1c1c1cf5da
root: expand exception logging ( #6690 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-31 14:17:57 +02:00
f57b3efcaa
policies/reputation: fix reputation not expiring ( #6714 )
...
* policies/reputation: fix reputation not expiring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some verbose names for models
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-31 13:46:00 +02:00
3f3ca6fe82
core: make groups' parent_name nullable as it might not be set ( #6700 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 20:39:57 +02:00
3afff1bae9
providers/oauth2: fix incorrect scope permissions shown ( #6696 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 17:27:40 +02:00
b6a57ffd4f
events: fix missing application names from most used applications ( #6689 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-30 12:46:42 +02:00
be3cfaee56
release: 2023.8.1
2023-08-30 00:31:45 +02:00
9545857042
root/revert persistent connections ( #6677 )
...
Revert "root: always use persistent database connections (#6560 )"
This reverts commit 1d99ec95b5
2023-08-30 00:13:53 +02:00
bfa78afd54
release: 2023.8.0
2023-08-29 19:58:42 +02:00
aa874dd92a
security: fix CVE-2023-39522 ( #6665 )
...
* stages/email: don't disclose whether a user exists or not when recovering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update website
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 19:07:49 +02:00
af200a6bf9
web: cleanup ( #6664 )
...
* web: remove <p> used for padding and do it properly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: remove .form-help-text as it didn't change anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move data-list styling to correct scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove title from navbar for docs-only build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 18:24:11 +02:00
ccfd45774e
*: fix api errors raised in general validate() to specify a field ( #6663 )
...
* *: fix api errors raised in general validate() to specify a field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove required flag for tls server name for ldap provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to make timing test less flaky
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 14:41:48 +02:00
30cb38ac6d
blueprints: fix tag values not resolved correctly ( #6653 )
...
* blueprints: fix tag values not resolved correctly
this lead to `null` in an `!Env` tag being returned as `"null"`
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make blueprint user password optional
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure user doesn't have a usable password set when its an empty string
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-28 18:27:44 +02:00
85bc35eb41
providers/oauth2: fix id_token being saved incorrectly leading to lost claims ( #6645 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-28 00:51:48 +02:00
9e29789c09
root: fix config loading for outposts ( #6640 )
...
* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-26 19:40:48 +02:00
d29163e3ad
core: fix filtering users by type attribute ( #6638 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-26 17:26:50 +02:00
599f7e7c88
root: config: remove redundant default configs
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-08-26 02:41:37 +02:00
bc6706016b
core: bump pydantic from 1.10.12 to 2.3.0 ( #6613 )
...
* core: bump pydantic from 1.10.12 to 2.3.0
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 1.10.12 to 2.3.0.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v1.10.12...v2.3.0 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix webauthn stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix scim
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* "fix" lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-08-24 12:25:17 +02:00
739edba92d
enterprise: default user count to 0
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-08-23 17:10:50 +02:00
168423a54e
enterprise: licensing fixes ( #6601 )
...
* enterprise: fix unique index for key, fix field names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* enterprise: update UI to match
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-23 13:20:42 +02:00
0472ef583c
core: hotfix group membership check ( #6584 )
2023-08-20 23:47:13 +02:00
8bba3c0a9b
core: rework recursive group membership ( #6017 )
...
* rework checking group membership and add `user.all_groups` to get full list of groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* refactor some more for better performance
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate things to use all_groups
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix for django 4.2
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-18 17:31:39 +02:00
42c21da8b6
blueprints: fix blueprint importer logging potentially sensitive data ( #6567 )
2023-08-18 00:33:26 +01:00
7b3d1a229f
stages/authenticator_static: make static token size adjustable ( #6565 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-17 23:48:05 +02:00
1d99ec95b5
root: always use persistent database connections ( #6560 )
...
* root: always use persistent database connections
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* root: activate database connection health checks
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-08-17 19:38:39 +02:00
287cf6f0c7
web/admin: fix user sorting by active field ( #6485 )
...
* web/admin: fix user sorting by active field
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web/admin: fix hide service account toggle
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-05 22:07:17 +02:00
00fae2353c
api: optimise pagination in API schema ( #6478 )
2023-08-05 15:37:06 +02:00
e191cd6e7f
provider/oauth2: fix aud (Audience) field type which can be a list of… ( #6447 )
...
provider/oauth2: fix aud (Audience) field type which can be a list of strings
2023-08-01 23:16:26 +02:00
cc6824fd7c
core: bump django from 4.1.7 to 4.2 ( #5238 )
...
* core: bump django from 4.1.7 to 4.2 (#5151 )
* core: bump django from 4.1.7 to 4.2
Bumps [django](https://github.com/django/django ) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.1.7...4.2 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* upgrade to psycopg3, use custom engine for prometheus metrics
See https://github.com/korfuri/django-prometheus/issues/350
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make scripts use pscopg3
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* initial postgres upgrade guide
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Apply suggestions from code review
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update header
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-01 19:30:28 +02:00
561e6956fe
root: add get_int to config loader instead of casting to int everywhere ( #6436 )
...
* root: add get_int to config loader instead of casting to int everywhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve error handling, add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 19:34:59 +02:00
10b0c84d97
root: migrate bootstrap to blueprints ( #6433 )
...
* remove old bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add meta model to set user password
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ensure KeyOf works with objects in the state of created that already exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add support for shorter form !If tag
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow !Context to resolve other yaml tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't require serializer to be valid for deleting an object
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix check if a model is being created
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove duplicate way to set password
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate token
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only change what is required with migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin status
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't require bootstrap in events to fix ci?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 19:34:46 +02:00
09907ecb6a
root: add generated Source docs ( #5323 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 11:59:20 +02:00
b08f8d8e0c
api: re-fix url import logging ( #6400 )
...
* fix logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove lib from apps
lib doesn't declare any models, so it really doesn't need to be in there anyways?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove lib from schema too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-27 12:56:51 +02:00
94836a3ce7
api: log errors if app URLs import fail ( #6397 )
...
* api: log errors if app URLs import fail
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* bump level to warning
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-07-27 11:29:20 +02:00
f272d14fcf
events: fix monitored task not removing state ( #6386 )
...
when `save_on_success` is set, a task failure saves state. when it succeeds afterwards, that state should be removed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-26 16:00:50 +02:00
17fe595528
sources/ldap: fix syncing large LDAP directories ( #6384 )
...
* sources/ldap: fix syncing large LDAP directories
* add test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-07-26 12:25:40 +02:00
18472c231a
enterprise: fix license check not using the proper JWT algorithm
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-07-25 12:10:15 +02:00
7be94df00c
root: set csrf cookie's secure flag same as session ( #6350 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-24 13:57:30 +02:00
346c6e6a85
outposts: Fix infinite self-recursion in traefik reconciler. ( #6336 )
...
Fix infinite self-recursion in traefik reconciler.
2023-07-24 10:25:29 +00:00
8d4b7ce8d3
outposts: fix patch processing ( #6338 )
...
* outposts: fix patch processing for custom object types
* outposts: correct parsing patch type
* small change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-07-24 10:25:14 +00:00
4647fbacb0
enterprise: fix license check not using DER as spec specifies ( #6348 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-24 12:11:47 +02:00
d435a65cfd
outposts: support json patch for Kubernetes ( #6319 )
2023-07-22 02:29:28 +02:00
a728dad166
providers/oauth2: fix grant_type password raising an exception ( #6333 )
2023-07-22 01:36:55 +02:00
d50f92d8b4
enterprise: cleanup v2 ( #6330 )
...
* cleanup minor stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* change default user type to internal to be more consistent
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-21 18:23:51 +02:00
9b7c30d44c
sources/ldap: fix ldap_sync cli command not running in foreground ( #6325 )
...
closes #6317
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-21 13:03:06 +02:00
d12db62a6d
root: fix lint error
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-20 00:38:01 +02:00
546425acde
root: fix config env var resolution ( #6310 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-20 00:16:00 +02:00
2f469d2709
root: partial Live-updating config ( #5959 )
...
* stages/email: directly use email credentials from config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use custom database backend that supports dynamic credentials
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add crude config reloader
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make method names for CONFIG clearer
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace config.set with environ
Not sure if this is the cleanest way, but it persists through a config reload
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add set for @patch
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* even more crudeness
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean up some old stuff?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup old things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow e2e
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-19 23:13:22 +02:00
b6e8342466
enterprise: add more info to enterprise forecast ( #6292 )
...
* add more info to enterprise forecast
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix banner colour
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix layout for warning banner
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-18 23:24:44 +02:00
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-17 17:57:08 +02:00
cf799fca03
sources/ldap: check nsaccountlock for FreeIPA/389-ds ( #6270 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-17 12:59:29 +02:00
Jens L
Marc 'risson' Schmitt
dependabot[bot]
risson
Jean-Michel DILLY
Timo Schwarzer
Yip Rui Fung
ChandonPierre