Commit graph

11311 commits

Author SHA1 Message Date
Jens Langhammer c07a48a3ec
security: fix CVE-2023-36456
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	website/sidebars.js
2023-07-06 18:13:19 +02:00
Jens Langhammer e1bae1240f
release: 2023.4.2 2023-06-22 22:21:53 +02:00
risson 37bd62d291
ci: replace github bot account with github app (#5819)
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 22:21:48 +02:00
Jens Langhammer ac63db0136
bump web api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 21:27:30 +02:00
Jens Langhammer 5cdf3a09a9
ATH-01-012: escape quotation marks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:45:47 +02:00
Jens Langhammer 3e17adf33f
ATH-01-014: save authenticator validation state in flow context
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:45:47 +02:00
Jens Langhammer 8392916c84
ATH-01-010: rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:45:18 +02:00
Jens Langhammer 7e75a48fd0
ATH-01-009: migrate impersonation to use API
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/core/urls.py
#	web/src/admin/AdminInterface.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/UserListPage.ts
#	web/src/admin/users/UserViewPage.ts
#	web/src/user/UserInterface.ts
2023-06-19 13:45:07 +02:00
Jens Langhammer d69d84e48c
ATH-01-005: use hmac.compare_digest for secret_key authentication
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:43:09 +02:00
Jens Langhammer 78cc8fa498
ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:43:07 +02:00
Jens Langhammer 0fcdf5e968
ATH-01-004: remove env from admin system endpoint
this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:43:03 +02:00
Jens Langhammer f05997740f
ATH-01-008: fix web forms not submitting correctly when pressing enter
When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	web/src/admin/applications/ApplicationCheckAccessForm.ts
#	web/src/admin/crypto/CertificateGenerateForm.ts
#	web/src/admin/flows/FlowImportForm.ts
#	web/src/admin/groups/RelatedGroupList.ts
#	web/src/admin/policies/PolicyTestForm.ts
#	web/src/admin/property-mappings/PropertyMappingTestForm.ts
#	web/src/admin/providers/saml/SAMLProviderImportForm.ts
#	web/src/admin/users/RelatedUserList.ts
#	web/src/admin/users/ServiceAccountForm.ts
#	web/src/admin/users/UserPasswordForm.ts
#	web/src/admin/users/UserResetEmailForm.ts
2023-06-19 13:42:51 +02:00
Jens Langhammer 1aff300171
ATH-01-010: fix missing user filter for webauthn device
This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.
2023-06-19 13:38:31 +02:00
Jens Langhammer ffb98eaa75
ATH-01-001: resolve path and check start before loading blueprints
This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-19 13:38:19 +02:00
Jens Langhammer 5c1db432f0
release: 2023.4.1 2023-04-18 10:50:44 +03:00
Jens Langhammer 07fd4daa3e
Merge branch 'main' into version-2023.4 2023-04-17 22:46:09 +03:00
dependabot[bot] 9faad8a055
web: bump @sentry/browser from 7.47.0 to 7.48.0 in /web (#5268)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 7.47.0 to 7.48.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.47.0...7.48.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:16:44 +02:00
dependabot[bot] a94392808f
core: bump goauthentik.io/api/v3 from 3.2023031.17 to 3.2023040.1 (#5269)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2023031.17 to 3.2023040.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2023031.17...v3.2023040.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:13:37 +02:00
dependabot[bot] c4998e7dd4
web: bump @sentry/tracing from 7.47.0 to 7.48.0 in /web (#5266)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 7.47.0 to 7.48.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.47.0...7.48.0)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:12:32 +02:00
dependabot[bot] 1ab587d80e
website: bump react-before-after-slider-component from 1.1.6 to 1.1.8 in /website (#5267)
website: bump react-before-after-slider-component in /website

Bumps [react-before-after-slider-component](https://github.com/smeleshkin/react-before-after-slider-component) from 1.1.6 to 1.1.8.
- [Release notes](https://github.com/smeleshkin/react-before-after-slider-component/releases)
- [Commits](https://github.com/smeleshkin/react-before-after-slider-component/compare/v.1.1.6...v.1.1.8)

---
updated-dependencies:
- dependency-name: react-before-after-slider-component
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:12:11 +02:00
dependabot[bot] 5715ffd845
website: bump postcss from 8.4.21 to 8.4.22 in /website (#5265)
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.21 to 8.4.22.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.21...8.4.22)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:11:53 +02:00
dependabot[bot] 8c3834e6b2
core: bump pytest from 7.3.0 to 7.3.1 (#5270)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.0 to 7.3.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.3.0...7.3.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:11:29 +02:00
dependabot[bot] f841586153
core: bump importlib-metadata from 6.3.0 to 6.4.1 (#5271)
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 6.3.0 to 6.4.1.
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v6.3.0...v6.4.1)

---
updated-dependencies:
- dependency-name: importlib-metadata
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:11:11 +02:00
dependabot[bot] b8b681250f
core: bump drf-spectacular from 0.26.1 to 0.26.2 (#5272)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.26.1...0.26.2)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 10:09:08 +02:00
Tana M Berry 3ab9ee5acc
website/docs: separate docker steps (#5246)
* separated steps for macs

* fixed formatting

* fixed formatting harder

* two passwords

* tweaks

* separated error logging step

* comments in wrong place

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-04-14 17:04:09 -05:00
Jens L 1a4c640835
lifecycle: fix worker healthcheck (#5259)
closes #5258

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 14:39:31 +02:00
Jens L 38bf0ee740
lifecycle: re-add exec to ak wrapper (#5253)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 13:52:11 +02:00
Jens L 520fb2fac1
ci: fix tag lookup for previous stable version (#5257)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 13:51:57 +02:00
authentik Bot 95adc38ff4
web: bump API Client version (#5256)
Signed-off-by: GitHub <noreply@github.com>
2023-04-14 11:34:14 +00:00
Jens L 55ad2d7eab
website/docs: add helm RBAC notice (#5255)
website/docs: add helm notice

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 13:21:05 +02:00
Jens L 8160663214
release: 2023.4.0 (#5254) 2023-04-14 13:20:22 +02:00
Jens Langhammer aa80babfff
release: 2023.4.0 2023-04-14 13:28:57 +03:00
Jens L 6a700cb376
core: fix user metrics for users which can't access events (#5252)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 11:20:26 +02:00
Jens L e123afd9ee
web/admin: fix impersonate button layout (#5251)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 11:20:07 +02:00
dependabot[bot] 96e732e45b
web: bump @codemirror/lang-javascript from 6.1.5 to 6.1.6 in /web (#5247)
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript) from 6.1.5 to 6.1.6.
- [Release notes](https://github.com/codemirror/lang-javascript/releases)
- [Changelog](https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-javascript/compare/6.1.5...6.1.6)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-javascript"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 10:35:25 +02:00
dependabot[bot] 6349ab60e7
web: bump core-js from 3.30.0 to 3.30.1 in /web (#5248)
Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.30.1/packages/core-js)

---
updated-dependencies:
- dependency-name: core-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 10:35:12 +02:00
dependabot[bot] 2b0749af6b
core: bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#5249)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-14 10:34:56 +02:00
Jens L a5098364eb
events: unpack wrapped query from FlowExecutor (#5244)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 00:07:41 +02:00
Lars Lehmann 71820191a3
root: fix contributing List points (#5245) 2023-04-13 22:48:13 +02:00
Jens L c08c849fec
website: fix doc build (#5242)
* ci: run both builds

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 17:20:44 +02:00
Jens L 6a74fa11c6
providers/oauth2: inconsistent client secret generation (#5241)
* use simpler char set for client secret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also adjust radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use similar logic in web to generate ids and secrets

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont use math.random

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 15:06:28 +02:00
dependabot[bot] 7841720acf
core: bump gitpython from 3.1.29 to 3.1.30 (#5239)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.29 to 3.1.30.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.29...3.1.30)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 14:15:00 +02:00
Jens L 67644ace87
website/docs: prepare 2023.4 release notes (#5223)
* website/docs: prepare 2023.4 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add prompt preview

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update website/docs/releases/2023/v2023.4.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* add new release to sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-04-13 14:11:46 +02:00
Jens L f84a10b59b
core: revert django update (#5236)
* Revert "core: bump django from 4.1.7 to 4.2 (#5151)"

This reverts commit 18a4eac527.

* run unittests with postgres 11 and 12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 14:10:12 +02:00
Jens L 200d6d6adf
website: bump docusaurus (#5235)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 13:45:51 +02:00
dependabot[bot] d0f1ebfad3
core: bump packaging from 23.0 to 23.1 (#5234)
Bumps [packaging](https://github.com/pypa/packaging) from 23.0 to 23.1.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/packaging/compare/23.0...23.1)

---
updated-dependencies:
- dependency-name: packaging
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 11:31:19 +02:00
dependabot[bot] 7d849d7bd7
core: bump maxmindinc/geoipupdate from v4.11 to v5.0 (#5233)
Bumps maxmindinc/geoipupdate from v4.11 to v5.0.

---
updated-dependencies:
- dependency-name: maxmindinc/geoipupdate
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-13 11:30:57 +02:00
Aaron f1dfe04786
website/integrations: Addition of phpIPAM SAML integration documentation (#5221)
* website/integrations: Addition of phpIPAM SAML integration documentation

* website/integrations: Addition of phpIPAM SAML integration documentation

* website/integrations: Fix formatting to pass npm prettier checks of new phpIPAM documentation

* website/integrations: Fix typo in certificate for codespell linting.

* website/integrations: Change => to ->. Fix indentation on python expressions. Fix copy/paste error on modules SAML attribute.

---------

Co-authored-by: Aaron Naden <aaron@DESKTOP-H5LSEU8>
2023-04-12 17:28:58 -05:00
dependabot[bot] 4d7d2b8d3a
web: bump pyright from 1.1.302 to 1.1.303 in /web (#5229)
Bumps [pyright](https://github.com/Microsoft/pyright/tree/HEAD/packages/pyright) from 1.1.302 to 1.1.303.
- [Release notes](https://github.com/Microsoft/pyright/releases)
- [Commits](https://github.com/Microsoft/pyright/commits/1.1.303/packages/pyright)

---
updated-dependencies:
- dependency-name: pyright
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 11:21:39 +02:00
dependabot[bot] a6cc0f189c
web: bump @rollup/plugin-commonjs from 24.0.1 to 24.1.0 in /web (#5230)
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 24.0.1 to 24.1.0.
- [Release notes](https://github.com/rollup/plugins/releases)
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v24.1.0/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 11:20:55 +02:00