trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
13154 commits 95 branches 330 tags 336 MiB
Commit graph

538 commits

Author SHA1 Message Date
Jens Langhammer 9d392931df root: fix lint errors from re-format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 18:09:16 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-03 17:45:16 +02:00
Jens Langhammer f875149983 providers/saml: fix metadata being inaccessible without authentication 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 14:50:17 +02:00
Jens Langhammer d70b81fe43 providers/saml: fix Error when getting metadata for invalid ID 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-08-01 13:50:54 +02:00
Jens Langhammer 8495ff9fc0 providers/oauth2: fix error when requesting jwks keys with no rs256 aet 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-29 21:22:31 +02:00
Jens Langhammer 75ff2480e2 providers/proxy: fix hosts for ingress not being compared correctly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-28 16:08:06 +02:00
Jens Langhammer e7b7bfddd6 providers/oauth2: fix blank redirect_uri not working with TokenView 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-26 11:29:16 +02:00
Jens Langhammer 0a3fade1fd providers/proxy: remove deprecated field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 16:20:26 +02:00
Jens Langhammer 66bfa6879d outposts/proxy: add X-Auth-Groups header to pass groups 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-22 10:47:58 +02:00
Jens Langhammer 70e000d327 providers/saml: improve error handling for property mappings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 23:14:03 +02:00
Jens Langhammer a7467e6740 providers/oauth2: handler PropertyMapping exceptions and create event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 22:51:39 +02:00
Jens Langhammer ba9a4efc9b providers/oauth2: fix nonce field not being optional 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:34:01 +02:00
Jens Langhammer 902378af53 providers/oauth2: fix redirect_uris not having blank set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:22:09 +02:00
Jens Langhammer 2352a7f4d6 providers/oauth2: nonce is only required for implicit flows, don't check or fallback for other flows 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-21 00:21:08 +02:00
Jens Langhammer 7c2decf5ec providers/ldap: squash migrations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-14 09:22:25 +02:00
Lukas Söder 7f39399c32
providers/ldap: Added auto-generated uidNumber and guidNumber generated attributes for use with SSSD and similar software. (#1138) 
* Added auto-generated uidNumber and guidNumber generated attributes for
use with SSSD and similar software.

The starting number for uid/gid can be configured iva environtment
variables and is by default 2000 which should work fine for most instances unless there are more than
999 local accounts on the server/computer.

The uidNumber is just the users Pk + the starting number.
The guidNumber is calculated by the last couple of bytes in the uuid of
the group + the starting number, this should have a low enough chance
for collisions that it's going to be fine for most use cases.

I have not added any interface stuff for configuring the environment variables as I couldn't really find my way around all the places I'd have to edit to add it and the default values should in my opinion be fine for 99% use cases.

* Add a 'fake' primary group for each user

* First attempt att adding config to interface

* Updated API to support new fields

* Refactor code, update documentation and remove obsolete comment

Simplify `GetRIDForGroup`, was a bit overcomplicated before.

Add an additional class/struct `LDAPGroup` which is the new argument
for `pi.GroupEntry` and util functions to create `LDAPGroup` from api.Group and api.User

Add proper support in the interface for changing gidNumber and uidNumber starting points

* make lint-fix for the migration files
 2021-07-14 09:17:01 +02:00
Jens L 7dfc621ae4
LDAP Provider: TLS support (#1137) 2021-07-13 18:24:18 +02:00
Jens Langhammer 90fe1c2ce8 providers/oauth2: allow blank redirect_uris to allow any redirect_uri 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-08 19:28:35 +02:00
Jens Langhammer 40428f5a82 providers/saml: fix parsing of POST bindings 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-06 16:54:58 +02:00
Jens Langhammer 77a507d2f8 providers/oauth2: add revoked field, create suspicious event when previous token is used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:59:01 +02:00
Jens Langhammer 3e60e956f4 providers/oauth2: fix CORS headers not being set for unsuccessful requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:49:00 +02:00
Jens Langhammer 84ec70c2a2 providers/oauth2: use self.expires for exp field instead of calculating it again 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-03 15:32:58 +02:00
Jens Langhammer 3e26170f4b providers/oauth2: deepmerge claims 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-07-01 17:33:46 +02:00
dependabot[bot] d102c59654
build(deps-dev): bump pylint from 2.8.3 to 2.9.0 (#1095) 
* build(deps-dev): bump pylint from 2.8.3 to 2.9.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* *: update source for new pylint version

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-30 10:37:28 +02:00
Jens Langhammer ba9edd6c44 flows: handle possible errors with FlowPlans received from cache 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 22:03:48 +02:00
Jens Langhammer 3b2b3262d7 flows: add FlowStageBinding to flow plan instead of just stage 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-27 18:47:04 +02:00
Jens Langhammer a3ff7cea23 providers/oauth2: fix usage of timedelta.seconds 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-25 11:55:00 +02:00
Jens Langhammer 9b5e3921cb providers/saml: better handle decoding errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 22:48:34 +02:00
Jens Langhammer 831b32c279 core: fix PropertyMapping's globals not matching Expression policy 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-21 15:54:43 +02:00
Jens Langhammer 19cac4bf43 providers/saml: fix error when getting transient user identifier 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 13:52:10 +02:00
Jens Langhammer 4ca564490e providers/saml: add support for NameID type unspecified 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:45:53 +02:00
Jens Langhammer fcb795c273 providers/saml: fix NameIDPolicy not being parsed correctly, improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-17 12:22:40 +02:00
Jens Langhammer 0e02925a3d stages/authenticator_validate: add tests for authenticator validation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 16:32:36 +02:00
Jens Langhammer 5b837c3ccc providers/saml: improve error handling for signature errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-14 12:51:42 +02:00
Jens Langhammer 31d2ea65fd provider/proxy: mark forward_auth flag as deprecated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-13 12:39:25 +02:00
Jens Langhammer d878d2140e providers/saml: add metadata download link to api 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 14:06:44 +02:00
Jens L 34ae9e6dab
API: add endpoint to show by what objects an object is used (#995) 
* core: add used_by API to show what objects are affected before deletion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/elements: add support for used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add authentik_used_by_shadows to shadow other models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: implement used_by API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix duplicate imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add action field to used_by api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add UI for used_by action

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add notice to tenant form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix naming in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: check length for used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: fix used_by for non-pk models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: improve __str__ on models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add support for many to many in used_by

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-10 11:58:12 +02:00
Jens L dad24c03ff
outposts: set cookies for a domain to authenticate an entire domain (#971) 
* outposts: initial cookie domain implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add cookie domain setting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: replace forward_auth_mode with general mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: rebuild proxy provider form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: re-add forward_auth_mode for backwards compat

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix data.mode not being set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: always set log level to debug when testing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: use new mode attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: only ingress /akprox on forward_domain

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/proxy: fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix error on ProxyProviderForm when not using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: fix default for outpost form's type missing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: add additional desc for proxy modes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts: fix service account permissions not always being updated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost/proxy: fix redirecting to incorrect host for domain mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling for network errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outpost: fix image naming not matching main imaeg

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: fix redirects for domain mode and traefik

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix colour for paragraphs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix consent stage not showing permissions correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add domain-level docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: fix broken links

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* outposts/proxy: remove dead code

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/flows: fix missing id for #header-text

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 23:10:17 +02:00
Jens Langhammer 029d58191e sources/saml: include metadata download link in API response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-08 17:22:03 +02:00
Jens Langhammer 9180d448df core: move end-session to core 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-06 13:56:38 +02:00
Jens Langhammer cec47c3cfc providers/oauth2: show id_token issues for refresh token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-02 22:05:04 +02:00
Jens Langhammer b50ac96605 providers/oauth2: remove size limit on Access code nonce 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-06-02 20:20:07 +02:00
Jens Langhammer 14f85ec980 tenants: migrate context_processor to tenants 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-29 18:01:48 +02:00
Jens Langhammer 58a4b20297 outposts: handle disconnects without outpost better 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-25 12:06:55 +02:00
Jens Langhammer c6bb6709fd flows: add default challenge response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 20:27:50 +02:00
Jens Langhammer fb4e0723ee stages: fix stage unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 17:12:48 +02:00
Jens Langhammer 6f6ae7831e flows: make use of oneOf OpenAPI to annotate all challenge types 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-24 14:11:23 +02:00
Jens Langhammer 9b57f0b81d Merge branch 'version-2021.5' into next 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/en.po
#	web/src/locales/pseudo-LOCALE.po
 2021-05-22 20:01:16 +02:00
Jens Langhammer 2c816e6162 providers/proxy: don't use https to communicate with outpost 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-22 18:56:38 +02:00
Jens Langhammer bb89b9b572 Merge branch 'version-2021.5' into next 2021-05-21 23:50:43 +02:00
Jens Langhammer 6600da7d98 providers/oauth2: add missing kid header to JWT Tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-21 23:40:00 +02:00
Jens Langhammer 92f2a82c03 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-20 01:10:08 +02:00
Jens Langhammer dcf074650e providers/proxy: fix redirect_uris not always being set on save 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-20 01:10:04 +02:00
Jens Langhammer acf1ad91d9 providers/oauth2: fix double login required when prompt=login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-19 23:34:27 +02:00
Jens Langhammer a74419214c providers/proxy: fix redirect_uris not always being set on save 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-19 23:10:00 +02:00
Jens Langhammer 3cf0f07baf *: fix API Schema for file uploads 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-17 23:12:52 +02:00
Jens Langhammer ef9f08553c *: linting pass, rename from swagger to schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:22:57 +02:00
Jens Langhammer 4fb71a6bdd api: fix pagination schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 15:08:51 +02:00
Jens Langhammer 0bac738090 *: fix static response descriptions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-16 14:07:29 +02:00
Jens Langhammer 1324d03815 *: initial migration to openapi v3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 23:57:28 +02:00
Jens Langhammer 6600d5bf69 providers/oauth2: use user.uid 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 14:08:49 +02:00
Jens Langhammer a4278833d8 providers/proxy: fix ingress not being created with full https 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-15 13:45:41 +02:00
Jens Langhammer 942905b9b1 providers/proxy: fix formatting issue 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-14 16:24:35 +02:00
Jens Langhammer 8d7bb7da17 providers/proxy: connect ingress to https instead of http 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882
 2021-05-14 11:42:03 +02:00
Jens Langhammer 0620324702 root: bump version of psf black 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-12 00:42:46 +02:00
Jens Langhammer 84dfbcaaae providers/api: return redirect_uris for proxy provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 20:02:17 +02:00
Jens Langhammer 24f2932777 crypto: add ?download flag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#861
 2021-05-11 14:21:35 +02:00
Jens Langhammer 932b19999e providers/proxy: missing @property for noop 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 01:26:01 +02:00
Jens Langhammer 788fd00390 outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-11 00:27:29 +02:00
Jens Langhammer 1f1d322958 *: fix api results when non-superuser 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-10 00:01:35 +02:00
Jens Langhammer a6a8eddf7c providers/proxy: create ingress for forward_auth /akprox path 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 12:40:44 +02:00
Jens Langhammer 8c0a87b710 outposts: improve logging for outpost controller 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 12:34:44 +02:00
Jens Langhammer 5cad59a9f8 providers/proxy: fix being able to set empty internal_host 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-09 00:07:34 +02:00
Jens Langhammer e6dfa8294e providers/proxy: use name.namespace for middleware service 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-07 10:07:30 +02:00
Jens Langhammer ea7f9f291f outposts: create traefikmiddleware if forwardAuth is enabled 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-07 00:01:35 +02:00
Jens Langhammer 4e9176ed2e outposts: support different port on container vs exposed port 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-06 19:59:49 +02:00
Jens Langhammer 701c140cfd providers/proxy: fix logic error for ingress lookup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 20:28:13 +02:00
Jens Langhammer be8b2bf6f6 providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 17:53:12 +02:00
Jens Langhammer 9a15a66d85 outposts: make k8s object naming configurable 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-05 15:36:27 +02:00
Jens Langhammer e674f03064 */api: fix lookups per user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-04 21:58:20 +02:00
Jens Langhammer 99d161e212 Merge branch 'master' into outpost-ldap 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/core/api/users.py
#	authentik/policies/event_matcher/migrations/0013_alter_eventmatcherpolicy_app.py
 2021-05-04 21:02:20 +02:00
Jens Langhammer c529340d6c *: fix title not being set correctly for server-side rendered views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-05-02 12:22:50 +02:00
Jens Langhammer b55cb2b40c Merge branch 'master' into outpost-ldap 2021-04-29 20:13:47 +02:00
Jens L 2a409215d3
outpost: forwardAuth mode (#790) 2021-04-29 18:17:10 +02:00
Jens L c4e4e17f93
providers/oauth2: add access_code_validity (#795) 
closes #794

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-28 21:03:43 +02:00
Jens Langhammer 4d858c64e0 Merge branch 'master' into outpost-ldap 2021-04-27 17:08:26 +02:00
Jens Langhammer 48c0c0baca */api: simplify lookups for per-user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:53:01 +02:00
Jens Langhammer fe28d216fe providers/oauth2: always test JWT keys in tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-27 14:07:04 +02:00
Jens Langhammer 3ce8b836dc outposts: allow outposts to have non-object specific permissions 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:28:26 +02:00
Jens Langhammer 1d5958a78f providers/ldap: add search_group to limit who can do search requests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 23:25:03 +02:00
Jens Langhammer fae4d34131 Merge branch 'master' into outpost-ldap 2021-04-26 17:11:50 +02:00
Jens Langhammer 7ff7bfeb58 core: fix incorrect styling for bse_full template 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 16:44:13 +02:00
Jens Langhammer 29da7dd8d6 providers/ldap: fix lint error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:49:19 +02:00
Jens Langhammer b3c8ffb96c outposts/ldap: use authorization_flow instead of separate field 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 15:09:41 +02:00
Jens Langhammer 302b047f1a outposts/ldap: add controllers 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 14:26:31 +02:00
Jens Langhammer d741ed430a web/admin: add UI for LDAP Provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 12:12:02 +02:00
Jens Langhammer f89479caf3 providers/ldap: add LDAP provider 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 11:52:42 +02:00
Jens Langhammer 9341787fe7 providers/oauth2: replace deprecated jwkest with pyjwt 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-26 00:02:13 +02:00
Jens Langhammer d616bdd5d6 providers/oauth2: add proper support for non-http schemes as redirect URIs 
closes #772

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-23 16:34:52 +02:00
Jens Langhammer 3282b34431 providers/oauth2: fix TokenView not having CORS headers set even with proper Origin 
and added tests. closes #771

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 23:48:28 +02:00
Jens Langhammer 392d9bb10b providers/oauth2: fix misleading name of cors_allow_any 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#771
 2021-04-22 23:29:49 +02:00
Jens Langhammer d75284a587 flows: fix errors which occur during flow execution being sent to sentry malformed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-22 20:14:37 +02:00
Jens Langhammer ce082ead5e providers/oauth2: add unittests for authorize and token views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 21:05:49 +02:00
Jens Langhammer f328b21e89 providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-18 14:20:50 +02:00
Jens Langhammer 32c5bf04b8 *: fix linting errors 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-17 20:08:49 +02:00
Jens Langhammer ab4569e5d6 web/admin: fix application form's provider selection not working 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:49:35 +02:00
Jens Langhammer cb048764f4 providers/proxy: make outpost API readonly 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-11 13:31:15 +02:00
Jens Langhammer d76db3caba *: add missing error codes as swagger annotations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-10 23:55:43 +02:00
Jens Langhammer eeb9449c11 lib: remove templatetags 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:37:32 +02:00
Jens Langhammer c17eb00e3b providers/oauth2: fix component for Scope 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-03 12:08:21 +02:00
Jens Langhammer 70fc4c0d88 sources/ldap: migrate to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-02 12:12:14 +02:00
Jens Langhammer ed2e9b88e7 Merge branch 'master' into new-forms-part-3 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 23:02:22 +02:00
Jens Langhammer 509f21a9b4 providers/oauth2: add validation and tests to API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:43:18 +02:00
Jens Langhammer b299451cab providers/saml: fix metadata download not being unauthenticated 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:16:07 +02:00
Jens Langhammer 7e63a18d37 providers/saml: fix unittests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 20:05:50 +02:00
Jens Langhammer b4a6f8350b admin: remove provider views 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:30 +02:00
Jens Langhammer 5eb9b95ab5 providers/saml: migrate import to API, add API tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-04-01 19:28:12 +02:00
Jens Langhammer d3f2f987e0 providers/saml: migrate saml property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:38:40 +02:00
Jens Langhammer 221e6190c8 sources/ldap: migrate property mappings to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:08:40 +02:00
Jens Langhammer 6a69425688 providers/oauth2: migrate scope mapping to web 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-31 23:07:57 +02:00
Jens Langhammer 69ee18e13d Merge branch 'master' into new-forms 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	Pipfile.lock
#	authentik/api/decorators.py
#	authentik/core/api/applications.py
#	authentik/core/api/users.py
#	authentik/events/api/event.py
#	authentik/events/api/notification_transport.py
#	authentik/flows/api/flows.py
#	swagger.yaml
 2021-03-30 10:26:18 +02:00
dependabot[bot] c180a521ec
build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674) 
* build(deps-dev): bump pylint from 2.7.2 to 2.7.3

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

* sources/saml: fix linting for SAMLBindingTypes.Redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: Fix linting for RequestKind

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix linting for ChallengeTypes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-30 10:05:14 +02:00
Jens Langhammer 7d74e1d2c4 *: revert to drf-yasg upstream 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-29 21:04:54 +02:00
Jens Langhammer 4612cea970 sources/saml: replace server-side pre-auth views for pre_auth flow 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-24 09:22:15 +01:00
Jens Langhammer 33787d0685 web: remove pf-c-card-aggregate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-23 16:05:37 +01:00
Jens Langhammer 3157bf63a6 root: upgrade to pylint 2.7 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 20:03:33 +01:00
Jens L fe7f23238c
Static SPA (#648) 
* core: initial migration to /if

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: move jsi18n to api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix static URLs in tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add new html files to rollup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix rollup config and nginx config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add Impersonation support to user API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add banner for impersonation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests: fix test_user function for new User API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: add background to API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: set background from flow API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: make root view login_required for redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: redirect to root-redirect instead of if-admin direct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: add header to prevent Authorization Basic prompt in browser

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: redirect to root when user/me request fails

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-22 13:44:17 +01:00
Jens Langhammer 43f19f78bb providers/oauth2: fix error when redirecting from an authorization error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 22:06:45 +01:00
Jens Langhammer 3d45956f15 web: fix display of scopes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-20 19:05:10 +01:00
Jens Langhammer 9ad10863de providers/oauth2: add API for auth codes and refresh tokens 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-03-18 15:59:38 +01:00
Jens L 2852fa3c5e
web: use generated API Client (#616) 
* api: fix types for config API

* api: remove broken swagger UI

* admin: re-fix system task enum

* events: make event optional

* events: fix Schema for notification transport test

* flows: use APIView for Flow Executor

* core: fix schema for Metrics APIs

* web: rewrite to use generated API client

* web: generate API Client in CI

* admin: use x_cord and y_cord to prevent yaml issues

* events: fix linting errors

* web: don't lint generated code

* core: fix fields not being required in TypeSerializer

* flows: fix missing permission_classes

* web: cleanup

* web: fix rendering of graph on Overview page

* web: cleanup imports

* core: fix missing background image filter

* flows: fix flows not advancing properly

* stages/*: fix warnings during get_challenge

* web: send Flow response as JSON instead of FormData

* web: fix styles for horizontal tabs

* web: add base chart class and custom chart for application view

* root: generate ts client for e2e tests

* web: don't attempt to connect to websocket in selenium tests

* web: fix UserTokenList not being included in the build

* web: fix styling for static token list

* web: fix CSRF Token missing

* stages/authenticator_static: fix error when disable static tokens

* core: fix display issue when updating user info

* web: fix Flow executor not showing spinner when redirecting
 2021-03-08 11:14:00 +01:00
Jens Langhammer c6de4e47d7 providers/oauth2: allow protected_resource_view when method is OPTIONS 2021-03-05 16:57:37 +01:00
Jens Langhammer de4b3d6290 providers/oauth2: always set CORS headers on provider info view 2021-03-05 14:27:16 +01:00
Jens Langhammer 792fa45dca providers/oauth2: add logout URL to Setup URLs API 2021-03-02 15:11:18 +01:00
Jens Langhammer a81f981471 lib: fix being unable to set authentik. options 2021-03-01 11:11:00 +01:00
Jens Langhammer d6fd2b0afa sources/saml: add Metadata API 2021-03-01 10:50:45 +01:00
Jens Langhammer 7f65ae3f92 Merge branch 'master' into stage-challenge 
# Conflicts:
#	web/package-lock.json
 2021-02-28 00:47:18 +01:00
Jens Langhammer 0958740b51 providers/saml: fix Autosubmit Challenge 2021-02-28 00:09:08 +01:00
Jens Langhammer d2dfc6d63b Merge branch 'master' into stage-challenge 2021-02-27 16:04:57 +01:00
Jens Langhammer a18240fcd7 providers/oauth2: fix error when no login event could be found 2021-02-27 16:02:07 +01:00
Jens Langhammer 890e0e9054 *: remove unused templates and code, move avatar to User model 2021-02-25 19:58:23 +01:00
Jens Langhammer ca223fa4df providers/saml: migrate to challenge for submit 2021-02-21 14:36:22 +01:00
Jens Langhammer b9f409d6d9 stages/consent: migrate to SPA 2021-02-21 13:15:45 +01:00
Jens Langhammer bdb86d7119 *: replace shortcuts.reverse with urls.reverse 2021-02-20 19:13:50 +01:00
Jens Langhammer e4f0613fab *: replace tuple and set from typing with normal 2021-02-18 13:53:57 +01:00
Jens Langhammer ecff810021 *: replace List from typing with normal list 2021-02-18 13:45:46 +01:00
Jens Langhammer fdde97cbbf *: replace Dict from typing with normal dict 2021-02-18 13:41:03 +01:00
Jens Langhammer 60c244c31d core: add User.uid for globally unique user ID 2021-02-16 23:04:48 +01:00
Jens Langhammer 68eefd083e web: fix linting errors 2021-02-16 22:35:55 +01:00
Jens Langhammer a647917074 providers/saml: use redirect binding first 2021-02-16 21:35:19 +01:00
Jens Langhammer 099197ba8c providers/saml: fix AuthnRequestsSigned and WantAssertionsSigned not loaded correctly 2021-02-16 21:30:15 +01:00
Jens Langhammer baa2ed5ecc web: fix download button for SAML Metadata download 2021-02-16 21:04:03 +01:00
Jens Langhammer 6bcdf36ca6 admin: add ?provider for ApplicationCreateView 2021-02-16 20:00:52 +01:00
Jens Langhammer 0b75a0028b providers/saml: fix error when getting metadata of provider with no application 2021-02-16 19:58:04 +01:00
Jens Langhammer 0901d7461e providers/saml: fix redirect error 2021-02-16 19:28:18 +01:00
Jens Langhammer 61772b75ff providers/saml: fix managed mappings not being set on import 2021-02-16 19:20:52 +01:00
Jens Langhammer 5ae030997a providers/saml: fix missing import 2021-02-15 09:25:22 +01:00
Jens Langhammer 35e8a0c374 admin: fix ?next for Flow list 2021-02-14 18:39:36 +01:00
Jens Langhammer bf754369d9 providers/proxy: fix certificates without key being selectable 2021-02-09 21:11:44 +01:00
Jens Langhammer efc46f52e6 outposts: move health to API 2021-02-08 19:01:10 +01:00
Jens Langhammer fe4b2d1a34 providers/oauth2: add authorized scopes to AUTHORIZE_APPLICATION event 2021-02-08 11:51:38 +01:00
Jens Langhammer f8abe3e210 providers/oauth2: add unofficial groups attribute to default profile claim 2021-02-08 11:50:26 +01:00
Jens Langhammer bfc8e9200f providers/saml: split views into separate files 2021-02-07 13:39:33 +01:00
Jens Langhammer 6aa13a8666 providers/saml: force-set friendly_name to empty string for managed mappings 2021-02-06 20:52:52 +01:00
Jens Langhammer 91282c7bd8 web: add page for Proxy Provider 2021-02-06 18:57:25 +01:00
Jens Langhammer 830b8bcd5b web: add page for OAuth2 Provider 2021-02-06 18:39:15 +01:00
Jens Langhammer 0f5e6d0d8c api: add dark theme for API Browser 2021-02-06 18:09:24 +01:00
Jens Langhammer 6aa6615608 web: add view page for SAML Provider 2021-02-06 18:07:13 +01:00
Jens Langhammer 91d6a3c8c7 providers/*: simplify provider API 2021-02-06 17:31:29 +01:00
Jens L a6ac82c492
*: rewrite managed objects, use nullable text flag instead of boolean as uid (#533) 2021-02-06 15:56:21 +00:00
Jens Langhammer ef70e93bbd Merge branch 'master' into ldap-groupOfNames 2021-02-05 14:52:39 +01:00
Jens Langhammer de2d8b2d85 providers/oauth2: pass application to configuration error event 2021-02-04 20:35:37 +01:00
Jens Langhammer 14dc420747 sources/ldap: rewrite group membership syncing 2021-02-04 20:06:42 +01:00
Jens Langhammer add20de8de providers/*: fix api linting issues 2021-02-04 10:27:55 +01:00
Jens Langhammer c7c387eb38 providers/*: add assigned application name and slug 2021-02-04 10:09:19 +01:00
Jens L e25d03d8f4
Managed objects (#519) 
* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting
 2021-02-03 21:18:31 +01:00
Jens Langhammer d8ae56ed19 providers/saml: fix imported provider not saving properties correctly 2021-01-30 12:33:27 +01:00
Jens Langhammer 2f3a086f29 docs: update veeam docs for group mapping 2021-01-28 23:34:51 +01:00
Jens Langhammer 239af7048a providers/saml: import SAML Provider with all autogenerated mappings 2021-01-28 23:32:36 +01:00
Jens Langhammer 5ef4354723 providers/saml: make NameID configurable using a Property Mapping 2021-01-28 22:50:13 +01:00
Jens Langhammer 66a8b52c7c providers/saml: update default OIDs for default property mappings 2021-01-28 22:44:44 +01:00
Jens Langhammer f4bb22138c providers/saml: add support for WindowsDomainQualifiedName, add docs for NameID 2021-01-28 22:00:40 +01:00
Jens Langhammer 2d2a404028 providers/oauth2: improve error handling and event creation 2021-01-16 18:27:10 +01:00
Jens Langhammer 6ed78830a0 providers/proxy: check ingress annotations we manage 2021-01-02 01:48:39 +01:00
Jens Langhammer 85c2db018e outposts: ensure field_manager is also used for updates 2021-01-02 00:52:42 +01:00
dependabot[bot] bc9e7e8b93
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445) 
* build(deps): bump structlog from 20.1.0 to 20.2.0

Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

* *: use structlog.stdlib instead of structlog for type-hints

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2021-01-01 15:39:43 +01:00
Jens Langhammer 2e69efe699 providers/saml: sign metadata when signing is enabled 2020-12-31 15:02:21 +01:00
Jens Langhammer 4fde1b7365 providers/saml: allow audience to be empty 2020-12-30 22:15:28 +01:00
Jens Langhammer 412f5b9210 providers/saml: fix signing and verification kp not being set correctly 2020-12-30 22:11:24 +01:00
Jens Langhammer a9e53cd52a providers/saml: fix string being passed to lxml 2020-12-30 22:03:01 +01:00
Jens Langhammer d0ee7908ab providers/saml: force user to select authz flow for import 2020-12-30 22:02:41 +01:00
Jens Langhammer e69834dec4 providers/saml: show error message why import failed 2020-12-30 22:02:28 +01:00
Jens Langhammer 765ae80698 providers/oauth2: fix error when creating RefreshToken 2020-12-29 21:22:49 +01:00
Jens Langhammer 22ce142cb8 outposts: include protocol in outpost deployment ports 2020-12-28 17:21:02 +01:00
Jens Langhammer 1a292feebb outposts: always check metadata on reconcile 2020-12-28 17:11:37 +01:00
Jens Langhammer 09f4d812b3 outposts: set field_manager 2020-12-28 17:11:33 +01:00
Jens Langhammer 0e1587bc1a providers/oauth2: don't write authorization code to event log 2020-12-28 01:07:18 +01:00
Jens Langhammer dc16a8a4c9 providers/proxy: set proxy-size for nginx for larger response 2020-12-28 00:45:58 +01:00
Jens L a6d0c8c26c
providers/saml: Metadata Import (#432) 
* providers/saml: add basic metadata parser

* providers/saml: add importer for Singing certificate, validate signature, add tests

* providers/saml: add provider name to form,

* web: don't use trailing slash for spa URLs

* providers/saml: formatting fixes

* sources/*: add verbose_name to source serializers

* admin: add button launch import modal
 2020-12-27 22:38:04 +01:00
Jens Langhammer e216efb6ec providers/oauth2: create access tokens as JWT 2020-12-27 19:36:17 +01:00
Jens Langhammer 378fe38b12 providers/oauth2: ensure response is URL fragment only when implicit or hybrid 2020-12-27 19:07:42 +01:00
Jens Langhammer ce9fb8801c providers/oauth2: ensure nonce is validated on all OIDC flows 2020-12-27 18:13:41 +01:00
Jens Langhammer 67ca83c228 providers/oauth2: add c_hash field 2020-12-27 18:13:13 +01:00
Jens Langhammer ee2e737782 providers/oauth2: remove response_type field as spec doesn't require validation 2020-12-27 18:12:47 +01:00
Jens Langhammer b04c9a2098 providers/oauth2: check redirect_uri before request object 2020-12-27 17:15:36 +01:00
Jens Langhammer e7c96eb70d providers/oauth2: Make AuthorizeError's state parameter requireed 2020-12-27 15:33:29 +01:00
Jens Langhammer e8debce9c8 providers/oauth2: fix infinite loops when prompt=login 2020-12-27 15:23:26 +01:00
Jens Langhammer bcd0686a33 providers/oauth2: redirect back correctly with state on AuthorizationError 2020-12-27 15:22:53 +01:00
Jens Langhammer 55322995a1 providers/oauth2: make iss field configurable 2020-12-27 15:02:12 +01:00
Jens Langhammer dff5eb69c8 providers/oauth2: fix token endpoint creating invalid token when no scopes are passed 2020-12-27 14:48:44 +01:00
Jens Langhammer b747022bc1 providers/oauth2: fix old id_token being sent when using token endpoint with grant_type=refresh_token 2020-12-27 14:33:51 +01:00
Jens Langhammer 885fcff495 providers/oauth2: add grant_types_supported to discovery endpoint 2020-12-27 14:17:40 +01:00
Jens Langhammer 5b18e28753 providers/oauth2: fix include_claims_in_id_token not being shown in form/API 2020-12-27 14:05:10 +01:00
Jens Langhammer 9848c5f3eb providers/oauth2: implement discovery's scopes_supported better 2020-12-27 13:36:14 +01:00
Jens Langhammer fc98c3934a providers/*: implement configuration_error 2020-12-27 13:15:31 +01:00
Jens Langhammer d17b2b0d1b providers/oauth2: add request_parameter_supported 2020-12-27 12:18:23 +01:00
Jens Langhammer f17d809219 providers/oauth2: add scopes_supported to discovery endpoint 2020-12-26 21:18:16 +01:00
Jens Langhammer 6c8e9fb553 providers/oauth2: add ACR support 2020-12-26 20:16:50 +01:00
Jens Langhammer 43bb29e16a providers/oauth2: implement max_age param 2020-12-26 20:05:31 +01:00
Jens Langhammer 29edbb0357 providers/oauth2: use auth_time from LOGIN event 2020-12-26 19:05:02 +01:00
Jens Langhammer 12ae867759 providers/oauth2: redirect back on prompt=none error instead of showing message 2020-12-26 18:58:18 +01:00
Jens Langhammer a20ca9136b providers/oauth2: use in for prompt check 2020-12-26 18:53:47 +01:00
Jens Langhammer 3759e96e7d providers/oauth2: ensure interaction_required is raised when prompt=none and user not logged in 2020-12-26 18:45:23 +01:00
Jens Langhammer e5e1e3737d providers/oauth2: fix query using user model not dict 2020-12-26 18:20:34 +01:00
Jens Langhammer 8dddcf891e providers/oauth2: fix "auth_time" being based on user.last_login 2020-12-26 18:11:29 +01:00
Jens Langhammer 319104c39b providers/oauth2: improve error handling, ensure correct message is shown to user 2020-12-26 17:50:16 +01:00
Jens L 79da2bf698
web: Table parity (#427) 
* core: fix application API always being sorted by name

* web: add sorting to tables

* web: add search to TablePage

* core: add search to applications API

* core: add MetaNameSerializer

* *: fix signature for non-modal serializers

* providers/*: implement MetaNameSerializer

* web: implement full app list page, use as default in sidebar

* web: fix linting errors

* admin: remove old application list

* web: fix default sorting for application list

* web: fix spacing for search element in toolbar
 2020-12-24 09:56:05 +01:00
Jens L a4dc6d13b5
events: rename audit to events and use for more metrics (#397) 
* events: rename audit to events

* policies/expression: log expression exceptions as event

* policies/expression: add ExpressionPolicy Model to event when possible

* lib/expressions: ensure syntax errors are logged too

* lib: fix lint error

* policies: add execution_logging field

* core: add property mapping tests

* policies/expression: add full test

* policies/expression: fix attribute name

* policies: add execution_logging

* web: fix imports

* root: update swagger

* policies: use dataclass instead of dict for types

* events: add support for dataclass as event param

* events: add special keys which are never cleaned

* policies: add tests for process, don't clean full cache

* admin: create event when new version is seen

* events: move utils to separate file

* admin: add tests for admin tasks

* events: add .set_user method to ensure users have correct attributes set

* core: add test for property_mapping errors with user and request
 2020-12-20 22:04:29 +01:00
Jens Langhammer 5f3ab22bea providers/oauth2: fix incorrect background set on end session screen 2020-12-19 14:24:28 +01:00
Jens Langhammer 3c12c8b3ff core: make Provider SerializerModel 2020-12-16 21:38:40 +01:00
Jens Langhammer e9bb583b32 providers/proxy: ensure pb_proxy is deleted and ak_proxy is created 2020-12-14 10:47:49 +01:00
Jens Langhammer f0f3245388 root: fix links to docs 2020-12-14 00:45:02 +01:00
Jens Langhammer ae1a8842db providers/oauth2: start adding tests for OAuthAuthorizationParams 2020-12-13 23:14:35 +01:00
Jens Langhammer d380194e13 */saml: test against SAML Schema 2020-12-13 19:53:16 +01:00
Jens Langhammer 32f5d5ba72 recovery: add test for invalid key 2020-12-13 18:46:36 +01:00
Jens Langhammer f056b026d6 lib: test edgecase for timedelta_from_string 2020-12-13 18:35:51 +01:00
dependabot[bot] 2caa1e7650
build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371) 
* build(deps-dev): bump bandit from 1.6.2 to 1.6.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for new bandit version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2020-12-07 11:21:07 +01:00
Jens L 1cfe1aff13
wip: rename to authentik (#361) 
* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject
 2020-12-05 22:08:42 +01:00