2997542114
lib: disable backup by default, add note to configuration
2022-01-24 10:00:15 +00:00
42f5cf8c93
outposts: allow custom label for docker containers
...
closes #2128
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:55:58 +01:00
82cc1d536a
providers/proxy: add PathPrefix to auto-traefik labels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2128
2022-01-23 21:55:46 +01:00
6a411d7960
policies/hibp: ensure password is encodable
...
closes AUTHENTIK-1SA
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:23:24 +01:00
f4a6c70e98
release: 2022.1.1
2022-01-22 18:28:40 +01:00
dd8b579dd6
lib: ignore paramiko logger
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 10:46:33 +01:00
994c5882ab
root: fix error if secret_key is purely numerical
...
closes #2099
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-18 09:17:33 +01:00
0db0a12ef3
root: rename csrf header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 16:17:44 +01:00
eaeab27004
lib: add support for custom env
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 14:56:02 +01:00
111fbf119b
*: refactor prometheus gauges to directly updating metrics view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 13:57:07 +01:00
92cc0c9c64
root: decrease to 10 backup history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 19:59:50 +01:00
18ff803370
outposts: trigger service update on k8s when selector doesnt match
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 11:42:57 +01:00
6338785ce1
outposts: change label app.kubernetes.io/name to include outpost type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:34:54 +01:00
973e151dff
outposts: add Additional version labels to managed k8s deployments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:48:01 +01:00
fae6d83f27
*: simplify extracting current version info
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:47:31 +01:00
ed84fe0b8d
root: set samesite for csrf cookie
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:14:14 +01:00
7db7b7cc4d
stages/authenticator_validate: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:00:28 +01:00
e758db5727
stages/authenticator_webauthn: make more WebAuthn options configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
4d7d700afa
providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:44:57 +01:00
f9a5add01d
root: include build in analytics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:18:52 +01:00
2986b56389
root: fix backups running every minute instead of once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:09:44 +01:00
11e25617bd
crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
...
closes #2082
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:36:50 +01:00
19d5902a92
flows: handle error if flow title contains invalid format string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:49:27 +01:00
71dffb21a9
outposts: improve error handling for outpost service connection state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:44:13 +01:00
2543224c7c
core: dont return 404 when trying to view key of expired token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 17:53:09 +01:00
6b6702521f
api: don't return error reporting enabled when debug is enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 21:53:22 +01:00
c07b8d95d0
outposts/proxy: remove deprecated headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
0027dbc0e5
root: remove old api path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00
c15e4b24a1
release: 2021.12.5
2022-01-06 21:29:12 +01:00
03503363e5
core: fix UserSelfSerializer's save() overwriting other user attributes
...
closes #2070
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 18:23:06 +01:00
22d6621b02
root run backup every 24 hours
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 15:29:11 +01:00
91dd33cee6
policies/reputation: trigger save on update
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 22:06:20 +01:00
5a2c367e89
policies/reputation: fix test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:44:15 +01:00
6e53f1689d
policies/reputation: rework reputation to use a single entry, include geo_ip data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-05 21:02:33 +01:00
7b1373e8d6
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 23:17:37 +01:00
e70b486f20
outposts: handle error in certificate cleanup
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 22:53:37 +01:00
5769ff45b5
core: add goauthentik.io/user/can-change-name
...
closes #2054
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:03:12 +01:00
9d6f79558f
tenants: forbid creation of multiple default tenants
...
closes #2059
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-04 19:01:20 +01:00
935a8f4d58
core: add tests for non-applicable flows with flow manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 22:14:52 +01:00
7d3d17acb9
core: add error handling in source flow manager when flow isn't applicable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:57:55 +01:00
ebd476be14
sources/oauth: fix sources not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:36:14 +01:00
31ba543c62
*: don't use exception keyword with structlog
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 21:33:52 +01:00
a101d48b5a
core: passthrough connection and additional data to FlowManager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:31:26 +01:00
8f44c792ac
sources/oauth: fix github provider not including correct base scopes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 21:04:18 +01:00
212220554f
sources/oauth: add additional scopes field to get additional data from provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2047
2022-01-03 16:43:52 +01:00
3e22740eac
core: add API endpoint to directly set user's password
...
closes #2040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:31:58 +01:00
d18a691f63
core: prevent LDAP password being set for internal hash upgrades
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-03 13:23:42 +01:00
90c31c2214
flows: add test helpers to simplify and improve checking of stages, remove force_str
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 20:25:32 +01:00
50e3d317b2
flows: use WithUserInfoChallenge for AccessDeniedChallenge
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2039
2022-01-01 19:45:34 +01:00
3eed7bb010
lib: dont send any sentry events when testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-01 18:56:14 +01:00
9154b9b85d
web/user: rework user source connection UI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:59:41 +01:00
fc19372709
flows: fix migration removing flow titles
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 21:00:00 +01:00
d03b0b8152
outposts: include outposts build hash in state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 15:16:34 +01:00
c249b55ff5
*: use py3.10 syntax for unions, remove old Type[] import when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-30 14:59:01 +01:00
fc7a452b0c
flows: update default flow titles
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 22:04:35 +01:00
46f12e62e8
flows: don't create EventAction.FLOW_EXECUTION
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-27 15:07:33 +01:00
53b10e64f8
outposts: fix error when client hasn't be initialised
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-26 14:26:48 +01:00
abe38bb16a
outposts: fix __exit__ being called without params
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 17:52:20 +01:00
b19da6d774
crypto: return private key's type (required for some oauth2 providers)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:51:28 +01:00
7c55616e29
outposts: fix creation of from_env docker client
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:48:23 +01:00
6510b97c1e
outposts: add remote docker integration via SSH
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-25 16:31:34 +01:00
22d1dd801c
root: also use analytics uuid for sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-24 15:13:27 +01:00
e7e0e6d213
lib: strip values for timedelta from string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:35 +01:00
ca0250e19f
core: add meta theme-color
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:49:24 +01:00
5c5634830f
stages/identification: add field for passwordless flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 18:27:00 +01:00
9c42b75567
release: 2021.12.4
2021-12-23 10:32:48 +01:00
457e17fec3
website/docs: add small let's encrypt docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-23 00:59:06 +01:00
846006f2e3
events: create test notification with event with data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:32:29 +01:00
f557b2129f
*: fix random typos
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:13:18 +01:00
6dc2003e34
providers/oauth2: fix tests validating JWT incorrectly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 23:00:57 +01:00
0149c89003
providers/oauth2: fix invalid assignments in JWKS view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:41:28 +01:00
f458cae954
providers/proxy: add error handing when field is already gone
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:31:53 +01:00
f01d117ce6
providers/proxy: fix imports in migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:25:02 +01:00
2bde43e5dc
crypto: use older syntax for type union
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:22:45 +01:00
2f3026084e
providers/oauth2: remove jwt_alg field and set algorithm based on selected keypair, select HS256 when no keypair is selected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 22:09:49 +01:00
c1f0833c09
crypto: improve support for non-rsa private keys (discovery)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 21:46:22 +01:00
8e83209631
stages/authenticator_validate: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:14:35 +01:00
2e48e0cc2f
stages/authenticator_validate: fix prompt not triggering when using in non-authentication context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:03:02 +01:00
e72f0ab160
stages/authenticator_validation: refuse passwordless flow if flow is not for authentication
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 18:02:43 +01:00
5b3a9e29fb
stages/authenticator_validate: add passwordless login
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 17:34:46 +01:00
34b11524f1
tenants: add web certificate field, make authentik's core certificate configurable based on keypair
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 11:43:45 +01:00
16b6c17305
Revert "policies: don't always clear application cache on post_save"
...
This reverts commit 5ef385f0bb
2021-12-22 00:23:19 +01:00
cf4b4030aa
release: 2021.12.3
2021-12-21 20:52:08 +01:00
7fb939f97b
core: fix error when getting launch URL for application with non-existent Provider
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:40:29 +01:00
c78236a2a2
root: don't set secure cross opener policy
...
closes #1977
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 19:16:22 +01:00
ca314c262c
*: revert to using GHCR directly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:54:49 +01:00
8a60a7e26f
providers/proxy: revert to static list of forwarded headers
...
wildcard is not usable for this since the regular expression doesn't support negative lookahead, meaning we would always forward all headers, including Connection and others
closes #1969
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 12:04:54 +01:00
92b4244e81
providers/proxy: update traefik regex
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1969
2021-12-20 22:43:58 +01:00
dfbf7027bc
providers/proxy: add traefik.ingress.kubernetes.io/router.tls annotation for ingress
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 22:24:42 +01:00
4658018a90
Revert "outposts: rename outpost"
...
This reverts commit a5c30fd9c7
2021-12-20 21:37:31 +01:00
577b7ee515
providers/proxy: include auth headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:37:22 +01:00
3da526f20e
root: allow trace log level to work for core/embedded
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:11:47 +01:00
c843f18743
lib: add additional celery logger to sentry ignore
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 21:04:45 +01:00
80d0b14bb8
outposts: fix error when getting state for non-existent outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:44:47 +01:00
a5c30fd9c7
outposts: rename outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 19:28:05 +01:00
ef23a0da52
outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors
...
closes #1969
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:30:19 +01:00
ba527e7141
root: drop redis cache sentry errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-20 13:12:14 +01:00
602573f83f
ci: fix label
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:44:34 +01:00
8599d9efe0
web/admin: auto set the embedded outpost's authentik_host on first view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-19 13:27:04 +01:00
8e6fcfe350
root: fix inconsistent URL quoting of redis URLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-18 22:24:41 +01:00
Jens Langhammer