Commit Graph

947 Commits

Author SHA1 Message Date
sdimovv a6eba37d5a
core: Add `resolve_dns` and `reverse_dns` functions to evaluator (#4769)
* Add resolve_dns

* Add reverse_dns

* Fix lint

* add caching, small optimisation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Added time-aware LRU cache

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-01 22:15:13 +01:00
Jens L 5e60db8593
providers/oauth2: fix typo (#4803) 2023-02-27 17:17:48 +01:00
Jens L 39d0893303
flows: change default flow stage binding settings (#4784)
* flows: change default flow stage binding settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fallback to correct value

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-27 15:21:26 +01:00
Jens L 596ff529c4
core: bootstrap email (#4788) 2023-02-26 17:02:45 +01:00
roche-quentin cd99b6e48f
providers/ldap: making ldap compatible with synology (#4694)
* internal/outpost/ldap: making ldap compatible with synology

* fix duplicate attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs about homedirectory

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add substitution to values

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
sdimovv 51c6a14786
providers/ldap: Improve compatibility with LDAP clients (#4750)
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'

* Leave old fields for now for backward compatibility

* Add forgotten depreceated field

* Fix tests

* Fix tests

* use shorter attribute names

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sanitize attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep both sanitized and unsanitized user fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add sanitized fields to test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:18:22 +01:00
Jens L 122055b38b
stages/user_login: terminate others (#4754)
* rework session list

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use sender filtering for signals when possible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add terminate_other_sessions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:09:28 +01:00
Jens L b61d181ec7
website/docs: add better explanation for goauthentik.io/user/token-ex… (#4755)
website/docs: add better explanation for goauthentik.io/user/token-expires

closes #4727
2023-02-22 13:24:04 +01:00
Jens Langhammer 2c78053631
website/docs: add release note titles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 12:27:24 +01:00
Jens Langhammer 17364c3bd8
website/docs: add 2023.2.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 20:34:25 +01:00
Jens Langhammer 19f5e6e07e
website/docs: update events page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:44:13 +01:00
Jens Langhammer 7d6b573f8b
website: migrate to mermaid charts, rework proxy page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 12:14:17 +01:00
Jens Langhammer c340830b37
website/docs: prepare 2023.2.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 18:19:02 +01:00
Jens Langhammer cf36da2e5d
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 17:44:53 +01:00
sdimovv b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials (#4663) 2023-02-12 16:35:17 +01:00
Jens L af43330fd6
providers/oauth2: rework OAuth2 Provider (#4652)
* always treat flow as openid flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve issuer URL generation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refactoring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update introspection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refinement

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more things, update api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* regen migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start updating tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix implicit flow, auto set exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timeozone not used correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix revoke

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more timezone shenanigans

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix userinfo tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing at_hash for implicit flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-include at_hash in implicit auth flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use folder context for outpost build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
Jens Langhammer a7cf454760
web/admin: add notice for user_login stage session cookie behaviour
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 14:18:52 +01:00
Jens Langhammer 7a85038c11
website/docs: prepare 2023.2 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:52:29 +01:00
Jens Langhammer 3170b2f92c
providers/proxy: add token support for basic auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 22:50:49 +01:00
Melvin Snijders 547c01f481
website/docs: update Caddy docs to include HTTPS proxying (#4316)
Update Caddy documentation to include HTTPS proxying

Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>
2023-02-03 14:43:13 +01:00
Jens L 7d4ce41e12
providers/proxy: outpost wide logout implementation (#4605)
* initial outpost wide logout implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* handle deserialize error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix file cleanup, add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 21:18:59 +01:00
Jens Langhammer cadb710c38
website/docs: add troubleshooting for CSRF
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
Skyler Mäntysaari c2b4d14af5
website/docs: Add note for firefox about FIDO and TouchID (#4552)
* docs(passwordless): Make sure to include a warning

Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>

* add notice for firefox touchID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-01-28 22:45:51 +01:00
Jens Langhammer b99afd82b2
stages/user_write: fix migration setting wrong value, fix form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 14:38:26 +01:00
Jens Langhammer 446dc0a17b
website/docs: prepare 2023.1.1
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 14:25:20 +01:00
Jens Langhammer 3a59b75f4a
website/docs: update ldap provider docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 11:46:57 +01:00
Jens L 98485c528e
ci: build beta for amd64 and arm64 (#4468)
* ci: build for arm64, but independently

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add notice to beta

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 21:41:56 +01:00
Jens Langhammer 59be3c7746
website/docs: add docs for validating phone numbers before SMS enrollment
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-19 17:57:52 +01:00
Jens Langhammer 97acc77e0a
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:25:58 +01:00
Jens Langhammer eb1e0427c1
website/docs: add missing user uid field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 15:22:06 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457)
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 18:56:48 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456)
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 12:21:33 +01:00
Jens Langhammer 19ee98b36d
outposts/proxy: allow setting no-redirect via header or query param
closes #4455

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 10:56:43 +01:00
Jens Langhammer 07767c9376
website/docs: add disclaimer to beta page that downgrade isn't supported
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-16 10:44:42 +01:00
Jens Langhammer d31e566873
outposts/proxy: add header to prevent redirects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-14 22:18:25 +01:00
Jens Langhammer b6b97f4706
website/docs: update 2023.1 release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:32:34 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421)
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00
Jens Langhammer d3e2f41561
website/docs: fix typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-09 13:13:41 +01:00
Jens Langhammer bec538c543
sources/ldap: make task timeout adjustable
closes #4375

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-06 12:37:59 +01:00
Jens L 2604dc14fe
providers/ldap: add code-MFA support for ldap provider (#4354)
* add code support for ldap provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to extract code when auth validator stage is encountered

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use parseint instead

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 18:32:06 +01:00
Jens L a960ce9454
stages/user_write: add more user creation options (#4367)
* add more user creation options

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update blueprints and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 15:46:20 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363)
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer ed3f36e72a
website/docs: update redirect docs
closes #4248

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 12:38:38 +01:00
Jens Langhammer 1efc7eecbf
website/docs: add metrics for monitoring and metrics
closes #4308

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 20:49:35 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346)
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 19:45:31 +01:00
Jens Langhammer c4bb51469b
website/docs: prepare 2022.12.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 10:15:15 +01:00
Jens Langhammer 82184b2882
web/flows: fix alternate captchas not loading
closes #4321

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-01 18:49:41 +01:00
Jens Langhammer c8bd0fbb1c
website/docs: prepare 2022.12.1 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:59:05 +01:00
Jens Langhammer c99798b1f2
website/docs: update release notes, remove duplicate files
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-29 23:28:15 +01:00
Jens Langhammer 0e6400bfea
web/admin: improve user/group UX for adding/removing users to and from groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 12:55:38 +01:00
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00
Jens Langhammer 1615723f10
website/docs: update release notes for 2022.12
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:38 +01:00
sev f9b46145de
website/docs: Clarify request.user and add link to Django docs (#4287)
* Clarify request.user and add link to doc

Signed-off-by: sev <git@sev.monster>

* rephrase a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sev <git@sev.monster>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-27 14:10:30 +01:00
Jens Langhammer 7046944bf6
website: link CVE and attribute reporter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-25 14:17:17 +01:00
Jens Langhammer 716584bbae
website: update release notes for CVEs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:21:02 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263)
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer 28eb7c03fa
website/developer-docs: add templates for announcing fixed security release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:13:21 +01:00
Jens Langhammer 423776c7a2 website/docs: prepare 2022.12 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 21:58:57 +01:00
Jens L 609f95ac97
providers: add preview for mappings (#4254)
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
Jens L f4990bb5da
core: bundle geoip (#4250)
* bundle geoip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly pass secrets

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add geoip docs and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-20 22:09:30 +01:00
Jens Langhammer 9d5b9204fc web/admin: rework markdown, correctly render Admonitions, fix links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:48:02 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
Jens Langhammer 1dfc0b2e93 website/docs: update flow context variables
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 14:37:37 +00:00
Jens Langhammer 0995658ca6 website/docs: add note for possibly blocked SMTP ports
closes #4192

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 11:13:52 +00:00
Jens Langhammer 49bd028363 website/docs: update release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-03 13:10:16 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
Alex Wigen 4e04461820
website/docs: Change Kubernetes ingress apiVersion out of beta (#4099)
* Change Kubernetes ingress apiVersion out of beta

* fix lint

Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 16:42:59 +01:00
Jens Langhammer 147ebf1a5e root: rework and expand security policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 12:10:53 +01:00
John Arrandale 501d63b3aa
website/docs: add notice for unique Base DN (#4073)
* providers/ldap: updates documentation related to issue #4038

Signed-off-by: John Arrandale <bootsie227@gmail.com>

* providers/ldap: adheres to the CI prettier-check

Signed-off-by: John Arrandale <bootsie227@gmail.com>
2022-11-24 20:52:13 +01:00
Jens Langhammer ab0f8d027d website/docs: add 2022.11.1 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:17:05 +01:00
Jens Langhammer 1efc0c1242 website/docs: update changelog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 19:37:28 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens L 55aa1897af
root: use single redis db (#4009)
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002)
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
sdimovv d2bbcc0e1e
website/docs: Fix small error in Invitation stage docs (#3997)
The `.get` is there to ensure the policy won't throw an error if the key is not there (which can happen if the policy is executed before an Invitation stage).

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-11-14 09:54:25 +01:00
dependabot[bot] 4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864)
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye

Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump project

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump deps

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump ci to 3.11

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00
Jens Langhammer ac2e85c003 website/docs: fix 404s on ldap provider docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-06 00:01:38 +01:00
Jens Langhammer c157030905 website/docs: remove old banner, fix nginx formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-01 17:12:16 +01:00
Jens Langhammer 77a67dcbc1 website/docs: prepare 2022.10.1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:08:55 +02:00
Jens Langhammer 8d7ce49101 website/docs: add docs for using email templates with helm chart
closes #3891

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:06:10 +02:00
Jens Langhammer 7004cb1c91 website/docs: add notice for TOTP issuer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-22 17:11:20 +02:00
Jens Langhammer fa08e2c7bf website/docs: update 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-21 18:24:25 +02:00
Jens L cfad472e1b
flows: optimise queries (#3818)
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 22:53:07 +02:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens Langhammer c22dae868c website/docs: update 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:44:28 +02:00
Rob 895658e7a3
website/integrations: add Organizr integration (#3802)
* Add new integration application category for Dashboard and initialize organizr service template

* added images and additional info for organizr integration

* alphabetized application integration categories

* alphabetized integration federation and social login categories

* forgot to make website-lint-fix :/

* revert mention of organizr in generic setup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:28:48 +02:00
Jens Langhammer bb43c49b1e website/docs: fix passwordless docs, cross-link both
closes #3803

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 21:38:01 +02:00
Rob 10cfccd999
website/docs: add General Setup instructions for LDAP Provider (#3680)
* Added General Setup instructions for LDAP Provider

* Added General Setup instructions for LDAP Provider and updated relative links

* updated LDAP Outpost note verbiage

* Corrected the case for LDAP and renamed to Generic Setup

* removed ldapsearch example from index page

* updated verbiage around multifactor authentication

* removed note about local LDAP provider

* updated sidebar to reflect generic_setup

* updated logging info

* corrected typo

* updated stage creation instructions and screenshot

* corrected another typo

* corrected another typo

* reword some things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 14:57:57 +00:00
Jens Langhammer 77f6926a41 website/docs: prepare 2022.10 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:23:23 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Philipp Kolberg 2980c5884f
root: Add setting to adjust database config for pgbouncer (#3769)
* Add setting to adjust database config for pgbouncer

* docker-compose.yml cleanup

Delete pgbouncer setting as false is the default value

* Cleanup docker-compose.yml

Also remove use_pgbouncer option in server section
2022-10-14 11:53:24 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780)
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334)
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens L cca0f60bda
root: decrease default token size to 60 chars for compatibility (#3710)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2614
2022-09-30 23:12:51 +02:00
Jens Langhammer 32c80467b6 website/docs: update log level warning phrasing 2022-09-29 09:52:48 +00:00
Jens Langhammer 74c5a5b4c1 website/docs: add warning to trace log level 2022-09-29 09:27:35 +00:00
Philipp Rintz 6135990762
website/docs: Fix letsencrypt folder (#3643)
When the docs were changed to the docker-compose.override.yaml version, the change wasnt 100% completed, by still including the "..authentik" folder part in the volumes.

Addtionally, it doesnt work to only mount the /live letsencrypt folder in the worker, as it will be a symlink that the worker wont have access to (as its outside the container context).
So this reverts the change to the previous version where the complete /etc/letsencrypt folder gets mounted in /certs

Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>

Signed-off-by: Philipp Rintz <13933258+p-rintz@users.noreply.github.com>
2022-09-26 16:32:14 +02:00
Riccardo Di Maio bba21d2b85
website/docs: Fix typo (#3641)
Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>

Signed-off-by: Riccardo Di Maio <35903974+rdimaio@users.noreply.github.com>
2022-09-25 11:44:41 +02:00
Jens Langhammer f8502edd2b website: update 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-22 10:46:29 +02:00
Jens L b16a3d5697
internal: use config system for workers/threads, document the settings (#3626)
use config system for workers/threads, document the settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens Langhammer daa0417c38 website: fix broken link
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-18 17:57:19 +02:00
Jens Langhammer 067166d420 website: update 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 14:28:04 +02:00
Jens L be64296494
stages/authenticator_duo: improved import (#3601)
* prepare for duo admin integration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make duo import params required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI to import devices

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rework form, automatic import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* limit amount of concurrent tasks on worker

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* load tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix API codes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests and such

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sigh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make stage better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic stage test

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-17 12:10:47 +02:00
Jens Langhammer 3e0778fe31 website: add API diff to 2022.9 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-16 10:20:26 +02:00
Jens Langhammer 9f5c019daa core: add helper function to create events from expressions, move ak_user_has_authenticator to base evaluator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-14 21:52:41 +02:00
Jens Langhammer 34928572db website/docs: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:11:41 +02:00
Jens Langhammer c1ad1e5c8b website: prepare 2022.9 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-11 23:02:06 +02:00
Jens Langhammer 7a50d5a4f8 website: add note for using request.user in policies when bound to flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 14:08:37 +02:00
Jens Langhammer 03a3f1bd6f crypto: add command to import certificates
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3544
2022-09-06 19:39:10 +02:00
Stavros Kois d0a69557d4
website/docs: explain LISTEN envs better (#3532)
From a recent adventure discovered that this env's define `address:port` not just `port`.
If you define only `port` it will error out with `"error":"listen tcp: address 9000: missing port in address"`

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
2022-09-05 20:37:11 +02:00
itsmesid 19c36d20b5
website/docs: improve nginx examples (#3372)
* website/docs: improve nginx examples

Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com>

* website/docs: improve nginx examples

Signed-off-by: itsmesid <693151+arevindh@users.noreply.github.com>
2022-08-30 21:19:25 +02:00
Jens Langhammer 58e3ca28be website: fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 19:49:43 +02:00
Zolo c6bb41890e
website/docs: add port_in_redirect in nginx config to prevent invalid port in redirect (#3397)
* Proposal and fix for issue #3359

By adding `port_in_redirect off` in the configuration for the NginxProxyManager (NPM), will avoid a redirect to port 4443.
Credit to @adtwomey for the suggestions.

https://github.com/goauthentik/authentik/issues/3359

Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>

* Adding a comment

Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>

Signed-off-by: Zolo <39656359+zolodev@users.noreply.github.com>
2022-08-29 17:57:18 +02:00
Joeri Colman a4556b3692
website/docs: Added mention of how to force 2fa (#3497)
* Added mention of how to force 2fa

Added mention of how to force 2fa and fixed some punctuation's.

Signed-off-by: Joeri Colman <colmanjoeri@msn.com>

* Update website/docs/flow/examples/flows.md

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Joeri Colman <colmanjoeri@msn.com>

Signed-off-by: Joeri Colman <colmanjoeri@msn.com>
Co-authored-by: Jens L. <jens@beryju.org>
2022-08-29 14:14:10 +02:00
Adam Engebretson d0b52812d5
website/docs: add mention of custom JWT Claims (#3495)
Signed-off-by: Adam Engebretson <adam@enge.me>
2022-08-29 13:11:18 +02:00
Jens Langhammer b624bf1cb7 website/docs: prepare 2022.8.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:19:23 +01:00
Jens L bda218f7fc
website/docs: add note for which outpost configs apply for which outposts (#3443)
add note for which outpost configs apply for which outposts

closes #3427

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:29:53 +02:00
Jens Langhammer 71d6304407 website: update 2022.8 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:47:48 +02:00
Jens Langhammer 1c569c79f3 website: add more blueprint docs, 2022.8 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:31 +02:00
Jens L 2ce8e18bab
internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3360

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
Jens L 89c84f10d0
blueprints: v1 (#1573)
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L 882250a85e
flows: migrate flows to be yaml (#3335)
* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens L d4b8dd7fcc
ci: comment on PR with instructions on how to use branch (#3333)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 21:22:27 +02:00
Jens L b41acebf5b
providers/proxy: add caddy endpoint (#3330)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 10:58:53 +02:00
Jens Langhammer b82a142745 stages/authenticator_sms: use twilio SDK, improve docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer de26c65fa0 core: add attributes. avatar method to allow custom uploaded avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2631
2022-07-26 21:42:41 +02:00
Jens Langhammer ad07984158 website/docs: prepare 2022.7.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 21:40:56 +02:00
Jens Langhammer 0448dcf655 website/docs: prepare 2022.7.2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 19:17:15 +02:00
Jens Langhammer d497db3010 flows: fix OOB flow incorrectly setting pending user
closes #3224

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens L 49cce6a968
stages/prompt: add basic file field (#3156)
add basic file field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer 6020736430 website/docs: update 2022.7
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:39:59 +02:00
Jens Langhammer 3ab475d916 website/docs: add snippet to skip authenticated flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-02 18:41:16 +02:00
Jens L 17d33f4b19
flows: denied action (#3194) 2022-07-02 17:37:57 +02:00
Jens Langhammer a9636b5727 website/docs: fix configuration item headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-02 13:01:40 +02:00
Jens L 5e3f44dd87
flows: add shortcut to redirect current flow (#3192) 2022-07-01 23:19:41 +02:00
Jens Langhammer 1c64616ebd sources/ldap: add configuration for LDAP Source ciphers
closes #3110

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer f6042f29f6 website/docs: add notice to use in-cluster service for nginx forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 21:33:47 +02:00
Jens Langhammer a6d3fd92df web/elements: fix ak-wizard-page-form not setting valid
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 12:37:10 +02:00
sev db07f564aa website/docs: expand nginx reverse-proxy setup (#3079)
* website/docs: expand nginx reverse-proxy setup

* website/docs: simplify reverse-proxy config

Combine location blocks and remove documentstion links, they were not doing much.
2022-06-29 15:02:59 +00:00
Jens Langhammer ef218ff1ff website/docs: update 2022.7 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-27 21:12:36 +02:00
Jens Langhammer 6a4efaecb0 website/docs: start troubleshooting page for forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-21 22:26:17 +02:00
Jens Langhammer b6267fdf28 *: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer c6f29d9eb4 website/docs: add 2022.6.3 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:41:22 +02:00
Jens Langhammer 0d96e68c1e core: add limit of 20 to group recursion
closes #3116

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer 36a326cd81 website/docs: add version dropdown for subdomains
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 21:43:44 +02:00
Jens L e17f7020e6
webiste/docs: use autogenerated pages and categories (#3102)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 20:56:27 +02:00
Jens L 1c62a3db6e
core: user paths (#3085)
* init

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add user_path_template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to sources and flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add outposts & api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dark theme for treeview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add search

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs and tests for validation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to user write stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L 8dbb0bd2c6
providers/oauth2: token revoke (#3077) 2022-06-11 18:49:16 +02:00
Jens Langhammer 3b182ca223 website/docs: add 2022.6.2 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:37:34 +02:00
Jens Langhammer 4c39e08dd4 website/docs: fix incorrect oauth end-session URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 12:48:06 +02:00
Jens L 0c591a50e3
*: don't dispatch tasks on startup of server (#3033)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L 7ee655a318
core: add bootstrap variables with authentik prefix for helm charts (#3031)
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens L 8447e9b9c2
providers/proxy: envoy v2 (#3029)
* add path prefix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use prefix correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only set redirect if session doesn't have a redirect yet

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 10:32:52 +02:00
Jens L f9a419107a
outposts/proxyv2: add basic envoy support (#3026)
* outposts/proxyv2: add basic envoy support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't crash when backend is not available

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add envoy tests and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 00:06:09 +02:00
Jens L 8f0572d11e
outposts/ldap: add correct group objectClass (#3023)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2861
2022-06-02 18:48:07 +02:00
Andre Mainka fa81adf254
website/docs: Add warning for timezone mounts (#3022)
Improve documentation: #3005
2022-06-02 14:02:01 +02:00
Jens L c0cb891078
stages/authenticator_sms: verify-only (#3011) 2022-06-01 23:16:28 +02:00
Jens Langhammer 34bcc2df1a root: disable session_save_every_request as it overwrites the session with old data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer 59e13e8026 website/docs: update docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:26:29 +02:00
Jens Langhammer acf1ded1d4 website/docs: prepare 2022.5.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:07 +02:00
TheMythologist 4d17111233
website/docs: Fix misconfiguration causing POST requests behing Nginx to timeout (#2967)
* Update _nginx_proxy_manager.md

* Update _nginx_standalone.md
2022-05-26 11:52:57 +02:00
Jens Langhammer ada53362d5 website/docs: fix formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:38:02 +02:00
Jens Langhammer a6398f46da website/docs: prepare 2022.5.3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:34:51 +02:00
Jens L b4e75218f5
sources/oauth: OIDC well-known and JWKS (#2936)
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Johannes Klein 2ca991ba3d
website/docs: fix grammar (#2943) 2022-05-24 13:56:19 +02:00
Jens Langhammer 6460245d5e website/docs: add missing docs for #2828
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:42:00 +02:00
Jens Langhammer c99e6d8f2c website: fix typo in title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 19:10:16 +02:00
Jens Langhammer 0642af0b78 website/docs: add 2022.5.2 changelog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 17:16:43 +02:00
Jens Langhammer 6f56a61a64 website/docs: add docs for advanced SSH config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2916
2022-05-21 13:06:54 +02:00
Jens Langhammer 90298a2b6c website/docs: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 00:15:40 +02:00
Jens Langhammer 84e74bc21e website/docs: final 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 19:34:43 +02:00
Jens L 7bdecd2ee6
stages/user_write: dynamic groups (#2901)
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
2022-05-18 21:22:27 +02:00
Jens L 75b0fb3393
sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
Jens Langhammer 35402ada17 website/docs: fix missing new name attribute for invitations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-16 20:40:24 +02:00
Jens L 333e58ce2f
flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
Jens Langhammer 296779ddf1 providers/ldap: remove technical preview disclaimer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-15 17:33:03 +02:00
Jens Langhammer 2e174a1be5 website/docs: update 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:48:28 +02:00
Jens L fd1d38f844
stages/authenticator_validate: remember (#2828)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
Jens L f9469e3f99
website: format docs with prettier (#2833)
* run prettier

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add scim to comparison

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-09 21:22:41 +02:00
Jens Langhammer 4b0324220a website/docs: prepare 2022.5 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 17:32:21 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824)
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer 75320bf579 website/docs: add missing breaking change in prompt stages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 21:19:51 +02:00
Jens Langhammer 778065f468 core: add flag to globally disable impersonation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
Chris Britt 6e5ac4bffc
website/docs: add missing redis port to configuration page (#2731)
Added the `AUTHENTIK_REDIS__PORT` to the documentation.
2022-04-17 16:40:00 +02:00
Jens Langhammer 957bb1c5ef core: make generated token length configurable
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
Jens Langhammer 677d46d7fd website/docs: prepare 2022.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:54:16 +02:00
Jens Langhammer 21f92b4a65 website/docs: add docs for customisation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 00:06:28 +02:00
Jens L 633296503d
core: add grouping to applications (#2648)
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00
Jens L 508cec2fd5
web: migrate dropdowns to wizards (#2633)
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 19:48:17 +02:00
Jens Langhammer 4be238018b providers/oauth2: pass scope and other parameters to access policy request context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
2022-04-01 21:39:05 +02:00
Jens Langhammer 8689444954 providers/oauth2: add password grant support (treated as client_credentials)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 18:02:17 +02:00
Jens L bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
Jens Langhammer ac03f5a97d website/docs: prepare 2022.4
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:43:36 +02:00