Commit graph

9962 commits

Author SHA1 Message Date
Jens Langhammer def0a42bf1
release: 2022.10.4 2022-12-23 14:19:17 +01:00
Jens Langhammer 727e55e44b
web: backport API update
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:19:10 +01:00
Jens L cd88b91686
security: fix CVE 2022 23555 (#4274)
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:13 +01:00
Jens L 8eb73d3a16
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:09 +01:00
Jens Langhammer 83f46f6ff1 release: 2022.10.3 2022-12-02 23:01:17 +02:00
Jens Langhammer 0e7cc6da4c web: bump API version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 22:51:09 +02:00
Jens Langhammer a262171671 release: 2022.10.2 2022-12-01 10:40:58 +02:00
Jens Langhammer 87b8ca7be4 *: backport CVE-2022-46145 fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:40:51 +02:00
Jens Langhammer cc8dc1403f root: include security policy in website container
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 13:05:02 +02:00
Jens Langhammer f21a196a3b root: rework and expand security policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	SECURITY.md
2022-11-30 13:04:50 +02:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
Jens Langhammer 77a67dcbc1 website/docs: prepare 2022.10.1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:08:55 +02:00
Jens Langhammer 8d7ce49101 website/docs: add docs for using email templates with helm chart
closes #3891

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 23:06:10 +02:00
Jens Langhammer 841c13ed77 core: set prehydrated locale based on active backend locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:43:24 +02:00
Jens L 30d708dd1f
core: explicitly enable locales (#3889)
* activate locales

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set locale for email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-28 19:42:49 +02:00
dependabot[bot] 8a50279142
web: bump @sentry/browser from 7.16.0 to 7.17.2 in /web (#3897) 2022-10-28 15:03:40 +02:00
dependabot[bot] f1e1911788
web: bump @babel/plugin-proposal-decorators from 7.19.6 to 7.20.0 in /web (#3893) 2022-10-28 14:53:22 +02:00
dependabot[bot] 0b712d22a8
web: bump @sentry/tracing from 7.16.0 to 7.17.1 in /web (#3894) 2022-10-28 14:53:05 +02:00
Jens Langhammer 9d0a7578ec flows: fix error due to not validating error challenge
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-27 20:04:00 +02:00
Jens Langhammer f8fab14e1e core: refactor MessageStage to not use dynamic class
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 20:01:42 +02:00
dependabot[bot] 9b6e07de17
core: bump kubernetes from 24.2.0 to 25.3.0 (#3882)
Bumps [kubernetes](https://github.com/kubernetes-client/python) from 24.2.0 to 25.3.0.
- [Release notes](https://github.com/kubernetes-client/python/releases)
- [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes-client/python/compare/v24.2.0...v25.3.0)

---
updated-dependencies:
- dependency-name: kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-26 19:21:47 +02:00
dependabot[bot] 4e2ba8c916
web: bump pyright from 1.1.276 to 1.1.277 in /web (#3881) 2022-10-26 08:46:23 +02:00
Jens Langhammer 6b35d0c70b core: check if session is authenticated before showing linked message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-26 00:30:42 +02:00
Jens Langhammer dd65862bf2 core: show success message when authenticating/enrolling after flow is finished
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 22:46:15 +02:00
Jens Langhammer 2206b71f6f website/integrations: add missing read:org scope for github org check and improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-25 21:17:08 +02:00
dependabot[bot] 24e02c82dc
core: bump deepmerge from 1.0.1 to 1.1.0 (#3877)
Bumps [deepmerge](https://github.com/toumorokoshi/deepmerge) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/toumorokoshi/deepmerge/releases)
- [Commits](https://github.com/toumorokoshi/deepmerge/compare/v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: deepmerge
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:32:12 +02:00
dependabot[bot] 2b6213c3ce
core: bump psycopg2-binary from 2.9.4 to 2.9.5 (#3876)
Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:31:59 +02:00
dependabot[bot] d51d14fd32
core: bump pytest from 7.1.3 to 7.2.0 (#3875)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.3 to 7.2.0.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.3...7.2.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 16:31:53 +02:00
Darrin 35679f5abb
website/integrations: Add TrueCommand integration (#3819)
* Create index.md

Initial checkin of truecommand integration

Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* Update index.md

First draft

Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* Add TrueCommand Integration

Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* website: run prettier on truecommand integration.

* Update website/integrations/services/truecommand/index.md

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* Update website/integrations/services/truecommand/index.md

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* Update website/integrations/services/truecommand/index.md

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

* Change name to TrueNAS TrueCommand, update SAML Attribute.

Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>

Signed-off-by: Darrin <54423468+obsidiangroup@users.noreply.github.com>
Co-authored-by: Darrin Walton <darrinw@obsidian-group.co>
Co-authored-by: Jens L. <jens@beryju.org>
2022-10-25 12:12:57 +02:00
dependabot[bot] 98666cc5e9
web: bump @codemirror/lang-python from 6.0.3 to 6.0.4 in /web (#3867)
Bumps [@codemirror/lang-python](https://github.com/codemirror/lang-python) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/codemirror/lang-python/releases)
- [Changelog](https://github.com/codemirror/lang-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-python/compare/6.0.3...6.0.4)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-python"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:02:30 +02:00
dependabot[bot] dbaad90c3e
web: bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0 in /web (#3866)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:50 +02:00
dependabot[bot] 63b5656cca
web: bump @codemirror/lang-javascript from 6.1.0 to 6.1.1 in /web (#3871)
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/codemirror/lang-javascript/releases)
- [Changelog](https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-javascript/compare/6.1.0...6.1.1)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-javascript"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:37 +02:00
dependabot[bot] 96713a82dd
web: bump @typescript-eslint/parser from 5.40.1 to 5.41.0 in /web (#3869)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:35 +02:00
dependabot[bot] 2b20b89c80
web: bump @codemirror/legacy-modes from 6.1.0 to 6.2.0 in /web (#3870)
Bumps [@codemirror/legacy-modes](https://github.com/codemirror/legacy-modes) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/codemirror/legacy-modes/releases)
- [Changelog](https://github.com/codemirror/legacy-modes/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/legacy-modes/compare/6.1.0...6.2.0)

---
updated-dependencies:
- dependency-name: "@codemirror/legacy-modes"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:13 +02:00
dependabot[bot] cbb24dfddd
web: bump @codemirror/lang-html from 6.1.2 to 6.1.3 in /web (#3868)
Bumps [@codemirror/lang-html](https://github.com/codemirror/lang-html) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/codemirror/lang-html/releases)
- [Changelog](https://github.com/codemirror/lang-html/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-html/compare/6.1.2...6.1.3)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-html"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:03 +02:00
dependabot[bot] 056ff5ff59
web: bump @codemirror/lang-xml from 6.0.0 to 6.0.1 in /web (#3865) 2022-10-25 09:35:29 +02:00
dependabot[bot] 4da2f44f8e
core: bump colorama from 0.4.5 to 0.4.6 (#3872) 2022-10-25 09:35:11 +02:00
Jens Langhammer 3da7fcfc1d web/common: disable API Drawer by default in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 22:08:47 +02:00
Jens Langhammer 6ea57921f2 sources/saml: set username field to name_id attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 21:53:37 +02:00
dependabot[bot] c7ea4b5a7f
web: bump @rollup/plugin-node-resolve from 15.0.0 to 15.0.1 in /web (#3855) 2022-10-24 10:05:18 +02:00
dependabot[bot] c2933f0681
web: bump @rollup/plugin-typescript from 9.0.1 to 9.0.2 in /web (#3854) 2022-10-24 10:05:10 +02:00
dependabot[bot] 27636cc49f
web: bump @rollup/plugin-commonjs from 23.0.1 to 23.0.2 in /web (#3856) 2022-10-24 09:56:55 +02:00
dependabot[bot] 42196f554e
web: bump @rollup/plugin-replace from 5.0.0 to 5.0.1 in /web (#3853) 2022-10-24 09:56:24 +02:00
dependabot[bot] ad5fc139eb
web: bump eslint from 8.25.0 to 8.26.0 in /web (#3857) 2022-10-24 09:54:43 +02:00
dependabot[bot] 3a68de0d38
core: bump goauthentik.io/api/v3 from 3.2022090.10 to 3.2022100.1 (#3861) 2022-10-24 09:54:33 +02:00
dependabot[bot] 93984b35b3
web: bump @rollup/plugin-babel from 6.0.0 to 6.0.2 in /web (#3858) 2022-10-24 09:53:36 +02:00
dependabot[bot] d25d547486
core: bump sentry-sdk from 1.10.0 to 1.10.1 (#3859) 2022-10-24 09:53:22 +02:00
dependabot[bot] b84bc418af
core: bump duo-client from 4.4.0 to 4.5.0 (#3860) 2022-10-24 09:53:14 +02:00
dependabot[bot] ea94750ea8
core: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#3862) 2022-10-24 09:52:51 +02:00
dependabot[bot] a3aa7a8d4f
core: bump pylint from 2.15.4 to 2.15.5 (#3863) 2022-10-24 09:52:43 +02:00