Commit graph

9 commits

Author SHA1 Message Date
dependabot[bot] d14a2906f5
website: bump prettier from 2.8.8 to 3.0.0 in /website (#6155)
* website: bump prettier from 2.8.8 to 3.0.0 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* prettier

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-07-06 12:00:54 +02:00
Jens L b0fbd576fc
security: cure53 fix (#6039)
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 22:25:04 +02:00
Tana M Berry b1de9f8d93
website/docs: add Note about wget command (#5770)
* add Note about wget

* added info about -) flag

* add review edits

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
2023-06-06 02:21:27 -05:00
Jens L 7daf89be05
website/docs: prepare 2023.5.3 (#5824)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-01 19:34:56 +02:00
Jens L e8c2aabad0
website/docs: prepare 2023.5.2 release notes (#5777)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-28 12:45:50 +02:00
Jens L 873aaf85f9
website/docs: prepare 2023.5.1 release notes (#5679)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-18 20:34:33 +02:00
Jens L 228197ea5e
website/docs: update 2023.5 release notes (#5526)
* website/docs: update 2023.5 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-12 13:45:25 +02:00
Bojan Bogojevic 05b2fb5ec1
root: Change docker-compose HTTP and HTTPS port variables (#5335)
* Clarify that COMPOSE_PORT_ changes exposed ports

Signed-off-by: Bojan Bogojevic <20166636+Bojan023@users.noreply.github.com>

* Change AUTHENTIK_PORT to COMPOSE_PORT 

Signed-off-by: Bojan Bogojevic <20166636+Bojan023@users.noreply.github.com>

* Change AUTHENTIK_PORT to COMPOSE_PORT 

Signed-off-by: Bojan Bogojevic <20166636+Bojan023@users.noreply.github.com>

* Add hint to Configuration for internal ports

Signed-off-by: Bojan Bogojevic <20166636+Bojan023@users.noreply.github.com>

* dont use different env syntaxes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add changelog entry

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Bojan Bogojevic <20166636+Bojan023@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 14:54:40 +03:00
Jens L bb92c4a967
providers/ldap: remove deprecated fields (#5154)
* providers/ldap: remove deprecated fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 14:10:24 +03:00