trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
12868 commits 95 branches 330 tags 336 MiB
Commit graph

303 commits

Author SHA1 Message Date
Jens Langhammer 0d47654651 root: add max-requests for gunicorn and max tasks for celery 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-26 10:04:58 +01:00
Jens Langhammer 994c5882ab root: fix error if secret_key is purely numerical 
closes #2099

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-18 09:17:33 +01:00
Jens Langhammer 0db0a12ef3 root: rename csrf header 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-16 16:17:44 +01:00
Jens Langhammer 111fbf119b *: refactor prometheus gauges to directly updating metrics view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-16 13:57:07 +01:00
Jens Langhammer 92cc0c9c64 root: decrease to 10 backup history 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-14 19:59:50 +01:00
Jens Langhammer fae6d83f27 *: simplify extracting current version info 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-13 17:47:31 +01:00
Jens Langhammer ed84fe0b8d root: set samesite for csrf cookie 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 23:14:14 +01:00
Jens Langhammer f9a5add01d root: include build in analytics 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:18:52 +01:00
Jens Langhammer 2986b56389 root: fix backups running every minute instead of once 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:09:44 +01:00
Jens Langhammer 0027dbc0e5 root: remove old api path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-06 22:21:21 +01:00
Jens Langhammer 22d6621b02 root run backup every 24 hours 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-06 15:29:11 +01:00
Jens Langhammer 6e53f1689d policies/reputation: rework reputation to use a single entry, include geo_ip data 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-05 21:02:33 +01:00
Jens Langhammer 31ba543c62 *: don't use exception keyword with structlog 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-03 21:33:52 +01:00
Jens Langhammer 22d1dd801c root: also use analytics uuid for sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-24 15:13:27 +01:00
Jens Langhammer c78236a2a2 root: don't set secure cross opener policy 
closes #1977

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 19:16:22 +01:00
Jens Langhammer 3da526f20e root: allow trace log level to work for core/embedded 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 21:11:47 +01:00
Jens Langhammer 8e6fcfe350 root: fix inconsistent URL quoting of redis URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 22:24:41 +01:00
Jens Langhammer 71a22c2a34 outposts: add unittests for docker controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-17 13:42:33 +01:00
Jens Langhammer 6ff8fdcc49 root: enable threading integration in sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-15 15:49:08 +01:00
Jens Langhammer 8cdf22fc94 root: set default redis iter to 1000 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-12 20:24:43 +01:00
Jens Langhammer 8a8aafec81 root: enable boto3 sentry integration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-12 14:38:24 +01:00
Jens Langhammer e3129c1067 root: bump celery messages to info 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-11 13:59:56 +01:00
Jens Langhammer b761659227 root: use ghcr for containers during testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-10 20:57:09 +01:00
Jens Langhammer 6209714f87 policies/expression: add ak_call_policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-09 09:39:28 +01:00
Jens Langhammer 1ed2bddba7 root: fix celery task ID not being included in log 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-09 09:36:52 +01:00
Jens Langhammer 26b35c9b7b root: fix name conflict in threadlocal 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-08 21:42:48 +01:00
Jens Langhammer 86a9271f75 root: add request_id to celery tasks, prefixed with "task-" 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-08 21:34:20 +01:00
Jens Langhammer 402ed9bd20 root: allow usage of --randomly-seed for testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-08 21:33:41 +01:00
Jens Langhammer 7e316b5fc2 root: add missing sample_rate default 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-02 19:54:37 +01:00
Jens Langhammer e3a5ef1907 root: make sentry sample rate configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-29 13:52:34 +01:00
Jens Langhammer 363aed2a47 root: url quote redis passwords for connection string 
closes https://github.com/goauthentik/helm/issues/39

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-25 18:05:36 +01:00
Jens Langhammer 75724b6f8d root: make testing output more consistent 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-23 23:46:27 +01:00
Jens Langhammer b2d2e7cbc8 tests/e2e: remove logger 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-23 21:19:33 +01:00
Jens Langhammer 91fd792f88 tests/e2e: use generated uid 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-23 19:19:13 +01:00
Jens Langhammer d785998c5a Revert "root: disable random tests for now" 
This reverts commit 8ba9553220.
 2021-11-23 18:46:51 +01:00
Jens Langhammer 8ba9553220 root: disable random tests for now 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-23 17:57:56 +01:00
Jens Langhammer e32d4f0095 tests/e2e: don't run e2e tests randomly for now 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-23 00:32:24 +01:00
Jens Langhammer 61621e7d60 lifecycle: improve backup restore by dropping database before 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-20 00:32:24 +01:00
Jens Langhammer bb6eed0db1 root: properly catch 404 errors for websocket connections 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-19 23:19:07 +01:00
Jens Langhammer e831e4fb94 root: add lifespan shim to prevent errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-16 13:25:03 +01:00
Jens Langhammer 638e8d741f *: fix multiple tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-16 10:38:21 +01:00
Jens Langhammer d12e24017e outposts: add websocket tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-15 23:58:19 +01:00
Jens Langhammer 867fb0dac0 root: fix settings for managed not loaded 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-15 19:49:03 +01:00
Jens Langhammer 2666aa2c73 root: add errorhandling in log middleware 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-15 17:11:44 +01:00
Jens Langhammer e08077c73a root: replace asgi-based logger with middleware 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-15 16:32:56 +01:00
Jens Langhammer e73606b54d root: catch error in analytics on startup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-10 11:28:08 +01:00
Jens Langhammer 5d479a6c8f root: set utm_source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-09 23:23:47 +01:00
Jens Langhammer 9ca15983a2 root: keep last 30 backups 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-08 17:46:25 +01:00
Jens Langhammer c6cc1b1728 root: fix defaults for EMAIL_USE_TLS 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-07 21:37:14 +01:00
Jens Langhammer 8d766efecb root: don't set signal on start when running in ci or dev 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-04 14:32:21 +01:00
Jens Langhammer bcd42fce13 root: further improve detection of environment we're running in 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-04 13:35:22 +01:00
Jens Langhammer 6deddd038f internal: start embedded outpost directly after backend is healthy instead of waiting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-04 13:18:04 +01:00
Jens Langhammer 3b47cb64da root: improve compose detection, add anonymous stats 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-04 13:16:21 +01:00
Jens Langhammer af83308fd4 stages/prompt: fix type in Prompt not having enum set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-01 20:44:48 +01:00
Jens Langhammer 5d9bed130a root: fix Detection of S3 settings for backups 
closes #1698

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-31 16:54:10 +01:00
Jens Langhammer 3647633232 core: cleanup embedded outpost logging, log user for http requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-20 22:12:49 +02:00
Jens Langhammer eba91c6b2b root: add cookie domain setting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-20 18:26:22 +02:00
dependabot[bot] 8040e2b6e4
build(deps): bump webauthn from 0.4.7 to 1.0.0 (#1625) 
* build(deps): bump webauthn from 0.4.7 to 1.0.0

Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 0.4.7 to 1.0.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v0.4.7...v1.0.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* stages/authenticator_webauthn: migrate to new library version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: migrate to new version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_webauthn: add bytes_to_base64url_dict for json encoding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* actually don't do that

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing response on web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more double json

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more base64 stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* working

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: always sync

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-15 23:26:29 +02:00
Jens Langhammer 5f9dda2e58 outposts: rename docker_image_base to container_image_base, since its not docker specific 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-14 20:28:30 +02:00
Jens Langhammer dd9dc7e596 root: fix error with sentry proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-14 19:45:01 +02:00
Jens Langhammer 98907ec889 root: remove structlog.processors.format_exc_info for new structlog version 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-13 09:42:49 +02:00
Jens Langhammer 3e5b05203b Revert "root: handle liveness probe in router" 
This reverts commit d39dbc7287.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 18:44:37 +02:00
Jens Langhammer d39dbc7287 root: handle liveness probe in router 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 14:54:15 +02:00
Jens Langhammer ecfc3a6d93 *: migrate everything to goauthentik.io docker proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 11:04:47 +02:00
Jens L aef9d27706
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) 
* stages/authenticator_sms: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add initial stage UI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: clear invalid state when old input was invalid but new input is correct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add more logic

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add basic SMS settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: initial working version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_sms: add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: optimise totp password manager entry on authenticator_validation stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add grouping support for table

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: allow sms class in authenticator stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add grouping to more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/authenticator_validate: add SMS support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add throttling for flow executor based on session key and pending user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix style issues

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: add workflow to compile backend translations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-11 17:51:49 +02:00
Jens L 7bf587af24
ci: push dev images to ghcr (#1591) 
* ci: push dev images to ghcr

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: use new ghcr images

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: use ghcr proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-11 14:08:34 +02:00
Jens Langhammer 7d9251ce2f root: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-09 20:56:49 +02:00
Jens Langhammer 846c971674 root: add translation for backend strings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-09 20:07:28 +02:00
Jens Langhammer aee58c8d53 root: add docker-native healthcheck for web and celery 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-05 20:45:18 +02:00
Jens Langhammer 3d8d93ece5 root: log failed celery tasks to event log 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 12:42:42 +02:00
dependabot[bot] 3e4ce62dfe
build(deps-dev): bump pylint from 2.10.2 to 2.11.1 (#1409) 
* build(deps-dev): bump pylint from 2.10.2 to 2.11.1

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.10.2 to 2.11.1.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/main/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.10.2...v2.11.1)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* root: update pylint config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-17 09:46:39 +02:00
Jens Langhammer 95efd47f65 root: remove asgi error handler 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 12:23:14 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00
Jens Langhammer eeb755ab7d root: show location header in logs when redirecting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-07 11:04:00 +02:00
Jens Langhammer 0bae550520 root: include authentik version in backup naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-05 20:25:02 +02:00
Jens Langhammer 3378e82ec7 root: fix is_secure with safari on debug environments 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-04 13:45:50 +02:00
Jens Langhammer c2b9dc5c75 api: cache schema, fix server urls 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 10:23:14 +02:00
Jens Langhammer 7fea20375f *: fix tests not using APITestCase 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 19:14:21 +02:00
Jens Langhammer f0db408699 api: add v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 17:40:02 +02:00
Jens Langhammer cc5cc43baa api: fix sentry endpoint not working due to mime-media 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 16:56:53 +02:00
Jens Langhammer e512f085db root: allow enabling s3 backup ssl verification 
closes #1332

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-02 09:41:55 +02:00
Jens Langhammer e92f9836e3 root: allow django auth backend for upgrading users with cache 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-26 17:57:25 +02:00
Jens Langhammer 8d6227377f core: fix error for asgi error handler with websockets 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-25 10:24:01 +02:00
Jens Langhammer 884c2bd0e9 root: fix missing ldap backend 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-24 13:03:19 +02:00
Jens Langhammer 244dc671db Merge branch 'master' into app-passwords 2021-08-23 17:12:17 +02:00
Jens Langhammer 4308136108 root: fix error_handler for websocket 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:12:11 +02:00
Jens Langhammer 69a0153619 core: use custom inbuilt backend, set backend login information in flow plan for events 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 17:09:53 +02:00
Jens Langhammer e4790f9060 core: handle error when ?for_user is not numberical 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:25:18 +02:00
Jens Langhammer 58712047e1 root: add ASGI Error handler 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 15:15:12 +02:00
Jens Langhammer c92c0102ca website/docs: add database port parameter 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-12 02:24:36 +02:00
Jens Langhammer 7a836e0d7e api: fix backup capability not being detected correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 00:32:29 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 17:45:16 +02:00
Jens Langhammer ff64814f40 web/admin: improve UI for notification toggle 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 14:17:56 +02:00
Jens Langhammer 538a466090 root: fix middleware exception for outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-18 22:10:50 +02:00
Jens Langhammer 322a343c81 root: fix log level not being set to DEBUG for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-18 21:45:08 +02:00
Starz0r ae77c872a0
root: celery requires additional parameters when tls is enabled (#1148) 2021-07-16 08:51:09 +02:00
Starz0r a5bb583268
root: optional TLS support on redis connections (#1147) 
* root: optional TLS support on redis connections

* root: don't use f-strings when not interpolating variables

* root: use f-string in redis protocol prefix interpolation

* root: glaring typo

* formatting

* small formatting change I missed

* root: swap around default redis protocol prefixes
 2021-07-15 11:48:52 +02:00
Jens Langhammer 2036827f04 api: add sentry tunnel 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-13 10:58:14 +02:00
Starz0r 5cfbb0993a
Allow for Configurable Redis Port (#1124) 
* root: make redis port configurable

* root: parse redis port from config as an integer

* code formatting

* lifecycle: truncate line under 100 chars

* lifecycle: incorrect indenting on newline
 2021-07-12 11:01:41 +02:00
Jens Langhammer 007838fcf2 root: subclass SessionMiddleware to set Secure and SameSite flag depending on context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 14:48:36 +02:00
Jens Langhammer 7c51afa36c root: set samesite to None for SAML POST flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 12:39:51 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095) 
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-30 10:37:28 +02:00
Jens Langhammer 60c3cf890a events: add ability to create events via API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-26 23:37:03 +02:00
Jens Langhammer de954250e5 root: make general cache timeouts configurable 
closes #974

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 10:18:49 +02:00
Jens Langhammer 9aac114115 root: save temporary database dump in /tmp 
closes #1055

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 09:58:19 +02:00
Jens Langhammer 9cb7e6c606 root: set outposts.docker_image_base to gh-master for tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-19 15:49:49 +02:00
Jens Langhammer ddfc943bba root: fix build_hash being set incorrectly for tagged versions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 13:32:18 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971) 
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 23:10:17 +02:00
Jens Langhammer 88cc38394e root: improve sentry tags to simplify queries 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 14:51:43 +02:00
Jens Langhammer 17326615b7 events: rewrite GeoIP to a wrapper, reload file every 8 hours 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 00:42:41 +02:00
Jens Langhammer f996f9d4e3 tests/e2e: ensure outpost service account has correct permissions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-04 09:46:31 +02:00
Jens Langhammer e9621bae06 tests: show logs for containers on failed e2e tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-03 22:17:18 +02:00
Jens Langhammer 14f85ec980 tenants: migrate context_processor to tenants 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-29 18:01:48 +02:00
Jens Langhammer ff611f21cd tenants: initial implementation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-29 17:47:25 +02:00
Jens Langhammer 1b346866da Merge branch 'master' into duo 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
 2021-05-24 14:54:24 +02:00
Jens Langhammer 9f5a3c396d stages/authenticator_duo: initial duo stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-23 21:10:39 +02:00
Jens L 53e2b2c784
Prometheus metrics (#914) 
* admin: add worker metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* admin: add version metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add gauge for system tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: add gauge for last hello and connection status

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: re-add prometheus metrics to database

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: allow access to metrics without credentials when debug is on

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: add UpdatingGauge to auto-set value on load

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add metrics for cache and building

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: add metrics for policy engine

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add histogram for task durations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: revert to gauge because values are updated on export view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add gauge to count all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* events: add metrics for events

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-23 20:29:34 +02:00
Jens Langhammer 1a0f72d0a8 Merge branch 'version-2021.5' into next 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/stages/authenticator_static/api.py
#	swagger.yaml
 2021-05-21 21:33:18 +02:00
Jens Langhammer d9a788aac8 api: rename auth to authentication, add authorization for rest_framework permission class 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-21 20:14:03 +02:00
Jens Langhammer 92f2a82c03 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-20 01:10:08 +02:00
Jens Langhammer acf1ad91d9 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-19 23:34:27 +02:00
Jens Langhammer 7f4bd27b85 Merge branch 'master' into openapi-v3 2021-05-16 23:51:45 +02:00
Jens Langhammer b66626f9c4 ci: generate secert_key for CI runs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 23:46:23 +02:00
Jens Langhammer ae6a406b1d Merge branch 'master' into openapi-v3 2021-05-16 22:29:39 +02:00
Jens Langhammer 45c1a603e7 root: fix linting 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 22:29:28 +02:00
Jens Langhammer 330219e76f Merge branch 'master' into openapi-v3 2021-05-16 22:26:07 +02:00
Jens Langhammer 583271d5ed root: only load debug secret key when debug is enabled 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 22:25:55 +02:00
Jens Langhammer 0db17b9729 root: remove yasg 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 22:18:04 +02:00
Jens Langhammer cbed5a6522 api: fix missing error definitions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 19:53:04 +02:00
Jens Langhammer ef9f08553c *: linting pass, rename from swagger to schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:22:57 +02:00
Jens Langhammer 4fb71a6bdd api: fix pagination schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:08:51 +02:00
Jens Langhammer cac1f242dc *: replace swagger with openapi 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 14:23:05 +02:00
Jens Langhammer 0bac738090 *: fix static response descriptions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 14:07:29 +02:00
Jens Langhammer 1324d03815 *: initial migration to openapi v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 23:57:28 +02:00
Jens Langhammer c55f2ad10a root: set additional sentry tags 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 19:53:43 +02:00
Jens Langhammer 9a0aa4c79b outposts/ldap: add infinite loop prevention 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-12 18:31:44 +02:00
Jens Langhammer 52cf4890cf root: remove servername from backup files 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-12 17:53:23 +02:00
Jens Langhammer c7f0ea8a4b root: update dbbackup to git version 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-12 01:20:31 +02:00
Jens Langhammer 96ea7ae09c root: allow configuration of s3 backup location 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 02:10:00 +02:00
Jens Langhammer 172bfceb31 root: fix db backup failing when password has special chars 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 02:01:22 +02:00
Jens Langhammer c7d4e69669 root: make database port configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-10 19:25:15 +02:00
Jens Langhammer 99d161e212 Merge branch 'master' into outpost-ldap 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/policies/event_matcher/migrations/0013_alter_eventmatcherpolicy_app.py
 2021-05-04 21:02:20 +02:00
Jens Langhammer 812be495a5 Merge branch 'master' into go-proxy 2021-05-03 22:53:33 +02:00
Jens Langhammer 988cf15b71 root: initial go proxy, update compose and helm 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-03 09:39:09 +02:00
Jens Langhammer f1b100c8a5 sources/plex: initial plex source implementation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-02 14:43:51 +02:00
Jens Langhammer 4d858c64e0 Merge branch 'master' into outpost-ldap 2021-04-27 17:08:26 +02:00
Jens Langhammer e9e0992dce root: add middleware to properly report websocket connection to sentry 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 16:21:44 +02:00
Jens Langhammer f89479caf3 providers/ldap: add LDAP provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 11:52:42 +02:00
Jens Langhammer 799d186510 web/flows: fix Sentry not being loaded correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 20:48:22 +02:00
Jens Langhammer 5df9ad63cf root: base Websocket message storage on Base not fallback 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-16 23:46:03 +02:00