trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
10849 commits 95 branches 330 tags 336 MiB
Commit graph

2732 commits

Author SHA1 Message Date
Jens Langhammer a302a72379
crypto: fallback when no SAN values are given 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 19:40:24 +01:00
Jens L e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests (#4463) 
* add option to exclude x5*

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4082

* cleanup jwks, add flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add workaround based on https://github.com/jpadilla/pyjwt/issues/709

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't rstrip hashes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keycloak seems to strip equals

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:11:36 +00:00
Jens Langhammer 60189ce9ca
add tests to prevent empty SAN 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:59:10 +01:00
Jens Langhammer fdc445e6a1
ensure we don't generate an empty SAN certificate 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:44:41 +01:00
Jens Langhammer 49b6c71079
release: 2023.1.0 2023-01-18 15:49:45 +01:00
Jens Langhammer 6e0c9acb34
events: exclude base models from model audit log 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 15:11:33 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457) 
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 18:56:48 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456) 
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 12:21:33 +01:00
Jens L 9568f4dbd6
root: improve code style (#4436) 
* cleanup pylint comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* *: use ExtractHour instead of ExtractDay

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-15 17:02:31 +01:00
Jens Langhammer 143309448e
policies: ensure user is set 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:24:46 +01:00
Jens Langhammer 1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:22:06 +01:00
Jens Langhammer 1b1f2ea72c
providers/oauth2: actually fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:58:24 +01:00
Jens Langhammer 6e1a54753e
providers/oauth2: fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:56:12 +01:00
Jens Langhammer 67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:43 +01:00
Jens Langhammer d37de6bc00
policies: log full stacktrace 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:21 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens Langhammer 31c6ea9fda
providers/oauth2: don't allow spaces in scope_name 
closes #4094

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:20:37 +01:00
Jens L 20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes (#4429) 
* providers/oauth2: correctly fill claims_supported based on selected scopes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add nonce claim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 14:14:25 +01:00
Jens L 36822c128c
admin: include task duration in API (#4428) 
include task duration in API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 13:21:49 +01:00
Jens Langhammer 81e9f2d608
web/admin: fix overflow in aggregate cards 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 14:12:02 +01:00
Jens L 67a6fa6399
events: rework metrics (#4407) 
* rework metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* change graphs to be over last week

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix  Apps with most usage card

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 12:21:07 +01:00
Jens L 1ed24a5eef
blueprints: internal storage (#4397) 
* rework oci client

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add blueprint content

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make path optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-10 22:00:34 +01:00
Jens Langhammer b555ccd549
sources/ldap: don't run membership sync if group sync is disabled 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4392
 2023-01-09 17:19:50 +01:00
Jens Langhammer 9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups 
closes #4392

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 17:17:48 +01:00
Jens Langhammer a1be924fa4
*: strip leading and trailing whitespace when reading config values from files 
also add a debug endpoint that dumps the go parsed config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 15:29:22 +01:00
Jens Langhammer 47aba4a996
crypto: prevent creation of duplicate self-signed default certs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 16:51:07 +01:00
Jens Langhammer 001869641d
web: ensure img tags have alt attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:44:51 +01:00
Jens Langhammer bec538c543
sources/ldap: make task timeout adjustable 
closes #4375

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:37:59 +01:00
sdimovv c63ba3f378
blueprints: Fix resolve model_name in !Find tag (#4371) 
Resolve model_name in !Find tag
 2023-01-06 09:49:28 +01:00
sdimovv 53cab07a48
blueprints: Add !Enumerate, !Value and !Index tags (#4338) 
* Added For and Item tags

* Removed Sequence node support from ForItem tag

* Added ForItemIndex tag

* Added support for iterating over mappings

* Added support for mapping output body

* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index

* Refactored tests

* Formatting

* Improved exception info

* Improved error handing

* Added docs

* lint

* Small doc improvements

* Replaced deepcopy() call with call to copy()

* Fix mistake in docs example

* Fix missed "!" in example
 2023-01-05 21:36:19 +01:00
Jens L a960ce9454
stages/user_write: add more user creation options (#4367) 
* add more user creation options

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update blueprints and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 15:46:20 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363) 
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 13:19:26 +01:00
Jens Langhammer 78b711ec9d
Merge branch 'version-2022.12' 2023-01-05 10:41:54 +01:00
Jens Langhammer ac07833688
release: 2022.12.2 2023-01-05 10:01:30 +01:00
Jens Langhammer 730139e43c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:09 +01:00
Jens L 24e8915e0a
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:06 +01:00
Jens Langhammer 3e7320734c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:26:55 +01:00
Jens L 3131e557d9
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:04:16 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346) 
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 19:45:31 +01:00
Jens L 1e01e9813d
providers/saml: add prefix to entity descriptor (#4355) 
add prefix to entity descriptor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 16:44:52 +01:00
Jens Langhammer e887a315be
providers/oauth2: correctly advertise supported response_modes_supported 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 10:21:34 +01:00
Jens Langhammer 4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token 
closes #4339

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:41:18 +01:00
Jens Langhammer 57400925a4
providers/saml: don't error if no request in API serializer context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:14:16 +01:00
Jens Langhammer 2dc0792d9e
stages/email: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 09:28:26 +01:00
Jens Langhammer fde848ee51
admin: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 00:12:14 +01:00
Jens Langhammer e9d52282b7
admin: use matching environment for system API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:58:12 +01:00
Jens Langhammer c810628fe3
stages/email: use pending user correctly 
closes #4318

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:57 +01:00
Jens Langhammer de0a5191f7
core: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:42 +01:00
Jens Langhammer 93e20bce2e
core: don't use inline_serializer for user operations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:16:44 +01:00
Jens Langhammer 960a2aab74
crypto: fix type for has_key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:14:19 +01:00
Jens Langhammer 2cae6596eb
core: cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:01:08 +01:00
Jens Langhammer 11b1eb4173
stages/email: make template tests less flaky 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:00:32 +01:00
Jens Langhammer 3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:43:44 +01:00
Jens Langhammer 9fdfb8c99b
stages/dummy: add toggle to throw error for debugging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:25:53 +01:00
Jens Langhammer 5cab280759
stages/captcha: fix captcha not loading correctly, add tests 
closes #4320

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 18:15:41 +01:00
Jens Langhammer 9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 20:38:15 +01:00
Jens Langhammer 2c42c87689
release: 2022.12.1 2022-12-30 13:43:42 +01:00
dependabot[bot] 8262a47455
core: bump packaging from 21.3 to 22.0 (#4181) 
* core: bump packaging from 21.3 to 22.0

Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove LegacyVersion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 12:07:25 +01:00
Jens L bd56922a2f
blueprints: watch blueprints directory and trigger tasks (#4309) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 11:30:18 +01:00
Jens Langhammer 68b58fb73c
blueprints: fix error when entry with state absent doesn't exist 
closes #4305

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:55:17 +01:00
Jens Langhammer 97513467ad
blueprints: disallow flow token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:54:56 +01:00
sdimovv ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes (#4299) 
* Fixed state and model attributes not resolving yaml tags

* Linting
 2022-12-29 10:05:32 +01:00
Jens Langhammer b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 20:38:57 +01:00
Jens Langhammer f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates 
closes #4182

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 18:59:25 +01:00
Jens Langhammer 2b2323fae7
outposts: include hostname in outpost heartbeat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 16:07:52 +01:00
Jens Langhammer 24eb4ed963
release: 2022.12.0 2022-12-28 13:00:49 +01:00
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically 
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 10:50:30 +01:00
Jens Langhammer 20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow 
closes #4278

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-27 13:55:51 +01:00
sdimovv 8f3579ba45
blueprints: add !If tag (#4264) 
* Added \!If tag

* Fix typo

* Removed trailing whitespace

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* format blueprint fixtures

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-26 16:20:22 +01:00
Jens Langhammer ae13fc3b92
policies: make name required 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-25 14:46:48 +01:00
Jens Langhammer 94b9ebb0bb
blueprints: add Env tag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-24 20:41:51 +01:00
Jens Langhammer 1b86a3d5d6
Merge branch 'version-2022.11' 2022-12-23 14:39:52 +01:00
Jens Langhammer 8b710b57a5
root: don't send traces in testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:37:58 +01:00
Jens Langhammer 9dc0bb2a77
release: 2022.11.4 2022-12-23 14:17:48 +01:00
Jens L 2d827eaae1
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:30 +01:00
Jens L 47d79ac28c
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:26 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:12:58 +01:00
Jens Langhammer 01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 12:04:31 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 11:18:26 +01:00
Jens Langhammer e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 23:28:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263) 
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 18:49:25 +01:00
Jens Langhammer fb09df26c9
core: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:56:05 +01:00
Jens Langhammer e4e7a112e3
web: use version family subdomain for in-app doc links 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:03:08 +01:00
Jens Langhammer 042865c606 blueprints: add conditions to blueprint schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 18:59:17 +01:00
sdimovv 7f662ac2f3
blueprints: Added conditional entry application (#4167) 
* blueprints: Added !AsBool tag

* Renamed AsBool tag to Condition

* Added conditions attributed to BlueprintEntry

* Added docs for the conditions attribute of a blueprint entry

* Website linting fix

* add new tag to vscode settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 17:04:00 +00:00
Jens L 609f95ac97
providers: add preview for mappings (#4254) 
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 12:13:11 +01:00
Jens Langhammer 027ca88d83 lib: enable sentry profiles_sample_rate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-19 12:51:22 +01:00
Jens L ec925491b2
stages/captcha: customisable URLs (#3832) 
* make api and js url customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use recaptcha.net domains

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* regen locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-18 14:18:43 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-15 10:59:14 +01:00
Jens Langhammer 8d169a8bd9 Merge branch 'version-2022.11' 2022-12-12 17:05:39 +00:00
Jens Langhammer f47ce9a360 stages/user_login: prevent double success message when logging in via source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:34:16 +00:00
Jens Langhammer 01a897dbc2 flows: set stage name and verbose_name for in_memory stages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:22:48 +00:00
Jens Langhammer fddcb3a835 events: remove legacy logger declaration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:32:06 +00:00
Jens Langhammer 5d51621278 stages/user_write: always ignore component field and prevent warning 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:56 +00:00
Jens Langhammer 9ffc720f48 policies: log correct cache state 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:41 +00:00
Jens Langhammer 4d8978ea90 bleuprints: fix flaky test 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-09 11:04:44 +00:00
sdimovv 8d13235b74
blueprints: fixed bug causing filtering with an empty query (#4106) 
* Fixed bug causing filtering with an empty query

Fixed bug allowing blueprint import to filter for existing models using an empty query.

The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. 

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* Added support for using dict fields as blueprint entry identifiers

* Disabled pylint too-many-locals for _validate_single

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
 2022-12-06 12:06:25 +01:00
Jens Langhammer 44bf9a890e release: 2022.11.3 2022-12-02 23:00:59 +02:00
Jens Langhammer 58cd6007b2 Merge branch 'version-2022.11' 2022-12-02 18:12:38 +02:00