Commit graph

1798 commits

Author SHA1 Message Date
Jens Langhammer 58cd6007b2 Merge branch 'version-2022.11' 2022-12-02 18:12:38 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
Bastien Rivière 93fee5f0e5
web: fix authentification with Plex on iOS (#4095)
* web: fix authentification with Plex on iOS

Fixes issue #3822

* fixup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add fallback button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 13:32:00 +01:00
Jens Langhammer 2a4daa5360 release: 2022.11.2 2022-12-01 10:41:29 +02:00
Jens Langhammer e1a6dede54 *: backport CVE-2022-46145 fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
Jens Langhammer 3b8cb9e525 web/flows: fix display for long redirect URLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 10:30:27 +01:00
Jens Langhammer 1c2cdfe06a web/flows: improve error messages for failed duo push
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 13:42:13 +01:00
Jens Langhammer 474677017f web/admin: fix empty request being sent due to multiple forms in duo import modal
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 12:08:06 +01:00
Jens Langhammer 0813a49ca5 web/admin: clarify phrasing that user ID is required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-24 11:37:54 +01:00
Jens Langhammer 3a13d19695 release: 2022.11.1 2022-11-22 21:42:10 +01:00
Jens Langhammer 94833dd1e7 web/admin: reset cookie_domain when setting non-domain forward auth
closes #4063

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 20:46:20 +01:00
Jens Langhammer 5b8223808e Merge branch 'version-2022.11' 2022-11-21 22:14:33 +01:00
Jens Langhammer 14f341f504 web/admin: fix error when importing duo devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 21:36:10 +01:00
Jens Langhammer c30aa90888 web: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 20:54:02 +01:00
Jens Langhammer 20c1770ec4 release: 2022.11.0 2022-11-21 20:12:02 +01:00
Jens Langhammer a2e512c36c stages/authenticator_validate: add flag to configure user_verification for webauthn devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 17:52:37 +01:00
Jens Langhammer 71d144a67e web/flows: always hide static user info when its not set in the flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:19:06 +01:00
Jens Langhammer d785edbbe3 web/flows: only show user info when applicable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 16:13:21 +01:00
Jens L 9f5fb692ba
sources: add custom icon support (#4022)
* add source icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to oauth form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to other browser sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add migration, return icon in UI challenges

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* deduplicate file upload

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-16 14:10:10 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens Langhammer a9111bd3fd web/flows: update flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:07 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002)
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
Jens Langhammer 88153cd490 web/admin: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-31 20:30:11 +01:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
Jens Langhammer 3da7fcfc1d web/common: disable API Drawer by default in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 22:08:47 +02:00
Jens Langhammer 89dc46a7ff release: 2022.10.0 2022-10-21 19:42:38 +02:00
Jens Langhammer f1b143606e web/admin: fix scrolling in remaning modals
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 10:20:32 +02:00
Jens Langhammer 0b6dd49f36 web/admin: show oauth2 docs on oauth2 provider view page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:11:15 +02:00
Jens L b06a3a8f9f
admin: add authorisations metric (#3811)
add authorizations metric

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
Jens Langhammer a8bca5edd0 web: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:29:28 +02:00
Jens L 0efee2a660
flows: improved import (#3807)
* return logs when importing flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve error handling, show logs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
Jens Langhammer 96a30af0eb sources/oauth: allow overriding of all scopes
closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
Jens Langhammer d6a14019c6 web/admin: rework scrolling in modals, ensure overlay covers everything
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 16:02:51 +02:00
Jens Langhammer b515126061 web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:53 +02:00
Jens L 363872715d
sources/saml: revamp SAML Source (#3785)
* update saml source to use user connections, add all attributes to flow context

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* check for SAML Status in response, add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* package apple icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add webui for connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 17:04:47 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:44:59 +02:00
Jens Langhammer 884f5249d1 web/flows: update flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 15:42:45 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780)
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-14 11:53:01 +02:00
Jens Langhammer 83d303ba9a web/flows: improve display for action-showing stages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-13 17:02:01 +02:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334)
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-11 12:42:10 +02:00
Jens Langhammer 239092b872 core: fix messages not being shown when no client is connected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 13:27:41 +03:00
Jens Langhammer 52e0566695 web: fix blank api drawer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-10 12:52:14 +03:00
Jens L 44e4f2e561
crypto: make certificate parsing optional for crypto api (#3711) 2022-10-01 00:06:00 +02:00
Jens Langhammer c0270cc3b3 web: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:13:27 +02:00
Jens Langhammer 0c48b40848 web/admin: allow web-based sources to have empty enrollment/authentication flow
closes #3683

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-28 18:45:50 +02:00
transifex-integration[bot] d6e38d330d
Translate '/web/src/locales/en.po' in 'de' [manual sync] (#3663)
Translate /web/src/locales/en.po in de

at least 80% translated for the source file '/web/src/locales/en.po'
on the 'de' language.

 Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-09-26 20:09:57 +02:00
transifex-integration[bot] 8b8eae4b49
Translate '/web/src/locales/en.po' in 'es' [manual sync] (#3664)
Translate /web/src/locales/en.po in es

at least 80% translated for the source file '/web/src/locales/en.po'
on the 'es' language.

 Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-09-26 20:09:45 +02:00
transifex-integration[bot] d7372858ed
Translate '/web/src/locales/en.po' in 'fr_FR' [manual sync] (#3670)
Translate /web/src/locales/en.po in fr_FR

at least 80% translated for the source file '/web/src/locales/en.po'
on the 'fr_FR' language.

 Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-09-26 20:09:37 +02:00
transifex-integration[bot] d1493e1d51
Translate '/web/src/locales/en.po' in 'fr' [manual sync] (#3665)
Translate /web/src/locales/en.po in fr

at least 80% translated for the source file '/web/src/locales/en.po'
on the 'fr' language.

 Manual sync of partially translated files: untranslated content is included with an empty translation or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2022-09-26 20:09:10 +02:00