Jens Langhammer
|
326b574d54
|
root: update dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-07 16:25:10 +01:00 |
Jens Langhammer
|
873aa4bb22
|
providers/saml: remove SESSION_KEY_POST from session after using it
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1873
|
2021-12-06 12:47:25 +01:00 |
Jens Langhammer
|
ada2a16412
|
tests/e2e: add post binding test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-05 11:18:01 +01:00 |
Jens Langhammer
|
6a3f7e45cf
|
providers/saml: add ?force_binding to limit bindings for metadata endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-05 11:14:42 +01:00 |
Jens Langhammer
|
2b78c4ba86
|
*: use request.query_params instead of accessing the django request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-05 11:14:20 +01:00 |
Jens Langhammer
|
680ef641fb
|
providers/saml: fix error when propertymapping returns invalid data in list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-05 10:31:16 +01:00 |
Jens Langhammer
|
4bd1cd127b
|
providers/saml: fix IndexError in signature check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-02 20:30:03 +01:00 |
Jens Langhammer
|
4f54ce6afb
|
providers/saml: fix error when using post bindings and user freshly logged in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1873
|
2021-12-02 13:00:21 +01:00 |
Jens Langhammer
|
b4963bec76
|
providers/proxy: fix defaults for traefik integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 21:47:13 +01:00 |
Jens Langhammer
|
7aa8e35f87
|
providers/proxy: use wildcard for traefik headers copy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:19:35 +01:00 |
Jens Langhammer
|
60b95271eb
|
outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-01 20:19:09 +01:00 |
Jens Langhammer
|
0b8cfd437b
|
*: fix typo'd signing pair name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-24 09:55:10 +01:00 |
Jens L
|
9bb0d04aeb
|
root: Random tests (#1825)
* root: add pytest-randomly to randomise tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: generate flows for testing instead of relying on existing ones
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: generate users for testing instead of relying on existing ones
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: use generated certificate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: keep containers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: use websockets test case
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-22 22:56:02 +01:00 |
Jens Langhammer
|
b0fac9c9f1
|
providers/saml: fix SessionNotOnOrAfter not being included
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-16 12:36:40 +01:00 |
dependabot[bot]
|
f7044e41c6
|
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793)
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1)
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* *: fix bandit false positives
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-15 09:16:16 +01:00 |
Jens Langhammer
|
c98bdbacc5
|
providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-10 23:06:21 +01:00 |
Jens Langhammer
|
2cef220a3e
|
providers/ldap: add/squash migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-05 10:41:50 +01:00 |
Jens L
|
5a8c66d325
|
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-05 10:37:30 +01:00 |
Jens Langhammer
|
3005ca17bd
|
web/admin: show warning on provider when not used with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-05 01:15:33 +01:00 |
Jens Langhammer
|
909461e533
|
providers/*: include list of outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-11-05 01:06:04 +01:00 |
Jens Langhammer
|
6036d88392
|
providers/proxy: allow configuring of additional scope mappings for proxy
closes #1255
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-31 22:25:51 +01:00 |
Jens Langhammer
|
335d6edd11
|
providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-31 17:21:15 +01:00 |
Jens Langhammer
|
1b21b50b77
|
providers/oauth2: fallback to uid if UPN was selected but isn't available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-27 16:11:35 +02:00 |
Jens Langhammer
|
8eb4d53810
|
providers/oauth2: fix events being created from /application/o/authorize/
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-21 22:59:01 +02:00 |
Jens Langhammer
|
98a56c77e3
|
providers/proxy: update ingress controller to work with k8s 1.22
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-18 10:00:24 +02:00 |
Jens Langhammer
|
2b09d97522
|
core: fix squash migrations error when AK_ADMIN_TOKEN is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-12 17:45:10 +02:00 |
Jens L
|
e4f141c6c0
|
*: Squash Migrations (#1593)
* *: first squash pass
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* sources/saml: squash less
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix docker controller not correctly checking image
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: fix old migration reference
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-11 21:39:35 +02:00 |
Jens Langhammer
|
83150d9920
|
outposts: fix circular import in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-03 19:25:18 +02:00 |
Jens Langhammer
|
d30dcda814
|
providers/proxy: always check ingress secret in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-03 19:14:27 +02:00 |
Jens Langhammer
|
3c1ac4c7ec
|
outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-02 22:00:23 +02:00 |
Jens L
|
f9ad102915
|
flows: inspector (#1469)
* flows: add initial inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: change naming a bit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flow: add inspector frame
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: don't use shadydom when inspecting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add current stage to api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/*: fix imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: deep-copy plan instead of just adding
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: restrict inspector to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add buttons to launch flow with inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: don't automatically follow redirects when inspector is open
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: make current_plan optional, only require historry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: handle error messages in inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: improve UI when flow is done
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add is_completed flag to inspector
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: fix monkeypatches for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: add inspector tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: re-enable cache
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-28 09:36:48 +02:00 |
pemontto
|
aea1736f70
|
outposts/proxy: Fix failing traefik healtcheck (#1470)
|
2021-09-26 11:33:18 +02:00 |
Jens Langhammer
|
4f3583cd7e
|
providers/proxy: make token_validity float and optional for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 15:54:32 +02:00 |
Jens Langhammer
|
f7408626a8
|
providers/proxy: return token_validity as total seconds instead of expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 15:44:16 +02:00 |
Jens Langhammer
|
28eeb4798e
|
providers/proxy: add token_validity field for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1462
|
2021-09-25 15:00:06 +02:00 |
Jens Langhammer
|
79b92e764e
|
*: fix typos in code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 00:01:11 +02:00 |
Jens Langhammer
|
ae07f13a87
|
outposts: don't map port 9300 on docker, only expose port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-21 21:40:08 +02:00 |
Jens L
|
13e2eea72f
|
web/user: new end-user interface (#1404)
* web/user: migrate to top navbar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: prepare config from server
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-sort
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove old interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update issue template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use notification badge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: re-add go-to-admin button
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix remaining redirects directly to admin
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make settings better
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: ensure sources and stages are sorted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add sessions and consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/oauth2: add post wrapper to stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add new interface to release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 22:17:05 +02:00 |
Jens Langhammer
|
ae26d2756f
|
providers/saml: improved error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-16 10:58:51 +02:00 |
Jens Langhammer
|
916530f0d8
|
providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui
closes #1369
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-15 17:14:53 +02:00 |
Jens Langhammer
|
ba6849f29c
|
*: remove string.format()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-14 12:06:47 +02:00 |
Jens Langhammer
|
df4c8003b8
|
api: fix items of list fields having nullable set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 18:15:59 +02:00 |
Jens Langhammer
|
4448145aa9
|
providers/proxy: use auth/traefik subpath
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 13:53:04 +02:00 |
Jens L
|
7158c9d2ea
|
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 15:52:24 +02:00 |
Jens Langhammer
|
da58796768
|
providers/proxy: fix defaults for old proxy providers (load providers directly)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 13:54:24 +02:00 |
Jens Langhammer
|
d98499a3fa
|
providers/proxy: fix defaults for old proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 13:26:36 +02:00 |
Jens Langhammer
|
f3ff398a44
|
providers/proxy: add metrics port to controllers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 23:01:22 +02:00 |
Jens L
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
Jens Langhammer
|
d92d8e6dbb
|
api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-03 10:43:09 +02:00 |
Jens Langhammer
|
3e9f5ec5ef
|
providers/proxy: improve error handling for non-tls ingresses
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-30 14:43:57 +02:00 |