authentik

Archived

Author	SHA1	Message	Date
Jens L	7b0d8f8991	providers/scim: ensure scim group member isn't None (#5391 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-27 15:03:50 +03:00
Jens L	e75e2cf324	website/docs: flow context docs (#5243 ) * add flow context docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup some redundant things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * added more section headers * tweaked new headings * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * add more keys, use dedicated prefix for internal keys Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set toc_max_heading_level: 5 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update datatypes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more consistent header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * Update website/docs/flow/context/index.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana Berry <tana@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>	2023-04-20 17:31:34 +00:00
Jens L	dfa80543b5	root: add ruff linter (#5240 ) * root: add ruff linter Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually add ruff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-18 13:28:19 +02:00
Jens L	6a74fa11c6	providers/oauth2: inconsistent client secret generation (#5241 ) * use simpler char set for client secret Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also adjust radius Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use similar logic in web to generate ids and secrets Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont use math.random Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-04-13 15:06:28 +02:00
Jens L	1d2725825c	providers/scim: add missing default fields (#5108 ) * providers/scim: add missing default fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4554 * update tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-28 14:42:52 +02:00
Jens L	b097cf4d7e	providers/scim: fix error when user-group m2m is updated forward (#5082 ) * providers/scim: fix error when user-group m2m is updated forward Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-26 22:34:53 +02:00
Jens L	3f5effb1bc	providers/radius: simple radius outpost (#1796 ) * initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-20 16:54:35 +01:00
Jens L	2a399cf8e8	providers/oauth2: fix response for response_type code and response_mode fragment (#4975 )	2023-03-16 15:58:38 +01:00
Jens L	73d7b5f110	root: add common fixture loader (#4946 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-14 17:13:03 +01:00
Jens L	4b1440944e	providers: fix authorization_flow not required in API (#4932 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 23:36:24 +01:00
Jens L	178bfe1d44	providers/scim: handle ServiceProviderConfig 404 (#4915 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-13 13:44:29 +01:00
dependabot[bot]	0ef333f8ea	core: bump bandit from 1.7.4 to 1.7.5 (#4896 ) * core: bump bandit from 1.7.4 to 1.7.5 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-03-10 12:06:59 +01:00
Jens L	6ae2fc9668	providers/SCIM: customizable externalId, document behavior (#4868 ) * only set externalId if mapping hasn't set it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better document use of SCIM in conjunction with OAuth/SAML Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-08 00:15:16 +01:00
Jens L	9559bc2e1e	providers/scim: add option to filter out service accounts, parent group (#4862 ) * add option to filter out service accounts, parent group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to filter group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework sync card to show scim sync status Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-07 15:39:48 +01:00
Jens L	28ddeb124f	providers: SCIM (#4835 ) * basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-03-06 19:39:08 +01:00
Jens L	20e971f5ce	flows: planner error handling (#4812 ) * handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-28 15:18:29 +01:00
Jens L	5e60db8593	providers/oauth2: fix typo (#4803 )	2023-02-27 17:17:48 +01:00
Jens L	80f4fccd35	providers/oauth2: OpenID conformance (#4758 ) * don't open inspector by default when debug is enabled Signed-off-by: Jens Langhammer <jens@goauthentik.io> * encode error in fragment when using hybrid grant_type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * require nonce for all response_types that get an id_token from the authorization endpoint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set empty family_name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only set at_hash when response has token Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleaner way to get login time Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove authentication requirement from authentication flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix auth_time not being handled correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test files Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove USER_LOGIN_AUTHENTICATED Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework prompt=login handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also set last login uid for max_age check to prevent double login when max_age and prompt=login is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-23 15:26:41 +01:00
Jens Langhammer	1f7178c3a8	providers/oauth2: remove unused import Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-22 11:11:20 +01:00
Jens Langhammer	cfa2edebcf	providers/oauth2: revert PKCE requirement for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-21 23:51:27 +01:00
Jens Langhammer	069e9c015b	events: fix m2m_change events not being logged Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 16:28:30 +01:00
Jens Langhammer	c6ead3dc49	providers/oauth2: make PKCE required for public clients Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-17 18:08:39 +01:00
Jens Langhammer	1a57d453ba	providers/oauth2: fix missing information for Revoked token access events Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-16 14:47:07 +01:00
Jens Langhammer	1240ed6c6d	providers/oauth2: fix inconsistency in event client_credentials created events Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-13 11:17:03 +01:00
sdimovv	10b9878f03	providers/saml: fix mismatched SAML SLO Urls (#4655 ) * Fix SLO URL Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Fixed SAML SLO URLs * Revert "Fix SLO URL" This reverts commit `664051934b`. --------- Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2023-02-10 20:30:38 +01:00
Jens Langhammer	8de92943ab	providers/saml: fix invalid SAML provider metadata, add schema tests Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-10 12:32:18 +01:00
Jens L	af43330fd6	providers/oauth2: rework OAuth2 Provider (#4652 ) * always treat flow as openid flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve issuer URL generation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update introspection Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refinement Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more things, update api Signed-off-by: Jens Langhammer <jens@goauthentik.io> * regen migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch of things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start updating tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix implicit flow, auto set exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timeozone not used correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix revoke Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more timezone shenanigans Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix userinfo tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix proxy outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing at_hash for implicit flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-include at_hash in implicit auth flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use folder context for outpost build Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-09 20:19:48 +01:00
Jens Langhammer	ec9085ff06	providers/oauth2: don't use policy cache for token requests Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-07 23:53:50 +01:00
Jens Langhammer	66aabcc371	providers/oauth2: fix token login event args not set correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-05 00:45:54 +01:00
Jens Langhammer	388367785d	*/saml: disable pretty_print, add signature tests closes #4536 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-03 15:42:09 +01:00
Jens L	798245b8db	providers/oauth2: optimise client credentials JWT database lookup (#4606 )	2023-02-02 19:15:19 +01:00
dependabot[bot]	c590cb86cf	core: bump pylint from 2.15.10 to 2.16.0 (#4600 ) * core: bump pylint from 2.15.10 to 2.16.0 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.10 to 2.16.0. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-02 11:05:46 +01:00
dependabot[bot]	18cfe67719	core: bump black from 22.12.0 to 23.1.0 (#4584 ) * core: bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * re-format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 11:31:32 +01:00
Ellis Percival	eb60bba0d5	providers/oauth2: cast user.pk to string when using it for token 'sub' value (#4570 )	2023-01-30 15:38:10 +00:00
Jens Langhammer	72168fae29	providers/oauth2: add user id as "sub" mode Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-29 16:15:03 +01:00
Jens Langhammer	96eeb91493	providers/oauth2: only set auth_time in ID token when a login event is stored in the session Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-29 16:00:19 +01:00
Jens Langhammer	a302a72379	crypto: fallback when no SAN values are given Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 19:40:24 +01:00
Jens L	e390f5b2d1	providers/oauth2: more x5c and ecdsa x/y tests (#4463 ) * add option to exclude x5* Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4082 * cleanup jwks, add flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add workaround based on https://github.com/jpadilla/pyjwt/issues/709 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't rstrip hashes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * keycloak seems to strip equals Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 18:11:36 +00:00
Jens Langhammer	fdc445e6a1	ensure we don't generate an empty SAN certificate Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-18 18:44:41 +01:00
Jens L	23c69c456a	providers/proxy: add setting to intercept authorization header (#4457 ) * add setting to intercept authorization header Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to intercept_header_auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-17 18:56:48 +01:00
Jens L	9568f4dbd6	root: improve code style (#4436 ) * cleanup pylint comments Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix url name Signed-off-by: Jens Langhammer <jens@goauthentik.io> * *: use ExtractHour instead of ExtractDay Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-15 17:02:31 +01:00
Jens Langhammer	1f038ecee2	providers/oauth2: fallback to anonymous user for policy engine Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 20:22:06 +01:00
Jens Langhammer	1b1f2ea72c	providers/oauth2: actually fix import order Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:58:24 +01:00
Jens Langhammer	6e1a54753e	providers/oauth2: fix import order Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:56:12 +01:00
Jens Langhammer	67d1f06c91	providers/oauth2: use guardian anonymous user to get claims for provider info Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-14 19:53:43 +01:00
Jens L	cd12e177ea	providers/proxy: add initial header token auth (#4421 ) * initial implementation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * check for openid/profile claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks sources in proxy provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web ui for jwks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only show sources with JWKS data configured Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix introspection tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start basic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs, update admonitions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add client_id to api, add tab for auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:22:03 +01:00
Jens Langhammer	31c6ea9fda	providers/oauth2: don't allow spaces in scope_name closes #4094 Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 16:20:37 +01:00
Jens L	20931ccc1d	providers/oauth2: correctly fill claims_supported based on selected scopes (#4429 ) * providers/oauth2: correctly fill claims_supported based on selected scopes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add nonce claim Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-01-13 14:14:25 +01:00
Jens L	e6b5810e03	polices/hibp: remove deprecated (#4363 ) * remove hibp Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save event matcher apps in migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs, update some phrasing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-05 13:19:26 +01:00
Jens L	3131e557d9	providers/proxy: add tests for proxy basic auth (#4357 ) * add tests for proxy basic auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stop bandit from complaining Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add API tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 22:04:16 +01:00
Jens L	dc1359a763	providers/saml: initial SLO implementation (#2346 ) * providers/saml: initial SLO implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add logout request tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add tests for POST SLO Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * matrix e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set e2e matrix name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate oidc and oauth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add basic saml slo e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add better metadata download url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * kinda prepare release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sort releases into folders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add slo urls to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix linking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 19:45:31 +01:00
Jens L	1e01e9813d	providers/saml: add prefix to entity descriptor (#4355 ) add prefix to entity descriptor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 16:44:52 +01:00
Jens Langhammer	e887a315be	providers/oauth2: correctly advertise supported response_modes_supported Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-04 10:21:34 +01:00
Jens Langhammer	4b93f40c5e	providers/oauth2: fix null amr value not being removed from id_token closes #4339 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-03 00:41:18 +01:00
Jens Langhammer	57400925a4	providers/saml: don't error if no request in API serializer context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-03 00:14:16 +01:00
Jens Langhammer	01da8e1792	providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 12:04:31 +01:00
Jens L	609f95ac97	providers: add preview for mappings (#4254 ) * preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: show provider page on application page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use oauth2 end session url instead of direct interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont show provider page on application page for now Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add UI for preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * translate and release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate saml api files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 12:13:11 +01:00
Jens Langhammer	f8ef2b666f	events: fix incorrect EventAction being used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:53:05 +01:00
Jens Langhammer	a9909fcf6d	providers/oauth2: set amr values based on login event closes #4070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:21:59 +01:00
Jens Langhammer	1fa9b3a996	providers/saml: set AuthnContextClassRef based on login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #4070	2022-11-25 11:21:45 +01:00
Jens L	ffe6f65af5	outposts/kubernetes: ingress class (#4002 ) * add support for ingressClassName Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add option to disable ssl verification for k8s controller Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-14 14:24:11 +01:00
Jens Langhammer	3306003f0e	providers/oauth2: fix inconsistent expiry encoded in JWT - access token validity is used for JWTs issues in implicit flows - general cleanup of how times are set closes #2581 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-10 20:23:24 +01:00
Jens L	cfad472e1b	flows: optimise queries (#3818 ) * flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 22:53:07 +02:00
Jens Langhammer	3e1490dcac	providers/saml: don't attempt verification of SAML request when no verification certificate is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:26:04 +02:00
Jens L	b85be12567	providers/oauth2: fix issues with es256 and add tests (#3808 ) fix issues with es256 and add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:29 +02:00
Jens L	363872715d	sources/saml: revamp SAML Source (#3785 ) * update saml source to use user connections, add all attributes to flow context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * check for SAML Status in response, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * package apple icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add webui for connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 17:04:47 +02:00
Jens L	217e145d23	stages/authenticator_sms: make sms stage payload customisable (#3780 ) * make sms stage payload customisable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update phrasing for webhook mapping Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 11:53:01 +02:00
Jens Langhammer	e5e6c33b2d	providers/oauth2: fix expires_in not being an int Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 14:25:30 +03:00
Jens L	8ed2f7fe9e	providers/oauth2: add device flow (#3334 ) * start device flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix inconsistent app filtering Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tenant device code flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add throttling to device code view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * somewhat unrelated changes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add initial device code entry flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add finish stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * it works Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add support for verification_uri_complete Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add some tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 12:42:10 +02:00
Jens Langhammer	9bbe8e6c57	providers/oauth2: save full IDToken to database, only use to_dict for encoding final token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-08 15:06:17 +03:00
Jens Langhammer	b2a658d091	providers/oauth2: remove c_hash and nonce claim if they're not set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 17:07:33 +03:00
Jens Langhammer	ce085a029d	providers/oauth2: exclude at_hash claim if not set instead of being null closes #3739 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 10:10:53 +03:00
Jens Langhammer	7c0754000c	providers/oauth2: add all hardcoded claims to claims_supported list closes #3702 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-29 10:27:46 +02:00
Jens Langhammer	a407334d3b	providers/oauth2: use @method_decorator instead of decorating in urls Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-10 13:26:17 +02:00
Jens L	7517d612d0	providers/oauth2: add x5c (#3556 ) * add x5c, x5t and x5t#S256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * strip trailing = to fix encoding issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-08 23:30:05 +02:00
Jens L	62f93c83d4	ci: update pyright (#3546 )	2022-09-07 00:23:25 +02:00
Jens L	f2f22719f8	core: improve error template (#3521 )	2022-09-03 19:46:37 +02:00
Jens L	54ba3e9616	blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486 ) * add meta model to apply blueprint within blueprint for dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix again Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move ManagedAppConfig to apps.py Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * rename manager to registry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: use full tag in comment Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-29 21:20:58 +02:00
Jens Langhammer	917c4ae835	ci: fix typos Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-23 18:49:23 +02:00
Jens Langhammer	0cc83c23c4	providers/proxy: fix duplicate proxy set default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 21:13:45 +01:00
Jens Langhammer	fdb8fb4b4c	providers/oauth2: fix oauth2 requests being logged as unauthenticated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 20:26:12 +02:00
Jens Langhammer	f4441c9fcf	providers/proxy: trigger proxy set_defaults task on startup closes #3445 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-18 17:42:27 +02:00
Jens Langhammer	846b63a17b	*: remove some very verbose logging messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-17 13:36:56 +02:00
Jens Langhammer	e9c1276634	blueprints: use relative path in @apply_blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-16 14:20:45 +02:00
Jens Langhammer	f01f10c5e5	providers/oauth2: don't separate scopes by comma-space Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-07 13:15:12 +02:00
Jens Langhammer	e1249d3760	providers/oauth2: fix scopes without descriptions not being saved in consent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-07 13:02:47 +02:00
Jens L	ec42d378ab	blueprints/cleanup (#3369 )	2022-08-05 08:39:00 +02:00
Jens L	d1004e3798	blueprints: webui (#3356 )	2022-08-03 00:05:49 +02:00
Jens Langhammer	2bd29e2fdd	*: improve error handling for startup tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-01 23:31:47 +02:00
Jens L	a023eee9bf	blueprints: migrate from managed (#3338 ) * test all bundled blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix empty title Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix default blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add script to generate dev config Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate managed to blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more to blueprint instance Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrated away from ObjectManager Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix some tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix a bit more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * whops Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sigh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * scheduled Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * run discovery on start Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * oops this test should stay Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-08-01 23:05:58 +02:00
Jens L	89c84f10d0	blueprints: v1 (#1573 ) * managed: move flowexporter to managed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : implement SerializerModel in all models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> managed: add initial api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: start blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: spec Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * version blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * yep Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove v2, improve v1 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start custom tag, more rebrand Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move blueprints out of website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * try new things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add !lookup, fix web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update and cleanup default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tags in lists Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save field if its set to default value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more flow cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing serializer for sms Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ignore _set fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove custom file extension Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate default flow to tenant Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-31 17:11:44 +02:00
Jens Langhammer	fcf4657833	providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser closes #3314 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 20:29:23 +02:00
Jens L	393d7ec486	providers/proxy: no exposed urls (#3151 ) * test any callback Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont detect callback in per-server handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use full redirect uri with both path and query param Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * correctly route to embedded outpost for callback signature Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix allowed redirects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-30 17:51:01 +02:00
Jens Langhammer	549f6f2077	providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-18 22:20:09 +02:00
Jens Langhammer	4cd629b5fc	core: handle FlowNonApplicableException correctly in source flow_manager Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-03 22:03:03 +02:00
Jens Langhammer	14a4047bdd	flows: show messages from ak_message when flow is denied fallback to same generic message closes #3197 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-03 21:36:13 +02:00
Jens Langhammer	23273f53cc	providers/oauth2: if no scopes are sent in authorize request, select all configured scopes closes #3112 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 19:45:26 +02:00
Jens Langhammer	d11ce0a86e	providers/proxy: set default scopes based on managed attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 18:26:49 +02:00
Jens Langhammer	56fd436e5d	web: fix redirect when accessing authentik URLs authenticated closes #3174 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-30 23:04:39 +02:00
Jens Langhammer	ea60c389be	providers/saml: include SSO Binding URLs in Provider API closes #3179 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-06-30 22:18:21 +02:00

1 2 3 4 5 ...

538 commits