Marc 'risson' Schmitt
d54b410429
outposts/proxy: better Redis error message ( #8044 )
...
* outposts/proxy: better Redis error message
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Update internal/outpost/proxyv2/application/session.go
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Jens L. <jens@goauthentik.io>
2024-01-02 20:01:53 +00:00
Jens L
240cf6dd94
enterprise/providers: Add RAC [AUTH-15] ( #7291 )
...
* add basic guacamole
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make everything mostly work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add rac build to CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix resize, fix web lint, sendSize correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* pre-send connection from client, format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve throughput
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework TokenOutpostConsumer into middleware
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix some layout issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add outpost controllers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start testing audio things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix to work with outpost group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple loadbalancing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add simple reconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show reconnecting text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error when checking ports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move to providers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flow check to interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix rac app label
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix audio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow overriding all settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate keyboard, debug high DPI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing __init__.py breaking model loading
I love python
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump successful ws connection to info
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hide cursor since guac draws that
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add clipboard support (bidirectional)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make codespell not want to break the code
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run pr comment in separate task
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start endpoint and property mapping stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more endpoint things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: fix event model_pk filtering with ints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* unrelated: improve event display for changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild endpoint stuff again
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk special url
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more stuff, connect token with session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add disconnect
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework disconnect
cleanly disconnect from guacd instead of just letting the connection timeout
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear cache when creating outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* support host:port and fix protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* center smaller viewport
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework connection to wait more and stop after some time
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add policy control to endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove provider protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't switch to different outpost connection when already chosen
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start using property mappings, add static settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add some RAC mapping settings
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for event changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests and fix issues found by said tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add preview banner, move endpoints to main page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* auto-select endpoint if only one is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* backport https://github.com/goauthentik/authentik/pull/7831 to rac
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* dont select property mappings on endpoints
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make table modal only load when opened
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only auto-redirect when open
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* check for token expiry and terminate session
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add endpoint name to title
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* disconnect connection when token is manually deleted
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add initial RAC docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add connection expiry setting to provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flaky tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 21:33:14 +01:00
Jens L
1ea3dae5ac
providers/proxy: use access token ( #8022 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-30 16:36:43 +01:00
Marc 'risson' Schmitt
64ca5d42be
outposts/ldap: allow overriding gidNumber for a user ( #8003 )
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-28 14:21:08 +01:00
Jens L
9a261c52d1
providers/oauth2: remember session_id from initial token ( #7976 )
...
* providers/oauth2: remember session_id original token was created with for future access/refresh tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: use hashed session as `sid`
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 00:53:05 +01:00
Jens L
b7532740ef
root: fix static templates ( #7925 )
...
* root: fix static HTML templates to match flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove top margin on smaller viewports
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-19 13:59:53 +01:00
Jens L
729ef4d786
root: bump python deps (django 5) ( #7862 )
...
* bump python deps
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* vendor pickle serializer for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#7761
* cleanup some things and re-build api scheme
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web and go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually fix go...?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* better annotate json fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use jsondictfield wherever
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove all virtualenvs?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* final version bump
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-18 22:07:59 +01:00
Lars Seipel
60c49c1692
outposts/ldap: avoid nil ptr deref in MemorySearcher ( #7767 )
2023-12-04 20:32:33 +02:00
Jens L
dc7ffba8fa
internal: remove special route for /outpost.goauthentik.io ( #7539 )
...
With this special route for outpost.goauthentik.io, misdirected requests to /outpost.goauthentik.io/auth/start will create a cookie for the domain authentik is accessed under, which will cause issues with the actual full auth flow. Requests to /outpost.goauthentik.io will still be routed to the outpost, but with this change only when the hostname matches
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 17:39:40 +01:00
thijs_a
695719540b
providers/proxy: Fix duplicate cookies when using file system store. ( #7541 )
...
Fix duplicate cookies when using file system store.
2023-11-13 15:33:49 +01:00
Jens L
4080080acd
internal: remove deprecated metrics ( #7540 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-13 14:48:37 +01:00
Jens L
dd4e9030b4
providers/proxy: fix closed redis client ( #7385 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-03 15:19:21 +01:00
Jens L
7d91842e8a
providers/proxy: attempt to fix duplicate cookie ( #7324 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-27 00:41:13 +02:00
Jens L
8aafa06259
providers/radius: TOTP MFA support ( #7217 )
...
* move CheckPasswordMFA to flow executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add mfa support field to radius
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-18 19:43:36 +02:00
Jens L
e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:31:50 +02:00
Jens L
dd7d3bf738
providers/proxy: fix redis cookies missing strict path ( #7135 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-10 12:17:35 +02:00
Jens L
a22bc5a261
lifecycle: fix install_id migration not running ( #7116 )
...
* lifecycle: fix install_id migration not running
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ldap test?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk if this works
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 19:52:06 +02:00
vherrlein
f11bb8bfd4
providers/ldap: add windows adsi support ( #7098 )
...
* fix(outpost/ldap): missing user object classes
* add "person" object class
* update user object classes
* update boolean strings to upper for being compliant
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): add subschema attributes
* add supported capability OIDs for Windows
* add relevant supported ldap control OIDs
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): update schema for windows Compatibility
* add relevant dITContentRules for authentik
* add all existing attribute types for Windows/Unix/Linux
* add missing object classes definitions
* update classes definitions for being compliant with LDAP schema
* update attributes orders
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
* feat(outpost/ldap): refine LDAP attribute types
* remove unsused attribute types
* order attribute types
tags: WIP-LDAP-Outpost-Windows-ADSI-Support
2023-10-09 13:17:46 +02:00
Jens L
4db365c947
providers/proxy: improve SLO by backchannel logging out sessions ( #7099 )
...
* outposts: add support for provider-specific websocket messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* providers/proxy: add custom signal on logout to logout in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 01:06:52 +02:00
Jens L
efb2823391
internal: fix redis session store ( #7011 )
2023-09-28 21:06:27 +02:00
Jens L
c93c6ee6f9
root: replace boj/redistore with vendored version of rbcervilla/redisstore ( #6988 )
...
* root: replace boj/redistore with vendored version of rbcervilla/redisstore
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* setup env for go tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-26 18:56:37 +02:00
Jens L
af200a6bf9
web: cleanup ( #6664 )
...
* web: remove <p> used for padding and do it properly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: remove .form-help-text as it didn't change anything
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move data-list styling to correct scope
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove title from navbar for docs-only build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-29 18:24:11 +02:00
Jens L
1410169af1
providers/proxy: fix JWKS url in embedded outpost ( #6644 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-28 00:52:01 +02:00
Jens L
9e29789c09
root: fix config loading for outposts ( #6640 )
...
* root: fix config loading for outposts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* improve check to see if outpost is embedded or not
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* also fix oauth url fetching
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-26 19:40:48 +02:00
Jens L
f6b144a0fa
providers/proxy: only intercept auth header when a value is set ( #6488 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-06 01:18:20 +02:00
Jens L
0782b3b0fa
providers/proxy: set outpost session cookie to httponly and secure wh… ( #6482 )
...
* providers/proxy: set outpost session cookie to httponly and secure when possible
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set samesite too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-05 22:09:27 +02:00
Alexandre NICOLAIE
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
Jens L
41af486006
enterprise: initial enterprise ( #5721 )
...
* initial
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user type
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add external users
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui, add more logic, add public JWT validation key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* revert to not use install_id as session jwt signing key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* switch to PKI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more licensing stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add install ID to form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use x5c correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* license checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use production CA
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more UI stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rename to summary
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale, improve ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add direct button
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update link
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* format and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove old attributes from ldap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove is_enterprise_licensed
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix admin interface styling issue
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Update authentik/core/models.py
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
* fix default case
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-07-17 17:57:08 +02:00
Jens L
ae7ea4dd11
outposts/ldap: add more tests ( #6188 )
...
* outposts/ldap: add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing posixAccount
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* attempt to expand attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix routing without base DN
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* more logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove our custom attribute filtering since this is done by the ldap library
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add test for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-08 20:51:05 +02:00
Daniel
ad81ee2740
providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )
...
* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-29 16:57:46 +02:00
Jens L
01311929d1
providers/ldap: improve password totp detection ( #6006 )
...
* providers/ldap: improve password totp detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add flag for totp mfa support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep support for static tokens
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-20 12:09:13 +02:00
Jens L
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 15:16:40 +02:00
Jens L
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
Marc 'risson' Schmitt
5d87eb97be
outposts/ldap: fix race condition when refreshing the provider
...
Fixes the race condition causing the crash found in #4138 , which doesn't
actually have anything to do with the issue itself.
As far as I can work out, when the outpost refreshes its list of
providers, it copies over its `boundUsers`, probably to avoid having to
fetch them all again, and does so by making a shallow copy of that
`map`, but not the mutex associated with it. It now has multiple
references to the same map, each protected by a different mutex, which
under certain conditions can cause a `concurrent map read and map write`
error.
This fix copies the map contents instead of make a shallow copy.
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-06-02 15:42:19 +02:00
Jens L
906faf9cce
providers/proxy: fix panic when claims in session were nil ( #5569 )
...
* providers/proxy: fix panic when claims in session were nil
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add new options
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-10 20:58:44 +02:00
dependabot[bot]
4d58eba027
core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #5548 )
...
* core: bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-09 11:22:57 +02:00
authentik-db-cooper
ab795e6642
internal: ignore insecure TLS certs ( #5483 )
...
* servers: ignore insecure TLS certs
* slight refactor to have a single place for tls config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:57:52 +03:00
Jens L
b7b62ba089
providers/ldap: correctly use pagination in search results in both modes ( #5492 )
...
closes #4292
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:51:02 +03:00
Jens L
bb92c4a967
providers/ldap: remove deprecated fields ( #5154 )
...
* providers/ldap: remove deprecated fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 14:10:24 +03:00
Jens L
367f86ecfb
root: optimise healthchecks ( #5337 )
...
* tests: remove redundant healthchecks
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* internal: do healthcheck within proxy instead of wget to use correct port
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tags
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-21 13:32:48 +03:00
Jens L
fd2677af1f
root: bump api generator ( #5139 )
...
* root: bump api generator
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump api diff too
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump go api client
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* simplify go api generation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-01 18:10:52 +02:00
Jens L
3f5effb1bc
providers/radius: simple radius outpost ( #1796 )
...
* initial implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* minor fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use search-select
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix ip with port being sent to delegated ip
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add radius tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
Jens L
ef028af7d1
providers/proxy: rework endpoints logic ( #4993 )
...
* providers/proxy: rework endpoints logic
again...this time with tests and better logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-18 18:51:20 +01:00
Jens L
345fa1bed6
providers/ldap: fix duplicate attributes ( #4972 )
...
closes #4971
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-16 12:14:17 +01:00
Jens L
eaf56f4f3f
stages/user_login: stay logged in ( #4958 )
...
* add initial remember me offset
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add to go executor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add ui for user login stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
Jens L
41d17dc543
internal: fix crash when port 9000 is in use ( #4863 )
...
fix crash when port 9000 is in use
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-07 13:27:46 +01:00
roche-quentin
cd99b6e48f
providers/ldap: making ldap compatible with synology ( #4694 )
...
* internal/outpost/ldap: making ldap compatible with synology
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add docs about homedirectory
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add substitution to values
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 15:26:41 +01:00
sdimovv
51c6a14786
providers/ldap: Improve compatibility with LDAP clients ( #4750 )
...
* Fixed invalid LDAP attributes by replacing '.'s and '/'s with '-'
* Leave old fields for now for backward compatibility
* Add forgotten depreceated field
* Fix tests
* Fix tests
* use shorter attribute names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sanitize attributes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* keep both sanitized and unsanitized user fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add sanitized fields to test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-22 14:18:22 +01:00
Jens Langhammer
f70be86ddc
providers/proxy: strip scheme when comparing redirect URL
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-20 21:22:26 +01:00
Jens Langhammer
9f431396c0
providers/proxy: ensure issuer is correct when browser url override is set
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
#4715
2023-02-19 17:35:29 +01:00