Commit graph

2700 commits

Author SHA1 Message Date
Jens L f2f22719f8
core: improve error template (#3521) 2022-09-03 19:46:37 +02:00
Jens Langhammer 242423cf3c internal: remove sentryhttp from main server mux to prevent double traces
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-03 16:41:47 +02:00
Jens Langhammer d9775f2822 blueprints: don't export events by default and exclude anonymous user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:32:02 +02:00
Jens Langhammer 398eb23d31 blueprint: fix EntryInvalidError not being handled in tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-31 23:08:38 +02:00
Jens L abca435337
blueprints: OCI registry support (#3500)
* blueprints: add ability to load blueprints via OCI

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix inheritance check for meta models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add oci tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-30 14:08:26 +02:00
Jens L 54ba3e9616
blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486)
* add meta model to apply blueprint within blueprint for dependencies

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use custom registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix again

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move ManagedAppConfig to apps.py

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* rename manager to registry

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ci: use full tag in comment

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-29 21:20:58 +02:00
Jens Langhammer d3466ceef8 blueprints: use correct log level when re-logging import validation logs
closes #3483

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 16:07:48 +02:00
Jens Langhammer 5886688fae core: make request in context optional for Applications API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3482
2022-08-28 15:59:34 +02:00
Jens Langhammer c3c8cbf7ef events: save event to test notification transport
closes #3485

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-28 15:39:42 +02:00
Jens Langhammer 83eaac375d sources/oauth: use GitHub's dedicated email API when no public email address is configured
closes #3472

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-26 21:21:41 +02:00
Jens Langhammer 3eb3a9eab9 *: remove remaining default creation code in squashed migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-24 23:02:34 +02:00
Jens Langhammer a099b21671 lib: reset settings when error is raised in patch
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:21:28 +02:00
Jens Langhammer b9294fd9ad blueprints: fix unbound error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 21:15:48 +02:00
Jens Langhammer 13a302cdad sources/oauth: use UPN for username with azure AD source
closes #3468
breaking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:55:25 +02:00
Jens Langhammer e994a01e80 blueprints: handle blueprints without metadata
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 20:54:56 +02:00
Jens Langhammer d49431cfc7 events: reset task info when not saving on success
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:22:14 +02:00
Jens Langhammer ce2ce38b59 blueprints: improve error messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:21:57 +02:00
Jens Langhammer 2af4f28239 stages/invitation: don't use uuid.hex
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:46 +02:00
Jens Langhammer 1419910b29 blueprints: fix duplicate tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:14:30 +02:00
Jens Langhammer 649835cc61 events: fix MonitoredTasks' save_on_success not behaving as expected
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 19:13:41 +02:00
Jens Langhammer 917c4ae835 ci: fix typos
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:49:23 +02:00
Jens Langhammer ca2fce8be2 blueprints: always set metadata when attempting to apply
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-23 18:48:01 +02:00
Jens Langhammer 15c34c6f1f release: 2022.8.2 2022-08-19 15:59:53 +01:00
Jens Langhammer 0ab8f4eed7 blueprints: add required password stage backends
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 15:59:41 +01:00
Jens Langhammer 810c04bacf blueprints: don't suggest models not inheriting serializermodel in schema
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-19 11:26:15 +01:00
Jens Langhammer 0cc83c23c4 providers/proxy: fix duplicate proxy set default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 21:13:45 +01:00
Jens Langhammer fdb8fb4b4c providers/oauth2: fix oauth2 requests being logged as unauthenticated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 20:26:12 +02:00
Jens Langhammer 9d58407e25 blueprints: remove _state from exporter blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 19:25:02 +02:00
Jens Langhammer f4441c9fcf providers/proxy: trigger proxy set_defaults task on startup
closes #3445

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 0e9762072a blueprints: keep more modular state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 0cfffa28ad blueprints: fix exporter not ignoring non-SerializerModel objects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer 1ad4c8fc29 outposts: fix log level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 17:42:27 +02:00
Jens Langhammer fb5eb7b868 sources/oauth: fix missing doseq param for updating URL query string
closes #3374

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 14:34:20 +02:00
Jens Langhammer 198c940a80 core: fix pre-hydrated config not being escaped properly
closes #3442

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-18 13:53:22 +02:00
Jens L 1adc6948b4
blueprints: allow for adding remote blueprints (#3435)
* allow blueprints to be fetched from HTTP URLs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove os.path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add validation for blueprint path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 23:00:47 +02:00
Jens L e87236b285
blueprints: add generic export next to flow exporter (#3439) 2022-08-17 17:57:59 +01:00
Jens Langhammer 846b63a17b *: remove some very verbose logging messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-17 13:36:56 +02:00
Jens Langhammer 1281e842d1 events: fix false-y values being stripped
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 22:29:36 +02:00
Jens Langhammer f7601d9571 events: correctly handle lists for cleaning/sanitization
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:47:30 +02:00
Jens Langhammer 4d9c9160e7 events: fix sanitize_dict not working on list items
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:24 +02:00
Jens Langhammer ad1f913e54 blueprints: add wrapper to get blueprints as dict
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 21:37:05 +02:00
Jens Langhammer 3da0233c40 Revert "blueprints: fix issue in prod setups with encoding dataclasses via celery"
This reverts commit ff788edd9b.
2022-08-16 21:21:47 +02:00
Jens Langhammer ff788edd9b blueprints: fix issue in prod setups with encoding dataclasses via celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 20:59:36 +02:00
Jens Langhammer aea0958f3f blueprints: add default status
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 17:51:22 +02:00
Jens Langhammer 435d126a1c release: 2022.8.1 2022-08-16 16:23:36 +02:00
Jens Langhammer e8b30b75d2 root: override blueprints_dir for testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 15:50:58 +02:00
Jens Langhammer e9c1276634 blueprints: use relative path in @apply_blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 14:20:45 +02:00
Jens Langhammer 6000a33a8e *: fix type annotations for serializer model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-16 13:23:22 +02:00
Jens Langhammer 4c9878313c sources/oauth: correctly concatenate URLs to allow custom parameters to be included
closes #3374

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-08 21:17:32 +02:00
Jens Langhammer 54c16129ea stages/authenticator_duo: revamp duo enroll status API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3288
2022-08-08 20:38:06 +02:00
Jens Langhammer 872c18dddc blueprints: don't use example label, add more tags and tests for tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
Jens Langhammer 2fa6cf855d stages/consent: simplify logic, correctly update existing consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
Jens Langhammer 3b86144ae5 stages/*: use stage-bound logger when possible
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
Jens Langhammer f01f10c5e5 providers/oauth2: don't separate scopes by comma-space
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
Jens Langhammer e1249d3760 providers/oauth2: fix scopes without descriptions not being saved in consent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
Jens Langhammer dcbf106daa blueprints: add !Context to lookup things from instance context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L 89fef0ae72
blueprints: docs (#3376)
* further blueprint cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make group users and parent optional

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix api client usage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer 85640d402f internal: fix race conditions when accessing settings before bootstrap
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L ec42d378ab
blueprints/cleanup (#3369) 2022-08-05 08:39:00 +02:00
Jens L 2ce8e18bab
internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3360

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot] 9a9c826c0b
core: bump django from 4.0.6 to 4.1 (#3368)
* core: bump django from 4.0.6 to 4.1

Bumps [django](https://github.com/django/django) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.0.6...4.1)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L d1004e3798
blueprints: webui (#3356) 2022-08-03 00:05:49 +02:00
Jens Langhammer 2bd29e2fdd *: improve error handling for startup tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer 3cd0a782af blueprints: correctly load on fresh install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L a023eee9bf
blueprints: migrate from managed (#3338)
* test all bundled blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix empty title

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix default blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add script to generate dev config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate managed to blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more to blueprint instance

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrated away from ObjectManager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix a bit more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* whops

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *sigh*

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tasks

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* scheduled

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* run discovery on start

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* oops this test should stay

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer 7a05c6faef stages/consent: fix error when requests with identical empty permissions
closes #3280

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L 553989d17f
flows/stages/consent: fix for post requests (#3339)
add unique token to consent stage to ensure it is shown

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L 89c84f10d0
blueprints: v1 (#1573)
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L 882250a85e
flows: migrate flows to be yaml (#3335)
* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer fcf4657833 providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
closes #3314

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L 393d7ec486
providers/proxy: no exposed urls (#3151)
* test any callback

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont detect callback in per-server handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use full redirect uri with both path and query param

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* correctly route to embedded outpost for callback signature

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix allowed redirects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source (#3299)
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer 1dcec17a58 sources/oauth: only send header authentication for OIDC source
closes #3327

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer d6b1a22563 core: fix import order
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer cada292e00 core: pre-hydrate config into templates to directly load correct assets
closes #3228

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer 83eba36f8d core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
closes #3237

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer b82a142745 stages/authenticator_sms: use twilio SDK, improve docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer 2a42c203b2 stages/authenticator_totp: remove single device per user limit
closes #3281

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer ade2d4879c stages/authenticator_duo: fix imported Duo Device not having a name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer e14798dcdc core: import all models into shell
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer 0248755cda stages/authentiactor_validate: improve error handling for duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer 1f90359310 root: fix broken traceback logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer 008fc19f0d root: fix log fields being overwritten in celery task logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer 277df4f04f stages/prompt: fix tests for file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer de26c65fa0 core: add attributes. avatar method to allow custom uploaded avatars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2631
2022-07-26 21:42:41 +02:00
dependabot[bot] bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 (#3294)
* core: bump structlog from 21.5.0 to 22.1.0

Bumps [structlog](https://github.com/hynek/structlog) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0)

---
updated-dependencies:
- dependency-name: structlog
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* migrate threaedlocal to contextvars

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer 1880f98fa1 sources/oauth: fix typo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer dae6493a3e release: 2022.7.3 2022-07-20 09:37:43 +02:00
Jens Langhammer f909b86338 stages/consent: fix permimssions for consent API (allow owner to delete) 2022-07-19 16:41:34 +00:00
Jens Langhammer 327df6529b sources/oauth: use oidc preferred_username if set, otherwise nickname 2022-07-19 16:41:10 +00:00
Jens Langhammer 658dc63c4c lifecycle: revert waiting for lock, launch managed reconcile on app import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer 549f6f2077 providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L e9d9d658c4
lifecycle: make worker wait for migrations to be done (#3254)
* lifecycle: make worker wait for migrations to be done

* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer 9a9ba2560b core: delete expired models when filtering instead of excluding them
closes #3233

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer 47434cd62d stages/prompt: try to base64 decode file, fallback to keeping value as-is
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer ff500b44a6 stages/prompt: force required to false when using readonlyfield
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer 8e19fb3a8c release: 2022.7.2 2022-07-06 20:31:48 +02:00
Jens Langhammer d497db3010 flows: fix OOB flow incorrectly setting pending user
closes #3224

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer 24f95fdeaa tenants: fix tests for current tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer d1c4818724 policies: improve api test coverage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L 49cce6a968
stages/prompt: add basic file field (#3156)
add basic file field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer 0a73e7ac9f tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer 3344af72c2 outposts: cleanup user handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer f316a3000b release: 2022.7.1 2022-07-04 21:10:20 +02:00
Jens Langhammer 6a497b32f6 core: use Exception for fallback case in flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer 4cd629b5fc core: handle FlowNonApplicableException correctly in source flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer 14a4047bdd flows: show messages from ak_message when flow is denied
fallback to same generic message

closes #3197

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L 17d33f4b19
flows: denied action (#3194) 2022-07-02 17:37:57 +02:00
Jens L c39a5933e1
core: create FlowToken instead of regular token for generated recovery links (#3193)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2749
2022-07-02 14:17:41 +02:00
Jens L 5e3f44dd87
flows: add shortcut to redirect current flow (#3192) 2022-07-01 23:19:41 +02:00
Jens Langhammer 1c64616ebd sources/ldap: add configuration for LDAP Source ciphers
closes #3110

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer 23273f53cc providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
closes #3112

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer d11ce0a86e providers/proxy: set default scopes based on managed attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer 766ceda57a core: re-create anonymous user when repairing permissions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer e758c434ea web: ignore module load errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer 90e3ae9457 *: define prometheus metrics in apps to prevent re-import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer 56fd436e5d web: fix redirect when accessing authentik URLs authenticated
closes #3174

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer ea60c389be providers/saml: include SSO Binding URLs in Provider API
closes #3179

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer 983882f5a0 providers/oauth2: ensure refresh tokens are URL safe
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3185
2022-06-30 12:43:08 +02:00
Jens L c5a2831665
api: add basic jwt support with required scope (#2624)
* api: add basic jwt support with required scope

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: only set auth_via when actually authenticating via token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* save consented permissions in user consent, re-prompt when new permissions are required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate special scope map

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more api auth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* build web api in e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* link generated client instead of copying

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L 504338ea66
web/admin: application wizard (part 1) (#2745)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove log

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use form for all type wizard pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more oauth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* basic wizard actions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make resets work

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add hint in provider wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* render correct icon in empty state in table page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve empty state

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more pages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add group PK to service account creation response

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use wizard-level isValid prop

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-add old buttons

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer f28509608b core: mark session as modified instead of saving it directly to bump expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer 6c9dc7a15b providers/oauth2: fix OAuth form_post response mode for code response_type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer b6267fdf28 *: add versioned user agent to sentry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer 1f0fc0a6a2 Merge branch 'version-2022.6' 2022-06-20 10:19:25 +02:00
Jens Langhammer 9201fc1834 release: 2022.6.3 2022-06-19 22:01:06 +02:00
Jens Langhammer 1faba11a57 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-19 21:37:20 +02:00
9p4 f0c72e8536 providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer 91f91b08e5 core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L caed306346 providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer 59b899ddff internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer 85784f796c root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer b42eb9464f lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L 6559fdee15 stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer 3455bf3d27 policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer 0d96e68c1e core: add limit of 20 to group recursion
closes #3116

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer 7caac1d0c7 providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3114
2022-06-18 13:13:36 +02:00
9p4 45364d6553
providers/oauth2: dont lowercase URL for token requests (#3114)
this was a leftover from before the migration regex checking for redirect URIs

closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer 2298eb124f core: fix migrations when creating bootstrap token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer e892ed14da providers/oauth2: include source's user path in M2M created users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L 1c62a3db6e
core: user paths (#3085)
* init

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add user_path_template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to sources and flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add outposts & api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dark theme for treeview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add search

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs and tests for validation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to user write stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: improve error handling

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L 6821402fef
providers/oauth2: remove deprecated verification_keys (#3071)
remove verification_keys

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L 8dbb0bd2c6
providers/oauth2: token revoke (#3077) 2022-06-11 18:49:16 +02:00
Jens L 0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer bdf76bb4b7 internal: skip tracing for go healthcheck and metrics endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer 74ce9cc6fd root: ignore healthcheck routes in sentry tracing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer 5e2d647a6c core: trigger bootstrap tasks in server if we're debugging
closes #3040

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer 7beebe030d lifecycle: run bootstrap tasks inline when using automated install
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L 66f4a31b4c
stages/authenticator_validate: add webauthn tests (#3069)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer 039d896dee policies: consolidate log user and application
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer ff2baf502b release: 2022.6.2 2022-06-07 21:36:18 +02:00
Jens Langhammer 23023ec727 providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer 7d84a71a01 stages/authenticator_validate: fix double-negation of password-less check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer 9add8479ca stages/authenticator_validate: fix error in passwordless webauthn
closes #3050

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer ca40d31dac *: make user logging more consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier 2dfa6c2c82
core: add setting to open application launch URL in a new browser tab (#3037)
* core: add setting to open application launch URL in a new browser tab

* core: fix failing applications unit tests

* core: fix formatting

* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer c11435780d sources/oauth: fix twitter client missing basic auth
closes #3038

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer 817d538b8f core: add additional filters to source viewset
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer 210775776f core: add slug to built-in source
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer b26111fb42 events: fix error when attempting to create event with GeoIP City in context
closes #2709

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer 67d54c5209 release: 2022.6.1 2022-06-04 21:23:33 +02:00
Jens L fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context (#3039)
* use custom login failed signal, also send for mfa errors, add stage and more to context

closes #3027

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include device class in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L 36cbc44ed6
migrate to main (#3035)
closes #3032

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L 0c591a50e3
*: don't dispatch tasks on startup of server (#3033)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L 7ee655a318
core: add bootstrap variables with authentik prefix for helm charts (#3031)
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer eba339ba27 core: improve loading speed of flow background
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer 558c7bba2a lib: add lxml wrapper
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer 8cd1a42fb9 *: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L c0cb891078
stages/authenticator_sms: verify-only (#3011) 2022-06-01 23:16:28 +02:00
Jens L fc1c1a849a
stages/*: use bound logger (#3012)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L 2c6d82593e
root: cleanup session keys to use common format (#3003)
cleanup session keys to use common format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer 34bcc2df1a root: disable session_save_every_request as it overwrites the session with old data
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer b4d528a789 policies: fix incorrect bound_to count
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer a0397fdcf4 events: set default transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L 8faa1bf865
events: add local transport mode (#2992)
* events: add local transport mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default local transport

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer fc75867218 events: ignore session model
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L 3eb466ff4b
lifecycle: cleanup prometheus (#2972)
* remove high cardinality labels

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* retry worker number for prometheus multiprocess id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* revert to pid, use subdirectories

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup more

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing app label

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* tests/e2e: remove static names

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L 9f2529c886
stages/authentiactor_validate: cookies (#2978)
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L fb25b28976
core: db sessions (#2979)
* use db session backend

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* root: wrap session cookie in JWT and add useful claims

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix compatibility with tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use standard session key for writing in sessions too

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer fb69f67f47 *: cleanup vendor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer 18b48684eb providers/oauth2: add configuration error event when wrong redirect uri is used in token request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer 098b0aef6e *: use create_test_admin_user for all unittests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer 082df0ec51 Merge branch 'version-2022.5'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/providers/oauth2/views/token.py
#	web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer 1883402b3d release: 2022.5.3 2022-05-28 12:04:26 +02:00
Jens Langhammer 1b3aacfa1d providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer 2b68363452 providers/oauth2: add migration from "*" to ".*"
closes #2970

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer 6105956847 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer 4ff32af343 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer 972868c15c providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer 0bc57f571b api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer a81d5a3d41 providers/oauth2: regex-escape URLs when set to blank
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer 34ef4af799 flows: fix flakiness in tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer 5da47b69dd providers/oauth2: only set expiry on user when it was freshly created
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer 0e0dd2437b providers/oauth2: handle attribute errors when validation JWK contains private key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer e42386b150 api: update API browser to match admin UI and auto-switch theme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer ef219198d4 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer cc744dc581 flows: fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer 816b0c7d83 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer 56babb2649 flows: fix re-imports of entries with identical PK re-creating objects
closes #2941

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L b8fdda50ec ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer 4a9b788703 providers/oauth2: set related_name for many-to-many so used by detects the connection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L 80c1dbdfbb
ensure all viewsets have filter and search and add tests (#2946)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L b4e75218f5
sources/oauth: OIDC well-known and JWKS (#2936)
* add initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include source and jwk key id in event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests for source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix web formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add provider tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer 482491e93c core: fix username validator not allowing changes that can be done via flows
closes #2755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer 61a876b582 providers/saml: handle parse error
AUTHENTIK-1K5

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
Jens Langhammer 8c9748e4a0 providers/oauth2: improve error handling for invalid regular expressions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
Jens Langhammer b7979ad48e Revert "events: ignore silk SQLQuery object"
This reverts commit a26f25ccd6.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
Jens Langhammer 4704de937a stages/user_write: fix typo in request context variable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
Jens Langhammer 394d8e99a4 policies: improve error logging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
Jens Langhammer a26f25ccd6 events: ignore silk SQLQuery object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
Jens Langhammer 63dc8fe7dc crypto: set SAN in default generated Certificate to semi-random domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2462
2022-05-22 23:22:06 +02:00
Jens Langhammer cfe2648b62 events: fix transport not allowing blank values
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
Jens Langhammer 3d4a45c93f release: 2022.5.2 2022-05-21 17:17:21 +02:00
Jens Langhammer 75d6cd1674 outposts: ensure the user and token are created on initial outpost save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
Jens L 2dee8034d3
outposts: allow externally managed SSH Config for outposts (#2917) 2022-05-21 12:10:08 +02:00
Jens Langhammer 220d21c3e0 release: 2022.5.1 2022-05-20 19:34:45 +02:00
Jens L b43df2ae27
stages/identification: redirect with QS to keep next parameters (#2909)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
Jens L d570feffac
flows: add types to diagrams (#2902)
* add policy and stage types to diagram

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show policies bound to the root flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix get_build_hash being empty

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
Jens Langhammer 3d52266773 flows: handle missing initial_data in challenge
AUTHENTIK-1HK

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
Jens L 7bdecd2ee6
stages/user_write: dynamic groups (#2901)
* stages/user_write: add dynamic groups

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* simplify functions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
2022-05-18 21:22:27 +02:00
Jens L 75b0fb3393
sources/oauth: migrate twitter to oauth2 (#2893) 2022-05-18 00:03:02 +02:00
Jens Langhammer 538c2ca4d3 stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
Jens Langhammer 5080840ed9 admin: ensure disable_update_check is set to false for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
Jens L 333e58ce2f
flows/layouts (#2867) 2022-05-16 01:10:23 +02:00
Jens Langhammer 4de2ac3248 events: add task to expire seen notifications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
Jens Langhammer eb4dce91c3 events: add user filter to notifications
as superuser all notifications are returned regardless of permission so we need to filter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
Jens Langhammer d4fd6153c8 api: fix OwnerFilter filtering out objects for superusers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
Jens Langhammer 85b6bfbe5f sources: fix parent serializer for user connections
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
Jens Langhammer 5644d5f3f7 stages/authenticator_totp: fix key error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
Jens Langhammer f391c33bdf providers/oauth2: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
Jens Langhammer 18f450bd49 root: enable sentry for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
Jens Langhammer ee36b7f3eb flows: move autosubmit stage into flows package
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
Jens Langhammer a9a62bbfc8 providers/oauth2: use correct title based on flow context and translated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
Jens Langhammer ddd785898b providers/saml: add title attribute to autosubmit stage and render correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
Jens Langhammer 8ba45a5f6a providers/oauth2: don't create events before client_id can be verified to prevent spam
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
Jens Langhammer 7d41e6227b providers/oauth2: add tests for form_post, fix attrs not being flattened
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
Jens Langhammer 1363226697 providers/saml: make SAML metadata generation consistent
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
scheibling d4abf5621e
providers/oauth2: add support for form_post response mode (#2818)
* Added request verification and parameter generation

* response_mode added to OAuthAuthorizationParams return

* Added class OauthPostFulfillmentStage
Check response_mode in initialization

* Corrected typo

* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class

* Fixed pylint error (trailing-whitespace)
Removed comment

* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
Jens L ec67b60219
policies/hibp: check in prompt data (#2845)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
Jens L fd1d38f844
stages/authenticator_validate: remember (#2828)
* initial

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: cleanup timedelta help

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tooltip

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* assert response code in self.assertStageResponse

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests, add duo

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
Jens Langhammer 3554406aa5 root: fix duplicate enum in api scheme
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
Jens L ab2299ba1e
outposts/ldap: cached bind (#2824)
* initial cached ldap bind support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* clean up api generation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use gh action for golangci-lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer 860269acf0 root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1878
2022-05-07 22:32:56 +02:00
scheibling 30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) (#2819) 2022-05-06 10:09:09 +02:00
Jens Langhammer 59df02b3b8 root: disable stdout capturing for tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
Jens Langhammer ddbe0aaf13 stages/user_delete: fix delete stage failing when pending user is not explicitly set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
Jens Langhammer 84930b4924 Revert "internal: fix high cpu when backend isnt healthy"
This reverts commit eb6cfd22a7.

Revert "root: handle JSON error in metrics too"

This reverts commit 1ede972222.

Revert "root: don't force multiprocess prometheus registry"

This reverts commit cd1d1b4402.

Revert "root: add error handling for prometheus view"

This reverts commit c0a883f76f.
2022-04-29 18:13:26 +02:00
Jens Langhammer 1ede972222 root: handle JSON error in metrics too
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
Jens Langhammer cd1d1b4402 root: don't force multiprocess prometheus registry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
Jens Langhammer c0a883f76f root: add error handling for prometheus view
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
Jens Langhammer ab8b37a899 events: fix ignored instances not being a tuple
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
Jens Langhammer 9077eff34d root: add silk and debugging views
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
Jens Langhammer 2399fa456b policies: fix current user not being set in server-side policy deny
closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
Jens Langhammer 0b4ac54363 *: default to max 60 for fqdn_rand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
Jens Langhammer 1a1434bfda *: decrease frequency of background tasks, smear tasks based on name and fqdn
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2159
2022-04-20 18:43:40 +02:00
Jens Langhammer d283a5236c core: add custom shell command which imports all models and creates events for model events
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
github-actions[bot] e4486b98fc web: Update Web API Client version (#2733)
Signed-off-by: GitHub <noreply@github.com>

Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
Jens Langhammer 778065f468 core: add flag to globally disable impersonation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
Behn 70794d79dd
sources/oauth: Fix wording for OAuth source names (#2732) 2022-04-17 16:40:10 +02:00
Jens Langhammer a3bb5d89cc events: fix created events only being logged as debug level
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
Jens Langhammer f4f9f525d7 providers/oauth2: include application in login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
Jens Langhammer 4c14e88a25 flows: pin dependency in migration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
Jens Langhammer 7561ea15de providers/oauth2: add additional tracing to token view 2022-04-14 16:48:17 +00:00
Jens Langhammer 8242b09394 flows: handle flow title formatting error better, add user to flow title context 2022-04-14 13:56:20 +00:00
Jens Langhammer 9b9c0fe663 release: 2022.4.1 2022-04-12 22:07:34 +02:00
Jens Langhammer 5a58f6ee64 providers/oauth2: remove test for non sa user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
Jens Langhammer e84b17d550 providers/oauth2: don't force service accounts for client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
Jens Langhammer 9da439623b stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
2022-04-11 21:02:32 +02:00
Jens Langhammer 957bb1c5ef core: make generated token length configurable
closes #2574

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
Jens Langhammer 2303a97bb9 core: add method to set key of token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
2022-04-11 20:43:39 +02:00
Jens Langhammer 8be04cc013 providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
closes #2703

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00
Jens Langhammer cca33a74b6 core: fix error when checking generated users with no expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:53:46 +02:00
Jens Langhammer f977bf61eb providers/oauth2: make exp optional on jwt client_credentials flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:25:35 +02:00
Jens Langhammer f8f8a9bbb9 providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 16:27:53 +02:00
Jens Langhammer e64ca4ab04 core: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 10:10:30 +02:00
Jens Langhammer e2f0a76309 outposts: check if docker ports should be mapped before comparing ports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 17:30:33 +02:00
Jens Langhammer 5861d41ad3 tenants: add tenant-level attributes, applied to users based on request
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:41:35 +02:00
Jens Langhammer 20262f3f4b core: mark provider_obj as read_only
closes #2637

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:17:59 +02:00
Jens L 633296503d
core: add grouping to applications (#2648)
* core: add grouping to applications

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* core: add new field to tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00
Jens L 508cec2fd5
web: migrate dropdowns to wizards (#2633)
* web/admin: add basic wizards for providers

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add dark mode for wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: migrate policies to wizard

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start source

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: sanitze_dict when returning log messages during tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* Revert "web/admin: migrate policies to wizard"

This reverts commit d8b7f62d3e.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	web/src/locales/zh-Hans.po
#	web/src/locales/zh-Hant.po
#	web/src/locales/zh_TW.po

* web: rewrite wizard to be element based

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* further cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: migrate property mappings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate stages

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate misc dropdowns

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate outpost integrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 19:48:17 +02:00
Jens Langhammer 7a93614e4b policies: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 18:31:02 +02:00
Jens Langhammer 4f319eaa4f policies/dummy: bump to info to always get message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:28:51 +02:00
Jens Langhammer 86a8d00b3f policies: sanitze_dict when returning log messages during tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:15:44 +02:00
Jens Langhammer 5fe8c1f3d7 policies: fix missing default for log_messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 16:44:49 +02:00
Jens Langhammer d84ff2bbca policies: add policy log messages to test endpoints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-01 22:07:35 +02:00
Jens Langhammer 4be238018b providers/oauth2: pass scope and other parameters to access policy request context
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2641
2022-04-01 21:39:05 +02:00
Jens Langhammer 99008252f8 providers/oauth2: fix verification_keys being required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 20:19:13 +02:00
Jens Langhammer 8689444954 providers/oauth2: add password grant support (treated as client_credentials)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 18:02:17 +02:00
Jens L bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support (#2618) 2022-03-31 00:30:55 +02:00
Jens Langhammer 996bd05ba6 api: fix API header auth not passing to next auth method
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 00:06:01 +02:00
Jens Langhammer a1a64e25ee api: remove legacy http basic auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:39:08 +02:00
Jens Langhammer 993c6472db crypto: only count discovered when cert was loaded successfully 2022-03-28 08:58:23 +00:00
Jens Langhammer 123b0b2f05 core: fix pylint renamed variable 2022-03-28 08:58:13 +00:00
Jens Langhammer 7cbd5174f0 stages/invitation: fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 19:12:22 +01:00
Jens Langhammer c7a83e6182 stages/invitation: add invitation name
closes #2583

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 18:32:59 +01:00
Jens Langhammer 74ff9d04dd stages/prompt: set field default based on placeholder, fix duplicate fields
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 22:26:06 +01:00
Jens Langhammer 969902f503 stages/prompt: filter rest_framework.fields.empty when field is not required
closes #2572

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 20:21:12 +01:00
Jens Langhammer 04372e21dd events: handle types in event contexts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2572
2022-03-23 19:49:55 +01:00
Adam G d75a864f0e
providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497)
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2

This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.

* providers/oauth2: Move org template inside loop; Change slug to use Django slugify

* providers/oauth2: Remove placeholder replacement

* Possibly fix complaints from the linters

* Update github.py

* Change organization name

* Update github.py
2022-03-23 12:05:20 +01:00