Commit Graph

306 Commits

Author SHA1 Message Date
Jens Langhammer 326b574d54 root: update dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-07 16:25:10 +01:00
Jens Langhammer 873aa4bb22 providers/saml: remove SESSION_KEY_POST from session after using it
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
2021-12-06 12:47:25 +01:00
Jens Langhammer ada2a16412 tests/e2e: add post binding test
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:18:01 +01:00
Jens Langhammer 6a3f7e45cf providers/saml: add ?force_binding to limit bindings for metadata endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:14:42 +01:00
Jens Langhammer 2b78c4ba86 *: use request.query_params instead of accessing the django request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:14:20 +01:00
Jens Langhammer 680ef641fb providers/saml: fix error when propertymapping returns invalid data in list
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 10:31:16 +01:00
Jens Langhammer 4bd1cd127b providers/saml: fix IndexError in signature check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-02 20:30:03 +01:00
Jens Langhammer 4f54ce6afb providers/saml: fix error when using post bindings and user freshly logged in
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
2021-12-02 13:00:21 +01:00
Jens Langhammer b4963bec76 providers/proxy: fix defaults for traefik integration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 21:47:13 +01:00
Jens Langhammer 7aa8e35f87 providers/proxy: use wildcard for traefik headers copy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:35 +01:00
Jens Langhammer 60b95271eb outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:09 +01:00
Jens Langhammer 0b8cfd437b *: fix typo'd signing pair name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-24 09:55:10 +01:00
Jens L 9bb0d04aeb
root: Random tests (#1825)
* root: add pytest-randomly to randomise tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: generate flows for testing instead of relying on existing ones

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: generate users for testing instead of relying on existing ones

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: use generated certificate

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: keep containers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: use websockets test case

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-22 22:56:02 +01:00
Jens Langhammer b0fac9c9f1 providers/saml: fix SessionNotOnOrAfter not being included
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 12:36:40 +01:00
dependabot[bot] f7044e41c6
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793)
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: fix bandit false positives

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 09:16:16 +01:00
Jens Langhammer c98bdbacc5 providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
Jens Langhammer 2cef220a3e providers/ldap: add/squash migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:41:50 +01:00
Jens L 5a8c66d325
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/ldap: add basic in-memory searcher

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/ldap: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Jens Langhammer 3005ca17bd web/admin: show warning on provider when not used with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:15:33 +01:00
Jens Langhammer 909461e533 providers/*: include list of outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:06:04 +01:00
Jens Langhammer 6036d88392 providers/proxy: allow configuring of additional scope mappings for proxy
closes #1255

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 22:25:51 +01:00
Jens Langhammer 335d6edd11 providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:21:15 +01:00
Jens Langhammer 1b21b50b77 providers/oauth2: fallback to uid if UPN was selected but isn't available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-27 16:11:35 +02:00
Jens Langhammer 8eb4d53810 providers/oauth2: fix events being created from /application/o/authorize/
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 22:59:01 +02:00
Jens Langhammer 98a56c77e3 providers/proxy: update ingress controller to work with k8s 1.22
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-18 10:00:24 +02:00
Jens Langhammer 2b09d97522 core: fix squash migrations error when AK_ADMIN_TOKEN is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 17:45:10 +02:00
Jens L e4f141c6c0
*: Squash Migrations (#1593)
* *: first squash pass

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/saml: squash less

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix docker controller not correctly checking image

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix old migration reference

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 21:39:35 +02:00
Jens Langhammer 83150d9920 outposts: fix circular import in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:25:18 +02:00
Jens Langhammer d30dcda814 providers/proxy: always check ingress secret in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-03 19:14:27 +02:00
Jens Langhammer 3c1ac4c7ec outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-02 22:00:23 +02:00
Jens L f9ad102915
flows: inspector (#1469)
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
pemontto aea1736f70
outposts/proxy: Fix failing traefik healtcheck (#1470) 2021-09-26 11:33:18 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
2021-09-25 15:00:06 +02:00
Jens Langhammer 79b92e764e *: fix typos in code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00
Jens Langhammer ae07f13a87 outposts: don't map port 9300 on docker, only expose port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-21 21:40:08 +02:00
Jens L 13e2eea72f
web/user: new end-user interface (#1404)
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 22:17:05 +02:00
Jens Langhammer ae26d2756f providers/saml: improved error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 10:58:51 +02:00
Jens Langhammer 916530f0d8 providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui
closes #1369

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-15 17:14:53 +02:00
Jens Langhammer ba6849f29c *: remove string.format()
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 12:06:47 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 18:15:59 +02:00
Jens Langhammer 4448145aa9 providers/proxy: use auth/traefik subpath
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-10 13:53:04 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:52:24 +02:00
Jens Langhammer da58796768 providers/proxy: fix defaults for old proxy providers (load providers directly)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:54:24 +02:00
Jens Langhammer d98499a3fa providers/proxy: fix defaults for old proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 13:26:36 +02:00
Jens Langhammer f3ff398a44 providers/proxy: add metrics port to controllers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 23:01:22 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-08 18:04:56 +00:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-03 10:43:09 +02:00
Jens Langhammer 3e9f5ec5ef providers/proxy: improve error handling for non-tls ingresses
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-30 14:43:57 +02:00