dependabot[bot]
253b676f7d
website: bump prettier from 2.8.0 to 2.8.1 in /website ( #4172 )
...
Bumps [prettier](https://github.com/prettier/prettier ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1 )
---
updated-dependencies:
- dependency-name: prettier
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:06:07 +01:00
dependabot[bot]
9f4f911fd3
web: bump prettier from 2.8.0 to 2.8.1 in /web ( #4178 )
...
Bumps [prettier](https://github.com/prettier/prettier ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1 )
---
updated-dependencies:
- dependency-name: prettier
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:05:40 +01:00
dependabot[bot]
6ebfb5138c
core: bump python from 3.11.0-slim-bullseye to 3.11.1-slim-bullseye ( #4185 )
...
Bumps python from 3.11.0-slim-bullseye to 3.11.1-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:05:18 +01:00
dependabot[bot]
ab8ed8599e
web: bump @typescript-eslint/eslint-plugin from 5.45.1 to 5.46.0 in /web ( #4187 )
...
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin ) from 5.45.1 to 5.46.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.46.0/packages/eslint-plugin )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:05:03 +01:00
dependabot[bot]
c76fb2eed0
web: bump lit from 2.4.1 to 2.5.0 in /web ( #4188 )
...
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit ) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/lit/lit/releases )
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md )
- [Commits](https://github.com/lit/lit/commits/lit@2.5.0/packages/lit )
---
updated-dependencies:
- dependency-name: lit
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-09 12:04:53 +01:00
Jens Langhammer
4d8978ea90
bleuprints: fix flaky test
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-09 11:04:44 +00:00
dependabot[bot]
64540cc870
core: bump certifi from 2022.9.24 to 2022.12.7 ( #4184 )
2022-12-08 21:44:08 +02:00
dependabot[bot]
5b05884a2b
web: bump typescript from 4.9.3 to 4.9.4 in /web ( #4180 )
2022-12-08 20:53:53 +02:00
dependabot[bot]
eef3ef2165
core: bump golang from 1.19.3-bullseye to 1.19.4-bullseye ( #4168 )
2022-12-07 12:50:03 +02:00
dependabot[bot]
235296c749
core: bump django from 4.1.3 to 4.1.4 ( #4170 )
2022-12-07 12:49:18 +02:00
sdimovv
8d13235b74
blueprints: fixed bug causing filtering with an empty query ( #4106 )
...
* Fixed bug causing filtering with an empty query
Fixed bug allowing blueprint import to filter for existing models using an empty query.
The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* Added support for using dict fields as blueprint entry identifiers
* Disabled pylint too-many-locals for _validate_single
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
2022-12-06 12:06:25 +01:00
dependabot[bot]
5ef5c70490
web: bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.45.1 in /web ( #4159 )
...
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin ) from 5.45.0 to 5.45.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.1/packages/eslint-plugin )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:44:33 +01:00
dependabot[bot]
3fe627528e
website: bump react-before-after-slider-component from 1.1.5 to 1.1.6 in /website ( #4160 )
...
website: bump react-before-after-slider-component in /website
Bumps [react-before-after-slider-component](https://github.com/smeleshkin/react-before-after-slider-component ) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/smeleshkin/react-before-after-slider-component/releases )
- [Commits](https://github.com/smeleshkin/react-before-after-slider-component/compare/v.1.1.5...v.1.1.6 )
---
updated-dependencies:
- dependency-name: react-before-after-slider-component
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:39:33 +01:00
dependabot[bot]
674eeed763
web: bump eslint-plugin-lit from 1.6.1 to 1.7.0 in /web ( #4161 )
...
Bumps [eslint-plugin-lit](https://github.com/43081j/eslint-plugin-lit ) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/43081j/eslint-plugin-lit/releases )
- [Commits](https://github.com/43081j/eslint-plugin-lit/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: eslint-plugin-lit
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:39:23 +01:00
dependabot[bot]
4bd91180df
web: bump @typescript-eslint/parser from 5.45.0 to 5.45.1 in /web ( #4162 )
...
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ) from 5.45.0 to 5.45.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.1/packages/parser )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:39:03 +01:00
dependabot[bot]
0af4824fa6
core: bump pylint from 2.15.7 to 2.15.8 ( #4163 )
...
Bumps [pylint](https://github.com/PyCQA/pylint ) from 2.15.7 to 2.15.8.
- [Release notes](https://github.com/PyCQA/pylint/releases )
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.7...v2.15.8 )
---
updated-dependencies:
- dependency-name: pylint
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-06 11:38:51 +01:00
dependabot[bot]
64eb953593
web: bump @formatjs/intl-listformat from 7.1.6 to 7.1.7 in /web ( #4151 )
...
Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs ) from 7.1.6 to 7.1.7.
- [Release notes](https://github.com/formatjs/formatjs/releases )
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@7.1.6...@formatjs/intl-listformat@7.1.7 )
---
updated-dependencies:
- dependency-name: "@formatjs/intl-listformat"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 13:32:04 +01:00
dependabot[bot]
45704cf20a
web: bump eslint from 8.28.0 to 8.29.0 in /web ( #4150 )
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.28.0 to 8.29.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.28.0...v8.29.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 13:31:54 +01:00
dependabot[bot]
b5714afac7
core: bump goauthentik.io/api/v3 from 3.2022111.1 to 3.2022112.1 ( #4152 )
...
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2022111.1 to 3.2022112.1.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2022111.1...v3.2022112.1 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 13:31:30 +01:00
dependabot[bot]
ff109206fd
core: bump selenium from 4.7.0 to 4.7.2 ( #4153 )
...
Bumps [selenium](https://github.com/SeleniumHQ/Selenium ) from 4.7.0 to 4.7.2.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases )
- [Commits](https://github.com/SeleniumHQ/Selenium/commits )
---
updated-dependencies:
- dependency-name: selenium
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 13:31:16 +01:00
Jens Langhammer
49bd028363
website/docs: update release notes
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-03 13:10:16 +02:00
Jens Langhammer
44bf9a890e
release: 2022.11.3
2022-12-02 23:00:59 +02:00
Jens Langhammer
b60c6d4144
web: bump API Client
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 23:00:45 +02:00
github-actions[bot]
ef239e6430
web: bump API Client version ( #4142 )
2022-12-02 17:29:09 +01:00
Jens Langhammer
58cd6007b2
Merge branch 'version-2022.11'
2022-12-02 18:12:38 +02:00
github-actions[bot]
1dcf6e8962
web: bump API Client version ( #4141 )
...
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-12-02 16:17:37 +01:00
Jens L
db95dfe38d
security: fix CVE 2022 46145 ( #4140 )
...
* add flow authentication requirement
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add website for cve
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: handle FlowNonApplicableException without policy result
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add release notes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00
Avsynthe
860c85d012
website/integrations: Update Bookstack SAML settings Documentation ( #4137 )
...
Update Bookstack SAML settings
Enabled AUTH_AUTO_INITIATE=true to reduce amount of clicks needed to proceed to Bookstack and give a propper SSO experience. If user is not logged in elsewhere already, authentik's login page will still be displayed.
Edited SAML2_DISPLAY_NAME_ATTRIBUTES so it actually works. The previous "Name" entry is non-functional and does not parse. When this is the case, or the field is empty, usernames in Bookstack default to user's email address. Entries here need to be in line with Active Directory Federation Services' Role of Claims found here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/the-role-of-claims . Additionally, this will use the user's authentik username rather than real/full name.
Enabled Group Sync by default for easier administration for sysadmins. SAML2_GROUP_ATTRIBUTE also needed to be in line with Active Directory Federation Services' Role of Claims
Signed-off-by: Avsynthe <102600593+Avsynthe@users.noreply.github.com>
Signed-off-by: Avsynthe <102600593+Avsynthe@users.noreply.github.com>
2022-12-02 11:46:44 +01:00
Jens Langhammer
6ca1654129
lifecycle: don't set user/group in gunicorn
...
closes #4098 closes #3236
the user and group are inherited from the parent process so this isnt required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 12:42:55 +02:00
dependabot[bot]
a2dc594a44
web: bump @sentry/browser from 7.22.0 to 7.23.0 in /web ( #4131 )
...
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript ) from 7.22.0 to 7.23.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases )
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.22.0...7.23.0 )
---
updated-dependencies:
- dependency-name: "@sentry/browser"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 09:52:53 +01:00
dependabot[bot]
c6bc8e2ddf
web: bump decode-uri-component from 0.2.0 to 0.2.2 in /web ( #4136 )
...
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component ) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases )
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2 )
---
updated-dependencies:
- dependency-name: decode-uri-component
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 09:52:23 +01:00
dependabot[bot]
48a234e86f
web: bump @sentry/tracing from 7.22.0 to 7.23.0 in /web ( #4132 )
2022-12-02 09:48:14 +01:00
dependabot[bot]
cf521eba5a
web: bump @formatjs/intl-listformat from 7.1.4 to 7.1.6 in /web ( #4133 )
2022-12-02 09:48:04 +01:00
dependabot[bot]
52ebc78aaa
core: bump selenium from 4.6.1 to 4.7.0 ( #4134 )
2022-12-02 09:47:53 +01:00
sdimovv
1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags ( #4127 )
...
* Added support for nested tags to !Find and !Format
* Added tests
* Fix variable names
* Added docs
* Fixed small mistake in tests
* Fixed variable names
* Broke example into multiple lines
2022-12-01 16:10:26 +01:00
Jens Langhammer
3251bdc220
events: improve handling creation of events with non-pickleable objects
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 15:56:28 +02:00
Bastien Rivière
93fee5f0e5
web: fix authentification with Plex on iOS ( #4095 )
...
* web: fix authentification with Plex on iOS
Fixes issue #3822
* fixup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add fallback button
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 13:32:00 +01:00
dependabot[bot]
46c8db7f4b
web: bump @codemirror/lang-html from 6.2.0 to 6.4.0 in /web ( #4129 )
...
Bumps [@codemirror/lang-html](https://github.com/codemirror/lang-html ) from 6.2.0 to 6.4.0.
- [Release notes](https://github.com/codemirror/lang-html/releases )
- [Changelog](https://github.com/codemirror/lang-html/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/lang-html/compare/6.2.0...6.4.0 )
---
updated-dependencies:
- dependency-name: "@codemirror/lang-html"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-01 09:57:20 +01:00
dependabot[bot]
fc74c0209a
web: bump pyright from 1.1.281 to 1.1.282 in /web ( #4128 )
...
Bumps [pyright](https://github.com/Microsoft/pyright/tree/HEAD/packages/pyright ) from 1.1.281 to 1.1.282.
- [Release notes](https://github.com/Microsoft/pyright/releases )
- [Commits](https://github.com/Microsoft/pyright/commits/1.1.282/packages/pyright )
---
updated-dependencies:
- dependency-name: pyright
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-01 09:53:23 +01:00
dependabot[bot]
07bfc3da1e
core: bump twilio from 7.15.3 to 7.15.4 ( #4130 )
...
Bumps [twilio](https://github.com/twilio/twilio-python ) from 7.15.3 to 7.15.4.
- [Release notes](https://github.com/twilio/twilio-python/releases )
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md )
- [Commits](https://github.com/twilio/twilio-python/compare/7.15.3...7.15.4 )
---
updated-dependencies:
- dependency-name: twilio
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-01 09:50:14 +01:00
Jens Langhammer
2a4daa5360
release: 2022.11.2
2022-12-01 10:41:29 +02:00
Jens Langhammer
e1a6dede54
*: backport CVE-2022-46145 fix
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:41:26 +02:00
Jens Langhammer
cf40e5047e
policies: don't log context when policy returns None
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 14:43:47 +02:00
Jens Langhammer
17ee076f3d
root: include security policy in website container
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 13:05:38 +02:00
Jens Langhammer
4d12a98c5d
root: rework and expand security policy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 13:05:35 +02:00
Jens Langhammer
d5329432fe
lib: fix uploaded files not being saved correctly, add tests
...
closes #4110 #4109 #4107
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 12:48:33 +02:00
Jens Langhammer
8a926aaa73
Revert "web: bump @codemirror/lang-html from 6.2.0 to 6.3.1 in /web ( #4122 )"
...
This reverts commit 17fc775fd3
.
2022-11-30 10:42:28 +02:00
sdimovv
5156aeee0f
policies/password: Always add generic message to failing zxcvbn check ( #4100 )
...
* Always add generic message to failing zxcvbn password policy
Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.
For example:
```
$ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password:
"score": 3,
"feedback": {
"warning": "",
"suggestions": []
}
}
```
As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user.
There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.
I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Update authentik/policies/password/models.py
Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
* Added test case
* fix black formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-30 07:58:16 +00:00
dependabot[bot]
1690812936
web: bump @sentry/browser from 7.21.1 to 7.22.0 in /web ( #4120 )
...
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript ) from 7.21.1 to 7.22.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases )
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.21.1...7.22.0 )
---
updated-dependencies:
- dependency-name: "@sentry/browser"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-30 08:46:22 +01:00
dependabot[bot]
c693a2c3f4
web: bump @babel/core from 7.20.2 to 7.20.5 in /web ( #4112 )
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.20.2 to 7.20.5.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.5/packages/babel-core )
---
updated-dependencies:
- dependency-name: "@babel/core"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-30 08:46:13 +01:00