authenticationauthentikauthorizationkubernetesoauth2oauth2-clientoauth2-serveroidcoidc-clientoidc-providerproxyreverse-proxysamlsaml-idpsaml-spsecuritysso
5156aeee0f
* Always add generic message to failing zxcvbn password policy Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message. For example: ``` $ echo 'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1 Password: "score": 3, "feedback": { "warning": "", "suggestions": [] } } ``` As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. There are two ways to handle this: 1. Always add a generic "password is too weak" message when the policy fails. 2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not. I personally prefer 1. This way the generic message will be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some. Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Update authentik/policies/password/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> * Added test case * fix black formatting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: Jens L. <jens@beryju.org> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> |
||
---|---|---|
.github | ||
.vscode | ||
authentik | ||
blueprints | ||
cmd | ||
internal | ||
lifecycle | ||
locale | ||
scripts | ||
tests | ||
web | ||
website | ||
xml | ||
.bumpversion.cfg | ||
.dockerignore | ||
.editorconfig | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
docker-compose.yml | ||
Dockerfile | ||
go.mod | ||
go.sum | ||
ldap.Dockerfile | ||
LICENSE | ||
Makefile | ||
manage.py | ||
poetry.lock | ||
proxy.Dockerfile | ||
pyproject.toml | ||
README.md | ||
schema.yml | ||
SECURITY.md |
What is authentik?
authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.
Installation
For small/test setups it is recommended to use docker-compose, see the documentation
For bigger setups, there is a Helm Chart here. This is documented here
Screenshots
Light | Dark |
---|---|
Development
Security
See SECURITY.md
Sponsors
This project is proudly sponsored by:
DigitalOcean provides development and testing resources for authentik.
Netlify hosts the goauthentik.io site.