diff --git a/Pipfile.lock b/Pipfile.lock
index 59747ff6b..ccb1fd41c 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -76,11 +76,11 @@
},
"asgiref": {
"hashes": [
- "sha256:92906c611ce6c967347bbfea733f13d6313901d54dcca88195eaeb52b2a8e8ee",
- "sha256:d1216dfbdfb63826470995d31caed36225dcaf34f182e0fa257a4dd9e86f1b78"
+ "sha256:05914d0fa65a21711e732adc6572edad6c8da5f1435c3f0c060689ced5e85195",
+ "sha256:d36fa91dd90e3aa3c81a6bd426ccc8fb20bd3d22b0cf14a12800289e9c3e2563"
],
"markers": "python_version >= '3.6'",
- "version": "==3.3.4"
+ "version": "==3.4.0"
},
"async-timeout": {
"hashes": [
@@ -122,19 +122,19 @@
},
"boto3": {
"hashes": [
- "sha256:2c2f70608934b03f9c08f4cd185de223b5abd18245dd4d4800e1fbc2a2523e31",
- "sha256:fccfa81cda69bb2317ed97e7149d7d84d19e6ec3bfbe3f721139e7ac0c407c73"
+ "sha256:6300e9ee9a404038113250bd218e2c4827f5e676efb14e77de2ad2dcb67679bc",
+ "sha256:be4714f0475c1f5183eea09ddbf568ced6fa41b0fc9976f2698b8442e1b17303"
],
"index": "pypi",
- "version": "==1.17.98"
+ "version": "==1.17.102"
},
"botocore": {
"hashes": [
- "sha256:b2a49de4ee04b690142c8e7240f0f5758e3f7673dd39cf398efe893bf5e11c3f",
- "sha256:b955b23fe2fbdbbc8e66f37fe2970de6b5d8169f940b200bcf434751709d38f6"
+ "sha256:2f57f7ceed1598d96cc497aeb45317db5d3b21a5aafea4732d0e561d0fc2a8fa",
+ "sha256:bdf08a4f7f01ead00d386848f089c08270499711447569c18d0db60023619c06"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
- "version": "==1.20.98"
+ "version": "==1.20.102"
},
"cachetools": {
"hashes": [
@@ -165,11 +165,11 @@
},
"celery": {
"hashes": [
- "sha256:54436cd97b031bf2e08064223240e2a83d601d9414bcb1b702f94c6c33c29485",
- "sha256:b5399d76cf70d5cfac3ec993f8796ec1aa90d4cef55972295751f384758a80d7"
+ "sha256:8d9a3de9162965e97f8e8cc584c67aad83b3f7a267584fa47701ed11c3e0d4b0",
+ "sha256:9dab2170b4038f7bf10ef2861dbf486ddf1d20592290a1040f7b7a1259705d42"
],
"index": "pypi",
- "version": "==5.1.1"
+ "version": "==5.1.2"
},
"certifi": {
"hashes": [
@@ -948,10 +948,30 @@
},
"pyrsistent": {
"hashes": [
- "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e"
+ "sha256:097b96f129dd36a8c9e33594e7ebb151b1515eb52cceb08474c10a5479e799f2",
+ "sha256:2aaf19dc8ce517a8653746d98e962ef480ff34b6bc563fc067be6401ffb457c7",
+ "sha256:404e1f1d254d314d55adb8d87f4f465c8693d6f902f67eb6ef5b4526dc58e6ea",
+ "sha256:48578680353f41dca1ca3dc48629fb77dfc745128b56fc01096b2530c13fd426",
+ "sha256:4916c10896721e472ee12c95cdc2891ce5890898d2f9907b1b4ae0f53588b710",
+ "sha256:527be2bfa8dc80f6f8ddd65242ba476a6c4fb4e3aedbf281dfbac1b1ed4165b1",
+ "sha256:58a70d93fb79dc585b21f9d72487b929a6fe58da0754fa4cb9f279bb92369396",
+ "sha256:5e4395bbf841693eaebaa5bb5c8f5cdbb1d139e07c975c682ec4e4f8126e03d2",
+ "sha256:6b5eed00e597b5b5773b4ca30bd48a5774ef1e96f2a45d105db5b4ebb4bca680",
+ "sha256:73ff61b1411e3fb0ba144b8f08d6749749775fe89688093e1efef9839d2dcc35",
+ "sha256:772e94c2c6864f2cd2ffbe58bb3bdefbe2a32afa0acb1a77e472aac831f83427",
+ "sha256:773c781216f8c2900b42a7b638d5b517bb134ae1acbebe4d1e8f1f41ea60eb4b",
+ "sha256:a0c772d791c38bbc77be659af29bb14c38ced151433592e326361610250c605b",
+ "sha256:b29b869cf58412ca5738d23691e96d8aff535e17390128a1a52717c9a109da4f",
+ "sha256:c1a9ff320fa699337e05edcaae79ef8c2880b52720bc031b219e5b5008ebbdef",
+ "sha256:cd3caef37a415fd0dae6148a1b6957a8c5f275a62cca02e18474608cb263640c",
+ "sha256:d5ec194c9c573aafaceebf05fc400656722793dac57f254cd4741f3c27ae57b4",
+ "sha256:da6e5e818d18459fa46fac0a4a4e543507fe1110e808101277c5a2b5bab0cd2d",
+ "sha256:e79d94ca58fcafef6395f6352383fa1a76922268fa02caa2272fff501c2fdc78",
+ "sha256:f3ef98d7b76da5eb19c37fda834d50262ff9167c65658d1d8f974d2e4d90676b",
+ "sha256:f4c8cabb46ff8e5d61f56a037974228e978f26bfefce4f61a4b1ac0ba7a2ab72"
],
- "markers": "python_version >= '3.5'",
- "version": "==0.17.3"
+ "markers": "python_version >= '3.6'",
+ "version": "==0.18.0"
},
"python-dateutil": {
"hashes": [
@@ -1167,11 +1187,11 @@
"secure"
],
"hashes": [
- "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c",
- "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098"
+ "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4",
+ "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f"
],
"index": "pypi",
- "version": "==1.26.5"
+ "version": "==1.26.6"
},
"uvicorn": {
"extras": [
@@ -1565,7 +1585,7 @@
"sha256:83510593e07e433b77bd5bff0f6f607dbafa06d1a89022616f02d8b699cfcd56",
"sha256:8e2c107091cfec7286bc0f68a547d0ba4c094d460b732075b6fba674f1035c0c"
],
- "markers": "python_version < '4.0' and python_full_version >= '3.6.1'",
+ "markers": "python_version < '4' and python_full_version >= '3.6.1'",
"version": "==5.9.1"
},
"lazy-object-proxy": {
@@ -1838,11 +1858,11 @@
"secure"
],
"hashes": [
- "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c",
- "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098"
+ "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4",
+ "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f"
],
"index": "pypi",
- "version": "==1.26.5"
+ "version": "==1.26.6"
},
"wrapt": {
"hashes": [
diff --git a/authentik/api/authentication.py b/authentik/api/authentication.py
index 1d38fc9e5..ee423bf59 100644
--- a/authentik/api/authentication.py
+++ b/authentik/api/authentication.py
@@ -19,7 +19,7 @@ def token_from_header(raw_header: bytes) -> Optional[Token]:
auth_credentials = raw_header.decode()
if auth_credentials == "" or " " not in auth_credentials:
return None
- auth_type, auth_credentials = auth_credentials.split()
+ auth_type, _, auth_credentials = auth_credentials.partition(" ")
if auth_type.lower() not in ["basic", "bearer"]:
LOGGER.debug("Unsupported authentication type, denying", type=auth_type.lower())
raise AuthenticationFailed("Unsupported authentication type")
diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py
index 173064822..399f24933 100644
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@@ -213,7 +213,7 @@ class SourceFlowManager:
planner = FlowPlanner(flow)
plan = planner.plan(self.request, kwargs)
for stage in self.get_stages_to_append(flow):
- plan.append(stage)
+ plan.append_stage(stage=stage)
self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
diff --git a/authentik/core/templates/if/flow.html b/authentik/core/templates/if/flow.html
index b1435d2f6..8b1a381a7 100644
--- a/authentik/core/templates/if/flow.html
+++ b/authentik/core/templates/if/flow.html
@@ -13,7 +13,7 @@
{% endblock %}
diff --git a/authentik/core/templates/login/base_full.html b/authentik/core/templates/login/base_full.html
index 8750fb341..cfeecb855 100644
--- a/authentik/core/templates/login/base_full.html
+++ b/authentik/core/templates/login/base_full.html
@@ -10,7 +10,7 @@
{% block head %}
{% endblock %}
diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py
index 10069999e..570559a42 100644
--- a/authentik/events/api/event.py
+++ b/authentik/events/api/event.py
@@ -6,11 +6,11 @@ from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, extend_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action
-from rest_framework.fields import CharField, DictField, IntegerField
+from rest_framework.fields import DictField, IntegerField
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer
-from rest_framework.viewsets import ReadOnlyModelViewSet
+from rest_framework.viewsets import ModelViewSet
from authentik.core.api.utils import PassiveSerializer, TypeCreateSerializer
from authentik.events.models import Event, EventAction
@@ -19,11 +19,6 @@ from authentik.events.models import Event, EventAction
class EventSerializer(ModelSerializer):
"""Event Serializer"""
- # Since we only use this serializer for read-only operations,
- # no checking of the action is done here.
- # This allows clients to check wildcards, prefixes and custom types
- action = CharField()
-
class Meta:
model = Event
@@ -96,7 +91,7 @@ class EventsFilter(django_filters.FilterSet):
fields = ["action", "client_ip", "username"]
-class EventViewSet(ReadOnlyModelViewSet):
+class EventViewSet(ModelViewSet):
"""Event Read-Only Viewset"""
queryset = Event.objects.all()
diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py
index 684121171..1543fb8ef 100644
--- a/authentik/events/middleware.py
+++ b/authentik/events/middleware.py
@@ -13,6 +13,7 @@ from authentik.core.models import User
from authentik.events.models import Event, EventAction, Notification
from authentik.events.signals import EventNewThread
from authentik.events.utils import model_to_dict
+from authentik.lib.sentry import before_send
from authentik.lib.utils.errors import exception_to_string
@@ -62,12 +63,13 @@ class AuditMiddleware:
if settings.DEBUG:
return
- thread = EventNewThread(
- EventAction.SYSTEM_EXCEPTION,
- request,
- message=exception_to_string(exception),
- )
- thread.run()
+ if before_send({}, {"exc_info": (None, exception, None)}) is not None:
+ thread = EventNewThread(
+ EventAction.SYSTEM_EXCEPTION,
+ request,
+ message=exception_to_string(exception),
+ )
+ thread.run()
@staticmethod
# pylint: disable=unused-argument
diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py
index 6ce94fa90..8ab4f8662 100644
--- a/authentik/events/tasks.py
+++ b/authentik/events/tasks.py
@@ -105,7 +105,11 @@ def notification_transport(
"""Send notification over specified transport"""
self.save_on_success = False
try:
- notification: Notification = Notification.objects.get(pk=notification_pk)
+ notification: Notification = Notification.objects.filter(
+ pk=notification_pk
+ ).first()
+ if not notification:
+ return
transport: NotificationTransport = NotificationTransport.objects.get(
pk=transport_pk
)
diff --git a/authentik/flows/api/bindings.py b/authentik/flows/api/bindings.py
index 74b97ca99..13fd04887 100644
--- a/authentik/flows/api/bindings.py
+++ b/authentik/flows/api/bindings.py
@@ -25,6 +25,7 @@ class FlowStageBindingSerializer(ModelSerializer):
"re_evaluate_policies",
"order",
"policy_engine_mode",
+ "invalid_response_action",
]
diff --git a/authentik/flows/markers.py b/authentik/flows/markers.py
index 1d710cd4f..e545cf89b 100644
--- a/authentik/flows/markers.py
+++ b/authentik/flows/markers.py
@@ -5,8 +5,7 @@ from typing import TYPE_CHECKING, Optional
from django.http.request import HttpRequest
from structlog.stdlib import get_logger
-from authentik.core.models import User
-from authentik.flows.models import Stage
+from authentik.flows.models import FlowStageBinding
from authentik.policies.engine import PolicyEngine
from authentik.policies.models import PolicyBinding
@@ -22,11 +21,14 @@ class StageMarker:
# pylint: disable=unused-argument
def process(
- self, plan: "FlowPlan", stage: Stage, http_request: Optional[HttpRequest]
- ) -> Optional[Stage]:
+ self,
+ plan: "FlowPlan",
+ binding: FlowStageBinding,
+ http_request: HttpRequest,
+ ) -> Optional[FlowStageBinding]:
"""Process callback for this marker. This should be overridden by sub-classes.
If a stage should be removed, return None."""
- return stage
+ return binding
@dataclass
@@ -34,24 +36,34 @@ class ReevaluateMarker(StageMarker):
"""Reevaluate Marker, forces stage's policies to be evaluated again."""
binding: PolicyBinding
- user: User
def process(
- self, plan: "FlowPlan", stage: Stage, http_request: Optional[HttpRequest]
- ) -> Optional[Stage]:
+ self,
+ plan: "FlowPlan",
+ binding: FlowStageBinding,
+ http_request: HttpRequest,
+ ) -> Optional[FlowStageBinding]:
"""Re-evaluate policies bound to stage, and if they fail, remove from plan"""
- engine = PolicyEngine(self.binding, self.user)
+ from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
+
+ LOGGER.debug(
+ "f(plan_inst)[re-eval marker]: running re-evaluation",
+ binding=binding,
+ policy_binding=self.binding,
+ )
+ engine = PolicyEngine(
+ self.binding, plan.context.get(PLAN_CONTEXT_PENDING_USER, http_request.user)
+ )
engine.use_cache = False
- if http_request:
- engine.request.set_http_request(http_request)
+ engine.request.set_http_request(http_request)
engine.request.context = plan.context
engine.build()
result = engine.result
if result.passing:
- return stage
+ return binding
LOGGER.warning(
- "f(plan_inst)[re-eval marker]: stage failed re-evaluation",
- stage=stage,
+ "f(plan_inst)[re-eval marker]: binding failed re-evaluation",
+ binding=binding,
messages=result.messages,
)
return None
diff --git a/authentik/flows/migrations/0018_oob_flows.py b/authentik/flows/migrations/0018_oob_flows.py
index c6caee84b..9058dccd4 100644
--- a/authentik/flows/migrations/0018_oob_flows.py
+++ b/authentik/flows/migrations/0018_oob_flows.py
@@ -135,7 +135,7 @@ class Migration(migrations.Migration):
dependencies = [
("authentik_flows", "0017_auto_20210329_1334"),
- ("authentik_stages_user_write", "__latest__"),
+ ("authentik_stages_user_write", "0002_auto_20200918_1653"),
("authentik_stages_user_login", "__latest__"),
("authentik_stages_password", "0002_passwordstage_change_flow"),
("authentik_policies", "0001_initial"),
diff --git a/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py b/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py
new file mode 100644
index 000000000..1c0add77f
--- /dev/null
+++ b/authentik/flows/migrations/0021_flowstagebinding_invalid_response_action.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.2.4 on 2021-06-27 16:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("authentik_flows", "0020_flow_compatibility_mode"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="flowstagebinding",
+ name="invalid_response_action",
+ field=models.TextField(
+ choices=[("retry", "Retry"), ("continue", "Continue")],
+ default="retry",
+ help_text="Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor while CONTINUE continues with the next stage.",
+ ),
+ ),
+ ]
diff --git a/authentik/flows/models.py b/authentik/flows/models.py
index 6e9663882..df713dba2 100644
--- a/authentik/flows/models.py
+++ b/authentik/flows/models.py
@@ -27,6 +27,14 @@ class NotConfiguredAction(models.TextChoices):
CONFIGURE = "configure"
+class InvalidResponseAction(models.TextChoices):
+ """Configure how the flow executor should handle invalid responses to challenges"""
+
+ RETRY = "retry"
+ RESTART = "restart"
+ RESTART_WITH_CONTEXT = "restart_with_context"
+
+
class FlowDesignation(models.TextChoices):
"""Designation of what a Flow should be used for. At a later point, this
should be replaced by a database entry."""
@@ -201,6 +209,17 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel):
help_text=_("Evaluate policies when the Stage is present to the user."),
)
+ invalid_response_action = models.TextField(
+ choices=InvalidResponseAction.choices,
+ default=InvalidResponseAction.RETRY,
+ help_text=_(
+ "Configure how the flow executor should handle an invalid response to a "
+ "challenge. RETRY returns the error message and a similar challenge to the "
+ "executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT "
+ "restarts the flow while keeping the current context."
+ ),
+ )
+
order = models.IntegerField()
objects = InheritanceManager()
diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py
index 9edb719fa..ed1373601 100644
--- a/authentik/flows/planner.py
+++ b/authentik/flows/planner.py
@@ -52,33 +52,41 @@ class FlowPlan:
flow_pk: str
- stages: list[Stage] = field(default_factory=list)
+ bindings: list[FlowStageBinding] = field(default_factory=list)
context: dict[str, Any] = field(default_factory=dict)
markers: list[StageMarker] = field(default_factory=list)
- def append(self, stage: Stage, marker: Optional[StageMarker] = None):
+ def append_stage(self, stage: Stage, marker: Optional[StageMarker] = None):
"""Append `stage` to all stages, optionall with stage marker"""
- self.stages.append(stage)
+ return self.append(FlowStageBinding(stage=stage), marker)
+
+ def append(self, binding: FlowStageBinding, marker: Optional[StageMarker] = None):
+ """Append `stage` to all stages, optionall with stage marker"""
+ self.bindings.append(binding)
self.markers.append(marker or StageMarker())
- def insert(self, stage: Stage, marker: Optional[StageMarker] = None):
+ def insert_stage(self, stage: Stage, marker: Optional[StageMarker] = None):
"""Insert stage into plan, as immediate next stage"""
- self.stages.insert(1, stage)
+ self.bindings.insert(1, FlowStageBinding(stage=stage, order=0))
self.markers.insert(1, marker or StageMarker())
- def next(self, http_request: Optional[HttpRequest]) -> Optional[Stage]:
+ def next(self, http_request: Optional[HttpRequest]) -> Optional[FlowStageBinding]:
"""Return next pending stage from the bottom of the list"""
if not self.has_stages:
return None
- stage = self.stages[0]
+ binding = self.bindings[0]
marker = self.markers[0]
if marker.__class__ is not StageMarker:
- LOGGER.debug("f(plan_inst): stage has marker", stage=stage, marker=marker)
- marked_stage = marker.process(self, stage, http_request)
+ LOGGER.debug(
+ "f(plan_inst): stage has marker", binding=binding, marker=marker
+ )
+ marked_stage = marker.process(self, binding, http_request)
if not marked_stage:
- LOGGER.debug("f(plan_inst): marker returned none, next stage", stage=stage)
- self.stages.remove(stage)
+ LOGGER.debug(
+ "f(plan_inst): marker returned none, next stage", binding=binding
+ )
+ self.bindings.remove(binding)
self.markers.remove(marker)
if not self.has_stages:
return None
@@ -89,12 +97,12 @@ class FlowPlan:
def pop(self):
"""Pop next pending stage from bottom of list"""
self.markers.pop(0)
- self.stages.pop(0)
+ self.bindings.pop(0)
@property
def has_stages(self) -> bool:
"""Check if there are any stages left in this plan"""
- return len(self.markers) + len(self.stages) > 0
+ return len(self.markers) + len(self.bindings) > 0
class FlowPlanner:
@@ -161,7 +169,7 @@ class FlowPlanner:
plan = self._build_plan(user, request, default_context)
cache.set(cache_key(self.flow, user), plan, CACHE_TIMEOUT)
GAUGE_FLOWS_CACHED.update()
- if not plan.stages and not self.allow_empty_flows:
+ if not plan.bindings and not self.allow_empty_flows:
raise EmptyFlowException()
return plan
@@ -216,9 +224,9 @@ class FlowPlanner:
"f(plan): stage has re-evaluate marker",
stage=binding.stage,
)
- marker = ReevaluateMarker(binding=binding, user=user)
+ marker = ReevaluateMarker(binding=binding)
if stage:
- plan.append(stage, marker)
+ plan.append(binding, marker)
HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug)
self._logger.debug(
"f(plan): finished building",
diff --git a/authentik/flows/stage.py b/authentik/flows/stage.py
index 8502a42c6..93461ce42 100644
--- a/authentik/flows/stage.py
+++ b/authentik/flows/stage.py
@@ -16,6 +16,7 @@ from authentik.flows.challenge import (
HttpChallengeResponse,
WithUserInfoChallenge,
)
+from authentik.flows.models import InvalidResponseAction
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
from authentik.flows.views import FlowExecutorView
@@ -69,7 +70,13 @@ class ChallengeStageView(StageView):
"""Return a challenge for the frontend to solve"""
challenge = self._get_challenge(*args, **kwargs)
if not challenge.is_valid():
- LOGGER.warning(challenge.errors, stage_view=self, challenge=challenge)
+ LOGGER.warning(
+ "f(ch): Invalid challenge",
+ binding=self.executor.current_binding,
+ errors=challenge.errors,
+ stage_view=self,
+ challenge=challenge,
+ )
return HttpChallengeResponse(challenge)
# pylint: disable=unused-argument
@@ -77,6 +84,21 @@ class ChallengeStageView(StageView):
"""Handle challenge response"""
challenge: ChallengeResponse = self.get_response_instance(data=request.data)
if not challenge.is_valid():
+ if self.executor.current_binding.invalid_response_action in [
+ InvalidResponseAction.RESTART,
+ InvalidResponseAction.RESTART_WITH_CONTEXT,
+ ]:
+ keep_context = (
+ self.executor.current_binding.invalid_response_action
+ == InvalidResponseAction.RESTART_WITH_CONTEXT
+ )
+ LOGGER.debug(
+ "f(ch): Invalid response, restarting flow",
+ binding=self.executor.current_binding,
+ stage_view=self,
+ keep_context=keep_context,
+ )
+ return self.executor.restart_flow(keep_context)
return self.challenge_invalid(challenge)
return self.challenge_valid(challenge)
@@ -126,5 +148,10 @@ class ChallengeStageView(StageView):
)
challenge_response.initial_data["response_errors"] = full_errors
if not challenge_response.is_valid():
- LOGGER.warning(challenge_response.errors)
+ LOGGER.warning(
+ "f(ch): invalid challenge response",
+ binding=self.executor.current_binding,
+ errors=challenge_response.errors,
+ stage_view=self,
+ )
return HttpChallengeResponse(challenge_response)
diff --git a/authentik/flows/tests/test_planner.py b/authentik/flows/tests/test_planner.py
index 9eb60a112..8e185da58 100644
--- a/authentik/flows/tests/test_planner.py
+++ b/authentik/flows/tests/test_planner.py
@@ -182,8 +182,8 @@ class TestFlowPlanner(TestCase):
planner = FlowPlanner(flow)
plan = planner.plan(request)
- self.assertEqual(plan.stages[0], binding.stage)
- self.assertEqual(plan.stages[1], binding2.stage)
+ self.assertEqual(plan.bindings[0], binding)
+ self.assertEqual(plan.bindings[1], binding2)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], ReevaluateMarker)
diff --git a/authentik/flows/tests/test_views.py b/authentik/flows/tests/test_views.py
index fee5ff259..3ccf58f0d 100644
--- a/authentik/flows/tests/test_views.py
+++ b/authentik/flows/tests/test_views.py
@@ -11,15 +11,23 @@ from authentik.core.models import User
from authentik.flows.challenge import ChallengeTypes
from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.markers import ReevaluateMarker, StageMarker
-from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
+from authentik.flows.models import (
+ Flow,
+ FlowDesignation,
+ FlowStageBinding,
+ InvalidResponseAction,
+)
from authentik.flows.planner import FlowPlan, FlowPlanner
from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, StageView
from authentik.flows.views import NEXT_ARG_NAME, SESSION_KEY_PLAN, FlowExecutorView
from authentik.lib.config import CONFIG
from authentik.policies.dummy.models import DummyPolicy
from authentik.policies.models import PolicyBinding
+from authentik.policies.reputation.models import ReputationPolicy
from authentik.policies.types import PolicyResult
+from authentik.stages.deny.models import DenyStage
from authentik.stages.dummy.models import DummyStage
+from authentik.stages.identification.models import IdentificationStage, UserFields
POLICY_RETURN_FALSE = PropertyMock(return_value=PolicyResult(False))
POLICY_RETURN_TRUE = MagicMock(return_value=PolicyResult(True))
@@ -52,8 +60,9 @@ class TestFlowExecutor(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
stage = DummyStage.objects.create(name="dummy")
+ binding = FlowStageBinding(target=flow, stage=stage, order=0)
plan = FlowPlan(
- flow_pk=flow.pk.hex + "a", stages=[stage], markers=[StageMarker()]
+ flow_pk=flow.pk.hex + "a", bindings=[binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -163,7 +172,7 @@ class TestFlowExecutor(TestCase):
# Check that two stages are in plan
session = self.client.session
plan: FlowPlan = session[SESSION_KEY_PLAN]
- self.assertEqual(len(plan.stages), 2)
+ self.assertEqual(len(plan.bindings), 2)
# Second request, submit form, one stage left
response = self.client.post(exec_url)
# Second request redirects to the same URL
@@ -172,7 +181,7 @@ class TestFlowExecutor(TestCase):
# Check that two stages are in plan
session = self.client.session
plan: FlowPlan = session[SESSION_KEY_PLAN]
- self.assertEqual(len(plan.stages), 1)
+ self.assertEqual(len(plan.bindings), 1)
@patch(
"authentik.flows.views.to_stage_response",
@@ -213,8 +222,8 @@ class TestFlowExecutor(TestCase):
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding.stage)
- self.assertEqual(plan.stages[1], binding2.stage)
+ self.assertEqual(plan.bindings[0], binding)
+ self.assertEqual(plan.bindings[1], binding2)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], ReevaluateMarker)
@@ -267,9 +276,9 @@ class TestFlowExecutor(TestCase):
self.assertEqual(response.status_code, 200)
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding.stage)
- self.assertEqual(plan.stages[1], binding2.stage)
- self.assertEqual(plan.stages[2], binding3.stage)
+ self.assertEqual(plan.bindings[0], binding)
+ self.assertEqual(plan.bindings[1], binding2)
+ self.assertEqual(plan.bindings[2], binding3)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], ReevaluateMarker)
@@ -281,8 +290,8 @@ class TestFlowExecutor(TestCase):
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding2.stage)
- self.assertEqual(plan.stages[1], binding3.stage)
+ self.assertEqual(plan.bindings[0], binding2)
+ self.assertEqual(plan.bindings[1], binding3)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], StageMarker)
@@ -338,9 +347,9 @@ class TestFlowExecutor(TestCase):
self.assertEqual(response.status_code, 200)
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding.stage)
- self.assertEqual(plan.stages[1], binding2.stage)
- self.assertEqual(plan.stages[2], binding3.stage)
+ self.assertEqual(plan.bindings[0], binding)
+ self.assertEqual(plan.bindings[1], binding2)
+ self.assertEqual(plan.bindings[2], binding3)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], ReevaluateMarker)
@@ -352,8 +361,8 @@ class TestFlowExecutor(TestCase):
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding2.stage)
- self.assertEqual(plan.stages[1], binding3.stage)
+ self.assertEqual(plan.bindings[0], binding2)
+ self.assertEqual(plan.bindings[1], binding3)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], StageMarker)
@@ -364,7 +373,7 @@ class TestFlowExecutor(TestCase):
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding3.stage)
+ self.assertEqual(plan.bindings[0], binding3)
self.assertIsInstance(plan.markers[0], StageMarker)
@@ -438,10 +447,10 @@ class TestFlowExecutor(TestCase):
plan: FlowPlan = self.client.session[SESSION_KEY_PLAN]
- self.assertEqual(plan.stages[0], binding.stage)
- self.assertEqual(plan.stages[1], binding2.stage)
- self.assertEqual(plan.stages[2], binding3.stage)
- self.assertEqual(plan.stages[3], binding4.stage)
+ self.assertEqual(plan.bindings[0], binding)
+ self.assertEqual(plan.bindings[1], binding2)
+ self.assertEqual(plan.bindings[2], binding3)
+ self.assertEqual(plan.bindings[3], binding4)
self.assertIsInstance(plan.markers[0], StageMarker)
self.assertIsInstance(plan.markers[1], ReevaluateMarker)
@@ -512,3 +521,78 @@ class TestFlowExecutor(TestCase):
stage_view = StageView(executor)
self.assertEqual(ident, stage_view.get_pending_user(for_display=True).username)
+
+ def test_invalid_restart(self):
+ """Test flow that restarts on invalid entry"""
+ flow = Flow.objects.create(
+ name="restart-on-invalid",
+ slug="restart-on-invalid",
+ designation=FlowDesignation.AUTHENTICATION,
+ )
+ # Stage 0 is a deny stage that is added dynamically
+ # when the reputation policy says so
+ deny_stage = DenyStage.objects.create(name="deny")
+ reputation_policy = ReputationPolicy.objects.create(
+ name="reputation", threshold=-1, check_ip=False
+ )
+ deny_binding = FlowStageBinding.objects.create(
+ target=flow,
+ stage=deny_stage,
+ order=0,
+ evaluate_on_plan=False,
+ re_evaluate_policies=True,
+ )
+ PolicyBinding.objects.create(
+ policy=reputation_policy, target=deny_binding, order=0
+ )
+
+ # Stage 1 is an identification stage
+ ident_stage = IdentificationStage.objects.create(
+ name="ident",
+ user_fields=[UserFields.E_MAIL],
+ )
+ FlowStageBinding.objects.create(
+ target=flow,
+ stage=ident_stage,
+ order=1,
+ invalid_response_action=InvalidResponseAction.RESTART_WITH_CONTEXT,
+ )
+ exec_url = reverse(
+ "authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}
+ )
+ # First request, run the planner
+ response = self.client.get(exec_url)
+ self.assertEqual(response.status_code, 200)
+ self.assertJSONEqual(
+ force_str(response.content),
+ {
+ "type": ChallengeTypes.NATIVE.value,
+ "component": "ak-stage-identification",
+ "flow_info": {
+ "background": flow.background_url,
+ "cancel_url": reverse("authentik_flows:cancel"),
+ "title": "",
+ },
+ "password_fields": False,
+ "primary_action": "Log in",
+ "sources": [],
+ "user_fields": [UserFields.E_MAIL],
+ },
+ )
+ response = self.client.post(
+ exec_url, {"uid_field": "invalid-string"}, follow=True
+ )
+ self.assertEqual(response.status_code, 200)
+ self.assertJSONEqual(
+ force_str(response.content),
+ {
+ "component": "ak-stage-access-denied",
+ "error_message": None,
+ "flow_info": {
+ "background": flow.background_url,
+ "cancel_url": reverse("authentik_flows:cancel"),
+ "title": "",
+ },
+ "type": ChallengeTypes.NATIVE.value,
+ },
+ )
diff --git a/authentik/flows/views.py b/authentik/flows/views.py
index 499338d97..39c9a1662 100644
--- a/authentik/flows/views.py
+++ b/authentik/flows/views.py
@@ -4,6 +4,7 @@ from typing import Any, Optional
from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin
+from django.core.cache import cache
from django.http import Http404, HttpRequest, HttpResponse, HttpResponseRedirect
from django.http.request import QueryDict
from django.shortcuts import get_object_or_404, redirect
@@ -37,7 +38,13 @@ from authentik.flows.challenge import (
WithUserInfoChallenge,
)
from authentik.flows.exceptions import EmptyFlowException, FlowNonApplicableException
-from authentik.flows.models import ConfigurableStage, Flow, FlowDesignation, Stage
+from authentik.flows.models import (
+ ConfigurableStage,
+ Flow,
+ FlowDesignation,
+ FlowStageBinding,
+ Stage,
+)
from authentik.flows.planner import (
PLAN_CONTEXT_PENDING_USER,
PLAN_CONTEXT_REDIRECT,
@@ -107,6 +114,7 @@ class FlowExecutorView(APIView):
flow: Flow
plan: Optional[FlowPlan] = None
+ current_binding: FlowStageBinding
current_stage: Stage
current_stage_view: View
@@ -159,11 +167,12 @@ class FlowExecutorView(APIView):
request.session[SESSION_KEY_GET] = QueryDict(request.GET.get("query", ""))
# We don't save the Plan after getting the next stage
# as it hasn't been successfully passed yet
- next_stage = self.plan.next(self.request)
- if not next_stage:
+ next_binding = self.plan.next(self.request)
+ if not next_binding:
self._logger.debug("f(exec): no more stages, flow is done.")
return self._flow_done()
- self.current_stage = next_stage
+ self.current_binding = next_binding
+ self.current_stage = next_binding.stage
self._logger.debug(
"f(exec): Current stage",
current_stage=self.current_stage,
@@ -268,8 +277,31 @@ class FlowExecutorView(APIView):
planner = FlowPlanner(self.flow)
plan = planner.plan(self.request)
self.request.session[SESSION_KEY_PLAN] = plan
+ try:
+ # Call the has_stages getter to check that
+ # there are no issues with the class we might've gotten
+ # from the cache. If there are errors, just delete all cached flows
+ _ = plan.has_stages
+ except Exception: # pylint: disable=broad-except
+ keys = cache.keys("flow_*")
+ cache.delete_many(keys)
+ return self._initiate_plan()
return plan
+ def restart_flow(self, keep_context=False) -> HttpResponse:
+ """Restart the currently active flow, optionally keeping the current context"""
+ planner = FlowPlanner(self.flow)
+ default_context = None
+ if keep_context:
+ default_context = self.plan.context
+ plan = planner.plan(self.request, default_context)
+ self.request.session[SESSION_KEY_PLAN] = plan
+ kwargs = self.kwargs
+ kwargs.update({"flow_slug": self.flow.slug})
+ return redirect_with_qs(
+ "authentik_api:flow-executor", self.request.GET, **kwargs
+ )
+
def _flow_done(self) -> HttpResponse:
"""User Successfully passed all stages"""
# Since this is wrapped by the ExecutorShell, the next argument is saved in the session
@@ -293,10 +325,10 @@ class FlowExecutorView(APIView):
)
self.plan.pop()
self.request.session[SESSION_KEY_PLAN] = self.plan
- if self.plan.stages:
+ if self.plan.bindings:
self._logger.debug(
"f(exec): Continuing with next stage",
- remaining=len(self.plan.stages),
+ remaining=len(self.plan.bindings),
)
kwargs = self.kwargs
kwargs.update({"flow_slug": self.flow.slug})
diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py
index c85276471..aa7a6781e 100644
--- a/authentik/outposts/controllers/docker.py
+++ b/authentik/outposts/controllers/docker.py
@@ -53,6 +53,27 @@ class DockerController(BaseController):
return True
return False
+ def _comp_ports(self, container: Container) -> bool:
+ """Check that the container has the correct ports exposed. Return true if container needs
+ to be rebuilt."""
+ # with TEST enabled, we use host-network
+ if settings.TEST:
+ return False
+ # When the container isn't running, the API doesn't report any port mappings
+ if container.status != "running":
+ return False
+ # {'6379/tcp': [{'HostIp': '127.0.0.1', 'HostPort': '6379'}]}
+ for port in self.deployment_ports:
+ key = f"{port.inner_port or port.port}/{port.protocol.lower()}"
+ if key not in container.ports:
+ return True
+ host_matching = False
+ for host_port in container.ports[key]:
+ host_matching = host_port.get("HostPort") == port.port
+ if not host_matching:
+ return True
+ return False
+
def _get_container(self) -> tuple[Container, bool]:
container_name = f"authentik-proxy-{self.outpost.uuid.hex}"
try:
@@ -98,6 +119,11 @@ class DockerController(BaseController):
)
self.down()
return self.up()
+ # Check container's ports
+ if self._comp_ports(container):
+ self.logger.info("Container has mis-matched ports, re-creating...")
+ self.down()
+ return self.up()
# Check that container values match our values
if self._comp_env(container):
self.logger.info("Container has outdated config, re-creating...")
diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py
index ff80960a7..ba21fdbc3 100644
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@@ -406,7 +406,10 @@ class Outpost(ManagedModel):
def get_required_objects(self) -> Iterable[Union[models.Model, str]]:
"""Get an iterator of all objects the user needs read access to"""
- objects: list[Union[models.Model, str]] = [self]
+ objects: list[Union[models.Model, str]] = [
+ self,
+ "authentik_events.add_event",
+ ]
for provider in (
Provider.objects.filter(outpost=self).select_related().select_subclasses()
):
diff --git a/authentik/policies/reputation/models.py b/authentik/policies/reputation/models.py
index 305a33832..5a52241e2 100644
--- a/authentik/policies/reputation/models.py
+++ b/authentik/policies/reputation/models.py
@@ -33,21 +33,21 @@ class ReputationPolicy(Policy):
def passes(self, request: PolicyRequest) -> PolicyResult:
remote_ip = get_client_ip(request.http_request)
- passing = True
+ passing = False
if self.check_ip:
score = cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0)
- passing = passing and score <= self.threshold
+ passing += passing or score <= self.threshold
LOGGER.debug("Score for IP", ip=remote_ip, score=score, passing=passing)
if self.check_username:
score = cache.get_or_set(CACHE_KEY_USER_PREFIX + request.user.username, 0)
- passing = passing and score <= self.threshold
+ passing += passing or score <= self.threshold
LOGGER.debug(
"Score for Username",
username=request.user.username,
score=score,
passing=passing,
)
- return PolicyResult(passing)
+ return PolicyResult(bool(passing))
class Meta:
diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py
index a9b82bf84..5ee94bfe2 100644
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@@ -474,7 +474,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
now = int(time.time())
iat_time = now
exp_time = int(
- now + timedelta_from_string(self.provider.token_validity).seconds
+ now + timedelta_from_string(self.provider.token_validity).total_seconds()
)
# We use the timestamp of the user's last successful login (EventAction.LOGIN) for auth_time
auth_events = Event.objects.filter(
diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py
index 5319ce40d..635c7d307 100644
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@@ -374,9 +374,9 @@ class OAuthFulfillmentStage(StageView):
query_fragment["code"] = code.code
query_fragment["token_type"] = "bearer"
- query_fragment["expires_in"] = timedelta_from_string(
- self.provider.token_validity
- ).seconds
+ query_fragment["expires_in"] = int(
+ timedelta_from_string(self.provider.token_validity).total_seconds()
+ )
query_fragment["state"] = self.params.state if self.params.state else ""
return query_fragment
@@ -468,14 +468,14 @@ class AuthorizationFlowInitView(PolicyAccessView):
# OpenID clients can specify a `prompt` parameter, and if its set to consent we
# need to inject a consent stage
if PROMPT_CONSNET in self.params.prompt:
- if not any(isinstance(x, ConsentStageView) for x in plan.stages):
+ if not any(isinstance(x.stage, ConsentStageView) for x in plan.bindings):
# Plan does not have any consent stage, so we add an in-memory one
stage = ConsentStage(
name="OAuth2 Provider In-memory consent stage",
mode=ConsentMode.ALWAYS_REQUIRE,
)
- plan.append(stage)
- plan.append(in_memory_stage(OAuthFulfillmentStage))
+ plan.append_stage(stage)
+ plan.append_stage(in_memory_stage(OAuthFulfillmentStage))
self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index c0d85a345..7c78eed16 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -215,9 +215,11 @@ class TokenView(View):
"access_token": refresh_token.access_token,
"refresh_token": refresh_token.refresh_token,
"token_type": "bearer",
- "expires_in": timedelta_from_string(
- self.params.provider.token_validity
- ).seconds,
+ "expires_in": int(
+ timedelta_from_string(
+ self.params.provider.token_validity
+ ).total_seconds()
+ ),
"id_token": refresh_token.provider.encode(refresh_token.id_token.to_dict()),
}
@@ -258,9 +260,11 @@ class TokenView(View):
"access_token": refresh_token.access_token,
"refresh_token": refresh_token.refresh_token,
"token_type": "bearer",
- "expires_in": timedelta_from_string(
- refresh_token.provider.token_validity
- ).seconds,
+ "expires_in": int(
+ timedelta_from_string(
+ refresh_token.provider.token_validity
+ ).total_seconds()
+ ),
"id_token": self.params.provider.encode(refresh_token.id_token.to_dict()),
}
diff --git a/authentik/providers/saml/views/sso.py b/authentik/providers/saml/views/sso.py
index 4eb76af68..732d582aa 100644
--- a/authentik/providers/saml/views/sso.py
+++ b/authentik/providers/saml/views/sso.py
@@ -79,7 +79,7 @@ class SAMLSSOView(PolicyAccessView):
PLAN_CONTEXT_CONSENT_PERMISSIONS: [],
},
)
- plan.append(in_memory_stage(SAMLFlowFinalView))
+ plan.append_stage(in_memory_stage(SAMLFlowFinalView))
request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index f832299e8..d9977031c 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -153,6 +153,7 @@ SPECTACULAR_SETTINGS = {
"url": "https://github.com/goauthentik/authentik/blob/master/LICENSE",
},
"ENUM_NAME_OVERRIDES": {
+ "EventActions": "authentik.events.models.EventAction",
"ChallengeChoices": "authentik.flows.challenge.ChallengeTypes",
"FlowDesignationEnum": "authentik.flows.models.FlowDesignation",
"PolicyEngineMode": "authentik.policies.models.PolicyEngineMode",
diff --git a/authentik/sources/saml/views.py b/authentik/sources/saml/views.py
index 2685e3df4..d85496d3f 100644
--- a/authentik/sources/saml/views.py
+++ b/authentik/sources/saml/views.py
@@ -90,7 +90,7 @@ class InitiateView(View):
planner.allow_empty_flows = True
plan = planner.plan(self.request, kwargs)
for stage in stages_to_append:
- plan.append(stage)
+ plan.append_stage(stage)
self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
diff --git a/authentik/stages/authenticator_duo/stage.py b/authentik/stages/authenticator_duo/stage.py
index abca61479..96c5908c6 100644
--- a/authentik/stages/authenticator_duo/stage.py
+++ b/authentik/stages/authenticator_duo/stage.py
@@ -63,7 +63,7 @@ class AuthenticatorDuoStageView(ChallengeStageView):
"type": ChallengeTypes.NATIVE.value,
"activation_barcode": enroll["activation_barcode"],
"activation_code": enroll["activation_code"],
- "stage_uuid": stage.stage_uuid,
+ "stage_uuid": str(stage.stage_uuid),
}
)
diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py
index 6312bfbc4..719115512 100644
--- a/authentik/stages/authenticator_validate/stage.py
+++ b/authentik/stages/authenticator_validate/stage.py
@@ -148,7 +148,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
stage = Stage.objects.get_subclass(pk=stage.configuration_stage.pk)
# plan.insert inserts at 1 index, so when stage_ok pops 0,
# the configuration stage is next
- self.executor.plan.insert(stage)
+ self.executor.plan.insert_stage(stage)
return self.executor.stage_ok()
return super().get(request, *args, **kwargs)
diff --git a/authentik/stages/captcha/tests.py b/authentik/stages/captcha/tests.py
index 3579438e5..8c863e2ee 100644
--- a/authentik/stages/captcha/tests.py
+++ b/authentik/stages/captcha/tests.py
@@ -36,12 +36,14 @@ class TestCaptchaStage(TestCase):
public_key=RECAPTCHA_PUBLIC_KEY,
private_key=RECAPTCHA_PRIVATE_KEY,
)
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_valid(self):
"""Test valid captcha"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
diff --git a/authentik/stages/consent/tests.py b/authentik/stages/consent/tests.py
index d395af6a0..728b61649 100644
--- a/authentik/stages/consent/tests.py
+++ b/authentik/stages/consent/tests.py
@@ -39,9 +39,11 @@ class TestConsentStage(TestCase):
stage = ConsentStage.objects.create(
name="consent", mode=ConsentMode.ALWAYS_REQUIRE
)
- FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
+ binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
- plan = FlowPlan(flow_pk=flow.pk.hex, stages=[stage], markers=[StageMarker()])
+ plan = FlowPlan(
+ flow_pk=flow.pk.hex, bindings=[binding], markers=[StageMarker()]
+ )
session = self.client.session
session[SESSION_KEY_PLAN] = plan
session.save()
@@ -69,11 +71,11 @@ class TestConsentStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
stage = ConsentStage.objects.create(name="consent", mode=ConsentMode.PERMANENT)
- FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
+ binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
plan = FlowPlan(
flow_pk=flow.pk.hex,
- stages=[stage],
+ bindings=[binding],
markers=[StageMarker()],
context={PLAN_CONTEXT_APPLICATION: self.application},
)
@@ -110,11 +112,11 @@ class TestConsentStage(TestCase):
stage = ConsentStage.objects.create(
name="consent", mode=ConsentMode.EXPIRING, consent_expire_in="seconds=1"
)
- FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
+ binding = FlowStageBinding.objects.create(target=flow, stage=stage, order=2)
plan = FlowPlan(
flow_pk=flow.pk.hex,
- stages=[stage],
+ bindings=[binding],
markers=[StageMarker()],
context={PLAN_CONTEXT_APPLICATION: self.application},
)
diff --git a/authentik/stages/deny/tests.py b/authentik/stages/deny/tests.py
index 0df3d9bfd..9a15181ce 100644
--- a/authentik/stages/deny/tests.py
+++ b/authentik/stages/deny/tests.py
@@ -26,12 +26,14 @@ class TestUserDenyStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = DenyStage.objects.create(name="logout")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_valid_password(self):
"""Test with a valid pending user and backend"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
diff --git a/authentik/stages/email/tests/test_sending.py b/authentik/stages/email/tests/test_sending.py
index 9b12201f5..5467999b4 100644
--- a/authentik/stages/email/tests/test_sending.py
+++ b/authentik/stages/email/tests/test_sending.py
@@ -34,12 +34,14 @@ class TestEmailStageSending(TestCase):
self.stage = EmailStage.objects.create(
name="email",
)
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_pending_user(self):
"""Test with pending user"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -67,7 +69,7 @@ class TestEmailStageSending(TestCase):
def test_send_error(self):
"""Test error during sending (sending will be retried)"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
diff --git a/authentik/stages/email/tests/test_stage.py b/authentik/stages/email/tests/test_stage.py
index ae499b05b..541e21750 100644
--- a/authentik/stages/email/tests/test_stage.py
+++ b/authentik/stages/email/tests/test_stage.py
@@ -35,12 +35,14 @@ class TestEmailStage(TestCase):
self.stage = EmailStage.objects.create(
name="email",
)
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_rendering(self):
"""Test with pending user"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -56,7 +58,7 @@ class TestEmailStage(TestCase):
def test_without_user(self):
"""Test without pending user"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -71,7 +73,7 @@ class TestEmailStage(TestCase):
def test_pending_user(self):
"""Test with pending user"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -102,7 +104,7 @@ class TestEmailStage(TestCase):
# Make sure token exists
self.test_pending_user()
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py
index dc50b4624..88248e76c 100644
--- a/authentik/stages/identification/stage.py
+++ b/authentik/stages/identification/stage.py
@@ -85,6 +85,18 @@ class IdentificationChallengeResponse(ChallengeResponse):
identification_failed.send(
sender=self, request=self.stage.request, uid_field=uid_field
)
+ # We set the pending_user even on failure so it's part of the context, even
+ # when the input is invalid
+ # This is so its part of the current flow plan, and on flow restart can be kept, and
+ # policies can be applied.
+ self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
+ username=uid_field,
+ email=uid_field,
+ )
+ if not current_stage.show_matched_user:
+ self.stage.executor.plan.context[
+ PLAN_CONTEXT_PENDING_USER_IDENTIFIER
+ ] = uid_field
raise ValidationError("Failed to authenticate.")
self.pre_user = pre_user
if not current_stage.password_stage:
diff --git a/authentik/stages/invitation/tests.py b/authentik/stages/invitation/tests.py
index 509e5fcb8..72e9f93bf 100644
--- a/authentik/stages/invitation/tests.py
+++ b/authentik/stages/invitation/tests.py
@@ -35,7 +35,9 @@ class TestUserLoginStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = InvitationStage.objects.create(name="invitation")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
@patch(
"authentik.flows.views.to_stage_response",
@@ -44,7 +46,7 @@ class TestUserLoginStage(TestCase):
def test_without_invitation_fail(self):
"""Test without any invitation, continue_flow_without_invitation not set."""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO
@@ -75,7 +77,7 @@ class TestUserLoginStage(TestCase):
self.stage.continue_flow_without_invitation = True
self.stage.save()
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO
@@ -103,7 +105,7 @@ class TestUserLoginStage(TestCase):
def test_with_invitation_get(self):
"""Test with invitation, check data in session"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -143,7 +145,7 @@ class TestUserLoginStage(TestCase):
)
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PROMPT] = {INVITATION_TOKEN_KEY: invite.pk.hex}
session = self.client.session
diff --git a/authentik/stages/password/tests.py b/authentik/stages/password/tests.py
index 846360421..5a653451f 100644
--- a/authentik/stages/password/tests.py
+++ b/authentik/stages/password/tests.py
@@ -39,7 +39,9 @@ class TestPasswordStage(TestCase):
self.stage = PasswordStage.objects.create(
name="password", backends=[BACKEND_DJANGO]
)
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
@patch(
"authentik.flows.views.to_stage_response",
@@ -48,7 +50,7 @@ class TestPasswordStage(TestCase):
def test_without_user(self):
"""Test without user"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -84,7 +86,7 @@ class TestPasswordStage(TestCase):
)
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -101,7 +103,7 @@ class TestPasswordStage(TestCase):
def test_valid_password(self):
"""Test with a valid pending user and valid password"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -129,7 +131,7 @@ class TestPasswordStage(TestCase):
def test_invalid_password(self):
"""Test with a valid pending user and invalid password"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -148,7 +150,7 @@ class TestPasswordStage(TestCase):
def test_invalid_password_lockout(self):
"""Test with a valid pending user and invalid password (trigger logout counter)"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -189,7 +191,7 @@ class TestPasswordStage(TestCase):
"""Test with a valid pending user and valid password.
Backend is patched to return PermissionError"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
diff --git a/authentik/stages/prompt/stage.py b/authentik/stages/prompt/stage.py
index 960d2dac4..7479ca4a2 100644
--- a/authentik/stages/prompt/stage.py
+++ b/authentik/stages/prompt/stage.py
@@ -90,6 +90,14 @@ class PromptChallengeResponse(ChallengeResponse):
raise ValidationError(_("Passwords don't match."))
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
+ # Check if we have any static or hidden fields, and ensure they
+ # still have the same value
+ static_hidden_fields: QuerySet[Prompt] = self.stage.fields.filter(
+ type__in=[FieldTypes.HIDDEN, FieldTypes.STATIC]
+ )
+ for static_hidden in static_hidden_fields:
+ attrs[static_hidden.field_key] = static_hidden.placeholder
+
# Check if we have two password fields, and make sure they are the same
password_fields: QuerySet[Prompt] = self.stage.fields.filter(
type=FieldTypes.PASSWORD
diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py
index 125b54bcc..cc33e2acd 100644
--- a/authentik/stages/prompt/tests.py
+++ b/authentik/stages/prompt/tests.py
@@ -78,6 +78,12 @@ class TestPromptStage(TestCase):
required=True,
placeholder="HIDDEN_PLACEHOLDER",
)
+ static_prompt = Prompt.objects.create(
+ field_key="static_prompt",
+ type=FieldTypes.STATIC,
+ required=True,
+ placeholder="static",
+ )
self.stage = PromptStage.objects.create(name="prompt-stage")
self.stage.fields.set(
[
@@ -88,6 +94,7 @@ class TestPromptStage(TestCase):
password2_prompt,
number_prompt,
hidden_prompt,
+ static_prompt,
]
)
self.stage.save()
@@ -100,14 +107,17 @@ class TestPromptStage(TestCase):
password2_prompt.field_key: "test",
number_prompt.field_key: 3,
hidden_prompt.field_key: hidden_prompt.placeholder,
+ static_prompt.field_key: static_prompt.placeholder,
}
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_render(self):
"""Test render of form, check if all prompts are rendered correctly"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -125,7 +135,7 @@ class TestPromptStage(TestCase):
def test_valid_challenge_with_policy(self) -> PromptChallengeResponse:
"""Test challenge_response validation"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
expr = "return request.context['password_prompt'] == request.context['password2_prompt']"
expr_policy = ExpressionPolicy.objects.create(
@@ -142,7 +152,7 @@ class TestPromptStage(TestCase):
def test_invalid_challenge(self) -> PromptChallengeResponse:
"""Test challenge_response validation"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
expr = "False"
expr_policy = ExpressionPolicy.objects.create(
@@ -159,7 +169,7 @@ class TestPromptStage(TestCase):
def test_valid_challenge_request(self):
"""Test a request with valid challenge_response data"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -196,7 +206,7 @@ class TestPromptStage(TestCase):
def test_invalid_password(self):
"""Test challenge_response validation"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
self.prompt_data["password2_prompt"] = "qwerqwerqr"
challenge_response = PromptChallengeResponse(
@@ -215,7 +225,7 @@ class TestPromptStage(TestCase):
def test_invalid_username(self):
"""Test challenge_response validation"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
self.prompt_data["username_prompt"] = "akadmin"
challenge_response = PromptChallengeResponse(
@@ -230,3 +240,17 @@ class TestPromptStage(TestCase):
]
},
)
+
+ def test_static_hidden_overwrite(self):
+ """Test that static and hidden fields ignore any value sent to them"""
+ plan = FlowPlan(
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
+ )
+ self.prompt_data["hidden_prompt"] = "foo"
+ self.prompt_data["static_prompt"] = "foo"
+ challenge_response = PromptChallengeResponse(
+ None, stage=self.stage, plan=plan, data=self.prompt_data
+ )
+ self.assertEqual(challenge_response.is_valid(), True)
+ self.assertNotEqual(challenge_response.validated_data["hidden_prompt"], "foo")
+ self.assertNotEqual(challenge_response.validated_data["static_prompt"], "foo")
diff --git a/authentik/stages/user_delete/tests.py b/authentik/stages/user_delete/tests.py
index 897194398..e1e357d61 100644
--- a/authentik/stages/user_delete/tests.py
+++ b/authentik/stages/user_delete/tests.py
@@ -30,7 +30,9 @@ class TestUserDeleteStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = UserDeleteStage.objects.create(name="delete")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
@patch(
"authentik.flows.views.to_stage_response",
@@ -39,7 +41,7 @@ class TestUserDeleteStage(TestCase):
def test_no_user(self):
"""Test without user set"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -66,7 +68,7 @@ class TestUserDeleteStage(TestCase):
def test_user_delete_get(self):
"""Test Form render"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py
index f5538e9b7..ebcb90569 100644
--- a/authentik/stages/user_login/tests.py
+++ b/authentik/stages/user_login/tests.py
@@ -30,12 +30,14 @@ class TestUserLoginStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = UserLoginStage.objects.create(name="login")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_valid_password(self):
"""Test with a valid pending user and backend"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -61,7 +63,7 @@ class TestUserLoginStage(TestCase):
self.stage.session_duration = "seconds=2"
self.stage.save()
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
@@ -92,7 +94,7 @@ class TestUserLoginStage(TestCase):
def test_without_user(self):
"""Test a plan without any pending user, resulting in a denied"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
diff --git a/authentik/stages/user_logout/tests.py b/authentik/stages/user_logout/tests.py
index 9f706ba5d..2472fc7cc 100644
--- a/authentik/stages/user_logout/tests.py
+++ b/authentik/stages/user_logout/tests.py
@@ -28,12 +28,14 @@ class TestUserLogoutStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = UserLogoutStage.objects.create(name="logout")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
def test_valid_password(self):
"""Test with a valid pending user and backend"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_DJANGO
diff --git a/authentik/stages/user_write/api.py b/authentik/stages/user_write/api.py
index 5acaa6ae1..9abac9ef2 100644
--- a/authentik/stages/user_write/api.py
+++ b/authentik/stages/user_write/api.py
@@ -12,7 +12,7 @@ class UserWriteStageSerializer(StageSerializer):
class Meta:
model = UserWriteStage
- fields = StageSerializer.Meta.fields
+ fields = StageSerializer.Meta.fields + ["create_users_as_inactive"]
class UserWriteStageViewSet(UsedByMixin, ModelViewSet):
diff --git a/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py b/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py
new file mode 100644
index 000000000..5ca410291
--- /dev/null
+++ b/authentik/stages/user_write/migrations/0003_userwritestage_create_users_as_inactive.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.2.4 on 2021-06-28 20:31
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("authentik_stages_user_write", "0002_auto_20200918_1653"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="userwritestage",
+ name="create_users_as_inactive",
+ field=models.BooleanField(
+ default=False,
+ help_text="When set, newly created users are inactive and cannot login.",
+ ),
+ ),
+ ]
diff --git a/authentik/stages/user_write/models.py b/authentik/stages/user_write/models.py
index eb37a89f6..be5b8d1d0 100644
--- a/authentik/stages/user_write/models.py
+++ b/authentik/stages/user_write/models.py
@@ -1,6 +1,7 @@
"""write stage models"""
from typing import Type
+from django.db import models
from django.utils.translation import gettext_lazy as _
from django.views import View
from rest_framework.serializers import BaseSerializer
@@ -12,6 +13,11 @@ class UserWriteStage(Stage):
"""Writes currently pending data into the pending user, or if no user exists,
creates a new user with the data."""
+ create_users_as_inactive = models.BooleanField(
+ default=False,
+ help_text=_("When set, newly created users are inactive and cannot login."),
+ )
+
@property
def serializer(self) -> BaseSerializer:
from authentik.stages.user_write.api import UserWriteStageSerializer
diff --git a/authentik/stages/user_write/stage.py b/authentik/stages/user_write/stage.py
index 61f3eb275..554cd36d6 100644
--- a/authentik/stages/user_write/stage.py
+++ b/authentik/stages/user_write/stage.py
@@ -35,7 +35,9 @@ class UserWriteStageView(StageView):
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
user_created = False
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
- self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
+ self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
+ is_active=not self.executor.current_stage.create_users_as_inactive
+ )
self.executor.plan.context[
PLAN_CONTEXT_AUTHENTICATION_BACKEND
] = class_to_path(ModelBackend)
diff --git a/authentik/stages/user_write/tests.py b/authentik/stages/user_write/tests.py
index 4d3b2767d..bd8fea12c 100644
--- a/authentik/stages/user_write/tests.py
+++ b/authentik/stages/user_write/tests.py
@@ -37,7 +37,9 @@ class TestUserWriteStage(TestCase):
designation=FlowDesignation.AUTHENTICATION,
)
self.stage = UserWriteStage.objects.create(name="write")
- FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
+ self.binding = FlowStageBinding.objects.create(
+ target=self.flow, stage=self.stage, order=2
+ )
self.source = Source.objects.create(name="fake_source")
def test_user_create(self):
@@ -48,7 +50,7 @@ class TestUserWriteStage(TestCase):
)
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PROMPT] = {
"username": "test-user",
@@ -92,7 +94,7 @@ class TestUserWriteStage(TestCase):
for _ in range(8)
)
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
plan.context[PLAN_CONTEXT_PENDING_USER] = User.objects.create(
username="unittest", email="test@beryju.org"
@@ -135,7 +137,7 @@ class TestUserWriteStage(TestCase):
def test_without_data(self):
"""Test without data results in error"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
session[SESSION_KEY_PLAN] = plan
@@ -167,7 +169,7 @@ class TestUserWriteStage(TestCase):
def test_blank_username(self):
"""Test with blank username results in error"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
plan.context[PLAN_CONTEXT_PROMPT] = {
@@ -204,7 +206,7 @@ class TestUserWriteStage(TestCase):
def test_duplicate_data(self):
"""Test with duplicate data, should trigger error"""
plan = FlowPlan(
- flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
+ flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
)
session = self.client.session
plan.context[PLAN_CONTEXT_PROMPT] = {
diff --git a/authentik/tenants/api.py b/authentik/tenants/api.py
index e5b7cc957..673373f8d 100644
--- a/authentik/tenants/api.py
+++ b/authentik/tenants/api.py
@@ -54,6 +54,9 @@ class CurrentTenantSerializer(PassiveSerializer):
default=CONFIG.y("footer_links", []),
)
+ flow_authentication = CharField(source="flow_authentication.slug", required=False)
+ flow_invalidation = CharField(source="flow_invalidation.slug", required=False)
+ flow_recovery = CharField(source="flow_recovery.slug", required=False)
flow_unenrollment = CharField(source="flow_unenrollment.slug", required=False)
diff --git a/authentik/tenants/tests.py b/authentik/tenants/tests.py
index 15fbfd7a8..4eab392c4 100644
--- a/authentik/tenants/tests.py
+++ b/authentik/tenants/tests.py
@@ -20,6 +20,8 @@ class TestTenants(TestCase):
"branding_title": "authentik",
"matched_domain": "authentik-default",
"ui_footer_links": CONFIG.y("footer_links"),
+ "flow_authentication": "default-authentication-flow",
+ "flow_invalidation": "default-invalidation-flow",
},
)
diff --git a/internal/outpost/ldap/instance_search.go b/internal/outpost/ldap/instance_search.go
index c385068a0..0e459e03e 100644
--- a/internal/outpost/ldap/instance_search.go
+++ b/internal/outpost/ldap/instance_search.go
@@ -99,15 +99,15 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
}
if *u.IsActive {
- attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}})
+ attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}})
} else {
- attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"active"}})
+ attrs = append(attrs, &ldap.EntryAttribute{Name: "accountStatus", Values: []string{"inactive"}})
}
if u.IsSuperuser {
- attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}})
- } else {
attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"active"}})
+ } else {
+ attrs = append(attrs, &ldap.EntryAttribute{Name: "superuser", Values: []string{"inactive"}})
}
attrs = append(attrs, &ldap.EntryAttribute{Name: "memberOf", Values: pi.GroupsForUser(u)})
diff --git a/schema.yml b/schema.yml
index a0982f018..aa0a6127c 100644
--- a/schema.yml
+++ b/schema.yml
@@ -3572,6 +3572,37 @@ paths:
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
+ post:
+ operationId: events_events_create
+ description: Event Read-Only Viewset
+ tags:
+ - events
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ application/x-www-form-urlencoded:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ multipart/form-data:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ required: true
+ security:
+ - authentik: []
+ - cookieAuth: []
+ responses:
+ '201':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Event'
+ description: ''
+ '400':
+ $ref: '#/components/schemas/ValidationError'
+ '403':
+ $ref: '#/components/schemas/GenericError'
/api/v2beta/events/events/{event_uuid}/:
get:
operationId: events_events_retrieve
@@ -3600,6 +3631,106 @@ paths:
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
+ put:
+ operationId: events_events_update
+ description: Event Read-Only Viewset
+ parameters:
+ - in: path
+ name: event_uuid
+ schema:
+ type: string
+ format: uuid
+ description: A UUID string identifying this Event.
+ required: true
+ tags:
+ - events
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ application/x-www-form-urlencoded:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ multipart/form-data:
+ schema:
+ $ref: '#/components/schemas/EventRequest'
+ required: true
+ security:
+ - authentik: []
+ - cookieAuth: []
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Event'
+ description: ''
+ '400':
+ $ref: '#/components/schemas/ValidationError'
+ '403':
+ $ref: '#/components/schemas/GenericError'
+ patch:
+ operationId: events_events_partial_update
+ description: Event Read-Only Viewset
+ parameters:
+ - in: path
+ name: event_uuid
+ schema:
+ type: string
+ format: uuid
+ description: A UUID string identifying this Event.
+ required: true
+ tags:
+ - events
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/PatchedEventRequest'
+ application/x-www-form-urlencoded:
+ schema:
+ $ref: '#/components/schemas/PatchedEventRequest'
+ multipart/form-data:
+ schema:
+ $ref: '#/components/schemas/PatchedEventRequest'
+ security:
+ - authentik: []
+ - cookieAuth: []
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Event'
+ description: ''
+ '400':
+ $ref: '#/components/schemas/ValidationError'
+ '403':
+ $ref: '#/components/schemas/GenericError'
+ delete:
+ operationId: events_events_destroy
+ description: Event Read-Only Viewset
+ parameters:
+ - in: path
+ name: event_uuid
+ schema:
+ type: string
+ format: uuid
+ description: A UUID string identifying this Event.
+ required: true
+ tags:
+ - events
+ security:
+ - authentik: []
+ - cookieAuth: []
+ responses:
+ '204':
+ description: No response body
+ '400':
+ $ref: '#/components/schemas/ValidationError'
+ '403':
+ $ref: '#/components/schemas/GenericError'
/api/v2beta/events/events/actions/:
get:
operationId: events_events_actions_list
@@ -4441,6 +4572,18 @@ paths:
schema:
type: string
format: uuid
+ - in: query
+ name: invalid_response_action
+ schema:
+ type: string
+ enum:
+ - restart
+ - restart_with_context
+ - retry
+ description: Configure how the flow executor should handle an invalid response
+ to a challenge. RETRY returns the error message and a similar challenge
+ to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
+ restarts the flow while keeping the current context.
- in: query
name: order
schema:
@@ -18759,6 +18902,12 @@ components:
name: Documentation
- href: https://goauthentik.io/
name: authentik Website
+ flow_authentication:
+ type: string
+ flow_invalidation:
+ type: string
+ flow_recovery:
+ type: string
flow_unenrollment:
type: string
required:
@@ -19242,7 +19391,7 @@ components:
type: object
additionalProperties: {}
action:
- type: string
+ $ref: '#/components/schemas/EventActions'
app:
type: string
context:
@@ -19266,6 +19415,34 @@ components:
- app
- created
- pk
+ EventActions:
+ enum:
+ - login
+ - login_failed
+ - logout
+ - user_write
+ - suspicious_request
+ - password_set
+ - secret_view
+ - invitation_used
+ - authorize_application
+ - source_linked
+ - impersonation_started
+ - impersonation_ended
+ - policy_execution
+ - policy_exception
+ - property_mapping_exception
+ - system_task_execution
+ - system_task_exception
+ - system_exception
+ - configuration_error
+ - model_created
+ - model_updated
+ - model_deleted
+ - email_sent
+ - update_available
+ - custom_
+ type: string
EventMatcherPolicy:
type: object
description: Event Matcher Policy Serializer
@@ -19296,7 +19473,7 @@ components:
readOnly: true
action:
allOf:
- - $ref: '#/components/schemas/EventMatcherPolicyActionEnum'
+ - $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
@@ -19314,34 +19491,6 @@ components:
- pk
- verbose_name
- verbose_name_plural
- EventMatcherPolicyActionEnum:
- enum:
- - login
- - login_failed
- - logout
- - user_write
- - suspicious_request
- - password_set
- - secret_view
- - invitation_used
- - authorize_application
- - source_linked
- - impersonation_started
- - impersonation_ended
- - policy_execution
- - policy_exception
- - property_mapping_exception
- - system_task_execution
- - system_task_exception
- - system_exception
- - configuration_error
- - model_created
- - model_updated
- - model_deleted
- - email_sent
- - update_available
- - custom_
- type: string
EventMatcherPolicyRequest:
type: object
description: Event Matcher Policy Serializer
@@ -19355,7 +19504,7 @@ components:
will be logged. By default, only execution errors are logged.
action:
allOf:
- - $ref: '#/components/schemas/EventMatcherPolicyActionEnum'
+ - $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
@@ -19375,7 +19524,7 @@ components:
type: object
additionalProperties: {}
action:
- type: string
+ $ref: '#/components/schemas/EventActions'
app:
type: string
context:
@@ -19673,6 +19822,13 @@ components:
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
+ invalid_response_action:
+ allOf:
+ - $ref: '#/components/schemas/InvalidResponseActionEnum'
+ description: Configure how the flow executor should handle an invalid response
+ to a challenge. RETRY returns the error message and a similar challenge
+ to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
+ restarts the flow while keeping the current context.
required:
- order
- pk
@@ -19703,6 +19859,13 @@ components:
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
+ invalid_response_action:
+ allOf:
+ - $ref: '#/components/schemas/InvalidResponseActionEnum'
+ description: Configure how the flow executor should handle an invalid response
+ to a challenge. RETRY returns the error message and a similar challenge
+ to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
+ restarts the flow while keeping the current context.
required:
- order
- stage
@@ -20048,6 +20211,12 @@ components:
- api
- recovery
type: string
+ InvalidResponseActionEnum:
+ enum:
+ - retry
+ - restart
+ - restart_with_context
+ type: string
Invitation:
type: object
description: Invitation Serializer
@@ -24445,7 +24614,7 @@ components:
will be logged. By default, only execution errors are logged.
action:
allOf:
- - $ref: '#/components/schemas/EventMatcherPolicyActionEnum'
+ - $ref: '#/components/schemas/EventActions'
description: Match created events with this action type. When left empty,
all action types will be matched.
client_ip:
@@ -24457,6 +24626,29 @@ components:
- $ref: '#/components/schemas/AppEnum'
description: Match events created by selected application. When left empty,
all applications are matched.
+ PatchedEventRequest:
+ type: object
+ description: Event Serializer
+ properties:
+ user:
+ type: object
+ additionalProperties: {}
+ action:
+ $ref: '#/components/schemas/EventActions'
+ app:
+ type: string
+ context:
+ type: object
+ additionalProperties: {}
+ client_ip:
+ type: string
+ nullable: true
+ expires:
+ type: string
+ format: date-time
+ tenant:
+ type: object
+ additionalProperties: {}
PatchedExpressionPolicyRequest:
type: object
description: Group Membership Policy Serializer
@@ -24518,6 +24710,13 @@ components:
minimum: -2147483648
policy_engine_mode:
$ref: '#/components/schemas/PolicyEngineMode'
+ invalid_response_action:
+ allOf:
+ - $ref: '#/components/schemas/InvalidResponseActionEnum'
+ description: Configure how the flow executor should handle an invalid response
+ to a challenge. RETRY returns the error message and a similar challenge
+ to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT
+ restarts the flow while keeping the current context.
PatchedGroupRequest:
type: object
description: Group Serializer
@@ -25603,6 +25802,9 @@ components:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
+ create_users_as_inactive:
+ type: boolean
+ description: When set, newly created users are inactive and cannot login.
PatchedWebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
@@ -28097,6 +28299,9 @@ components:
type: array
items:
$ref: '#/components/schemas/Flow'
+ create_users_as_inactive:
+ type: boolean
+ description: When set, newly created users are inactive and cannot login.
required:
- component
- name
@@ -28113,6 +28318,9 @@ components:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
+ create_users_as_inactive:
+ type: boolean
+ description: When set, newly created users are inactive and cannot login.
required:
- name
ValidationError:
diff --git a/web/package-lock.json b/web/package-lock.json
index 2cbb3c248..b65f46cd4 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -18,24 +18,24 @@
"@lingui/cli": "^3.10.2",
"@lingui/core": "^3.10.4",
"@lingui/macro": "^3.10.2",
- "@patternfly/patternfly": "^4.108.2",
+ "@patternfly/patternfly": "^4.115.2",
"@polymer/iron-form": "^3.0.1",
"@polymer/paper-input": "^3.2.1",
"@rollup/plugin-babel": "^5.3.0",
"@rollup/plugin-replace": "^2.4.2",
"@rollup/plugin-typescript": "^8.2.1",
- "@sentry/browser": "^6.7.2",
- "@sentry/tracing": "^6.7.2",
+ "@sentry/browser": "^6.8.0",
+ "@sentry/tracing": "^6.8.0",
"@types/chart.js": "^2.9.32",
- "@types/codemirror": "5.60.0",
+ "@types/codemirror": "5.60.1",
"@types/grecaptcha": "^3.0.2",
- "@typescript-eslint/eslint-plugin": "^4.28.0",
- "@typescript-eslint/parser": "^4.28.0",
+ "@typescript-eslint/eslint-plugin": "^4.28.1",
+ "@typescript-eslint/parser": "^4.28.1",
"@webcomponents/webcomponentsjs": "^2.5.0",
"authentik-api": "file:api",
"babel-plugin-macros": "^3.1.0",
"base64-js": "^1.5.1",
- "chart.js": "^3.3.2",
+ "chart.js": "^3.4.0",
"chartjs-adapter-moment": "^1.0.0",
"codemirror": "^5.62.0",
"construct-style-sheets-polyfill": "^2.4.16",
@@ -48,7 +48,7 @@
"lit-html": "^1.4.1",
"moment": "^2.29.1",
"rapidoc": "^9.0.0",
- "rollup": "^2.52.2",
+ "rollup": "^2.52.3",
"rollup-plugin-commonjs": "^10.1.0",
"rollup-plugin-copy": "^3.4.0",
"rollup-plugin-cssimport": "^1.0.2",
@@ -2120,9 +2120,9 @@
}
},
"node_modules/@patternfly/patternfly": {
- "version": "4.108.2",
- "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.108.2.tgz",
- "integrity": "sha512-z0VB+1CXcH+eoClYQABwapX5FURSvm1nPr6asLWwg/Z4Wuxs0RjZpC6Gb+KRm8nGQwSAcMKZY1jLfPqVnznQnw=="
+ "version": "4.115.2",
+ "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.115.2.tgz",
+ "integrity": "sha512-7hbJ4pRmj+rlXclD2F/UwceO6fS+9flGsgHc4eUc7NyTN2GXl6PLcqrjE2CtiKEPV90+KwsGQGJXZj8bz9HweA=="
},
"node_modules/@polymer/font-roboto": {
"version": "3.0.2",
@@ -2314,13 +2314,13 @@
"integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg=="
},
"node_modules/@sentry/browser": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.7.2.tgz",
- "integrity": "sha512-Lv0Ne1QcesyGAhVcQDfQa3hDPR/MhPSDTMg3xFi+LxqztchVc4w/ynzR0wCZFb8KIHpTj5SpJHfxpDhXYMtS9g==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.8.0.tgz",
+ "integrity": "sha512-nxa71csHlG5sMHUxI4e4xxuCWtbCv/QbBfMsYw7ncJSfCKG3yNlCVh8NJ7NS0rZW/MJUT6S6+r93zw0HetNDOA==",
"dependencies": {
- "@sentry/core": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/core": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2333,14 +2333,14 @@
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@sentry/core": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.7.2.tgz",
- "integrity": "sha512-NTZqwN5nR94yrXmSfekoPs1mIFuKvf8esdIW/DadwSKWAdLJwQTJY9xK/8PQv+SEzd7wiitPAx+mCw2By1xiNQ==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.8.0.tgz",
+ "integrity": "sha512-vJzWt/znEB+JqVwtwfjkRrAYRN+ep+l070Ti8GhJnvwU4IDtVlV3T/jVNrj6rl6UChcczaJQMxVxtG5x0crlAA==",
"dependencies": {
- "@sentry/hub": "6.7.2",
- "@sentry/minimal": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/minimal": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2353,12 +2353,12 @@
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@sentry/hub": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.7.2.tgz",
- "integrity": "sha512-05qVW6ymChJsXag4+fYCQokW3AcABIgcqrVYZUBf6GMU/Gbz5SJqpV7y1+njwWvnPZydMncP9LaDVpMKbE7UYQ==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz",
+ "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==",
"dependencies": {
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2371,12 +2371,12 @@
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@sentry/minimal": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.7.2.tgz",
- "integrity": "sha512-jkpwFv2GFHoVl5vnK+9/Q+Ea8eVdbJ3hn3/Dqq9MOLFnVK7ED6MhdHKLT79puGSFj+85OuhM5m2Q44mIhyS5mw==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz",
+ "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==",
"dependencies": {
- "@sentry/hub": "6.7.2",
- "@sentry/types": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/types": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2389,14 +2389,14 @@
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@sentry/tracing": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.7.2.tgz",
- "integrity": "sha512-juKlI7FICKONWJFJxDxerj0A+8mNRhmtrdR+OXFqOkqSAy/QXlSFZcA/j//O19k2CfwK1BrvoMcQ/4gnffUOVg==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.8.0.tgz",
+ "integrity": "sha512-3gDkQnmOuOjHz5rY7BOatLEUksANU3efR8wuBa2ujsPQvoLSLFuyZpRjPPsxuUHQOqAYIbSNAoDloXECvQeHjw==",
"dependencies": {
- "@sentry/hub": "6.7.2",
- "@sentry/minimal": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/minimal": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2409,19 +2409,19 @@
"integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
},
"node_modules/@sentry/types": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.7.2.tgz",
- "integrity": "sha512-h21Go/PfstUN+ZV6SbwRSZVg9GXRJWdLfHoO5PSVb3TVEMckuxk8tAE57/u+UZDwX8wu+Xyon2TgsKpiWKxqUg==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz",
+ "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA==",
"engines": {
"node": ">=6"
}
},
"node_modules/@sentry/utils": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.7.2.tgz",
- "integrity": "sha512-9COL7aaBbe61Hp5BlArtXZ1o/cxli1NGONLPrVT4fMyeQFmLonhUiy77NdsW19XnvhvaA+2IoV5dg3dnFiF/og==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz",
+ "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==",
"dependencies": {
- "@sentry/types": "6.7.2",
+ "@sentry/types": "6.8.0",
"tslib": "^1.9.3"
},
"engines": {
@@ -2451,9 +2451,9 @@
}
},
"node_modules/@types/codemirror": {
- "version": "5.60.0",
- "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.0.tgz",
- "integrity": "sha512-xgzXZyCzedLRNC67/Nn8rpBtTFnAsX2C+Q/LGoH6zgcpF/LqdNHJMHEOhqT1bwUcSp6kQdOIuKzRbeW9DYhEhg==",
+ "version": "5.60.1",
+ "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.1.tgz",
+ "integrity": "sha512-yV14LQ5VvghnW0uSuCw2bEfZC6NvxHQEckl2w3dEk5l0yPGzQh14dCaWvG5KD/2l3cgFSifR+6nIUD7LDLdUTg==",
"dependencies": {
"@types/tern": "*"
}
@@ -2579,12 +2579,12 @@
"integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA=="
},
"node_modules/@typescript-eslint/eslint-plugin": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.0.tgz",
- "integrity": "sha512-KcF6p3zWhf1f8xO84tuBailV5cN92vhS+VT7UJsPzGBm9VnQqfI9AsiMUFUCYHTYPg1uCCo+HyiDnpDuvkAMfQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.1.tgz",
+ "integrity": "sha512-9yfcNpDaNGQ6/LQOX/KhUFTR1sCKH+PBr234k6hI9XJ0VP5UqGxap0AnNwBnWFk1MNyWBylJH9ZkzBXC+5akZQ==",
"dependencies": {
- "@typescript-eslint/experimental-utils": "4.28.0",
- "@typescript-eslint/scope-manager": "4.28.0",
+ "@typescript-eslint/experimental-utils": "4.28.1",
+ "@typescript-eslint/scope-manager": "4.28.1",
"debug": "^4.3.1",
"functional-red-black-tree": "^1.0.1",
"regexpp": "^3.1.0",
@@ -2609,14 +2609,14 @@
}
},
"node_modules/@typescript-eslint/experimental-utils": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.0.tgz",
- "integrity": "sha512-9XD9s7mt3QWMk82GoyUpc/Ji03vz4T5AYlHF9DcoFNfJ/y3UAclRsfGiE2gLfXtyC+JRA3trR7cR296TEb1oiQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.1.tgz",
+ "integrity": "sha512-n8/ggadrZ+uyrfrSEchx3jgODdmcx7MzVM2sI3cTpI/YlfSm0+9HEUaWw3aQn2urL2KYlWYMDgn45iLfjDYB+Q==",
"dependencies": {
"@types/json-schema": "^7.0.7",
- "@typescript-eslint/scope-manager": "4.28.0",
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/typescript-estree": "4.28.0",
+ "@typescript-eslint/scope-manager": "4.28.1",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/typescript-estree": "4.28.1",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0"
},
@@ -2649,13 +2649,13 @@
}
},
"node_modules/@typescript-eslint/parser": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.0.tgz",
- "integrity": "sha512-7x4D22oPY8fDaOCvkuXtYYTQ6mTMmkivwEzS+7iml9F9VkHGbbZ3x4fHRwxAb5KeuSkLqfnYjs46tGx2Nour4A==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.1.tgz",
+ "integrity": "sha512-UjrMsgnhQIIK82hXGaD+MCN8IfORS1CbMdu7VlZbYa8LCZtbZjJA26De4IPQB7XYZbL8gJ99KWNj0l6WD0guJg==",
"dependencies": {
- "@typescript-eslint/scope-manager": "4.28.0",
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/typescript-estree": "4.28.0",
+ "@typescript-eslint/scope-manager": "4.28.1",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/typescript-estree": "4.28.1",
"debug": "^4.3.1"
},
"engines": {
@@ -2675,12 +2675,12 @@
}
},
"node_modules/@typescript-eslint/scope-manager": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.0.tgz",
- "integrity": "sha512-eCALCeScs5P/EYjwo6se9bdjtrh8ByWjtHzOkC4Tia6QQWtQr3PHovxh3TdYTuFcurkYI4rmFsRFpucADIkseg==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz",
+ "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==",
"dependencies": {
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/visitor-keys": "4.28.0"
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/visitor-keys": "4.28.1"
},
"engines": {
"node": "^8.10.0 || ^10.13.0 || >=11.10.1"
@@ -2691,9 +2691,9 @@
}
},
"node_modules/@typescript-eslint/types": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.0.tgz",
- "integrity": "sha512-p16xMNKKoiJCVZY5PW/AfILw2xe1LfruTcfAKBj3a+wgNYP5I9ZEKNDOItoRt53p4EiPV6iRSICy8EPanG9ZVA==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz",
+ "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg==",
"engines": {
"node": "^8.10.0 || ^10.13.0 || >=11.10.1"
},
@@ -2703,12 +2703,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.0.tgz",
- "integrity": "sha512-m19UQTRtxMzKAm8QxfKpvh6OwQSXaW1CdZPoCaQuLwAq7VZMNuhJmZR4g5281s2ECt658sldnJfdpSZZaxUGMQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz",
+ "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==",
"dependencies": {
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/visitor-keys": "4.28.0",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/visitor-keys": "4.28.1",
"debug": "^4.3.1",
"globby": "^11.0.3",
"is-glob": "^4.0.1",
@@ -2748,11 +2748,11 @@
}
},
"node_modules/@typescript-eslint/visitor-keys": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.0.tgz",
- "integrity": "sha512-PjJyTWwrlrvM5jazxYF5ZPs/nl0kHDZMVbuIcbpawVXaDPelp3+S9zpOz5RmVUfS/fD5l5+ZXNKnWhNYjPzCvw==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz",
+ "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==",
"dependencies": {
- "@typescript-eslint/types": "4.28.0",
+ "@typescript-eslint/types": "4.28.1",
"eslint-visitor-keys": "^2.0.0"
},
"engines": {
@@ -3316,9 +3316,9 @@
"integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA=="
},
"node_modules/chart.js": {
- "version": "3.3.2",
- "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.3.2.tgz",
- "integrity": "sha512-H0hSO7xqTIrwxoACqnSoNromEMfXvfuVnrbuSt2TuXfBDDofbnto4zuZlRtRvC73/b37q3wGAWZyUU41QPvNbA=="
+ "version": "3.4.0",
+ "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.4.0.tgz",
+ "integrity": "sha512-mJsRm2apQm5mwz2OgYqGNG4erZh/qljcRZkWSa0kLkFr3UC3e1wKRMgnIh6WdhUrNu0w/JT9PkjLyylqEqHXEQ=="
},
"node_modules/chartjs-adapter-moment": {
"version": "1.0.0",
@@ -6770,9 +6770,9 @@
}
},
"node_modules/rollup": {
- "version": "2.52.2",
- "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.2.tgz",
- "integrity": "sha512-4RlFC3k2BIHlUsJ9mGd8OO+9Lm2eDF5P7+6DNQOp5sx+7N/1tFM01kELfbxlMX3MxT6owvLB1ln4S3QvvQlbUA==",
+ "version": "2.52.3",
+ "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.3.tgz",
+ "integrity": "sha512-QF3Sju8Kl2z0osI4unyOLyUudyhOMK6G0AeqJWgfiyigqLAlnNrfBcDWDx+f1cqn+JU2iIYVkDrgQ6/KtwEfrg==",
"bin": {
"rollup": "dist/bin/rollup"
},
@@ -9482,9 +9482,9 @@
}
},
"@patternfly/patternfly": {
- "version": "4.108.2",
- "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.108.2.tgz",
- "integrity": "sha512-z0VB+1CXcH+eoClYQABwapX5FURSvm1nPr6asLWwg/Z4Wuxs0RjZpC6Gb+KRm8nGQwSAcMKZY1jLfPqVnznQnw=="
+ "version": "4.115.2",
+ "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.115.2.tgz",
+ "integrity": "sha512-7hbJ4pRmj+rlXclD2F/UwceO6fS+9flGsgHc4eUc7NyTN2GXl6PLcqrjE2CtiKEPV90+KwsGQGJXZj8bz9HweA=="
},
"@polymer/font-roboto": {
"version": "3.0.2",
@@ -9669,13 +9669,13 @@
}
},
"@sentry/browser": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.7.2.tgz",
- "integrity": "sha512-Lv0Ne1QcesyGAhVcQDfQa3hDPR/MhPSDTMg3xFi+LxqztchVc4w/ynzR0wCZFb8KIHpTj5SpJHfxpDhXYMtS9g==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-6.8.0.tgz",
+ "integrity": "sha512-nxa71csHlG5sMHUxI4e4xxuCWtbCv/QbBfMsYw7ncJSfCKG3yNlCVh8NJ7NS0rZW/MJUT6S6+r93zw0HetNDOA==",
"requires": {
- "@sentry/core": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/core": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9687,14 +9687,14 @@
}
},
"@sentry/core": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.7.2.tgz",
- "integrity": "sha512-NTZqwN5nR94yrXmSfekoPs1mIFuKvf8esdIW/DadwSKWAdLJwQTJY9xK/8PQv+SEzd7wiitPAx+mCw2By1xiNQ==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/core/-/core-6.8.0.tgz",
+ "integrity": "sha512-vJzWt/znEB+JqVwtwfjkRrAYRN+ep+l070Ti8GhJnvwU4IDtVlV3T/jVNrj6rl6UChcczaJQMxVxtG5x0crlAA==",
"requires": {
- "@sentry/hub": "6.7.2",
- "@sentry/minimal": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/minimal": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9706,12 +9706,12 @@
}
},
"@sentry/hub": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.7.2.tgz",
- "integrity": "sha512-05qVW6ymChJsXag4+fYCQokW3AcABIgcqrVYZUBf6GMU/Gbz5SJqpV7y1+njwWvnPZydMncP9LaDVpMKbE7UYQ==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-6.8.0.tgz",
+ "integrity": "sha512-hFrI2Ss1fTov7CH64FJpigqRxH7YvSnGeqxT9Jc1BL7nzW/vgCK+Oh2mOZbosTcrzoDv+lE8ViOnSN3w/fo+rg==",
"requires": {
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9723,12 +9723,12 @@
}
},
"@sentry/minimal": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.7.2.tgz",
- "integrity": "sha512-jkpwFv2GFHoVl5vnK+9/Q+Ea8eVdbJ3hn3/Dqq9MOLFnVK7ED6MhdHKLT79puGSFj+85OuhM5m2Q44mIhyS5mw==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-6.8.0.tgz",
+ "integrity": "sha512-MRxUKXiiYwKjp8mOQMpTpEuIby1Jh3zRTU0cmGZtfsZ38BC1JOle8xlwC4FdtOH+VvjSYnPBMya5lgNHNPUJDQ==",
"requires": {
- "@sentry/hub": "6.7.2",
- "@sentry/types": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/types": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9740,14 +9740,14 @@
}
},
"@sentry/tracing": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.7.2.tgz",
- "integrity": "sha512-juKlI7FICKONWJFJxDxerj0A+8mNRhmtrdR+OXFqOkqSAy/QXlSFZcA/j//O19k2CfwK1BrvoMcQ/4gnffUOVg==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-6.8.0.tgz",
+ "integrity": "sha512-3gDkQnmOuOjHz5rY7BOatLEUksANU3efR8wuBa2ujsPQvoLSLFuyZpRjPPsxuUHQOqAYIbSNAoDloXECvQeHjw==",
"requires": {
- "@sentry/hub": "6.7.2",
- "@sentry/minimal": "6.7.2",
- "@sentry/types": "6.7.2",
- "@sentry/utils": "6.7.2",
+ "@sentry/hub": "6.8.0",
+ "@sentry/minimal": "6.8.0",
+ "@sentry/types": "6.8.0",
+ "@sentry/utils": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9759,16 +9759,16 @@
}
},
"@sentry/types": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.7.2.tgz",
- "integrity": "sha512-h21Go/PfstUN+ZV6SbwRSZVg9GXRJWdLfHoO5PSVb3TVEMckuxk8tAE57/u+UZDwX8wu+Xyon2TgsKpiWKxqUg=="
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/types/-/types-6.8.0.tgz",
+ "integrity": "sha512-PbSxqlh6Fd5thNU5f8EVYBVvX+G7XdPA+ThNb2QvSK8yv3rIf0McHTyF6sIebgJ38OYN7ZFK7vvhC/RgSAfYTA=="
},
"@sentry/utils": {
- "version": "6.7.2",
- "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.7.2.tgz",
- "integrity": "sha512-9COL7aaBbe61Hp5BlArtXZ1o/cxli1NGONLPrVT4fMyeQFmLonhUiy77NdsW19XnvhvaA+2IoV5dg3dnFiF/og==",
+ "version": "6.8.0",
+ "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-6.8.0.tgz",
+ "integrity": "sha512-OYlI2JNrcWKMdvYbWNdQwR4QBVv2V0y5wK0U6f53nArv6RsyO5TzwRu5rMVSIZofUUqjoE5hl27jqnR+vpUrsA==",
"requires": {
- "@sentry/types": "6.7.2",
+ "@sentry/types": "6.8.0",
"tslib": "^1.9.3"
},
"dependencies": {
@@ -9797,9 +9797,9 @@
}
},
"@types/codemirror": {
- "version": "5.60.0",
- "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.0.tgz",
- "integrity": "sha512-xgzXZyCzedLRNC67/Nn8rpBtTFnAsX2C+Q/LGoH6zgcpF/LqdNHJMHEOhqT1bwUcSp6kQdOIuKzRbeW9DYhEhg==",
+ "version": "5.60.1",
+ "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-5.60.1.tgz",
+ "integrity": "sha512-yV14LQ5VvghnW0uSuCw2bEfZC6NvxHQEckl2w3dEk5l0yPGzQh14dCaWvG5KD/2l3cgFSifR+6nIUD7LDLdUTg==",
"requires": {
"@types/tern": "*"
}
@@ -9925,12 +9925,12 @@
"integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA=="
},
"@typescript-eslint/eslint-plugin": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.0.tgz",
- "integrity": "sha512-KcF6p3zWhf1f8xO84tuBailV5cN92vhS+VT7UJsPzGBm9VnQqfI9AsiMUFUCYHTYPg1uCCo+HyiDnpDuvkAMfQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.1.tgz",
+ "integrity": "sha512-9yfcNpDaNGQ6/LQOX/KhUFTR1sCKH+PBr234k6hI9XJ0VP5UqGxap0AnNwBnWFk1MNyWBylJH9ZkzBXC+5akZQ==",
"requires": {
- "@typescript-eslint/experimental-utils": "4.28.0",
- "@typescript-eslint/scope-manager": "4.28.0",
+ "@typescript-eslint/experimental-utils": "4.28.1",
+ "@typescript-eslint/scope-manager": "4.28.1",
"debug": "^4.3.1",
"functional-red-black-tree": "^1.0.1",
"regexpp": "^3.1.0",
@@ -9939,14 +9939,14 @@
}
},
"@typescript-eslint/experimental-utils": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.0.tgz",
- "integrity": "sha512-9XD9s7mt3QWMk82GoyUpc/Ji03vz4T5AYlHF9DcoFNfJ/y3UAclRsfGiE2gLfXtyC+JRA3trR7cR296TEb1oiQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.28.1.tgz",
+ "integrity": "sha512-n8/ggadrZ+uyrfrSEchx3jgODdmcx7MzVM2sI3cTpI/YlfSm0+9HEUaWw3aQn2urL2KYlWYMDgn45iLfjDYB+Q==",
"requires": {
"@types/json-schema": "^7.0.7",
- "@typescript-eslint/scope-manager": "4.28.0",
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/typescript-estree": "4.28.0",
+ "@typescript-eslint/scope-manager": "4.28.1",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/typescript-estree": "4.28.1",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0"
},
@@ -9962,37 +9962,37 @@
}
},
"@typescript-eslint/parser": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.0.tgz",
- "integrity": "sha512-7x4D22oPY8fDaOCvkuXtYYTQ6mTMmkivwEzS+7iml9F9VkHGbbZ3x4fHRwxAb5KeuSkLqfnYjs46tGx2Nour4A==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.28.1.tgz",
+ "integrity": "sha512-UjrMsgnhQIIK82hXGaD+MCN8IfORS1CbMdu7VlZbYa8LCZtbZjJA26De4IPQB7XYZbL8gJ99KWNj0l6WD0guJg==",
"requires": {
- "@typescript-eslint/scope-manager": "4.28.0",
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/typescript-estree": "4.28.0",
+ "@typescript-eslint/scope-manager": "4.28.1",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/typescript-estree": "4.28.1",
"debug": "^4.3.1"
}
},
"@typescript-eslint/scope-manager": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.0.tgz",
- "integrity": "sha512-eCALCeScs5P/EYjwo6se9bdjtrh8ByWjtHzOkC4Tia6QQWtQr3PHovxh3TdYTuFcurkYI4rmFsRFpucADIkseg==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.28.1.tgz",
+ "integrity": "sha512-o95bvGKfss6705x7jFGDyS7trAORTy57lwJ+VsYwil/lOUxKQ9tA7Suuq+ciMhJc/1qPwB3XE2DKh9wubW8YYA==",
"requires": {
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/visitor-keys": "4.28.0"
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/visitor-keys": "4.28.1"
}
},
"@typescript-eslint/types": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.0.tgz",
- "integrity": "sha512-p16xMNKKoiJCVZY5PW/AfILw2xe1LfruTcfAKBj3a+wgNYP5I9ZEKNDOItoRt53p4EiPV6iRSICy8EPanG9ZVA=="
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.28.1.tgz",
+ "integrity": "sha512-4z+knEihcyX7blAGi7O3Fm3O6YRCP+r56NJFMNGsmtdw+NCdpG5SgNz427LS9nQkRVTswZLhz484hakQwB8RRg=="
},
"@typescript-eslint/typescript-estree": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.0.tgz",
- "integrity": "sha512-m19UQTRtxMzKAm8QxfKpvh6OwQSXaW1CdZPoCaQuLwAq7VZMNuhJmZR4g5281s2ECt658sldnJfdpSZZaxUGMQ==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.28.1.tgz",
+ "integrity": "sha512-GhKxmC4sHXxHGJv8e8egAZeTZ6HI4mLU6S7FUzvFOtsk7ZIDN1ksA9r9DyOgNqowA9yAtZXV0Uiap61bIO81FQ==",
"requires": {
- "@typescript-eslint/types": "4.28.0",
- "@typescript-eslint/visitor-keys": "4.28.0",
+ "@typescript-eslint/types": "4.28.1",
+ "@typescript-eslint/visitor-keys": "4.28.1",
"debug": "^4.3.1",
"globby": "^11.0.3",
"is-glob": "^4.0.1",
@@ -10016,11 +10016,11 @@
}
},
"@typescript-eslint/visitor-keys": {
- "version": "4.28.0",
- "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.0.tgz",
- "integrity": "sha512-PjJyTWwrlrvM5jazxYF5ZPs/nl0kHDZMVbuIcbpawVXaDPelp3+S9zpOz5RmVUfS/fD5l5+ZXNKnWhNYjPzCvw==",
+ "version": "4.28.1",
+ "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.28.1.tgz",
+ "integrity": "sha512-K4HMrdFqr9PFquPu178SaSb92CaWe2yErXyPumc8cYWxFmhgJsNY9eSePmO05j0JhBvf2Cdhptd6E6Yv9HVHcg==",
"requires": {
- "@typescript-eslint/types": "4.28.0",
+ "@typescript-eslint/types": "4.28.1",
"eslint-visitor-keys": "^2.0.0"
}
},
@@ -10461,9 +10461,9 @@
"integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA=="
},
"chart.js": {
- "version": "3.3.2",
- "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.3.2.tgz",
- "integrity": "sha512-H0hSO7xqTIrwxoACqnSoNromEMfXvfuVnrbuSt2TuXfBDDofbnto4zuZlRtRvC73/b37q3wGAWZyUU41QPvNbA=="
+ "version": "3.4.0",
+ "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.4.0.tgz",
+ "integrity": "sha512-mJsRm2apQm5mwz2OgYqGNG4erZh/qljcRZkWSa0kLkFr3UC3e1wKRMgnIh6WdhUrNu0w/JT9PkjLyylqEqHXEQ=="
},
"chartjs-adapter-moment": {
"version": "1.0.0",
@@ -13200,9 +13200,9 @@
}
},
"rollup": {
- "version": "2.52.2",
- "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.2.tgz",
- "integrity": "sha512-4RlFC3k2BIHlUsJ9mGd8OO+9Lm2eDF5P7+6DNQOp5sx+7N/1tFM01kELfbxlMX3MxT6owvLB1ln4S3QvvQlbUA==",
+ "version": "2.52.3",
+ "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.52.3.tgz",
+ "integrity": "sha512-QF3Sju8Kl2z0osI4unyOLyUudyhOMK6G0AeqJWgfiyigqLAlnNrfBcDWDx+f1cqn+JU2iIYVkDrgQ6/KtwEfrg==",
"requires": {
"fsevents": "~2.3.2"
}
diff --git a/web/package.json b/web/package.json
index 3df620040..14b11d0eb 100644
--- a/web/package.json
+++ b/web/package.json
@@ -47,24 +47,24 @@
"@lingui/cli": "^3.10.2",
"@lingui/core": "^3.10.4",
"@lingui/macro": "^3.10.2",
- "@patternfly/patternfly": "^4.108.2",
+ "@patternfly/patternfly": "^4.115.2",
"@polymer/iron-form": "^3.0.1",
"@polymer/paper-input": "^3.2.1",
"@rollup/plugin-babel": "^5.3.0",
"@rollup/plugin-replace": "^2.4.2",
"@rollup/plugin-typescript": "^8.2.1",
- "@sentry/browser": "^6.7.2",
- "@sentry/tracing": "^6.7.2",
+ "@sentry/browser": "^6.8.0",
+ "@sentry/tracing": "^6.8.0",
"@types/chart.js": "^2.9.32",
- "@types/codemirror": "5.60.0",
+ "@types/codemirror": "5.60.1",
"@types/grecaptcha": "^3.0.2",
- "@typescript-eslint/eslint-plugin": "^4.28.0",
- "@typescript-eslint/parser": "^4.28.0",
+ "@typescript-eslint/eslint-plugin": "^4.28.1",
+ "@typescript-eslint/parser": "^4.28.1",
"@webcomponents/webcomponentsjs": "^2.5.0",
"authentik-api": "file:api",
"babel-plugin-macros": "^3.1.0",
"base64-js": "^1.5.1",
- "chart.js": "^3.3.2",
+ "chart.js": "^3.4.0",
"chartjs-adapter-moment": "^1.0.0",
"codemirror": "^5.62.0",
"construct-style-sheets-polyfill": "^2.4.16",
@@ -77,7 +77,7 @@
"lit-html": "^1.4.1",
"moment": "^2.29.1",
"rapidoc": "^9.0.0",
- "rollup": "^2.52.2",
+ "rollup": "^2.52.3",
"rollup-plugin-commonjs": "^10.1.0",
"rollup-plugin-copy": "^3.4.0",
"rollup-plugin-cssimport": "^1.0.2",
diff --git a/web/src/authentik.css b/web/src/authentik.css
index bb409f2f1..312af5a08 100644
--- a/web/src/authentik.css
+++ b/web/src/authentik.css
@@ -139,6 +139,7 @@ body {
/* Card */
.pf-c-card {
--pf-c-card--BackgroundColor: var(--ak-dark-background-light);
+ color: var(--ak-dark-foreground);
}
.pf-c-card__title,
.pf-c-card__body {
diff --git a/web/src/flows/sources/plex/PlexLoginInit.ts b/web/src/flows/sources/plex/PlexLoginInit.ts
index ebfe8262d..dbf6d5fe6 100644
--- a/web/src/flows/sources/plex/PlexLoginInit.ts
+++ b/web/src/flows/sources/plex/PlexLoginInit.ts
@@ -1,5 +1,5 @@
import { t } from "@lingui/macro";
-import { PlexAuthenticationChallenge } from "authentik-api";
+import { PlexAuthenticationChallenge, PlexAuthenticationChallengeResponseRequest } from "authentik-api";
import PFLogin from "@patternfly/patternfly/components/Login/login.css";
import PFForm from "@patternfly/patternfly/components/Form/form.css";
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
@@ -15,7 +15,6 @@ import { DEFAULT_CONFIG } from "../../../api/Config";
import { SourcesApi } from "authentik-api";
import { showMessage } from "../../../elements/messages/MessageContainer";
import { MessageLevel } from "../../../elements/messages/Message";
-import { PlexAuthenticationChallengeResponseRequest } from "authentik-api/dist/models/PlexAuthenticationChallengeResponseRequest";
@customElement("ak-flow-sources-plex")
diff --git a/web/src/flows/stages/authenticator_duo/AuthenticatorDuoStage.ts b/web/src/flows/stages/authenticator_duo/AuthenticatorDuoStage.ts
index 7eacf3dd9..0dd9720bd 100644
--- a/web/src/flows/stages/authenticator_duo/AuthenticatorDuoStage.ts
+++ b/web/src/flows/stages/authenticator_duo/AuthenticatorDuoStage.ts
@@ -11,9 +11,8 @@ import { BaseStage } from "../base";
import "../../../elements/forms/FormElement";
import "../../../elements/EmptyState";
import "../../FormStatic";
-import { AuthenticatorDuoChallenge, StagesApi } from "authentik-api";
+import { AuthenticatorDuoChallenge, AuthenticatorDuoChallengeResponseRequest, StagesApi } from "authentik-api";
import { DEFAULT_CONFIG } from "../../../api/Config";
-import { AuthenticatorDuoChallengeResponseRequest } from "authentik-api/dist/models/AuthenticatorDuoChallengeResponseRequest";
import { ifDefined } from "lit-html/directives/if-defined";
@customElement("ak-stage-authenticator-duo")
diff --git a/web/src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts b/web/src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts
index 9a1b041bc..ef0527b34 100644
--- a/web/src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts
+++ b/web/src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts
@@ -11,8 +11,7 @@ import { BaseStage } from "../base";
import "../../../elements/forms/FormElement";
import "../../../elements/EmptyState";
import "../../FormStatic";
-import { AuthenticatorStaticChallenge } from "authentik-api";
-import { AuthenticatorStaticChallengeResponseRequest } from "authentik-api/dist/models/AuthenticatorStaticChallengeResponseRequest";
+import { AuthenticatorStaticChallenge, AuthenticatorStaticChallengeResponseRequest } from "authentik-api";
import { ifDefined } from "lit-html/directives/if-defined";
export const STATIC_TOKEN_STYLE = css`
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
index e3ad9b41e..76d69ae49 100644
--- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
+++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStage.ts
@@ -12,8 +12,7 @@ import "./AuthenticatorValidateStageWebAuthn";
import "./AuthenticatorValidateStageCode";
import "./AuthenticatorValidateStageDuo";
import { PasswordManagerPrefill } from "../identification/IdentificationStage";
-import { AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
-import { AuthenticatorValidationChallenge } from "authentik-api/dist/models/AuthenticatorValidationChallenge";
+import { AuthenticatorValidationChallenge, AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
export enum DeviceClasses {
STATIC = "static",
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
index b3371079e..941d7367f 100644
--- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
+++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
@@ -13,8 +13,7 @@ import "../../../elements/forms/FormElement";
import "../../../elements/EmptyState";
import { PasswordManagerPrefill } from "../identification/IdentificationStage";
import "../../FormStatic";
-import { AuthenticatorValidationChallenge } from "authentik-api/dist/models/AuthenticatorValidationChallenge";
-import { AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
+import { AuthenticatorValidationChallenge, AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
import { ifDefined } from "lit-html/directives/if-defined";
@customElement("ak-stage-authenticator-validate-code")
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageDuo.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageDuo.ts
index 7d16fcca1..fdfc4c178 100644
--- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageDuo.ts
+++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageDuo.ts
@@ -12,8 +12,7 @@ import { AuthenticatorValidateStage } from "./AuthenticatorValidateStage";
import "../../../elements/forms/FormElement";
import "../../../elements/EmptyState";
import "../../FormStatic";
-import { AuthenticatorValidationChallenge } from "authentik-api/dist/models/AuthenticatorValidationChallenge";
-import { AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
+import { AuthenticatorValidationChallenge, AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
import { ifDefined } from "lit-html/directives/if-defined";
@customElement("ak-stage-authenticator-validate-duo")
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
index c866ad121..41b11c731 100644
--- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
+++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageWebAuthn.ts
@@ -11,8 +11,7 @@ import { PFSize } from "../../../elements/Spinner";
import { transformAssertionForServer, transformCredentialRequestOptions } from "../authenticator_webauthn/utils";
import { BaseStage } from "../base";
import { AuthenticatorValidateStage } from "./AuthenticatorValidateStage";
-import { AuthenticatorValidationChallenge } from "authentik-api/dist/models/AuthenticatorValidationChallenge";
-import { AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
+import { AuthenticatorValidationChallenge, AuthenticatorValidationChallengeResponseRequest, DeviceChallenge } from "authentik-api";
@customElement("ak-stage-authenticator-validate-webauthn")
export class AuthenticatorValidateStageWebAuthn extends BaseStage {
diff --git a/web/src/flows/stages/autosubmit/AutosubmitStage.ts b/web/src/flows/stages/autosubmit/AutosubmitStage.ts
index a97d7ccc1..87578eeef 100644
--- a/web/src/flows/stages/autosubmit/AutosubmitStage.ts
+++ b/web/src/flows/stages/autosubmit/AutosubmitStage.ts
@@ -9,8 +9,7 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
import AKGlobal from "../../../authentik.css";
import { BaseStage } from "../base";
import "../../../elements/EmptyState";
-import { AutosubmitChallenge } from "authentik-api";
-import { AutoSubmitChallengeResponseRequest } from "authentik-api/dist/models/AutoSubmitChallengeResponseRequest";
+import { AutosubmitChallenge, AutoSubmitChallengeResponseRequest } from "authentik-api";
@customElement("ak-stage-autosubmit")
export class AutosubmitStage extends BaseStage {
diff --git a/web/src/locales/en.po b/web/src/locales/en.po
index 6cf58af8c..a4ff46ed9 100644
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@@ -698,6 +698,10 @@ msgstr "Configure how long refresh tokens and their id_tokens are valid for."
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
+#: src/pages/flows/StageBindingForm.ts
+msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgstr "Configure how the flow executor should handle an invalid response to a challenge."
+
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Configure how the issuer field of the ID Token should be filled."
msgstr "Configure how the issuer field of the ID Token should be filled."
@@ -941,6 +945,10 @@ msgstr "Create User"
msgid "Create provider"
msgstr "Create provider"
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Create users as inactive"
+msgstr "Create users as inactive"
+
#: src/pages/applications/ApplicationForm.ts
#: src/pages/flows/BoundStagesList.ts
#: src/pages/outposts/ServiceConnectionListPage.ts
@@ -1372,8 +1380,8 @@ msgid "Evaluate policies before the Stage is present to the user."
msgstr "Evaluate policies before the Stage is present to the user."
#: src/pages/flows/StageBindingForm.ts
-msgid "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with this option disabled, policies are **not** evaluated."
-msgstr "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with this option disabled, policies are **not** evaluated."
+msgid "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated."
+msgstr "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated."
#: src/pages/events/EventListPage.ts
msgid "Event Log"
@@ -1451,9 +1459,14 @@ msgid "Explicit Consent"
msgstr "Explicit Consent"
#: src/pages/flows/FlowListPage.ts
+#: src/pages/flows/FlowViewPage.ts
msgid "Export"
msgstr "Export"
+#: src/pages/flows/FlowViewPage.ts
+msgid "Export flow"
+msgstr "Export flow"
+
#: src/pages/events/EventInfo.ts
#: src/pages/policies/expression/ExpressionPolicyForm.ts
#: src/pages/property-mappings/PropertyMappingLDAPForm.ts
@@ -1876,6 +1889,10 @@ msgstr "Internal host"
msgid "Internal host SSL Validation"
msgstr "Internal host SSL Validation"
+#: src/pages/flows/StageBindingForm.ts
+msgid "Invalid response action"
+msgstr "Invalid response action"
+
#: src/pages/flows/FlowForm.ts
msgid "Invalidation"
msgstr "Invalidation"
@@ -2138,6 +2155,10 @@ msgstr "Logs"
msgid "Long-running operations which authentik executes in the background."
msgstr "Long-running operations which authentik executes in the background."
+#: src/pages/stages/user_write/UserWriteStageForm.ts
+msgid "Mark newly created users as inactive."
+msgstr "Mark newly created users as inactive."
+
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts
msgid "Match created events with this action type. When left empty, all action types will be matched."
msgstr "Match created events with this action type. When left empty, all action types will be matched."
@@ -2842,6 +2863,18 @@ msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
msgid "Publisher"
msgstr "Publisher"
+#: src/pages/flows/StageBindingForm.ts
+msgid "RESTART restarts the flow from the beginning, while keeping the flow context."
+msgstr "RESTART restarts the flow from the beginning, while keeping the flow context."
+
+#: src/pages/flows/StageBindingForm.ts
+msgid "RESTART restarts the flow from the beginning."
+msgstr "RESTART restarts the flow from the beginning."
+
+#: src/pages/flows/StageBindingForm.ts
+msgid "RETRY returns the error message and a similar challenge to the executor."
+msgstr "RETRY returns the error message and a similar challenge to the executor."
+
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "RS256 (Asymmetric Encryption)"
msgstr "RS256 (Asymmetric Encryption)"
@@ -3359,6 +3392,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri
#: src/pages/stages/password/PasswordStageForm.ts
#: src/pages/stages/prompt/PromptStageForm.ts
#: src/pages/stages/user_login/UserLoginStageForm.ts
+#: src/pages/stages/user_write/UserWriteStageForm.ts
msgid "Stage-specific settings"
msgstr "Stage-specific settings"
@@ -3816,6 +3850,16 @@ msgstr "The external URL you'll authenticate at. Can be the same domain as authe
msgid "The following objects use {objName}"
msgstr "The following objects use {objName}"
+#: src/pages/policies/reputation/ReputationPolicyForm.ts
+msgid ""
+"The policy passes when the reputation score is above the threshold, and\n"
+"doesn't pass when either or both of the selected options are equal or less than the\n"
+"threshold."
+msgstr ""
+"The policy passes when the reputation score is above the threshold, and\n"
+"doesn't pass when either or both of the selected options are equal or less than the\n"
+"threshold."
+
#: src/pages/policies/dummy/DummyPolicyForm.ts
msgid "The policy takes a random time to execute. This controls the minimum time it will take."
msgstr "The policy takes a random time to execute. This controls the minimum time it will take."
diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po
index e814e6791..b5dab2646 100644
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@@ -692,6 +692,10 @@ msgstr ""
msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
msgstr ""
+#:
+msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgstr ""
+
#:
msgid "Configure how the issuer field of the ID Token should be filled."
msgstr ""
@@ -935,6 +939,10 @@ msgstr ""
msgid "Create provider"
msgstr ""
+#:
+msgid "Create users as inactive"
+msgstr ""
+
#:
#:
#:
@@ -1364,7 +1372,7 @@ msgid "Evaluate policies before the Stage is present to the user."
msgstr ""
#:
-msgid "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with this option disabled, policies are **not** evaluated."
+msgid "Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated."
msgstr ""
#:
@@ -1442,10 +1450,15 @@ msgstr ""
msgid "Explicit Consent"
msgstr ""
+#:
#:
msgid "Export"
msgstr ""
+#:
+msgid "Export flow"
+msgstr ""
+
#:
#:
#:
@@ -1868,6 +1881,10 @@ msgstr ""
msgid "Internal host SSL Validation"
msgstr ""
+#:
+msgid "Invalid response action"
+msgstr ""
+
#:
msgid "Invalidation"
msgstr ""
@@ -2130,6 +2147,10 @@ msgstr ""
msgid "Long-running operations which authentik executes in the background."
msgstr ""
+#:
+msgid "Mark newly created users as inactive."
+msgstr ""
+
#:
msgid "Match created events with this action type. When left empty, all action types will be matched."
msgstr ""
@@ -2834,6 +2855,18 @@ msgstr ""
msgid "Publisher"
msgstr ""
+#:
+msgid "RESTART restarts the flow from the beginning, while keeping the flow context."
+msgstr ""
+
+#:
+msgid "RESTART restarts the flow from the beginning."
+msgstr ""
+
+#:
+msgid "RETRY returns the error message and a similar challenge to the executor."
+msgstr ""
+
#:
msgid "RS256 (Asymmetric Encryption)"
msgstr ""
@@ -3351,6 +3384,7 @@ msgstr ""
#:
#:
#:
+#:
msgid "Stage-specific settings"
msgstr ""
@@ -3808,6 +3842,13 @@ msgstr ""
msgid "The following objects use {objName}"
msgstr ""
+#:
+msgid ""
+"The policy passes when the reputation score is above the threshold, and\n"
+"doesn't pass when either or both of the selected options are equal or less than the\n"
+"threshold."
+msgstr ""
+
#:
msgid "The policy takes a random time to execute. This controls the minimum time it will take."
msgstr ""
diff --git a/web/src/pages/events/EventInfo.ts b/web/src/pages/events/EventInfo.ts
index 38ca07072..439ff763c 100644
--- a/web/src/pages/events/EventInfo.ts
+++ b/web/src/pages/events/EventInfo.ts
@@ -1,7 +1,7 @@
import { t } from "@lingui/macro";
import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
import { until } from "lit-html/directives/until";
-import { EventMatcherPolicyActionEnum, FlowsApi } from "authentik-api";
+import { EventActions, FlowsApi } from "authentik-api";
import "../../elements/Spinner";
import "../../elements/Expand";
import { PFSize } from "../../elements/Spinner";
@@ -189,14 +189,14 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
return html``;
}
switch (this.event?.action) {
- case EventMatcherPolicyActionEnum.ModelCreated:
- case EventMatcherPolicyActionEnum.ModelUpdated:
- case EventMatcherPolicyActionEnum.ModelDeleted:
+ case EventActions.ModelCreated:
+ case EventActions.ModelUpdated:
+ case EventActions.ModelDeleted:
return html`
${t`Affected model:`}
${this.getModelInfo(this.event.context?.model as EventModel)}
`;
- case EventMatcherPolicyActionEnum.AuthorizeApplication:
+ case EventActions.AuthorizeApplication:
return html`
diff --git a/web/src/pages/flows/StageBindingForm.ts b/web/src/pages/flows/StageBindingForm.ts
index ecce2cd6d..81a4563cc 100644
--- a/web/src/pages/flows/StageBindingForm.ts
+++ b/web/src/pages/flows/StageBindingForm.ts
@@ -1,4 +1,4 @@
-import { FlowsApi, FlowStageBinding, PolicyEngineMode, Stage, StagesApi } from "authentik-api";
+import { FlowsApi, FlowStageBinding, InvalidResponseActionEnum, PolicyEngineMode, Stage, StagesApi } from "authentik-api";
import { t } from "@lingui/macro";
import { customElement, property } from "lit-element";
import { html, TemplateResult } from "lit-html";
@@ -123,7 +123,7 @@ export class StageBindingForm extends ModelForm {
- ${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with this option disabled, policies are **not** evaluated.`}
+ ${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`}
@@ -135,6 +135,23 @@ export class StageBindingForm extends ModelForm {
${t`Evaluate policies before the Stage is present to the user.`}
+
+
+
${t`Configure how the flow executor should handle an invalid response to a challenge.`}
+ {
${t`Allows/denys requests based on the users and/or the IPs reputation.`}
+
+ ${t`The policy passes when the reputation score is above the threshold, and
+ doesn't pass when either or both of the selected options are equal or less than the
+ threshold.`}
+