authentik fork
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
Ken Sternberg d555c0db41
web: abstract rootInterface()?.config?.capabilities.includes() into .can() (#7737)
* This commit abstracts access to the object `rootInterface()?.config?` into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.

Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:

``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```

into:

``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```

It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.

The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:

    Symbol(): {
        cacheTimeout: 300
        cacheTimeoutFlows: 300
        cacheTimeoutPolicies: 300
        cacheTimeoutReputation: 300
        capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
    }

Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.

The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.

The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.

Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:

TODO:

``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```

* web: Added a README with a description of the applications' "mental model," essentially an architectural description.

* web: prettier had opinions about the README

* web: Jens requested that subscription be  by default, and it's the right call.

* This commit abstracts access to the object `rootInterface()?.config?` into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.

Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:

``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```

into:

``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```

It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.

The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:

    Symbol(): {
        cacheTimeout: 300
        cacheTimeoutFlows: 300
        cacheTimeoutPolicies: 300
        cacheTimeoutReputation: 300
        capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
    }

Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.

The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.

The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.

Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:

TODO:

``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```

* web: Added a README with a description of the applications' "mental model," essentially an architectural description.

* web: prettier had opinions about the README

* web: Jens requested that subscription be  by default, and it's the right call.

* web: adjust RAC to point to the (now independent) Interface.

- Also, removed redundant check.
2024-01-08 10:22:52 -08:00
.github enterprise/providers: Add RAC [AUTH-15] (#7291) 2023-12-30 21:33:14 +01:00
.vscode core: fix sources get icon naming (#7674) 2023-11-21 21:38:30 +01:00
authentik stages/user_login: only set last_ip in session if a binding is given (#8074) 2024-01-05 19:10:27 +01:00
blueprints providers/oauth2: offline access (#8026) 2024-01-04 19:57:11 +01:00
cmd enterprise/providers: Add RAC [AUTH-15] (#7291) 2023-12-30 21:33:14 +01:00
internal outposts/proxy: better Redis error message (#8044) 2024-01-02 20:01:53 +00:00
lifecycle scripts: postgres, redis: only listen on localhost (#7849) 2023-12-11 11:08:48 +00:00
locale core: compile backend translations (#8000) 2023-12-27 17:58:12 +01:00
schemas providers: SCIM (#4835) 2023-03-06 19:39:08 +01:00
scripts events: add ASN Database reader (#7793) 2023-12-20 22:16:50 +01:00
tests web: bump the eslint group in /tests/wdio with 2 updates (#8086) 2024-01-08 13:13:40 +01:00
web web: abstract rootInterface()?.config?.capabilities.includes() into .can() (#7737) 2024-01-08 10:22:52 -08:00
website website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088) 2024-01-08 13:13:31 +01:00
.bumpversion.cfg release: 2023.10.5 2023-12-21 15:08:13 +01:00
.dockerignore enterprise/providers: Add RAC [AUTH-15] (#7291) 2023-12-30 21:33:14 +01:00
.editorconfig website: codespell with custom dictionary and CI (#5062) 2023-03-24 00:24:55 +01:00
.gitignore root: Ignore the vendor folder (#7094) 2023-10-06 17:50:46 +02:00
CODE_OF_CONDUCT.md root: rework and expand security policy 2022-11-28 12:10:53 +01:00
CODEOWNERS web: bump the eslint group in /web with 1 update (#7039) 2023-10-02 19:37:32 +02:00
CONTRIBUTING.md website/developer-docs: move contributing to dev docs index and link contributing file (#5554) 2023-05-09 20:26:55 +02:00
docker-compose.yml release: 2023.10.5 2023-12-21 15:08:13 +01:00
Dockerfile events: add ASN Database reader (#7793) 2023-12-20 22:16:50 +01:00
go.mod core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) 2024-01-08 13:13:49 +01:00
go.sum core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) 2024-01-08 13:13:49 +01:00
ldap.Dockerfile Fix cache related image build issues 2023-12-09 06:07:21 +01:00
LICENSE enterprise: initial license (#5293) 2023-04-19 16:13:45 +02:00
Makefile enterprise/providers: Add RAC [AUTH-15] (#7291) 2023-12-30 21:33:14 +01:00
manage.py root: update deprecation warnings 2022-11-25 11:47:28 +01:00
poetry.lock tests/e2e: fix tests to work without docker network_mode host (#8035) 2024-01-01 21:08:40 +01:00
proxy.Dockerfile Fix cache related image build issues 2023-12-09 06:07:21 +01:00
pyproject.toml tests/e2e: fix tests to work without docker network_mode host (#8035) 2024-01-01 21:08:40 +01:00
rac.Dockerfile core: bump golang from 1.21.3-bookworm to 1.21.5-bookworm (#8027) 2024-01-01 21:13:42 +01:00
radius.Dockerfile Fix cache related image build issues 2023-12-09 06:07:21 +01:00
README.md root: remove outdated sponsorship section on readme (#6973) 2023-09-25 16:38:50 +02:00
schema.yml enterprise/providers/rac: add option to limit concurrent connections to endpoint (#8053) 2024-01-04 16:27:16 +01:00
SECURITY.md root: update security policy to include link to cure53 report (#7853) 2023-12-11 15:26:36 -06:00

authentik logo


Join Discord GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status Code Coverage Docker pulls Latest version

What is authentik?

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them.

Installation

For small/test setups it is recommended to use Docker Compose; refer to the documentation.

For bigger setups, there is a Helm Chart here. This is documented here.

Screenshots

Light Dark

Development

See Developer Documentation

Security

See SECURITY.md

Adoption and Contributions

Your organization uses authentik? We'd love to add your logo to the readme and our website! Email us @ hello@goauthentik.io or open a GitHub Issue/PR! For more information on how to contribute to authentik, please refer to our CONTRIBUTING.md file.