This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.

Jens L b0fbd576fc security: cure53 fix (#6039) ... * ATH-01-001: resolve path and check start before loading blueprints This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: fix missing user filter for webauthn device This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it. * ATH-01-008: fix web forms not submitting correctly when pressing enter When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user. * ATH-01-004: remove env from admin system endpoint this endpoint already required admin access, but for debugging the env variables are used very little Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-005: use hmac.compare_digest for secret_key authentication Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-009: migrate impersonation to use API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-010: rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-014: save authenticator validation state in flow context Signed-off-by: Jens Langhammer <jens@goauthentik.io> bugfixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ATH-01-012: escape quotation marks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add website Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update release ntoes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update with all notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>		2023-06-22 22:25:04 +02:00
..
api	ci: fix pyright errors (#5392)	2023-04-27 17:33:47 +03:00
dummy	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
event_matcher	policies/event_matcher: change empty values to null (#6032)	2023-06-21 15:49:46 +02:00
expiry	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
expression	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
migrations	policies: make policy engine modes consistent with database values (#5462)	2023-05-03 18:16:16 +03:00
password	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
reputation	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
templates/policies	policies: fix current user not being set in server-side policy deny	2022-04-21 22:30:27 +02:00
tests	security: cure53 fix (#6039)	2023-06-22 22:25:04 +02:00
__init__.py	wip: rename to authentik (#361)	2020-12-05 22:08:42 +01:00
apps.py	*: add additional prometheus metrics, remove unusable high entropy metrics	2023-02-19 17:08:40 +01:00
denied.py	ci: fix pyright errors (#5392)	2023-04-27 17:33:47 +03:00
engine.py	ci: fix pyright errors (#5392)	2023-04-27 17:33:47 +03:00
exceptions.py	policies: raise sentry-ignored error for invalid PolicyEngine parameters	2023-02-13 13:23:07 +01:00
models.py	policies: make policy engine modes consistent with database values (#5462)	2023-05-03 18:16:16 +03:00
process.py	core: bump black from 22.12.0 to 23.1.0 (#4584)	2023-02-01 11:31:32 +01:00
signals.py	policies: clear app cache when writing user, groups, policies (#5371)	2023-04-25 15:24:47 +03:00
types.py	*: use dataclass slots wherever applicable (#6005)	2023-06-19 18:31:07 +02:00
urls.py	api: modular urls (#5551)	2023-05-09 14:46:47 +02:00
utils.py	providers/scim: default to None for fields instead of empty list (#5642)	2023-05-17 00:25:28 +02:00
views.py	*: remove some very verbose logging messages	2022-08-17 13:36:56 +02:00