This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/web
Jens L b0fbd576fc
security: cure53 fix (#6039)
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 22:25:04 +02:00
..
.storybook website/integrations: add account linking note for WriteFreely (#5804) 2023-06-08 13:27:35 +02:00
authentik/sources sources/oauth: fix reddit (#5557) 2023-05-09 23:41:24 +02:00
icons web: update icons 2022-09-24 12:47:11 +02:00
src security: cure53 fix (#6039) 2023-06-22 22:25:04 +02:00
xliff Updates for web/xliff/en.xlf in zh_CN (#6024) 2023-06-21 13:44:50 +02:00
.babelrc web: use absolute imports with path rewrite instead of relative imports (#3149) 2022-06-25 17:44:17 +02:00
.dockerignore root: fix references to helm chart 2021-06-13 14:30:44 +02:00
.eslintignore website: update translation docs (#5875) 2023-06-06 12:32:32 +02:00
.eslintrc.json web: Add storybook (#5865) 2023-06-07 13:05:33 +02:00
.gitignore web: Add storybook (#5865) 2023-06-07 13:05:33 +02:00
.prettierignore website/integrations: add account linking note for WriteFreely (#5804) 2023-06-08 13:27:35 +02:00
.prettierrc.json website: update translation docs (#5875) 2023-06-06 12:32:32 +02:00
lit-localize.json web: Replace lingui.js with lit-localize (#5761) 2023-06-02 08:08:36 -07:00
package-lock.json web: bump rollup-plugin-postcss-lit from 2.0.0 to 2.1.0 in /web (#6036) 2023-06-22 11:46:03 +02:00
package.json web: bump rollup-plugin-postcss-lit from 2.0.0 to 2.1.0 in /web (#6036) 2023-06-22 11:46:03 +02:00
README.md web: Add storybook (#5865) 2023-06-07 13:05:33 +02:00
robots.txt root: move webapp to /web (#347) 2020-11-28 19:43:42 +01:00
rollup.config.js web/admin: fix codemirror not working on safari (#5943) 2023-06-13 13:45:38 +02:00
rollup.proxy.js web: full web components part 1 (#4964) 2023-03-17 23:10:19 +01:00
security.txt root: update supported versions 2023-01-20 14:23:21 +01:00
static.go outposts: release binary outposts (#1954) 2021-12-17 19:49:32 +00:00
static_outpost.go outposts: release binary outposts (#1954) 2021-12-17 19:49:32 +00:00
tsconfig.json web: Add storybook (#5865) 2023-06-07 13:05:33 +02:00

authentik WebUI

This is the default UI for the authentik server. The documentation is going to be a little sparse for awhile, but at least let's get started.

Comments

NOTE: The comments in this section are for specific changes to this repository that cannot be reliably documented any other way. For the most part, they contain comments related to custom settings in JSON files, which do not support comments.

  • tsconfig.json:
    • compilerOptions.useDefineForClassFields: false is required to make TSC use the "classic" form of field definition when compiling class definitions. Storybook does not handle the ESNext proposed definition mechanism (yet).
    • compilerOptions.plugins.ts-lit-plugin.rules.no-unknown-tag-name: "off": required to support rapidoc, which exports its tag late.
    • compilerOptions.plugins.ts-lit-plugin.rules.no-missing-import: "off": lit-analyzer currently does not support path aliases very well, and cannot find the definition files associated with imports using them.
    • compilerOptions.plugins.ts-lit-plugin.rules.no-incompatible-type-binding: "warn": lit-analyzer does not support generics well when parsing a subtype of HTMLElement. As a result, this threw too many errors to be supportable.