From 19a663a645aa77c346b11c4ff3e0d1b1675aa9d3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 15 Apr 2021 17:20:14 +0200 Subject: [PATCH 01/21] root: fix healthcheck part in docker-compose Signed-off-by: Jens Langhammer --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index d83708305..c37ee27fe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -74,7 +74,7 @@ services: traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/if`, `/media`, `/robots.txt`, `/favicon.ico`) traefik.http.routers.static-router.tls: 'true' traefik.http.routers.static-router.service: static-service - traefik.http.services.static-service.loadbalancer.healthcheck.path: /-/health/ready/ + traefik.http.services.static-service.loadbalancer.healthcheck.path: / traefik.http.services.static-service.loadbalancer.healthcheck.interval: 30s traefik.http.services.static-service.loadbalancer.server.port: '80' volumes: From c4765035948e07c516dfeab6d1f110d2a7430d33 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 15 Apr 2021 11:31:06 +0200 Subject: [PATCH 02/21] web: fix background-color on router outlet on light mode Signed-off-by: Jens Langhammer --- web/src/elements/router/RouterOutlet.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/web/src/elements/router/RouterOutlet.ts b/web/src/elements/router/RouterOutlet.ts index 3480b312d..ee92853e8 100644 --- a/web/src/elements/router/RouterOutlet.ts +++ b/web/src/elements/router/RouterOutlet.ts @@ -33,7 +33,12 @@ export class RouterOutlet extends LitElement { css` :host { height: 100vh; - background-color: var(--ak-dark-background, var(--pf-c-page--BackgroundColor)) !important; + background-color: var(--pf-global--BackgroundColor--light-300) !important; + } + @media (prefers-color-scheme: dark) { + :host { + background-color: var(--ak-dark-background) !important; + } } *:first-child { height: 100%; From a9d0d96418ef0214eb6b2b94ccd6217871d2409f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 09:03:58 +0200 Subject: [PATCH 03/21] root: add restart: unless-stopped to compose Signed-off-by: Jens Langhammer --- docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index c37ee27fe..6e78c65fb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ version: '3.2' services: postgresql: image: postgres:12 + restart: unless-stopped volumes: - database:/var/lib/postgresql/data networks: @@ -20,6 +21,7 @@ services: - internal server: image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.1} + restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis @@ -47,6 +49,7 @@ services: - .env worker: image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.1} + restart: unless-stopped command: worker networks: - internal @@ -66,6 +69,7 @@ services: - .env static: image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.1} + restart: unless-stopped networks: - internal labels: @@ -81,6 +85,7 @@ services: - ./media:/usr/share/nginx/html/media traefik: image: traefik:2.3 + restart: unless-stopped command: - "--log.format=json" - "--api.insecure=true" From 9ab2088ab74d42029a817df07cb6795cb693c159 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 09:20:13 +0200 Subject: [PATCH 04/21] helm: turn off monitoring by default Signed-off-by: Jens Langhammer --- helm/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/values.yaml b/helm/values.yaml index 95ea30d75..f9f591156 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -15,7 +15,7 @@ workerReplicas: 1 kubernetesIntegration: true monitoring: - enabled: true + enabled: false config: # Optionally specify fixed secret_key, otherwise generated automatically From 1992b891548760b4ad10f39ac6816a5a775177f2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 09:49:25 +0200 Subject: [PATCH 05/21] sources/oauth: fix error when creating an oauth source which has fixed URLs Signed-off-by: Jens Langhammer --- authentik/sources/oauth/api/source.py | 15 +++++++ .../migrations/0003_auto_20210416_0726.py | 43 +++++++++++++++++++ authentik/sources/oauth/models.py | 5 ++- authentik/sources/oauth/tests/test_views.py | 18 ++++++++ authentik/sources/oauth/types/manager.py | 6 +-- swagger.yaml | 6 --- 6 files changed, 83 insertions(+), 10 deletions(-) create mode 100644 authentik/sources/oauth/migrations/0003_auto_20210416_0726.py diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index 0d4b65029..13db82c1e 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -5,6 +5,7 @@ from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, SerializerMethodField from rest_framework.request import Request from rest_framework.response import Response +from rest_framework.serializers import ValidationError from rest_framework.viewsets import ModelViewSet from authentik.core.api.sources import SourceSerializer @@ -47,6 +48,20 @@ class OAuthSourceSerializer(SourceSerializer): """Get source's type configuration""" return SourceTypeSerializer(instace.type).data + def validate(self, attrs: dict) -> dict: + provider_type = MANAGER.find_type(attrs.get("provider_type", "")) + for url in [ + "authorization_url", + "access_token_url", + "profile_url", + ]: + if getattr(provider_type, url, None) is None: + if url not in attrs: + raise ValidationError( + f"{url} is required for provider {provider_type.name}" + ) + return attrs + class Meta: model = OAuthSource fields = SourceSerializer.Meta.fields + [ diff --git a/authentik/sources/oauth/migrations/0003_auto_20210416_0726.py b/authentik/sources/oauth/migrations/0003_auto_20210416_0726.py new file mode 100644 index 000000000..05ad87d2b --- /dev/null +++ b/authentik/sources/oauth/migrations/0003_auto_20210416_0726.py @@ -0,0 +1,43 @@ +# Generated by Django 3.2 on 2021-04-16 07:26 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_sources_oauth", "0002_auto_20200520_1108"), + ] + + operations = [ + migrations.AlterField( + model_name="oauthsource", + name="access_token_url", + field=models.CharField( + blank=True, + help_text="URL used by authentik to retrive tokens.", + max_length=255, + verbose_name="Access Token URL", + ), + ), + migrations.AlterField( + model_name="oauthsource", + name="authorization_url", + field=models.CharField( + blank=True, + help_text="URL the user is redirect to to conest the flow.", + max_length=255, + verbose_name="Authorization URL", + ), + ), + migrations.AlterField( + model_name="oauthsource", + name="profile_url", + field=models.CharField( + blank=True, + help_text="URL used by authentik to get user information.", + max_length=255, + verbose_name="Profile URL", + ), + ), + ] diff --git a/authentik/sources/oauth/models.py b/authentik/sources/oauth/models.py index 8fc39f4de..19466a675 100644 --- a/authentik/sources/oauth/models.py +++ b/authentik/sources/oauth/models.py @@ -28,16 +28,19 @@ class OAuthSource(Source): ) authorization_url = models.CharField( max_length=255, + blank=True, verbose_name=_("Authorization URL"), help_text=_("URL the user is redirect to to conest the flow."), ) access_token_url = models.CharField( max_length=255, + blank=True, verbose_name=_("Access Token URL"), help_text=_("URL used by authentik to retrive tokens."), ) profile_url = models.CharField( max_length=255, + blank=True, verbose_name=_("Profile URL"), help_text=_("URL used by authentik to get user information."), ) @@ -49,7 +52,7 @@ class OAuthSource(Source): """Return the provider instance for this source""" from authentik.sources.oauth.types.manager import MANAGER - return MANAGER.find_type(self) + return MANAGER.find_type(self.provider_type) @property def component(self) -> str: diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index 9478902ab..48a7ef188 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -1,4 +1,5 @@ """OAuth Source tests""" +from authentik.sources.oauth.api.source import OAuthSourceSerializer from django.test import TestCase from django.urls import reverse @@ -18,6 +19,23 @@ class TestOAuthSource(TestCase): consumer_key="", ) + def test_api_validate(self): + """Test API validation""" + self.assertTrue(OAuthSourceSerializer(data={ + "name": "foo", + "slug": "bar", + "provider_type": "google", + "consumer_key": "foo", + "consumer_secret": "foo", + }).is_valid()) + self.assertFalse(OAuthSourceSerializer(data={ + "name": "foo", + "slug": "bar", + "provider_type": "openid-connect", + "consumer_key": "foo", + "consumer_secret": "foo", + }).is_valid()) + def test_source_redirect(self): """test redirect view""" self.client.get( diff --git a/authentik/sources/oauth/types/manager.py b/authentik/sources/oauth/types/manager.py index b1b921912..d58cd21c6 100644 --- a/authentik/sources/oauth/types/manager.py +++ b/authentik/sources/oauth/types/manager.py @@ -58,17 +58,17 @@ class SourceTypeManager: """Get list of tuples of all registered names""" return [(x.slug, x.name) for x in self.__sources] - def find_type(self, source: "OAuthSource") -> SourceType: + def find_type(self, type_name: str) -> SourceType: """Find type based on source""" found_type = None for src_type in self.__sources: - if src_type.slug == source.provider_type: + if src_type.slug == type_name: return src_type if not found_type: found_type = SourceType() LOGGER.warning( "no matching type found, using default", - wanted=source.provider_type, + wanted=type_name, have=[x.name for x in self.__sources], ) return found_type diff --git a/swagger.yaml b/swagger.yaml index 23424d8cd..7425bdce5 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -16963,9 +16963,6 @@ definitions: - name - slug - provider_type - - authorization_url - - access_token_url - - profile_url - consumer_key - consumer_secret type: object @@ -17037,19 +17034,16 @@ definitions: description: URL the user is redirect to to conest the flow. type: string maxLength: 255 - minLength: 1 access_token_url: title: Access Token URL description: URL used by authentik to retrive tokens. type: string maxLength: 255 - minLength: 1 profile_url: title: Profile URL description: URL used by authentik to get user information. type: string maxLength: 255 - minLength: 1 consumer_key: title: Consumer key type: string From 5e67f68f2b2d8ff81acc5f4ec7b522697e2294c6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 10:09:46 +0200 Subject: [PATCH 06/21] core: improve messaging when creating a recovery link for a user when no recovery flow exists Signed-off-by: Jens Langhammer --- authentik/core/api/users.py | 8 ++++- authentik/sources/oauth/tests/test_views.py | 38 +++++++++++++-------- swagger.yaml | 8 ++--- web/src/locales/en.po | 14 +++++--- web/src/locales/pseudo-LOCALE.po | 14 +++++--- web/src/pages/users/UserListPage.ts | 7 ++++ 6 files changed, 59 insertions(+), 30 deletions(-) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index a27204623..1099232d8 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -1,4 +1,5 @@ """User API Views""" +from django.http.response import Http404 from django.urls import reverse_lazy from django.utils.http import urlencode from drf_yasg.utils import swagger_auto_schema, swagger_serializer_method @@ -19,6 +20,7 @@ from authentik.core.middleware import ( ) from authentik.core.models import Token, TokenIntents, User from authentik.events.models import EventAction +from authentik.flows.models import Flow, FlowDesignation class UserSerializer(ModelSerializer): @@ -121,12 +123,16 @@ class UserViewSet(ModelViewSet): @permission_required("authentik_core.reset_user_password") @swagger_auto_schema( - responses={"200": LinkSerializer(many=False)}, + responses={"200": LinkSerializer(many=False), "404": "No recovery flow found."}, ) @action(detail=True, pagination_class=None, filter_backends=[]) # pylint: disable=invalid-name, unused-argument def recovery(self, request: Request, pk: int) -> Response: """Create a temporary link that a user can use to recover their accounts""" + # Check that there is a recovery flow, if not return an error + flow = Flow.with_policy(request, designation=FlowDesignation.RECOVERY) + if not flow: + raise Http404 user: User = self.get_object() token, __ = Token.objects.get_or_create( identifier=f"{user.uid}-password-reset", diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index 48a7ef188..ef4108e42 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -1,8 +1,8 @@ """OAuth Source tests""" -from authentik.sources.oauth.api.source import OAuthSourceSerializer from django.test import TestCase from django.urls import reverse +from authentik.sources.oauth.api.source import OAuthSourceSerializer from authentik.sources.oauth.models import OAuthSource @@ -21,20 +21,28 @@ class TestOAuthSource(TestCase): def test_api_validate(self): """Test API validation""" - self.assertTrue(OAuthSourceSerializer(data={ - "name": "foo", - "slug": "bar", - "provider_type": "google", - "consumer_key": "foo", - "consumer_secret": "foo", - }).is_valid()) - self.assertFalse(OAuthSourceSerializer(data={ - "name": "foo", - "slug": "bar", - "provider_type": "openid-connect", - "consumer_key": "foo", - "consumer_secret": "foo", - }).is_valid()) + self.assertTrue( + OAuthSourceSerializer( + data={ + "name": "foo", + "slug": "bar", + "provider_type": "google", + "consumer_key": "foo", + "consumer_secret": "foo", + } + ).is_valid() + ) + self.assertFalse( + OAuthSourceSerializer( + data={ + "name": "foo", + "slug": "bar", + "provider_type": "openid-connect", + "consumer_key": "foo", + "consumer_secret": "foo", + } + ).is_valid() + ) def test_source_redirect(self): """test redirect view""" diff --git a/swagger.yaml b/swagger.yaml index 7425bdce5..58d1c47c5 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -2237,15 +2237,15 @@ paths: description: '' schema: $ref: '#/definitions/Link' - '403': - description: Authentication credentials were invalid, absent or insufficient. - schema: - $ref: '#/definitions/GenericError' '404': description: Object does not exist or caller has insufficient permissions to access it. schema: $ref: '#/definitions/APIException' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 4d003c910..4d1ec403e 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -737,8 +737,8 @@ msgstr "Copy Key" #: src/pages/stages/prompt/PromptStageForm.ts:98 #: src/pages/user-settings/tokens/UserTokenList.ts:50 #: src/pages/user-settings/tokens/UserTokenList.ts:58 -#: src/pages/users/UserListPage.ts:144 -#: src/pages/users/UserListPage.ts:152 +#: src/pages/users/UserListPage.ts:151 +#: src/pages/users/UserListPage.ts:159 msgid "Create" msgstr "Create" @@ -808,7 +808,7 @@ msgstr "Create Stage binding" msgid "Create Token" msgstr "Create Token" -#: src/pages/users/UserListPage.ts:147 +#: src/pages/users/UserListPage.ts:154 msgid "Create User" msgstr "Create User" @@ -1531,7 +1531,7 @@ msgstr "If this flag is set, this Stage will jump to the next Stage when no Invi msgid "If your authentik Instance is using a self-signed certificate, set this value." msgstr "If your authentik Instance is using a self-signed certificate, set this value." -#: src/pages/users/UserListPage.ts:136 +#: src/pages/users/UserListPage.ts:143 msgid "Impersonate" msgstr "Impersonate" @@ -1996,6 +1996,10 @@ msgstr "No policies are currently bound to this object." msgid "No policies cached. Users may experience slow response times." msgstr "No policies cached. Users may experience slow response times." +#: src/pages/users/UserListPage.ts:135 +msgid "No recovery flow is configured." +msgstr "No recovery flow is configured." + #: src/pages/flows/BoundStagesList.ts:114 msgid "No stages are currently bound to this flow." msgstr "No stages are currently bound to this flow." @@ -2538,7 +2542,7 @@ msgstr "Required" msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only." msgstr "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only." -#: src/pages/users/UserListPage.ts:133 +#: src/pages/users/UserListPage.ts:140 #: src/pages/users/UserViewPage.ts:165 msgid "Reset Password" msgstr "Reset Password" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index ac28649e2..61e64a27b 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -731,8 +731,8 @@ msgstr "" #: src/pages/stages/prompt/PromptStageForm.ts:98 #: src/pages/user-settings/tokens/UserTokenList.ts:50 #: src/pages/user-settings/tokens/UserTokenList.ts:58 -#: src/pages/users/UserListPage.ts:144 -#: src/pages/users/UserListPage.ts:152 +#: src/pages/users/UserListPage.ts:151 +#: src/pages/users/UserListPage.ts:159 msgid "Create" msgstr "" @@ -802,7 +802,7 @@ msgstr "" msgid "Create Token" msgstr "" -#: src/pages/users/UserListPage.ts:147 +#: src/pages/users/UserListPage.ts:154 msgid "Create User" msgstr "" @@ -1523,7 +1523,7 @@ msgstr "" msgid "If your authentik Instance is using a self-signed certificate, set this value." msgstr "" -#: src/pages/users/UserListPage.ts:136 +#: src/pages/users/UserListPage.ts:143 msgid "Impersonate" msgstr "" @@ -1988,6 +1988,10 @@ msgstr "" msgid "No policies cached. Users may experience slow response times." msgstr "" +#: src/pages/users/UserListPage.ts:135 +msgid "No recovery flow is configured." +msgstr "" + #: src/pages/flows/BoundStagesList.ts:114 msgid "No stages are currently bound to this flow." msgstr "" @@ -2530,7 +2534,7 @@ msgstr "" msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only." msgstr "" -#: src/pages/users/UserListPage.ts:133 +#: src/pages/users/UserListPage.ts:140 #: src/pages/users/UserViewPage.ts:165 msgid "Reset Password" msgstr "" diff --git a/web/src/pages/users/UserListPage.ts b/web/src/pages/users/UserListPage.ts index 43b060ea0..e3b2bbe38 100644 --- a/web/src/pages/users/UserListPage.ts +++ b/web/src/pages/users/UserListPage.ts @@ -127,6 +127,13 @@ export class UserListPage extends TablePage { message: t`Successfully generated recovery link`, description: rec.link }); + }).catch((ex: Response) => { + ex.json().then(() => { + showMessage({ + level: MessageLevel.error, + message: t`No recovery flow is configured.`, + }); + }); }); }}> ${t`Reset Password`} From 2b48ba41037d097d538fab5020543725b51e9de1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 11:29:23 +0200 Subject: [PATCH 07/21] sources/oauth: fix resolution of sources' provider type Signed-off-by: Jens Langhammer --- authentik/sources/oauth/types/manager.py | 11 ++++------- authentik/sources/oauth/views/dispatcher.py | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/authentik/sources/oauth/types/manager.py b/authentik/sources/oauth/types/manager.py index d58cd21c6..8d27a1d27 100644 --- a/authentik/sources/oauth/types/manager.py +++ b/authentik/sources/oauth/types/manager.py @@ -1,6 +1,6 @@ """Source type manager""" from enum import Enum -from typing import TYPE_CHECKING, Callable, Optional +from typing import Callable, Optional from structlog.stdlib import get_logger @@ -9,9 +9,6 @@ from authentik.sources.oauth.views.redirect import OAuthRedirect LOGGER = get_logger() -if TYPE_CHECKING: - from authentik.sources.oauth.models import OAuthSource - class RequestKind(Enum): """Enum of OAuth Request types""" @@ -69,13 +66,13 @@ class SourceTypeManager: LOGGER.warning( "no matching type found, using default", wanted=type_name, - have=[x.name for x in self.__sources], + have=[x.slug for x in self.__sources], ) return found_type - def find(self, source: "OAuthSource", kind: RequestKind) -> Callable: + def find(self, type_name: str, kind: RequestKind) -> Callable: """Find fitting Source Type""" - found_type = self.find_type(source) + found_type = self.find_type(type_name) if kind == RequestKind.CALLBACK: return found_type.callback_view if kind == RequestKind.REDIRECT: diff --git a/authentik/sources/oauth/views/dispatcher.py b/authentik/sources/oauth/views/dispatcher.py index d89dc2fc1..63a0769b5 100644 --- a/authentik/sources/oauth/views/dispatcher.py +++ b/authentik/sources/oauth/views/dispatcher.py @@ -21,6 +21,6 @@ class DispatcherView(View): if not slug: raise Http404 source = get_object_or_404(OAuthSource, slug=slug) - view = MANAGER.find(source, kind=RequestKind(self.kind)) + view = MANAGER.find(source.provider_type, kind=RequestKind(self.kind)) LOGGER.debug("dispatching OAuth2 request to", view=view, kind=self.kind) return view.as_view()(*args, **kwargs) From 7880c7fb981ba56f3b0920b8b615486dac9f9002 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 12:31:55 +0200 Subject: [PATCH 08/21] helm: make storage class, size and mode configurable Signed-off-by: Jens Langhammer --- helm/README.md | 5 +++++ helm/templates/geoip-pvc.yaml | 5 +++-- helm/templates/pvc.yaml | 5 +++-- helm/values.yaml | 7 +++++++ website/docs/installation/kubernetes.md | 10 ++++++++++ 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/helm/README.md b/helm/README.md index d846c398d..5327a9257 100644 --- a/helm/README.md +++ b/helm/README.md @@ -22,6 +22,11 @@ | config.email.use_ssl | false | Enable SSL | | config.email.timeout | 10 | SMTP Timeout | | config.email.from | authentik@localhost | Email address authentik will send from, should have a correct @domain | +| pvc.mode | ReadWriteMany | Mode that the PVCs are created in (uploads and GeoIP, if enabled) | +| pvc.uploadsSize | 5Gi | Size for the uploads PVC | +| pvc.uploadsStorageClass | null | Storage class for the uploads PVC (default: use default storage class) | +| pvc.geoIpSize | 1Gi | Size for the GeoIP PVC | +| pvc.geoIpStorageClass | null | Storage class for the GeoIP PVC (default: use default storage class) | | geoip.enabled | false | Optionally enable GeoIP | | geoip.accountId | | GeoIP MaxMind Account ID | | geoip.licenseKey | | GeoIP MaxMind License key | diff --git a/helm/templates/geoip-pvc.yaml b/helm/templates/geoip-pvc.yaml index 2cd0caa14..28a5ab278 100644 --- a/helm/templates/geoip-pvc.yaml +++ b/helm/templates/geoip-pvc.yaml @@ -10,8 +10,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} spec: accessModes: - - ReadWriteMany + - {{ .Values.pvc.mode }} + storageClassName: {{ .Values.pvc.geoIpStorageClass }} resources: requests: - storage: 1Gi + storage: {{ .Values.pvc.geoIpSize }} {{- end }} diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml index 45c665ac4..cb5b8ae67 100644 --- a/helm/templates/pvc.yaml +++ b/helm/templates/pvc.yaml @@ -9,7 +9,8 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} spec: accessModes: - - ReadWriteMany + - {{ .Values.pvc.mode }} + storageClassName: {{ .Values.pvc.uploadsStorageClass }} resources: requests: - storage: 5Gi + storage: {{ .Values.pvc.uploadsSize }} diff --git a/helm/values.yaml b/helm/values.yaml index f9f591156..7417e63b8 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -17,6 +17,13 @@ kubernetesIntegration: true monitoring: enabled: false +pvc: + mode: ReadWriteMany + uploadsSize: 5Gi + uploadsStorageClass: null + geoIpSize: 1Gi + geoIpStorageClass: null + config: # Optionally specify fixed secret_key, otherwise generated automatically # secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o diff --git a/website/docs/installation/kubernetes.md b/website/docs/installation/kubernetes.md index 7910c5b79..1d10294cb 100644 --- a/website/docs/installation/kubernetes.md +++ b/website/docs/installation/kubernetes.md @@ -32,6 +32,16 @@ workerReplicas: 1 # Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes kubernetesIntegration: true +monitoring: # Optionally deploy Prometheus Rules and ServiceMonitors + enabled: false + +pvc: + mode: ReadWriteMany + uploadsSize: 5Gi + uploadsStorageClass: null + geoIpSize: 1Gi + geoIpStorageClass: null + config: # Optionally specify fixed secret_key, otherwise generated automatically # secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o From ada49c077ac2ba13781a98c0a01941d540877e83 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 17:06:06 +0200 Subject: [PATCH 09/21] web/admin: fix error when user doesn't have permissions to read source Signed-off-by: Jens Langhammer --- .../pages/user-settings/UserSettingsPage.ts | 2 +- .../settings/SourceSettingsOAuth.ts | 31 +++++++++---------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/web/src/pages/user-settings/UserSettingsPage.ts b/web/src/pages/user-settings/UserSettingsPage.ts index d475167d2..8f474ff03 100644 --- a/web/src/pages/user-settings/UserSettingsPage.ts +++ b/web/src/pages/user-settings/UserSettingsPage.ts @@ -56,7 +56,7 @@ export class UserSettingsPage extends LitElement { renderSourceSettings(source: UserSetting): TemplateResult { switch (source.component) { case "ak-user-settings-source-oauth": - return html` + return html` `; default: return html`

${t`Error: unsupported source settings: ${source.component}`}

`; diff --git a/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts b/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts index cd41a465b..a3d1eeeff 100644 --- a/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts +++ b/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts @@ -1,6 +1,6 @@ -import { customElement, html, TemplateResult } from "lit-element"; +import { customElement, html, property, TemplateResult } from "lit-element"; import { BaseUserSettings } from "./BaseUserSettings"; -import { OAuthSource, SourcesApi } from "authentik-api"; +import { SourcesApi } from "authentik-api"; import { until } from "lit-html/directives/until"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { t } from "@lingui/macro"; @@ -9,22 +9,21 @@ import { AppURLManager } from "../../../api/legacy"; @customElement("ak-user-settings-source-oauth") export class SourceSettingsOAuth extends BaseUserSettings { + @property() + title!: string; + render(): TemplateResult { - return html`${until(new SourcesApi(DEFAULT_CONFIG).sourcesOauthRead({ - slug: this.objectId - }).then((source) => { - return html`
-
- ${t`Source ${source.name}`} -
-
- ${this.renderInner(source)} -
-
`; - }))}`; + return html`
+
+ ${t`Source ${this.title}`} +
+
+ ${this.renderInner()} +
+
`; } - renderInner(source: OAuthSource): TemplateResult { + renderInner(): TemplateResult { return html`${until(new SourcesApi(DEFAULT_CONFIG).sourcesOauthUserConnectionsList({ sourceSlug: this.objectId }).then((connection) => { @@ -41,7 +40,7 @@ export class SourceSettingsOAuth extends BaseUserSettings { } return html`

${t`Not connected.`}

+ href=${AppURLManager.sourceOAuth(this.objectId, "login")}> ${t`Connect`} `; }))}`; From 71b6839d0348b55be9037058a21a594f442b625a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 17:18:55 +0200 Subject: [PATCH 10/21] flows: include configure_flow in stages API Signed-off-by: Jens Langhammer --- authentik/flows/api/stages.py | 13 ++++++++++++- swagger.yaml | 24 +++++++++++++++++++++++- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/authentik/flows/api/stages.py b/authentik/flows/api/stages.py index 4d89cb19b..190903662 100644 --- a/authentik/flows/api/stages.py +++ b/authentik/flows/api/stages.py @@ -4,6 +4,7 @@ from typing import Iterable from drf_yasg.utils import swagger_auto_schema from rest_framework import mixins from rest_framework.decorators import action +from rest_framework.fields import BooleanField from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer, SerializerMethodField @@ -19,6 +20,12 @@ from authentik.lib.utils.reflection import all_subclasses LOGGER = get_logger() +class StageUserSettingSerializer(UserSettingSerializer): + """User settings but can include a configure flow""" + + configure_flow = BooleanField(required=False) + + class StageSerializer(ModelSerializer, MetaNameSerializer): """Stage Serializer""" @@ -78,7 +85,7 @@ class StageViewSet( data = sorted(data, key=lambda x: x["name"]) return Response(TypeCreateSerializer(data, many=True).data) - @swagger_auto_schema(responses={200: UserSettingSerializer(many=True)}) + @swagger_auto_schema(responses={200: StageUserSettingSerializer(many=True)}) @action(detail=False, pagination_class=None, filter_backends=[]) def user_settings(self, request: Request) -> Response: """Get all stages the user can configure""" @@ -89,6 +96,10 @@ class StageViewSet( if not user_settings: continue user_settings.initial_data["object_uid"] = str(stage.pk) + if hasattr(stage, "configure_flow"): + user_settings.initial_data["configure_flow"] = bool( + stage.configure_flow + ) if not user_settings.is_valid(): LOGGER.warning(user_settings.errors) matching_stages.append(user_settings.initial_data) diff --git a/swagger.yaml b/swagger.yaml index 58d1c47c5..e83b9edc3 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -10265,7 +10265,7 @@ paths: schema: type: array items: - $ref: '#/definitions/UserSetting' + $ref: '#/definitions/StageUserSetting' '403': description: Authentication credentials were invalid, absent or insufficient. schema: @@ -17216,6 +17216,28 @@ definitions: \ log out manually. (Format: hours=1;minutes=2;seconds=3)." type: string minLength: 1 + StageUserSetting: + required: + - object_uid + - component + - title + type: object + properties: + object_uid: + title: Object uid + type: string + minLength: 1 + component: + title: Component + type: string + minLength: 1 + title: + title: Title + type: string + minLength: 1 + configure_flow: + title: Configure flow + type: boolean AuthenticatorStaticStage: required: - name From 7c858c9626899d4bfe62cb2a052a682585a6af62 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 17:24:58 +0200 Subject: [PATCH 11/21] web/admin: fix errors in user profile when non-superuser Signed-off-by: Jens Langhammer --- web/src/locales/en.po | 57 ++++++++++--------- web/src/locales/pseudo-LOCALE.po | 55 +++++++++--------- .../UserSettingsAuthenticatorStatic.ts | 21 ++++--- .../settings/UserSettingsAuthenticatorTOTP.ts | 21 ++++--- .../UserSettingsAuthenticatorWebAuthn.ts | 19 +++---- 5 files changed, 88 insertions(+), 85 deletions(-) diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 4d1ec403e..17a7ed261 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -280,7 +280,7 @@ msgid "Authentication flow" msgstr "Authentication flow" #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts:63 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:29 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:33 msgid "Authenticator" msgstr "Authenticator" @@ -588,7 +588,7 @@ msgstr "Configuration" msgid "Configuration flow" msgstr "Configuration flow" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:103 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:106 msgid "Configure WebAuthn" msgstr "Configure WebAuthn" @@ -608,11 +608,11 @@ msgstr "Configure settings relevant to your user profile." msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." msgstr "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:47 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:43 msgid "Connect" msgstr "Connect" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:34 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:30 msgid "Connected." msgstr "Connected." @@ -832,7 +832,7 @@ msgstr "Create {0}" msgid "Created by" msgstr "Created by" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:86 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:90 msgid "Created {0}" msgstr "Created {0}" @@ -884,7 +884,7 @@ msgstr "Define how notifications are sent to users, like Email or Webhook." #: src/pages/stages/invitation/InvitationListPage.ts:68 #: src/pages/stages/prompt/PromptListPage.ts:87 #: src/pages/tokens/TokenListPage.ts:68 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:36 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:40 #: src/pages/user-settings/tokens/UserTokenList.ts:125 #: src/pages/users/UserListPage.ts:115 msgid "Delete" @@ -963,7 +963,7 @@ msgstr "Determines how long a session lasts. Default of 0 seconds means that the msgid "Device classes which can be used to authenticate." msgstr "Device classes which can be used to authenticate." -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:59 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:63 msgid "Device name" msgstr "Device name" @@ -981,11 +981,11 @@ msgstr "Digits" msgid "Disable" msgstr "Disable" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:51 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:55 msgid "Disable Static Tokens" msgstr "Disable Static Tokens" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:36 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:40 msgid "Disable Time-based OTP" msgstr "Disable Time-based OTP" @@ -993,7 +993,7 @@ msgstr "Disable Time-based OTP" msgid "Disabled" msgstr "Disabled" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:41 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:37 msgid "Disconnect" msgstr "Disconnect" @@ -1096,13 +1096,13 @@ msgstr "Enable" msgid "Enable StartTLS" msgstr "Enable StartTLS" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:67 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:55 msgid "Enable Static Tokens" msgstr "Enable Static Tokens" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:52 -msgid "Enable Time-based OTP" -msgstr "Enable Time-based OTP" +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:70 +msgid "Enable TOTP" +msgstr "Enable TOTP" #: src/pages/policies/BoundPoliciesList.ts:37 #: src/pages/policies/PolicyBindingForm.ts:198 @@ -2020,7 +2020,7 @@ msgstr "Not available" msgid "Not configured action" msgstr "Not configured action" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:44 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:40 msgid "Not connected." msgstr "Not connected." @@ -2822,7 +2822,7 @@ msgstr "Something went wrong! Please try again later." msgid "Source" msgstr "Source" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:21 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:18 msgid "Source {0}" msgstr "Source {0}" @@ -2901,10 +2901,13 @@ msgid "State" msgstr "State" #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:104 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:77 msgid "Static Tokens" msgstr "Static Tokens" +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:62 +msgid "Static tokens" +msgstr "Static tokens" + #: src/pages/stages/prompt/PromptForm.ts:75 msgid "Static: Static value, displayed as-is." msgstr "Static: Static value, displayed as-is." @@ -2917,13 +2920,13 @@ msgstr "Statically deny the flow. To use this stage effectively, disable *Evalua msgid "Status" msgstr "Status" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:44 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:59 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:48 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:63 msgid "Status: Disabled" msgstr "Status: Disabled" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:18 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:22 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:22 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:26 msgid "Status: Enabled" msgstr "Status: Enabled" @@ -3104,7 +3107,7 @@ msgstr "Successfully updated certificate-key pair." msgid "Successfully updated details." msgstr "Successfully updated details." -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:50 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:54 msgid "Successfully updated device." msgstr "Successfully updated device." @@ -3343,7 +3346,7 @@ msgstr "Time in minutes the token sent is valid." msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)." msgstr "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)." -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:62 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:77 msgid "Time-based One-Time Passwords" msgstr "Time-based One-Time Passwords" @@ -3490,9 +3493,9 @@ msgstr "Up-to-date!" #: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/prompt/PromptListPage.ts:67 #: src/pages/user-settings/UserDetailsPage.ts:81 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:43 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:46 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:67 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:47 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:50 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:71 #: src/pages/user-settings/tokens/UserTokenList.ts:105 #: src/pages/users/UserActiveForm.ts:66 #: src/pages/users/UserListPage.ts:68 @@ -3788,7 +3791,7 @@ msgstr "Warning: Provider not assigned to any application." msgid "WebAuthn Authenticators" msgstr "WebAuthn Authenticators" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:74 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:78 msgid "WebAuthn Devices" msgstr "WebAuthn Devices" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index 61e64a27b..117e3398a 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -276,7 +276,7 @@ msgid "Authentication flow" msgstr "" #: src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts:63 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:29 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:33 msgid "Authenticator" msgstr "" @@ -582,7 +582,7 @@ msgstr "" msgid "Configuration flow" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:103 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:106 msgid "Configure WebAuthn" msgstr "" @@ -602,11 +602,11 @@ msgstr "" msgid "Configure what data should be used as unique User Identifier. For most cases, the default should be fine." msgstr "" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:47 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:43 msgid "Connect" msgstr "" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:34 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:30 msgid "Connected." msgstr "" @@ -826,7 +826,7 @@ msgstr "" msgid "Created by" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:86 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:90 msgid "Created {0}" msgstr "" @@ -878,7 +878,7 @@ msgstr "" #: src/pages/stages/invitation/InvitationListPage.ts:68 #: src/pages/stages/prompt/PromptListPage.ts:87 #: src/pages/tokens/TokenListPage.ts:68 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:36 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:40 #: src/pages/user-settings/tokens/UserTokenList.ts:125 #: src/pages/users/UserListPage.ts:115 msgid "Delete" @@ -955,7 +955,7 @@ msgstr "" msgid "Device classes which can be used to authenticate." msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:59 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:63 msgid "Device name" msgstr "" @@ -973,11 +973,11 @@ msgstr "" msgid "Disable" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:51 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:55 msgid "Disable Static Tokens" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:36 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:40 msgid "Disable Time-based OTP" msgstr "" @@ -985,7 +985,7 @@ msgstr "" msgid "Disabled" msgstr "" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:41 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:37 msgid "Disconnect" msgstr "" @@ -1088,12 +1088,12 @@ msgstr "" msgid "Enable StartTLS" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:67 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:55 msgid "Enable Static Tokens" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:52 -msgid "Enable Time-based OTP" +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:70 +msgid "Enable TOTP" msgstr "" #: src/pages/policies/BoundPoliciesList.ts:37 @@ -2012,7 +2012,7 @@ msgstr "" msgid "Not configured action" msgstr "" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:44 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:40 msgid "Not connected." msgstr "" @@ -2814,7 +2814,7 @@ msgstr "" msgid "Source" msgstr "" -#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:21 +#: src/pages/user-settings/settings/SourceSettingsOAuth.ts:18 msgid "Source {0}" msgstr "" @@ -2893,10 +2893,13 @@ msgid "State" msgstr "" #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts:104 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:77 msgid "Static Tokens" msgstr "" +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:62 +msgid "Static tokens" +msgstr "" + #: src/pages/stages/prompt/PromptForm.ts:75 msgid "Static: Static value, displayed as-is." msgstr "" @@ -2909,13 +2912,13 @@ msgstr "" msgid "Status" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:44 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:59 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:48 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:63 msgid "Status: Disabled" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:18 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:22 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:22 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:26 msgid "Status: Enabled" msgstr "" @@ -3096,7 +3099,7 @@ msgstr "" msgid "Successfully updated details." msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:50 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:54 msgid "Successfully updated device." msgstr "" @@ -3333,7 +3336,7 @@ msgstr "" msgid "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)." msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts:62 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts:77 msgid "Time-based One-Time Passwords" msgstr "" @@ -3480,9 +3483,9 @@ msgstr "" #: src/pages/stages/StageListPage.ts:85 #: src/pages/stages/prompt/PromptListPage.ts:67 #: src/pages/user-settings/UserDetailsPage.ts:81 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:43 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:46 -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:67 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:47 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:50 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:71 #: src/pages/user-settings/tokens/UserTokenList.ts:105 #: src/pages/users/UserActiveForm.ts:66 #: src/pages/users/UserListPage.ts:68 @@ -3778,7 +3781,7 @@ msgstr "" msgid "WebAuthn Authenticators" msgstr "" -#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:74 +#: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts:78 msgid "WebAuthn Devices" msgstr "" diff --git a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts index d14514ee8..c76480661 100644 --- a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts +++ b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorStatic.ts @@ -1,6 +1,6 @@ -import { AuthenticatorsApi, StagesApi } from "authentik-api"; +import { AuthenticatorsApi } from "authentik-api"; import { t } from "@lingui/macro"; -import { customElement, html, TemplateResult } from "lit-element"; +import { customElement, html, property, TemplateResult } from "lit-element"; import { until } from "lit-html/directives/until"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { FlowURLManager } from "../../../api/legacy"; @@ -9,6 +9,9 @@ import { BaseUserSettings } from "./BaseUserSettings"; @customElement("ak-user-settings-authenticator-static") export class UserSettingsAuthenticatorStatic extends BaseUserSettings { + @property({ type: Boolean }) + configureFlow = false; + renderEnabled(): TemplateResult { return html`

@@ -44,21 +47,17 @@ export class UserSettingsAuthenticatorStatic extends BaseUserSettings {

- ${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorTotpRead({ stageUuid: this.objectId}).then((stage) => { - if (stage.configureFlow) { - return html`${t`Enable Time-based OTP`} - `; - } - return html``; - }))} + ${this.configureFlow ? + html`${t`Enable Static Tokens`} + `: html``}
`; } render(): TemplateResult { return html`
- ${t`Time-based One-Time Passwords`} + ${t`Static tokens`}
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpList({}).then((devices) => { return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled(); diff --git a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts index 06171eece..2ce65527f 100644 --- a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts +++ b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorTOTP.ts @@ -1,6 +1,6 @@ -import { AuthenticatorsApi, StagesApi } from "authentik-api"; +import { AuthenticatorsApi } from "authentik-api"; import { t } from "@lingui/macro"; -import { CSSResult, customElement, html, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, property, TemplateResult } from "lit-element"; import { until } from "lit-html/directives/until"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { FlowURLManager } from "../../../api/legacy"; @@ -10,6 +10,9 @@ import { BaseUserSettings } from "./BaseUserSettings"; @customElement("ak-user-settings-authenticator-totp") export class UserSettingsAuthenticatorTOTP extends BaseUserSettings { + @property({ type: Boolean }) + configureFlow = false; + static get styles(): CSSResult[] { return super.styles.concat(STATIC_TOKEN_STYLE); } @@ -59,21 +62,17 @@ export class UserSettingsAuthenticatorTOTP extends BaseUserSettings {

- ${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorStaticRead({ stageUuid: this.objectId}).then((stage) => { - if (stage.configureFlow) { - return html`${t`Enable Static Tokens`} - `; - } - return html``; - }))} + ${this.configureFlow ? + html`${t`Enable TOTP`} + `: html``}
`; } render(): TemplateResult { return html`
- ${t`Static Tokens`} + ${t`Time-based One-Time Passwords`}
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpList({}).then((devices) => { return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled(); diff --git a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts index c454d76d3..fc40933e7 100644 --- a/web/src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts +++ b/web/src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts @@ -1,6 +1,6 @@ -import { CSSResult, customElement, html, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, property, TemplateResult } from "lit-element"; import { t } from "@lingui/macro"; -import { AuthenticatorsApi, StagesApi, WebAuthnDevice } from "authentik-api"; +import { AuthenticatorsApi, WebAuthnDevice } from "authentik-api"; import { until } from "lit-html/directives/until"; import { FlowURLManager } from "../../../api/legacy"; import { DEFAULT_CONFIG } from "../../../api/Config"; @@ -17,6 +17,9 @@ import { ifDefined } from "lit-html/directives/if-defined"; @customElement("ak-user-settings-authenticator-webauthn") export class UserSettingsAuthenticatorWebAuthn extends BaseUserSettings { + @property({type: Boolean}) + configureFlow = false; + static get styles(): CSSResult[] { return super.styles.concat(PFDataList); } @@ -96,14 +99,10 @@ export class UserSettingsAuthenticatorWebAuthn extends BaseUserSettings {
- ${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnRead({ stageUuid: this.objectId}).then((stage) => { - if (stage.configureFlow) { - return html`${t`Configure WebAuthn`} - `; - } - return html``; - }))} + ${this.configureFlow ? + html`${t`Configure WebAuthn`} + `: html``}
`; } From 0b03d66a2f52aff8b85d56e2210de8727f04d3a6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 22:43:35 +0200 Subject: [PATCH 12/21] outposts: fix errors when creating multiple outposts Signed-off-by: Jens Langhammer --- authentik/outposts/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 442f81371..33e653d5e 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -356,7 +356,7 @@ class Outpost(models.Model): intent=TokenIntents.INTENT_API, description=f"Autogenerated by authentik for Outpost {self.name}", expiring=False, - managed="goauthentik.io/outpost", + managed=f"goauthentik.io/outpost/{self.token_identifier}", ) def get_required_objects(self) -> Iterable[models.Model]: From e8ba15975607adcd095e76ba16251ef6f979e11b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 22:44:42 +0200 Subject: [PATCH 13/21] root: fix setting of EMAIL_USE_TLS and EMAIL_USE_SSL Signed-off-by: Jens Langhammer --- authentik/root/settings.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/root/settings.py b/authentik/root/settings.py index ec052c734..eb6a99048 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -254,8 +254,8 @@ EMAIL_HOST = CONFIG.y("email.host") EMAIL_PORT = int(CONFIG.y("email.port")) EMAIL_HOST_USER = CONFIG.y("email.username") EMAIL_HOST_PASSWORD = CONFIG.y("email.password") -EMAIL_USE_TLS = CONFIG.y("email.use_tls") -EMAIL_USE_SSL = CONFIG.y("email.use_ssl") +EMAIL_USE_TLS = CONFIG.y_bool("email.use_tls", True) +EMAIL_USE_SSL = CONFIG.y_bool("email.use_ssl", False) EMAIL_TIMEOUT = int(CONFIG.y("email.timeout")) DEFAULT_FROM_EMAIL = CONFIG.y("email.from") SERVER_EMAIL = DEFAULT_FROM_EMAIL From 262a9fa2a0b12736d5e587b54234560e645bfea5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 22:56:44 +0200 Subject: [PATCH 14/21] flows: annotate flows executor 404 error Signed-off-by: Jens Langhammer --- authentik/flows/views.py | 1 + swagger.yaml | 8 ++++---- web/src/flows/FlowExecutor.ts | 10 +++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/authentik/flows/views.py b/authentik/flows/views.py index f291d39f0..ffaf19748 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -127,6 +127,7 @@ class FlowExecutorView(APIView): @swagger_auto_schema( responses={ 200: Challenge(), + 404: "No Token found" # This error can be raised by the email stage }, request_body=no_body, manual_parameters=[ diff --git a/swagger.yaml b/swagger.yaml index e83b9edc3..ab213512a 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -3664,15 +3664,15 @@ paths: description: '' schema: $ref: '#/definitions/Challenge' - '403': - description: Authentication credentials were invalid, absent or insufficient. - schema: - $ref: '#/definitions/GenericError' '404': description: Object does not exist or caller has insufficient permissions to access it. schema: $ref: '#/definitions/APIException' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows post: diff --git a/web/src/flows/FlowExecutor.ts b/web/src/flows/FlowExecutor.ts index ddb622375..24a87fc98 100644 --- a/web/src/flows/FlowExecutor.ts +++ b/web/src/flows/FlowExecutor.ts @@ -162,11 +162,11 @@ export class FlowExecutor extends LitElement implements StageHost { ` }; From 6be19962d2524910c8f81ed11f028d6552c3b405 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 23:01:10 +0200 Subject: [PATCH 15/21] outposts: bump go version Signed-off-by: Jens Langhammer --- outpost/azure-pipelines.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/outpost/azure-pipelines.yml b/outpost/azure-pipelines.yml index 992017566..cabdf0baa 100644 --- a/outpost/azure-pipelines.yml +++ b/outpost/azure-pipelines.yml @@ -18,7 +18,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.15' + version: '1.16' - task: CmdLine@2 inputs: script: | @@ -40,7 +40,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.15' + version: '1.16' - task: Go@0 inputs: command: 'get' @@ -63,7 +63,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.15' + version: '1.16' - task: DownloadPipelineArtifact@2 inputs: buildType: 'current' @@ -82,7 +82,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.15' + version: '1.16' - task: DownloadPipelineArtifact@2 inputs: buildType: 'current' From f67b57e3699206e3144cb26020c9098483a533f4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 23:15:06 +0200 Subject: [PATCH 16/21] flows: fix linting Signed-off-by: Jens Langhammer --- authentik/flows/views.py | 2 +- outpost/azure-pipelines.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/authentik/flows/views.py b/authentik/flows/views.py index ffaf19748..437857dff 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -127,7 +127,7 @@ class FlowExecutorView(APIView): @swagger_auto_schema( responses={ 200: Challenge(), - 404: "No Token found" # This error can be raised by the email stage + 404: "No Token found", # This error can be raised by the email stage }, request_body=no_body, manual_parameters=[ diff --git a/outpost/azure-pipelines.yml b/outpost/azure-pipelines.yml index cabdf0baa..3f93f8f37 100644 --- a/outpost/azure-pipelines.yml +++ b/outpost/azure-pipelines.yml @@ -18,7 +18,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.16' + version: '1.16.3' - task: CmdLine@2 inputs: script: | @@ -40,7 +40,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.16' + version: '1.16.3' - task: Go@0 inputs: command: 'get' @@ -63,7 +63,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.16' + version: '1.16.3' - task: DownloadPipelineArtifact@2 inputs: buildType: 'current' @@ -82,7 +82,7 @@ stages: steps: - task: GoTool@0 inputs: - version: '1.16' + version: '1.16.3' - task: DownloadPipelineArtifact@2 inputs: buildType: 'current' From 4a444e667a0f43fedd9bad0ec0ab6fceb7c165cb Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 Apr 2021 23:46:03 +0200 Subject: [PATCH 17/21] root: base Websocket message storage on Base not fallback Signed-off-by: Jens Langhammer --- authentik/root/messages/storage.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/authentik/root/messages/storage.py b/authentik/root/messages/storage.py index 4e23ca729..e9204527e 100644 --- a/authentik/root/messages/storage.py +++ b/authentik/root/messages/storage.py @@ -1,13 +1,12 @@ """Channels Messages storage""" from asgiref.sync import async_to_sync from channels.layers import get_channel_layer -from django.contrib.messages.storage.base import Message -from django.contrib.messages.storage.fallback import FallbackStorage +from django.contrib.messages.storage.base import BaseStorage, Message from django.core.cache import cache from django.http.request import HttpRequest -class ChannelsStorage(FallbackStorage): +class ChannelsStorage(BaseStorage): """Send contrib.messages over websocket""" def __init__(self, request: HttpRequest) -> None: @@ -15,6 +14,9 @@ class ChannelsStorage(FallbackStorage): super().__init__(request) self.channel = get_channel_layer() + def _get(self): + return [], True + def _store(self, messages: list[Message], response, *args, **kwargs): prefix = f"user_{self.request.session.session_key}_messages_" keys = cache.keys(f"{prefix}*") From 31909a4d788e6560270c621a0636d9fd554a3232 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 17 Apr 2021 11:16:40 +0200 Subject: [PATCH 18/21] outpost: fix outpost deps Signed-off-by: Jens Langhammer --- outpost/go.sum | 1 + 1 file changed, 1 insertion(+) diff --git a/outpost/go.sum b/outpost/go.sum index adf47e9a3..0e849a56c 100644 --- a/outpost/go.sum +++ b/outpost/go.sum @@ -715,6 +715,7 @@ golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= From 2e44c1cdfc27c902b03ffd85073de1ef328edd6d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 17 Apr 2021 11:29:51 +0200 Subject: [PATCH 19/21] sources/ldap: improve error handling during sync Signed-off-by: Jens Langhammer --- authentik/sources/ldap/sync/groups.py | 19 ++++++++++++------- authentik/sources/ldap/sync/users.py | 3 ++- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py index 149797218..291dbb67a 100644 --- a/authentik/sources/ldap/sync/groups.py +++ b/authentik/sources/ldap/sync/groups.py @@ -1,9 +1,11 @@ """Sync LDAP Users and groups into authentik""" import ldap3 import ldap3.core.exceptions +from django.core.exceptions import FieldError from django.db.utils import IntegrityError from authentik.core.models import Group +from authentik.events.models import Event, EventAction from authentik.sources.ldap.sync.base import LDAP_UNIQUENESS, BaseLDAPSynchronizer @@ -47,14 +49,17 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer): "defaults": defaults, } ) - except IntegrityError as exc: - self._logger.warning("Failed to create group", exc=exc) - self._logger.warning( - ( - "To merge new group with existing group, set the group's " + except (IntegrityError, FieldError) as exc: + Event.new( + EventAction.CONFIGURATION_ERROR, + message=( + f"Failed to create group: {str(exc)} " + "To merge new group with existing group, set the groups's " f"Attribute '{LDAP_UNIQUENESS}' to '{uniq}'" - ) - ) + ), + source=self._source, + dn=group_dn, + ).save() else: self._logger.debug("Synced group", group=ak_group.name, created=created) group_count += 1 diff --git a/authentik/sources/ldap/sync/users.py b/authentik/sources/ldap/sync/users.py index 55ffbca1c..a7fd98186 100644 --- a/authentik/sources/ldap/sync/users.py +++ b/authentik/sources/ldap/sync/users.py @@ -3,6 +3,7 @@ from datetime import datetime import ldap3 import ldap3.core.exceptions +from django.core.exceptions import FieldError from django.db.utils import IntegrityError from pytz import UTC @@ -48,7 +49,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer): "defaults": defaults, } ) - except IntegrityError as exc: + except (IntegrityError, FieldError) as exc: Event.new( EventAction.CONFIGURATION_ERROR, message=( From b5b8573d8713e640a3d4af6e70e320dc3485047a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 17 Apr 2021 11:50:28 +0200 Subject: [PATCH 20/21] core: fix propertymapping API returning invalid value for components closes #746 Signed-off-by: Jens Langhammer --- authentik/core/api/propertymappings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authentik/core/api/propertymappings.py b/authentik/core/api/propertymappings.py index da5da96cd..05633bf98 100644 --- a/authentik/core/api/propertymappings.py +++ b/authentik/core/api/propertymappings.py @@ -91,7 +91,8 @@ class PropertyMappingViewSet( { "name": subclass._meta.verbose_name, "description": subclass.__doc__, - "component": subclass.component, + # pyright: reportGeneralTypeIssues=false + "component": subclass().component, } ) return Response(TypeCreateSerializer(data, many=True).data) From 60615c9f3e18be4136df98e1f8105243ff5417c6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 17 Apr 2021 15:26:59 +0200 Subject: [PATCH 21/21] release: 2021.4.2 --- .bumpversion.cfg | 2 +- .github/workflows/release.yml | 14 +++++++------- authentik/__init__.py | 2 +- docker-compose.yml | 6 +++--- helm/Chart.yaml | 2 +- helm/README.md | 2 +- helm/values.yaml | 2 +- outpost/pkg/version.go | 2 +- web/nginx.conf | 2 +- web/src/constants.ts | 2 +- website/docs/installation/docker-compose.md | 2 +- website/docs/installation/kubernetes.md | 2 +- .../docs/outposts/manual-deploy-docker-compose.md | 2 +- website/docs/outposts/manual-deploy-kubernetes.md | 14 +++++++------- 14 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 4b89d4200..363bab7c1 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 2021.4.1 +current_version = 2021.4.2 tag = True commit = True parse = (?P\d+)\.(?P\d+)\.(?P\d+)\-?(?P.*) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18d26ce2e..afea61725 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,11 +18,11 @@ jobs: - name: Building Docker Image run: docker build --no-cache - -t beryju/authentik:2021.4.1 + -t beryju/authentik:2021.4.2 -t beryju/authentik:latest -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik:2021.4.1 + run: docker push beryju/authentik:2021.4.2 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik:latest build-proxy: @@ -48,11 +48,11 @@ jobs: cd outpost/ docker build \ --no-cache \ - -t beryju/authentik-proxy:2021.4.1 \ + -t beryju/authentik-proxy:2021.4.2 \ -t beryju/authentik-proxy:latest \ -f proxy.Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-proxy:2021.4.1 + run: docker push beryju/authentik-proxy:2021.4.2 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-proxy:latest build-static: @@ -72,11 +72,11 @@ jobs: cd web/ docker build \ --no-cache \ - -t beryju/authentik-static:2021.4.1 \ + -t beryju/authentik-static:2021.4.2 \ -t beryju/authentik-static:latest \ -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-static:2021.4.1 + run: docker push beryju/authentik-static:2021.4.2 - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-static:latest test-release: @@ -110,5 +110,5 @@ jobs: SENTRY_PROJECT: authentik SENTRY_URL: https://sentry.beryju.org with: - tagName: 2021.4.1 + tagName: 2021.4.2 environment: beryjuorg-prod diff --git a/authentik/__init__.py b/authentik/__init__.py index a91e6b4d4..48be121bd 100644 --- a/authentik/__init__.py +++ b/authentik/__init__.py @@ -1,3 +1,3 @@ """authentik""" -__version__ = "2021.4.1" +__version__ = "2021.4.2" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" diff --git a/docker-compose.yml b/docker-compose.yml index 6e78c65fb..49838df91 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: networks: - internal server: - image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.1} + image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} restart: unless-stopped command: server environment: @@ -48,7 +48,7 @@ services: env_file: - .env worker: - image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.1} + image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.2} restart: unless-stopped command: worker networks: @@ -68,7 +68,7 @@ services: env_file: - .env static: - image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.1} + image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.4.2} restart: unless-stopped networks: - internal diff --git a/helm/Chart.yaml b/helm/Chart.yaml index c68776f71..9924f6a21 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -4,7 +4,7 @@ name: authentik home: https://goauthentik.io sources: - https://github.com/BeryJu/authentik -version: "2021.4.1" +version: "2021.4.2" icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg dependencies: - name: postgresql diff --git a/helm/README.md b/helm/README.md index 5327a9257..081f3ad12 100644 --- a/helm/README.md +++ b/helm/README.md @@ -4,7 +4,7 @@ |-----------------------------------|-------------------------|-------------| | image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | -| image.tag | 2021.4.1 | Image tag | +| image.tag | 2021.4.2 | Image tag | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | serverReplicas | 1 | Replicas for the Server deployment | | workerReplicas | 1 | Replicas for the Worker deployment | diff --git a/helm/values.yaml b/helm/values.yaml index 7417e63b8..f911a53b5 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -5,7 +5,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.4.1 + tag: 2021.4.2 pullPolicy: IfNotPresent serverReplicas: 1 diff --git a/outpost/pkg/version.go b/outpost/pkg/version.go index 356310e9f..74e4aa4a0 100644 --- a/outpost/pkg/version.go +++ b/outpost/pkg/version.go @@ -1,3 +1,3 @@ package pkg -const VERSION = "2021.4.1" +const VERSION = "2021.4.2" diff --git a/web/nginx.conf b/web/nginx.conf index 049df8dfa..e992b7ce6 100644 --- a/web/nginx.conf +++ b/web/nginx.conf @@ -81,7 +81,7 @@ http { location /static/ { expires 31d; add_header Cache-Control "public, no-transform"; - add_header X-authentik-version "2021.4.1"; + add_header X-authentik-version "2021.4.2"; add_header Vary X-authentik-version; } diff --git a/web/src/constants.ts b/web/src/constants.ts index 9c267369a..e726de6e7 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success"; export const ERROR_CLASS = "pf-m-danger"; export const PROGRESS_CLASS = "pf-m-in-progress"; export const CURRENT_CLASS = "pf-m-current"; -export const VERSION = "2021.4.1"; +export const VERSION = "2021.4.2"; export const PAGE_SIZE = 20; export const EVENT_REFRESH = "ak-refresh"; export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle"; diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index d6422b03f..e920defa0 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -16,7 +16,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env` -To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.1 >> .env` +To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.2 >> .env` If this is a fresh authentik install run the following commands to generate a password: diff --git a/website/docs/installation/kubernetes.md b/website/docs/installation/kubernetes.md index 1d10294cb..0bca992ac 100644 --- a/website/docs/installation/kubernetes.md +++ b/website/docs/installation/kubernetes.md @@ -24,7 +24,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.4.1 + tag: 2021.4.2 serverReplicas: 1 workerReplicas: 1 diff --git a/website/docs/outposts/manual-deploy-docker-compose.md b/website/docs/outposts/manual-deploy-docker-compose.md index 1b3c55762..90d5ca658 100644 --- a/website/docs/outposts/manual-deploy-docker-compose.md +++ b/website/docs/outposts/manual-deploy-docker-compose.md @@ -11,7 +11,7 @@ version: "3.5" services: authentik_proxy: - image: beryju/authentik-proxy:2021.4.1 + image: beryju/authentik-proxy:2021.4.2 ports: - 4180:4180 - 4443:4443 diff --git a/website/docs/outposts/manual-deploy-kubernetes.md b/website/docs/outposts/manual-deploy-kubernetes.md index 70607b1e2..20e29e265 100644 --- a/website/docs/outposts/manual-deploy-kubernetes.md +++ b/website/docs/outposts/manual-deploy-kubernetes.md @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 name: authentik-outpost-api stringData: authentik_host: "__AUTHENTIK_URL__" @@ -29,7 +29,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 name: authentik-outpost spec: ports: @@ -54,7 +54,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 name: authentik-outpost spec: selector: @@ -62,14 +62,14 @@ spec: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 template: metadata: labels: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 spec: containers: - env: @@ -88,7 +88,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: beryju/authentik-proxy:2021.4.1 + image: beryju/authentik-proxy:2021.4.2 name: proxy ports: - containerPort: 4180 @@ -110,7 +110,7 @@ metadata: app.kubernetes.io/instance: __OUTPOST_NAME__ app.kubernetes.io/managed-by: goauthentik.io app.kubernetes.io/name: authentik-proxy - app.kubernetes.io/version: 2021.4.1 + app.kubernetes.io/version: 2021.4.2 name: authentik-outpost spec: rules: