authentik

Archived

Author	SHA1	Message	Date
gcp-cherry-pick-bot[bot]	af56ce3d78	core: fix worker beat toggle inverted (cherry-pick #7508 ) (#7509 ) core: fix worker beat toggle inverted (#7508) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>	2023-11-09 18:36:56 +01:00
Jens L	134799c734	root: fix pylint errors (#7312 )	2023-10-26 19:57:11 +02:00
Oleh Vivtash	add873ca9b	core: Use branding_title in the end session page (#7282 ) Update end_session.html Use branding_title in the end session "You've logged out of" section Signed-off-by: Oleh Vivtash <oleh@vivtash.net>	2023-10-25 15:55:20 +02:00
Jens L	e28babb0b8	core: Initial RBAC (#6806 ) * rename consent permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * the user version Signed-off-by: Jens Langhammer <jens@goauthentik.io> t Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * some minor table refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix user, add assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix backend Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add assign API for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding toggle buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude add_ permission for per-object perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission list for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make sidebar update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix page header not re-rendering? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show first category in table groupBy except when its empty Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make model and object PK optional but required together Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow for setting global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude non-authentik permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude models which aren't allowed (base models etc) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure all models have verbose_name set, exclude some more internal objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role perm assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unasign for global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add meta changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clear modal state after submit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles to our group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make recursive group query more usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add name field to role itself and move group creation to signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move rbac stuff to separate django app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make admin interface not require superuser for now, improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace some IsAdminUser where applicable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate flow inspector perms to actual permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix license not being a serializermodel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission modal to models without view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add additional permissions to assign/unassign permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add action to unassign user permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permissions tab to remaining view pages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow inspector permission check Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix codecov config? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure viewsets have an order set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hopefully the last api name change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make perm modal less confusing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start user view permission page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only make delete bulk form expandable if usedBy is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand permission tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user global permission table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests' url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for assign perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unassign tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rebuild permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent assigning/unassigning permissions to internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only enable default api browser in debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role object permissions showing duplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role link on role object permissions table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix object permission modal having duplicate close buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * return error if user has no global perm and no object perms also improve error display on table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system permission for non-object permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow access to admin interface based on perm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't exclude base models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-10-16 17:31:50 +02:00
horego	ab1b3b09d6	core/api: add uuid field to core api user http response (#7110 ) * feat: Add uuid field to core api user response * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: hor <hor@HOSRV> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-10-09 12:34:38 +02:00
Alissa Gerhard	0e5952650b	root: make Celery worker concurrency configurable (#6837 ) * root: made Celery worker concurrency configurable * core: fixed Celery worker command to set autoscaling options to account for worker concurrency setting * Update website/docs/installation/configuration.md Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@beryju.org>	2023-09-26 10:37:22 +00:00
Jens L	3e81824388	core: prevent self-impersonation (#6885 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-26 12:04:40 +02:00
Jens L	7649a57495	core: create app transactional api (#6446 ) * initial api and schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate blueprint importer from yaml parsing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new "must_created" state to blueprints to prevent overwriting objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework validation and error response to make it actually usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add defaults Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework transaction_rollback Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use static method for string imports of subclass Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-17 23:55:21 +02:00
Jens L	515ce94a85	root: add option to disable beat when running worker (#6849 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-12 13:26:23 +02:00
Jens L	0580f32fe6	core: remove celery's duplicate max_tasks_per_child (#6840 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-11 18:12:18 +02:00
Jens L	e373bae189	flows: remove need for post() wrapper by using dispatch (#6765 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-05 22:15:03 +02:00
Jens L	6612f729ec	stages/authenticator: vendor otp (#6741 ) * initial import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update imports Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove email and hotp for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove things we don't need and clean up Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge static Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial merge totp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update webui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup, add doctests to test_runner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup more lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup last tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docstrings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement SerializerModel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-04 11:45:14 +02:00
Jens L	fd561ac802	root: connect to backend via socket (#6720 ) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-09-02 17:58:37 +02:00
Jens L	3f3ca6fe82	core: make groups' parent_name nullable as it might not be set (#6700 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-30 20:39:57 +02:00
Jens L	af200a6bf9	web: cleanup (#6664 ) * web: remove <p> used for padding and do it properly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: remove .form-help-text as it didn't change anything Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move data-list styling to correct scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove title from navbar for docs-only build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 18:24:11 +02:00
Jens L	ccfd45774e	: fix api errors raised in general validate() to specify a field (#6663 ) : fix api errors raised in general validate() to specify a field Signed-off-by: Jens Langhammer <jens@goauthentik.io> remove required flag for tls server name for ldap provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to make timing test less flaky Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-29 14:41:48 +02:00
Jens L	30cb38ac6d	blueprints: fix tag values not resolved correctly (#6653 ) * blueprints: fix tag values not resolved correctly this lead to `null` in an `!Env` tag being returned as `"null"` Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make blueprint user password optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure user doesn't have a usable password set when its an empty string Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-28 18:27:44 +02:00
Jens L	d29163e3ad	core: fix filtering users by type attribute (#6638 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-26 17:26:50 +02:00
Jens L	0472ef583c	core: hotfix group membership check (#6584 )	2023-08-20 23:47:13 +02:00
Jens L	8bba3c0a9b	core: rework recursive group membership (#6017 ) * rework checking group membership and add `user.all_groups` to get full list of groups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor some more for better performance Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate things to use all_groups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix for django 4.2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-18 17:31:39 +02:00
Jens L	287cf6f0c7	web/admin: fix user sorting by active field (#6485 ) * web/admin: fix user sorting by active field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web/admin: fix hide service account toggle Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-08-05 22:07:17 +02:00
Jens L	561e6956fe	root: add get_int to config loader instead of casting to int everywhere (#6436 ) * root: add get_int to config loader instead of casting to int everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling, add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 19:34:59 +02:00
Jens L	10b0c84d97	root: migrate bootstrap to blueprints (#6433 ) * remove old bootstrap Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add meta model to set user password Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure KeyOf works with objects in the state of created that already exist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for shorter form !If tag Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow !Context to resolve other yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't require serializer to be valid for deleting an object Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix check if a model is being created Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove duplicate way to set password Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only change what is required with migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add description Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't require bootstrap in events to fix ci? Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 19:34:46 +02:00
Jens L	09907ecb6a	root: add generated Source docs (#5323 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 11:59:20 +02:00
Jens L	a728dad166	providers/oauth2: fix grant_type password raising an exception (#6333 )	2023-07-22 01:36:55 +02:00
Jens L	d50f92d8b4	enterprise: cleanup v2 (#6330 ) * cleanup minor stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * change default user type to internal to be more consistent Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-21 18:23:51 +02:00
Jens L	2f469d2709	root: partial Live-updating config (#5959 ) * stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-19 23:13:22 +02:00
Jens L	41af486006	enterprise: initial enterprise (#5721 ) * initial Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add external users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui, add more logic, add public JWT validation key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert to not use install_id as session jwt signing key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch to PKI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more licensing stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add install ID to form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use x5c correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * license checks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use production CA Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale, improve ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add direct button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove old attributes from ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove is_enterprise_licensed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin interface styling issue Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/core/models.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * fix default case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-07-17 17:57:08 +02:00
Jens L	d2c4bcf25d	core: fix UUID filter field for users api (#6203 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-10 12:12:39 +02:00
Jens L	a987846c76	root: celery refactor (#6095 ) * root: celery refactor cleanup deprecation messages by configuring celery with a single object run celery as django management command Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve debug experience Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add debugpy to dev dependencies Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix task_always_eager Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-28 16:44:50 +02:00
Jens L	416f916da6	core: fix inconsistent favicon (#6080 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-27 23:13:31 +02:00
Jens L	b0fbd576fc	security: cure53 fix (#6039 ) * ATH-01-001: resolve path and check start before loading blueprints This is even less of an issue since `411ef239f6`, since with that commit we only allow files that the listing returns Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: fix missing user filter for webauthn device This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it. * ATH-01-008: fix web forms not submitting correctly when pressing enter When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user. * ATH-01-004: remove env from admin system endpoint this endpoint already required admin access, but for debugging the env variables are used very little Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-005: use hmac.compare_digest for secret_key authentication Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-009: migrate impersonation to use API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-014: save authenticator validation state in flow context Signed-off-by: Jens Langhammer <jens@goauthentik.io> bugfixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-012: escape quotation marks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add website Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release ntoes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update with all notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-22 22:25:04 +02:00
Jens L	93575a9966	core: prevent selecting a group as a parent of itself (#6016 ) * core: prevent selecting a group as a parent of itself Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api error when no parent is given Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-20 20:21:58 +02:00
Jens L	01311929d1	providers/ldap: improve password totp detection (#6006 ) * providers/ldap: improve password totp detection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add flag for totp mfa support Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keep support for static tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-20 12:09:13 +02:00
Jens L	a5db60129d	*: use dataclass slots wherever applicable (#6005 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-19 18:31:07 +02:00
risson	0041cf88f4	providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918 ) * providers/oauth2: launch url: if URL parsing fails, return no launch URL Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only get provider launch URL when no url is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only catch value error Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-06-09 21:56:34 +02:00
Jens L	fd4c5f5ce7	providers/ldap: fix LDAP Outpost application selection (#5812 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-31 14:14:25 +02:00
Jens L	f0619814f9	blueprints: allow setting user's passwords from blueprints (#5797 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-29 21:28:44 +02:00
Jens L	0d0bb1a559	root: add install ID (#5717 ) * root: add install ID Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add fallback when no migrations table exists Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-22 17:24:12 +02:00
Jens L	bb64fb1130	core: make groups field for user optional (#5702 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-21 15:19:05 +02:00
Jens L	79dcc30778	providers/radius: add warning message when radius provider is not used with outpost (#5656 ) * providers/radius: add warning message when radius provider is not used with outpost same message as Proxy and LDAP provider have Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 16:19:33 +02:00
Jens L	f4b0d6e85c	providers/scim: default to None for fields instead of empty list (#5642 ) * providers/scim: default to None for fields instead of empty list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make name of delete_none_keys clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-17 00:25:28 +02:00
Jens L	92fd6a55db	blueprints: adjust wording on managed field (#5558 )	2023-05-09 23:41:42 +02:00
Jens L	eaa3d11df8	api: modular urls (#5551 ) * api: make API urls modular load API urls from app module's urls file instead of a single static file Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor websocket url mounting Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-09 14:46:47 +02:00
Jens L	7acd0558f5	core: applications backchannel provider (#5449 ) * backchannel applications Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add webui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include assigned app in provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve backchannel provider list display Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make ldap provider compatible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show backchannel providers in app view Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make backchannel required for SCIM Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-05-08 15:29:12 +02:00
Jens L	9f4be4d150	blueprints: support setting file URLs in blueprints (#5510 ) * blueprints: support setting file URLs in blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make new fields not required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include conditional fields in schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-05-08 15:07:00 +02:00
Jens L	5830781a5a	root: add websocket logging (#5408 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-28 20:34:34 +03:00
Jens L	54d508ae8c	ci: fix pyright errors (#5392 ) * ci: fix pyright errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error in oauth 1 source Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove redundant blueprint fixtures Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-27 17:33:47 +03:00
Jens L	6a700cb376	core: fix user metrics for users which can't access events (#5252 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-14 11:20:26 +02:00
Jens L	977757f561	policies: provider raw result for better policy reusability (#5189 ) * policies: include raw_result in PolicyResult Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move ak_call_policy to base evaluator Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-06 09:42:29 +02:00

1 2 3 4 5 ...

632 commits