Commit Graph

291 Commits

Author SHA1 Message Date
Jens Langhammer 9ad10863de providers/oauth2: add API for auth codes and refresh tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 15:59:38 +01:00
Jens Langhammer a57d524273 flows: add API for flow export
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 14:36:00 +01:00
Jens Langhammer dae60b5a08 *: replace ReadOnlyModelViewSet with List/Retrieve/Delete viewsets
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 12:11:07 +01:00
Jens Langhammer a6123cfbe4 flows: add API for user's stage settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 00:33:12 +01:00
Jens Langhammer 07142cab8b core: add API for user source settings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-18 00:32:40 +01:00
Jens Langhammer c70f6e3122 events: fix Schema for query params for top_per_user
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-17 18:33:12 +01:00
Jens Langhammer 07ca82e599 admin: include git build hash in gh-* tags and show build hash in admin overview
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-03-16 14:42:01 +01:00
Jens Langhammer 34a3d81eff stages/authenticator_*: add API for authenticator devices 2021-03-09 10:38:07 +01:00
Jens L 2852fa3c5e
web: use generated API Client (#616)
* api: fix types for config API

* api: remove broken swagger UI

* admin: re-fix system task enum

* events: make event optional

* events: fix Schema for notification transport test

* flows: use APIView for Flow Executor

* core: fix schema for Metrics APIs

* web: rewrite to use generated API client

* web: generate API Client in CI

* admin: use x_cord and y_cord to prevent yaml issues

* events: fix linting errors

* web: don't lint generated code

* core: fix fields not being required in TypeSerializer

* flows: fix missing permission_classes

* web: cleanup

* web: fix rendering of graph on Overview page

* web: cleanup imports

* core: fix missing background image filter

* flows: fix flows not advancing properly

* stages/*: fix warnings during get_challenge

* web: send Flow response as JSON instead of FormData

* web: fix styles for horizontal tabs

* web: add base chart class and custom chart for application view

* root: generate ts client for e2e tests

* web: don't attempt to connect to websocket in selenium tests

* web: fix UserTokenList not being included in the build

* web: fix styling for static token list

* web: fix CSRF Token missing

* stages/authenticator_static: fix error when disable static tokens

* core: fix display issue when updating user info

* web: fix Flow executor not showing spinner when redirecting
2021-03-08 11:14:00 +01:00
Jens Langhammer ff5f5f65e8 web: fix date display issue 2021-03-03 21:53:30 +01:00
Jens Langhammer 466723573c api: fix types for config API 2021-03-03 20:05:43 +01:00
Jens Langhammer ea784d47f4 admin: fix mismatched Swagger schema 2021-03-03 17:44:47 +01:00
Jens Langhammer 77d5ba2862 events: fix typo in events API 2021-03-03 16:54:59 +01:00
Jens Langhammer f4580a1097 api: remove legacy messages API as its WS only 2021-03-03 15:02:20 +01:00
Jens Langhammer c002c4b610 api: make pagination required 2021-03-03 10:37:03 +01:00
Jens Langhammer 3cb0575a1e root: fix swagger pagination not matching API 2021-03-03 09:28:22 +01:00
Jens Langhammer 373793ce9a policies: show more information when provider fails to resolve application 2021-03-02 16:58:55 +01:00
Jens Langhammer 792fa45dca providers/oauth2: add logout URL to Setup URLs API 2021-03-02 15:11:18 +01:00
Jens Langhammer c65b2944b3 stages/reputation: add API for user and IP Score 2021-03-01 20:22:37 +01:00
Jens Langhammer 2ae5a81c15 stages/deny: add deny stage 2021-03-01 20:16:54 +01:00
Jens Langhammer ed8b78600e stages/authenticator_validate: add configuration stage to configure Authenticator 2021-03-01 19:23:59 +01:00
Jens Langhammer d6fd2b0afa sources/saml: add Metadata API 2021-03-01 10:50:45 +01:00
Jens Langhammer 9e6a7bf16b stages/captcha: migrated to SPA 2021-02-25 19:58:38 +01:00
Jens Langhammer 8878fac4e7 stages/authenticator_validate: send challenge for each device 2021-02-23 18:25:58 +01:00
Jens Langhammer 88e5b22d16 flows: add get_pending_user() for WithUserInfoChallenge 2021-02-21 18:35:21 +01:00
Jens Langhammer c1e6786ea1 stages/password: Migrate to SPA 2021-02-21 00:14:42 +01:00
Jens Langhammer 854d94056e web: migrate remaining list views to web 2021-02-20 00:19:53 +01:00
Jens Langhammer 9d4c22c706 web: show header while loading application info 2021-02-19 23:34:06 +01:00
Jens Langhammer 6597d5bd28 web: migrate Token List to web 2021-02-19 19:09:30 +01:00
Jens Langhammer fd28f37c0d web: migrate User list to web 2021-02-19 18:43:57 +01:00
Jens Langhammer 865f652476 web: migrate Outpost Service Connection to web 2021-02-19 17:49:34 +01:00
Jens Langhammer 71f771c22c core: add types API to propertymapping 2021-02-19 17:10:30 +01:00
Jens Langhammer 79089d8981 policies: add bound count to api 2021-02-19 16:53:30 +01:00
Jens Langhammer 44e51970e1 web: update for new cached actions 2021-02-19 16:37:50 +01:00
Jens L 8708e487ae
stages: add WebAuthn stage (#550)
* core: add User.uid for globally unique user ID

* admin: fix ?next for Flow list

* stages: add initial webauthn implementation

* web: add ak-flow-submit event to submit flow stage

* web: show error message for webauthn registration

* admin: fix next param not redirecting correctly

* stages/webauthn: remove form

* stages/webauthn: add API

* web: update flow diagram on ak-refresh

* stages/webauthn: add initial authentication

* stages/webauthn: initial authentication implementation

* web: cleanup webauthn utils

* stages: rename otp_* to authenticator and move webauthn to authenticator

* docs: fix broken links

* stages/authenticator_*: fix template paths

* stages/authenticator_validate: add device classes

* stages/authenticator_webauthn: implement django_otp.devices

* stages/authenticator_*: update default stage names

* web: add button to create stage on flow page

* web: don't minify HTML, remove nbsp

* admin: fix typo in stage list

* stages/*: use common base class for stage serializer

* stages/authenticator_*: create default objects after rename

* tests/e2e: adjust stage order
2021-02-17 20:49:58 +01:00
Jens Langhammer 4cfcc48b23 admin: migrate certificate-keypair list to web 2021-02-16 23:16:52 +01:00
Jens Langhammer f8ba623fc1 web: add more related links, add policy/user/group support for bindings 2021-02-16 20:52:59 +01:00
Jens Langhammer 1afb4a7a76 policies: add ability to directly assign groups in bindings 2021-02-11 20:36:48 +01:00
Jens Langhammer aa0f5df218 policies/*: cleanup api and forms, use correct inheritance 2021-02-11 19:50:02 +01:00
Jens Langhammer d2df426489 core: fix tokens using wrong lookup 2021-02-10 20:32:54 +01:00
Jens Langhammer a367d8515f core: add source endpoint 2021-02-10 20:12:07 +01:00
Jens Langhammer 2b7a22a29a core: add providers/types endpoint 2021-02-10 20:11:54 +01:00
Jens Langhammer 0af66a26ab crypto: move certificate and key data to separate api calls to create events 2021-02-09 21:47:00 +01:00
Jens Langhammer 71c9108f89 events: rename token_view to secret_view 2021-02-09 18:20:28 +01:00
Jens Langhammer 45f1d95bf9 sources/oauth: add callback URL to api 2021-02-09 16:58:19 +01:00
Jens Langhammer 552f8c6a9a sources/*: switch API to use slug in URL 2021-02-09 16:08:30 +01:00
Jens Langhammer 2acdcf74e1 sources/ldap: add API for sync status 2021-02-09 10:21:59 +01:00
Jens Langhammer 78bcb90a1e outposts: ensure Outpost API is backwards compatible 2021-02-08 19:51:46 +01:00
Jens Langhammer 820f658b49 web: add outpost list page 2021-02-08 19:04:19 +01:00
Jens Langhammer efc46f52e6 outposts: move health to API 2021-02-08 19:01:10 +01:00
Jens Langhammer 3ced67b151 sources/*: simplify source api 2021-02-08 10:25:59 +01:00
Jens Langhammer 830b8bcd5b web: add page for OAuth2 Provider 2021-02-06 18:39:15 +01:00
Jens Langhammer 91d6a3c8c7 providers/*: simplify provider API 2021-02-06 17:31:29 +01:00
Jens L a6ac82c492
*: rewrite managed objects, use nullable text flag instead of boolean as uid (#533) 2021-02-06 15:56:21 +00:00
Jens Langhammer 32cf960053 sources/ldap: add property_mappings_group to make group mapping more customisable 2021-02-06 15:27:07 +01:00
Jens Langhammer 14dc420747 sources/ldap: rewrite group membership syncing 2021-02-04 20:06:42 +01:00
Jens Langhammer 178417fe67 web: start implementing provider list 2021-02-04 10:09:19 +01:00
Jens L e25d03d8f4
Managed objects (#519)
* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting
2021-02-03 21:18:31 +01:00
Jens Langhammer cfed41439e events: add send_once flag to send webhooks only once 2021-02-02 19:34:55 +01:00
Jens Langhammer 5ef4354723 providers/saml: make NameID configurable using a Property Mapping 2021-01-28 22:50:13 +01:00
Jens Langhammer 3d3a0cd9e3 events: create event when system task fails 2021-01-18 10:09:14 +01:00
Jens Langhammer f959212692 events: make notifications filterable 2021-01-16 19:08:07 +01:00
Jens Langhammer 192dbe05c4 events: triggers -> rules 2021-01-16 14:15:23 +01:00
Jens Langhammer 2e42da11ea policies/event_matcher: simplify validity checking 2021-01-15 11:26:55 +01:00
Jens Langhammer 6192b2787f events: notifications: send entire event in API 2021-01-14 17:22:02 +01:00
Jens Langhammer 1342266368 events: include full group in event notification 2021-01-14 17:22:02 +01:00
Jens Langhammer 9fe8554f28 events: make notification read/update only 2021-01-14 17:22:02 +01:00
Jens Langhammer b6948334f2 policies/event_matcher: fix verbose_name 2021-01-12 23:06:24 +01:00
Jens Langhammer 47ddf0d7f2 web: add UI for notification triggers 2021-01-12 22:26:57 +01:00
Jens Langhammer 8369fa16ae events: add mode_verbose to transport, return string on send error 2021-01-12 21:51:55 +01:00
Jens L 1ccf6dcf6f
events: Notifications (#418)
* events: initial alerting implementation

* policies: move error handling to process, ensure policy UUID is saved

* policies: add tests for error handling in PolicyProcess

* events: improve loop detection

* events: add API for action and trigger

* policies: ensure http_request is not used in context

* events: adjust unittests for user handling

* policies/event_matcher: add policy type

* events: add API tests

* events: add middleware tests

* core: make application's provider not required

* outposts: allow blank kubeconfig

* outposts: validate kubeconfig before saving

* api: fix formatting

* stages/invitation: remove invitation_created signal as model_created functions the same

* stages/invitation: ensure created_by is set when creating from API

* events: rebase migrations on master

* events: fix missing Alerts from API

* policies: fix unittests

* events: add tests for alerts

* events: rename from alerting to notifications

* events: add ability to specify severity of notification created

* policies/event_matcher: Add app field to match on event app

* policies/event_matcher: fix EventMatcher not being included in API

* core: use objects.none() when get_queryset is used

* events: use m2m for multiple transports, create notification object in task

* events: add default triggers

* events: fix migrations return value

* events: fix notification_transport not being in the correct queue

* stages/email: allow sending of email without backend

* events: implement sending via webhook + slack/discord + email
2021-01-11 18:43:59 +01:00
Jens L 82bb179bc2
root: global email settings (#448)
* root: make global email settings configurable

* stages/email: add use_global_settings

* stages/email: add test_email command to test email sending

* stages/email: update email template

* stages/email: simplify email template path

* stages/email: add support for user-supplied email templates

* stages/email: add tests for sending and templates

* stages/email: only add custom template if permissions are correct

* docs: add custom email template docs

* root: add /templates volume in docker-compose by default

* stages/email: fix form not allowing custom templates

* stages/email: use relative path for custom templates

* stages/email: check if all templates exist on startup, reset

* docs: add global email docs for docker-compose

* helm: add email config to helm chart

* helm: load all secrets with env prefix

* helm: move s3 and smtp secret to secret

* stages/email: fix test for relative name

* stages/email: add argument to send email from existing stage

* stages/email: set uid using slug of message id

* stages/email: ensure template validation ignores migration runs

* docs: add email troubleshooting docs

* stages/email: fix long task_name breaking task list
2021-01-05 00:41:10 +01:00
Jens Langhammer 4fde1b7365 providers/saml: allow audience to be empty 2020-12-30 22:15:28 +01:00
Jens Langhammer 590597caf6 events: replace list view with SPA Page 2020-12-28 14:32:34 +01:00
Jens Langhammer 0e1587bc1a providers/oauth2: don't write authorization code to event log 2020-12-28 01:07:18 +01:00
Jens Langhammer ee2e737782 providers/oauth2: remove response_type field as spec doesn't require validation 2020-12-27 18:12:47 +01:00
Jens Langhammer 55322995a1 providers/oauth2: make iss field configurable 2020-12-27 15:02:12 +01:00
Jens Langhammer 5b18e28753 providers/oauth2: fix include_claims_in_id_token not being shown in form/API 2020-12-27 14:05:10 +01:00
Jens Langhammer fc98c3934a providers/*: implement configuration_error 2020-12-27 13:15:31 +01:00
Jens Langhammer 5f90f54195 stages/invitation: ensure created_by is set when creating from API 2020-12-27 13:11:28 +01:00
Jens L a9336f069c
flows: add diagrams (#415)
* flows: initial diagram implementation

* web: install flowchart.js, add flow diagram page

* web: adjust diagram colours for dark mode

* flows: add permission checks for diagram

* flows: fix formatting

* web: fix formatting for web

* flows: add fix when last stage has policy

* flows: add test for diagram

* web: flows/diagram: add support for light mode

* flows: make Flows's Diagram API return json, add more tests and fix swagger response
2020-12-26 17:05:11 +01:00
Jens Langhammer 3ac3a8eebe core: fix error during migrations 2020-12-25 23:51:40 +01:00
Jens Langhammer 4998ccbe41 root: update license 2020-12-24 16:01:55 +01:00
Jens Langhammer c85506f43c outposts: allow blank kubeconfig 2020-12-24 13:23:14 +01:00
Jens Langhammer 4157a0780d core: make application's provider not required 2020-12-24 13:23:10 +01:00
Jens L 79da2bf698
web: Table parity (#427)
* core: fix application API always being sorted by name

* web: add sorting to tables

* web: add search to TablePage

* core: add search to applications API

* core: add MetaNameSerializer

* *: fix signature for non-modal serializers

* providers/*: implement MetaNameSerializer

* web: implement full app list page, use as default in sidebar

* web: fix linting errors

* admin: remove old application list

* web: fix default sorting for application list

* web: fix spacing for search element in toolbar
2020-12-24 09:56:05 +01:00
Jens L a4dc6d13b5
events: rename audit to events and use for more metrics (#397)
* events: rename audit to events

* policies/expression: log expression exceptions as event

* policies/expression: add ExpressionPolicy Model to event when possible

* lib/expressions: ensure syntax errors are logged too

* lib: fix lint error

* policies: add execution_logging field

* core: add property mapping tests

* policies/expression: add full test

* policies/expression: fix attribute name

* policies: add execution_logging

* web: fix imports

* root: update swagger

* policies: use dataclass instead of dict for types

* events: add support for dataclass as event param

* events: add special keys which are never cleaned

* policies: add tests for process, don't clean full cache

* admin: create event when new version is seen

* events: move utils to separate file

* admin: add tests for admin tasks

* events: add .set_user method to ensure users have correct attributes set

* core: add test for property_mapping errors with user and request
2020-12-20 22:04:29 +01:00
Jens Langhammer 29f98abd00 root: update swagger 2020-12-16 23:32:14 +01:00
Jens Langhammer 41576e27be tests/integration: continue even if ssl can't be cleaned up 2020-12-13 21:51:59 +01:00
Jens L 488e8f769a
web: remove policy bindings page (#370)
* admin: accept ?target for PolicyBindingCreateView

* core: fix rendering of hidden fields in horizontal form

* web: add create button for application's bound policies

* admin: fix delete form not working

* web: fix ak-refresh event not being dispatched correctly

* web: fix linting errors

* admin: fix tests not loading

* build(deps-dev): bump eslint from 7.14.0 to 7.15.0 in /web (#372)

Bumps [eslint](https://github.com/eslint/eslint) from 7.14.0 to 7.15.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.14.0...v7.15.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump rollup from 2.34.1 to 2.34.2 in /web (#373)

Bumps [rollup](https://github.com/rollup/rollup) from 2.34.1 to 2.34.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.34.1...v2.34.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump @types/codemirror from 0.0.100 to 0.0.102 in /web (#374)

Bumps [@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror) from 0.0.100 to 0.0.102.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371)

* build(deps-dev): bump bandit from 1.6.2 to 1.6.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for new bandit version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: add header to bound-policies

* web: fix spacing between bulk_select buttons

* web: add separate ak-bound-policies-list, add flow view page

* web: fix flows' policies not loading

* Squashed commit of the following:

commit e535cb0ec8
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Dec 10 09:58:07 2020 +0100

    build(deps): bump boto3 from 1.16.32 to 1.16.33 (#383)

    Bumps [boto3](https://github.com/boto/boto3) from 1.16.32 to 1.16.33.
    - [Release notes](https://github.com/boto/boto3/releases)
    - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
    - [Commits](https://github.com/boto/boto3/compare/1.16.32...1.16.33)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 8c1f55d3e3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Dec 9 09:06:45 2020 +0100

    build(deps): bump boto3 from 1.16.31 to 1.16.32 (#382)

    Bumps [boto3](https://github.com/boto/boto3) from 1.16.31 to 1.16.32.
    - [Release notes](https://github.com/boto/boto3/releases)
    - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
    - [Commits](https://github.com/boto/boto3/compare/1.16.31...1.16.32)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit c3a2cb44cd
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Dec 9 09:06:29 2020 +0100

    build(deps): bump celery from 5.0.3 to 5.0.4 (#380)

    Bumps [celery](https://github.com/celery/celery) from 5.0.3 to 5.0.4.
    - [Release notes](https://github.com/celery/celery/releases)
    - [Changelog](https://github.com/celery/celery/blob/master/Changelog.rst)
    - [Commits](https://github.com/celery/celery/compare/v5.0.3...v5.0.4)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 682401bbf2
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Dec 9 07:20:45 2020 +0100

    build(deps): bump uvicorn from 0.12.3 to 0.13.0 (#381)

    Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.12.3 to 0.13.0.
    - [Release notes](https://github.com/encode/uvicorn/releases)
    - [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/encode/uvicorn/compare/0.12.3...0.13.0)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 3e6e167348
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Dec 8 10:32:00 2020 +0100

    build(deps-dev): bump @typescript-eslint/parser in /web (#377)

    Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.9.0 to 4.9.1.
    - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
    - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md)
    - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.9.1/packages/parser)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit d08c1b7b02
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Dec 8 10:31:47 2020 +0100

    build(deps): bump @sentry/browser from 5.28.0 to 5.29.0 in /web (#378)

    Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 5.28.0 to 5.29.0.
    - [Release notes](https://github.com/getsentry/sentry-javascript/releases)
    - [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/getsentry/sentry-javascript/compare/5.28.0...5.29.0)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 94d70d252c
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Dec 8 09:02:37 2020 +0100

    build(deps): bump boto3 from 1.16.30 to 1.16.31 (#375)

    Bumps [boto3](https://github.com/boto/boto3) from 1.16.30 to 1.16.31.
    - [Release notes](https://github.com/boto/boto3/releases)
    - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
    - [Commits](https://github.com/boto/boto3/compare/1.16.30...1.16.31)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ccfe746dd5
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Dec 8 09:02:28 2020 +0100

    build(deps-dev): bump @typescript-eslint/eslint-plugin in /web (#376)

    Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.9.0 to 4.9.1.
    - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
    - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md)
    - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.9.1/packages/eslint-plugin)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit ef5dffa96a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Dec 8 09:02:16 2020 +0100

    build(deps): bump @sentry/tracing from 5.28.0 to 5.29.0 in /web (#379)

    Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 5.28.0 to 5.29.0.
    - [Release notes](https://github.com/getsentry/sentry-javascript/releases)
    - [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/getsentry/sentry-javascript/compare/5.28.0...5.29.0)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 2caa1e7650
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Dec 7 11:21:07 2020 +0100

    build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371)

    * build(deps-dev): bump bandit from 1.6.2 to 1.6.3

    Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3.
    - [Release notes](https://github.com/PyCQA/bandit/releases)
    - [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

    Signed-off-by: dependabot[bot] <support@github.com>

    * root: update for new bandit version

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>

commit 2246f3a534
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Dec 7 10:26:01 2020 +0100

    build(deps): bump @types/codemirror from 0.0.100 to 0.0.102 in /web (#374)

    Bumps [@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror) from 0.0.100 to 0.0.102.
    - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
    - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 95ba00cb79
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Dec 7 09:09:49 2020 +0100

    build(deps): bump rollup from 2.34.1 to 2.34.2 in /web (#373)

    Bumps [rollup](https://github.com/rollup/rollup) from 2.34.1 to 2.34.2.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/rollup/rollup/compare/v2.34.1...v2.34.2)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 2ab4d6620f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Dec 7 09:09:24 2020 +0100

    build(deps-dev): bump eslint from 7.14.0 to 7.15.0 in /web (#372)

    Bumps [eslint](https://github.com/eslint/eslint) from 7.14.0 to 7.15.0.
    - [Release notes](https://github.com/eslint/eslint/releases)
    - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/eslint/eslint/compare/v7.14.0...v7.15.0)

    Signed-off-by: dependabot[bot] <support@github.com>

    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: fix linting error

* web: simplify sidebar logic

* web: add support for multiple active matchers per sidebar item

* web: move router to elements

* flows: add stage_obj to flows api

* sources/*: make all sources implement SerializerModel

* web: improve listing of stages

* web: implement expandable table

* web/table: use TemplateResult as return value for row()

* web: add empty state, fix link for BoundStageList

* admin: make stage binding form accept ?target like policy binding

* web: fix styles in dark mode for expanding tables

* flows: add policybindingmodel_ptr_id to FlowStageBinding API

* web: improve wording for policies

* web: fix dark theme for tertiary buttons and static modals

* web: implement SourceViewPage

* web: add empty state for BoundPoliciesList

* web: cleanup URLs for FlowStageBindings

* root: remove url attribute from ak-messages

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-12 19:39:09 +01:00
Jens Langhammer ff15514d5b stages/identification: add show_matched_user to optionally hide user details 2020-12-06 13:12:32 +01:00
Jens L 1cfe1aff13
wip: rename to authentik (#361)
* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject
2020-12-05 22:08:42 +01:00
Jens Langhammer cc5a0c23aa flows: allow uploading of custom flow backgrounds, update default flow background 2020-12-02 14:40:05 +01:00
Jens Langhammer 1779b4d888 web: more admin overview components 2020-12-01 22:42:11 +01:00
Jens Langhammer 71fbb23a2f web: add placeholder config, fix sizing of sidebar brand 2020-12-01 13:20:54 +01:00
Jens Langhammer 2a0b4c8f14 web: remove dist from git 2020-11-30 12:50:08 +01:00
Jens Langhammer 1193608631 web: port library page to clientside, router performance improvements 2020-11-30 12:34:26 +01:00
Jens Langhammer 2417d5a59e policies: add policy_obj to Binding API 2020-11-29 13:57:40 +01:00
Jens Langhammer 2fbf06a1aa root: fix formatting, update swagger 2020-11-27 18:42:22 +01:00
Jens L 665839133f
Application Icon upload (#341)
* core: add initial implementation for File Upload

* root: add volumes to docker-compose for file upload

* helm: add pvc for uploads

* core: allow meta_icon to be overwritten with static files
2020-11-23 20:50:19 +01:00
Jens Langhammer bd9bce4c9b api: add API for config used in SPA 2020-11-23 11:49:09 +01:00
Jens Langhammer 3c311ca527 core: add avatars to user api 2020-11-22 19:36:40 +01:00
Jens Langhammer 0a8d4eecae outposts: add docker TLS authentication and verification 2020-11-19 13:10:18 +01:00
Jens Langhammer e5e4824920 */saml: fully migrate to xmlsec, remove signxml dependency 2020-11-15 15:20:56 +01:00
Jens Langhammer 9877ef99c4 */saml: fix creation and validation of detached signatures 2020-11-12 11:59:07 +01:00
Jens Langhammer e99f6e289b outposts: fix kubernetes ApiClient not being used 2020-11-09 10:45:08 +01:00
Jens Langhammer a202679bfb crypto: fix "Could not deserialize key data." with empty private key 2020-11-08 22:43:35 +01:00
Jens Langhammer c04d0a373a admin: add views for outpost service-connections 2020-11-04 13:35:41 +01:00
Jens Langhammer bd74e518a7 outposts: add *ServiceConnection API 2020-11-04 11:05:40 +01:00
dependabot[bot] b775f2788c
build(deps): bump channels from 2.4.0 to 3.0.0 (#309)
* build(deps): bump channels from 2.4.0 to 3.0.0

Bumps [channels](https://github.com/django/channels) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/master/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/2.4.0...3.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for channels 3

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2020-11-02 10:26:26 +01:00
Jens Langhammer e805fb62fb e2e: use docker proxy for test images 2020-10-27 09:50:06 +01:00
Jens Langhammer a9f3118a7d docs: add home-assistant integration docs 2020-10-26 22:14:51 +01:00
Jens Langhammer aeee3ad7f9 e2e: add @retry decorator to make e2e tests more reliable 2020-10-20 18:51:17 +02:00
Jens Langhammer ef021495ef flows: revert evaluate_on_call rename for backwards compatibility 2020-10-20 15:41:50 +02:00
Jens Langhammer 870e01f836 flows: rename re_evaluate_policies to evaluate_on_call, add evaluate_on_plan 2020-10-20 15:06:36 +02:00
Jens Langhammer c698ba37d9 core: add ability for users to create tokens 2020-10-18 15:42:16 +02:00
Jens Langhammer ee670d5e19 core: add key field to token for easier rotation 2020-10-18 14:34:22 +02:00
Jens Langhammer c4a30c50ac stages/consent: add fallback template 2020-10-17 18:18:29 +02:00
Jens Langhammer c5226fd0e8 admin: add API to list tasks and schedule retry 2020-10-16 14:10:11 +02:00
Jens Langhammer 610b6c7f70 policies: add PolicyAccessView, which does complete access checking 2020-10-11 19:26:20 +02:00
Jens Langhammer c1eb8317f7 providers/proxy: update phrasing for basic_auth_* attributes
closes #265
2020-10-07 19:27:06 +02:00
Jens Langhammer 9df00e09a4 root: fix static docker's rollup build 2020-10-06 00:06:53 +02:00
Jens Langhammer da9aaf69df admin: add metrics and charts 2020-10-05 22:10:03 +02:00
Jens Langhammer 189b0ec324 admin: expose info as API 2020-10-04 00:28:58 +02:00
Jens Langhammer c5a6b4961f core: Add Token identifier as sudo-primary key 2020-10-04 00:28:43 +02:00
Jens Langhammer 195d8fe71f core: move name field to base Provider 2020-10-03 20:05:16 +02:00
Jens Langhammer 6cd9edd38a providers/oauth2: add missing token_validity field to Forms and API 2020-10-01 20:01:28 +02:00
Jens Langhammer 8f585eca70 stages/identification: replace buggy FilteredSelectMultiple with ArrayFieldSelectMultiple 2020-09-30 23:58:01 +02:00
Jens Langhammer 9d5dd896f3 providers/proxy: start implementing basic_auth_enabled
see #244
2020-09-30 11:15:22 +02:00
Jens Langhammer 502e43085f lifecycle: update celery command for 5.0 2020-09-26 02:17:39 +02:00
Jens Langhammer 769ce1c642 e2e: add tests for TOTP Setup, static OTP Setup and otp validation 2020-09-25 20:21:49 +02:00
Jens Langhammer 52101007aa e2e: bump chrome version 2020-09-25 17:39:25 +02:00
Jens Langhammer 6458b1dbf8 providers/proxy: make upstream SSL Validation configurable 2020-09-23 12:20:14 +02:00
Jens Langhammer 59e8dca499 sources/ldap: divide connector into password, sync and auth, add unittests for password 2020-09-21 21:40:41 +02:00
Jens Langhammer 74251a8883 audit: update swagger for event 2020-09-21 13:41:53 +02:00
Jens Langhammer f99eaa85ac sources/ldap: implement LDAP password validation and syncing 2020-09-21 11:46:35 +02:00
Jens Langhammer a02fcb0a7a providers/oauth2: use # as separate for code#adfs, check if # exists in response_type and trim 2020-09-19 18:37:50 +02:00
Jens Langhammer 5689f25c39 providers/proxy: add option to skip authentication for paths matching regular expressions 2020-09-19 11:32:04 +02:00
Jens Langhammer a69c494feb stages/password: update swagger 2020-09-19 02:20:38 +02:00
Jens Langhammer fe4a0c3b44 core: add impersonation start/end to audit log
also add impersonated user as context to other logs
2020-09-18 23:39:37 +02:00
Jens Langhammer e0c104ee5c providers/oauth2: remove post_logout_redirect_uris 2020-09-18 23:37:40 +02:00
Jens Langhammer 4b39c71de0 providers/oauth2: accept token as post param 2020-09-16 23:38:55 +02:00
Jens Langhammer 0a5e14a352 core: make is_superuser a group property, remove from user 2020-09-15 23:10:31 +02:00
Jens Langhammer 5c622cd4d2 providers/oauth2: make sub configurable based on hash, username, email and upn 2020-09-15 20:54:42 +02:00
Jens Langhammer ca0ba85023 providers/saml: disallow idp-initiated SSO by default and validate Request ID 2020-09-12 00:53:44 +02:00
Jens Langhammer 430905295d root: automate system migrations, move docker to lifecycle folder 2020-09-10 00:18:39 +02:00
Jens Langhammer 9712be847c policies/api: fix target returning pbm_uuid instead of proper primary key of the object 2020-09-08 18:05:50 +02:00
Jens Langhammer 28893b9695 flows/transfer: fix missing unique fields for PolicyBinding 2020-09-07 11:26:37 +02:00
Jens L 268de20872
Proxy v2 (#189) 2020-09-03 00:04:12 +02:00
Jens Langhammer c39d136383 flows: add title field 2020-08-28 15:23:03 +02:00