Commit Graph

308 Commits

Author SHA1 Message Date
Jens Langhammer e758db5727 stages/authenticator_webauthn: make more WebAuthn options configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
Jens Langhammer 0027dbc0e5 root: remove old api path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00
Jens Langhammer c15e4b24a1 release: 2021.12.5 2022-01-06 21:29:12 +01:00
Jens Langhammer 6e53f1689d policies/reputation: rework reputation to use a single entry, include geo_ip data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:02:33 +01:00
Jens Langhammer 212220554f sources/oauth: add additional scopes field to get additional data from provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2047
2022-01-03 16:43:52 +01:00
Jens Langhammer 3e22740eac core: add API endpoint to directly set user's password
closes #2040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:31:58 +01:00
Jens Langhammer 90c31c2214 flows: add test helpers to simplify and improve checking of stages, remove force_str
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:32 +01:00
Jens Langhammer 9154b9b85d web/user: rework user source connection UI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:59:41 +01:00
Jens Langhammer d03b0b8152 outposts: include outposts build hash in state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 15:16:34 +01:00
Jens Langhammer b19da6d774 crypto: return private key's type (required for some oauth2 providers)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:51:28 +01:00
Jens Langhammer 5c5634830f stages/identification: add field for passwordless flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:27:00 +01:00
Jens Langhammer 9c42b75567 release: 2021.12.4 2021-12-23 10:32:48 +01:00
Jens Langhammer 2f3026084e providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:09:49 +01:00
Jens Langhammer 34b11524f1 tenants: add web certificate field, make authentik's core certificate configurable based on keypair
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
Jens Langhammer cf4b4030aa release: 2021.12.3 2021-12-21 20:52:08 +01:00
Jens Langhammer 8599d9efe0 web/admin: auto set the embedded outpost's authentik_host on first view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:27:04 +01:00
Jens Langhammer e9910732bc release: 2021.12.2 2021-12-18 21:03:50 +01:00
Jens Langhammer 61097b9400 policies/password: add minimum digits
closes #1952

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 16:15:56 +01:00
Jens Langhammer 4c5537ddfe sources/oauth: allow writing to user in SourceConnection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1888
2021-12-18 15:33:46 +01:00
NeroPcStation 273f5211a0
providers/saml: Fix typo (#1950) 2021-12-17 11:00:20 +00:00
Jens Langhammer f33190caa5 release: 2021.12.1 2021-12-16 15:48:59 +01:00
Jens Langhammer 2a09fc0ae2 release: 2021.12.1-rc5 2021-12-15 10:21:29 +01:00
Jens Langhammer fbb6756488 Merge branch 'master' into version-2021.12 2021-12-15 10:16:05 +01:00
Jens Langhammer 30386cd899 events: add custom manager with helpers for metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:49:33 +01:00
Jens Langhammer 64a10e9a46 events: fix schema for top_per_user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 21:08:15 +01:00
Jens Langhammer 0b00768b84 events: add flow_execution event type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 16:13:51 +01:00
Jens Langhammer 8c16dfc478 stages/invitation: use GroupMemberSerializer serializer to prevent all of the user's groups and their users from being returned
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 15:56:13 +01:00
Jens Langhammer 4e6714fffe stages/authenticator_webauthn: make user_verification configurable
closes #1921

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 09:58:20 +01:00
Jens Langhammer 2993f506a7 sources/oauth: implement apple native sign-in using the apple JS SDK
closes #1881

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-14 00:40:29 +01:00
Jens Langhammer 4911a243ff sources/oauth: add initial okta type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1910
2021-12-13 21:48:59 +01:00
Jens Langhammer 09b02e1aec release: 2021.12.1-rc4 2021-12-13 12:53:58 +01:00
Jens Langhammer 5914bbf173 Merge branch 'master' into version-2021.12
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Dockerfile
2021-12-13 10:54:21 +01:00
Jens Langhammer 340a9bc8ee core: fix error when using invalid key-values in attributes query
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-09 19:53:47 +01:00
Jens Langhammer ffb0135f06 release: 2021.12.1-rc3 2021-12-09 13:23:41 +01:00
Jens Langhammer ee0ddc3d17 Merge branch 'master' into version-2021.12 2021-12-09 13:23:28 +01:00
Jens Langhammer e3e9178ccc web/admin: show outpost warning on application page too
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 10:10:44 +01:00
Jens Langhammer b694816e7b sources/*: Allow creation of source connections via API
closes #1888

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-06 10:05:42 +01:00
Jens Langhammer 6a3f7e45cf providers/saml: add ?force_binding to limit bindings for metadata endpoint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-05 11:14:42 +01:00
Jens Langhammer 2b5504ff63 release: 2021.12.1-rc2 2021-12-04 20:06:41 +01:00
Jens Langhammer 639c2f5c2e Merge branch 'master' into version-2021.12 2021-12-04 19:55:37 +01:00
Jens Langhammer f1b9021e3e sources/ldap: add optional tls verification certificate
closes #1875

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-03 10:09:13 +01:00
Jens Langhammer 60b95271eb outposts/proxy: add additional headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-01 20:19:09 +01:00
Jens Langhammer e6818c1f6a release: 2021.12.1-rc1 2021-12-01 13:08:13 +01:00
Jens Langhammer e3a5ef1907 root: make sentry sample rate configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 13:52:34 +01:00
Jens Langhammer 5c54de66fc *: add meta_model_name field to all models with inheritance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-26 10:32:39 +01:00
Jens Langhammer 2c0d8d8943 core: add meta_model_name to MetaNameSerializer to easily show relevant events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-26 10:27:08 +01:00
Jens Langhammer 0b8cfd437b *: fix typo'd signing pair name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-24 09:55:10 +01:00
Jens Langhammer b0fac9c9f1 providers/saml: fix SessionNotOnOrAfter not being included
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 12:36:40 +01:00
Jens Langhammer 2a3b049b01 release: 2021.10.4 2021-11-12 12:31:24 +01:00
Jens Langhammer c98bdbacc5 providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-10 23:06:21 +01:00
Jens Langhammer ab2b13938e release: 2021.10.3 2021-11-08 20:52:11 +01:00
Jens Langhammer da74304221 stages/prompt: add text_read_only field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-08 14:45:56 +01:00
Jens Langhammer 1cc60f572d root: use forked openapi-generator
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 19:10:17 +01:00
Jens Langhammer 90151a13ae stages/identification: only allow limited challenges for login sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-06 14:53:38 +01:00
Jens L 5a8c66d325
providers/ldap: memory Query (#1681)
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/ldap: add basic in-memory searcher

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/ldap: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Jens Langhammer 909461e533 providers/*: include list of outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 01:06:04 +01:00
Jens Langhammer 4a89be3048 core: include parent group name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 00:11:17 +01:00
Jens Langhammer 738e4d5c74 web/admin: only show flows with an invitation stage configured instead of all enrollment flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1720
2021-11-04 20:54:55 +01:00
Jens Langhammer 5374352411 sources/plex: allow users to connect their plex account without login flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-03 21:09:02 +01:00
Jens Langhammer 58c221e867 release: 2021.10.2 2021-11-03 10:07:28 +01:00
Jens Langhammer af83308fd4 stages/prompt: fix type in Prompt not having enum set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-01 20:44:48 +01:00
Jens Langhammer 5646141fe2 stages/identification: add show_source_labels option, to show labels for sources
closes #1679

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:57:48 +01:00
Jens Langhammer 2788329880 release: 2021.10.1 2021-10-31 10:56:21 +01:00
Jens Langhammer f5dc81907a core: add created field to source connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 15:02:41 +02:00
Jens Langhammer d70c8fbcc3 core: add API for all user-source connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-30 14:36:54 +02:00
Jens Langhammer e771e1857f core: add API to list all authenticator devices
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-29 09:08:48 +02:00
Jens Langhammer 381010600f release: 2021.10.1-rc3 2021-10-27 18:57:07 +02:00
Jens Langhammer 731f5d0199 release: 2021.10.1-rc2 2021-10-21 16:38:30 +02:00
dependabot[bot] 6fc54ed7c6 build(deps): bump postcss from 8.3.9 to 8.3.10 in /website (#1652)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 10:29:48 +02:00
Jens Langhammer 2df4322ecf sources/oauth: add choices to oauth provider_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-20 00:11:19 +02:00
Jens Langhammer 5da7d9a573 release: 2021.10.1-rc1 2021-10-19 15:34:59 +02:00
Jens Langhammer f62786e58b policies: add additional filters to create flow charts on frontend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-15 18:21:44 +02:00
Jens Langhammer 9bc9568008 stages/authenticator_sms: make fields non-nullable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 11:42:11 +02:00
Skyler Mäntysaari 634375c43f stages/authenticator_sms: add generic provider (#1595)
* stages/sms: New SMS provider, aka wrapper for outside API

* web/pages/authenicator_sms: Conditionally show options based on provider.

* stages/authenicator_sms: Fixing up the model.

* Whoops

* stages/authenicator_sms: Adding supported auth types for Generic provider.

* web/pages/stages/authenicator_sms: Added auth type for generic provider

* web/pages/stages/authenicator_sms: Fixing up my generic provider options.

* stages/authenicator/sms: Working version of generic provider.

* stages/authenicator/sms: Cleanup and creating an event on error.

* web/ages/stages/authenicator_sms: Made a default for Auth Type and cleaned up the non-needed name attribute.

* stages/authenicator_validate: Fixing up the migration as it had no SMS.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* stages/authenicator_sms: Removd non-needed migration and better error code handling.

* web/pages/stages/authenicator_sms: Provider default is not empty anymore.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-14 10:24:15 +02:00
Jens L aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
* stages/authenticator_sms: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add initial stage UI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: clear invalid state when old input was invalid but new input is correct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add more logic

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add basic SMS settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: initial working version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: optimise totp password manager entry on authenticator_validation stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add grouping support for table

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: allow sms class in authenticator stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add grouping to more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: add SMS support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add throttling for flow executor based on session key and pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix style issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: add workflow to compile backend translations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-11 17:51:49 +02:00
Jens Langhammer b80ecd4668 stages/prompt: fix wrong field type of field_key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-10 18:54:56 +02:00
Jens Langhammer d959b7a930 Merge branch 'version-2021.9' 2021-10-10 14:35:40 +02:00
Jens Langhammer 619203c177 release: 2021.9.8 2021-10-10 13:12:26 +02:00
Jens Langhammer dff0613b3d crypto: add managed field, prepare managed JWT cert
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 19:14:39 +02:00
Jens Langhammer 09696207a6 web/user: remove debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 16:03:14 +02:00
Jens Langhammer b33ea9cc61 core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-09 15:35:18 +02:00
Jens Langhammer 57e5acaf2f stages/prompt: add sub_text field to add HTML below prompt fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-07 18:34:37 +02:00
Jens Langhammer 8c27616d0c Merge branch 'version-2021.9' 2021-10-06 21:04:16 +02:00
Jens Langhammer e444d0d640 release: 2021.9.7 2021-10-06 20:57:56 +02:00
Jens Langhammer d75c63d38b Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-06 00:04:09 +02:00
Jens Langhammer 2b730dec54 release: 2021.9.6 2021-10-05 22:22:54 +02:00
Jens Langhammer 79eec5a3a0 core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:49:14 +02:00
Jens Langhammer c1f302fb7c core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:48:53 +02:00
Jens Langhammer d1a1bfbbc5 web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:47:49 +02:00
Jens Langhammer 9e7e22367b core: include group uuids in self serializer
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 13:10:44 +02:00
Jens Langhammer f5761dc70d core: only return group names for user_self
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 12:31:25 +02:00
Jens Langhammer 847cfed73f web/user: don't show managed tokens in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 11:11:34 +02:00
Jens Langhammer 1c340ddbbd Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/package-lock.json
#	web/package.json
2021-10-04 22:02:56 +02:00
Jens Langhammer bcf7e162a4 release: 2021.9.5 2021-10-04 20:08:46 +02:00
Jens Langhammer cb37e5c10e stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/fr_FR.po
2021-10-04 18:50:19 +02:00
Jens Langhammer 0692663537 stages/email: add activate_user_on_success flag, add for all example flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:47:51 +02:00
Jens Langhammer faca127217 Merge branch 'version-2021.9'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
2021-10-01 12:19:11 +02:00
Jens Langhammer 1a6ea72c09 release: 2021.9.4 2021-10-01 09:51:51 +02:00
Jens L f9ad102915
flows: inspector (#1469)
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-28 09:36:48 +02:00
Jens Langhammer 941bc61b31 release: 2021.9.3 2021-09-27 17:31:50 +02:00