Commit Graph

1106 Commits

Author SHA1 Message Date
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:12:58 +01:00
Jens Langhammer 6a3a3e5f8d
website: fix duplicate platforms in sidebar
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:23:41 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 11:18:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263)
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:49:25 +01:00
Jens Langhammer ca6cd8a4d3
website/developer-docs: update release procedure to include CVEs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 18:07:59 +01:00
Jens Langhammer 28eb7c03fa
website/developer-docs: add templates for announcing fixed security release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 16:13:21 +01:00
Jens Langhammer d280577830 website: migrate to hosted plausible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 14:47:49 +01:00
Jens Langhammer 36da29aaa2 website/developer-docs: add release procedure
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-22 12:01:34 +01:00
Jens Langhammer 423776c7a2 website/docs: prepare 2022.12 release
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 21:58:57 +01:00
sdimovv 7f662ac2f3
blueprints: Added conditional entry application (#4167)
* blueprints: Added !AsBool tag

* Renamed AsBool tag to Condition

* Added conditions attributed to BlueprintEntry

* Added docs for the conditions attribute of a blueprint entry

* Website linting fix

* add new tag to vscode settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 17:04:00 +00:00
Jens L 609f95ac97
providers: add preview for mappings (#4254)
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-21 12:13:11 +01:00
Jens L f4990bb5da
core: bundle geoip (#4250)
* bundle geoip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly pass secrets

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add geoip docs and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-20 22:09:30 +01:00
Skyler Mäntysaari 81fdd097c6
website/integrations: add note for nextcloud index.php (#4210)
* feat(docs/nextcloud): Updated docs

It was missing the proper syntax for urls with index.php in between.

* feat(docs/nextcloud): Address PR suggestion

* fix formatting, use identical casing for nextcloud

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-20 11:12:15 +01:00
Jens Langhammer 9d5b9204fc web/admin: rework markdown, correctly render Admonitions, fix links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-19 12:48:02 +01:00
jonah 4182bfd8b5
website/integrations: fix typo (#4228)
Signed-off-by: jonah <73760377+jonerrr@users.noreply.github.com>

Signed-off-by: jonah <73760377+jonerrr@users.noreply.github.com>
2022-12-19 10:15:19 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-15 10:59:14 +01:00
Jens Langhammer 1dfc0b2e93 website/docs: update flow context variables
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 14:37:37 +00:00
Nate Brady 291573fbc5
website/integrations: Add docs for Skyhigh (#3890)
* Add Skyhigh Security documentation

* Add Skyhigh to infrastructure application menu

* Add Skyhigh to infrastructure application menu

* fix linting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 12:21:13 +01:00
Jens Langhammer 0995658ca6 website/docs: add note for possibly blocked SMTP ports
closes #4192

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 11:13:52 +00:00
NWHirschfeld 53f3764879
website/integrations: update/extend Gitea integration (#3946)
* website/docs: update/extend gitea integration

* website/docs: update/extend gitea integration / run prettier

* website/integrations: update/extend Gitea integration / switched to database based filtering

Co-authored-by: NWHirschfeld <git@nwhirschfeld.de>
2022-12-13 12:02:49 +01:00
IrwenXYZ bdd8b59ab9
website/integrations: Update Wiki.JS documentation (#4146)
* Update Wiki.JS documentation

updated based on UI changes in latest Authentik version

under providers, removed settings that are now the default. default Subject Mode also works instead of changing to based on username.

under self registration note, updated to reflect that emails must match instead of usernames, tested with latest wikijs and authentik

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-13 11:56:48 +01:00
flaktrooper 4bf6cfc4d8 website/integrations: fix instruction links on source pages (#4196)
* website/integrations: fix links for adding source to login page instructions

* website/integrations: add missing login page instruction link to plex

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 15:54:21 +00:00
Nils K 5ae593bc00
website/docs: Fix typo in ldap source documentation (#4197)
Signed-off-by: Nils K <24257556+septatrix@users.noreply.github.com>

Signed-off-by: Nils K <24257556+septatrix@users.noreply.github.com>
2022-12-12 11:33:32 +01:00
dependabot[bot] 44fe477c3c
website: bump postcss from 8.4.19 to 8.4.20 in /website (#4198)
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.19 to 8.4.20.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.19...8.4.20)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-12 11:15:20 +01:00
dependabot[bot] 253b676f7d
website: bump prettier from 2.8.0 to 2.8.1 in /website (#4172)
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:06:07 +01:00
dependabot[bot] 3fe627528e
website: bump react-before-after-slider-component from 1.1.5 to 1.1.6 in /website (#4160)
website: bump react-before-after-slider-component in /website

Bumps [react-before-after-slider-component](https://github.com/smeleshkin/react-before-after-slider-component) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/smeleshkin/react-before-after-slider-component/releases)
- [Commits](https://github.com/smeleshkin/react-before-after-slider-component/compare/v.1.1.5...v.1.1.6)

---
updated-dependencies:
- dependency-name: react-before-after-slider-component
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:39:33 +01:00
Jens Langhammer 49bd028363 website/docs: update release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-03 13:10:16 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
Avsynthe 860c85d012
website/integrations: Update Bookstack SAML settings Documentation (#4137)
Update Bookstack SAML settings

Enabled AUTH_AUTO_INITIATE=true to reduce amount of clicks needed to proceed to Bookstack and give a propper SSO experience. If user is not logged in elsewhere already, authentik's login page will still be displayed.

Edited SAML2_DISPLAY_NAME_ATTRIBUTES so it actually works. The previous "Name" entry is non-functional and does not parse. When this is the case, or the field is empty, usernames in Bookstack default to user's email address. Entries here need to be in line with Active Directory Federation Services' Role of Claims found here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/the-role-of-claims. Additionally, this will use the user's authentik username rather than real/full name.

Enabled Group Sync by default for easier administration for sysadmins. SAML2_GROUP_ATTRIBUTE also needed to be in line with Active Directory Federation Services' Role of Claims

Signed-off-by: Avsynthe <102600593+Avsynthe@users.noreply.github.com>

Signed-off-by: Avsynthe <102600593+Avsynthe@users.noreply.github.com>
2022-12-02 11:46:44 +01:00
sdimovv 1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127)
* Added support for nested tags to !Find and !Format

* Added tests

* Fix variable names

* Added docs

* Fixed small mistake in tests

* Fixed variable names

* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
Alex Wigen 4e04461820
website/docs: Change Kubernetes ingress apiVersion out of beta (#4099)
* Change Kubernetes ingress apiVersion out of beta

* fix lint

Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 16:42:59 +01:00
Jens Langhammer 147ebf1a5e root: rework and expand security policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-28 12:10:53 +01:00
John Arrandale 501d63b3aa
website/docs: add notice for unique Base DN (#4073)
* providers/ldap: updates documentation related to issue #4038

Signed-off-by: John Arrandale <bootsie227@gmail.com>

* providers/ldap: adheres to the CI prettier-check

Signed-off-by: John Arrandale <bootsie227@gmail.com>
2022-11-24 20:52:13 +01:00
dependabot[bot] ce9c6a9689
website: bump prettier from 2.7.1 to 2.8.0 in /website (#4074)
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.1...2.8.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-24 12:11:11 +01:00
Jens Langhammer ab0f8d027d website/docs: add 2022.11.1 release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 21:17:05 +01:00
Jens L ab3d47c437
blueprints: add desired state attribute to objects (#4061)
* add state attribute to delete objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests, move yaml from block to files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add state to docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-22 14:27:20 +01:00
GrahamSH ddee1c9a8c
website: Fix installations link in footer (#4053)
/index 404s this fixes it

Signed-off-by: GrahamSH <grahamshllk@gmail.com>

Signed-off-by: GrahamSH <grahamshllk@gmail.com>
2022-11-22 10:06:56 +01:00
Jens Langhammer 1efc0c1242 website/docs: update changelog
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 19:37:28 +01:00
Jens Langhammer e80df03819 website: fix greenhouse page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-21 13:37:52 +01:00
Jens Langhammer ab021b4b7e website: move API browser into developer docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-17 11:37:09 +01:00
Jens Langhammer 11383d76a2 website: use icons in header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-17 11:21:35 +01:00
Jens Langhammer 53baa806d9 website: add greenhouse
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-17 11:21:35 +01:00
dependabot[bot] 0173e4b882
website: bump loader-utils from 2.0.3 to 2.0.4 in /website (#4023)
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-16 10:00:28 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016)
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 16:05:29 +01:00
Jens L 55aa1897af
root: use single redis db (#4009)
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001)
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002)
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-14 14:24:11 +01:00
sdimovv d2bbcc0e1e
website/docs: Fix small error in Invitation stage docs (#3997)
The `.get` is there to ensure the policy won't throw an error if the key is not there (which can happen if the policy is executed before an Invitation stage).

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-11-14 09:54:25 +01:00
dependabot[bot] 4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864)
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye

Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump project

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump deps

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump ci to 3.11

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-13 14:20:55 +01:00