From b8fdda50ece10130cf8936be9466860c869af966 Mon Sep 17 00:00:00 2001 From: Jens L Date: Tue, 24 May 2022 22:01:18 +0200 Subject: [PATCH 01/20] ensure all viewsets have filter and search and add tests (#2946) Signed-off-by: Jens Langhammer --- authentik/api/tests/test_viewsets.py | 29 +++++++++++++++++++ authentik/core/api/applications.py | 1 + authentik/core/api/sources.py | 1 + authentik/events/api/notification_mappings.py | 1 + authentik/events/api/notification_rules.py | 1 + .../events/api/notification_transports.py | 1 + authentik/flows/api/bindings.py | 1 + authentik/outposts/api/service_connections.py | 2 ++ authentik/policies/dummy/api.py | 1 + authentik/policies/event_matcher/api.py | 1 + authentik/policies/expiry/api.py | 1 + authentik/policies/expression/api.py | 1 + authentik/policies/hibp/api.py | 1 + authentik/policies/password/api.py | 1 + authentik/policies/reputation/api.py | 1 + authentik/providers/ldap/api.py | 3 ++ authentik/providers/oauth2/api/provider.py | 1 + authentik/providers/oauth2/api/scope.py | 1 + authentik/providers/proxy/api.py | 3 ++ authentik/providers/saml/api.py | 2 ++ authentik/sources/ldap/api.py | 2 ++ authentik/sources/oauth/api/source.py | 1 + .../sources/oauth/api/source_connection.py | 1 + authentik/sources/plex/api/source.py | 1 + .../sources/plex/api/source_connection.py | 1 + authentik/sources/saml/api.py | 1 + authentik/stages/authenticator_duo/api.py | 1 + authentik/stages/authenticator_sms/api.py | 1 + authentik/stages/authenticator_static/api.py | 1 + authentik/stages/authenticator_totp/api.py | 1 + .../stages/authenticator_validate/api.py | 1 + .../stages/authenticator_webauthn/api.py | 1 + authentik/stages/captcha/api.py | 1 + authentik/stages/consent/api.py | 2 ++ authentik/stages/deny/api.py | 1 + authentik/stages/dummy/api.py | 1 + authentik/stages/email/api.py | 1 + authentik/stages/identification/api.py | 1 + authentik/stages/invitation/api.py | 1 + authentik/stages/password/api.py | 1 + authentik/stages/prompt/api.py | 2 ++ authentik/stages/user_delete/api.py | 1 + authentik/stages/user_login/api.py | 1 + authentik/stages/user_logout/api.py | 1 + authentik/stages/user_write/api.py | 1 + schema.yml | 16 ++++++++++ 46 files changed, 98 insertions(+) create mode 100644 authentik/api/tests/test_viewsets.py diff --git a/authentik/api/tests/test_viewsets.py b/authentik/api/tests/test_viewsets.py new file mode 100644 index 000000000..dee956461 --- /dev/null +++ b/authentik/api/tests/test_viewsets.py @@ -0,0 +1,29 @@ +"""authentik API Modelviewset tests""" +from typing import Callable + +from django.test import TestCase +from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet + +from authentik.api.v3.urls import router + + +class TestModelViewSets(TestCase): + """Test Viewset""" + + +def viewset_tester_factory(test_viewset: type[ModelViewSet]) -> Callable: + """Test Viewset""" + + def tester(self: TestModelViewSets): + self.assertIsNotNone(getattr(test_viewset, "search_fields", None)) + filterset_class = getattr(test_viewset, "filterset_class", None) + if not filterset_class: + self.assertIsNotNone(getattr(test_viewset, "filterset_fields", None)) + + return tester + + +for _, viewset, _ in router.registry: + if not issubclass(viewset, (ModelViewSet, ReadOnlyModelViewSet)): + continue + setattr(TestModelViewSets, f"test_viewset_{viewset.__name__}", viewset_tester_factory(viewset)) diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index e1e810cf3..fd8761d1b 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -89,6 +89,7 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet): "group", ] lookup_field = "slug" + filterset_fields = ["name", "slug"] ordering = ["name"] def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet: diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 97d47cd85..25202c034 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -66,6 +66,7 @@ class SourceViewSet( queryset = Source.objects.none() serializer_class = SourceSerializer lookup_field = "slug" + search_fields = ["slug", "name"] def get_queryset(self): # pragma: no cover return Source.objects.select_subclasses() diff --git a/authentik/events/api/notification_mappings.py b/authentik/events/api/notification_mappings.py index 89fed5d9c..37d3b9770 100644 --- a/authentik/events/api/notification_mappings.py +++ b/authentik/events/api/notification_mappings.py @@ -26,3 +26,4 @@ class NotificationWebhookMappingViewSet(UsedByMixin, ModelViewSet): serializer_class = NotificationWebhookMappingSerializer filterset_fields = ["name"] ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/events/api/notification_rules.py b/authentik/events/api/notification_rules.py index 45903271d..b8aa7e579 100644 --- a/authentik/events/api/notification_rules.py +++ b/authentik/events/api/notification_rules.py @@ -32,3 +32,4 @@ class NotificationRuleViewSet(UsedByMixin, ModelViewSet): serializer_class = NotificationRuleSerializer filterset_fields = ["name", "severity", "group__name"] ordering = ["name"] + search_fields = ["name", "group__name"] diff --git a/authentik/events/api/notification_transports.py b/authentik/events/api/notification_transports.py index 763d24fe4..611fa9a5c 100644 --- a/authentik/events/api/notification_transports.py +++ b/authentik/events/api/notification_transports.py @@ -68,6 +68,7 @@ class NotificationTransportViewSet(UsedByMixin, ModelViewSet): queryset = NotificationTransport.objects.all() serializer_class = NotificationTransportSerializer filterset_fields = ["name", "mode", "webhook_url", "send_once"] + search_fields = ["name", "mode", "webhook_url"] ordering = ["name"] @permission_required("authentik_events.change_notificationtransport") diff --git a/authentik/flows/api/bindings.py b/authentik/flows/api/bindings.py index 13fd04887..bdcac396d 100644 --- a/authentik/flows/api/bindings.py +++ b/authentik/flows/api/bindings.py @@ -35,3 +35,4 @@ class FlowStageBindingViewSet(UsedByMixin, ModelViewSet): queryset = FlowStageBinding.objects.all() serializer_class = FlowStageBindingSerializer filterset_fields = "__all__" + search_fields = ["stage__name"] diff --git a/authentik/outposts/api/service_connections.py b/authentik/outposts/api/service_connections.py index 8ba05ce92..c118156d1 100644 --- a/authentik/outposts/api/service_connections.py +++ b/authentik/outposts/api/service_connections.py @@ -118,6 +118,7 @@ class DockerServiceConnectionViewSet(UsedByMixin, ModelViewSet): serializer_class = DockerServiceConnectionSerializer filterset_fields = ["name", "local", "url", "tls_verification", "tls_authentication"] ordering = ["name"] + search_fields = ["name"] class KubernetesServiceConnectionSerializer(ServiceConnectionSerializer): @@ -152,3 +153,4 @@ class KubernetesServiceConnectionViewSet(UsedByMixin, ModelViewSet): serializer_class = KubernetesServiceConnectionSerializer filterset_fields = ["name", "local"] ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/dummy/api.py b/authentik/policies/dummy/api.py index 5dbe1b0d7..344089a0d 100644 --- a/authentik/policies/dummy/api.py +++ b/authentik/policies/dummy/api.py @@ -21,3 +21,4 @@ class DummyPolicyViewSet(UsedByMixin, ModelViewSet): serializer_class = DummyPolicySerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/event_matcher/api.py b/authentik/policies/event_matcher/api.py index e73c70053..4a4a74551 100644 --- a/authentik/policies/event_matcher/api.py +++ b/authentik/policies/event_matcher/api.py @@ -25,3 +25,4 @@ class EventMatcherPolicyViewSet(UsedByMixin, ModelViewSet): serializer_class = EventMatcherPolicySerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/expiry/api.py b/authentik/policies/expiry/api.py index 73eb0c366..2f72cc6e8 100644 --- a/authentik/policies/expiry/api.py +++ b/authentik/policies/expiry/api.py @@ -21,3 +21,4 @@ class PasswordExpiryPolicyViewSet(UsedByMixin, ModelViewSet): serializer_class = PasswordExpiryPolicySerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/expression/api.py b/authentik/policies/expression/api.py index 176afb068..c587f1b15 100644 --- a/authentik/policies/expression/api.py +++ b/authentik/policies/expression/api.py @@ -28,3 +28,4 @@ class ExpressionPolicyViewSet(UsedByMixin, ModelViewSet): serializer_class = ExpressionPolicySerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/hibp/api.py b/authentik/policies/hibp/api.py index de7a86a2d..499853f3f 100644 --- a/authentik/policies/hibp/api.py +++ b/authentik/policies/hibp/api.py @@ -20,4 +20,5 @@ class HaveIBeenPwendPolicyViewSet(UsedByMixin, ModelViewSet): queryset = HaveIBeenPwendPolicy.objects.all() serializer_class = HaveIBeenPwendPolicySerializer filterset_fields = "__all__" + search_fields = ["name", "password_field"] ordering = ["name"] diff --git a/authentik/policies/password/api.py b/authentik/policies/password/api.py index 4b9810a8d..227162e0e 100644 --- a/authentik/policies/password/api.py +++ b/authentik/policies/password/api.py @@ -30,3 +30,4 @@ class PasswordPolicyViewSet(UsedByMixin, ModelViewSet): serializer_class = PasswordPolicySerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/policies/reputation/api.py b/authentik/policies/reputation/api.py index ba6fda761..fc9eafcab 100644 --- a/authentik/policies/reputation/api.py +++ b/authentik/policies/reputation/api.py @@ -26,6 +26,7 @@ class ReputationPolicyViewSet(UsedByMixin, ModelViewSet): queryset = ReputationPolicy.objects.all() serializer_class = ReputationPolicySerializer filterset_fields = "__all__" + search_fields = ["name", "threshold"] ordering = ["name"] diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py index e1649f41a..ba1250998 100644 --- a/authentik/providers/ldap/api.py +++ b/authentik/providers/ldap/api.py @@ -47,6 +47,7 @@ class LDAPProviderViewSet(UsedByMixin, ModelViewSet): "uid_start_number": ["iexact"], "gid_start_number": ["iexact"], } + search_fields = ["name"] ordering = ["name"] @@ -81,3 +82,5 @@ class LDAPOutpostConfigViewSet(ReadOnlyModelViewSet): queryset = LDAPProvider.objects.filter(application__isnull=False) serializer_class = LDAPOutpostConfigSerializer ordering = ["name"] + search_fields = ["name"] + filterset_fields = ["name"] diff --git a/authentik/providers/oauth2/api/provider.py b/authentik/providers/oauth2/api/provider.py index a534d0648..bb91cd5bd 100644 --- a/authentik/providers/oauth2/api/provider.py +++ b/authentik/providers/oauth2/api/provider.py @@ -71,6 +71,7 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet): "property_mappings", "issuer_mode", ] + search_fields = ["name"] ordering = ["name"] @extend_schema( diff --git a/authentik/providers/oauth2/api/scope.py b/authentik/providers/oauth2/api/scope.py index 3ef0814f1..685715394 100644 --- a/authentik/providers/oauth2/api/scope.py +++ b/authentik/providers/oauth2/api/scope.py @@ -39,3 +39,4 @@ class ScopeMappingViewSet(UsedByMixin, ModelViewSet): serializer_class = ScopeMappingSerializer filterset_class = ScopeMappingFilter ordering = ["scope_name", "name"] + search_fields = ["name", "scope_name"] diff --git a/authentik/providers/proxy/api.py b/authentik/providers/proxy/api.py index 3ca998614..2561b4377 100644 --- a/authentik/providers/proxy/api.py +++ b/authentik/providers/proxy/api.py @@ -103,6 +103,7 @@ class ProxyProviderViewSet(UsedByMixin, ModelViewSet): "redirect_uris": ["iexact"], "cookie_domain": ["iexact"], } + search_fields = ["name"] ordering = ["name"] @@ -166,3 +167,5 @@ class ProxyOutpostConfigViewSet(ReadOnlyModelViewSet): queryset = ProxyProvider.objects.filter(application__isnull=False) serializer_class = ProxyOutpostConfigSerializer ordering = ["name"] + search_fields = ["name"] + filterset_fields = ["name"] diff --git a/authentik/providers/saml/api.py b/authentik/providers/saml/api.py index 71f714bc9..1658fd02c 100644 --- a/authentik/providers/saml/api.py +++ b/authentik/providers/saml/api.py @@ -99,6 +99,7 @@ class SAMLProviderViewSet(UsedByMixin, ModelViewSet): serializer_class = SAMLProviderSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] @extend_schema( responses={ @@ -216,4 +217,5 @@ class SAMLPropertyMappingViewSet(UsedByMixin, ModelViewSet): queryset = SAMLPropertyMapping.objects.all() serializer_class = SAMLPropertyMappingSerializer filterset_class = SAMLPropertyMappingFilter + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index 952fa7e86..edf1b6547 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -91,6 +91,7 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet): "property_mappings", "property_mappings_group", ] + search_fields = ["name", "slug"] ordering = ["name"] @extend_schema( @@ -142,4 +143,5 @@ class LDAPPropertyMappingViewSet(UsedByMixin, ModelViewSet): queryset = LDAPPropertyMapping.objects.all() serializer_class = LDAPPropertyMappingSerializer filterset_class = LDAPPropertyMappingFilter + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index b288b909d..ec326c5e6 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -102,6 +102,7 @@ class OAuthSourceViewSet(UsedByMixin, ModelViewSet): "consumer_key", "additional_scopes", ] + search_fields = ["name", "slug"] ordering = ["name"] @extend_schema( diff --git a/authentik/sources/oauth/api/source_connection.py b/authentik/sources/oauth/api/source_connection.py index c44edeeeb..311ce5bad 100644 --- a/authentik/sources/oauth/api/source_connection.py +++ b/authentik/sources/oauth/api/source_connection.py @@ -26,6 +26,7 @@ class UserOAuthSourceConnectionViewSet(UsedByMixin, ModelViewSet): queryset = UserOAuthSourceConnection.objects.all() serializer_class = UserOAuthSourceConnectionSerializer filterset_fields = ["source__slug"] + search_fields = ["source__slug"] permission_classes = [OwnerSuperuserPermissions] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] ordering = ["source__slug"] diff --git a/authentik/sources/plex/api/source.py b/authentik/sources/plex/api/source.py index 4e14e51d6..dd15b9a2b 100644 --- a/authentik/sources/plex/api/source.py +++ b/authentik/sources/plex/api/source.py @@ -60,6 +60,7 @@ class PlexSourceViewSet(UsedByMixin, ModelViewSet): "client_id", "allow_friends", ] + search_fields = ["name", "slug"] ordering = ["name"] @permission_required(None) diff --git a/authentik/sources/plex/api/source_connection.py b/authentik/sources/plex/api/source_connection.py index 32847dcb4..f046a300f 100644 --- a/authentik/sources/plex/api/source_connection.py +++ b/authentik/sources/plex/api/source_connection.py @@ -35,3 +35,4 @@ class PlexSourceConnectionViewSet(UsedByMixin, ModelViewSet): permission_classes = [OwnerSuperuserPermissions] filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] ordering = ["pk"] + search_fields = ["source__slug"] diff --git a/authentik/sources/saml/api.py b/authentik/sources/saml/api.py index ec6a78799..618dc0311 100644 --- a/authentik/sources/saml/api.py +++ b/authentik/sources/saml/api.py @@ -41,6 +41,7 @@ class SAMLSourceViewSet(UsedByMixin, ModelViewSet): serializer_class = SAMLSourceSerializer lookup_field = "slug" filterset_fields = "__all__" + search_fields = ["name", "slug"] ordering = ["name"] @extend_schema(responses={200: SAMLMetadataSerializer(many=False)}) diff --git a/authentik/stages/authenticator_duo/api.py b/authentik/stages/authenticator_duo/api.py index 13054f2d7..66fbba77e 100644 --- a/authentik/stages/authenticator_duo/api.py +++ b/authentik/stages/authenticator_duo/api.py @@ -51,6 +51,7 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet): "client_id", "api_hostname", ] + search_fields = ["name"] ordering = ["name"] @extend_schema( diff --git a/authentik/stages/authenticator_sms/api.py b/authentik/stages/authenticator_sms/api.py index 661c5939d..dfe22de75 100644 --- a/authentik/stages/authenticator_sms/api.py +++ b/authentik/stages/authenticator_sms/api.py @@ -36,6 +36,7 @@ class AuthenticatorSMSStageViewSet(UsedByMixin, ModelViewSet): serializer_class = AuthenticatorSMSStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class SMSDeviceSerializer(ModelSerializer): diff --git a/authentik/stages/authenticator_static/api.py b/authentik/stages/authenticator_static/api.py index f2d639e14..414950a66 100644 --- a/authentik/stages/authenticator_static/api.py +++ b/authentik/stages/authenticator_static/api.py @@ -29,6 +29,7 @@ class AuthenticatorStaticStageViewSet(UsedByMixin, ModelViewSet): serializer_class = AuthenticatorStaticStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class StaticDeviceTokenSerializer(ModelSerializer): diff --git a/authentik/stages/authenticator_totp/api.py b/authentik/stages/authenticator_totp/api.py index dd651bb5b..3feb127fe 100644 --- a/authentik/stages/authenticator_totp/api.py +++ b/authentik/stages/authenticator_totp/api.py @@ -29,6 +29,7 @@ class AuthenticatorTOTPStageViewSet(UsedByMixin, ModelViewSet): serializer_class = AuthenticatorTOTPStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class TOTPDeviceSerializer(ModelSerializer): diff --git a/authentik/stages/authenticator_validate/api.py b/authentik/stages/authenticator_validate/api.py index d0de49bb1..429055657 100644 --- a/authentik/stages/authenticator_validate/api.py +++ b/authentik/stages/authenticator_validate/api.py @@ -41,3 +41,4 @@ class AuthenticatorValidateStageViewSet(UsedByMixin, ModelViewSet): serializer_class = AuthenticatorValidateStageSerializer filterset_fields = ["name", "not_configured_action", "configuration_stages"] ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/stages/authenticator_webauthn/api.py b/authentik/stages/authenticator_webauthn/api.py index 0302988ab..e8f8567eb 100644 --- a/authentik/stages/authenticator_webauthn/api.py +++ b/authentik/stages/authenticator_webauthn/api.py @@ -33,6 +33,7 @@ class AuthenticateWebAuthnStageViewSet(UsedByMixin, ModelViewSet): serializer_class = AuthenticateWebAuthnStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class WebAuthnDeviceSerializer(ModelSerializer): diff --git a/authentik/stages/captcha/api.py b/authentik/stages/captcha/api.py index 9dcaef06c..496342808 100644 --- a/authentik/stages/captcha/api.py +++ b/authentik/stages/captcha/api.py @@ -22,4 +22,5 @@ class CaptchaStageViewSet(UsedByMixin, ModelViewSet): queryset = CaptchaStage.objects.all() serializer_class = CaptchaStageSerializer filterset_fields = ["name", "public_key"] + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/consent/api.py b/authentik/stages/consent/api.py index 693288c35..f170020b0 100644 --- a/authentik/stages/consent/api.py +++ b/authentik/stages/consent/api.py @@ -28,6 +28,7 @@ class ConsentStageViewSet(UsedByMixin, ModelViewSet): serializer_class = ConsentStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class UserConsentSerializer(StageSerializer): @@ -60,6 +61,7 @@ class UserConsentViewSet( OrderingFilter, SearchFilter, ] + search_fields = ["user__username"] def get_queryset(self): user = self.request.user if self.request else get_anonymous_user() diff --git a/authentik/stages/deny/api.py b/authentik/stages/deny/api.py index 48bcc7cae..92d2a0e80 100644 --- a/authentik/stages/deny/api.py +++ b/authentik/stages/deny/api.py @@ -22,3 +22,4 @@ class DenyStageViewSet(UsedByMixin, ModelViewSet): serializer_class = DenyStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/stages/dummy/api.py b/authentik/stages/dummy/api.py index 8569eb2dd..25f23abfd 100644 --- a/authentik/stages/dummy/api.py +++ b/authentik/stages/dummy/api.py @@ -21,4 +21,5 @@ class DummyStageViewSet(UsedByMixin, ModelViewSet): queryset = DummyStage.objects.all() serializer_class = DummyStageSerializer filterset_fields = "__all__" + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/email/api.py b/authentik/stages/email/api.py index ec9d461a4..4bc1d4c96 100644 --- a/authentik/stages/email/api.py +++ b/authentik/stages/email/api.py @@ -68,6 +68,7 @@ class EmailStageViewSet(UsedByMixin, ModelViewSet): "template", "activate_user_on_success", ] + search_fields = ["name"] ordering = ["name"] @extend_schema(responses={200: TypeCreateSerializer(many=True)}) diff --git a/authentik/stages/identification/api.py b/authentik/stages/identification/api.py index 5b3f8450c..682d2cc0c 100644 --- a/authentik/stages/identification/api.py +++ b/authentik/stages/identification/api.py @@ -40,4 +40,5 @@ class IdentificationStageViewSet(UsedByMixin, ModelViewSet): "passwordless_flow", "show_source_labels", ] + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/invitation/api.py b/authentik/stages/invitation/api.py index 789ba69de..56b60c02b 100644 --- a/authentik/stages/invitation/api.py +++ b/authentik/stages/invitation/api.py @@ -41,6 +41,7 @@ class InvitationStageViewSet(UsedByMixin, ModelViewSet): serializer_class = InvitationStageSerializer filterset_class = InvitationStageFilter ordering = ["name"] + search_fields = ["name"] class InvitationSerializer(ModelSerializer): diff --git a/authentik/stages/password/api.py b/authentik/stages/password/api.py index 95b654ade..1ba780b2d 100644 --- a/authentik/stages/password/api.py +++ b/authentik/stages/password/api.py @@ -29,4 +29,5 @@ class PasswordStageViewSet(UsedByMixin, ModelViewSet): "configure_flow", "failed_attempts_before_cancel", ] + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/prompt/api.py b/authentik/stages/prompt/api.py index 51b8daf3e..6af7d2609 100644 --- a/authentik/stages/prompt/api.py +++ b/authentik/stages/prompt/api.py @@ -29,6 +29,7 @@ class PromptStageViewSet(UsedByMixin, ModelViewSet): serializer_class = PromptStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] class PromptSerializer(ModelSerializer): @@ -59,3 +60,4 @@ class PromptViewSet(UsedByMixin, ModelViewSet): queryset = Prompt.objects.all().prefetch_related("promptstage_set") serializer_class = PromptSerializer filterset_fields = ["field_key", "label", "type", "placeholder"] + search_fields = ["field_key", "label", "type", "placeholder"] diff --git a/authentik/stages/user_delete/api.py b/authentik/stages/user_delete/api.py index a2f65c42c..1ba14d8f8 100644 --- a/authentik/stages/user_delete/api.py +++ b/authentik/stages/user_delete/api.py @@ -22,3 +22,4 @@ class UserDeleteStageViewSet(UsedByMixin, ModelViewSet): serializer_class = UserDeleteStageSerializer filterset_fields = "__all__" ordering = ["name"] + search_fields = ["name"] diff --git a/authentik/stages/user_login/api.py b/authentik/stages/user_login/api.py index ec62c4827..e8f8048b8 100644 --- a/authentik/stages/user_login/api.py +++ b/authentik/stages/user_login/api.py @@ -23,4 +23,5 @@ class UserLoginStageViewSet(UsedByMixin, ModelViewSet): queryset = UserLoginStage.objects.all() serializer_class = UserLoginStageSerializer filterset_fields = "__all__" + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/user_logout/api.py b/authentik/stages/user_logout/api.py index d5f506b2b..16e061f2f 100644 --- a/authentik/stages/user_logout/api.py +++ b/authentik/stages/user_logout/api.py @@ -21,4 +21,5 @@ class UserLogoutStageViewSet(UsedByMixin, ModelViewSet): queryset = UserLogoutStage.objects.all() serializer_class = UserLogoutStageSerializer filterset_fields = "__all__" + search_fields = ["name"] ordering = ["name"] diff --git a/authentik/stages/user_write/api.py b/authentik/stages/user_write/api.py index fd7b7dee5..c1a1baf56 100644 --- a/authentik/stages/user_write/api.py +++ b/authentik/stages/user_write/api.py @@ -21,4 +21,5 @@ class UserWriteStageViewSet(UsedByMixin, ModelViewSet): queryset = UserWriteStage.objects.all() serializer_class = UserWriteStageSerializer filterset_fields = "__all__" + search_fields = ["name"] ordering = ["name"] diff --git a/schema.yml b/schema.yml index ccb18428f..e3437ffa1 100644 --- a/schema.yml +++ b/schema.yml @@ -1601,6 +1601,10 @@ paths: operationId: core_applications_list description: Custom list method that checks Policy based access instead of guardian parameters: + - in: query + name: name + schema: + type: string - name: ordering required: false in: query @@ -1625,6 +1629,10 @@ paths: description: A search term. schema: type: string + - in: query + name: slug + schema: + type: string - in: query name: superuser_full_list schema: @@ -6114,6 +6122,10 @@ paths: operationId: outposts_ldap_list description: LDAPProvider Viewset parameters: + - in: query + name: name + schema: + type: string - name: ordering required: false in: query @@ -6184,6 +6196,10 @@ paths: operationId: outposts_proxy_list description: ProxyProvider Viewset parameters: + - in: query + name: name + schema: + type: string - name: ordering required: false in: query From 0edf4296c4e4fe4339d2a397f1e4ddb4d164da72 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 24 May 2022 22:12:31 +0200 Subject: [PATCH 02/20] web/elements: fix used_by refreshing for all elements when using DeleteBulkForm Signed-off-by: Jens Langhammer --- web/src/elements/forms/DeleteBulkForm.ts | 18 +++++---- web/src/locales/de.po | 40 +++++++++++++++++++ web/src/locales/en.po | 40 +++++++++++++++++++ web/src/locales/es.po | 40 +++++++++++++++++++ web/src/locales/fr_FR.po | 40 +++++++++++++++++++ web/src/locales/pl.po | 40 +++++++++++++++++++ web/src/locales/pseudo-LOCALE.po | 40 +++++++++++++++++++ web/src/locales/tr.po | 40 +++++++++++++++++++ web/src/locales/zh-Hans.po | 40 +++++++++++++++++++ web/src/locales/zh-Hant.po | 40 +++++++++++++++++++ web/src/locales/zh_TW.po | 40 +++++++++++++++++++ .../policies/reputation/ReputationListPage.ts | 2 +- 12 files changed, 412 insertions(+), 8 deletions(-) diff --git a/web/src/elements/forms/DeleteBulkForm.ts b/web/src/elements/forms/DeleteBulkForm.ts index 37494674e..1daa4dffd 100644 --- a/web/src/elements/forms/DeleteBulkForm.ts +++ b/web/src/elements/forms/DeleteBulkForm.ts @@ -1,7 +1,7 @@ import { t } from "@lingui/macro"; import { CSSResult, TemplateResult, html } from "lit"; -import { customElement, property } from "lit/decorators.js"; +import { customElement, property, state } from "lit/decorators.js"; import { until } from "lit/directives/until.js"; import PFList from "@patternfly/patternfly/components/List/list.css"; @@ -33,6 +33,9 @@ export class DeleteObjectsTable extends Table { @property({ attribute: false }) usedBy?: (item: T) => Promise; + @state() + usedByData: Map = new Map(); + static get styles(): CSSResult[] { return super.styles.concat(PFList); } @@ -68,15 +71,16 @@ export class DeleteObjectsTable extends Table { } renderExpanded(item: T): TemplateResult { + const handler = async () => { + if (!this.usedByData.has(item) && this.usedBy) { + this.usedByData.set(item, await this.usedBy(item)); + } + return this.renderUsedBy(this.usedByData.get(item) || []); + }; return html`
${this.usedBy - ? until( - this.usedBy(item).then((usedBy) => { - return this.renderUsedBy(usedBy); - }), - html``, - ) + ? until(handler(), html``) : html``}
`; diff --git a/web/src/locales/de.po b/web/src/locales/de.po index 2882c40de..e412c6876 100644 --- a/web/src/locales/de.po +++ b/web/src/locales/de.po @@ -1551,6 +1551,11 @@ msgstr "{0} löschen" msgid "Deny the user access" msgstr "Dem Benutzer den Zugang verweigern" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2457,6 +2462,7 @@ msgstr "Interne Konten ausblenden" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2719,9 +2725,14 @@ msgstr "Aussteller" msgid "Issuer mode" msgstr "Ausstellermodus" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "JWT Algorithmus" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2904,6 +2915,7 @@ msgstr "Wird geladen" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3026,6 +3038,10 @@ msgstr "Langlaufende Operationen, die Authentik im Hintergrund ausführt." msgid "MFA Devices" msgstr "Multifaktor-Authentifzierungs Geräte" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "Bewahren Sie diese Tokens an einem sicheren Ort auf." @@ -3509,6 +3525,22 @@ msgstr "OAuth-Aktualisierungscodes" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4065,6 +4097,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "Mit Plex erneut authentifizieren" @@ -5646,6 +5682,10 @@ msgstr "Vorübergehend" msgid "Transports" msgstr "Zustellungsarten" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "Türkisch" diff --git a/web/src/locales/en.po b/web/src/locales/en.po index b2ec2d539..b3bd88cd5 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -1569,6 +1569,11 @@ msgstr "Delete {0}" msgid "Deny the user access" msgstr "Deny the user access" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2496,6 +2501,7 @@ msgstr "Hide service-accounts" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2768,10 +2774,15 @@ msgstr "Issuer" msgid "Issuer mode" msgstr "Issuer mode" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #~ msgid "JWT Algorithm" #~ msgstr "JWT Algorithm" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider." @@ -2956,6 +2967,7 @@ msgstr "Loading" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3078,6 +3090,10 @@ msgstr "Long-running operations which authentik executes in the background." msgid "MFA Devices" msgstr "MFA Devices" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "Machine-to-Machine authentication settings" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "Make sure to keep these tokens in a safe place." @@ -3567,6 +3583,22 @@ msgstr "OAuth Refresh Codes" #~ msgid "OAuth/OIDC" #~ msgstr "OAuth/OIDC" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "OIDC JWKS" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "OIDC JWKS URL" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "OIDC Well-known URL" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4137,6 +4169,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "Raw JWKS data." + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "Re-authenticate with plex" @@ -5766,6 +5802,10 @@ msgstr "Transient" msgid "Transports" msgstr "Transports" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "Trusted OIDC Sources" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "Turkish" diff --git a/web/src/locales/es.po b/web/src/locales/es.po index 309b0e02b..bb21c3a70 100644 --- a/web/src/locales/es.po +++ b/web/src/locales/es.po @@ -1542,6 +1542,11 @@ msgstr "Eliminar {0}" msgid "Deny the user access" msgstr "Denegar el acceso al usuario" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2448,6 +2453,7 @@ msgstr "Ocultar cuentas de servicio" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2712,9 +2718,14 @@ msgstr "Emisor" msgid "Issuer mode" msgstr "Modo emisor" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "algoritmo JWT" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2897,6 +2908,7 @@ msgstr "Cargando" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3019,6 +3031,10 @@ msgstr "Operaciones de larga ejecución que authentik se ejecuta en segundo plan msgid "MFA Devices" msgstr "Dispositivos de MFA" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "Asegúrese de guardar estas fichas en un lugar seguro." @@ -3502,6 +3518,22 @@ msgstr "Códigos de actualización de OAuth" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "DE ACUERDO" @@ -4058,6 +4090,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "Vuelva a autenticarse con plex" @@ -5640,6 +5676,10 @@ msgstr "transitorio" msgid "Transports" msgstr "Transportes" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "turco" diff --git a/web/src/locales/fr_FR.po b/web/src/locales/fr_FR.po index 42cef8dc1..c961db8e5 100644 --- a/web/src/locales/fr_FR.po +++ b/web/src/locales/fr_FR.po @@ -1554,6 +1554,11 @@ msgstr "Supprimer {0}" msgid "Deny the user access" msgstr "Refuser l'accès à l'utilisateu" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2474,6 +2479,7 @@ msgstr "Cacher les comptes de service" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2741,10 +2747,15 @@ msgstr "Émetteur" msgid "Issuer mode" msgstr "Mode de l'émetteur" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #~ msgid "JWT Algorithm" #~ msgstr "Algorithme JWT" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2928,6 +2939,7 @@ msgstr "Chargement en cours" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3050,6 +3062,10 @@ msgstr "Opérations de longue durée qu'Authentik exécute en arrière-plan." msgid "MFA Devices" msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "" @@ -3536,6 +3552,22 @@ msgstr "Code de rafraîchissement OAuth" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "" @@ -4096,6 +4128,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "Se ré-authentifier avec Plex" @@ -5698,6 +5734,10 @@ msgstr "Transitoire" msgid "Transports" msgstr "Transports" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "" diff --git a/web/src/locales/pl.po b/web/src/locales/pl.po index 31c236130..57dd05479 100644 --- a/web/src/locales/pl.po +++ b/web/src/locales/pl.po @@ -1539,6 +1539,11 @@ msgstr "Usuń {0}" msgid "Deny the user access" msgstr "Odmów użytkownikowi dostępu" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2445,6 +2450,7 @@ msgstr "Ukryj konta serwisowe" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2709,9 +2715,14 @@ msgstr "Wystawca" msgid "Issuer mode" msgstr "Tryb wystawcy" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "Algorytm JWT" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2894,6 +2905,7 @@ msgstr "Ładowanie" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3016,6 +3028,10 @@ msgstr "Długotrwałe operacje, które authentik wykonuje w tle." msgid "MFA Devices" msgstr "Urządzenia MFA" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "Upewnij się, że przechowujesz te tokeny w bezpiecznym miejscu." @@ -3499,6 +3515,22 @@ msgstr "Kody odświeżania OAuth" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4055,6 +4087,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "Ponowne uwierzytelnienie za pomocą plex" @@ -5637,6 +5673,10 @@ msgstr "przejściowy" msgid "Transports" msgstr "Transporty" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "Turecki" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 7e33fc84c..e40521dca 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -1555,6 +1555,11 @@ msgstr "" msgid "Deny the user access" msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2482,6 +2487,7 @@ msgstr "" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2750,10 +2756,15 @@ msgstr "" msgid "Issuer mode" msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #~ msgid "JWT Algorithm" #~ msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2938,6 +2949,7 @@ msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3060,6 +3072,10 @@ msgstr "" msgid "MFA Devices" msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "" @@ -3549,6 +3565,22 @@ msgstr "" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "" @@ -4117,6 +4149,10 @@ msgstr "" msgid "RSA-SHA512" msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "" @@ -5736,6 +5772,10 @@ msgstr "" msgid "Transports" msgstr "" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "" diff --git a/web/src/locales/tr.po b/web/src/locales/tr.po index 2a68d1ede..d39a54326 100644 --- a/web/src/locales/tr.po +++ b/web/src/locales/tr.po @@ -1542,6 +1542,11 @@ msgstr "{0} Sil" msgid "Deny the user access" msgstr "Kullanıcı erişimini engelle" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2448,6 +2453,7 @@ msgstr "Hizmet hesaplarını gizle" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2713,9 +2719,14 @@ msgstr "Yayımcı" msgid "Issuer mode" msgstr "Yayımcı kipi" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "JWT Algoritması" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "" @@ -2898,6 +2909,7 @@ msgstr "Yükleniyor" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3020,6 +3032,10 @@ msgstr "authentik'in arka planda yürüttüğü uzun süreli işlemler." msgid "MFA Devices" msgstr "MFA Cihazları" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "Bu belirteçleri güvenli bir yerde tuttuğunuzdan emin olun." @@ -3504,6 +3520,22 @@ msgstr "OAuth Yenile Kodları" #~ msgid "OAuth/OIDC" #~ msgstr "" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4060,6 +4092,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "plex ile yeniden kimlik doğrulama" @@ -5642,6 +5678,10 @@ msgstr "Geçici" msgid "Transports" msgstr "Aktarıcılar" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "Türkçe" diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po index 65ef32c00..4df433201 100644 --- a/web/src/locales/zh-Hans.po +++ b/web/src/locales/zh-Hans.po @@ -1537,6 +1537,11 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2434,6 +2439,7 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2697,9 +2703,14 @@ msgstr "颁发者" msgid "Issuer mode" msgstr "Issuer 模式" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2880,6 +2891,7 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3001,6 +3013,10 @@ msgstr "authentik 在后台执行的长时间运行的操作。" msgid "MFA Devices" msgstr "MFA 设备" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "确保将这些令牌保存在安全的地方。" @@ -3481,6 +3497,22 @@ msgstr "OAuth 刷新代码" #~ msgid "OAuth/OIDC" #~ msgstr "OAuth/OIDC" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "好的" @@ -4029,6 +4061,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "使用 Plex 重新验证身份" @@ -5601,6 +5637,10 @@ msgstr "暂时的" msgid "Transports" msgstr "传输" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "土耳其语" diff --git a/web/src/locales/zh-Hant.po b/web/src/locales/zh-Hant.po index 77d550803..7c773f82d 100644 --- a/web/src/locales/zh-Hant.po +++ b/web/src/locales/zh-Hant.po @@ -1539,6 +1539,11 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2437,6 +2442,7 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2700,9 +2706,14 @@ msgstr "Issuer" msgid "Issuer mode" msgstr "Issuer mode" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2884,6 +2895,7 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3005,6 +3017,10 @@ msgstr "authentik 在后台执行的长时间运行的操作。" msgid "MFA Devices" msgstr "MFA 设备" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "确保将这些令牌保存在安全的地方。" @@ -3485,6 +3501,22 @@ msgstr "OAuth 刷新代码" #~ msgid "OAuth/OIDC" #~ msgstr "OAuth/OIDC" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4034,6 +4066,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "使用 plex 重新进行身份验证" @@ -5608,6 +5644,10 @@ msgstr "暂时的" msgid "Transports" msgstr "传输" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "土耳其语" diff --git a/web/src/locales/zh_TW.po b/web/src/locales/zh_TW.po index 4c5b36e8f..3582d0ccb 100644 --- a/web/src/locales/zh_TW.po +++ b/web/src/locales/zh_TW.po @@ -1539,6 +1539,11 @@ msgstr "删除 {0}" msgid "Deny the user access" msgstr "拒绝用户访问" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources." +msgstr "" + #: src/pages/applications/ApplicationForm.ts #: src/pages/property-mappings/PropertyMappingScopeForm.ts #: src/pages/system-tasks/SystemTaskListPage.ts @@ -2437,6 +2442,7 @@ msgstr "隐藏服务账户" #: src/pages/outposts/OutpostForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/saml/SAMLProviderForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts @@ -2700,9 +2706,14 @@ msgstr "Issuer" msgid "Issuer mode" msgstr "Issuer mode" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source." +msgstr "" + #~ msgid "JWT Algorithm" #~ msgstr "JWT 算法" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "JWTs signed by certificates configured here can be used to authenticate to the provider." msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。" @@ -2884,6 +2895,7 @@ msgstr "正在加载" #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/oauth2/OAuth2ProviderForm.ts +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts @@ -3005,6 +3017,10 @@ msgstr "authentik 在后台执行的长时间运行的操作。" msgid "MFA Devices" msgstr "MFA 设备" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Machine-to-Machine authentication settings" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts msgid "Make sure to keep these tokens in a safe place." msgstr "确保将这些令牌保存在安全的地方。" @@ -3485,6 +3501,22 @@ msgstr "OAuth 刷新代码" #~ msgid "OAuth/OIDC" #~ msgstr "OAuth/OIDC" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC JWKS URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC Well-known URL" +msgstr "" + +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "OIDC well-known configuration URL. Can be used to automatically configure the URLs above." +msgstr "" + #: src/pages/admin-overview/cards/SystemStatusCard.ts msgid "OK" msgstr "OK" @@ -4034,6 +4066,10 @@ msgstr "RSA-SHA384" msgid "RSA-SHA512" msgstr "RSA-SHA512" +#: src/pages/sources/oauth/OAuthSourceForm.ts +msgid "Raw JWKS data." +msgstr "" + #: src/pages/sources/plex/PlexSourceForm.ts msgid "Re-authenticate with plex" msgstr "使用 plex 重新进行身份验证" @@ -5608,6 +5644,10 @@ msgstr "暂时的" msgid "Transports" msgstr "传输" +#: src/pages/providers/oauth2/OAuth2ProviderForm.ts +msgid "Trusted OIDC Sources" +msgstr "" + #: src/interfaces/locale.ts msgid "Turkish" msgstr "土耳其语" diff --git a/web/src/pages/policies/reputation/ReputationListPage.ts b/web/src/pages/policies/reputation/ReputationListPage.ts index df4306fa0..4de9faf21 100644 --- a/web/src/pages/policies/reputation/ReputationListPage.ts +++ b/web/src/pages/policies/reputation/ReputationListPage.ts @@ -1,4 +1,4 @@ -import getUnicodeFlagIcon from "country-flag-icons/unicode/index.js"; +import getUnicodeFlagIcon from "country-flag-icons/unicode"; import { t } from "@lingui/macro"; From 816b0c7d83e54430dc45bea28cfe32d2ca36b51d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 24 May 2022 23:32:00 +0200 Subject: [PATCH 03/20] flows: fix re-imports of entries with identical PK re-creating objects closes #2941 Signed-off-by: Jens Langhammer --- authentik/flows/tests/test_transfer.py | 32 +++++++++++++++++++ authentik/flows/transfer/importer.py | 7 +++- .../stages/authenticator_validate/stage.py | 5 --- 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/authentik/flows/tests/test_transfer.py b/authentik/flows/tests/test_transfer.py index bf5d7efa8..4e6808c4a 100644 --- a/authentik/flows/tests/test_transfer.py +++ b/authentik/flows/tests/test_transfer.py @@ -13,6 +13,25 @@ from authentik.policies.models import PolicyBinding from authentik.stages.prompt.models import FieldTypes, Prompt, PromptStage from authentik.stages.user_login.models import UserLoginStage +STATIC_PROMPT_EXPORT = """{ + "version": 1, + "entries": [ + { + "identifiers": { + "pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4" + }, + "model": "authentik_stages_prompt.prompt", + "attrs": { + "field_key": "username", + "label": "Username", + "type": "username", + "required": true, + "placeholder": "Username", + "order": 0 + } + } + ] +}""" class TestFlowTransfer(TransactionTestCase): """Test flow transfer""" @@ -58,6 +77,19 @@ class TestFlowTransfer(TransactionTestCase): self.assertTrue(Flow.objects.filter(slug=flow_slug).exists()) + def test_export_validate_import_re_import(self): + """Test export and import it twice""" + importer = FlowImporter(STATIC_PROMPT_EXPORT) + self.assertTrue(importer.validate()) + self.assertTrue(importer.apply()) + + self.assertEqual(Prompt.objects.filter(field_key="username").count(), 1) + + importer = FlowImporter(STATIC_PROMPT_EXPORT) + self.assertTrue(importer.apply()) + + self.assertEqual(Prompt.objects.filter(field_key="username").count(), 1) + def test_export_validate_import_policies(self): """Test export and validate it""" flow_slug = generate_id() diff --git a/authentik/flows/transfer/importer.py b/authentik/flows/transfer/importer.py index f0e7f2298..dec5aae24 100644 --- a/authentik/flows/transfer/importer.py +++ b/authentik/flows/transfer/importer.py @@ -115,6 +115,11 @@ class FlowImporter: serializer_kwargs["instance"] = model_instance else: self.logger.debug("initialise new instance", model=model, **updated_identifiers) + model_instance = model() + # pk needs to be set on the model instance otherwise a new one will be generated + if "pk" in updated_identifiers: + model_instance.pk = updated_identifiers["pk"] + serializer_kwargs["instance"] = model_instance full_data = self.__update_pks_for_attrs(entry.attrs) full_data.update(updated_identifiers) serializer_kwargs["data"] = full_data @@ -167,7 +172,7 @@ class FlowImporter: def validate(self) -> bool: """Validate loaded flow export, ensure all models are allowed and serializers have no errors""" - self.logger.debug("Starting flow import validaton") + self.logger.debug("Starting flow import validation") if self.__import.version != 1: self.logger.warning("Invalid bundle version") return False diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py index 2e9f43b35..bb6565454 100644 --- a/authentik/stages/authenticator_validate/stage.py +++ b/authentik/stages/authenticator_validate/stage.py @@ -168,11 +168,6 @@ class AuthenticatorValidateStageView(ChallengeStageView): continue # check if device has been used within threshold and skip this stage if so if threshold.total_seconds() > 0: - print("yeet") - print(get_device_last_usage(device)) - print(_now - get_device_last_usage(device)) - print(threshold) - print(_now - get_device_last_usage(device) <= threshold) if _now - get_device_last_usage(device) <= threshold: LOGGER.info("Device has been used within threshold", device=device) raise FlowSkipStageException() From a03e48c5ce2cc1f97632ee9db0e8c12d0aa9d5c1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 24 May 2022 23:34:51 +0200 Subject: [PATCH 04/20] website/docs: prepare 2022.5.3 Signed-off-by: Jens Langhammer --- website/docs/releases/v2022.5.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/website/docs/releases/v2022.5.md b/website/docs/releases/v2022.5.md index 53c79e574..1a411e470 100644 --- a/website/docs/releases/v2022.5.md +++ b/website/docs/releases/v2022.5.md @@ -71,6 +71,27 @@ slug: "2022.5" - web/admin: make external host clickable - web/user: fix use sub-pages not redirecting back to the subpage +## Fixed in 2022.5.3 + +- core: fix username validator not allowing changes that can be done via flows +- crypto: set SAN in default generated Certificate to semi-random domain +- ensure all viewsets have filter and search and add tests (#2946) +- events: fix transport not allowing blank values +- flows: fix re-imports of entries with identical PK re-creating objects (#2941) +- providers/oauth2: improve error handling for invalid regular expressions +- providers/oauth2: set related_name for many-to-many connections so used by detects the connection +- providers/saml: handle parse error +- stages/user_write: fix typo in request context variable +- web: decrease elements that refresh on global refresh signal +- web/admin: add set password button to user view page +- web/admin: fix broken flow execute link (#2940) +- web/admin: fix display of LDAP bind mode +- web/admin: fix flow diagram not updating on flow changes +- web/admin: fix phrasing on LDAP provider form for bind mode +- web/admin: refactor table refresh to preserve selected/expanded elements correctly +- web/elements: fix missing click handler on wizard close button +- web/elements: fix used_by refreshing for all elements when using DeleteBulkForm + ## Upgrading This release does not introduce any new requirements. From 47006fc9d20057943bc81c9c82a7f023c1d67a45 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 24 May 2022 23:38:02 +0200 Subject: [PATCH 05/20] website/docs: fix formatting Signed-off-by: Jens Langhammer --- website/docs/releases/v2022.5.md | 36 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/website/docs/releases/v2022.5.md b/website/docs/releases/v2022.5.md index 1a411e470..25194dced 100644 --- a/website/docs/releases/v2022.5.md +++ b/website/docs/releases/v2022.5.md @@ -73,24 +73,24 @@ slug: "2022.5" ## Fixed in 2022.5.3 -- core: fix username validator not allowing changes that can be done via flows -- crypto: set SAN in default generated Certificate to semi-random domain -- ensure all viewsets have filter and search and add tests (#2946) -- events: fix transport not allowing blank values -- flows: fix re-imports of entries with identical PK re-creating objects (#2941) -- providers/oauth2: improve error handling for invalid regular expressions -- providers/oauth2: set related_name for many-to-many connections so used by detects the connection -- providers/saml: handle parse error -- stages/user_write: fix typo in request context variable -- web: decrease elements that refresh on global refresh signal -- web/admin: add set password button to user view page -- web/admin: fix broken flow execute link (#2940) -- web/admin: fix display of LDAP bind mode -- web/admin: fix flow diagram not updating on flow changes -- web/admin: fix phrasing on LDAP provider form for bind mode -- web/admin: refactor table refresh to preserve selected/expanded elements correctly -- web/elements: fix missing click handler on wizard close button -- web/elements: fix used_by refreshing for all elements when using DeleteBulkForm +- core: fix username validator not allowing changes that can be done via flows +- crypto: set SAN in default generated Certificate to semi-random domain +- ensure all viewsets have filter and search and add tests (#2946) +- events: fix transport not allowing blank values +- flows: fix re-imports of entries with identical PK re-creating objects (#2941) +- providers/oauth2: improve error handling for invalid regular expressions +- providers/oauth2: set related_name for many-to-many connections so used by detects the connection +- providers/saml: handle parse error +- stages/user_write: fix typo in request context variable +- web: decrease elements that refresh on global refresh signal +- web/admin: add set password button to user view page +- web/admin: fix broken flow execute link (#2940) +- web/admin: fix display of LDAP bind mode +- web/admin: fix flow diagram not updating on flow changes +- web/admin: fix phrasing on LDAP provider form for bind mode +- web/admin: refactor table refresh to preserve selected/expanded elements correctly +- web/elements: fix missing click handler on wizard close button +- web/elements: fix used_by refreshing for all elements when using DeleteBulkForm ## Upgrading From cc744dc581ac8d441449e573c38f54757ff17414 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 25 May 2022 00:04:58 +0200 Subject: [PATCH 06/20] flows: fix lint Signed-off-by: Jens Langhammer --- authentik/flows/tests/test_transfer.py | 1 + 1 file changed, 1 insertion(+) diff --git a/authentik/flows/tests/test_transfer.py b/authentik/flows/tests/test_transfer.py index 4e6808c4a..ed93b2ff7 100644 --- a/authentik/flows/tests/test_transfer.py +++ b/authentik/flows/tests/test_transfer.py @@ -33,6 +33,7 @@ STATIC_PROMPT_EXPORT = """{ ] }""" + class TestFlowTransfer(TransactionTestCase): """Test flow transfer""" From 9de5b6f93e5d4d2ee21626d9bdfa55baf0f3eb3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 May 2022 10:47:58 +0200 Subject: [PATCH 07/20] build(deps): bump rapidoc from 9.2.0 to 9.3.2 in /web (#2957) Bumps [rapidoc](https://github.com/rapi-doc/RapiDoc) from 9.2.0 to 9.3.2. - [Release notes](https://github.com/rapi-doc/RapiDoc/releases) - [Commits](https://github.com/rapi-doc/RapiDoc/compare/v9.2.0...v9.3.2) --- updated-dependencies: - dependency-name: rapidoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 50 +++++++++++++++++++++---------------------- web/package.json | 2 +- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 303eaa5f7..3f0318486 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -56,7 +56,7 @@ "lit": "^2.2.4", "moment": "^2.29.3", "prettier": "^2.6.2", - "rapidoc": "^9.2.0", + "rapidoc": "^9.3.2", "rollup": "^2.74.1", "rollup-plugin-copy": "^3.4.0", "rollup-plugin-cssimport": "^1.0.2", @@ -6264,9 +6264,9 @@ } }, "node_modules/marked": { - "version": "4.0.12", - "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.12.tgz", - "integrity": "sha512-hgibXWrEDNBWgGiK18j/4lkS6ihTe9sxtV4Q1OQppb/0zzyPSzoFANBa5MfsG/zgsWklmNnhm0XACZOH/0HBiQ==", + "version": "4.0.16", + "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.16.tgz", + "integrity": "sha512-wahonIQ5Jnyatt2fn8KqF/nIqZM8mh3oRu2+l5EANGMhu6RFjiSG52QNE2eWzFMI94HqYSgN184NurgNG6CztA==", "bin": { "marked": "bin/marked.js" }, @@ -6999,9 +6999,9 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, "node_modules/prismjs": { - "version": "1.27.0", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz", - "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==", + "version": "1.28.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.28.0.tgz", + "integrity": "sha512-8aaXdYvl1F7iC7Xm1spqSaY/OJBpYW3v+KJ+F17iYxvdc8sfjW194COK5wVhMZX45tGteiBQgdvD/nhxcRwylw==", "engines": { "node": ">=6" } @@ -7091,16 +7091,16 @@ } }, "node_modules/rapidoc": { - "version": "9.2.0", - "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.2.0.tgz", - "integrity": "sha512-liK2AFGJ3jTUkohZrT1nvxUOAGAHNu/CGRRclGVHPFp69TyEpUoAgOejQgIMsgDdtbeHnTRTbPiXK6HpirqnRw==", + "version": "9.3.2", + "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.3.2.tgz", + "integrity": "sha512-IQb9lGWDLT+kufiUHaT356E4Dh0goxwCnCZN3WY+rwF7toxprUQepbrFcqO6FsThMzw6yEICRPNH+DQHvjf2Kw==", "dependencies": { "@apitools/openapi-parser": "^0.0.24", "base64-arraybuffer": "^1.0.2", "buffer": "^6.0.3", - "lit": "^2.2.0", - "marked": "^4.0.12", - "prismjs": "^1.26.0" + "lit": "^2.2.4", + "marked": "^4.0.16", + "prismjs": "^1.28.0" }, "engines": { "node": ">=10.21.0" @@ -13519,9 +13519,9 @@ } }, "marked": { - "version": "4.0.12", - "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.12.tgz", - "integrity": "sha512-hgibXWrEDNBWgGiK18j/4lkS6ihTe9sxtV4Q1OQppb/0zzyPSzoFANBa5MfsG/zgsWklmNnhm0XACZOH/0HBiQ==" + "version": "4.0.16", + "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.16.tgz", + "integrity": "sha512-wahonIQ5Jnyatt2fn8KqF/nIqZM8mh3oRu2+l5EANGMhu6RFjiSG52QNE2eWzFMI94HqYSgN184NurgNG6CztA==" }, "merge-stream": { "version": "2.0.0", @@ -14049,9 +14049,9 @@ } }, "prismjs": { - "version": "1.27.0", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz", - "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==" + "version": "1.28.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.28.0.tgz", + "integrity": "sha512-8aaXdYvl1F7iC7Xm1spqSaY/OJBpYW3v+KJ+F17iYxvdc8sfjW194COK5wVhMZX45tGteiBQgdvD/nhxcRwylw==" }, "pseudolocale": { "version": "1.2.0", @@ -14111,16 +14111,16 @@ } }, "rapidoc": { - "version": "9.2.0", - "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.2.0.tgz", - "integrity": "sha512-liK2AFGJ3jTUkohZrT1nvxUOAGAHNu/CGRRclGVHPFp69TyEpUoAgOejQgIMsgDdtbeHnTRTbPiXK6HpirqnRw==", + "version": "9.3.2", + "resolved": "https://registry.npmjs.org/rapidoc/-/rapidoc-9.3.2.tgz", + "integrity": "sha512-IQb9lGWDLT+kufiUHaT356E4Dh0goxwCnCZN3WY+rwF7toxprUQepbrFcqO6FsThMzw6yEICRPNH+DQHvjf2Kw==", "requires": { "@apitools/openapi-parser": "^0.0.24", "base64-arraybuffer": "^1.0.2", "buffer": "^6.0.3", - "lit": "^2.2.0", - "marked": "^4.0.12", - "prismjs": "^1.26.0" + "lit": "^2.2.4", + "marked": "^4.0.16", + "prismjs": "^1.28.0" }, "dependencies": { "buffer": { diff --git a/web/package.json b/web/package.json index c5a090a82..1cc373ec1 100644 --- a/web/package.json +++ b/web/package.json @@ -99,7 +99,7 @@ "lit": "^2.2.4", "moment": "^2.29.3", "prettier": "^2.6.2", - "rapidoc": "^9.2.0", + "rapidoc": "^9.3.2", "rollup": "^2.74.1", "rollup-plugin-copy": "^3.4.0", "rollup-plugin-cssimport": "^1.0.2", From 0bc57f571b25d2494c7f9b273bfcef86e410343e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 25 May 2022 20:09:29 +0200 Subject: [PATCH 08/20] api: update API browser to match admin UI and auto-switch theme Signed-off-by: Jens Langhammer --- authentik/api/templates/api/browser.html | 55 ++++++++++++++++++++---- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/authentik/api/templates/api/browser.html b/authentik/api/templates/api/browser.html index 2cf325ed2..2c2d500a2 100644 --- a/authentik/api/templates/api/browser.html +++ b/authentik/api/templates/api/browser.html @@ -8,9 +8,6 @@ API Browser - {{ tenant.branding_title }} {% block head %} -{% endblock %} - -{% block body %} + +{% endblock %} + +{% block body %} -
- +
+
+ {% endblock %} From 972868c15c53fbf4075946278cf1625cfeaa52f4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 25 May 2022 23:02:33 +0200 Subject: [PATCH 09/20] providers/oauth2: only set expiry on user when it was freshly created Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/token.py | 30 ++++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py index baed2ef75..ee26fc087 100644 --- a/authentik/providers/oauth2/views/token.py +++ b/authentik/providers/oauth2/views/token.py @@ -302,18 +302,7 @@ class TokenParams: raise TokenError("invalid_grant") self.__check_policy_access(app, request, oauth_jwt=token) - - self.user, _ = User.objects.update_or_create( - username=f"{self.provider.name}-{token.get('sub')}", - defaults={ - "attributes": { - USER_ATTRIBUTE_GENERATED: True, - USER_ATTRIBUTE_EXPIRES: token.get("exp"), - }, - "last_login": now(), - "name": f"Autogenerated user from application {app.name} (client credentials JWT)", - }, - ) + self.__create_user_from_jwt(token, app) Event.new( action=EventAction.LOGIN, @@ -324,6 +313,23 @@ class TokenParams: PLAN_CONTEXT_APPLICATION=app, ).from_http(request, user=self.user) + def __create_user_from_jwt(self, token: dict[str, Any], app: Application): + """Create user from JWT""" + exp = token.get("exp") + self.user, created = User.objects.update_or_create( + username=f"{self.provider.name}-{token.get('sub')}", + defaults={ + "attributes": { + USER_ATTRIBUTE_GENERATED: True, + }, + "last_login": now(), + "name": f"Autogenerated user from application {app.name} (client credentials JWT)", + }, + ) + if created and exp: + self.user.attributes[USER_ATTRIBUTE_EXPIRES] = exp + self.user.save() + class TokenView(View): """Generate tokens for clients""" From 4ff32af3430389db812a43d8a3981713ecd9d697 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 26 May 2022 09:53:40 +0200 Subject: [PATCH 10/20] flows: fix flakiness in tests Signed-off-by: Jens Langhammer --- authentik/flows/tests/test_inspector.py | 5 +++-- authentik/flows/tests/test_transfer.py | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/authentik/flows/tests/test_inspector.py b/authentik/flows/tests/test_inspector.py index 8d31e6e32..822b9088e 100644 --- a/authentik/flows/tests/test_inspector.py +++ b/authentik/flows/tests/test_inspector.py @@ -9,6 +9,7 @@ from rest_framework.test import APITestCase from authentik.core.tests.utils import create_test_admin_user from authentik.flows.challenge import ChallengeTypes from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding, InvalidResponseAction +from authentik.lib.generators import generate_id from authentik.stages.dummy.models import DummyStage from authentik.stages.identification.models import IdentificationStage, UserFields @@ -24,8 +25,8 @@ class TestFlowInspector(APITestCase): def test(self): """test inspector""" flow = Flow.objects.create( - name="test-full", - slug="test-full", + name=generate_id(), + slug=generate_id(), designation=FlowDesignation.AUTHENTICATION, ) diff --git a/authentik/flows/tests/test_transfer.py b/authentik/flows/tests/test_transfer.py index ed93b2ff7..67a13148b 100644 --- a/authentik/flows/tests/test_transfer.py +++ b/authentik/flows/tests/test_transfer.py @@ -80,16 +80,19 @@ class TestFlowTransfer(TransactionTestCase): def test_export_validate_import_re_import(self): """Test export and import it twice""" + count_initial = Prompt.objects.filter(field_key="username").count() + importer = FlowImporter(STATIC_PROMPT_EXPORT) self.assertTrue(importer.validate()) self.assertTrue(importer.apply()) - self.assertEqual(Prompt.objects.filter(field_key="username").count(), 1) + count_before = Prompt.objects.filter(field_key="username").count() + self.assertEqual(count_initial + 1, count_before) importer = FlowImporter(STATIC_PROMPT_EXPORT) self.assertTrue(importer.apply()) - self.assertEqual(Prompt.objects.filter(field_key="username").count(), 1) + self.assertEqual(Prompt.objects.filter(field_key="username").count(), count_before) def test_export_validate_import_policies(self): """Test export and validate it""" From f121098957c34848467b123ca29dc9762e1c9c36 Mon Sep 17 00:00:00 2001 From: Andre Mainka Date: Thu, 26 May 2022 09:56:00 +0200 Subject: [PATCH 11/20] root: Add docker-compose postgresql and redis healthchecks (#2958) * Add healthchecks to docker compose Add healthchecks for postgresql and redis, see als #2519 * bump docker-compose version to 3.4 --- docker-compose.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d9a8e3054..9f18e9f57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,16 @@ --- -version: '3.2' +version: '3.4' services: postgresql: image: postgres:12-alpine restart: unless-stopped + healthcheck: + test: ["CMD", "pg_isready"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s volumes: - database:/var/lib/postgresql/data environment: @@ -16,6 +22,12 @@ services: redis: image: redis:alpine restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.2} restart: unless-stopped From 89028f175ab2a1b1106d56823ee25c71fa5d4826 Mon Sep 17 00:00:00 2001 From: TheMythologist Date: Thu, 26 May 2022 17:52:57 +0800 Subject: [PATCH 12/20] website/docs: Fix misconfiguration causing POST requests behing Nginx to timeout (#2967) * Update _nginx_proxy_manager.md * Update _nginx_standalone.md --- website/docs/providers/proxy/_nginx_proxy_manager.md | 4 ++++ website/docs/providers/proxy/_nginx_standalone.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/website/docs/providers/proxy/_nginx_proxy_manager.md b/website/docs/providers/proxy/_nginx_proxy_manager.md index f63813c36..e573eb166 100644 --- a/website/docs/providers/proxy/_nginx_proxy_manager.md +++ b/website/docs/providers/proxy/_nginx_proxy_manager.md @@ -40,6 +40,10 @@ location /outpost.goauthentik.io { proxy_set_header X-Original-URL $scheme://$http_host$request_uri; add_header Set-Cookie $auth_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie; + + # required for POST requests to work + proxy_pass_request_body off; + proxy_set_header Content-Length ""; } # Special location for when the /auth endpoint returns a 401, diff --git a/website/docs/providers/proxy/_nginx_standalone.md b/website/docs/providers/proxy/_nginx_standalone.md index 1c881c3bb..3860f5092 100644 --- a/website/docs/providers/proxy/_nginx_standalone.md +++ b/website/docs/providers/proxy/_nginx_standalone.md @@ -46,6 +46,10 @@ server { proxy_set_header X-Original-URL $scheme://$http_host$request_uri; add_header Set-Cookie $auth_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie; + + # required for POST requests to work + proxy_pass_request_body off; + proxy_set_header Content-Length ""; } # Special location for when the /auth endpoint returns a 401, From 61059568475fe7992f99560c19941d5d361574a0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 26 May 2022 12:52:29 +0200 Subject: [PATCH 13/20] providers/oauth2: regex-escape URLs when set to blank Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/authorize.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 8116a593f..ac4802721 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -2,7 +2,7 @@ from dataclasses import dataclass, field from datetime import timedelta from re import error as RegexError -from re import fullmatch +from re import escape, fullmatch from typing import Optional from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit from uuid import uuid4 @@ -181,7 +181,7 @@ class OAuthAuthorizationParams: if self.provider.redirect_uris == "": LOGGER.info("Setting redirect for blank redirect_uris", redirect=self.redirect_uri) - self.provider.redirect_uris = self.redirect_uri + self.provider.redirect_uris = escape(self.redirect_uri) self.provider.save() allowed_redirect_urls = self.provider.redirect_uris.split() From e7c03fdb1439fa0046f8a42f6fc527503c872c68 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 26 May 2022 12:52:51 +0200 Subject: [PATCH 14/20] web/admin: add note that regex is used for redirect URIs Signed-off-by: Jens Langhammer --- web/src/pages/providers/oauth2/OAuth2ProviderForm.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts index 3176db807..b341bc13b 100644 --- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts +++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts @@ -162,7 +162,7 @@ export class OAuth2ProviderFormPage extends ModelForm { />

- ${t`To allow any redirect URI, set this value to "*". Be aware of the possible security implications this can have.`} + ${t`To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.`}

From d7713357f4322f344838c3662b5824674b54f6cb Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 26 May 2022 15:15:30 +0200 Subject: [PATCH 15/20] api: migrate to openapi generator v6 (#2968) * migrate to openapi generator v6 Signed-off-by: Jens Langhammer * bump api Signed-off-by: Jens Langhammer # Conflicts: # go.mod # go.sum --- Makefile | 4 ++-- cmd/server/main.go | 2 +- go.mod | 6 +++--- go.sum | 13 ++++++++----- internal/outpost/ak/api.go | 6 +++--- internal/outpost/ak/global.go | 2 +- internal/outpost/ak/test.go | 2 +- internal/outpost/ldap/search/direct/direct.go | 2 +- internal/outpost/ldap/search/memory/fetch.go | 4 ++-- internal/outpost/ldap/search/memory/memory.go | 2 +- internal/outpost/proxyv2/application/application.go | 4 ++-- internal/outpost/proxyv2/application/mode_common.go | 2 +- .../outpost/proxyv2/application/mode_common_test.go | 4 ++-- .../outpost/proxyv2/application/mode_forward.go | 4 ++-- .../proxyv2/application/mode_forward_nginx_test.go | 4 ++-- .../application/mode_forward_traefik_test.go | 4 ++-- internal/outpost/proxyv2/application/oauth_test.go | 2 +- internal/outpost/proxyv2/application/test.go | 2 +- internal/outpost/proxyv2/application/utils_test.go | 8 ++++---- 19 files changed, 40 insertions(+), 37 deletions(-) diff --git a/Makefile b/Makefile index 5eae011a5..cf690d661 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ gen-client-web: docker run \ --rm -v ${PWD}:/local \ --user ${UID}:${GID} \ - openapitools/openapi-generator-cli:v6.0.0-beta generate \ + openapitools/openapi-generator-cli:v6.0.0 generate \ -i /local/schema.yml \ -g typescript-fetch \ -o /local/gen-ts-api \ @@ -83,7 +83,7 @@ gen-client-go: docker run \ --rm -v ${PWD}:/local \ --user ${UID}:${GID} \ - openapitools/openapi-generator-cli:v5.2.1 generate \ + openapitools/openapi-generator-cli:v6.0.0 generate \ -i /local/schema.yml \ -g go \ -o /local/gen-go-api \ diff --git a/cmd/server/main.go b/cmd/server/main.go index cf32124d0..583925b3a 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -124,7 +124,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) { ws.ProxyServer = srv ac.Server = srv l.Debug("attempting to start outpost") - err := ac.StartBackgorundTasks() + err := ac.StartBackgroundTasks() if err != nil { l.WithError(err).Warning("outpost failed to start") attempt += 1 diff --git a/go.mod b/go.mod index 467492a39..a2d2d5e1e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/gorilla/securecookie v1.1.1 github.com/gorilla/sessions v1.2.1 github.com/gorilla/websocket v1.5.0 - github.com/imdario/mergo v0.3.12 + github.com/imdario/mergo v0.3.13 github.com/jellydator/ttlcache/v3 v3.0.0 github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba @@ -26,7 +26,7 @@ require ( github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.1 - goauthentik.io/api/v3 v3.2022052.2 + goauthentik.io/api/v3 v3.2022052.6 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b golang.org/x/sync v0.0.0-20210220032951-036812b2e83c gopkg.in/boj/redistore.v1 v1.0.0-20160128113310-fc113767cd6b @@ -73,5 +73,5 @@ require ( google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.0 // indirect ) diff --git a/go.sum b/go.sum index 0cb4e38d4..6ca4490a7 100644 --- a/go.sum +++ b/go.sum @@ -221,8 +221,8 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= +github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4= github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4= @@ -358,8 +358,10 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= -goauthentik.io/api/v3 v3.2022052.2 h1:fw5L8m9dy3NqjbTJfnqslo3zfLaF2ZEYx9bJnpqV0Yk= -goauthentik.io/api/v3 v3.2022052.2/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10= +goauthentik.io/api/v3 v3.2022052.5 h1:kaW52rZZE+wUsp47Ab9OBaLCPNGbqQkCrQWkrbzy14Q= +goauthentik.io/api/v3 v3.2022052.5/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10= +goauthentik.io/api/v3 v3.2022052.6 h1:NF9WLbWWcqOViPhYbJoUUdILnXtOYJrjFmHHqL513wY= +goauthentik.io/api/v3 v3.2022052.6/go.mod h1:QM9J32HgYE4gL71lWAfAoXSPdSmLVLW08itfLI3Mo10= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= @@ -667,8 +669,9 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 6cce5b579..5b495d8c0 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -27,7 +27,7 @@ const ConfigLogLevel = "log_level" type APIController struct { Client *api.APIClient Outpost api.Outpost - GlobalConfig api.Config + GlobalConfig *api.Config Server Outpost @@ -113,7 +113,7 @@ func (a *APIController) Start() error { if err != nil { return err } - err = a.StartBackgorundTasks() + err = a.StartBackgroundTasks() if err != nil { return err } @@ -165,7 +165,7 @@ func (a *APIController) OnRefresh() error { return err } -func (a *APIController) StartBackgorundTasks() error { +func (a *APIController) StartBackgroundTasks() error { OutpostInfo.With(prometheus.Labels{ "outpost_name": a.Outpost.Name, "outpost_type": a.Server.Type(), diff --git a/internal/outpost/ak/global.go b/internal/outpost/ak/global.go index 10bd9cca9..154ce4a0d 100644 --- a/internal/outpost/ak/global.go +++ b/internal/outpost/ak/global.go @@ -15,7 +15,7 @@ import ( var initialSetup = false -func doGlobalSetup(outpost api.Outpost, globalConfig api.Config) { +func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) { l := log.WithField("logger", "authentik.outpost") m := outpost.Managed.Get() level, ok := outpost.Config[ConfigLogLevel] diff --git a/internal/outpost/ak/test.go b/internal/outpost/ak/test.go index 50a54f6c2..7b9f4e832 100644 --- a/internal/outpost/ak/test.go +++ b/internal/outpost/ak/test.go @@ -50,7 +50,7 @@ func MockAK(outpost api.Outpost, globalConfig api.Config) *APIController { ac := &APIController{ Client: apiClient, - GlobalConfig: globalConfig, + GlobalConfig: &globalConfig, token: token, logger: log, diff --git a/internal/outpost/ldap/search/direct/direct.go b/internal/outpost/ldap/search/direct/direct.go index 88063815d..d1bae4354 100644 --- a/internal/outpost/ldap/search/direct/direct.go +++ b/internal/outpost/ldap/search/direct/direct.go @@ -149,7 +149,7 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult, return fmt.Errorf("failed to get userinfo") } - flags.UserInfo = &u + flags.UserInfo = u } u := make([]api.User, 1) diff --git a/internal/outpost/ldap/search/memory/fetch.go b/internal/outpost/ldap/search/memory/fetch.go index b8b6d1ba8..a18dfbcb7 100644 --- a/internal/outpost/ldap/search/memory/fetch.go +++ b/internal/outpost/ldap/search/memory/fetch.go @@ -16,7 +16,7 @@ func (ms *MemorySearcher) FetchUsers() []api.User { return nil, err } ms.log.WithField("page", page).WithField("count", len(users.Results)).Debug("fetched users") - return &users, nil + return users, nil } page := 1 users := make([]api.User, 0) @@ -43,7 +43,7 @@ func (ms *MemorySearcher) FetchGroups() []api.Group { return nil, err } ms.log.WithField("page", page).WithField("count", len(groups.Results)).Debug("fetched groups") - return &groups, nil + return groups, nil } page := 1 groups := make([]api.Group, 0) diff --git a/internal/outpost/ldap/search/memory/memory.go b/internal/outpost/ldap/search/memory/memory.go index 7403fe20c..200680b7a 100644 --- a/internal/outpost/ldap/search/memory/memory.go +++ b/internal/outpost/ldap/search/memory/memory.go @@ -141,7 +141,7 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult, if flags.UserPk == u.Pk { //TODO: Is there a better way to clone this object? fg := api.NewGroup(g.Pk, g.NumPk, g.Name, g.Parent, g.ParentName, []int32{flags.UserPk}, []api.GroupMember{u}) - fg.SetAttributes(*g.Attributes) + fg.SetAttributes(g.Attributes) fg.SetIsSuperuser(*g.IsSuperuser) groups = append(groups, group.FromAPIGroup(*fg, ms.si)) break diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go index 7b8cffed7..14583897b 100644 --- a/internal/outpost/proxyv2/application/application.go +++ b/internal/outpost/proxyv2/application/application.go @@ -149,7 +149,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore mux.HandleFunc("/outpost.goauthentik.io/sign_in", a.handleRedirect) mux.HandleFunc("/outpost.goauthentik.io/callback", a.handleCallback) mux.HandleFunc("/outpost.goauthentik.io/sign_out", a.handleSignOut) - switch *p.Mode { + switch *p.Mode.Get() { case api.PROXYMODE_PROXY: err = a.configureProxy() case api.PROXYMODE_FORWARD_SINGLE: @@ -186,7 +186,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore } func (a *Application) Mode() api.ProxyMode { - return *a.proxyConfig.Mode + return *a.proxyConfig.Mode.Get() } func (a *Application) ProxyConfig() api.ProxyOutpostConfig { diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go index a74831494..9f24a192e 100644 --- a/internal/outpost/proxyv2/application/mode_common.go +++ b/internal/outpost/proxyv2/application/mode_common.go @@ -107,7 +107,7 @@ func (a *Application) ReportMisconfiguration(r *http.Request, msg string, fields Action: api.EVENTACTIONS_CONFIGURATION_ERROR, App: "authentik.providers.proxy", // must match python apps.py name ClientIp: *api.NewNullableString(api.PtrString(r.RemoteAddr)), - Context: &fields, + Context: fields, } _, _, err := a.ak.Client.EventsApi.EventsEventsCreate(context.Background()).EventRequest(req).Execute() if err != nil { diff --git a/internal/outpost/proxyv2/application/mode_common_test.go b/internal/outpost/proxyv2/application/mode_common_test.go index a258cf17d..fc553b644 100644 --- a/internal/outpost/proxyv2/application/mode_common_test.go +++ b/internal/outpost/proxyv2/application/mode_common_test.go @@ -19,7 +19,7 @@ func urlMustParse(u string) *url.URL { func TestIsAllowlisted_Proxy_Single(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_PROXY.Ptr()) assert.Equal(t, false, a.IsAllowlisted(urlMustParse(""))) a.UnauthenticatedRegex = []*regexp.Regexp{ @@ -30,7 +30,7 @@ func TestIsAllowlisted_Proxy_Single(t *testing.T) { func TestIsAllowlisted_Proxy_Domain(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) assert.Equal(t, false, a.IsAllowlisted(urlMustParse(""))) a.UnauthenticatedRegex = []*regexp.Regexp{ diff --git a/internal/outpost/proxyv2/application/mode_forward.go b/internal/outpost/proxyv2/application/mode_forward.go index 740cd428f..d61522cfe 100644 --- a/internal/outpost/proxyv2/application/mode_forward.go +++ b/internal/outpost/proxyv2/application/mode_forward.go @@ -56,9 +56,9 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque host := "" s, _ := a.sessions.Get(r, constants.SessionName) // Optional suffix, which is appended to the URL - if *a.proxyConfig.Mode == api.PROXYMODE_FORWARD_SINGLE { + if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_SINGLE { host = web.GetHost(r) - } else if *a.proxyConfig.Mode == api.PROXYMODE_FORWARD_DOMAIN { + } else if *a.proxyConfig.Mode.Get() == api.PROXYMODE_FORWARD_DOMAIN { eh, err := url.Parse(a.proxyConfig.ExternalHost) if err != nil { a.log.WithField("host", a.proxyConfig.ExternalHost).WithError(err).Warning("invalid external_host") diff --git a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go index 5bc83538a..a23a0be71 100644 --- a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go +++ b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go @@ -106,7 +106,7 @@ func TestForwardHandleNginx_Single_Claims(t *testing.T) { func TestForwardHandleNginx_Domain_Blank(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("foo") req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil) @@ -118,7 +118,7 @@ func TestForwardHandleNginx_Domain_Blank(t *testing.T) { func TestForwardHandleNginx_Domain_Header(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("foo") a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io" req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/nginx", nil) diff --git a/internal/outpost/proxyv2/application/mode_forward_traefik_test.go b/internal/outpost/proxyv2/application/mode_forward_traefik_test.go index 038c07f08..8d22b12ed 100644 --- a/internal/outpost/proxyv2/application/mode_forward_traefik_test.go +++ b/internal/outpost/proxyv2/application/mode_forward_traefik_test.go @@ -100,7 +100,7 @@ func TestForwardHandleTraefik_Single_Claims(t *testing.T) { func TestForwardHandleTraefik_Domain_Blank(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("foo") req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil) @@ -112,7 +112,7 @@ func TestForwardHandleTraefik_Domain_Blank(t *testing.T) { func TestForwardHandleTraefik_Domain_Header(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("foo") a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io" req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/traefik", nil) diff --git a/internal/outpost/proxyv2/application/oauth_test.go b/internal/outpost/proxyv2/application/oauth_test.go index 79e84382d..c68e882da 100644 --- a/internal/outpost/proxyv2/application/oauth_test.go +++ b/internal/outpost/proxyv2/application/oauth_test.go @@ -34,7 +34,7 @@ func TestCheckRedirectParam(t *testing.T) { func TestCheckRedirectParam_Domain(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.CookieDomain = api.PtrString("t.goauthentik.io") req, _ := http.NewRequest("GET", "https://a.t.goauthentik.io/outpost.goauthentik.io/auth/start", nil) diff --git a/internal/outpost/proxyv2/application/test.go b/internal/outpost/proxyv2/application/test.go index e5f397769..74787114a 100644 --- a/internal/outpost/proxyv2/application/test.go +++ b/internal/outpost/proxyv2/application/test.go @@ -17,7 +17,7 @@ func newTestApplication() *Application { CookieSecret: api.PtrString(ak.TestSecret()), ExternalHost: "https://ext.t.goauthentik.io", CookieDomain: api.PtrString(""), - Mode: api.PROXYMODE_FORWARD_SINGLE.Ptr(), + Mode: *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_SINGLE.Ptr()), SkipPathRegex: api.PtrString("/skip.*"), BasicAuthEnabled: api.PtrBool(true), BasicAuthUserAttribute: api.PtrString("username"), diff --git a/internal/outpost/proxyv2/application/utils_test.go b/internal/outpost/proxyv2/application/utils_test.go index d1ac8957b..252d9af51 100644 --- a/internal/outpost/proxyv2/application/utils_test.go +++ b/internal/outpost/proxyv2/application/utils_test.go @@ -12,7 +12,7 @@ import ( func TestRedirectToStart_Proxy(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_PROXY.Ptr()) a.proxyConfig.ExternalHost = "https://test.goauthentik.io" req, _ := http.NewRequest("GET", "/foo/bar/baz", nil) @@ -29,7 +29,7 @@ func TestRedirectToStart_Proxy(t *testing.T) { func TestRedirectToStart_Forward(t *testing.T) { a := newTestApplication() - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_SINGLE.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_SINGLE.Ptr()) a.proxyConfig.ExternalHost = "https://test.goauthentik.io" req, _ := http.NewRequest("GET", "/foo/bar/baz", nil) @@ -47,7 +47,7 @@ func TestRedirectToStart_Forward(t *testing.T) { func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) { a := newTestApplication() a.proxyConfig.CookieDomain = api.PtrString("foo") - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.ExternalHost = "https://test.goauthentik.io" req, _ := http.NewRequest("GET", "/foo/bar/baz", nil) @@ -65,7 +65,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) { func TestRedirectToStart_Forward_Domain(t *testing.T) { a := newTestApplication() a.proxyConfig.CookieDomain = api.PtrString("goauthentik.io") - a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr() + a.proxyConfig.Mode = *api.NewNullableProxyMode(api.PROXYMODE_FORWARD_DOMAIN.Ptr()) a.proxyConfig.ExternalHost = "https://test.goauthentik.io" req, _ := http.NewRequest("GET", "/foo/bar/baz", nil) From 3a994ab2a4328692dc0f741ff2de9581770ee2d0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 26 May 2022 22:16:07 +0200 Subject: [PATCH 16/20] website/docs: prepare 2022.5.3 Signed-off-by: Jens Langhammer --- website/docs/releases/v2022.5.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/website/docs/releases/v2022.5.md b/website/docs/releases/v2022.5.md index 25194dced..28b296dc0 100644 --- a/website/docs/releases/v2022.5.md +++ b/website/docs/releases/v2022.5.md @@ -73,16 +73,23 @@ slug: "2022.5" ## Fixed in 2022.5.3 +- api: migrate to openapi generator v6 (#2968) +- api: update API browser to match admin UI and auto-switch theme - core: fix username validator not allowing changes that can be done via flows - crypto: set SAN in default generated Certificate to semi-random domain - ensure all viewsets have filter and search and add tests (#2946) - events: fix transport not allowing blank values - flows: fix re-imports of entries with identical PK re-creating objects (#2941) +- providers/oauth2: handle attribute errors when validation JWK contains private key - providers/oauth2: improve error handling for invalid regular expressions +- providers/oauth2: only set expiry on user when it was freshly created +- providers/oauth2: regex-escape URLs when set to blank - providers/oauth2: set related_name for many-to-many connections so used by detects the connection - providers/saml: handle parse error +- root: Add docker-compose postgresql and redis healthchecks (#2958) - stages/user_write: fix typo in request context variable - web: decrease elements that refresh on global refresh signal +- web/admin: add note that regex is used for redirect URIs - web/admin: add set password button to user view page - web/admin: fix broken flow execute link (#2940) - web/admin: fix display of LDAP bind mode @@ -91,6 +98,7 @@ slug: "2022.5" - web/admin: refactor table refresh to preserve selected/expanded elements correctly - web/elements: fix missing click handler on wizard close button - web/elements: fix used_by refreshing for all elements when using DeleteBulkForm +- website/docs: Fix misconfiguration causing POST requests behind Nginx to timeout (#2967) ## Upgrading From 1b3aacfa1dc271b0c7474d5e8fd100d627ecf926 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 27 May 2022 10:18:27 +0200 Subject: [PATCH 17/20] providers/oauth2: add migration from "*" to ".*" closes #2970 Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/tests/test_authorize.py | 2 +- authentik/providers/oauth2/views/authorize.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/authentik/providers/oauth2/tests/test_authorize.py b/authentik/providers/oauth2/tests/test_authorize.py index 096970cbe..a5b2a8c7d 100644 --- a/authentik/providers/oauth2/tests/test_authorize.py +++ b/authentik/providers/oauth2/tests/test_authorize.py @@ -84,7 +84,7 @@ class TestAuthorize(OAuthTestCase): name="test", client_id="test", authorization_flow=create_test_flow(), - redirect_uris="*", + redirect_uris="+", ) with self.assertRaises(RedirectUriError): request = self.factory.get("/", data={"response_type": "code", "client_id": "test"}) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index ac4802721..9ff3c4eb4 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -185,6 +185,12 @@ class OAuthAuthorizationParams: self.provider.save() allowed_redirect_urls = self.provider.redirect_uris.split() + if self.provider.redirect_uris == "*": + LOGGER.info("Converting redirect_uris to regex", redirect=self.redirect_uri) + self.provider.redirect_uris = ".*" + self.provider.save() + allowed_redirect_urls = self.provider.redirect_uris.split() + try: if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls): LOGGER.warning( From 987f03c4bebc3916c5010b156bcf5e6c0230f7dc Mon Sep 17 00:00:00 2001 From: TheMythologist Date: Fri, 27 May 2022 22:07:33 +0800 Subject: [PATCH 18/20] website/docs: Update flow to run only during Github logins (#2959) --- website/integrations/sources/github/index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/integrations/sources/github/index.md b/website/integrations/sources/github/index.md index a8c797cb3..80d8f8085 100644 --- a/website/integrations/sources/github/index.md +++ b/website/integrations/sources/github/index.md @@ -57,6 +57,10 @@ Requires authentik 2021.12.5. To check if the user is member of an organisation, you can use the following policy on your flows: ```python +# Ensure flow is only run during oauth logins via Github +if context['source'].provider_type != "github": + return True + accepted_org = "foo" # Get the user-source connection object from the context, and get the access token From 88a8b7d2fa602b02db84b4d4de8100c1daea3e32 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 27 May 2022 14:28:26 +0000 Subject: [PATCH 19/20] outposts/ldap: fix type assertion after upgrading to new API Client Signed-off-by: Jens Langhammer --- internal/outpost/ldap/group/group.go | 2 +- internal/outpost/ldap/utils/utils.go | 5 ++- internal/outpost/ldap/utils/utils_test.go | 40 +++++++++++------------ 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/internal/outpost/ldap/group/group.go b/internal/outpost/ldap/group/group.go index 0f1f5d48f..94a1ae913 100644 --- a/internal/outpost/ldap/group/group.go +++ b/internal/outpost/ldap/group/group.go @@ -16,7 +16,7 @@ type LDAPGroup struct { Member []string IsSuperuser bool IsVirtualGroup bool - AKAttributes interface{} + AKAttributes map[string]interface{} } func (lg *LDAPGroup) Entry() *ldap.Entry { diff --git a/internal/outpost/ldap/utils/utils.go b/internal/outpost/ldap/utils/utils.go index 55bff48df..25611033f 100644 --- a/internal/outpost/ldap/utils/utils.go +++ b/internal/outpost/ldap/utils/utils.go @@ -36,13 +36,12 @@ func ldapResolveTypeSingle(in interface{}) *string { } } -func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute { +func AKAttrsToLDAP(attrs map[string]interface{}) []*ldap.EntryAttribute { attrList := []*ldap.EntryAttribute{} if attrs == nil { return attrList } - a := attrs.(*map[string]interface{}) - for attrKey, attrValue := range *a { + for attrKey, attrValue := range attrs { entry := &ldap.EntryAttribute{Name: attrKey} switch t := attrValue.(type) { case []string: diff --git a/internal/outpost/ldap/utils/utils_test.go b/internal/outpost/ldap/utils/utils_test.go index 05649ac7d..5a06561a8 100644 --- a/internal/outpost/ldap/utils/utils_test.go +++ b/internal/outpost/ldap/utils/utils_test.go @@ -13,45 +13,45 @@ func Test_ldapResolveTypeSingle_nil(t *testing.T) { } func TestAKAttrsToLDAP_String(t *testing.T) { - var d *map[string]interface{} + u := api.User{} // normal string - d = &map[string]interface{}{ + u.Attributes = map[string]interface{}{ "foo": "bar", } - assert.Equal(t, 1, len(AKAttrsToLDAP(d))) - assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name) - assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values) + assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes))) + assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name) + assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values) // pointer string - d = &map[string]interface{}{ + u.Attributes = map[string]interface{}{ "foo": api.PtrString("bar"), } - assert.Equal(t, 1, len(AKAttrsToLDAP(d))) - assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name) - assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values) + assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes))) + assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name) + assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values) } func TestAKAttrsToLDAP_String_List(t *testing.T) { - var d *map[string]interface{} + u := api.User{} // string list - d = &map[string]interface{}{ + u.Attributes = map[string]interface{}{ "foo": []string{"bar"}, } - assert.Equal(t, 1, len(AKAttrsToLDAP(d))) - assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name) - assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values) + assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes))) + assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name) + assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values) // pointer string list - d = &map[string]interface{}{ + u.Attributes = map[string]interface{}{ "foo": &[]string{"bar"}, } - assert.Equal(t, 1, len(AKAttrsToLDAP(d))) - assert.Equal(t, "foo", AKAttrsToLDAP(d)[0].Name) - assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(d)[0].Values) + assert.Equal(t, 1, len(AKAttrsToLDAP(u.Attributes))) + assert.Equal(t, "foo", AKAttrsToLDAP(u.Attributes)[0].Name) + assert.Equal(t, []string{"bar"}, AKAttrsToLDAP(u.Attributes)[0].Values) } func TestAKAttrsToLDAP_Dict(t *testing.T) { // dict - d := &map[string]interface{}{ + d := map[string]interface{}{ "foo": map[string]string{ "foo": "bar", }, @@ -64,7 +64,7 @@ func TestAKAttrsToLDAP_Dict(t *testing.T) { func TestAKAttrsToLDAP_Mixed(t *testing.T) { // dict - d := &map[string]interface{}{ + d := map[string]interface{}{ "foo": []interface{}{ "foo", 6, From 1883402b3d1d2a406787d0d1ca1e9e80684efbee Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 28 May 2022 12:04:26 +0200 Subject: [PATCH 20/20] release: 2022.5.3 --- .bumpversion.cfg | 2 +- .github/workflows/release-publish.yml | 10 +++++----- authentik/__init__.py | 2 +- docker-compose.yml | 4 ++-- internal/constants/constants.go | 2 +- pyproject.toml | 2 +- schema.yml | 2 +- web/src/constants.ts | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 14bde34b0..63d72ba8a 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 2022.5.2 +current_version = 2022.5.3 tag = True commit = True parse = (?P\d+)\.(?P\d+)\.(?P\d+)\-?(?P.*) diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 2ff48f2b1..c50a4fd81 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -30,9 +30,9 @@ jobs: with: push: ${{ github.event_name == 'release' }} tags: | - beryju/authentik:2022.5.2, + beryju/authentik:2022.5.3, beryju/authentik:latest, - ghcr.io/goauthentik/server:2022.5.2, + ghcr.io/goauthentik/server:2022.5.3, ghcr.io/goauthentik/server:latest platforms: linux/amd64,linux/arm64 context: . @@ -69,9 +69,9 @@ jobs: with: push: ${{ github.event_name == 'release' }} tags: | - beryju/authentik-${{ matrix.type }}:2022.5.2, + beryju/authentik-${{ matrix.type }}:2022.5.3, beryju/authentik-${{ matrix.type }}:latest, - ghcr.io/goauthentik/${{ matrix.type }}:2022.5.2, + ghcr.io/goauthentik/${{ matrix.type }}:2022.5.3, ghcr.io/goauthentik/${{ matrix.type }}:latest file: ${{ matrix.type }}.Dockerfile platforms: linux/amd64,linux/arm64 @@ -152,7 +152,7 @@ jobs: SENTRY_PROJECT: authentik SENTRY_URL: https://sentry.beryju.org with: - version: authentik@2022.5.2 + version: authentik@2022.5.3 environment: beryjuorg-prod sourcemaps: './web/dist' url_prefix: '~/static/dist' diff --git a/authentik/__init__.py b/authentik/__init__.py index f1b7e32a7..8b1bb9769 100644 --- a/authentik/__init__.py +++ b/authentik/__init__.py @@ -2,7 +2,7 @@ from os import environ from typing import Optional -__version__ = "2022.5.2" +__version__ = "2022.5.3" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" diff --git a/docker-compose.yml b/docker-compose.yml index 9f18e9f57..4c9b5a492 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,7 +29,7 @@ services: retries: 5 timeout: 3s server: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.2} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.3} restart: unless-stopped command: server environment: @@ -50,7 +50,7 @@ services: - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" worker: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.2} + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.5.3} restart: unless-stopped command: worker environment: diff --git a/internal/constants/constants.go b/internal/constants/constants.go index 50e9f26e5..e7c645e53 100644 --- a/internal/constants/constants.go +++ b/internal/constants/constants.go @@ -25,4 +25,4 @@ func OutpostUserAgent() string { return fmt.Sprintf("goauthentik.io/outpost/%s", FullVersion()) } -const VERSION = "2022.5.2" +const VERSION = "2022.5.3" diff --git a/pyproject.toml b/pyproject.toml index b0fa93f45..13dd0628d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,7 +92,7 @@ addopts = "-p no:celery --junitxml=unittest.xml" [tool.poetry] name = "authentik" -version = "2022.5.2" +version = "2022.5.3" description = "" authors = ["Jens Langhammer "] diff --git a/schema.yml b/schema.yml index e3437ffa1..9d2dde55a 100644 --- a/schema.yml +++ b/schema.yml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: authentik - version: 2022.5.2 + version: 2022.5.3 description: Making authentication simple. contact: email: hello@beryju.org diff --git a/web/src/constants.ts b/web/src/constants.ts index 44dec107b..275abcadf 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success"; export const ERROR_CLASS = "pf-m-danger"; export const PROGRESS_CLASS = "pf-m-in-progress"; export const CURRENT_CLASS = "pf-m-current"; -export const VERSION = "2022.5.2"; +export const VERSION = "2022.5.3"; export const TITLE_DEFAULT = "authentik"; export const ROUTE_SEPARATOR = ";";