Commit graph

2819 commits

Author SHA1 Message Date
Jens L 8160663214
release: 2023.4.0 (#5254) 2023-04-14 13:20:22 +02:00
Jens L 6a700cb376
core: fix user metrics for users which can't access events (#5252)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 11:20:26 +02:00
Jens L a5098364eb
events: unpack wrapped query from FlowExecutor (#5244)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 00:07:41 +02:00
Jens L 6a74fa11c6
providers/oauth2: inconsistent client secret generation (#5241)
* use simpler char set for client secret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also adjust radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use similar logic in web to generate ids and secrets

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont use math.random

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 15:06:28 +02:00
Jens L f84a10b59b
core: revert django update (#5236)
* Revert "core: bump django from 4.1.7 to 4.2 (#5151)"

This reverts commit 18a4eac527.

* run unittests with postgres 11 and 12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 14:10:12 +02:00
dependabot[bot] 18a4eac527
core: bump django from 4.1.7 to 4.2 (#5151)
* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-11 15:00:27 +02:00
Jens L 1ca8feb5fc
sources/ldap: make schema optional (#5213)
* sources/ldap: make schema optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* create one connection and re-use it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use magicmock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-10 21:55:56 +02:00
Jens L 8b78570597
outposts: run containers as non root (#5212)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-09 21:39:07 +02:00
Jens L 977757f561
policies: provider raw result for better policy reusability (#5189)
* policies: include raw_result in PolicyResult

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move ak_call_policy to base evaluator

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-06 09:42:29 +02:00
Jens L 711e98d049
stages/identification: revert is_active check (#5183) 2023-04-05 15:49:35 +02:00
Jens L 132a353b92
outposts: set k8s deployment security context (#5163)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-05 13:36:46 +02:00
dependabot[bot] fb4808418c
core: bump sentry-sdk from 1.18.0 to 1.19.0 (#5169)
* core: bump sentry-sdk from 1.18.0 to 1.19.0

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/1.18.0...1.19.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* use new features

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-04 15:29:09 +02:00
Jens L 02f75a92ce
lifecycle: don't use celery ping for worker healthcheck (#5153)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-03 18:15:31 +02:00
Ongy adcd11b1f8
core: extend postgres configuration (#5138)
Add postgres configuration options to control
TLS verification and client certificates.
2023-04-02 17:39:36 +02:00
sdimovv 6192d01b7e
stages: Add ability to set user friendly names for MFA stages (#5005)
* Added ability to name MFA stage

* Schema

* Changed Charfield to Textfield

* Regenerated schema

* Add explicit required

* set null instead of blank so title check works

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add help text and adjust wording

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-02 16:52:44 +02:00
Jens L 5947c7b97e
stages/user_write: improve error handling (#5136)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-31 23:59:37 +02:00
Jens L 75510ead84
core: fix app launch URL flow selection (#5113) 2023-03-30 02:10:25 +02:00
dependabot[bot] 73bf6fd530
core: bump channels-redis from 4.0.0 to 4.1.0 (#5115)
* core: bump channels-redis from 4.0.0 to 4.1.0

Bumps [channels-redis](https://github.com/django/channels_redis) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/django/channels_redis/releases)
- [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels_redis/compare/4.0.0...4.1.0)

---
updated-dependencies:
- dependency-name: channels-redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove channels <4.1 workaround

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-30 00:08:07 +02:00
Jens L 1d2725825c
providers/scim: add missing default fields (#5108)
* providers/scim: add missing default fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4554

* update tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-28 14:42:52 +02:00
Jens L 4218ece2a5
stages/authenticator_validate: fix stage not working without pending user (#5096)
closes #5094

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-27 23:08:55 +02:00
Jens L b097cf4d7e
providers/scim: fix error when user-group m2m is updated forward (#5082)
* providers/scim: fix error when user-group m2m is updated forward

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 22:34:53 +02:00
Jens L 5c0d7f9a58
web/admin: fix error when creating bindings due to hidden inputs (#5081)
* web/admin: fix error when creating bindings due to hidden inputs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-26 18:58:02 +02:00
Jens L 6437fbc814
web/admin: prompt preview (#5078)
* add initial prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't flood api with requests when fields are changeed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-25 22:31:48 +01:00
risson 1957717160
providers: Add ability to choose a default authentication flow (#5070)
* core: add ability to choose a default authentication flow for a provider

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update web to use correct ak-search-select

I don't think this element existed when the PR was initially created, lol

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only use provider authentication flow for authentication designation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-24 13:26:00 +01:00
Jens L da3222df07
core: fix websocket url path (#5019)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-21 00:20:48 +01:00
Jens L 54cacd784c
*: load websocket paths similarly to URLs (#5018)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 23:39:25 +01:00
Jens L 3f5effb1bc
providers/radius: simple radius outpost (#1796)
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
sdimovv 16a03160d0
core: Add unique constraint to user UUID (#5004) 2023-03-20 00:33:08 +01:00
sdimovv 8b52d711e8
stages/prompt: Add Radio Button Group, Dropdown and Text Area prompt fields (#4822)
* Added radio-button prompt type in model

* Add radio-button prompt

* Refactored radio-button prompt; Added dropdown prompt

* Added tests

* Fixed unrelated to choice fields bug causing validation errors; Added more tests

* Added description for new prompts

* Added docs

* Fix lint

* Add forgotten file changes

* Fix lint

* Small fix

* Add text-area prompts

* Update authentik/stages/prompt/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/stages/prompt/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Fix inline css

* remove AKGlobal, update schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-19 18:56:17 +01:00
Jens L 97df7848a5
blueprints: allow setting of token key in blueprint context (#4995)
closes #4717

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-18 00:10:12 +01:00
Jens L e2d3a95c80
web: full web components part 1 (#4964)
* migrate loading

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate api browser

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate base css

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move tenant fetching to base interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* import pre-loaded stages in flow interface and not executor to strip down executor size

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix redirect and such

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-17 23:10:19 +01:00
Jens L 8363016982
version: 2023.3 (#4980)
* release: 2023.3.0

* providers/ldap: fix duplicate attributes (#4972)

closes #4971

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/oauth2: fix response for response_type code and response_mode fragment (#4975)

* web/flows: fix authenticator selector in dark mode (#4974)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* release: 2023.3.1

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 22:43:57 +01:00
Jens L 2a399cf8e8
providers/oauth2: fix response for response_type code and response_mode fragment (#4975) 2023-03-16 15:58:38 +01:00
Jens L eaf56f4f3f
stages/user_login: stay logged in (#4958)
* add initial remember me offset

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to go executor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui for user login stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
Jens L 9310d4cdc0
*: fix mismatched task names for discovery, make output service connection task monitored (#4956)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:12:08 +01:00
Jens L 86f9056d3f
core: fix url validator (#4957)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 12:00:57 +01:00
Jens L 73d7b5f110
root: add common fixture loader (#4946)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-14 17:13:03 +01:00
Jens L 4b1440944e
providers: fix authorization_flow not required in API (#4932)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 23:36:24 +01:00
Jens L 59a92dbacd
stages/authenticator_webauthn: remove credential_id size limit (#4931)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 21:24:10 +01:00
Jens L 6f6d22da13
release: 2023.3.0 (#4925) 2023-03-13 19:10:48 +01:00
Jens L fab6a8f8c9
stages/user_login: expiry before login (#4920)
* stages/user_write: run set_expiry before login, so that session used in Signal has correct expiry

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 15:31:06 +01:00
Jens L 178bfe1d44
providers/scim: handle ServiceProviderConfig 404 (#4915)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-13 13:44:29 +01:00
Jens L 94f22cffba
root: fix session middleware for websocket connections (#4909)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 16:47:19 +01:00
Jens L 10b7d78825
events: set task start time before start not on init (#4908)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-12 15:13:04 +01:00
dependabot[bot] 0ef333f8ea
core: bump bandit from 1.7.4 to 1.7.5 (#4896)
* core: bump bandit from 1.7.4 to 1.7.5

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-10 12:06:59 +01:00
Jens L 86bb2afd02
core: add validator which allows for URLs with formatting (#4890) 2023-03-10 00:16:17 +01:00
Jens L b6b820f6f1
web: toggle dark/light theme manually (#4876) 2023-03-09 23:17:53 +01:00
Jens L 6ae2fc9668
providers/SCIM: customizable externalId, document behavior (#4868)
* only set externalId if mapping hasn't set it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better document use of SCIM in conjunction with OAuth/SAML

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-08 00:15:16 +01:00
Jens L 67f3db1e03
core: enforce unique on names where it makes sense (#4866)
enforce unique on names where it makes sense

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 23:52:34 +01:00
Jens L 9559bc2e1e
providers/scim: add option to filter out service accounts, parent group (#4862)
* add option to filter out service accounts, parent group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to filter group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework sync card to show scim sync status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 15:39:48 +01:00