authentik

Archived

Author	SHA1	Message	Date
Jens Langhammer	2cae6596eb	core: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:01:08 +01:00
Jens Langhammer	11b1eb4173	stages/email: make template tests less flaky Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 23:00:32 +01:00
Jens Langhammer	3980eea7c6	web/flows: rework error display, always use ak-stage-flow-error instead of shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 21:43:44 +01:00
Jens Langhammer	9fdfb8c99b	stages/dummy: add toggle to throw error for debugging Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 21:25:53 +01:00
Jens Langhammer	5cab280759	stages/captcha: fix captcha not loading correctly, add tests closes #4320 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2023-01-01 18:15:41 +01:00
Jens Langhammer	9d422918b3	stages/prompt: use stage.get_pending_user() to fallback to the correct user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 20:38:15 +01:00
Jens Langhammer	2c42c87689	release: 2022.12.1	2022-12-30 13:43:42 +01:00
dependabot[bot]	8262a47455	core: bump packaging from 21.3 to 22.0 (#4181 ) * core: bump packaging from 21.3 to 22.0 Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 22.0. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/21.3...22.0) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * remove LegacyVersion Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 12:07:25 +01:00
Jens L	bd56922a2f	blueprints: watch blueprints directory and trigger tasks (#4309 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-30 11:30:18 +01:00
Jens Langhammer	68b58fb73c	blueprints: fix error when entry with state absent doesn't exist closes #4305 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-29 21:55:17 +01:00
Jens Langhammer	97513467ad	blueprints: disallow flow token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-29 21:54:56 +01:00
sdimovv	ce5d1fd80d	blueprints: Resolve yamltags in state and model attributes (#4299 ) * Fixed state and model attributes not resolving yaml tags * Linting	2022-12-29 10:05:32 +01:00
Jens Langhammer	b1020fde64	web/elements: render ak-seach-select dropdown correctly in modals Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 20:38:57 +01:00
Jens Langhammer	f0e121c064	api: add filter backend for secret key to allow access to tenants and certificates closes #4182 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 18:59:25 +01:00
Jens Langhammer	2b2323fae7	outposts: include hostname in outpost heartbeat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 16:07:52 +01:00
Jens Langhammer	24eb4ed963	release: 2022.12.0	2022-12-28 13:00:49 +01:00
Jens Langhammer	b16d1134ea	core: add endpoints to add/remove users from group atomically closes #4252 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-28 10:50:30 +01:00
Jens Langhammer	20a4dfd13d	stages/invitation: fix incorrect pk check for invitation's flow closes #4278 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-27 13:55:51 +01:00
sdimovv	8f3579ba45	blueprints: add `!If` tag (#4264 ) * Added \!If tag * Fix typo * Removed trailing whitespace Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * format blueprint fixtures Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-26 16:20:22 +01:00
Jens Langhammer	ae13fc3b92	policies: make name required Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-25 14:46:48 +01:00
Jens Langhammer	94b9ebb0bb	blueprints: add Env tag Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-24 20:41:51 +01:00
Jens Langhammer	1b86a3d5d6	Merge branch 'version-2022.11'	2022-12-23 14:39:52 +01:00
Jens Langhammer	8b710b57a5	root: don't send traces in testing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:37:58 +01:00
Jens Langhammer	9dc0bb2a77	release: 2022.11.4	2022-12-23 14:17:48 +01:00
Jens L	2d827eaae1	security: fix CVE 2022 23555 (#4274 ) * add flow to invitation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * show warning on invitation page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add security advisory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:16:30 +01:00
Jens L	47d79ac28c	security: fix CVE 2022 46172 (#4275 ) * fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:16:26 +01:00
Jens L	9f846d94be	security: fix CVE 2022 23555 (#4274 ) * add flow to invitation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * show warning on invitation page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add security advisory Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:13:49 +01:00
Jens L	84fbeb5721	security: fix CVE 2022 46172 (#4275 ) * fallback to current user in user_write, add flag to disable user creation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update api and web ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add cve post to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 14:12:58 +01:00
Jens Langhammer	01da8e1792	providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 12:04:31 +01:00
Jens Langhammer	42c278b4f8	root: migrate to hosted sentry with rate-limited DSN Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-23 11:18:26 +01:00
Jens Langhammer	e52c964354	flows: fix redirect from plan context "redirect" not being wrapped in flow response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 23:28:26 +01:00
Jens L	c635487210	blueprints: better OCI support in UI (#4263 ) use oci:// prefix to detect oci blueprint, add UI support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 18:49:25 +01:00
Jens Langhammer	fb09df26c9	core: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 17:56:05 +01:00
Jens Langhammer	e4e7a112e3	web: use version family subdomain for in-app doc links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-22 17:03:08 +01:00
Jens Langhammer	042865c606	blueprints: add conditions to blueprint schema Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 18:59:17 +01:00
sdimovv	7f662ac2f3	blueprints: Added conditional entry application (#4167 ) * blueprints: Added !AsBool tag * Renamed AsBool tag to Condition * Added conditions attributed to BlueprintEntry * Added docs for the conditions attribute of a blueprint entry * Website linting fix * add new tag to vscode settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 17:04:00 +00:00
Jens L	609f95ac97	providers: add preview for mappings (#4254 ) * preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: show provider page on application page Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use oauth2 end session url instead of direct interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * dont show provider page on application page for now Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add UI for preview Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * translate and release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate saml api files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-21 12:13:11 +01:00
Jens Langhammer	027ca88d83	lib: enable sentry profiles_sample_rate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-19 12:51:22 +01:00
Jens L	ec925491b2	stages/captcha: customisable URLs (#3832 ) * make api and js url customisable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use recaptcha.net domains Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * regen locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-18 14:18:43 +01:00
Jens Langhammer	3418943949	root: allow custom settings via python module Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-15 10:59:14 +01:00
Jens Langhammer	8d169a8bd9	Merge branch 'version-2022.11'	2022-12-12 17:05:39 +00:00
Jens Langhammer	f47ce9a360	stages/user_login: prevent double success message when logging in via source Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 16:34:16 +00:00
Jens Langhammer	01a897dbc2	flows: set stage name and verbose_name for in_memory stages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 16:22:48 +00:00
Jens Langhammer	fddcb3a835	events: remove legacy logger declaration Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:32:06 +00:00
Jens Langhammer	5d51621278	stages/user_write: always ignore `component` field and prevent warning Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:31:56 +00:00
Jens Langhammer	9ffc720f48	policies: log correct cache state Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-12 15:31:41 +00:00
Jens Langhammer	4d8978ea90	bleuprints: fix flaky test Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-09 11:04:44 +00:00
sdimovv	8d13235b74	blueprints: fixed bug causing filtering with an empty query (#4106 ) * Fixed bug causing filtering with an empty query Fixed bug allowing blueprint import to filter for existing models using an empty query. The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Added test case * Added support for using dict fields as blueprint entry identifiers * Disabled pylint too-many-locals for _validate_single Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>	2022-12-06 12:06:25 +01:00
Jens Langhammer	44bf9a890e	release: 2022.11.3	2022-12-02 23:00:59 +02:00
Jens Langhammer	58cd6007b2	Merge branch 'version-2022.11'	2022-12-02 18:12:38 +02:00
Jens L	db95dfe38d	security: fix CVE 2022 46145 (#4140 ) * add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-02 16:14:25 +01:00
sdimovv	1f7d52c5ce	blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127 ) * Added support for nested tags to !Find and !Format * Added tests * Fix variable names * Added docs * Fixed small mistake in tests * Fixed variable names * Broke example into multiple lines	2022-12-01 16:10:26 +01:00
Jens Langhammer	3251bdc220	events: improve handling creation of events with non-pickleable objects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-01 15:56:28 +02:00
Jens Langhammer	2a4daa5360	release: 2022.11.2	2022-12-01 10:41:29 +02:00
Jens Langhammer	e1a6dede54	*: backport CVE-2022-46145 fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-01 10:41:26 +02:00
Jens Langhammer	cf40e5047e	policies: don't log context when policy returns None Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 14:43:47 +02:00
Jens Langhammer	d5329432fe	lib: fix uploaded files not being saved correctly, add tests closes #4110 #4109 #4107 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 12:48:33 +02:00
sdimovv	5156aeee0f	policies/password: Always add generic message to failing zxcvbn check (#4100 ) * Always add generic message to failing zxcvbn password policy Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message. For example: ``` $ echo 'Awdccdw1234' \| zxcvbn \| jq \| grep "feedback" -A 5 -B 1 Password: "score": 3, "feedback": { "warning": "", "suggestions": [] } } ``` As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. There are two ways to handle this: 1. Always add a generic "password is too weak" message when the policy fails. 2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not. I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some. Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Update authentik/policies/password/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Added test case * fix black formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens L. <jens@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-30 07:58:16 +00:00
Jens Langhammer	e22fce02f8	stages/authenticator_validate: improve validation for not_configured_action Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-28 10:52:51 +01:00
Jens Langhammer	e2bd96c5de	stages/authenticator_validate: fix validation to ensure configuration stage is set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 21:37:52 +01:00
Jens Langhammer	f8ef2b666f	events: fix incorrect EventAction being used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:53:05 +01:00
Jens Langhammer	a9909fcf6d	providers/oauth2: set amr values based on login event closes #4070 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 11:21:59 +01:00
Jens Langhammer	1fa9b3a996	providers/saml: set AuthnContextClassRef based on login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #4070	2022-11-25 11:21:45 +01:00
Jens Langhammer	5019346ab6	events: save login event in session after login Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #4070	2022-11-25 11:21:00 +01:00
Jens Langhammer	f22f1ebcde	stages/authenticator_validate: save used mfa devices in login event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-25 10:47:49 +01:00
Jens Langhammer	1c2cdfe06a	web/flows: improve error messages for failed duo push Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 13:42:13 +01:00
Jens Langhammer	d0308a8239	stages/authenticator_validate: log duo error Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 11:36:43 +01:00
Jens Langhammer	6843c8389b	stages/authenticator_duo: fix imported duo devices not being confirmed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-24 11:36:34 +01:00
Jens Langhammer	3a13d19695	release: 2022.11.1	2022-11-22 21:42:10 +01:00
Jens Langhammer	ed7bef9dbf	blueprints: open fixtures in read only mode Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 21:39:30 +01:00
Jens Langhammer	b9fdb63a57	core: fix lint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 21:02:18 +01:00
Jens Langhammer	5262d89505	core: fix tab-complete in shell Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 20:30:00 +01:00
Jens L	ab3d47c437	blueprints: add desired state attribute to objects (#4061 ) * add state attribute to delete objects Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests, move yaml from block to files Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add state to docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * only try to format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 14:27:20 +01:00
Jens Langhammer	14cd52686d	stages/email: add test for email translation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3885	2022-11-22 14:14:42 +01:00
Jens Langhammer	1a39754fe9	*: don't return values in test suites Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-22 11:38:34 +01:00
Jens Langhammer	5b8223808e	Merge branch 'version-2022.11'	2022-11-21 22:14:33 +01:00
Jens Langhammer	14f341f504	web/admin: fix error when importing duo devices Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 21:36:10 +01:00
Jens Langhammer	20c1770ec4	release: 2022.11.0	2022-11-21 20:12:02 +01:00
Jens Langhammer	a2e512c36c	stages/authenticator_validate: add flag to configure user_verification for webauthn devices Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 17:52:37 +01:00
Jens Langhammer	3c2da8138d	stages/invitation: directly delete invitation now that flow plan is saved in email token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 14:55:49 +01:00
Jens Langhammer	426f0bc9dd	events: deepcopy event kwargs to prevent objects being removed, remove workaround closes #4041 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-21 12:31:17 +01:00
Jens Langhammer	cc3ab141e5	policies: only cache policies for authenticated users closes #4033 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 21:06:53 +01:00
Jens Langhammer	c158ef80db	*: fix remaining old cache keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 16:18:32 +01:00
Jens L	9f5fb692ba	sources: add custom icon support (#4022 ) * add source icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to oauth form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add to other browser sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add migration, return icon in UI challenges Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * deduplicate file upload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-16 14:10:10 +01:00
Jens Langhammer	d67ec1b62f	lib: fix complex objects being included in event context for ak_create_event Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:51:02 +01:00
Jens Langhammer	e5241ac574	core: fix error when propertymappings return complex value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:28:15 +01:00
Jens L	276af8457d	root: make sentry DSN configurable (#4016 ) * make sentry DSN configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make proxy smarter Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix typo in config struct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 16:05:29 +01:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens Langhammer	9f269faf53	stages/authenticator_*: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 13:46:00 +01:00
Jens Langhammer	9bde7ef59e	Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions" closes #4008 This reverts commit `538c2ca4d3`. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # authentik/stages/authenticator_static/stage.py # authentik/stages/authenticator_totp/stage.py	2022-11-15 11:35:53 +01:00
Jens L	88594075b2	policies/password: merge hibp add zxcvbn (#4001 ) * initial zxcvbn Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api and port tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add ui Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api diff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-14 14:42:43 +01:00
Jens L	ffe6f65af5	outposts/kubernetes: ingress class (#4002 ) * add support for ingressClassName Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add option to disable ssl verification for k8s controller Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-14 14:24:11 +01:00
dependabot[bot]	4095c422df	core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864 ) * core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump project Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * bump deps Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * bump ci to 3.11 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-13 14:20:55 +01:00
sdimovv	5d8dd9cf3f	blueprints: Fixed bug causing blueprint instance context be discarded (#3990 ) Fixed bug causing blueprint instance context be discarded when applying a blueprint.	2022-11-12 13:23:33 +01:00
Jens Langhammer	3306003f0e	providers/oauth2: fix inconsistent expiry encoded in JWT - access token validity is used for JWTs issues in implicit flows - general cleanup of how times are set closes #2581 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-10 20:23:24 +01:00
Daniel	85c790728f	core: simplify group serializer for user API endpoint (#3899 ) * core/api: Adding simple group serializer to improve user retrieval performance Due to the exhaustive use of the user_obj the performance suffers greatly if the users are assigned to large groups. This simple fix adds a new serializer that does not expose the user_obj within a group. * core/api: Update schema Update to the schema based on the new SimpleGroupSerializer * core/api: Fix black and pylint * make naming consistent, remove unnecessary fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-09 11:19:40 +01:00
Jens Langhammer	47132faffb	root: relicense and launch blog post Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-03 16:00:00 +01:00
Jens Langhammer	cd0d898a4b	events: sanitize generator for json safety closes #3903 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-31 20:30:11 +01:00
Jens Langhammer	400751ed3c	api: fix missing scheme in securitySchemes closes #3883 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-29 18:50:34 +02:00
Jens Langhammer	f3a72761c0	release: 2022.10.1	2022-10-29 17:24:55 +02:00
Jens Langhammer	841c13ed77	core: set prehydrated locale based on active backend locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-28 19:43:24 +02:00
Jens L	30d708dd1f	core: explicitly enable locales (#3889 ) * activate locales Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set locale for email templates Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-28 19:42:49 +02:00
Jens Langhammer	9d0a7578ec	flows: fix error due to not validating error challenge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-27 20:04:00 +02:00
Jens Langhammer	f8fab14e1e	core: refactor MessageStage to not use dynamic class Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-26 20:01:42 +02:00
Jens Langhammer	6b35d0c70b	core: check if session is authenticated before showing linked message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-26 00:30:42 +02:00
Jens Langhammer	dd65862bf2	core: show success message when authenticating/enrolling after flow is finished Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-25 22:46:15 +02:00
Jens Langhammer	6ea57921f2	sources/saml: set username field to name_id attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-24 21:53:37 +02:00
Jens Langhammer	b0d4f035f1	blueprints: fix error when cleaning up unset attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-21 22:12:59 +02:00
Jens Langhammer	661d2ec701	Merge branch 'version-2022.10'	2022-10-21 22:11:04 +02:00
Jens Langhammer	3f570bb96d	blueprints: improve error handling Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-21 20:18:02 +02:00
Jens Langhammer	89dc46a7ff	release: 2022.10.0	2022-10-21 19:42:38 +02:00
Jens Langhammer	a1ce8100e9	stages/identification: log invalid_login similar to event for easier log parsing Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3715	2022-10-20 19:31:22 +02:00
Jens Langhammer	13d975a258	flows: fix error when opening inspector with no history Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 19:30:56 +02:00
Jens Langhammer	782fec0eb9	flows: use stripped down flow serializer for flow_set to optimise loading time Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-20 09:56:08 +02:00
Jens L	cfad472e1b	flows: optimise queries (#3818 ) * flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 22:53:07 +02:00
Jens Langhammer	6882445937	*: handle PermissionError when saving files, ensure permission bits are set correctly closes #3817 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 20:24:28 +02:00
Jens Langhammer	9e3bf94547	flows: optimise flow API loading speed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 10:29:06 +02:00
Jens L	b06a3a8f9f	admin: add authorisations metric (#3811 ) add authorizations metric Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 00:06:45 +02:00
dependabot[bot]	167695d4b1	core: bump channels from 3.0.5 to 4.0.0 (#3799 ) * core: bump channels from 3.0.5 to 4.0.0 Bumps [channels](https://github.com/django/channels) from 3.0.5 to 4.0.0. - [Release notes](https://github.com/django/channels/releases) - [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt) - [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0) --- updated-dependencies: - dependency-name: channels dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * add daphne Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:34:27 +02:00
Jens Langhammer	3e1490dcac	providers/saml: don't attempt verification of SAML request when no verification certificate is configured Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:26:04 +02:00
Jens Langhammer	6bff6a2a1a	core: fallback to empty user object for PropertyMappingEvaluator Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:03:26 +02:00
Jens L	0efee2a660	flows: improved import (#3807 ) * return logs when importing flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * improve error handling, show logs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:42 +02:00
Jens L	b85be12567	providers/oauth2: fix issues with es256 and add tests (#3808 ) fix issues with es256 and add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-18 22:01:29 +02:00
Jens Langhammer	96a30af0eb	sources/oauth: allow overriding of all scopes closes #3747 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-16 21:21:43 +02:00
Jens Langhammer	76531589dd	core: fix title in generic error template Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-16 13:55:22 +02:00
Jens Langhammer	2112b5b26b	root: add global fallback throttle Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 23:51:36 +02:00
Jens Langhammer	a3cc844e25	crypto: fix cert_expiry not having the correct format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 23:32:02 +02:00
Jens Langhammer	53aef73f58	flows: optimise queries for flow and stage API endpoints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-15 11:54:31 +02:00
Jens L	363872715d	sources/saml: revamp SAML Source (#3785 ) * update saml source to use user connections, add all attributes to flow context Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * check for SAML Status in response, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * package apple icon Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add webui for connections Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 17:04:47 +02:00
Jens L	79e8b72569	flows: always show flow inspector in debug mode, don't require admin in debug (#3786 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 15:44:59 +02:00
Jens Langhammer	74a0e27a8c	blueprints: fix error when exporting objects with lazily translated strings closes #3482 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 14:31:44 +02:00
Jens Langhammer	0ca1368dcc	sources/saml: improve error handling for missing assertion and missing subject closes #3784 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 13:56:39 +02:00
Philipp Kolberg	2980c5884f	root: Add setting to adjust database config for pgbouncer (#3769 ) * Add setting to adjust database config for pgbouncer * docker-compose.yml cleanup Delete pgbouncer setting as false is the default value * Cleanup docker-compose.yml Also remove use_pgbouncer option in server section	2022-10-14 11:53:24 +02:00
Jens L	217e145d23	stages/authenticator_sms: make sms stage payload customisable (#3780 ) * make sms stage payload customisable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update phrasing for webhook mapping Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-14 11:53:01 +02:00
Jens Langhammer	e5e6c33b2d	providers/oauth2: fix expires_in not being an int Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 14:25:30 +03:00
Jens L	8ed2f7fe9e	providers/oauth2: add device flow (#3334 ) * start device flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix inconsistent app filtering Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tenant device code flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add throttling to device code view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * somewhat unrelated changes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add initial device code entry flow Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add finish stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * it works Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add support for verification_uri_complete Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add some tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-11 12:42:10 +02:00
Jens Langhammer	00a6c2a40b	sources/oauth: improve error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-10 13:28:25 +03:00
Jens Langhammer	239092b872	core: fix messages not being shown when no client is connected Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-10 13:27:41 +03:00
dependabot[bot]	34d520a3fb	core: bump channels-redis from 3.4.1 to 4.0.0 (#3752 )	2022-10-10 11:26:49 +02:00
lvoegl	3ecc715e91	sources/oauth: add Twitch OAuth source (#3746 ) * sources/oauth: add Twitch OAuth source Signed-off-by: Lukas Vögl <lukas@voegl.org> * website/integrations: add Twitch OAuth source documentation Signed-off-by: Lukas Vögl <lukas@voegl.org> Signed-off-by: Lukas Vögl <lukas@voegl.org>	2022-10-10 10:59:07 +02:00
Jens Langhammer	9bbe8e6c57	providers/oauth2: save full IDToken to database, only use to_dict for encoding final token Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-08 15:06:17 +03:00
Jens Langhammer	b2a658d091	providers/oauth2: remove c_hash and nonce claim if they're not set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 17:07:33 +03:00
Jens Langhammer	ce085a029d	providers/oauth2: exclude at_hash claim if not set instead of being null closes #3739 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-07 10:10:53 +03:00
Jens Langhammer	93e90f8f50	crypto: fix import_certificate checking private key as certificate closes #3713 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-02 00:31:14 +02:00
Jens L	44e4f2e561	crypto: make certificate parsing optional for crypto api (#3711 )	2022-10-01 00:06:00 +02:00
Jens L	cca0f60bda	root: decrease default token size to 60 chars for compatibility (#3710 ) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2614	2022-09-30 23:12:51 +02:00
Jens Langhammer	d8a98e71bd	outposts: fix indentation in generated SSH Config	2022-09-29 09:23:27 +00:00
Jens Langhammer	7c0754000c	providers/oauth2: add all hardcoded claims to claims_supported list closes #3702 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-29 10:27:46 +02:00
Jens Langhammer	43a5aaa9df	stages/email: don't check that email templates exist on startup #3692 this runs on both server and worker where only the worker needs to have the email templates Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-28 18:52:54 +02:00
Jens Langhammer	cd1a36fec4	root: save email template directory in config Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-09-28 18:51:34 +02:00

1 2 3 4 5 ...

2732 commits