Alexandre NICOLAIE
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
Jens L
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-17 17:57:08 +02:00
Jens L
ae7ea4dd11
outposts/ldap: add more tests ( #6188 )
...
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-08 20:51:05 +02:00
Daniel
ad81ee2740
providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )
...
* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-29 16:57:46 +02:00
Jens L
01311929d1
providers/ldap: improve password totp detection ( #6006 )
...
* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-20 12:09:13 +02:00
Jens L
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 15:16:40 +02:00
Jens L
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
Marc 'risson' Schmitt
5d87eb97be
outposts/ldap: fix race condition when refreshing the provider
...
Fixes the race condition causing the crash found in #4138 , which doesn't
actually have anything to do with the issue itself.
As far as I can work out, when the outpost refreshes its list of
providers, it copies over its `boundUsers`, probably to avoid having to
fetch them all again, and does so by making a shallow copy of that
`map`, but not the mutex associated with it. It now has multiple
references to the same map, each protected by a different mutex, which
under certain conditions can cause a `concurrent map read and map write`
error.
This fix copies the map contents instead of make a shallow copy.
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-06-02 15:42:19 +02:00
dependabot[bot]
4d58eba027
core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #5548 )
...
* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-09 11:22:57 +02:00
authentik-db-cooper
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:57:52 +03:00
Jens L
b7b62ba089
providers/ldap: correctly use pagination in search results in both modes ( #5492 )
...
closes #4292
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:51:02 +03:00
Jens L
bb92c4a967
providers/ldap: remove deprecated fields ( #5154 )
...
* providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 14:10:24 +03:00
Jens L
345fa1bed6
providers/ldap: fix duplicate attributes ( #4972 )
...
closes #4971
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 12:14:17 +01:00
Jens L
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 13:27:46 +01:00
roche-quentin
cd99b6e48f
providers/ldap: making ldap compatible with synology ( #4694 )
...
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
sdimovv
51c6a14786
providers/ldap: Improve compatibility with LDAP clients ( #4750 )
...
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:18:22 +01:00
Jens Langhammer
146d54813c
providers/ldap: fix error not being checked correctly when fetching users
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 18:10:06 +01:00
Jens L
a9b32e2f97
providers/ldap: add unbind flow execution ( #4484 )
...
add unbind flow execution
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-23 20:36:30 +01:00
Jens Langhammer
8deac81364
outposts/ldap: fix queries filtering objectClass with non-lowercase values
...
closes #2756
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-20 11:42:23 +01:00
Jens Langhammer
bd0ef69ece
outposts/ldap: decrease verbosity
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 11:12:31 +01:00
Jens Langhammer
39424839c5
outposts/ldap: only use common cert if cert is configured, correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 22:50:50 +01:00
Jens Langhammer
2d03bd5c89
outposts/ldap: only use common cert if cert is configured
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 21:29:36 +01:00
Jens Langhammer
ff13b4bb46
outposts/ldap: use configured certificate for LDAPS when all providers' certificates are identical
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 19:15:29 +01:00
Jens Langhammer
107f2745c8
providers/ldap: improve mapping of LDAP filters to authentik queries
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-12 18:30:52 +00:00
Jens Langhammer
b864de7721
outposts/ldap: increase compatibility with different types in user and group attributes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 22:32:18 +02:00
Jens Langhammer
50819ae0f0
*: improve error handling in ldap outpost, ignore additional errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-23 22:11:47 +02:00
Jens Langhammer
14a7c9f967
internal: fix outposts not logging flow execution errors correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:03:57 +02:00
Jens L
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
Jens Langhammer
eb633c607e
internal: fix nil pointer reference
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:02:53 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
8d3275817b
providers/ldap: fix existing binder not being carried forward correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:51:01 +02:00
Jens Langhammer
bb244b8338
providers/ldap: fix session cache being lost on provider refresh
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 18:03:00 +02:00
Jens L
8f0572d11e
outposts/ldap: add correct group objectClass ( #3023 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2861
2022-06-02 18:48:07 +02:00
Jens L
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens Langhammer
a03dde8a90
outposts/ldap: fix type assertion after upgrading to new API Client
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 16:36:15 +02:00
Jens L
a286f999e2
api: migrate to openapi generator v6 ( #2968 )
...
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 15:15:30 +02:00
Jens Langhammer
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:48:50 +02:00
Jens Langhammer
25a4310bb1
internal: use Expires not MaxAge for LDAP session
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-11 10:04:32 +02:00
dependabot[bot]
4d755dc0f6
build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5 ( #2843 )
...
* build(deps): bump goauthentik.io/api/v3 from 3.2022041.4 to 3.2022041.5
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2022041.4 to 3.2022041.5.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022041.4...v3.2022041.5 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 20:33:19 +02:00
Jens L
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer
9b6e47e6b8
outposts/ldap: fix panic in type conversion when value is nil
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 15:52:58 +02:00
Jens Langhammer
51194cbf42
outposts/ldap: use backend group num_pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
Jens Langhammer
b45a442447
outposts/ldap: fix contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-19 18:28:27 +01:00
Simon Siebert
75a720ead1
outposts/ldap: prevent operations error from nil dereference ( #2447 )
...
closes #2526
2022-03-19 18:26:26 +01:00
Jens Langhammer
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
Jens Langhammer
fb33906637
internal/ldap: fix panic when parsing lists with mixed types
...
closes #2355
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-22 19:56:55 +01:00
Jens L
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Ilya Kogan
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
Jens Langhammer
819af78e2b
internal: make internal go version match python version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:45:37 +01:00