authentik

Archived

Author	SHA1	Message	Date
boesr	a32755b6c8	root: Add setting to adjust database config for pgpool (#6949 )	2023-09-21 12:54:18 +02:00
Jens L	000244e387	sources/ldap: add lock to sync (#6930 )	2023-09-18 21:38:01 +02:00
Jens L	7649a57495	core: create app transactional api (#6446 ) * initial api and schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate blueprint importer from yaml parsing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new "must_created" state to blueprints to prevent overwriting objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework validation and error response to make it actually usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add defaults Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework transaction_rollback Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use static method for string imports of subclass Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-17 23:55:21 +02:00
Jens L	583c5e3ba7	sources/ldap: add warning when a property mapping returns None or bytes (#6913 ) * sources/ldap: add warning when a property mapping returns None or bytes closes #6889 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-16 00:37:20 +02:00
Jens L	895c6a349c	policies: specify failure result (#6887 )	2023-09-14 20:38:22 +02:00
Jens L	58aa7ec623	sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (#6877 ) sources/ldap: fix inverted interpretation of nsaccountlock Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-13 15:43:59 +02:00
Tana M Berry	c79e90964a	website/docs: tweak Config page (#6854 ) * used tabs to add k8s info * tweaks * changed to mdx * wording tweaks and rearranged sections * removed old md file renamed to mdx * tweak * added a redirect to toml file * fix references Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-12 20:30:40 +00:00
Jens L	515ce94a85	root: add option to disable beat when running worker (#6849 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-12 13:26:23 +02:00
Jens L	4c823b7428	providers/saml: set WantAuthnRequestsSigned in metadata (#6851 )	2023-09-12 09:10:06 +02:00
Jens Langhammer	5b6fb4a05a	Merge branch 'version-2023.8' Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # Dockerfile # poetry.lock # proxy.Dockerfile # web/src/admin/AdminInterface.ts # web/xliff/zh-Hans.xlf	2023-09-11 22:04:23 +02:00
Jens Langhammer	f885f8c039	release: 2023.8.3	2023-09-11 18:55:08 +02:00
Jens L	ec5bd550c7	core: remove celery's duplicate max_tasks_per_child (#6840 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:15:17 +02:00
Jens L	fe02720f8d	providers/scim: check that a provider exists before starting scim task (#6841 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:15:12 +02:00
Jens L	0580f32fe6	core: remove celery's duplicate max_tasks_per_child (#6840 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:18 +02:00
Jens L	74ee97b472	providers/scim: check that a provider exists before starting scim task (#6841 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:04 +02:00
Alissa Gerhard	dd18f9cd30	sources/ldap: dont prefetch useless items (#6812 ) sources/ldap: Fixed fetching of useless data into redis	2023-09-11 12:44:49 +02:00
Alissa Gerhard	d36574fc1a	sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809 ) * sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single * ldap_sync_all runs tasks async so doesn't need longer timeouts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump time more as we run some tasks in serial and add more leeway Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 12:44:40 +02:00
Alissa Gerhard	e45b57071a	sources/ldap: dont prefetch useless items (#6812 ) sources/ldap: Fixed fetching of useless data into redis	2023-09-11 12:43:10 +02:00
Alissa Gerhard	06850a2f57	sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single (#6809 ) * sources/ldap: fix task timeout for ldap_sync_all and ldap_sync_single * ldap_sync_all runs tasks async so doesn't need longer timeouts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump time more as we run some tasks in serial and add more leeway Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-09-08 20:37:54 +02:00
Jens L	ae91689fd8	policies/reputation: require either check to be enabled (#6764 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 14:00:29 +02:00
Jens L	aa209efa90	stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763 ) * stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 14:00:24 +02:00
Jens L	4b20409a91	sources/ldap: fix FreeIPA nsaccountlock sync (#6745 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-06 13:59:36 +02:00
Jens L	bbdf8c054b	stages/password: move password validation to serializer (#6766 ) * handle non-applicable when restarting flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * flows: add StageInvalidException error to be used in challenge/response serializer validation to return a stage_invalid error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework password stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:55:33 +02:00
Jens L	8c3f578187	policies/reputation: require either check to be enabled (#6764 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:15:14 +02:00
Jens L	e373bae189	flows: remove need for post() wrapper by using dispatch (#6765 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:15:03 +02:00
Jens L	7cbce1bb3d	stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763 ) * stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 21:58:11 +02:00
Jens L	6612f729ec	stages/authenticator: vendor otp (#6741 ) * initial import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update imports Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove email and hotp for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove things we don't need and clean up Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge static Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge totp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update webui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup, add doctests to test_runner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup more lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup last tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docstrings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement SerializerModel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-04 11:45:14 +02:00
Jens L	3f12c7c013	sources/ldap: fix FreeIPA nsaccountlock sync (#6745 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-04 08:44:00 +02:00
Jens L	fd561ac802	root: connect to backend via socket (#6720 ) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-02 17:58:37 +02:00
Jens Langhammer	97e4c8d5e2	release: 2023.8.2	2023-09-01 17:27:16 +02:00
Jens L	a39fef11b8	providers/saml: fix SAML metadata import API requiring flow slug inst… (#6729 ) * providers/saml: fix SAML metadata import API requiring flow slug instead of pk Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace format_exc_info with dict_tracebacks, and only for json logger Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-01 12:59:25 +02:00
Jens L	0772756eef	crypto: fix has_key filter (#6727 ) * crypto: fix has_key certificate filter Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-01 11:51:41 +02:00
Jens L	1c1c1cf5da	root: expand exception logging (#6690 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-31 14:17:57 +02:00
Jens L	f57b3efcaa	policies/reputation: fix reputation not expiring (#6714 ) * policies/reputation: fix reputation not expiring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some verbose names for models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-31 13:46:00 +02:00
Jens L	3f3ca6fe82	core: make groups' parent_name nullable as it might not be set (#6700 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 20:39:57 +02:00
Jens L	3afff1bae9	providers/oauth2: fix incorrect scope permissions shown (#6696 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 17:27:40 +02:00
Jens L	b6a57ffd4f	events: fix missing application names from most used applications (#6689 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 12:46:42 +02:00
Jens Langhammer	be3cfaee56	release: 2023.8.1	2023-08-30 00:31:45 +02:00
Jens L	9545857042	root/revert persistent connections (#6677 ) Revert "root: always use persistent database connections (#6560)" This reverts commit `1d99ec95b5`.	2023-08-30 00:13:53 +02:00
Jens Langhammer	bfa78afd54	release: 2023.8.0	2023-08-29 19:58:42 +02:00
Jens L	aa874dd92a	security: fix CVE-2023-39522 (#6665 ) * stages/email: don't disclose whether a user exists or not when recovering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update website Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 19:07:49 +02:00
Jens L	af200a6bf9	web: cleanup (#6664 ) * web: remove <p> used for padding and do it properly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: remove .form-help-text as it didn't change anything Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move data-list styling to correct scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove title from navbar for docs-only build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 18:24:11 +02:00
Jens L	ccfd45774e	: fix api errors raised in general validate() to specify a field (#6663 ) : fix api errors raised in general validate() to specify a field Signed-off-by: Jens Langhammer <jens@goauthentik.io> remove required flag for tls server name for ldap provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to make timing test less flaky Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 14:41:48 +02:00
Jens L	30cb38ac6d	blueprints: fix tag values not resolved correctly (#6653 ) * blueprints: fix tag values not resolved correctly this lead to `null` in an `!Env` tag being returned as `"null"` Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make blueprint user password optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure user doesn't have a usable password set when its an empty string Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 18:27:44 +02:00
Jens L	85bc35eb41	providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 00:51:48 +02:00
Jens L	9e29789c09	root: fix config loading for outposts (#6640 ) * root: fix config loading for outposts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve check to see if outpost is embedded or not Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix oauth url fetching Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-26 19:40:48 +02:00
Jens L	d29163e3ad	core: fix filtering users by type attribute (#6638 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-26 17:26:50 +02:00
Marc 'risson' Schmitt	599f7e7c88	root: config: remove redundant default configs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2023-08-26 02:41:37 +02:00
dependabot[bot]	bc6706016b	core: bump pydantic from 1.10.12 to 2.3.0 (#6613 ) * core: bump pydantic from 1.10.12 to 2.3.0 Bumps [pydantic](https://github.com/pydantic/pydantic) from 1.10.12 to 2.3.0. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0) --- updated-dependencies: - dependency-name: pydantic dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix webauthn stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix scim Signed-off-by: Jens Langhammer <jens@goauthentik.io> * "fix" lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-08-24 12:25:17 +02:00
Marc 'risson' Schmitt	739edba92d	enterprise: default user count to 0 Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2023-08-23 17:10:50 +02:00

1 2 3 4 5 ...

3015 commits