb21a9 outposts: improve error handling for outpost service connection state 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-10 19:44:13 +01:00
Jens Langhammer 2543224c7c core: dont return 404 when trying to view key of expired token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-10 17:53:09 +01:00
Jens Langhammer 6b6702521f api: don't return error reporting enabled when debug is enabled 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-07 21:53:22 +01:00
Jens Langhammer c07b8d95d0 outposts/proxy: remove deprecated headers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-07 17:01:23 +01:00
Jens Langhammer 0027dbc0e5 root: remove old api path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-06 22:21:21 +01:00
Jens Langhammer c15e4b24a1 release: 2021.12.5 2022-01-06 21:29:12 +01:00
Jens Langhammer 03503363e5 core: fix UserSelfSerializer's save() overwriting other user attributes 
closes #2070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-06 18:23:06 +01:00
Jens Langhammer 22d6621b02 root run backup every 24 hours 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-06 15:29:11 +01:00
Jens Langhammer 91dd33cee6 policies/reputation: trigger save on update 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-05 22:06:20 +01:00
Jens Langhammer 5a2c367e89 policies/reputation: fix test 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-05 21:44:15 +01:00
Jens Langhammer 6e53f1689d policies/reputation: rework reputation to use a single entry, include geo_ip data 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-05 21:02:33 +01:00
Jens Langhammer 7b1373e8d6 core: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-04 23:17:37 +01:00
Jens Langhammer e70b486f20 outposts: handle error in certificate cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-04 22:53:37 +01:00
Jens Langhammer 5769ff45b5 core: add goauthentik.io/user/can-change-name 
closes #2054

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-04 19:03:12 +01:00
Jens Langhammer 9d6f79558f tenants: forbid creation of multiple default tenants 
closes #2059

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-04 19:01:20 +01:00
Jens Langhammer 935a8f4d58 core: add tests for non-applicable flows with flow manager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 22:14:52 +01:00
Jens Langhammer 7d3d17acb9 core: add error handling in source flow manager when flow isn't applicable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 21:57:55 +01:00
Jens Langhammer ebd476be14 sources/oauth: fix sources not allowing blank values 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
 2022-01-03 21:36:14 +01:00
Jens Langhammer 31ba543c62 *: don't use exception keyword with structlog 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 21:33:52 +01:00
Jens Langhammer a101d48b5a core: passthrough connection and additional data to FlowManager 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
 2022-01-03 21:31:26 +01:00
Jens Langhammer 8f44c792ac sources/oauth: fix github provider not including correct base scopes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
 2022-01-03 21:04:18 +01:00
Jens Langhammer 212220554f sources/oauth: add additional scopes field to get additional data from provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
 2022-01-03 16:43:52 +01:00
Jens Langhammer 3e22740eac core: add API endpoint to directly set user's password 
closes #2040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 13:31:58 +01:00
Jens Langhammer d18a691f63 core: prevent LDAP password being set for internal hash upgrades 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 13:23:42 +01:00
Jens Langhammer 90c31c2214 flows: add test helpers to simplify and improve checking of stages, remove force_str 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-01 20:25:32 +01:00
Jens Langhammer 50e3d317b2 flows: use WithUserInfoChallenge for AccessDeniedChallenge 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2039
 2022-01-01 19:45:34 +01:00
Jens Langhammer 3eed7bb010 lib: dont send any sentry events when testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-01 18:56:14 +01:00
Jens Langhammer 9154b9b85d web/user: rework user source connection UI 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-30 21:59:41 +01:00
Jens Langhammer fc19372709 flows: fix migration removing flow titles 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-30 21:00:00 +01:00
Jens Langhammer d03b0b8152 outposts: include outposts build hash in state 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-30 15:16:34 +01:00
Jens Langhammer c249b55ff5 *: use py3.10 syntax for unions, remove old Type[] import when possible 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-30 14:59:01 +01:00
Jens Langhammer fc7a452b0c flows: update default flow titles 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-27 22:04:35 +01:00
Jens Langhammer 46f12e62e8 flows: don't create EventAction.FLOW_EXECUTION 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-27 15:07:33 +01:00
Jens Langhammer 53b10e64f8 outposts: fix error when client hasn't be initialised 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-26 14:26:48 +01:00
Jens Langhammer abe38bb16a outposts: fix __exit__ being called without params 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-25 17:52:20 +01:00
Jens Langhammer b19da6d774 crypto: return private key's type (required for some oauth2 providers) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-25 16:51:28 +01:00
Jens Langhammer 7c55616e29 outposts: fix creation of from_env docker client 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-25 16:48:23 +01:00
Jens Langhammer 6510b97c1e outposts: add remote docker integration via SSH 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-25 16:31:34 +01:00
Jens Langhammer 22d1dd801c root: also use analytics uuid for sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-24 15:13:27 +01:00
Jens Langhammer e7e0e6d213 lib: strip values for timedelta from string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-23 18:49:35 +01:00
Jens Langhammer ca0250e19f core: add meta theme-color 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-23 18:49:24 +01:00
Jens Langhammer 5c5634830f stages/identification: add field for passwordless flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-23 18:27:00 +01:00
Jens Langhammer 9c42b75567 release: 2021.12.4 2021-12-23 10:32:48 +01:00
Jens Langhammer 457e17fec3 website/docs: add small let's encrypt docs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-23 00:59:06 +01:00
Jens Langhammer 846006f2e3 events: create test notification with event with data 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 23:32:29 +01:00
Jens Langhammer f557b2129f *: fix random typos 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 23:13:18 +01:00
Jens Langhammer 6dc2003e34 providers/oauth2: fix tests validating JWT incorrectly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 23:00:57 +01:00
Jens Langhammer 0149c89003 providers/oauth2: fix invalid assignments in JWKS view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:41:28 +01:00
Jens Langhammer f458cae954 providers/proxy: add error handing when field is already gone 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:31:53 +01:00
Jens Langhammer f01d117ce6 providers/proxy: fix imports in migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:25:02 +01:00
Jens Langhammer 2bde43e5dc crypto: use older syntax for type union 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:22:45 +01:00
Jens Langhammer 2f3026084e providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:09:49 +01:00
Jens Langhammer c1f0833c09 crypto: improve support for non-rsa private keys (discovery) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 21:46:22 +01:00
Jens Langhammer 8e83209631 stages/authenticator_validate: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 18:14:35 +01:00
Jens Langhammer 2e48e0cc2f stages/authenticator_validate: fix prompt not triggering when using in non-authentication context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 18:03:02 +01:00
Jens Langhammer e72f0ab160 stages/authenticator_validation: refuse passwordless flow if flow is not for authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 18:02:43 +01:00
Jens Langhammer 5b3a9e29fb stages/authenticator_validate: add passwordless login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 17:34:46 +01:00
Jens Langhammer 34b11524f1 tenants: add web certificate field, make authentik's core certificate configurable based on keypair 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 11:43:45 +01:00
Jens Langhammer 16b6c17305 Revert "policies: don't always clear application cache on post_save" 
This reverts commit 5ef385f0bb.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/policies/signals.py
 2021-12-22 00:23:19 +01:00
Jens Langhammer cf4b4030aa release: 2021.12.3 2021-12-21 20:52:08 +01:00
Jens Langhammer 7fb939f97b core: fix error when getting launch URL for application with non-existent Provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 19:40:29 +01:00
Jens Langhammer c78236a2a2 root: don't set secure cross opener policy 
closes #1977

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 19:16:22 +01:00
Jens Langhammer ca314c262c *: revert to using GHCR directly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 13:54:49 +01:00
Jens Langhammer 8a60a7e26f providers/proxy: revert to static list of forwarded headers 
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others

closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 12:04:54 +01:00
Jens Langhammer 92b4244e81 providers/proxy: update traefik regex 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1969
 2021-12-20 22:43:58 +01:00
Jens Langhammer dfbf7027bc providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 22:24:42 +01:00
Jens Langhammer 4658018a90 Revert "outposts: rename outpost" 
This reverts commit a5c30fd9c7.
 2021-12-20 21:37:31 +01:00
Jens Langhammer 577b7ee515 providers/proxy: include auth headers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 21:37:22 +01:00
Jens Langhammer 3da526f20e root: allow trace log level to work for core/embedded 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 21:11:47 +01:00
Jens Langhammer c843f18743 lib: add additional celery logger to sentry ignore 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 21:04:45 +01:00
Jens Langhammer 80d0b14bb8 outposts: fix error when getting state for non-existent outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 19:44:47 +01:00
Jens Langhammer a5c30fd9c7 outposts: rename outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 19:28:05 +01:00
Jens Langhammer ef23a0da52 outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors 
closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 13:30:19 +01:00
Jens Langhammer ba527e7141 root: drop redis cache sentry errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 13:12:14 +01:00
Jens Langhammer 602573f83f ci: fix label 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-19 13:44:34 +01:00
Jens Langhammer 8599d9efe0 web/admin: auto set the embedded outpost's authentik_host on first view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-19 13:27:04 +01:00
Jens Langhammer 8e6fcfe350 root: fix inconsistent URL quoting of redis URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 22:24:41 +01:00
Jens Langhammer e9910732bc release: 2021.12.2 2021-12-18 21:03:50 +01:00
Jens Langhammer b6ff04694f providers/oauth2: don't rely on expiry task for access codes and refresh tokens 
closes #1911

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 17:42:41 +01:00
Jens Langhammer 61097b9400 policies/password: add minimum digits 
closes #1952

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 16:15:56 +01:00
Jens Langhammer 4c5537ddfe sources/oauth: allow writing to user in SourceConnection 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1888
 2021-12-18 15:33:46 +01:00
Jens Langhammer a95779157d tests/integration: add rename and full update tests for k8s controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 15:32:16 +01:00
Jens Langhammer ac6afb2b82 stages/email: add test for non-existent directory 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 15:05:40 +01:00
Jens Langhammer 71a22c2a34 outposts: add unittests for docker controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-17 13:42:33 +01:00
NeroPcStation 273f5211a0
providers/saml: Fix typo (#1950) 2021-12-17 11:00:20 +00:00
Jens Langhammer 2ca115285c crypto: fix private keys not being imported correctly 
closes #1945

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-16 21:14:15 +01:00
Jens Langhammer 14c159500d core: don't rotate non-api tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-16 19:32:39 +01:00
Jens Langhammer f33190caa5 release: 2021.12.1 2021-12-16 15:48:59 +01:00
Jens Langhammer 741822424a Merge branch 'master' into version-2021.12 2021-12-16 15:48:53 +01:00
Jens Langhammer a105760123 events: improve app lookup for event creation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-15 16:46:02 +01:00
Jens Langhammer 6ff8fdcc49 root: enable threading integration in sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-15 15:49:08 +01:00
Jens Langhammer 50ca3dc772 core: fix error when attempting to provider from cached application 
closes #1940

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-15 15:11:13 +01:00
Jens Langhammer 2a09fc0ae2 release: 2021.12.1-rc5 2021-12-15 10:21:29 +01:00
Jens Langhammer fbb6756488 Merge branch 'master' into version-2021.12 2021-12-15 10:16:05 +01:00