e2a771bdaa
docs: update screenshot in captcha stage
2021-03-02 22:25:00 +01:00
23de9df2a5
stages/authenticator_validate: cleanup
2021-03-02 22:20:54 +01:00
d420719649
release: 2021.3.1-rc2
2021-03-02 21:41:30 +01:00
0018fbacd3
Merge branch 'master' into version-2021.3
...
# Conflicts:
# web/src/constants.ts
2021-03-02 21:39:30 +01:00
8c41d2f4cb
stages/authenticator_webauthn: add views to update and delete devices
2021-03-02 21:26:31 +01:00
dc4a7c35da
core: fix errors on user token views
2021-03-02 21:16:03 +01:00
e8c9b70ae8
sources/ldap: check pwdLastSet when syncing Users
2021-03-02 21:05:02 +01:00
74d240dfd4
admin: use spinner-button for modal forms
2021-03-02 20:37:23 +01:00
373793ce9a
policies: show more information when provider fails to resolve application
2021-03-02 16:58:55 +01:00
792fa45dca
providers/oauth2: add logout URL to Setup URLs API
2021-03-02 15:11:18 +01:00
743aaea15e
policies: improve logging
2021-03-02 15:04:31 +01:00
38d9533afd
root: update screenshots
2021-03-02 12:15:32 +01:00
7538af5e09
docs: fix download links for compose
2021-03-02 10:07:46 +01:00
2e659c1ab0
release: 2021.3.1-rc1
2021-03-02 09:41:09 +01:00
7fb95dfabf
stages/password: improve logging
2021-03-02 09:40:32 +01:00
83cc5d24f2
stages/password: improve logging
2021-03-02 09:30:29 +01:00
3045cf1aef
web: make user password-reset button use action button
2021-03-01 20:41:54 +01:00
c65b2944b3
stages/reputation: add API for user and IP Score
2021-03-01 20:22:37 +01:00
2ae5a81c15
stages/deny: add deny stage
2021-03-01 20:16:54 +01:00
ed8b78600e
stages/authenticator_validate: add configuration stage to configure Authenticator
2021-03-01 19:23:59 +01:00
644a03e40e
lib: don't order_by on widget because PolicyBindingModel, order in form
2021-03-01 19:23:09 +01:00
88ce93ab04
policies: fix tests creating policies with empty names
2021-03-01 19:22:35 +01:00
03d38557e5
stages/*: simplify __str__ of classes
2021-03-01 18:30:47 +01:00
37b59bb5b9
lib: sort GroupedModelChoiceField by name
...
closes #602
2021-03-01 18:30:27 +01:00
ce7aae16c9
stages/password: fix ?next param for password change
2021-03-01 17:17:44 +01:00
fd9ba97479
core: remove source's ui_additional_info
2021-03-01 16:57:51 +01:00
ca4ead8fd8
events: fix event creation with anonymous user
2021-03-01 12:04:27 +01:00
a81f981471
lib: fix being unable to set authentik. options
2021-03-01 11:11:00 +01:00
d6fd2b0afa
sources/saml: add Metadata API
2021-03-01 10:50:45 +01:00
1149a8d9a4
flows: fix tests for diagram
2021-02-28 11:01:34 +01:00
9b3e94c7c8
flows: fix flow diagram showing policy after stage and not before
2021-02-28 10:28:37 +01:00
7f65ae3f92
Merge branch 'master' into stage-challenge
...
# Conflicts:
# web/package-lock.json
2021-02-28 00:47:18 +01:00
0958740b51
providers/saml: fix Autosubmit Challenge
2021-02-28 00:09:08 +01:00
05a5b5b675
stages/prompt: fix fields not being sorted correctly
2021-02-27 21:03:57 +01:00
ffcf064f83
Merge branch 'version-2021.2'
...
# Conflicts:
# authentik/policies/group_membership/forms.py
# web/package.json
# web/src/constants.ts
# web/src/elements/buttons/TokenCopyButton.ts
2021-02-27 18:29:30 +01:00
5725e54334
release: 2021.2.6-stable
2021-02-27 18:16:46 +01:00
c20856ca17
web: fix colourstyles not being included in common_styles
...
# Conflicts:
# authentik/events/geo.py
# web/src/elements/buttons/TokenCopyButton.ts
2021-02-27 18:16:32 +01:00
402afa1e85
Merge branch 'master' into stage-challenge
...
# Conflicts:
# web/src/elements/buttons/SpinnerButton.ts
2021-02-27 18:10:08 +01:00
5b4e75000b
web: fix colourstyles not being included in common_styles
2021-02-27 17:38:21 +01:00
fe290aa214
sources/ldap: fix password setter on users which are not LDAP
2021-02-27 17:04:16 +01:00
a2e69bd250
sources/ldap: fix API error when source has not synced yet
2021-02-27 17:04:16 +01:00
d2a35eb8de
admin: fix missing success_url for clean views
2021-02-27 17:04:16 +01:00
3437d8b4b0
flows: handle error when app cannot be found during import
2021-02-27 17:04:16 +01:00
b862bf4284
providers/oauth2: fix error when no login event could be found
2021-02-27 17:04:16 +01:00
de22a367b1
events: fix error when event can't be loaded into rule task
2021-02-27 17:04:15 +01:00
17ab895652
flows: fix glob pattern for doc flows
2021-02-27 17:04:06 +01:00
a4d5815e1b
policies: sort groups in groupmembership policy and binding
...
closes #595
# Conflicts:
# authentik/policies/group_membership/forms.py
2021-02-27 17:02:34 +01:00
4cbfaaa72b
sources/ldap: fix password setter on users which are not LDAP
2021-02-27 16:49:59 +01:00
92943f08d9
sources/ldap: fix API error when source has not synced yet
2021-02-27 16:29:36 +01:00
10ef1c7e93
admin: fix missing success_url for clean views
2021-02-27 16:27:42 +01:00
02c762c268
flows: handle error when app cannot be found during import
2021-02-27 16:26:06 +01:00
d2dfc6d63b
Merge branch 'master' into stage-challenge
2021-02-27 16:04:57 +01:00
a18240fcd7
providers/oauth2: fix error when no login event could be found
2021-02-27 16:02:07 +01:00
9af1d6f63b
events: fix error when event can't be loaded into rule task
2021-02-27 15:22:43 +01:00
e94abfc986
flows: fix glob pattern for doc flows
2021-02-27 13:23:16 +01:00
5c652c1f79
policies: sort groups in groupmembership policy and binding
...
closes #595
2021-02-27 13:19:38 +01:00
c62ef4ae81
stages/identification: don't pass entire application
2021-02-26 16:44:45 +01:00
3df81ca6f0
root: don't use failfast
2021-02-26 15:39:50 +01:00
2335ccddaa
root: add fallback URL for websocket
2021-02-26 15:12:58 +01:00
477e30f542
core: fix path for blank avatar when avatars are disabled
2021-02-26 15:07:30 +01:00
7bf3d7e10a
Merge branch 'master' into stage-challenge
...
# Conflicts:
# Pipfile.lock
2021-02-26 12:02:49 +01:00
1bef659b10
stages/captcha: remove dependency on captcha app
2021-02-26 10:13:58 +01:00
fbf2fe2404
stages/authenticator_validate: fix webauthn validation
2021-02-25 21:00:32 +01:00
b968adffc1
stages/authenticator_totp: fix error when disabling device
2021-02-25 21:00:18 +01:00
4e2c686db1
Merge branch 'master' into stage-challenge
...
# Conflicts:
# Pipfile.lock
2021-02-25 20:13:17 +01:00
9e6a7bf16b
stages/captcha: migrated to SPA
2021-02-25 19:58:38 +01:00
890e0e9054
*: remove unused templates and code, move avatar to User model
2021-02-25 19:58:23 +01:00
cf7e7c44ff
stages/password: fix recovery link not being shown in SPA
2021-02-25 15:09:48 +01:00
0f169f176d
stages/authenticator_validate: implement validation, add button to go back to device picker
2021-02-25 12:07:32 +01:00
007676b400
stages/authenticator_validate: fix post from code form
2021-02-24 20:39:39 +01:00
5977c09b05
Merge branch 'version-2021.2'
...
# Conflicts:
# authentik/admin/templates/administration/policy/list.html
# web/src/pages/outposts/OutpostListPage.ts
2021-02-24 10:20:48 +01:00
e81d3dad3e
release: 2021.2.5-stable
2021-02-24 09:54:06 +01:00
5aabaebd96
root: fix request_id not being logged for actual asgi requests
2021-02-24 09:45:52 +01:00
c1caf84d92
events: fix user QuerySet being passed
2021-02-24 09:44:05 +01:00
86c069fe64
admin: fix policy list not having a refresh button
2021-02-24 09:43:57 +01:00
ce0140ef67
events: pass Event's user to Notification policy engine when present
2021-02-24 09:43:50 +01:00
bba43c5109
sources/oauth: fix buttons not being ak-root-link
2021-02-24 09:23:44 +01:00
9049593ff5
sources/oauth: fix buttons not being ak-root-link
2021-02-24 09:23:19 +01:00
3cdb81c5ba
stages/authenticator_validate: create challenge per device, implement class switcher
2021-02-23 23:43:13 +01:00
e8259791f0
stages/authenticator_webauthn: fix rp_id and origin generation
2021-02-23 23:39:00 +01:00
55af786852
Merge branch 'master' into stage-challenge
2021-02-23 23:17:03 +01:00
7101c7987c
Merge branch 'version-2021.2'
2021-02-23 23:02:05 +01:00
bd48955f39
release: 2021.2.4-stable
2021-02-23 23:00:43 +01:00
53adcd9157
core: fix user-settings not loading sources
2021-02-23 22:55:08 +01:00
c5a2bb8914
admin: fix success_urls
2021-02-23 22:55:01 +01:00
66e5958283
core: fix user-settings not loading sources
2021-02-23 22:53:17 +01:00
9db445c3ee
admin: fix success_urls
2021-02-23 22:53:05 +01:00
8878fac4e7
stages/authenticator_validate: send challenge for each device
2021-02-23 18:25:58 +01:00
3894895d32
stages/authenticator_validate: start rewrite to SPA
2021-02-23 13:50:47 +01:00
451c117ea4
stages/authenticator_webauthn: fix incorrect response being sent
2021-02-22 19:54:05 +01:00
5904070bb2
flows: add ensure_csrf_cookie() to flow shell view
2021-02-22 18:42:15 +01:00
217595bb01
tests: start fixing selenium tests
2021-02-21 23:39:02 +01:00
20e0fe3941
web: move ak-form-element to separate file
2021-02-21 23:09:08 +01:00
fb9880bff4
web: add loading animation to flowexecutor
2021-02-21 22:01:35 +01:00
76c572cf7c
stages/authenticator_webauthn: migrate to SPA
2021-02-21 20:53:23 +01:00
0904fea109
flows: fix migration for e2e tests
2021-02-21 20:47:23 +01:00
6df89e7abf
stages/authenticator_static: migrate to SPA
2021-02-21 19:34:49 +01:00
21afda6dc2
stages/authenticator_totp: migrate to SPA
2021-02-21 19:10:50 +01:00
dc680a3385
flows: set pending_user in ChallengeStageView
2021-02-21 18:58:08 +01:00
88e5b22d16
flows: add get_pending_user() for WithUserInfoChallenge
2021-02-21 18:35:21 +01:00
27cd10e072
stages/prompt: migrate to SPA
2021-02-21 18:27:34 +01:00
d35f524865
core: remove old templates
2021-02-21 14:59:37 +01:00
ca223fa4df
providers/saml: migrate to challenge for submit
2021-02-21 14:36:22 +01:00
14962eb6cc
stages/email: migrate to SPA
2021-02-21 13:42:55 +01:00
b9f409d6d9
stages/consent: migrate to SPA
2021-02-21 13:15:45 +01:00
a8681ac88f
root: fix typo
2021-02-21 00:22:14 +01:00
c1e6786ea1
stages/password: Migrate to SPA
2021-02-21 00:14:42 +01:00
1c8d101fc3
stages/identification: remove templates
2021-02-20 23:47:18 +01:00
7a9140bdcd
core: move UILoginButtonSerializer into core
2021-02-20 23:42:35 +01:00
511f94fc7f
*: cleanup code, return errors in challenge_invalid, fixup rendering
2021-02-20 23:34:10 +01:00
548b1ead2f
flows: challenge error response in challenge format
2021-02-20 20:28:57 +01:00
33f67140f2
stages/identification: move user validation to serializer
2021-02-20 20:16:20 +01:00
e0ae92ccc7
stages/*: update tests for new response
2021-02-20 19:41:48 +01:00
bdb86d7119
*: replace shortcuts.reverse with urls.reverse
2021-02-20 19:13:50 +01:00
a1a3d316e3
stages/identification: implement challenge
2021-02-20 18:28:11 +01:00
0e975757b8
core: remove UILoginButton's icon_path
2021-02-20 18:26:43 +01:00
391ee10cb8
Merge branch 'master' into stage-challenge
...
# Conflicts:
# authentik/api/v2/urls.py
2021-02-20 12:51:10 +01:00
dde303f13a
admin: remove dead code
2021-02-20 00:27:22 +01:00
264c678eaa
web: migrate user token list to web
2021-02-20 00:20:01 +01:00
854d94056e
web: migrate remaining list views to web
2021-02-20 00:19:53 +01:00
9d4c22c706
web: show header while loading application info
2021-02-19 23:34:06 +01:00
9b12895fab
admin: remove unneeded code
2021-02-19 19:32:46 +01:00
93478a55d7
web: migrate Stage List to web
2021-02-19 19:29:17 +01:00
a76cbf8b70
flows: separate flows api into smaller files
2021-02-19 19:14:16 +01:00
6597d5bd28
web: migrate Token List to web
2021-02-19 19:09:30 +01:00
fd28f37c0d
web: migrate User list to web
2021-02-19 18:43:57 +01:00
d219f65e7a
web: migrate System Task list to web
2021-02-19 18:12:23 +01:00
865f652476
web: migrate Outpost Service Connection to web
2021-02-19 17:49:34 +01:00
8008918d8b
admin: remove PolicyBinding list
2021-02-19 17:37:19 +01:00
75d0bd01c2
admin: remove StageBinding list
2021-02-19 17:19:48 +01:00
029c6cd182
web: migrate Group list to web
2021-02-19 17:18:09 +01:00
71f771c22c
core: add types API to propertymapping
2021-02-19 17:10:30 +01:00
38bd05867d
web: migrate Policy list to web
2021-02-19 17:05:02 +01:00
79089d8981
policies: add bound count to api
2021-02-19 16:53:30 +01:00
47bde052ca
policies: add types action to policy API, use MetaNameSerializer
2021-02-19 16:34:33 +01:00
bd6a473d4f
flows: add cached as action to flow API
2021-02-19 16:34:12 +01:00
277b4336d3
stages/authenticator_validate: update autocomplete for code input
2021-02-19 16:00:59 +01:00
b229b2f40d
Merge branch 'master' into stage-challenge
...
# Conflicts:
# authentik/stages/authenticator_validate/stage.py
# authentik/stages/identification/stage.py
2021-02-18 14:04:35 +01:00
e4f0613fab
*: replace tuple and set from typing with normal
2021-02-18 13:53:57 +01:00
ecff810021
*: replace List from typing with normal list
2021-02-18 13:45:46 +01:00
fdde97cbbf
*: replace Dict from typing with normal dict
2021-02-18 13:41:03 +01:00
eb01b42425
flows: mount executor under api, implement initial challenge design
2021-02-17 23:52:49 +01:00
8708e487ae
stages: add WebAuthn stage ( #550 )
...
* core: add User.uid for globally unique user ID
* admin: fix ?next for Flow list
* stages: add initial webauthn implementation
* web: add ak-flow-submit event to submit flow stage
* web: show error message for webauthn registration
* admin: fix next param not redirecting correctly
* stages/webauthn: remove form
* stages/webauthn: add API
* web: update flow diagram on ak-refresh
* stages/webauthn: add initial authentication
* stages/webauthn: initial authentication implementation
* web: cleanup webauthn utils
* stages: rename otp_* to authenticator and move webauthn to authenticator
* docs: fix broken links
* stages/authenticator_*: fix template paths
* stages/authenticator_validate: add device classes
* stages/authenticator_webauthn: implement django_otp.devices
* stages/authenticator_*: update default stage names
* web: add button to create stage on flow page
* web: don't minify HTML, remove nbsp
* admin: fix typo in stage list
* stages/*: use common base class for stage serializer
* stages/authenticator_*: create default objects after rename
* tests/e2e: adjust stage order
2021-02-17 20:49:58 +01:00
4cfcc48b23
admin: migrate certificate-keypair list to web
2021-02-16 23:16:52 +01:00
60c244c31d
core: add User.uid for globally unique user ID
2021-02-16 23:04:48 +01:00
69e6221906
web: port flow list
2021-02-16 22:52:54 +01:00
68eefd083e
web: fix linting errors
2021-02-16 22:35:55 +01:00
a647917074
providers/saml: use redirect binding first
2021-02-16 21:35:19 +01:00
099197ba8c
providers/saml: fix AuthnRequestsSigned and WantAssertionsSigned not loaded correctly
2021-02-16 21:30:15 +01:00
baa2ed5ecc
web: fix download button for SAML Metadata download
2021-02-16 21:04:03 +01:00
f8ba623fc1
web: add more related links, add policy/user/group support for bindings
2021-02-16 20:52:59 +01:00
6bcdf36ca6
admin: add ?provider for ApplicationCreateView
2021-02-16 20:00:52 +01:00
0b75a0028b
providers/saml: fix error when getting metadata of provider with no application
2021-02-16 19:58:04 +01:00
0901d7461e
providers/saml: fix redirect error
2021-02-16 19:28:18 +01:00
61772b75ff
providers/saml: fix managed mappings not being set on import
2021-02-16 19:20:52 +01:00
61604adf9a
root: fix request_id not being logged for actual asgi requests
2021-02-16 19:14:08 +01:00
5ae030997a
providers/saml: fix missing import
2021-02-15 09:25:22 +01:00
35e8a0c374
admin: fix ?next for Flow list
2021-02-14 18:39:36 +01:00
bbd088a957
events: fix geoip case when not configured
2021-02-12 10:43:00 +01:00
5417d0a90c
*: bump pyright version
2021-02-12 10:19:38 +01:00
417b5d61a4
root: add initial geoip implementation
2021-02-12 09:52:14 +01:00
e550216f85
events: fix user QuerySet being passed
2021-02-11 23:36:22 +01:00
1afb4a7a76
policies: add ability to directly assign groups in bindings
2021-02-11 20:36:48 +01:00
391eb9d469
admin: fix policy list not having a refresh button
2021-02-11 20:17:45 +01:00
494f094fa1
events: pass Event's user to Notification policy engine when present
2021-02-11 19:56:39 +01:00
aa0f5df218
policies/*: cleanup api and forms, use correct inheritance
2021-02-11 19:50:02 +01:00
7da90ff7e4
release: 2021.2.3-stable
2021-02-10 20:47:33 +01:00
61b5714652
docs: update release notes
2021-02-10 20:47:06 +01:00
d2df426489
core: fix tokens using wrong lookup
2021-02-10 20:32:54 +01:00
a367d8515f
core: add source endpoint
2021-02-10 20:12:07 +01:00
2b7a22a29a
core: add providers/types endpoint
2021-02-10 20:11:54 +01:00
c621f62d92
release: 2021.2.2-stable
2021-02-10 13:33:23 +01:00
d15e50025c
root: log runtime in milliseconds
2021-02-09 23:33:25 +01:00
0af66a26ab
crypto: move certificate and key data to separate api calls to create events
2021-02-09 21:47:00 +01:00
bf754369d9
providers/proxy: fix certificates without key being selectable
2021-02-09 21:11:44 +01:00
02dc112f8f
outposts: fix ProxyProvider update not triggering outpost update
2021-02-09 20:59:39 +01:00
2d4e7ebab5
admin: remove unnecessary success_urls
2021-02-09 20:58:46 +01:00
a7d0a50859
events: rename context.token to context.secret
2021-02-09 20:10:43 +01:00
71c9108f89
events: rename token_view to secret_view
2021-02-09 18:20:28 +01:00
45f1d95bf9
sources/oauth: add callback URL to api
2021-02-09 16:58:19 +01:00
5dab198c47
web: add new sources view
2021-02-09 16:24:27 +01:00
ad91abe9de
admin: remove old sources view
2021-02-09 16:17:48 +01:00
fa30755241
web: make ActionButton's method configurable
2021-02-09 16:14:51 +01:00
552f8c6a9a
sources/*: switch API to use slug in URL
2021-02-09 16:08:30 +01:00
2acdcf74e1
sources/ldap: add API for sync status
2021-02-09 10:21:59 +01:00
52016e0806
policies: skip cache on debug request
2021-02-08 22:14:23 +01:00
e555bdd42b
lib: fix stacktrace for general expressions
2021-02-08 22:14:13 +01:00
b3bd979ecd
release: 2021.2.1-stable
2021-02-08 21:34:05 +01:00
db113c5e8f
Merge branch 'master' into version-2021.2
2021-02-08 21:33:58 +01:00
78bcb90a1e
outposts: ensure Outpost API is backwards compatible
2021-02-08 19:51:46 +01:00
43bab840ec
web: fix sidebar being active when stage prompts is selected
2021-02-08 19:08:39 +01:00
f020b79384
admin: remove old code
2021-02-08 19:07:25 +01:00
820f658b49
web: add outpost list page
2021-02-08 19:04:19 +01:00
5d460a2537
admin: remove outposts list
2021-02-08 19:02:39 +01:00
efc46f52e6
outposts: move health to API
2021-02-08 19:01:10 +01:00
fe4b2d1a34
providers/oauth2: add authorized scopes to AUTHORIZE_APPLICATION event
2021-02-08 11:51:38 +01:00
f8abe3e210
providers/oauth2: add unofficial groups attribute to default profile claim
2021-02-08 11:50:26 +01:00
3ced67b151
sources/*: simplify source api
2021-02-08 10:25:59 +01:00
cd5631ec76
admin: fix link in source list
2021-02-08 10:25:59 +01:00
1e934aa5d5
release: 2021.2.1-rc2
2021-02-07 19:04:43 +01:00
d93927755a
Merge branch 'master' into version-2021.2
2021-02-07 19:04:37 +01:00
bf9826873e
web: fix outpost item in sidebar being active on service connection views
2021-02-07 18:21:13 +01:00
6869b3c16a
admin: add button to generate certificate-key pair
2021-02-07 16:15:55 +01:00
bfc8e9200f
providers/saml: split views into separate files
2021-02-07 13:39:33 +01:00
c4311abc9f
web: fix link to provider list on overview page
2021-02-06 22:46:09 +01:00
ec42869e00
policies: add debug flag to PolicyRequest to prevent alerts from testing policies
2021-02-06 21:45:38 +01:00
45963c2ffc
admin: improve layout for policy testing
2021-02-06 21:43:14 +01:00
7af883d80c
root: add dedicated live and readiness views
2021-02-06 21:07:05 +01:00
4a5374d03f
admin: remove provider list view
2021-02-06 20:54:50 +01:00
3b536f6e55
admin: fix property-mapping views redirecting to invalid URL
2021-02-06 20:54:12 +01:00
6aa13a8666
providers/saml: force-set friendly_name to empty string for managed mappings
2021-02-06 20:52:52 +01:00
33cdbd7776
release: 2021.2.1-rc1
2021-02-06 20:10:50 +01:00
db7e9f9b95
sources/ldap: set default group property mapping
2021-02-06 19:17:39 +01:00
91282c7bd8
web: add page for Proxy Provider
2021-02-06 18:57:25 +01:00
830b8bcd5b
web: add page for OAuth2 Provider
2021-02-06 18:39:15 +01:00
0f5e6d0d8c
api: add dark theme for API Browser
2021-02-06 18:09:24 +01:00
6aa6615608
web: add view page for SAML Provider
2021-02-06 18:07:13 +01:00
91d6a3c8c7
providers/*: simplify provider API
2021-02-06 17:31:29 +01:00
a6ac82c492
*: rewrite managed objects, use nullable text flag instead of boolean as uid ( #533 )
2021-02-06 15:56:21 +00:00
32cf960053
sources/ldap: add property_mappings_group to make group mapping more customisable
2021-02-06 15:27:07 +01:00
83bf639926
sources/ldap: use both entryDN and dn (for active-directory)
2021-02-05 15:17:57 +01:00
2717742bd2
sources/ldap: don't remove users from group which were not synced from AD
2021-02-05 15:17:20 +01:00
ef70e93bbd
Merge branch 'master' into ldap-groupOfNames
2021-02-05 14:52:39 +01:00
478d3430eb
sources/ldap: use openldap tests for entire sync
2021-02-05 14:29:22 +01:00
9c1ade59e9
sources/ldap: add more flatten to user sync, start adding tests for OpenLDAP
2021-02-05 13:36:27 +01:00
fadf746234
managed: allow for matching on multiple interfaces
2021-02-05 13:18:44 +01:00
397dfc29f1
sources/ldap: change default object filters to use objectClass= instead of objectCategory
2021-02-05 11:43:39 +01:00
b0e3b8b39d
sources/ldap: use entryDN attribute from ldap3 as opposed to implicit DN attribute
2021-02-05 11:43:13 +01:00
1f8130e685
events: improve information sent in notification emails
2021-02-04 21:44:59 +01:00
e639d8ab56
sources/ldap: add case when group does not have uniqueness attribute
2021-02-04 21:18:49 +01:00
005b4d8dda
sources/ldap: fix linting issues
2021-02-04 20:36:05 +01:00
de2d8b2d85
providers/oauth2: pass application to configuration error event
2021-02-04 20:35:37 +01:00
7d107991a2
sources/ldap: fix count for membership, fix wrong attribute being searched
2021-02-04 20:22:28 +01:00
14dc420747
sources/ldap: rewrite group membership syncing
2021-02-04 20:06:42 +01:00
89dc4db30b
sources/ldap: load operational attributes ( #526 )
2021-02-04 12:37:55 +01:00
cc3fccb27e
sources/ldap: use dn attribute for distinguishedName, ignore users with no distinguishedName
...
closes #527
2021-02-04 12:10:57 +01:00
add20de8de
providers/*: fix api linting issues
2021-02-04 10:27:55 +01:00
53f002a123
events: allow searching by event id
2021-02-04 10:09:19 +01:00
c7c387eb38
providers/*: add assigned application name and slug
2021-02-04 10:09:19 +01:00
1b3760a4b7
events: don't log successful system tasks
2021-02-04 10:09:18 +01:00
1101810fea
admin: show more details for policy testing
2021-02-03 22:09:46 +01:00
1ab5289e2e
admin: add test view for property mappings
2021-02-03 21:58:56 +01:00
4b24b185f2
admin: fix context not being passed correctly to policy test view
2021-02-03 21:40:03 +01:00
ea0ba5ae30
stages/password: use form.add_error
2021-02-03 21:39:03 +01:00
b74c08620a
admin: add link to changelog to update events
2021-02-03 21:19:51 +01:00
e25d03d8f4
Managed objects ( #519 )
...
* managed: add base manager and Ops
* core: use ManagedModel for Token and PropertyMapping
* providers/saml: implement managed objects for SAML Provider
* sources/ldap: migrate to managed
* providers/oauth2: migrate to managed
* providers/proxy: migrate to managed
* *: load .managed in apps
* managed: add reconcile task, run on startup
* providers/oauth2: fix import path for managed
* providers/saml: don't set FriendlyName when mapping is none
* *: use ObjectManager in tests to ensure objects exist
* ci: use vmImage ubuntu-latest
* providers/saml: add new mapping for username and user id
* tests: remove docker proxy
* tests/e2e: use updated attribute names
* docs: update SAML docs
* tests/e2e: fix remaining saml cases
* outposts: make tokens as managed
* *: make PropertyMapping SerializerModel
* web: add page for property-mappings
* web: add codemirror to common_styles because codemirror
* docs: fix member-of in nextcloud
* docs: nextcloud add admin
* web: fix refresh reloading data two times
* web: add loading lock to table to prevent double loads
* web: add ability to use null in QueryArgs (value will be skipped)
* web: add hide option to property mappings
* web: fix linting
2021-02-03 21:18:31 +01:00
cfed41439e
events: add send_once flag to send webhooks only once
2021-02-02 19:34:55 +01:00
3ac148d01c
events: only title for slack webhook
2021-02-02 19:18:51 +01:00
3e696d6ac8
flows: use global logger for stored plans
2021-02-02 17:29:03 +01:00
0114bc0d6a
flows: fix lint errors
2021-02-02 17:02:02 +01:00
c60934f9b1
flows: fix benchmark using wrong context
2021-02-02 16:27:21 +01:00
09bdcfaab0
flows: optimise logging
2021-02-02 16:27:03 +01:00
624206281e
policies: optimise logging
2021-02-02 16:12:41 +01:00
3d112e7688
root: use filtering_bound_logger for speed improvements
2021-02-02 15:43:44 +01:00
3c4ff65a01
stages/consent: fix wrong widget for expire
2021-02-02 15:01:33 +01:00
3926ee9eb6
core: clear application cache upon application creation
2021-01-30 18:12:14 +01:00
7fbf915e0a
policies: fix application cached not being cleared correctly
2021-01-30 18:12:01 +01:00
5af9e8c05d
core: improve application caching
2021-01-30 18:03:44 +01:00
d8ae56ed19
providers/saml: fix imported provider not saving properties correctly
2021-01-30 12:33:27 +01:00
3e3f29973b
release: 2021.1.4-stable
2021-01-29 10:29:06 +01:00
2f3a086f29
docs: update veeam docs for group mapping
2021-01-28 23:34:51 +01:00
239af7048a
providers/saml: import SAML Provider with all autogenerated mappings
2021-01-28 23:32:36 +01:00
188ef0f58f
core: only cache Applications API when no filtering is done
2021-01-28 23:16:51 +01:00
5ef4354723
providers/saml: make NameID configurable using a Property Mapping
2021-01-28 22:50:13 +01:00
66a8b52c7c
providers/saml: update default OIDs for default property mappings
2021-01-28 22:44:44 +01:00
c1563f4cff
lib: fix ak_is_group_member checking wrong groups
2021-01-28 22:30:59 +01:00
da37b42bcf
admin: fix providers not showing SAML Import on empty state
2021-01-28 22:16:50 +01:00
f4bb22138c
providers/saml: add support for WindowsDomainQualifiedName, add docs for NameID
2021-01-28 22:00:40 +01:00
c0199933c8
events: fix email template for notifications
2021-01-27 13:22:43 +01:00
5c3f410016
release: 2021.1.3-stable
2021-01-27 10:50:48 +01:00
b1591618ae
admin: handle FlowNonApplicableException during flow plan
2021-01-27 09:57:26 +01:00
55bcc254c1
flows: fix FlowNonApplicableException not being Sentry Ignored
2021-01-27 09:57:18 +01:00
7d844d1821
release: 2021.1.2-stable
2021-01-18 11:15:11 +01:00
3d3a0cd9e3
events: create event when system task fails
2021-01-18 10:09:14 +01:00
204792b750
stages/email: fix email task not falling back to use_global_settings
2021-01-17 23:31:58 +01:00
8ffa3e5885
policies: fix logic error for sync mode
2021-01-17 23:31:34 +01:00
677a181b9c
release: 2021.1.1-stable
2021-01-17 22:36:16 +01:00
4b551add1a
stages/password: catch importerror during authentic()
2021-01-17 20:23:22 +01:00
e6f897c7e6
policies: detect when running in a daemon process and run policies sync
2021-01-17 20:09:53 +01:00
65c9d4bf4c
policies: use custom context for fork instead of changing global context
2021-01-17 20:09:53 +01:00
6e88e52d78
outposts: add message to outpost_service_connection_monitor task
2021-01-17 20:09:53 +01:00
6e69edf1af
core: increase application cache duration
...
# Conflicts:
# authentik/core/api/applications.py
2021-01-17 19:17:47 +01:00
08e7ef3c1e
core: increase application cache duration
2021-01-17 19:04:54 +01:00
cf76652a4c
release: 2021.1.1-rc2
2021-01-17 17:40:43 +01:00
49d40d4337
admin: fix linting
2021-01-17 17:35:00 +01:00
94182f88a4
release: 2021.1.1-rc1
2021-01-17 17:25:47 +01:00
1c25f4f09b
core: use tabs for user settings
2021-01-17 17:25:15 +01:00
aad3b43ac3
core: cache applications API
2021-01-16 22:38:09 +01:00
60f52f102a
outposts: optimise signals to not always trigger
2021-01-16 22:14:37 +01:00
f3ccb5341d
outpost: improve logging
2021-01-16 22:13:57 +01:00
cb73210447
events: don't log permission creation
2021-01-16 22:03:06 +01:00
f959212692
events: make notifications filterable
2021-01-16 19:08:07 +01:00
2d2a404028
providers/oauth2: improve error handling and event creation
2021-01-16 18:27:10 +01:00
4baf9e4a22
web: fix unread count, use white-space pre
2021-01-16 18:04:09 +01:00
4f28a89e63
policies: improve recording of error messages during policy process
2021-01-16 16:38:57 +01:00
f8b4b92e8d
policies: pass direct exception from expression policies
2021-01-16 15:41:59 +01:00
c1fbfc63ab
core: use version in qs for static files to ensure latest are loaded
2021-01-16 14:15:42 +01:00
192dbe05c4
events: triggers -> rules
2021-01-16 14:15:23 +01:00
d637bd0bf9
events: improve infinite loop detection
2021-01-15 11:27:18 +01:00
a2bddc6d91
policies: fix engine tests checking wrong key
2021-01-15 11:27:07 +01:00
2e42da11ea
policies/event_matcher: simplify validity checking
2021-01-15 11:26:55 +01:00
f297d1256d
events: fix linting
2021-01-15 11:19:56 +01:00
da59e7c4a7
events: fix infinite loop in unittests
2021-01-15 00:32:59 +01:00
8684d106d5
events: fix default transport for successive migrations
2021-01-14 23:50:18 +01:00
7f5caf901d
expressions: set exception as message field
2021-01-14 21:58:10 +01:00
1c686e19b5
policies: set message instead of error for Event
2021-01-14 20:17:21 +01:00
3cc92f6c97
events: ensure created field is timestamp
2021-01-14 20:16:54 +01:00
4447345345
policies: fix display of stacktrace in events
2021-01-14 18:07:41 +01:00
42c6401ba7
events: add event context to slack webhook
2021-01-14 17:40:19 +01:00
eef111bcfd
events: disable policy cache for trigger
2021-01-14 17:39:59 +01:00
6192b2787f
events: notifications: send entire event in API
2021-01-14 17:22:02 +01:00
c7d28f8ca9
events: attach default transport to default triggers
2021-01-14 17:22:02 +01:00
1342266368
events: include full group in event notification
2021-01-14 17:22:02 +01:00
7ff679b1a3
policies: fix error when error occurs during policy process with no target
2021-01-14 17:22:02 +01:00
8beddcddb0
events: set severity for default triggers
2021-01-14 17:22:02 +01:00
9fe8554f28
events: make notification read/update only
2021-01-14 17:22:02 +01:00
308896719d
docs: add docs for events and notifications
2021-01-13 00:26:33 +01:00
95c1473dd2
events: assign default triggers to default admin group, create default transport
2021-01-12 23:28:17 +01:00
b14c5039ed
events: set default admin group to receive default triggers
2021-01-12 23:06:42 +01:00
b6948334f2
policies/event_matcher: fix verbose_name
2021-01-12 23:06:24 +01:00
29e08e7477
stages/otp_*: fix app's verbose_name
2021-01-12 22:59:46 +01:00
36bc1dc020
events: record source when user is using source to authenticate
2021-01-12 22:48:55 +01:00
61d1407804
sources/*: Set PLAN_CONTEXT_SOURCE when logging in with a source
2021-01-12 22:37:33 +01:00
47ddf0d7f2
web: add UI for notification triggers
2021-01-12 22:26:57 +01:00
cac94792fa
admin: add event transport forms
2021-01-12 22:03:33 +01:00
8369fa16ae
events: add mode_verbose to transport, return string on send error
2021-01-12 21:51:55 +01:00
f30bdbecd6
events: catch errors during send and re-raise as custom type
2021-01-12 21:48:16 +01:00
c727c845df
policies: add and/or mode ( #463 )
...
* policies: add mode to PolicyEngine for AND and OR modes
* events: use PolicyEngine in OR mode
2021-01-12 18:22:25 +01:00
1ccf6dcf6f
events: Notifications ( #418 )
...
* events: initial alerting implementation
* policies: move error handling to process, ensure policy UUID is saved
* policies: add tests for error handling in PolicyProcess
* events: improve loop detection
* events: add API for action and trigger
* policies: ensure http_request is not used in context
* events: adjust unittests for user handling
* policies/event_matcher: add policy type
* events: add API tests
* events: add middleware tests
* core: make application's provider not required
* outposts: allow blank kubeconfig
* outposts: validate kubeconfig before saving
* api: fix formatting
* stages/invitation: remove invitation_created signal as model_created functions the same
* stages/invitation: ensure created_by is set when creating from API
* events: rebase migrations on master
* events: fix missing Alerts from API
* policies: fix unittests
* events: add tests for alerts
* events: rename from alerting to notifications
* events: add ability to specify severity of notification created
* policies/event_matcher: Add app field to match on event app
* policies/event_matcher: fix EventMatcher not being included in API
* core: use objects.none() when get_queryset is used
* events: use m2m for multiple transports, create notification object in task
* events: add default triggers
* events: fix migrations return value
* events: fix notification_transport not being in the correct queue
* stages/email: allow sending of email without backend
* events: implement sending via webhook + slack/discord + email
2021-01-11 18:43:59 +01:00
4743e72e18
policies: ensure binding has a target during unittests
2021-01-05 12:37:52 +01:00
9fb5ce2a1a
policies: add binding to policy_execution context
2021-01-05 11:51:05 +01:00
82bb179bc2
root: global email settings ( #448 )
...
* root: make global email settings configurable
* stages/email: add use_global_settings
* stages/email: add test_email command to test email sending
* stages/email: update email template
* stages/email: simplify email template path
* stages/email: add support for user-supplied email templates
* stages/email: add tests for sending and templates
* stages/email: only add custom template if permissions are correct
* docs: add custom email template docs
* root: add /templates volume in docker-compose by default
* stages/email: fix form not allowing custom templates
* stages/email: use relative path for custom templates
* stages/email: check if all templates exist on startup, reset
* docs: add global email docs for docker-compose
* helm: add email config to helm chart
* helm: load all secrets with env prefix
* helm: move s3 and smtp secret to secret
* stages/email: fix test for relative name
* stages/email: add argument to send email from existing stage
* stages/email: set uid using slug of message id
* stages/email: ensure template validation ignores migration runs
* docs: add email troubleshooting docs
* stages/email: fix long task_name breaking task list
2021-01-05 00:41:10 +01:00
6ed78830a0
providers/proxy: check ingress annotations we manage
2021-01-02 01:48:39 +01:00
6fe323f1a7
outposts: by default only check labels
2021-01-02 01:08:05 +01:00
85c2db018e
outposts: ensure field_manager is also used for updates
2021-01-02 00:52:42 +01:00
bc9e7e8b93
build(deps): bump structlog from 20.1.0 to 20.2.0 ( #445 )
...
* build(deps): bump structlog from 20.1.0 to 20.2.0
Bumps [structlog](https://github.com/hynek/structlog ) from 20.1.0 to 20.2.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
* *: use structlog.stdlib instead of structlog for type-hints
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-01-01 15:39:43 +01:00
2e69efe699
providers/saml: sign metadata when signing is enabled
2020-12-31 15:02:21 +01:00
a85b8a65c0
release: 0.14.2-stable
2020-12-31 12:00:31 +01:00
be54ba4fe2
policies: catch error in process to not hang requests
2020-12-31 11:16:17 +01:00
68b9c34f78
policies: fix obj not being set
2020-12-31 11:16:01 +01:00
3584bdf530
events: fix error when creating an even from policyrequests
2020-12-31 11:15:42 +01:00
e712719333
admin: fix reverse urls for application forms
2020-12-31 10:13:06 +01:00
4fde1b7365
providers/saml: allow audience to be empty
2020-12-30 22:15:28 +01:00
412f5b9210
providers/saml: fix signing and verification kp not being set correctly
2020-12-30 22:11:24 +01:00
a9e53cd52a
providers/saml: fix string being passed to lxml
2020-12-30 22:03:01 +01:00
d0ee7908ab
providers/saml: force user to select authz flow for import
2020-12-30 22:02:41 +01:00
e69834dec4
providers/saml: show error message why import failed
2020-12-30 22:02:28 +01:00
16d5e1d9ff
release: 0.14.1-stable
2020-12-29 21:25:49 +01:00
765ae80698
providers/oauth2: fix error when creating RefreshToken
2020-12-29 21:22:49 +01:00
540c22ce15
release: 0.14.0-stable
2020-12-28 17:49:45 +01:00
8c3008abce
release: 0.14.0-rc2
2020-12-28 17:49:39 +01:00
8a22c86aaa
release: 0.14.0-rc1
2020-12-28 17:49:35 +01:00
22ce142cb8
outposts: include protocol in outpost deployment ports
2020-12-28 17:21:02 +01:00
1a292feebb
outposts: always check metadata on reconcile
2020-12-28 17:11:37 +01:00
09f4d812b3
outposts: set field_manager
2020-12-28 17:11:33 +01:00
2bab4ebfe8
core: fix library url pattern not matching SPA
2020-12-28 15:06:25 +01:00
590597caf6
events: replace list view with SPA Page
2020-12-28 14:32:34 +01:00
5f9c1e229c
root: return API dates as timestamp
2020-12-28 13:07:49 +01:00
0e1587bc1a
providers/oauth2: don't write authorization code to event log
2020-12-28 01:07:18 +01:00
dc16a8a4c9
providers/proxy: set proxy-size for nginx for larger response
2020-12-28 00:45:58 +01:00
a6d0c8c26c
providers/saml: Metadata Import ( #432 )
...
* providers/saml: add basic metadata parser
* providers/saml: add importer for Singing certificate, validate signature, add tests
* providers/saml: add provider name to form,
* web: don't use trailing slash for spa URLs
* providers/saml: formatting fixes
* sources/*: add verbose_name to source serializers
* admin: add button launch import modal
2020-12-27 22:38:04 +01:00
e216efb6ec
providers/oauth2: create access tokens as JWT
2020-12-27 19:36:17 +01:00
378fe38b12
providers/oauth2: ensure response is URL fragment only when implicit or hybrid
2020-12-27 19:07:42 +01:00
ce9fb8801c
providers/oauth2: ensure nonce is validated on all OIDC flows
2020-12-27 18:13:41 +01:00
67ca83c228
providers/oauth2: add c_hash field
2020-12-27 18:13:13 +01:00
ee2e737782
providers/oauth2: remove response_type field as spec doesn't require validation
2020-12-27 18:12:47 +01:00
b04c9a2098
providers/oauth2: check redirect_uri before request object
2020-12-27 17:15:36 +01:00
e7c96eb70d
providers/oauth2: Make AuthorizeError's state parameter requireed
2020-12-27 15:33:29 +01:00
e8debce9c8
providers/oauth2: fix infinite loops when prompt=login
2020-12-27 15:23:26 +01:00
bcd0686a33
providers/oauth2: redirect back correctly with state on AuthorizationError
2020-12-27 15:22:53 +01:00
55322995a1
providers/oauth2: make iss field configurable
2020-12-27 15:02:12 +01:00
dff5eb69c8
providers/oauth2: fix token endpoint creating invalid token when no scopes are passed
2020-12-27 14:48:44 +01:00
b747022bc1
providers/oauth2: fix old id_token being sent when using token endpoint with grant_type=refresh_token
2020-12-27 14:33:51 +01:00
885fcff495
providers/oauth2: add grant_types_supported to discovery endpoint
2020-12-27 14:17:40 +01:00
5b18e28753
providers/oauth2: fix include_claims_in_id_token not being shown in form/API
2020-12-27 14:05:10 +01:00
9848c5f3eb
providers/oauth2: implement discovery's scopes_supported better
2020-12-27 13:36:14 +01:00
fc98c3934a
providers/*: implement configuration_error
2020-12-27 13:15:31 +01:00
7964061466
events: add configuration_error action
2020-12-27 13:11:38 +01:00
5f90f54195
stages/invitation: ensure created_by is set when creating from API
2020-12-27 13:11:28 +01:00
49eb568d3c
stages/invitation: remove invitation_created signal as model_created functions the same
2020-12-27 13:00:52 +01:00
d17b2b0d1b
providers/oauth2: add request_parameter_supported
2020-12-27 12:18:23 +01:00
f17d809219
providers/oauth2: add scopes_supported to discovery endpoint
2020-12-26 21:18:16 +01:00
6c8e9fb553
providers/oauth2: add ACR support
2020-12-26 20:16:50 +01:00
43bb29e16a
providers/oauth2: implement max_age param
2020-12-26 20:05:31 +01:00
29edbb0357
providers/oauth2: use auth_time from LOGIN event
2020-12-26 19:05:02 +01:00
12ae867759
providers/oauth2: redirect back on prompt=none error instead of showing message
2020-12-26 18:58:18 +01:00
a20ca9136b
providers/oauth2: use in for prompt check
2020-12-26 18:53:47 +01:00
3759e96e7d
providers/oauth2: ensure interaction_required is raised when prompt=none and user not logged in
2020-12-26 18:45:23 +01:00
480d882a82
policies: add pre_permission_check to PolicyAccessView for request validity checks
2020-12-26 18:43:45 +01:00
e5e1e3737d
providers/oauth2: fix query using user model not dict
2020-12-26 18:20:34 +01:00
8dddcf891e
providers/oauth2: fix "auth_time" being based on user.last_login
2020-12-26 18:11:29 +01:00
319104c39b
providers/oauth2: improve error handling, ensure correct message is shown to user
2020-12-26 17:50:16 +01:00
a9336f069c
flows: add diagrams ( #415 )
...
* flows: initial diagram implementation
* web: install flowchart.js, add flow diagram page
* web: adjust diagram colours for dark mode
* flows: add permission checks for diagram
* flows: fix formatting
* web: fix formatting for web
* flows: add fix when last stage has policy
* flows: add test for diagram
* web: flows/diagram: add support for light mode
* flows: make Flows's Diagram API return json, add more tests and fix swagger response
2020-12-26 17:05:11 +01:00
33f5169f36
core: fix formatting
2020-12-26 15:28:29 +01:00
4c690a20ef
core: fix token update/delete not working
2020-12-26 01:23:34 +01:00
f68c8f7d90
core: fix User's token creation not working
2020-12-26 01:23:18 +01:00
95b56a0005
release: 0.13.5-stable
2020-12-26 00:52:42 +01:00
811c569b54
core: show multi-select notice for SelectMultiple Widgets
2020-12-26 00:43:40 +01:00
3ac3a8eebe
core: fix error during migrations
2020-12-25 23:51:40 +01:00
6a5a243dac
stages/invitation: fix optional field being required
2020-12-25 23:41:34 +01:00
Jens Langhammer
Jens L
dependabot[bot]