trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
13154 commits 95 branches 330 tags 336 MiB
Commit graph

538 commits

Author SHA1 Message Date
Jens L 920d1f1b0e
providers/oauth2: initial client_credentials grant support (#2437) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-03-05 23:24:55 +01:00
Jens Langhammer 08acc7ba41 providers/oauth2: fix invalid launch URL being generated 2022-03-01 15:29:21 +00:00
Jens Langhammer 72259f6479 events: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 23:15:45 +01:00
Jens Langhammer 0973c74b9d providers/oauth2: fix redirect_uri being lowercased on successful validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-14 23:04:00 +01:00
Jens Langhammer c040b13b29 providers/proxy: remove leading slash to allow subdirectories in proxy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2305
 2022-02-14 12:51:04 +01:00
Jens Langhammer f61549a60f providers/proxy: enable TLS in ingress via traefik annotation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1997
 2022-02-12 18:35:24 +01:00
Jens Langhammer b5d43b15f8 providers/oauth2: add support for explicit response_mode 
closes #1953

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-12 16:56:47 +01:00
Jens L 4343246a41
*: rename akprox to outpost.goauthentik.io (#2266) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-08 20:25:38 +01:00
Jens Langhammer eaba8006e6 sources/saml: fix incorrect ProtocolBinding being sent 
closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-02-03 18:20:06 +01:00
Jens Langhammer 88603fa4f7 providers/proxy: set traefik labels using object_naming_template instead of UUID 2022-02-01 17:13:27 +00:00
Jens Langhammer c7ba183dc0 providers/proxy: fix traefik label 
closes #2128

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-24 17:45:09 +01:00
Jens Langhammer 82cc1d536a providers/proxy: add PathPrefix to auto-traefik labels 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2128
 2022-01-23 21:55:46 +01:00
Jens Langhammer 4d7d700afa providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-12 22:44:57 +01:00
Jens Langhammer c07b8d95d0 outposts/proxy: remove deprecated headers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-07 17:01:23 +01:00
Jens Langhammer 90c31c2214 flows: add test helpers to simplify and improve checking of stages, remove force_str 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-01-01 20:25:32 +01:00
Jens Langhammer c249b55ff5 *: use py3.10 syntax for unions, remove old Type[] import when possible 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-30 14:59:01 +01:00
Jens Langhammer 6dc2003e34 providers/oauth2: fix tests validating JWT incorrectly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 23:00:57 +01:00
Jens Langhammer 0149c89003 providers/oauth2: fix invalid assignments in JWKS view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:41:28 +01:00
Jens Langhammer f458cae954 providers/proxy: add error handing when field is already gone 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:31:53 +01:00
Jens Langhammer f01d117ce6 providers/proxy: fix imports in migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:25:02 +01:00
Jens Langhammer 2bde43e5dc crypto: use older syntax for type union 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:22:45 +01:00
Jens Langhammer 2f3026084e providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-22 22:09:49 +01:00
Jens Langhammer 8a60a7e26f providers/proxy: revert to static list of forwarded headers 
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others

closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-21 12:04:54 +01:00
Jens Langhammer 92b4244e81 providers/proxy: update traefik regex 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1969
 2021-12-20 22:43:58 +01:00
Jens Langhammer dfbf7027bc providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 22:24:42 +01:00
Jens Langhammer 577b7ee515 providers/proxy: include auth headers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 21:37:22 +01:00
Jens Langhammer ef23a0da52 outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors 
closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-20 13:30:19 +01:00
Jens Langhammer b6ff04694f providers/oauth2: don't rely on expiry task for access codes and refresh tokens 
closes #1911

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-18 17:42:41 +01:00
NeroPcStation 273f5211a0
providers/saml: Fix typo (#1950) 2021-12-17 11:00:20 +00:00
Jens Langhammer fec6de1ba2 providers/oauth2: add additional logging to show with token path is taken 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-13 22:49:42 +01:00
Jens Langhammer 69678dcfa6 providers/oauth2: use generate_key instead of uuid4 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-13 22:13:20 +01:00
Jens Langhammer f2b3a2ec91 providers/saml: optimise excessive queries to user when evaluating attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-13 16:38:38 +01:00
Jens Langhammer 326b574d54 root: update dependencies 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-07 16:25:10 +01:00
Jens Langhammer 873aa4bb22 providers/saml: remove SESSION_KEY_POST from session after using it 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
 2021-12-06 12:47:25 +01:00
Jens Langhammer ada2a16412 tests/e2e: add post binding test 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-05 11:18:01 +01:00
Jens Langhammer 6a3f7e45cf providers/saml: add ?force_binding to limit bindings for metadata endpoint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-05 11:14:42 +01:00
Jens Langhammer 2b78c4ba86 *: use request.query_params instead of accessing the django request 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-05 11:14:20 +01:00
Jens Langhammer 680ef641fb providers/saml: fix error when propertymapping returns invalid data in list 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-05 10:31:16 +01:00
Jens Langhammer 4bd1cd127b providers/saml: fix IndexError in signature check 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-02 20:30:03 +01:00
Jens Langhammer 4f54ce6afb providers/saml: fix error when using post bindings and user freshly logged in 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1873
 2021-12-02 13:00:21 +01:00
Jens Langhammer b4963bec76 providers/proxy: fix defaults for traefik integration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-01 21:47:13 +01:00
Jens Langhammer 7aa8e35f87 providers/proxy: use wildcard for traefik headers copy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-01 20:19:35 +01:00
Jens Langhammer 60b95271eb outposts/proxy: add additional headers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-12-01 20:19:09 +01:00
Jens Langhammer 0b8cfd437b *: fix typo'd signing pair name 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-24 09:55:10 +01:00
Jens L 9bb0d04aeb
root: Random tests (#1825) 
* root: add pytest-randomly to randomise tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: generate flows for testing instead of relying on existing ones

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: generate users for testing instead of relying on existing ones

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: use generated certificate

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: keep containers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: use websockets test case

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-22 22:56:02 +01:00
Jens Langhammer b0fac9c9f1 providers/saml: fix SessionNotOnOrAfter not being included 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-16 12:36:40 +01:00
dependabot[bot] f7044e41c6
build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793) 
* build(deps-dev): bump bandit from 1.7.0 to 1.7.1

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: fix bandit false positives

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-15 09:16:16 +01:00
Jens Langhammer c98bdbacc5 providers/proxy: return list of configured scope names so outpost requests custom scopes 
closes #1762

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-10 23:06:21 +01:00
Jens Langhammer 2cef220a3e providers/ldap: add/squash migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-05 10:41:50 +01:00
Jens L 5a8c66d325
providers/ldap: memory Query (#1681) 
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/ldap: add basic in-memory searcher

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/ldap: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add search mode field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-05 10:37:30 +01:00
Jens Langhammer 3005ca17bd web/admin: show warning on provider when not used with outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-05 01:15:33 +01:00
Jens Langhammer 909461e533 providers/*: include list of outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-11-05 01:06:04 +01:00
Jens Langhammer 6036d88392 providers/proxy: allow configuring of additional scope mappings for proxy 
closes #1255

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-31 22:25:51 +01:00
Jens Langhammer 335d6edd11 providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-31 17:21:15 +01:00
Jens Langhammer 1b21b50b77 providers/oauth2: fallback to uid if UPN was selected but isn't available 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-27 16:11:35 +02:00
Jens Langhammer 8eb4d53810 providers/oauth2: fix events being created from /application/o/authorize/ 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-21 22:59:01 +02:00
Jens Langhammer 98a56c77e3 providers/proxy: update ingress controller to work with k8s 1.22 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-18 10:00:24 +02:00
Jens Langhammer 2b09d97522 core: fix squash migrations error when AK_ADMIN_TOKEN is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-12 17:45:10 +02:00
Jens L e4f141c6c0
*: Squash Migrations (#1593) 
* *: first squash pass

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/saml: squash less

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix docker controller not correctly checking image

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: fix old migration reference

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-11 21:39:35 +02:00
Jens Langhammer 83150d9920 outposts: fix circular import in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:25:18 +02:00
Jens Langhammer d30dcda814 providers/proxy: always check ingress secret in kubernetes controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-03 19:14:27 +02:00
Jens Langhammer 3c1ac4c7ec outposts/proxy: add new headers with unified naming 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-10-02 22:00:23 +02:00
Jens L f9ad102915
flows: inspector (#1469) 
* flows: add initial inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: change naming a bit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flow: add inspector frame

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: don't use shadydom when inspecting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add current stage to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stages/*: fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: deep-copy plan instead of just adding

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: restrict inspector to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add buttons to launch flow with inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: don't automatically follow redirects when inspector is open

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: make current_plan optional, only require historry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: handle error messages in inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: improve UI when flow is done

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add is_completed flag to inspector

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix monkeypatches for tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add inspector tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: re-enable cache

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-28 09:36:48 +02:00
pemontto aea1736f70
outposts/proxy: Fix failing traefik healtcheck (#1470) 2021-09-26 11:33:18 +02:00
Jens Langhammer 4f3583cd7e providers/proxy: make token_validity float and optional for backwards compat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:54:32 +02:00
Jens Langhammer f7408626a8 providers/proxy: return token_validity as total seconds instead of expression 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 15:44:16 +02:00
Jens Langhammer 28eeb4798e providers/proxy: add token_validity field for outpost configuration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1462
 2021-09-25 15:00:06 +02:00
Jens Langhammer 79b92e764e *: fix typos in code 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-25 00:01:11 +02:00
Jens Langhammer ae07f13a87 outposts: don't map port 9300 on docker, only expose port 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-21 21:40:08 +02:00
Jens L 13e2eea72f
web/user: new end-user interface (#1404) 
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 22:17:05 +02:00
Jens Langhammer ae26d2756f providers/saml: improved error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-16 10:58:51 +02:00
Jens Langhammer 916530f0d8 providers/oauth2: use access_code_validity for id_tokens generated when using an implicit flow, improve wording in web ui 
closes #1369

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-15 17:14:53 +02:00
Jens Langhammer ba6849f29c *: remove string.format() 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-14 12:06:47 +02:00
Jens Langhammer df4c8003b8 api: fix items of list fields having nullable set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 18:15:59 +02:00
Jens Langhammer 4448145aa9 providers/proxy: use auth/traefik subpath 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-10 13:53:04 +02:00
Jens L 7158c9d2ea
core: metrics v2 (#1370) 
* outposts: add ldap metrics, move ping to 9100

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: add flow_executor metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use port 9300 for metrics, add core metrics port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/controllers/k8s: add service monitor creation support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 15:52:24 +02:00
Jens Langhammer da58796768 providers/proxy: fix defaults for old proxy providers (load providers directly) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:54:24 +02:00
Jens Langhammer d98499a3fa providers/proxy: fix defaults for old proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-09 13:26:36 +02:00
Jens Langhammer f3ff398a44 providers/proxy: add metrics port to controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 23:01:22 +02:00
Jens L 3c1b70c355
outposts/proxyv2 (#1365) 
* outposts/proxyv2: initial commit

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add rs256

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

more stuff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add forward auth an sign_out

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

match cookie name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

re-add support for rs256 for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add error handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

ensure unique user-agent is used

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

set cookie duration based on id_token expiry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

build proxy v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add ssl

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add basic auth and custom header support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add application cert loading

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

implement whitelist

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add redis

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

migrate embedded outpost to v2

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

remove old proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

providers/proxy: make token expiration configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

add metrics

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only allow one redirect URI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix docker build for proxy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove default port offset

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add AUTHENTIK_HOST_BROWSER

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix e2e/integration tests not using proper tags

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove references of old port

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix user_attributes not being loaded correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-08 18:04:56 +00:00
Jens Langhammer d92d8e6dbb api: add additional filters for ldap and proxy providers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-09-03 10:43:09 +02:00
Jens Langhammer 3e9f5ec5ef providers/proxy: improve error handling for non-tls ingresses 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-30 14:43:57 +02:00
Jens Langhammer 0c6e781e5b providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-29 20:49:11 +02:00
Jens Langhammer 2d8b4f543b providers/proxy: fix url parsing for traefik labels on docker containers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 22:21:16 +02:00
Jens Langhammer 8542dc10ab providers/proxy: fix docker container labels not being inherited correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-27 20:20:34 +02:00
Jens Langhammer 2ae164df78 *: cleanup api schema warnings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-26 09:36:41 +02:00
Jens Langhammer cba255eaaa Merge branch 'master' into app-passwords 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/tests/test_source_flow_manager.py
#	authentik/stages/authenticator_validate/tests.py
#	authentik/stages/password/tests.py
#	scripts/generate_ci_config.py
 2021-08-23 21:21:12 +02:00
Jens L 859cf2bd8f
lib: move id and key generators to lib (#1286) 
* lib: move generators to lib

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: bump default token key size

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix split being used for http basic auth instead of partition

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: don't rethrow error in ActionButton

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:27:38 +02:00
Jens Langhammer a2578ffaad core: add token tests for invalid intent and token auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-23 20:21:54 +02:00
Jens Langhammer d18e829d80 providers/ldap: fix error in outpost when certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 20:47:26 +02:00
Jens Langhammer f496b8b5d7 providers/oauth2: add more test cases for token view 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-09 00:20:32 +02:00
Jens Langhammer 665c1aa81b providers/proxy: don't create ingress when no hosts are defined 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 21:46:05 +02:00
Jens Langhammer ccfc1dbcc2 *: make all PropertyMappings filterable by multiple managed attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 16:06:44 +02:00
Jens Langhammer 3367b83368 providers/saml: use idp-initiated sso flow as launch url 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-08 15:01:52 +02:00
Jens Langhammer 9a8240bdd1 proviers/saml: fix validation error not being raised 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:39:30 +02:00
Jens Langhammer f6ab241219 providers/oauth2: fix accessing undefined variable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 21:35:17 +02:00
Jens Langhammer b0f09eb2c4 web/admin: fix Table not updating selectedElements correctly after update 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 20:53:28 +02:00
Jens Langhammer 9c9addb0ce *: ensure all resources can be filtered 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-07 16:34:14 +02:00
Jens Langhammer a449f9c69b providers/saml: fix error when PropertyMapping return value isn't string 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:56 +02:00
Jens Langhammer 36b346662c providers/saml: add WantAssertionsSigned 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 22:40:13 +02:00
Jens Langhammer 9d392931df root: fix lint errors from re-format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 18:09:16 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 17:45:16 +02:00
Jens Langhammer f875149983 providers/saml: fix metadata being inaccessible without authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:50:17 +02:00
Jens Langhammer d70b81fe43 providers/saml: fix Error when getting metadata for invalid ID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:50:54 +02:00
Jens Langhammer 8495ff9fc0 providers/oauth2: fix error when requesting jwks keys with no rs256 aet 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 21:22:31 +02:00
Jens Langhammer 75ff2480e2 providers/proxy: fix hosts for ingress not being compared correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-28 16:08:06 +02:00
Jens Langhammer e7b7bfddd6 providers/oauth2: fix blank redirect_uri not working with TokenView 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-26 11:29:16 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 16:20:26 +02:00
Jens Langhammer 66bfa6879d outposts/proxy: add X-Auth-Groups header to pass groups 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 10:47:58 +02:00
Jens Langhammer 70e000d327 providers/saml: improve error handling for property mappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 23:14:03 +02:00
Jens Langhammer a7467e6740 providers/oauth2: handler PropertyMapping exceptions and create event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 22:51:39 +02:00
Jens Langhammer ba9a4efc9b providers/oauth2: fix nonce field not being optional 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:34:01 +02:00
Jens Langhammer 902378af53 providers/oauth2: fix redirect_uris not having blank set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:22:09 +02:00
Jens Langhammer 2352a7f4d6 providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:21:08 +02:00
Jens Langhammer 7c2decf5ec providers/ldap: squash migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-14 09:22:25 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138) 
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
 2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 90fe1c2ce8 providers/oauth2: allow blank redirect_uris to allow any redirect_uri 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-08 19:28:35 +02:00
Jens Langhammer 40428f5a82 providers/saml: fix parsing of POST bindings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 16:54:58 +02:00
Jens Langhammer 77a507d2f8 providers/oauth2: add revoked field, create suspicious event when previous token is used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:59:01 +02:00
Jens Langhammer 3e60e956f4 providers/oauth2: fix CORS headers not being set for unsuccessful requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:49:00 +02:00
Jens Langhammer 84ec70c2a2 providers/oauth2: use self.expires for exp field instead of calculating it again 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:32:58 +02:00
Jens Langhammer 3e26170f4b providers/oauth2: deepmerge claims 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-01 17:33:46 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095) 
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-30 10:37:28 +02:00
Jens Langhammer ba9edd6c44 flows: handle possible errors with FlowPlans received from cache 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 22:03:48 +02:00
Jens Langhammer 3b2b3262d7 flows: add FlowStageBinding to flow plan instead of just stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 18:47:04 +02:00
Jens Langhammer a3ff7cea23 providers/oauth2: fix usage of timedelta.seconds 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-25 11:55:00 +02:00
Jens Langhammer 9b5e3921cb providers/saml: better handle decoding errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 22:48:34 +02:00
Jens Langhammer 831b32c279 core: fix PropertyMapping's globals not matching Expression policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 15:54:43 +02:00
Jens Langhammer 19cac4bf43 providers/saml: fix error when getting transient user identifier 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 13:52:10 +02:00
Jens Langhammer 4ca564490e providers/saml: add support for NameID type unspecified 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:45:53 +02:00
Jens Langhammer fcb795c273 providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:22:40 +02:00
Jens Langhammer 0e02925a3d stages/authenticator_validate: add tests for authenticator validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 16:32:36 +02:00
Jens Langhammer 5b837c3ccc providers/saml: improve error handling for signature errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 12:51:42 +02:00
Jens Langhammer 31d2ea65fd provider/proxy: mark forward_auth flag as deprecated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 12:39:25 +02:00
Jens Langhammer d878d2140e providers/saml: add metadata download link to api 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 14:06:44 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995) 
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 11:58:12 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971) 
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 23:10:17 +02:00
Jens Langhammer 029d58191e sources/saml: include metadata download link in API response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 17:22:03 +02:00
Jens Langhammer 9180d448df core: move end-session to core 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 13:56:38 +02:00
Jens Langhammer cec47c3cfc providers/oauth2: show id_token issues for refresh token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-02 22:05:04 +02:00
Jens Langhammer b50ac96605 providers/oauth2: remove size limit on Access code nonce 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-02 20:20:07 +02:00
Jens Langhammer 14f85ec980 tenants: migrate context_processor to tenants 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-29 18:01:48 +02:00
Jens Langhammer 58a4b20297 outposts: handle disconnects without outpost better 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-25 12:06:55 +02:00
Jens Langhammer c6bb6709fd flows: add default challenge response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 20:27:50 +02:00
Jens Langhammer fb4e0723ee stages: fix stage unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 17:12:48 +02:00
Jens Langhammer 6f6ae7831e flows: make use of oneOf OpenAPI to annotate all challenge types 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 14:11:23 +02:00
Jens Langhammer 9b57f0b81d Merge branch 'version-2021.5' into next 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/en.po
#	web/src/locales/pseudo-LOCALE.po
 2021-05-22 20:01:16 +02:00
Jens Langhammer 2c816e6162 providers/proxy: don't use https to communicate with outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-22 18:56:38 +02:00
Jens Langhammer bb89b9b572 Merge branch 'version-2021.5' into next 2021-05-21 23:50:43 +02:00
Jens Langhammer 6600da7d98 providers/oauth2: add missing kid header to JWT Tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-21 23:40:00 +02:00
Jens Langhammer 92f2a82c03 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-20 01:10:08 +02:00
Jens Langhammer dcf074650e providers/proxy: fix redirect_uris not always being set on save 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-20 01:10:04 +02:00
Jens Langhammer acf1ad91d9 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-19 23:34:27 +02:00
Jens Langhammer a74419214c providers/proxy: fix redirect_uris not always being set on save 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-19 23:10:00 +02:00
Jens Langhammer 3cf0f07baf *: fix API Schema for file uploads 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-17 23:12:52 +02:00
Jens Langhammer ef9f08553c *: linting pass, rename from swagger to schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:22:57 +02:00
Jens Langhammer 4fb71a6bdd api: fix pagination schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:08:51 +02:00
Jens Langhammer 0bac738090 *: fix static response descriptions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 14:07:29 +02:00
Jens Langhammer 1324d03815 *: initial migration to openapi v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 23:57:28 +02:00
Jens Langhammer 6600d5bf69 providers/oauth2: use user.uid 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 14:08:49 +02:00
Jens Langhammer a4278833d8 providers/proxy: fix ingress not being created with full https 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 13:45:41 +02:00
Jens Langhammer 942905b9b1 providers/proxy: fix formatting issue 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-14 16:24:35 +02:00
Jens Langhammer 8d7bb7da17 providers/proxy: connect ingress to https instead of http 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882
 2021-05-14 11:42:03 +02:00
Jens Langhammer 0620324702 root: bump version of psf black 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-12 00:42:46 +02:00
Jens Langhammer 84dfbcaaae providers/api: return redirect_uris for proxy provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 20:02:17 +02:00
Jens Langhammer 24f2932777 crypto: add ?download flag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#861
 2021-05-11 14:21:35 +02:00
Jens Langhammer 932b19999e providers/proxy: missing @property for noop 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 01:26:01 +02:00
Jens Langhammer 788fd00390 outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 00:27:29 +02:00
Jens Langhammer 1f1d322958 *: fix api results when non-superuser 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-10 00:01:35 +02:00
Jens Langhammer a6a8eddf7c providers/proxy: create ingress for forward_auth /akprox path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 12:40:44 +02:00
Jens Langhammer 8c0a87b710 outposts: improve logging for outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 12:34:44 +02:00
Jens Langhammer 5cad59a9f8 providers/proxy: fix being able to set empty internal_host 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 00:07:34 +02:00
Jens Langhammer e6dfa8294e providers/proxy: use name.namespace for middleware service 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-07 10:07:30 +02:00
Jens Langhammer ea7f9f291f outposts: create traefikmiddleware if forwardAuth is enabled 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-07 00:01:35 +02:00
Jens Langhammer 4e9176ed2e outposts: support different port on container vs exposed port 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-06 19:59:49 +02:00
Jens Langhammer 701c140cfd providers/proxy: fix logic error for ingress lookup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 20:28:13 +02:00
Jens Langhammer be8b2bf6f6 providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 17:53:12 +02:00
Jens Langhammer 9a15a66d85 outposts: make k8s object naming configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 15:36:27 +02:00
Jens Langhammer e674f03064 */api: fix lookups per user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-04 21:58:20 +02:00
Jens Langhammer 99d161e212 Merge branch 'master' into outpost-ldap 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/policies/event_matcher/migrations/0013_alter_eventmatcherpolicy_app.py
 2021-05-04 21:02:20 +02:00
Jens Langhammer c529340d6c *: fix title not being set correctly for server-side rendered views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-02 12:22:50 +02:00
Jens Langhammer b55cb2b40c Merge branch 'master' into outpost-ldap 2021-04-29 20:13:47 +02:00
Jens L 2a409215d3
outpost: forwardAuth mode (#790) 2021-04-29 18:17:10 +02:00
Jens L c4e4e17f93
providers/oauth2: add access_code_validity (#795) 
closes #794

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-28 21:03:43 +02:00
Jens Langhammer 4d858c64e0 Merge branch 'master' into outpost-ldap 2021-04-27 17:08:26 +02:00
Jens Langhammer 48c0c0baca */api: simplify lookups for per-user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:53:01 +02:00
Jens Langhammer fe28d216fe providers/oauth2: always test JWT keys in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:07:04 +02:00
Jens Langhammer 3ce8b836dc outposts: allow outposts to have non-object specific permissions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:28:26 +02:00
Jens Langhammer 1d5958a78f providers/ldap: add search_group to limit who can do search requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:25:03 +02:00
Jens Langhammer fae4d34131 Merge branch 'master' into outpost-ldap 2021-04-26 17:11:50 +02:00
Jens Langhammer 7ff7bfeb58 core: fix incorrect styling for bse_full template 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 16:44:13 +02:00
Jens Langhammer 29da7dd8d6 providers/ldap: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:49:19 +02:00
Jens Langhammer b3c8ffb96c outposts/ldap: use authorization_flow instead of separate field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:09:41 +02:00
Jens Langhammer 302b047f1a outposts/ldap: add controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 14:26:31 +02:00
Jens Langhammer d741ed430a web/admin: add UI for LDAP Provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 12:12:02 +02:00
Jens Langhammer f89479caf3 providers/ldap: add LDAP provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 11:52:42 +02:00
Jens Langhammer 9341787fe7 providers/oauth2: replace deprecated jwkest with pyjwt 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 00:02:13 +02:00
Jens Langhammer d616bdd5d6 providers/oauth2: add proper support for non-http schemes as redirect URIs 
closes #772

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-23 16:34:52 +02:00
Jens Langhammer 3282b34431 providers/oauth2: fix TokenView not having CORS headers set even with proper Origin 
and added tests. closes #771

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 23:48:28 +02:00
Jens Langhammer 392d9bb10b providers/oauth2: fix misleading name of cors_allow_any 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#771
 2021-04-22 23:29:49 +02:00
Jens Langhammer d75284a587 flows: fix errors which occur during flow execution being sent to sentry malformed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 20:14:37 +02:00
Jens Langhammer ce082ead5e providers/oauth2: add unittests for authorize and token views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 21:05:49 +02:00
Jens Langhammer f328b21e89 providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 14:20:50 +02:00
Jens Langhammer 32c5bf04b8 *: fix linting errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-17 20:08:49 +02:00
Jens Langhammer ab4569e5d6 web/admin: fix application form's provider selection not working 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:49:35 +02:00
Jens Langhammer cb048764f4 providers/proxy: make outpost API readonly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:31:15 +02:00
Jens Langhammer d76db3caba *: add missing error codes as swagger annotations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-10 23:55:43 +02:00
Jens Langhammer eeb9449c11 lib: remove templatetags 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:37:32 +02:00
Jens Langhammer c17eb00e3b providers/oauth2: fix component for Scope 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:08:21 +02:00
Jens Langhammer 70fc4c0d88 sources/ldap: migrate to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-02 12:12:14 +02:00
Jens Langhammer ed2e9b88e7 Merge branch 'master' into new-forms-part-3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 23:02:22 +02:00
Jens Langhammer 509f21a9b4 providers/oauth2: add validation and tests to API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:43:18 +02:00
Jens Langhammer b299451cab providers/saml: fix metadata download not being unauthenticated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:16:07 +02:00
Jens Langhammer 7e63a18d37 providers/saml: fix unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:05:50 +02:00
Jens Langhammer b4a6f8350b admin: remove provider views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:30 +02:00
Jens Langhammer 5eb9b95ab5 providers/saml: migrate import to API, add API tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:12 +02:00
Jens Langhammer d3f2f987e0 providers/saml: migrate saml property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:38:40 +02:00
Jens Langhammer 221e6190c8 sources/ldap: migrate property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:08:40 +02:00
Jens Langhammer 6a69425688 providers/oauth2: migrate scope mapping to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:07:57 +02:00
Jens Langhammer 69ee18e13d Merge branch 'master' into new-forms 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
#	authentik/api/decorators.py
#	authentik/core/api/applications.py
#	authentik/core/api/users.py
#	authentik/events/api/event.py
#	authentik/events/api/notification_transport.py
#	authentik/flows/api/flows.py
#	swagger.yaml
 2021-03-30 10:26:18 +02:00
dependabot[bot] c180a521ec
build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674) 
* build(deps-dev): bump pylint from 2.7.2 to 2.7.3

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

* sources/saml: fix linting for SAMLBindingTypes.Redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: Fix linting for RequestKind

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix linting for ChallengeTypes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-30 10:05:14 +02:00
Jens Langhammer 7d74e1d2c4 *: revert to drf-yasg upstream 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-29 21:04:54 +02:00
Jens Langhammer 4612cea970 sources/saml: replace server-side pre-auth views for pre_auth flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-24 09:22:15 +01:00
Jens Langhammer 33787d0685 web: remove pf-c-card-aggregate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-23 16:05:37 +01:00
Jens Langhammer 3157bf63a6 root: upgrade to pylint 2.7 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 20:03:33 +01:00
Jens L fe7f23238c
Static SPA (#648) 
* core: initial migration to /if

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: move jsi18n to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix static URLs in tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add new html files to rollup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix rollup config and nginx config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add Impersonation support to user API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add banner for impersonation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix test_user function for new User API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add background to API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: set background from flow API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: make root view login_required for redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: redirect to root-redirect instead of if-admin direct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add header to prevent Authorization Basic prompt in browser

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: redirect to root when user/me request fails

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 13:44:17 +01:00
Jens Langhammer 43f19f78bb providers/oauth2: fix error when redirecting from an authorization error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 22:06:45 +01:00
Jens Langhammer 3d45956f15 web: fix display of scopes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 19:05:10 +01:00
Jens Langhammer 9ad10863de providers/oauth2: add API for auth codes and refresh tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-18 15:59:38 +01:00
Jens L 2852fa3c5e
web: use generated API Client (#616) 
* api: fix types for config API

* api: remove broken swagger UI

* admin: re-fix system task enum

* events: make event optional

* events: fix Schema for notification transport test

* flows: use APIView for Flow Executor

* core: fix schema for Metrics APIs

* web: rewrite to use generated API client

* web: generate API Client in CI

* admin: use x_cord and y_cord to prevent yaml issues

* events: fix linting errors

* web: don't lint generated code

* core: fix fields not being required in TypeSerializer

* flows: fix missing permission_classes

* web: cleanup

* web: fix rendering of graph on Overview page

* web: cleanup imports

* core: fix missing background image filter

* flows: fix flows not advancing properly

* stages/*: fix warnings during get_challenge

* web: send Flow response as JSON instead of FormData

* web: fix styles for horizontal tabs

* web: add base chart class and custom chart for application view

* root: generate ts client for e2e tests

* web: don't attempt to connect to websocket in selenium tests

* web: fix UserTokenList not being included in the build

* web: fix styling for static token list

* web: fix CSRF Token missing

* stages/authenticator_static: fix error when disable static tokens

* core: fix display issue when updating user info

* web: fix Flow executor not showing spinner when redirecting
 2021-03-08 11:14:00 +01:00
Jens Langhammer c6de4e47d7 providers/oauth2: allow protected_resource_view when method is OPTIONS 2021-03-05 16:57:37 +01:00
Jens Langhammer de4b3d6290 providers/oauth2: always set CORS headers on provider info view 2021-03-05 14:27:16 +01:00
Jens Langhammer 792fa45dca providers/oauth2: add logout URL to Setup URLs API 2021-03-02 15:11:18 +01:00
Jens Langhammer a81f981471 lib: fix being unable to set authentik. options 2021-03-01 11:11:00 +01:00
Jens Langhammer d6fd2b0afa sources/saml: add Metadata API 2021-03-01 10:50:45 +01:00
Jens Langhammer 7f65ae3f92 Merge branch 'master' into stage-challenge 
# Conflicts:
#	web/package-lock.json
 2021-02-28 00:47:18 +01:00
Jens Langhammer 0958740b51 providers/saml: fix Autosubmit Challenge 2021-02-28 00:09:08 +01:00
Jens Langhammer d2dfc6d63b Merge branch 'master' into stage-challenge 2021-02-27 16:04:57 +01:00
Jens Langhammer a18240fcd7 providers/oauth2: fix error when no login event could be found 2021-02-27 16:02:07 +01:00
Jens Langhammer 890e0e9054 *: remove unused templates and code, move avatar to User model 2021-02-25 19:58:23 +01:00
Jens Langhammer ca223fa4df providers/saml: migrate to challenge for submit 2021-02-21 14:36:22 +01:00
Jens Langhammer b9f409d6d9 stages/consent: migrate to SPA 2021-02-21 13:15:45 +01:00
Jens Langhammer bdb86d7119 *: replace shortcuts.reverse with urls.reverse 2021-02-20 19:13:50 +01:00
Jens Langhammer e4f0613fab *: replace tuple and set from typing with normal 2021-02-18 13:53:57 +01:00
Jens Langhammer ecff810021 *: replace List from typing with normal list 2021-02-18 13:45:46 +01:00
Jens Langhammer fdde97cbbf *: replace Dict from typing with normal dict 2021-02-18 13:41:03 +01:00
Jens Langhammer 60c244c31d core: add User.uid for globally unique user ID 2021-02-16 23:04:48 +01:00
Jens Langhammer 68eefd083e web: fix linting errors 2021-02-16 22:35:55 +01:00
Jens Langhammer a647917074 providers/saml: use redirect binding first 2021-02-16 21:35:19 +01:00