authentik

Archived

Author	SHA1	Message	Date
Stanislav Dimov	8178b6e97d	lint	2024-01-16 02:01:23 +00:00
Stanislav Dimov	9faa899846	add back	2024-01-16 01:57:24 +00:00
sdimovv	43c06a34b0	Merge branch 'main' into fix-oauth2-provider-urls Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2024-01-16 01:43:05 +00:00
Stanislav Dimov	5eb25240c3	fix tests	2024-01-16 01:39:08 +00:00
Stanislav Dimov	51b229387b	change urls	2024-01-16 01:38:02 +00:00
Jens L	6649f7ab72	providers/oauth2: fix CVE-2024-21637 (#8104 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-01-09 18:14:12 +01:00
Jens L	c77ea41af0	providers/oauth2: fix missing nonce in token endpoint not being saved (#8073 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-01-05 19:03:15 +01:00
Jens L	78396717fe	providers/oauth2: fix missing nonce in id_token (#8072 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-01-05 17:27:53 +01:00
Jens L	509b502d3c	providers/oauth2: offline access (#8026 ) * improve scope check (log when application requests non-configured scopes) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add offline_access special scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure scope is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update tests for refresh tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * special handling of scopes for github compat Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix spec Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to fix oidc tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove hardcoded slug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check scope from authorization code instead of request Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix injection for consent stage checking incorrectly Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2024-01-04 19:57:11 +01:00
Jens L	9a261c52d1	providers/oauth2: remember session_id from initial token (#7976 ) * providers/oauth2: remember session_id original token was created with for future access/refresh tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: use hashed session as `sid` Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-23 00:53:05 +01:00
Jens L	2521073dba	providers/scim: use lock for sync (#7948 ) * providers/scim: use lock for sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-21 14:43:40 +01:00
Jens L	0bf84b77d8	providers/scim: set timeout based on page and page count (#7941 ) providers/scim: set better timeouts Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-12-20 00:40:26 +01:00
Jens L	ba174d810b	providers/scim: change familyName default (#7904 ) * Update providers-scim.yaml Signed-off-by: Antoine <antoine+github@jiveoff.fr> * fix: add formatted to match the givenName & familyName Signed-off-by: Antoine <antoine+github@jiveoff.fr> * fix, update tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Antoine <antoine+github@jiveoff.fr> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Antoine <antoine+github@jiveoff.fr>	2023-12-18 16:52:34 +01:00
Jens L	b88e39411c	security: fix CVE-2023-48228 (#7666 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-21 18:10:07 +01:00
Jens L	51d3511f8b	providers/scim: fix missing schemas attribute for User and Group (#7477 ) * providers/scim: fix missing schemas attribute for User and Group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make things actually work Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-16 11:36:49 +01:00
Stanislav Dimov	db1a71bf79	Fix urls	2023-11-03 22:38:14 +00:00
Jens L	3d9f7ee27e	providers/oauth2: set auth_via for token and other endpoints (#7417 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-11-03 00:11:30 +01:00
Jens L	8aafa06259	providers/radius: TOTP MFA support (#7217 ) * move CheckPasswordMFA to flow executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mfa support field to radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-18 19:43:36 +02:00
Jens L	25d4905d6c	outposts: use channel groups instead of saving channel names (#7183 ) * outposts: use channel groups instead of saving channel names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use pubsub Signed-off-by: Jens Langhammer <jens@goauthentik.io> * support storing other args with state Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-16 17:01:44 +02:00
Jens L	4db365c947	providers/proxy: improve SLO by backchannel logging out sessions (#7099 ) * outposts: add support for provider-specific websocket messages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/proxy: add custom signal on logout to logout in provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 01:06:52 +02:00
Jens L	6f3fc22c9b	providers/saml: add default RelayState value for IDP-initiated requests (#7100 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 00:08:16 +02:00
Jens L	4c823b7428	providers/saml: set WantAuthnRequestsSigned in metadata (#6851 )	2023-09-12 09:10:06 +02:00
Jens L	74ee97b472	providers/scim: check that a provider exists before starting scim task (#6841 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:04 +02:00
Jens L	a39fef11b8	providers/saml: fix SAML metadata import API requiring flow slug inst… (#6729 ) * providers/saml: fix SAML metadata import API requiring flow slug instead of pk Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace format_exc_info with dict_tracebacks, and only for json logger Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-01 12:59:25 +02:00
Jens L	3afff1bae9	providers/oauth2: fix incorrect scope permissions shown (#6696 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 17:27:40 +02:00
Jens L	ccfd45774e	: fix api errors raised in general validate() to specify a field (#6663 ) : fix api errors raised in general validate() to specify a field Signed-off-by: Jens Langhammer <jens@goauthentik.io> remove required flag for tls server name for ldap provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to make timing test less flaky Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 14:41:48 +02:00
Jens L	85bc35eb41	providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 00:51:48 +02:00
dependabot[bot]	bc6706016b	core: bump pydantic from 1.10.12 to 2.3.0 (#6613 ) * core: bump pydantic from 1.10.12 to 2.3.0 Bumps [pydantic](https://github.com/pydantic/pydantic) from 1.10.12 to 2.3.0. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0) --- updated-dependencies: - dependency-name: pydantic dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix webauthn stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix scim Signed-off-by: Jens Langhammer <jens@goauthentik.io> * "fix" lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-08-24 12:25:17 +02:00
Jean-Michel DILLY	e191cd6e7f	provider/oauth2: fix aud (Audience) field type which can be a list of… (#6447 ) provider/oauth2: fix aud (Audience) field type which can be a list of strings	2023-08-01 23:16:26 +02:00
Yip Rui Fung	346c6e6a85	outposts: Fix infinite self-recursion in traefik reconciler. (#6336 ) Fix infinite self-recursion in traefik reconciler.	2023-07-24 10:25:29 +00:00
ChandonPierre	d435a65cfd	outposts: support json patch for Kubernetes (#6319 )	2023-07-22 02:29:28 +02:00
Jens L	a728dad166	providers/oauth2: fix grant_type password raising an exception (#6333 )	2023-07-22 01:36:55 +02:00
Jens L	2f469d2709	root: partial Live-updating config (#5959 ) * stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-19 23:13:22 +02:00
Jens L	41af486006	enterprise: initial enterprise (#5721 ) * initial Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add external users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui, add more logic, add public JWT validation key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert to not use install_id as session jwt signing key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch to PKI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more licensing stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add install ID to form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use x5c correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * license checks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use production CA Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale, improve ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add direct button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove old attributes from ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove is_enterprise_licensed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin interface styling issue Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/core/models.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * fix default case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-07-17 17:57:08 +02:00
Jens L	01311929d1	providers/ldap: improve password totp detection (#6006 ) * providers/ldap: improve password totp detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add flag for totp mfa support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep support for static tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-20 12:09:13 +02:00
Jens L	f6181ceb70	providers/oauth2: correctly advertise code_challenge_methods_supported (#6007 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-19 21:26:33 +02:00
Jens L	a5db60129d	*: use dataclass slots wherever applicable (#6005 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-19 18:31:07 +02:00
Jens L	51f4d4646c	providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933 ) * providers/ldap: fix Outpost provider listing excluding backchannel providers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-12 11:28:00 +02:00
risson	0041cf88f4	providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918 ) * providers/oauth2: launch url: if URL parsing fails, return no launch URL Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only get provider launch URL when no url is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only catch value error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-06-09 21:56:34 +02:00
Jens L	69f0460f69	website: update translation docs (#5875 ) * website/docs: remove lingui references Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace deprecated cryptography types Signed-off-by: Jens Langhammer <jens@goauthentik.io> * tell eslint to avoid escapes in strings when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ignore generated locale code Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-06 12:32:32 +02:00
Jens L	fd4c5f5ce7	providers/ldap: fix LDAP Outpost application selection (#5812 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-31 14:14:25 +02:00
Jens L	d09bee7bf9	providers/proxy: add support for traefik.io API and CRD (#5801 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-29 21:12:59 +02:00
Jens L	5d5938c412	sources/saml: separate verification cert (#5699 ) * sources/saml: allow separate verification certificate to be specified Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migration to keep current behaviour Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update strings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep testing verification Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-21 14:42:17 +02:00
Jens L	79dcc30778	providers/radius: add warning message when radius provider is not used with outpost (#5656 ) * providers/radius: add warning message when radius provider is not used with outpost same message as Proxy and LDAP provider have Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 16:19:33 +02:00
Jens L	68a1bcf233	providers/SCIM: improve backchannel signalling (#5657 ) * providers/scim: add warning when provider is not used as backchannel provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * providers/scim: don't sync SCIM provider that isn't used as backchannel at all Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 16:19:18 +02:00
Jens L	f4b0d6e85c	providers/scim: default to None for fields instead of empty list (#5642 ) * providers/scim: default to None for fields instead of empty list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make name of delete_none_keys clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 00:25:28 +02:00
Jens L	47f09ac285	providers/scim: improve SCIM error messages (#5600 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-15 14:39:27 +02:00
Jens L	ec78e56fbd	providers/scim: fix group patch schema (#5596 ) the original request was made based on the sentry docs, which aren't actually correct Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-12 20:03:43 +02:00
Jens L	906faf9cce	providers/proxy: fix panic when claims in session were nil (#5569 ) * providers/proxy: fix panic when claims in session were nil Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new options Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-10 20:58:44 +02:00
Michael OBrien	eb071d4d90	providers/oauth2: add user UUID as subject option (#5556 ) * providers/oauth2: add user UUID as subject option * Added translations for new OAuth2 subject option	2023-05-10 17:50:13 +02:00

1 2 3 4 5 ...

549 commits