80f4fccd35
providers/oauth2: OpenID conformance ( #4758 )
...
* don't open inspector by default when debug is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* encode error in fragment when using hybrid grant_type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* require nonce for all response_types that get an id_token from the authorization endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't set empty family_name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only set at_hash when response has token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleaner way to get login time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove authentication requirement from authentication flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use wrapper
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix auth_time not being handled correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test files
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove USER_LOGIN_AUTHENTICATED
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework prompt=login handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also set last login uid for max_age check to prevent double login when max_age and prompt=login is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-23 15:26:41 +01:00
122055b38b
stages/user_login: terminate others ( #4754 )
...
* rework session list
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use sender filtering for signals when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add terminate_other_sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:09:28 +01:00
c4e24c04f6
core: Improve service account creation ( #4751 )
...
* Added ability to select service account token expiration on creation
* Added call to user.set_unusable_password on service account creation
* Added forgotten call to save()
* Added and improved existsing tests
* Added accidentally deleted help text
* Fix lint
2023-02-22 13:19:01 +01:00
1f7178c3a8
providers/oauth2: remove unused import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 11:11:20 +01:00
cfa2edebcf
providers/oauth2: revert PKCE requirement for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 23:51:27 +01:00
175502b053
core: Fix bug causing whitespace only names to raise exception when generating avatars ( #4746 )
...
Fix bug causing whitespace only names to raise exception when generating avatars
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2023-02-21 16:19:19 +01:00
9e82de33e6
lib: remove unused imports
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-21 11:00:54 +01:00
d2cfb76a7c
root: don't trace websockets to sentry
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 21:32:35 +01:00
327d87355d
lib: improve caching of gravatar status
...
closes #4711
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 12:41:09 +01:00
b415e9b773
core: remove avatar from group user member list
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4711
2023-02-20 12:40:42 +01:00
1ac2e924a2
core: fix error when creating token without request in context
...
closes #4716
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:31:20 +01:00
0874574e5c
*: add additional prometheus metrics, remove unusable high entropy metrics
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 17:08:40 +01:00
069e9c015b
events: fix m2m_change events not being logged
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-19 16:28:30 +01:00
c6ead3dc49
providers/oauth2: make PKCE required for public clients
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:39 +01:00
f749027143
root: don't log django request warnings
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 18:08:18 +01:00
153bd3aaf1
sources/oauth: fix not all token errors being logged with response
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-17 13:22:41 +01:00
1a57d453ba
providers/oauth2: fix missing information for Revoked token access events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-16 14:47:07 +01:00
d842fc4958
release: 2023.2.2
2023-02-15 19:53:42 +01:00
bff34cc5dc
root: use channel send workaround for sync sending of websocket messages
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:08:01 +01:00
7f009f6d02
flows: include flow authentication requirement in diagram
...
closes #4533
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 16:04:45 +01:00
c8c401e2c5
lib: don't try to cache generated avatar with full user, only cache with name
...
closes #4690
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-15 10:49:13 +01:00
80de3ee853
release: 2023.2.1
2023-02-14 18:52:36 +01:00
deb91bd12b
sources/ldap: add LDAP Debug endpoint
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-14 16:06:54 +01:00
81d70e5d41
release: 2023.2.0
2023-02-14 13:15:47 +01:00
ec42b597ab
providers/proxy: send token request internally, with overwritten host header ( #4675 )
...
* send token request internally, with overwritten host header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 16:34:47 +01:00
925477b3a2
policies: raise sentry-ignored error for invalid PolicyEngine parameters
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:23:07 +01:00
cefc1a57ee
core: handle error when cleaning up sessions and cached session can't be loaded
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:22:34 +01:00
53b25d61f7
events: use colon as separator for task name and task UID
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 12:06:29 +01:00
1240ed6c6d
providers/oauth2: fix inconsistency in event client_credentials created events
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 11:17:03 +01:00
4f868c2ef2
events: dont log oauth temporary model creation
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-12 16:55:45 +01:00
b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials ( #4663 )
2023-02-12 16:35:17 +01:00
c5870fcab2
core: fix missing uniqueness validator on user api
...
closes #4665
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:51 +01:00
8850446bc2
admin: fix schema generation warning
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-11 21:08:48 +01:00
10b9878f03
providers/saml: fix mismatched SAML SLO Urls ( #4655 )
...
* Fix SLO URL
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Fixed SAML SLO URLs
* Revert "Fix SLO URL"
This reverts commit 664051934b
2023-02-10 20:30:38 +01:00
8de92943ab
providers/saml: fix invalid SAML provider metadata, add schema tests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-10 12:32:18 +01:00
af43330fd6
providers/oauth2: rework OAuth2 Provider ( #4652 )
...
* always treat flow as openid flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve issuer URL generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update introspection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more refinement
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more things, update api
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* regen migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start updating tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix implicit flow, auto set exp
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix timeozone not used correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more timezone shenanigans
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix userinfo tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix proxy outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing at_hash for implicit flows
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-include at_hash in implicit auth flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use folder context for outpost build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-09 20:19:48 +01:00
1be792fbd8
policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria
...
closes #4643
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-08 23:29:59 +01:00
ec9085ff06
providers/oauth2: don't use policy cache for token requests
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-07 23:53:50 +01:00
00a16bee76
web/elements: add dropdown css to DOM directly instead of including
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 23:32:54 +01:00
66aabcc371
providers/oauth2: fix token login event args not set correctly
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-05 00:45:54 +01:00
388367785d
*/saml: disable pretty_print, add signature tests
...
closes #4536
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-03 15:42:09 +01:00
798245b8db
providers/oauth2: optimise client credentials JWT database lookup ( #4606 )
2023-02-02 19:15:19 +01:00
f98b5b651b
admin: remove import
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 14:19:25 +01:00
2113029a14
admin: allow post to system info api endpoint for debugging
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:09:03 +01:00
c590cb86cf
core: bump pylint from 2.15.10 to 2.16.0 ( #4600 )
...
* core: bump pylint from 2.15.10 to 2.16.0
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-02 11:05:46 +01:00
dbf2bd5aba
blueprints: handle error when blueprint entry identifier field does not exist
...
closes #4588
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:45:36 +01:00
f2386f126e
core: fix inconsistent branding in end_session view
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4586
2023-02-01 19:40:59 +01:00
ffc97905f3
events: prevent error when request fails without response
...
closes #4589
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 19:40:02 +01:00
18cfe67719
core: bump black from 22.12.0 to 23.1.0 ( #4584 )
...
* core: bump black from 22.12.0 to 23.1.0
Bumps [black](https://github.com/psf/black ) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases )
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md )
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0 )
---
updated-dependencies:
- dependency-name: black
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* re-format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 11:31:32 +01:00
e5ba5d51fe
events: improve sanitising for tuples and sets
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-31 19:19:22 +01:00
Jens L
sdimovv
Jens Langhammer
dependabot[bot]