Jens Langhammer
872c18dddc
blueprints: don't use example label, add more tags and tests for tags
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 19:27:03 +02:00
Jens Langhammer
2fa6cf855d
stages/consent: simplify logic, correctly update existing consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 14:38:40 +02:00
Jens Langhammer
3b86144ae5
stages/*: use stage-bound logger when possible
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:41:53 +02:00
Jens Langhammer
f01f10c5e5
providers/oauth2: don't separate scopes by comma-space
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:15:12 +02:00
Jens Langhammer
e1249d3760
providers/oauth2: fix scopes without descriptions not being saved in consent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-07 13:02:47 +02:00
Jens Langhammer
dcbf106daa
blueprints: add !Context to lookup things from instance context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 20:54:00 +02:00
Jens L
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
Jens Langhammer
85640d402f
internal: fix race conditions when accessing settings before bootstrap
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:55 +02:00
Jens L
ec42d378ab
blueprints/cleanup ( #3369 )
2022-08-05 08:39:00 +02:00
Jens L
2ce8e18bab
internal: centralise config for listeners to use same config system everywhere ( #3367 )
...
* centralise config for listeners to use same config system everywhere
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3360
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 21:33:27 +02:00
dependabot[bot]
9a9c826c0b
core: bump django from 4.0.6 to 4.1 ( #3368 )
...
* core: bump django from 4.0.6 to 4.1
Bumps [django](https://github.com/django/django ) from 4.0.6 to 4.1.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/4.0.6...4.1 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-03 15:33:58 +02:00
Jens L
d1004e3798
blueprints: webui ( #3356 )
2022-08-03 00:05:49 +02:00
Jens Langhammer
2bd29e2fdd
*: improve error handling for startup tasks
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:31:47 +02:00
Jens Langhammer
3cd0a782af
blueprints: correctly load on fresh install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:25:33 +02:00
Jens L
a023eee9bf
blueprints: migrate from managed ( #3338 )
...
* test all bundled blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix empty title
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix default blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add script to generate dev config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate managed to blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more to blueprint instance
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrated away from ObjectManager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix some tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix a bit more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* whops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *sigh*
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tasks
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* scheduled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* run discovery on start
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* oops this test should stay
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
Jens Langhammer
7a05c6faef
stages/consent: fix error when requests with identical empty permissions
...
closes #3280
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 20:58:49 +02:00
Jens L
553989d17f
flows/stages/consent: fix for post requests ( #3339 )
...
add unique token to consent stage to ensure it is shown
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 23:47:40 +02:00
Jens L
89c84f10d0
blueprints: v1 ( #1573 )
...
* managed: move flowexporter to managed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: implement SerializerModel in all models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: add initial api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: start blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* managed: spec
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* version blueprint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* yep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove v2, improve v1
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start custom tag, more rebrand
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default flows
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* move blueprints out of website
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* try new things
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add !lookup, fix web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update and cleanup default
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tags in lists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't save field if its set to default value
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more flow cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* format web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing serializer for sms
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ignore _set fields
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove custom file extension
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate default flow to tenant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include blueprints
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
Jens L
882250a85e
flows: migrate flows to be yaml ( #3335 )
...
* flows: migrate flows to be yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate flows to yaml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 23:55:58 +02:00
Jens Langhammer
fcf4657833
providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
...
closes #3314
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 20:29:23 +02:00
Jens L
393d7ec486
providers/proxy: no exposed urls ( #3151 )
...
* test any callback
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dont detect callback in per-server handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use full redirect uri with both path and query param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* correctly route to embedded outpost for callback signature
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix allowed redirects
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 17:51:01 +02:00
l-with
b7b5168910
sources/oauth: use mailcow full_name as username for mailcow source ( #3299 )
...
use mailcow full_name as username
2022-07-29 20:34:17 +00:00
Jens Langhammer
1dcec17a58
sources/oauth: only send header authentication for OIDC source
...
closes #3327
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 18:20:44 +02:00
Jens Langhammer
d6b1a22563
core: fix import order
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:18:42 +02:00
Jens Langhammer
cada292e00
core: pre-hydrate config into templates to directly load correct assets
...
closes #3228
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-29 00:04:44 +02:00
Jens Langhammer
83eba36f8d
core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
...
closes #3237
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 23:50:25 +02:00
Jens Langhammer
b82a142745
stages/authenticator_sms: use twilio SDK, improve docs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3237
2022-07-28 22:17:59 +02:00
Jens Langhammer
2a42c203b2
stages/authenticator_totp: remove single device per user limit
...
closes #3281
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:39:46 +02:00
Jens Langhammer
ade2d4879c
stages/authenticator_duo: fix imported Duo Device not having a name
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:20:32 +02:00
Jens Langhammer
e14798dcdc
core: import all models into shell
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:19:04 +02:00
Jens Langhammer
0248755cda
stages/authentiactor_validate: improve error handling for duo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 21:11:58 +02:00
Jens Langhammer
1f90359310
root: fix broken traceback logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:56:39 +02:00
Jens Langhammer
008fc19f0d
root: fix log fields being overwritten in celery task logs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-28 20:48:05 +02:00
Jens Langhammer
277df4f04f
stages/prompt: fix tests for file field
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-27 09:48:11 +02:00
Jens Langhammer
de26c65fa0
core: add attributes. avatar method to allow custom uploaded avatars
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2631
2022-07-26 21:42:41 +02:00
dependabot[bot]
bd8794f646
core: bump structlog from 21.5.0 to 22.1.0 ( #3294 )
...
* core: bump structlog from 21.5.0 to 22.1.0
Bumps [structlog](https://github.com/hynek/structlog ) from 21.5.0 to 22.1.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hynek/structlog/compare/21.5.0...22.1.0 )
---
updated-dependencies:
- dependency-name: structlog
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* migrate threaedlocal to contextvars
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-23 22:40:56 +02:00
Jens Langhammer
1880f98fa1
sources/oauth: fix typo
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-20 19:10:26 +02:00
Jens Langhammer
dae6493a3e
release: 2022.7.3
2022-07-20 09:37:43 +02:00
Jens Langhammer
f909b86338
stages/consent: fix permimssions for consent API (allow owner to delete)
2022-07-19 16:41:34 +00:00
Jens Langhammer
327df6529b
sources/oauth: use oidc preferred_username if set, otherwise nickname
2022-07-19 16:41:10 +00:00
Jens Langhammer
658dc63c4c
lifecycle: revert waiting for lock, launch managed reconcile on app import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer
549f6f2077
providers/oauth2: correctly log authenticated user for OAuth views using protected_resource_view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-18 22:20:09 +02:00
Jens L
e9d9d658c4
lifecycle: make worker wait for migrations to be done ( #3254 )
...
* lifecycle: make worker wait for migrations to be done
* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer
9a9ba2560b
core: delete expired models when filtering instead of excluding them
...
closes #3233
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-09 13:40:39 +02:00
Jens Langhammer
47434cd62d
stages/prompt: try to base64 decode file, fallback to keeping value as-is
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:45:31 +02:00
Jens Langhammer
ff500b44a6
stages/prompt: force required to false when using readonlyfield
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-08 22:38:37 +02:00
Jens Langhammer
8e19fb3a8c
release: 2022.7.2
2022-07-06 20:31:48 +02:00
Jens Langhammer
d497db3010
flows: fix OOB flow incorrectly setting pending user
...
closes #3224
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-06 09:51:20 +02:00
Jens Langhammer
24f95fdeaa
tenants: fix tests for current tenant
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:47:49 +02:00
Jens Langhammer
d1c4818724
policies: improve api test coverage
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:20:48 +02:00
Jens L
49cce6a968
stages/prompt: add basic file field ( #3156 )
...
add basic file field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:09:41 +02:00
Jens Langhammer
0a73e7ac9f
tenants: add default_locale read only field, pre-hydrate in flows and read in autodetect as first choice
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 23:04:25 +02:00
Jens Langhammer
3344af72c2
outposts: cleanup user handling
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-05 22:41:19 +02:00
Jens Langhammer
f316a3000b
release: 2022.7.1
2022-07-04 21:10:20 +02:00
Jens Langhammer
6a497b32f6
core: use Exception for fallback case in flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-04 20:05:03 +02:00
Jens Langhammer
4cd629b5fc
core: handle FlowNonApplicableException correctly in source flow_manager
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:03:03 +02:00
Jens Langhammer
14a4047bdd
flows: show messages from ak_message when flow is denied
...
fallback to same generic message
closes #3197
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 21:36:13 +02:00
Jens L
17d33f4b19
flows: denied action ( #3194 )
2022-07-02 17:37:57 +02:00
Jens L
c39a5933e1
core: create FlowToken instead of regular token for generated recovery links ( #3193 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2749
2022-07-02 14:17:41 +02:00
Jens L
5e3f44dd87
flows: add shortcut to redirect current flow ( #3192 )
2022-07-01 23:19:41 +02:00
Jens Langhammer
1c64616ebd
sources/ldap: add configuration for LDAP Source ciphers
...
closes #3110
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:53:49 +02:00
Jens Langhammer
23273f53cc
providers/oauth2: if no scopes are sent in authorize request, select all configured scopes
...
closes #3112
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 19:45:26 +02:00
Jens Langhammer
d11ce0a86e
providers/proxy: set default scopes based on managed attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00
Jens Langhammer
766ceda57a
core: re-create anonymous user when repairing permissions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:20:06 +02:00
Jens Langhammer
e758c434ea
web: ignore module load errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:37 +02:00
Jens Langhammer
90e3ae9457
*: define prometheus metrics in apps to prevent re-import
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 16:49:24 +02:00
Jens Langhammer
56fd436e5d
web: fix redirect when accessing authentik URLs authenticated
...
closes #3174
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 23:04:39 +02:00
Jens Langhammer
ea60c389be
providers/saml: include SSO Binding URLs in Provider API
...
closes #3179
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-30 22:18:21 +02:00
Jens Langhammer
983882f5a0
providers/oauth2: ensure refresh tokens are URL safe
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3185
2022-06-30 12:43:08 +02:00
Jens L
c5a2831665
api: add basic jwt support with required scope ( #2624 )
...
* api: add basic jwt support with required scope
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* api: only set auth_via when actually authenticating via token
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* save consented permissions in user consent, re-prompt when new permissions are required
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* translate special scope map
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more api auth tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* build web api in e2e tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* link generated client instead of copying
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 17:51:15 +02:00
Jens L
504338ea66
web/admin: application wizard (part 1) ( #2745 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove log
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use form for all type wizard pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more oauth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* basic wizard actions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make resets work
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add hint in provider wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* render correct icon in empty state in table page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* improve empty state
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more pages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add group PK to service account creation response
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use wizard-level isValid prop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* re-add old buttons
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-26 00:46:40 +02:00
Jens Langhammer
f28509608b
core: mark session as modified instead of saving it directly to bump expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-22 08:48:14 +02:00
Jens Langhammer
6c9dc7a15b
providers/oauth2: fix OAuth form_post response mode for code response_type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3113
2022-06-20 21:52:36 +02:00
Jens Langhammer
b6267fdf28
*: add versioned user agent to sentry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 11:54:10 +02:00
Jens Langhammer
1f0fc0a6a2
Merge branch 'version-2022.6'
2022-06-20 10:19:25 +02:00
Jens Langhammer
9201fc1834
release: 2022.6.3
2022-06-19 22:01:06 +02:00
Jens Langhammer
1faba11a57
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-19 21:37:20 +02:00
9p4
f0c72e8536
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-19 21:37:17 +02:00
Jens Langhammer
91f91b08e5
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:37:14 +02:00
Jens L
caed306346
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:36:19 +02:00
Jens Langhammer
59b899ddff
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:48 +02:00
Jens Langhammer
85784f796c
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:46 +02:00
Jens Langhammer
b42eb9464f
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:33 +02:00
Jens L
6559fdee15
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:23 +02:00
Jens Langhammer
3455bf3d27
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:35:04 +02:00
Jens Langhammer
0d96e68c1e
core: add limit of 20 to group recursion
...
closes #3116
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-19 21:24:57 +02:00
Jens Langhammer
7caac1d0c7
providers/oauth2: add test to ensure capitalised redirect_uri isn't changed
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#3114
2022-06-18 13:13:36 +02:00
9p4
45364d6553
providers/oauth2: dont lowercase URL for token requests ( #3114 )
...
this was a leftover from before the migration regex checking for redirect URIs
closes #3076 and #3083
2022-06-18 13:08:15 +02:00
Jens Langhammer
2298eb124f
core: fix migrations when creating bootstrap token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-17 10:10:04 +02:00
Jens Langhammer
e892ed14da
providers/oauth2: include source's user path in M2M created users
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 14:07:28 +02:00
Jens L
1c62a3db6e
core: user paths ( #3085 )
...
* init
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add user_path_template
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to sources and flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add outposts & api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* dark theme for treeview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add search
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs and tests for validation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add to user write stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web ui
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-15 12:12:26 +02:00
Jens L
6821402fef
providers/oauth2: remove deprecated verification_keys ( #3071 )
...
remove verification_keys
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-11 19:48:07 +02:00
Jens L
8dbb0bd2c6
providers/oauth2: token revoke ( #3077 )
2022-06-11 18:49:16 +02:00
Jens L
0cad56ec73
providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict ( #3070 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 23:32:57 +02:00
Jens Langhammer
bdf76bb4b7
internal: skip tracing for go healthcheck and metrics endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 22:21:11 +02:00
Jens Langhammer
74ce9cc6fd
root: ignore healthcheck routes in sentry tracing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-10 20:10:27 +02:00
Jens Langhammer
5e2d647a6c
core: trigger bootstrap tasks in server if we're debugging
...
closes #3040
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:21:31 +02:00
Jens Langhammer
7beebe030d
lifecycle: run bootstrap tasks inline when using automated install
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-09 20:09:55 +02:00
Jens L
66f4a31b4c
stages/authenticator_validate: add webauthn tests ( #3069 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-08 20:50:48 +02:00
Jens Langhammer
039d896dee
policies: consolidate log user and application
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 22:26:01 +02:00
Jens Langhammer
ff2baf502b
release: 2022.6.2
2022-06-07 21:36:18 +02:00
Jens Langhammer
23023ec727
providers/oauth2: add JWKS URL to OAuth2ProviderSetupURLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 20:17:06 +02:00
Jens Langhammer
7d84a71a01
stages/authenticator_validate: fix double-negation of password-less check
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-07 09:52:10 +02:00
Jens Langhammer
9add8479ca
stages/authenticator_validate: fix error in passwordless webauthn
...
closes #3050
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 13:50:11 +02:00
Jens Langhammer
ca40d31dac
*: make user logging more consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 18:50:44 +02:00
Frédérick Permantier
2dfa6c2c82
core: add setting to open application launch URL in a new browser tab ( #3037 )
...
* core: add setting to open application launch URL in a new browser tab
* core: fix failing applications unit tests
* core: fix formatting
* core: include models only generated when debug mode is enabled
2022-06-05 14:32:22 +02:00
Jens Langhammer
c11435780d
sources/oauth: fix twitter client missing basic auth
...
closes #3038
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 14:21:32 +02:00
Jens Langhammer
817d538b8f
core: add additional filters to source viewset
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:56:46 +02:00
Jens Langhammer
210775776f
core: add slug to built-in source
...
https://github.com/goauthentik/terraform-provider-authentik/issues/184
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:50:10 +02:00
Jens Langhammer
b26111fb42
events: fix error when attempting to create event with GeoIP City in context
...
closes #2709
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-05 00:16:07 +02:00
Jens Langhammer
67d54c5209
release: 2022.6.1
2022-06-04 21:23:33 +02:00
Jens L
fa04883ac1
events: use custom login failed signal, also send for mfa errors, add stage and more to context ( #3039 )
...
* use custom login failed signal, also send for mfa errors, add stage and more to context
closes #3027
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include device class in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-04 15:30:56 +02:00
Jens L
36cbc44ed6
migrate to main ( #3035 )
...
closes #3032
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 19:40:09 +02:00
Jens L
0c591a50e3
*: don't dispatch tasks on startup of server ( #3033 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 18:29:24 +02:00
Jens L
7ee655a318
core: add bootstrap variables with authentik prefix for helm charts ( #3031 )
...
https://github.com/goauthentik/helm/pull/72
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-03 15:22:56 +02:00
Jens Langhammer
eba339ba27
core: improve loading speed of flow background
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 14:20:23 +02:00
Jens Langhammer
558c7bba2a
lib: add lxml wrapper
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 13:25:24 +02:00
Jens Langhammer
8cd1a42fb9
*: fix linting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-02 11:50:10 +02:00
Jens L
c0cb891078
stages/authenticator_sms: verify-only ( #3011 )
2022-06-01 23:16:28 +02:00
Jens L
fc1c1a849a
stages/*: use bound logger ( #3012 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-01 23:01:58 +02:00
Jens L
2c6d82593e
root: cleanup session keys to use common format ( #3003 )
...
cleanup session keys to use common format
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 21:53:23 +02:00
Jens Langhammer
34bcc2df1a
root: disable session_save_every_request as it overwrites the session with old data
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2991
2022-05-31 20:46:27 +02:00
Jens Langhammer
b4d528a789
policies: fix incorrect bound_to count
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-31 10:16:09 +02:00
Jens Langhammer
a0397fdcf4
events: set default transport mode
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 21:32:48 +02:00
Jens L
8faa1bf865
events: add local transport mode ( #2992 )
...
* events: add local transport mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add default local transport
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:55:05 +02:00
Jens Langhammer
fc75867218
events: ignore session model
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-30 20:23:07 +02:00
Jens L
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
Jens L
9f2529c886
stages/authentiactor_validate: cookies ( #2978 )
...
* stages/authenticator_validate: rewrite to use signed jwt cookie + expiry as MFA threshold
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 19:47:34 +02:00
Jens L
fb25b28976
core: db sessions ( #2979 )
...
* use db session backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: wrap session cookie in JWT and add useful claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix compatibility with tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use standard session key for writing in sessions too
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 18:58:54 +02:00
Jens Langhammer
fb69f67f47
*: cleanup vendor
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:26:33 +02:00
Jens Langhammer
18b48684eb
providers/oauth2: add configuration error event when wrong redirect uri is used in token request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:15:58 +02:00
Jens Langhammer
098b0aef6e
*: use create_test_admin_user for all unittests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-28 21:13:16 +02:00
Jens Langhammer
082df0ec51
Merge branch 'version-2022.5'
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# authentik/providers/oauth2/views/token.py
# web/src/locales/zh-Hans.po
2022-05-28 13:19:58 +02:00
Jens Langhammer
1883402b3d
release: 2022.5.3
2022-05-28 12:04:26 +02:00
Jens Langhammer
1b3aacfa1d
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 21:43:51 +02:00
Jens Langhammer
2b68363452
providers/oauth2: add migration from "*" to ".*"
...
closes #2970
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-27 10:23:13 +02:00
Jens Langhammer
6105956847
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:34 +02:00
Jens Langhammer
4ff32af343
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:17:03 +02:00
Jens Langhammer
972868c15c
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:55 +02:00
Jens Langhammer
0bc57f571b
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 22:16:34 +02:00
Jens Langhammer
a81d5a3d41
providers/oauth2: regex-escape URLs when set to blank
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:56 +02:00
Jens Langhammer
34ef4af799
flows: fix flakiness in tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 09:53:40 +02:00
Jens Langhammer
5da47b69dd
providers/oauth2: only set expiry on user when it was freshly created
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 23:02:33 +02:00
Jens Langhammer
0e0dd2437b
providers/oauth2: handle attribute errors when validation JWK contains private key
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 22:23:05 +02:00
Jens Langhammer
e42386b150
api: update API browser to match admin UI and auto-switch theme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 20:09:29 +02:00
Jens Langhammer
ef219198d4
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:05:04 +02:00
Jens Langhammer
cc744dc581
flows: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-25 00:04:58 +02:00
Jens Langhammer
816b0c7d83
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:35:06 +02:00
Jens Langhammer
56babb2649
flows: fix re-imports of entries with identical PK re-creating objects
...
closes #2941
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 23:32:08 +02:00
Jens L
b8fdda50ec
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:13:59 +02:00
Jens Langhammer
4a9b788703
providers/oauth2: set related_name for many-to-many so used by detects the connection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:12:35 +02:00
Jens L
80c1dbdfbb
ensure all viewsets have filter and search and add tests ( #2946 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 22:01:18 +02:00
Jens L
b4e75218f5
sources/oauth: OIDC well-known and JWKS ( #2936 )
...
* add initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* include source and jwk key id in event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests for source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix web formatting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add provider tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 21:02:50 +02:00
Jens Langhammer
482491e93c
core: fix username validator not allowing changes that can be done via flows
...
closes #2755
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-24 19:40:54 +02:00
Jens Langhammer
61a876b582
providers/saml: handle parse error
...
AUTHENTIK-1K5
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 22:03:12 +02:00
Jens Langhammer
8c9748e4a0
providers/oauth2: improve error handling for invalid regular expressions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:47:36 +02:00
Jens Langhammer
b7979ad48e
Revert "events: ignore silk SQLQuery object"
...
This reverts commit a26f25ccd6
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:29:05 +02:00
Jens Langhammer
4704de937a
stages/user_write: fix typo in request context variable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:37 +02:00
Jens Langhammer
394d8e99a4
policies: improve error logging
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:18:00 +02:00
Jens Langhammer
a26f25ccd6
events: ignore silk SQLQuery object
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-23 20:17:52 +02:00
Jens Langhammer
63dc8fe7dc
crypto: set SAN in default generated Certificate to semi-random domain
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2462
2022-05-22 23:22:06 +02:00
Jens Langhammer
cfe2648b62
events: fix transport not allowing blank values
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-22 19:32:58 +02:00
Jens Langhammer
3d4a45c93f
release: 2022.5.2
2022-05-21 17:17:21 +02:00
Jens Langhammer
75d6cd1674
outposts: ensure the user and token are created on initial outpost save
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:55:19 +02:00
Jens L
2dee8034d3
outposts: allow externally managed SSH Config for outposts ( #2917 )
2022-05-21 12:10:08 +02:00
Jens Langhammer
220d21c3e0
release: 2022.5.1
2022-05-20 19:34:45 +02:00
Jens L
b43df2ae27
stages/identification: redirect with QS to keep next parameters ( #2909 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-20 16:10:10 +02:00
Jens L
d570feffac
flows: add types to diagrams ( #2902 )
...
* add policy and stage types to diagram
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* show policies bound to the root flow
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix get_build_hash being empty
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:50:28 +02:00
Jens Langhammer
3d52266773
flows: handle missing initial_data
in challenge
...
AUTHENTIK-1HK
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:31:28 +02:00
Jens L
7bdecd2ee6
stages/user_write: dynamic groups ( #2901 )
...
* stages/user_write: add dynamic groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* simplify functions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-19 20:28:16 +02:00
Jens Langhammer
11f7935155
providers/oauth2: use regex to check redirect URI
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2799
2022-05-18 21:22:27 +02:00
Jens L
75b0fb3393
sources/oauth: migrate twitter to oauth2 ( #2893 )
2022-05-18 00:03:02 +02:00
Jens Langhammer
538c2ca4d3
stages/authenticator_*: directly save devices into db instead of session to prevent race conditions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:02:30 +02:00
Jens Langhammer
5080840ed9
admin: ensure disable_update_check is set to false for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-17 10:00:26 +02:00
Jens L
333e58ce2f
flows/layouts ( #2867 )
2022-05-16 01:10:23 +02:00
Jens Langhammer
4de2ac3248
events: add task to expire seen notifications
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:41:50 +02:00
Jens Langhammer
eb4dce91c3
events: add user filter to notifications
...
as superuser all notifications are returned regardless of permission so we need to filter
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 22:31:13 +02:00
Jens Langhammer
d4fd6153c8
api: fix OwnerFilter filtering out objects for superusers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:36:00 +02:00
Jens Langhammer
85b6bfbe5f
sources: fix parent serializer for user connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 21:26:02 +02:00
Jens Langhammer
5644d5f3f7
stages/authenticator_totp: fix key error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 19:57:00 +02:00
Jens Langhammer
f391c33bdf
providers/oauth2: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:41:40 +02:00
Jens Langhammer
18f450bd49
root: enable sentry for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:29:30 +02:00
Jens Langhammer
ee36b7f3eb
flows: move autosubmit stage into flows package
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 12:06:19 +02:00
Jens Langhammer
a9a62bbfc8
providers/oauth2: use correct title based on flow context and translated
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:29 +02:00
Jens Langhammer
ddd785898b
providers/saml: add title attribute to autosubmit stage and render correctly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:08:14 +02:00
Jens Langhammer
8ba45a5f6a
providers/oauth2: don't create events before client_id can be verified to prevent spam
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-14 00:02:01 +02:00
Jens Langhammer
7d41e6227b
providers/oauth2: add tests for form_post, fix attrs not being flattened
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 23:52:50 +02:00
Jens Langhammer
1363226697
providers/saml: make SAML metadata generation consistent
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-13 17:40:18 +02:00
scheibling
d4abf5621e
providers/oauth2: add support for form_post response mode ( #2818 )
...
* Added request verification and parameter generation
* response_mode added to OAuthAuthorizationParams return
* Added class OauthPostFulfillmentStage
Check response_mode in initialization
* Corrected typo
* Removed separate class
Added handling for FORM_POST in create_response_uri
Added handling for FORM_POST in return class
* Fixed pylint error (trailing-whitespace)
Removed comment
* Reformatted authorize.py with black
2022-05-12 21:36:31 +02:00
Jens L
ec67b60219
policies/hibp: check in prompt data ( #2845 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 23:47:36 +02:00
Jens L
fd1d38f844
stages/authenticator_validate: remember ( #2828 )
...
* initial
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: cleanup timedelta help
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tooltip
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* assert response code in self.assertStageResponse
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add more tests, add duo
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 21:05:22 +02:00
Jens Langhammer
3554406aa5
root: fix duplicate enum in api scheme
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-10 10:24:18 +02:00
Jens L
ab2299ba1e
outposts/ldap: cached bind ( #2824 )
...
* initial cached ldap bind support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* clean up api generation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use gh action for golangci-lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-08 16:48:53 +02:00
Jens Langhammer
860269acf0
root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1878
2022-05-07 22:32:56 +02:00
scheibling
30c7e6c94c
providers/oauth2: fixed typo (PROMPT_CONSNET => PROMPT_CONSENT) ( #2819 )
2022-05-06 10:09:09 +02:00
Jens Langhammer
59df02b3b8
root: disable stdout capturing for tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-05 23:08:36 +02:00
Jens Langhammer
ddbe0aaf13
stages/user_delete: fix delete stage failing when pending user is not explicitly set
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-01 13:59:33 +02:00
Jens Langhammer
84930b4924
Revert "internal: fix high cpu when backend isnt healthy"
...
This reverts commit eb6cfd22a7
.
Revert "root: handle JSON error in metrics too"
This reverts commit 1ede972222
.
Revert "root: don't force multiprocess prometheus registry"
This reverts commit cd1d1b4402
.
Revert "root: add error handling for prometheus view"
This reverts commit c0a883f76f
.
2022-04-29 18:13:26 +02:00
Jens Langhammer
1ede972222
root: handle JSON error in metrics too
...
this can happen when the worker is killed while writing metrics
2022-04-29 11:01:04 +00:00
Jens Langhammer
cd1d1b4402
root: don't force multiprocess prometheus registry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:53:47 +02:00
Jens Langhammer
c0a883f76f
root: add error handling for prometheus view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-29 10:17:53 +02:00
Jens Langhammer
ab8b37a899
events: fix ignored instances not being a tuple
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-25 11:19:58 +02:00
Jens Langhammer
9077eff34d
root: add silk and debugging views
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:38:32 +02:00
Jens Langhammer
2399fa456b
policies: fix current user not being set in server-side policy deny
...
closes #2039
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-21 22:30:27 +02:00
Jens Langhammer
0b4ac54363
*: default to max 60 for fqdn_rand
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-20 20:07:25 +02:00
Jens Langhammer
1a1434bfda
*: decrease frequency of background tasks, smear tasks based on name and fqdn
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2159
2022-04-20 18:43:40 +02:00
Jens Langhammer
d283a5236c
core: add custom shell command which imports all models and creates events for model events
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 18:14:57 +02:00
github-actions[bot]
e4486b98fc
web: Update Web API Client version ( #2733 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 17:05:43 +02:00
Jens Langhammer
778065f468
core: add flag to globally disable impersonation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-17 16:52:55 +02:00
Behn
70794d79dd
sources/oauth: Fix wording for OAuth source names ( #2732 )
2022-04-17 16:40:10 +02:00
Jens Langhammer
a3bb5d89cc
events: fix created events only being logged as debug level
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:37:30 +02:00
Jens Langhammer
f4f9f525d7
providers/oauth2: include application in login event
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:45 +02:00
Jens Langhammer
4c14e88a25
flows: pin dependency in migration
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:28:26 +02:00
Jens Langhammer
7561ea15de
providers/oauth2: add additional tracing to token view
2022-04-14 16:48:17 +00:00
Jens Langhammer
8242b09394
flows: handle flow title formatting error better, add user to flow title context
2022-04-14 13:56:20 +00:00
Jens Langhammer
9b9c0fe663
release: 2022.4.1
2022-04-12 22:07:34 +02:00
Jens Langhammer
5a58f6ee64
providers/oauth2: remove test for non sa user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 20:35:13 +02:00
Jens Langhammer
e84b17d550
providers/oauth2: don't force service accounts for client_credentials flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-12 10:23:25 +02:00
Jens Langhammer
9da439623b
stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2666
2022-04-11 21:02:32 +02:00
Jens Langhammer
957bb1c5ef
core: make generated token length configurable
...
closes #2574
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:57:16 +02:00
Jens Langhammer
2303a97bb9
core: add method to set key of token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2574
2022-04-11 20:43:39 +02:00
Jens Langhammer
8be04cc013
providers/oauth2: fix elliptic curve keys attempting to use EC256 instead of ES256
...
closes #2703
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-11 20:05:58 +02:00
Jens Langhammer
cca33a74b6
core: fix error when checking generated users with no expiry
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:53:46 +02:00
Jens Langhammer
f977bf61eb
providers/oauth2: make exp optional on jwt client_credentials flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 17:25:35 +02:00
Jens Langhammer
f8f8a9bbb9
providers/oauth2: give keypairs private key preference over certificate in client_credentials jwt flow
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-10 16:27:53 +02:00
Jens Langhammer
e64ca4ab04
core: fix lint error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-08 10:10:30 +02:00
Jens Langhammer
e2f0a76309
outposts: check if docker ports should be mapped before comparing ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-07 17:30:33 +02:00
Jens Langhammer
5861d41ad3
tenants: add tenant-level attributes, applied to users based on request
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-06 10:41:35 +02:00
Jens Langhammer
20262f3f4b
core: mark provider_obj as read_only
...
closes #2637
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-04 10:17:59 +02:00
Jens L
633296503d
core: add grouping to applications ( #2648 )
...
* core: add grouping to applications
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add new field to tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 23:08:58 +02:00
Jens L
508cec2fd5
web: migrate dropdowns to wizards ( #2633 )
...
* web/admin: add basic wizards for providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add dark mode for wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: migrate policies to wizard
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* start source
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* policies: sanitze_dict when returning log messages during tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* Revert "web/admin: migrate policies to wizard"
This reverts commit d8b7f62d3e
.
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/zh-Hans.po
# web/src/locales/zh-Hant.po
# web/src/locales/zh_TW.po
* web: rewrite wizard to be element based
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* further cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* update sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: migrate property mappings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate stages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate misc dropdowns
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* migrate outpost integrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 19:48:17 +02:00
Jens Langhammer
7a93614e4b
policies: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 18:31:02 +02:00
Jens Langhammer
4f319eaa4f
policies/dummy: bump to info to always get message
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:28:51 +02:00
Jens Langhammer
86a8d00b3f
policies: sanitze_dict when returning log messages during tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 17:15:44 +02:00
Jens Langhammer
5fe8c1f3d7
policies: fix missing default for log_messages
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-02 16:44:49 +02:00
Jens Langhammer
d84ff2bbca
policies: add policy log messages to test endpoints
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-01 22:07:35 +02:00
Jens Langhammer
4be238018b
providers/oauth2: pass scope and other parameters to access policy request context
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2641
2022-04-01 21:39:05 +02:00
Jens Langhammer
99008252f8
providers/oauth2: fix verification_keys being required
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 20:19:13 +02:00
Jens Langhammer
8689444954
providers/oauth2: add password grant support (treated as client_credentials)
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 18:02:17 +02:00
Jens L
bb8af2f19b
providers/oauth2: add client_assertion_type jwt bearer support ( #2618 )
2022-03-31 00:30:55 +02:00
Jens Langhammer
996bd05ba6
api: fix API header auth not passing to next auth method
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-31 00:06:01 +02:00
Jens Langhammer
a1a64e25ee
api: remove legacy http basic auth
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-30 23:39:08 +02:00
Jens Langhammer
993c6472db
crypto: only count discovered when cert was loaded successfully
2022-03-28 08:58:23 +00:00
Jens Langhammer
123b0b2f05
core: fix pylint renamed variable
2022-03-28 08:58:13 +00:00
Jens Langhammer
7cbd5174f0
stages/invitation: fix tests
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 19:12:22 +01:00
Jens Langhammer
c7a83e6182
stages/invitation: add invitation name
...
closes #2583
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-26 18:32:59 +01:00
Jens Langhammer
74ff9d04dd
stages/prompt: set field default based on placeholder, fix duplicate fields
...
closes #2572
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 22:26:06 +01:00
Jens Langhammer
969902f503
stages/prompt: filter rest_framework.fields.empty when field is not required
...
closes #2572
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-23 20:21:12 +01:00
Jens Langhammer
04372e21dd
events: handle types in event contexts
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2572
2022-03-23 19:49:55 +01:00
Adam G
d75a864f0e
providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation ( #2497 )
...
* providers/oauth2: impl `/user/teams` endpoint for Github OAuth2
This commit adds a functional `/user/teams` endpoint for the emulated Github OAuth2 service.
The teams a user is part of are based on the user's groups in Authentik.
* providers/oauth2: Move org template inside loop; Change slug to use Django slugify
* providers/oauth2: Remove placeholder replacement
* Possibly fix complaints from the linters
* Update github.py
* Change organization name
* Update github.py
2022-03-23 12:05:20 +01:00
Jens Langhammer
0c2b32da31
core: add num_pk to group for applications that need a numerical group id
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2497
2022-03-22 21:37:11 +01:00
Jens Langhammer
9ad4c736f1
stages/email: allow overriding of destination email in plan context
...
closes #2445
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 21:19:34 +01:00
Jens Langhammer
4154b62565
stages/prompt: fix non-required fields not allowing blank values, add more tests
...
closes #2544
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 20:38:04 +01:00
Jens Langhammer
86a4a7dcee
release: 2022.3.3
2022-03-21 22:37:13 +01:00
Angel Nunez Mencias
8b95e9f97a
crypto: open files in read-only mode for importing ( #2536 )
...
closes #2535
2022-03-21 10:46:09 +01:00
Jens Langhammer
be232e2b77
core: fix provider launch URL being prioritised over manually configured launch URL
...
closes #2493
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-16 10:26:55 +01:00
Jens Langhammer
53d0205e86
outposts/proxy: use Prefix in ingress for k8s
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-15 19:01:08 +01:00
Jens Langhammer
260a7aac63
release: 2022.3.2
2022-03-15 00:01:01 +01:00
Jens Langhammer
a3df414f24
sources/ldap: fix parent_group not being applied
...
closes #2464
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:13:20 +01:00
Jens Langhammer
dcaa8d6322
flows: revert default flow user change
...
closes #2483
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 22:05:30 +01:00
Jens Langhammer
ceb894039e
stages/authenticator_validate: fix passwordless flows not working
...
closes #2484
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 21:15:47 +01:00
Jens Langhammer
c7a825c393
lib: lower default sample rate
2022-03-14 12:38:14 +00:00
Jens Langhammer
54f170650a
core: replace uid with uuid search
...
uid can't be searched it as its a computed field
closes #2480
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-14 10:35:55 +01:00
Jens Langhammer
fedb81571d
release: 2022.3.1
2022-03-10 19:12:29 +01:00
Jens Langhammer
37528e1bba
stages/authenticator_validate: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 09:56:04 +01:00
Jens Langhammer
cc1509cf57
stages/authenticator_validate: fix logic error when multiple authenticator devices can be selected
...
closes #2290
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:46:42 +01:00
Jens Langhammer
0dfecc6ae2
stages/authenticator_*: fix device.confirmed being set incorrectly
...
closes #2330
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-10 00:19:49 +01:00
Jens Langhammer
de17207c68
lib: fix default geoip path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2453
2022-03-09 21:57:29 +01:00
Jens L
920d1f1b0e
providers/oauth2: initial client_credentials grant support ( #2437 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-05 23:24:55 +01:00
Jens Langhammer
b1fd801ceb
tenants: fix syntax error in expression for locale
2022-03-03 11:50:46 +00:00
Jens Langhammer
1e1d9f1bdd
core/api: allow filtering users by uid, add uid to search
...
closes #2428
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:19:56 +01:00
Jens L
4f4f954693
core: customisable user settings ( #2397 )
...
* tenants: add user_settings flow, add basic flow and basic new executor
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: use flow PromptStage instead of custom stage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: add tenant to StageHost interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: fix form missing component
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: re-add success message
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: improve support for multiple error messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/prompt: allow expressions in prompt placeholders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/prompt: add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: always set pending user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* flows: never cache stage configuration flow plans
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/user_write: fix error when pending user is anonymous user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add checkbox for prompt placeholder expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add prompt expression docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* stages/prompt: add ak-locale field type
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tenants: fix default policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/user: add function to do global refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix rendering of ak-locale
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tenants: fix default policy, add error handling to placeholder, fix locale attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 00:13:06 +01:00
Jens Langhammer
c57fbcfd89
sources/oauth: log body when get_profile fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-02 20:37:42 +01:00
Jens Langhammer
08acc7ba41
providers/oauth2: fix invalid launch URL being generated
2022-03-01 15:29:21 +00:00
Jens Langhammer
7bdd32506e
web: cleanup default footer links
2022-03-01 15:27:21 +00:00
dependabot[bot]
f98a9bed9f
build(deps-dev): bump bandit from 1.7.2 to 1.7.3 ( #2403 )
...
* build(deps-dev): bump bandit from 1.7.2 to 1.7.3
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.2...1.7.3 )
---
updated-dependencies:
- dependency-name: bandit
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* sigh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-28 10:13:51 +01:00
Dorian Zedler
e9064509fe
sources/oauth: Add Mailcow oauth source ( #2380 )
...
* Feat: Add Mailcow oauth source
* Feat: Add mailcow icon
* Run make
* Feat: Add tests
* Fix: Remainder from discord test
* Docs: Add mailcow oauth source docs
* Docs: add mailcow source to menu
* Fix: Mailcow provider type in test
* Fix: Formatting
* Fix: Doc file name
2022-02-27 15:06:02 +01:00
Jens Langhammer
7e5d8624c8
web: fix locale change not updating all elements
...
closes #2365
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:29:12 +01:00
Jens Langhammer
2f8dbe9b97
core: handle all exceptions for applications listing
...
closes #2382
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-26 16:08:38 +01:00
Jens L
677bcaadd7
core: add initial app launch url ( #2367 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-23 22:48:55 +01:00
Jens Langhammer
80f218a6bf
core: also handle TypeError for invalid app URL formatting
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-17 18:23:11 +01:00
Jens Langhammer
4a1acd377b
release: 2022.2.1
2022-02-16 10:51:55 +01:00
Jens Langhammer
72259f6479
events: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:15:45 +01:00
Jens Langhammer
0973c74b9d
providers/oauth2: fix redirect_uri being lowercased on successful validation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 23:04:00 +01:00
Jens Langhammer
c7ed4f7ac1
events: check mtime on geoip database
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 22:42:46 +01:00
Jens Langhammer
3d577cf15e
*: add placeholder custom.css to easily allow user customisation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 20:05:00 +01:00
Jens Langhammer
c040b13b29
providers/proxy: remove leading slash to allow subdirectories in proxy
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2305
2022-02-14 12:51:04 +01:00
Jens L
df362dd9ea
core: handle error when formatting launch URL fails closes #2304
2022-02-14 12:02:51 +01:00
Jens Langhammer
3af0de6a00
Revert "root: disable sentry's auto_session_tracking"
...
This reverts commit 4f24d61290
.
2022-02-14 09:55:35 +01:00
Jens Langhammer
4f24d61290
root: disable sentry's auto_session_tracking
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-14 09:44:12 +01:00
Jens Langhammer
3b6497cd51
outposts: ensure keypair is set for SSH connections
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 15:39:37 +01:00
Jens Langhammer
bb4be944dc
sources/ldap: use merger that only appends unique items to list
...
closes #2211
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-13 14:20:13 +01:00
Jens Langhammer
21efee8f44
admin: add additional logging when restarting a task
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 18:40:21 +01:00
Jens Langhammer
f61549a60f
providers/proxy: enable TLS in ingress via traefik annotation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
2022-02-12 18:35:24 +01:00
Jens Langhammer
0da043a9fe
outposts: make local discovery configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:41 +01:00
Jens Langhammer
f336f204cb
stages/authenticator_validate: fix handling when single configuration stage is selected
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 17:27:33 +01:00
Jens Langhammer
b5d43b15f8
providers/oauth2: add support for explicit response_mode
...
closes #1953
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:56:47 +01:00
Jens Langhammer
2ccab75021
stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
...
closes #1843
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-12 16:55:50 +01:00
Jens Langhammer
8bc3db7c90
release: 2022.1.5
2022-02-09 22:42:34 +01:00
Jens Langhammer
e741caa6b3
core: allow formatting strings to be used for applications' launch URLs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 23:46:23 +01:00
Jens L
4343246a41
*: rename akprox to outpost.goauthentik.io ( #2266 )
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 20:25:38 +01:00
Jens Langhammer
c63e1c9b87
outposts: fix compare_ports to support both service and container ports
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:40:49 +01:00
Jens Langhammer
f44cf06d22
outposts: fix service reconciler re-creating services
...
closes #2095
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-08 17:23:00 +01:00
Jens Langhammer
15e2032493
stages/authenticator_validate: handle non-existent device_challenges
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 20:31:49 +01:00
Jens Langhammer
c87f6cd9d9
outposts: remove node_port on V1ServicePort checks to prevent service creation loops
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2095
2022-02-07 20:26:14 +01:00
Jens Langhammer
b0936ea8f3
sources/ldap: log entire exception
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-07 19:37:39 +01:00
Jens L
d5e04a2301
*: remove deprecated backup ( #2129 )
...
* *: remove backup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix lint
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: final cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* ci: use correct pyproject when migrating from stable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix broken docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 18:54:15 +01:00
Jens Langhammer
4e4e2b36b6
sources/saml: fix server error
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-05 15:41:26 +01:00
Jens Langhammer
eaba8006e6
sources/saml: fix incorrect ProtocolBinding being sent
...
closes #2213
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 18:20:06 +01:00
Jens Langhammer
39ff202f8c
outposts: fix channel not always having a logger attribute
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-03 17:58:54 +01:00
Jens Langhammer
49dfb4756e
release: 2022.1.4
2022-02-01 20:12:55 +01:00
Jens Langhammer
88603fa4f7
providers/proxy: set traefik labels using object_naming_template instead of UUID
2022-02-01 17:13:27 +00:00
Jens Langhammer
0232c4e162
lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-01 15:01:43 +01:00
Jens Langhammer
e93be0de9a
sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
...
closes #2199
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 23:07:32 +01:00
Jens Langhammer
a5adc4f8ed
core: fix view_token permission not being assigned on token creation for non-admin user
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-31 20:00:30 +01:00
Jens Langhammer
ceaf832e63
root: remove boto integration in sentry to ease backup removal
2022-01-31 13:47:18 +00:00
Jens Langhammer
c55f503b9b
release: 2022.1.3
2022-01-26 22:15:28 +01:00
Jens Langhammer
c2586557d8
root: fix redis passwords not being encoded correctly
...
closes #2130
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 20:45:45 +01:00
Jens Langhammer
0d47654651
root: add max-requests for gunicorn and max tasks for celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-26 10:04:58 +01:00
Jens Langhammer
2f4c92deb9
Merge branch 'version-2022.1'
2022-01-24 21:42:12 +01:00
Jens Langhammer
c7ba183dc0
providers/proxy: fix traefik label
...
closes #2128
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-24 17:45:09 +01:00
Jens Langhammer
3d724db0e3
release: 2022.1.2
2022-01-24 11:28:00 +01:00
Jens Langhammer
2997542114
lib: disable backup by default, add note to configuration
2022-01-24 10:00:15 +00:00
Jens Langhammer
42f5cf8c93
outposts: allow custom label for docker containers
...
closes #2128
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:55:58 +01:00
Jens Langhammer
82cc1d536a
providers/proxy: add PathPrefix to auto-traefik labels
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2128
2022-01-23 21:55:46 +01:00
Jens Langhammer
6a411d7960
policies/hibp: ensure password is encodable
...
closes AUTHENTIK-1SA
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-23 21:23:24 +01:00
Jens Langhammer
f4a6c70e98
release: 2022.1.1
2022-01-22 18:28:40 +01:00
Jens Langhammer
dd8b579dd6
lib: ignore paramiko logger
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-21 10:46:33 +01:00
Jens Langhammer
994c5882ab
root: fix error if secret_key is purely numerical
...
closes #2099
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-18 09:17:33 +01:00
Jens Langhammer
0db0a12ef3
root: rename csrf header
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 16:17:44 +01:00
Jens Langhammer
eaeab27004
lib: add support for custom env
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 14:56:02 +01:00
Jens Langhammer
111fbf119b
*: refactor prometheus gauges to directly updating metrics view
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-16 13:57:07 +01:00
Jens Langhammer
92cc0c9c64
root: decrease to 10 backup history
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 19:59:50 +01:00
Jens Langhammer
18ff803370
outposts: trigger service update on k8s when selector doesnt match
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 11:42:57 +01:00
Jens Langhammer
6338785ce1
outposts: change label app.kubernetes.io/name to include outpost type
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-14 10:34:54 +01:00
Jens Langhammer
973e151dff
outposts: add Additional version labels to managed k8s deployments
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:48:01 +01:00
Jens Langhammer
fae6d83f27
*: simplify extracting current version info
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-13 17:47:31 +01:00
Jens Langhammer
ed84fe0b8d
root: set samesite for csrf cookie
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:14:14 +01:00
Jens Langhammer
7db7b7cc4d
stages/authenticator_validate: fix lint
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 23:00:28 +01:00
Jens Langhammer
e758db5727
stages/authenticator_webauthn: make more WebAuthn options configurable
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:57:49 +01:00
Jens Langhammer
4d7d700afa
providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:44:57 +01:00
Jens Langhammer
f9a5add01d
root: include build in analytics
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:18:52 +01:00
Jens Langhammer
2986b56389
root: fix backups running every minute instead of once
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-12 22:09:44 +01:00
Jens Langhammer
11e25617bd
crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
...
closes #2082
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:36:50 +01:00
Jens Langhammer
19d5902a92
flows: handle error if flow title contains invalid format string
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:49:27 +01:00
Jens Langhammer
71dffb21a9
outposts: improve error handling for outpost service connection state
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 19:44:13 +01:00
Jens Langhammer
2543224c7c
core: dont return 404 when trying to view key of expired token
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 17:53:09 +01:00
Jens Langhammer
6b6702521f
api: don't return error reporting enabled when debug is enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 21:53:22 +01:00
Jens Langhammer
c07b8d95d0
outposts/proxy: remove deprecated headers
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 17:01:23 +01:00
Jens Langhammer
0027dbc0e5
root: remove old api path
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-06 22:21:21 +01:00