From 4ff3bc59b7a8dfddfd25ad345fb1a497ce6245ae Mon Sep 17 00:00:00 2001 From: Ernie Date: Mon, 16 Aug 2021 11:31:33 -0400 Subject: [PATCH 01/40] website/docs: Fixed two typos in Wordpress integration (#1264) * Create index.mdx Add Wekan example * updated to include wekan entry * Update and rename website/docs/sources.md to website/docs/sources/index.md Break Sources into individual pages. * Update and rename website/docs/sources/index.md to website/docs/sources/ldap/index.md * Create index.md * Update index.md * Update index.md * Create index.md * Create index.md * Create index.md * Update index.md * Update index.md * Update index.md * Create index.md * discord images * spacing * Added discord * discord changes * Added sources breakdown to the sidebar * Fixed the saml title * Added github examples * fixed formatting * Changed file path, updated sidebar, added google. * fixed a spelling mistake * Cleaned up formatting * Fixed Notes * docs: fix typo in logout url * docs: added wordpress integration * docs: fixed two typos for wordpress --- website/docs/integrations/services/wordpress/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/integrations/services/wordpress/index.md b/website/docs/integrations/services/wordpress/index.md index 466055b72..fb1580f9e 100644 --- a/website/docs/integrations/services/wordpress/index.md +++ b/website/docs/integrations/services/wordpress/index.md @@ -45,11 +45,11 @@ Assumption is being made that you have successfully downloaded and activated the In Wordpress, under _Settings_, Select _OpenID Connect Client_ -::note +:::note Only settings that have been modified from default have been listed. ::: -- Login Type: OpenID Connect Button of Login (This option display a button to login using OpenID as well as local WP login) +- Login Type: OpenID Connect Button on Login (This option display a button to login using OpenID as well as local WP login) - Client ID: Client ID from step 1 - Client Secret: Client Secret from step 1 - OpenID Scope: `email profile openid` From bca59a2b5a0e4dc9c773a355d8729d8036298a84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:03:17 +0200 Subject: [PATCH 02/40] build(deps): bump boto3 from 1.18.21 to 1.18.22 (#1270) --- Pipfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 770a4a75f..e6f7fb96a 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:00748c760dc30be61c6db4b092718f6a9f8d27c767da0e232695a65adb75cde8", - "sha256:59b6e8e79b2114e21388288a06a004f2a9378b1e0fc58466a35da8fb74fe2dd8" + "sha256:6cc7011cb857fecee54884ff344d6b793cd22af51142f715706c757d26d02bb1", + "sha256:7405ae77ce4f2151fae1b542183f9c0f7ffb57c288b1f152819cfcb88e9cf297" ], "index": "pypi", - "version": "==1.18.21" + "version": "==1.18.22" }, "botocore": { "hashes": [ - "sha256:12cfe74b0a5c44afb34bdd86c1f8ad74bc2ad9ec168eaed9040ef70cb3db944f", - "sha256:fa5ac13829d24fcdd385e82c3b6d78e22d93f427cca8dac38158cae84a8cc2f5" + "sha256:9c133caab58b04b4a9ab3f6523cc61cf815c1a5fde7b5ee279eefa48dc3a01d1", + "sha256:9df7a84840bcea10eb68f816d562c77656ec253a3a0dc3724e7e9ac086656e28" ], "markers": "python_version >= '3.6'", - "version": "==1.21.21" + "version": "==1.21.22" }, "cachetools": { "hashes": [ @@ -487,11 +487,11 @@ }, "google-auth": { "hashes": [ - "sha256:bd6aa5916970a823e76ffb3d5c3ad3f0bedafca0a7fa53bc15149ab21cb71e05", - "sha256:f1094088bae046fb06f3d1a3d7df14717e8d959e9105b79c57725bd4e17597a2" + "sha256:997516b42ecb5b63e8d80f5632c1a61dddf41d2a4c2748057837e06e00014258", + "sha256:b7033be9028c188ee30200b204ea00ed82ea1162e8ac1df4aa6ded19a191d88e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.34.0" + "version": "==1.35.0" }, "gunicorn": { "hashes": [ From 31422c6836977dd43702e12bc369e49d46352de7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:04:05 +0200 Subject: [PATCH 03/40] build(deps): bump kubernetes from 17.17.0 to 18.20.0 (#1269) --- Pipfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index e6f7fb96a..e6ca41b2f 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -630,11 +630,11 @@ }, "kubernetes": { "hashes": [ - "sha256:225a95a0aadbd5b645ab389d941a7980db8cdad2a776fde64d1b43fc3299bde9", - "sha256:c69b318696ba797dcf63eb928a8d4370c52319f4140023c502d7dfdf2080eb79" + "sha256:0c72d00e7883375bd39ae99758425f5e6cb86388417cf7cc84305c211b2192cf", + "sha256:ff31ec17437293e7d4e1459f1228c42d27c7724dfb56b4868aba7a901a5b72c9" ], "index": "pypi", - "version": "==17.17.0" + "version": "==18.20.0" }, "ldap3": { "hashes": [ @@ -1579,7 +1579,7 @@ "sha256:9c2ea1e62d871267b78307fe511c0838ba0da28698c5732d54e2790bf3ba9899", "sha256:e17d6e2b81095c9db0a03a8025a957f334d6ea30b26f9ec70805411e5c7c81f2" ], - "markers": "python_version < '4' and python_full_version >= '3.6.1'", + "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", "version": "==5.9.3" }, "lazy-object-proxy": { From 373d94635f6e01555bcb4677d77e922392a4b75c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:04:19 +0200 Subject: [PATCH 04/40] build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.0 to 3.4.1 (#1268) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1f6fd7938..287cbf3c0 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/coreos/go-oidc v2.2.1+incompatible github.com/getsentry/sentry-go v0.11.0 - github.com/go-ldap/ldap/v3 v3.4.0 + github.com/go-ldap/ldap/v3 v3.4.1 github.com/go-openapi/analysis v0.20.1 // indirect github.com/go-openapi/errors v0.20.0 // indirect github.com/go-openapi/runtime v0.19.30 diff --git a/go.sum b/go.sum index 6d3ac0d37..8b8c2e53a 100644 --- a/go.sum +++ b/go.sum @@ -150,8 +150,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.4.0 h1:wCttA0dcqAOygfOabqYhQPXKGG9ws8az3FBM8+GAhDs= -github.com/go-ldap/ldap/v3 v3.4.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= +github.com/go-ldap/ldap/v3 v3.4.1 h1:fU/0xli6HY02ocbMuozHAYsaHLcnkLjvho2r5a34BUU= +github.com/go-ldap/ldap/v3 v3.4.1/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= From ee54a8b33d9cccf10622912544d951ee69d2b0a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:04:27 +0200 Subject: [PATCH 05/40] build(deps): bump @typescript-eslint/eslint-plugin in /web (#1266) --- web/package-lock.json | 262 +++++++++++++++++++++++++++++++++++++----- web/package.json | 2 +- 2 files changed, 235 insertions(+), 29 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 74498d2b3..6af11a9da 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -29,7 +29,7 @@ "@types/chart.js": "^2.9.34", "@types/codemirror": "5.60.2", "@types/grecaptcha": "^3.0.3", - "@typescript-eslint/eslint-plugin": "^4.29.1", + "@typescript-eslint/eslint-plugin": "^4.29.2", "@typescript-eslint/parser": "^4.29.1", "@webcomponents/webcomponentsjs": "^2.6.0", "authentik-api": "file:api", @@ -67,8 +67,8 @@ }, "api": { "name": "authentik-api", - "version": "1.0.0", - "devDependencies": { + "version": "0.0.1", + "dependencies": { "typescript": "^3.9.5" } }, @@ -76,7 +76,6 @@ "version": "3.9.9", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz", "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==", - "dev": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -2609,12 +2608,12 @@ "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.29.1.tgz", - "integrity": "sha512-AHqIU+SqZZgBEiWOrtN94ldR3ZUABV5dUG94j8Nms9rQnHFc8fvDOue/58K4CFz6r8OtDDc35Pw9NQPWo0Ayrw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.29.2.tgz", + "integrity": "sha512-x4EMgn4BTfVd9+Z+r+6rmWxoAzBaapt4QFqE+d8L8sUtYZYLDTK6VG/y/SMMWA5t1/BVU5Kf+20rX4PtWzUYZg==", "dependencies": { - "@typescript-eslint/experimental-utils": "4.29.1", - "@typescript-eslint/scope-manager": "4.29.1", + "@typescript-eslint/experimental-utils": "4.29.2", + "@typescript-eslint/scope-manager": "4.29.2", "debug": "^4.3.1", "functional-red-black-tree": "^1.0.1", "regexpp": "^3.1.0", @@ -2638,15 +2637,59 @@ } } }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", + "dependencies": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==", + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", + "dependencies": { + "@typescript-eslint/types": "4.29.2", + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/experimental-utils": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.29.1.tgz", - "integrity": "sha512-kl6QG6qpzZthfd2bzPNSJB2YcZpNOrP6r9jueXupcZHnL74WiuSjaft7WSu17J9+ae9zTlk0KJMXPUj0daBxMw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.29.2.tgz", + "integrity": "sha512-P6mn4pqObhftBBPAv4GQtEK7Yos1fz/MlpT7+YjH9fTxZcALbiiPKuSIfYP/j13CeOjfq8/fr9Thr2glM9ub7A==", "dependencies": { "@types/json-schema": "^7.0.7", - "@typescript-eslint/scope-manager": "4.29.1", - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/typescript-estree": "4.29.1", + "@typescript-eslint/scope-manager": "4.29.2", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/typescript-estree": "4.29.2", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, @@ -2661,6 +2704,76 @@ "eslint": "*" } }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", + "dependencies": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==", + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", + "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", + "dependencies": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2", + "debug": "^4.3.1", + "globby": "^11.0.3", + "is-glob": "^4.0.1", + "semver": "^7.3.5", + "tsutils": "^3.21.0" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", + "dependencies": { + "@typescript-eslint/types": "4.29.2", + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^8.10.0 || ^10.13.0 || >=11.10.1" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -2678,6 +2791,25 @@ "eslint": ">=5" } }, + "node_modules/@typescript-eslint/experimental-utils/node_modules/globby": { + "version": "11.0.4", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", + "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.1.1", + "ignore": "^5.1.4", + "merge2": "^1.3.0", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/@typescript-eslint/parser": { "version": "4.29.1", "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.29.1.tgz", @@ -9986,32 +10118,94 @@ "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==" }, "@typescript-eslint/eslint-plugin": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.29.1.tgz", - "integrity": "sha512-AHqIU+SqZZgBEiWOrtN94ldR3ZUABV5dUG94j8Nms9rQnHFc8fvDOue/58K4CFz6r8OtDDc35Pw9NQPWo0Ayrw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.29.2.tgz", + "integrity": "sha512-x4EMgn4BTfVd9+Z+r+6rmWxoAzBaapt4QFqE+d8L8sUtYZYLDTK6VG/y/SMMWA5t1/BVU5Kf+20rX4PtWzUYZg==", "requires": { - "@typescript-eslint/experimental-utils": "4.29.1", - "@typescript-eslint/scope-manager": "4.29.1", + "@typescript-eslint/experimental-utils": "4.29.2", + "@typescript-eslint/scope-manager": "4.29.2", "debug": "^4.3.1", "functional-red-black-tree": "^1.0.1", "regexpp": "^3.1.0", "semver": "^7.3.5", "tsutils": "^3.21.0" + }, + "dependencies": { + "@typescript-eslint/scope-manager": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", + "requires": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" + } + }, + "@typescript-eslint/types": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==" + }, + "@typescript-eslint/visitor-keys": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", + "requires": { + "@typescript-eslint/types": "4.29.2", + "eslint-visitor-keys": "^2.0.0" + } + } } }, "@typescript-eslint/experimental-utils": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.29.1.tgz", - "integrity": "sha512-kl6QG6qpzZthfd2bzPNSJB2YcZpNOrP6r9jueXupcZHnL74WiuSjaft7WSu17J9+ae9zTlk0KJMXPUj0daBxMw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.29.2.tgz", + "integrity": "sha512-P6mn4pqObhftBBPAv4GQtEK7Yos1fz/MlpT7+YjH9fTxZcALbiiPKuSIfYP/j13CeOjfq8/fr9Thr2glM9ub7A==", "requires": { "@types/json-schema": "^7.0.7", - "@typescript-eslint/scope-manager": "4.29.1", - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/typescript-estree": "4.29.1", + "@typescript-eslint/scope-manager": "4.29.2", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/typescript-estree": "4.29.2", "eslint-scope": "^5.1.1", "eslint-utils": "^3.0.0" }, "dependencies": { + "@typescript-eslint/scope-manager": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", + "requires": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" + } + }, + "@typescript-eslint/types": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==" + }, + "@typescript-eslint/typescript-estree": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", + "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", + "requires": { + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2", + "debug": "^4.3.1", + "globby": "^11.0.3", + "is-glob": "^4.0.1", + "semver": "^7.3.5", + "tsutils": "^3.21.0" + } + }, + "@typescript-eslint/visitor-keys": { + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", + "requires": { + "@typescript-eslint/types": "4.29.2", + "eslint-visitor-keys": "^2.0.0" + } + }, "eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -10019,6 +10213,19 @@ "requires": { "eslint-visitor-keys": "^2.0.0" } + }, + "globby": { + "version": "11.0.4", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", + "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", + "requires": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.1.1", + "ignore": "^5.1.4", + "merge2": "^1.3.0", + "slash": "^3.0.0" + } } } }, @@ -10231,8 +10438,7 @@ "typescript": { "version": "3.9.9", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.9.tgz", - "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==", - "dev": true + "integrity": "sha512-kdMjTiekY+z/ubJCATUPlRDl39vXYiMV9iyeMuEuXZh2we6zz80uovNN2WlAxmmdE/Z/YQe+EbOEXB5RHEED3w==" } } }, diff --git a/web/package.json b/web/package.json index 0cd43ff5f..764b0b013 100644 --- a/web/package.json +++ b/web/package.json @@ -60,7 +60,7 @@ "@types/chart.js": "^2.9.34", "@types/codemirror": "5.60.2", "@types/grecaptcha": "^3.0.3", - "@typescript-eslint/eslint-plugin": "^4.29.1", + "@typescript-eslint/eslint-plugin": "^4.29.2", "@typescript-eslint/parser": "^4.29.1", "@webcomponents/webcomponentsjs": "^2.6.0", "authentik-api": "file:api", From 8c943e187b58b5f9a95235523d68f361a983141a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:04:49 +0200 Subject: [PATCH 06/40] build(deps): bump golang from 1.16.7 to 1.17.0 (#1265) --- Dockerfile | 2 +- ldap.Dockerfile | 2 +- proxy.Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index f60183057..f079270f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,7 +54,7 @@ ENV NODE_ENV=production RUN cd /static && npm i && npm run build # Stage 5: Build go proxy -FROM golang:1.16.7 AS builder +FROM golang:1.17.0 AS builder WORKDIR /work diff --git a/ldap.Dockerfile b/ldap.Dockerfile index 5e6edb8c0..193bb604c 100644 --- a/ldap.Dockerfile +++ b/ldap.Dockerfile @@ -14,7 +14,7 @@ RUN docker-entrypoint.sh generate \ rm -f /local/api/go.mod /local/api/go.sum # Stage 2: Build -FROM golang:1.16.7 AS builder +FROM golang:1.17.0 AS builder WORKDIR /go/src/goauthentik.io diff --git a/proxy.Dockerfile b/proxy.Dockerfile index 073e71ebd..df48d274f 100644 --- a/proxy.Dockerfile +++ b/proxy.Dockerfile @@ -14,7 +14,7 @@ RUN docker-entrypoint.sh generate \ rm -f /local/api/go.mod /local/api/go.sum # Stage 2: Build -FROM golang:1.16.7 AS builder +FROM golang:1.17.0 AS builder WORKDIR /go/src/goauthentik.io From 065121d280d2eb4e92627ddb94c54e8ebac6c08f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Aug 2021 09:58:35 +0200 Subject: [PATCH 07/40] build(deps): bump @typescript-eslint/parser in /web (#1267) --- web/package-lock.json | 302 +++++++----------------------------------- web/package.json | 2 +- 2 files changed, 48 insertions(+), 256 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 6af11a9da..b302f8262 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -30,7 +30,7 @@ "@types/codemirror": "5.60.2", "@types/grecaptcha": "^3.0.3", "@typescript-eslint/eslint-plugin": "^4.29.2", - "@typescript-eslint/parser": "^4.29.1", + "@typescript-eslint/parser": "^4.29.2", "@webcomponents/webcomponentsjs": "^2.6.0", "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", @@ -2637,50 +2637,6 @@ } } }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", - "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", - "dependencies": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", - "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==", - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", - "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", - "dependencies": { - "@typescript-eslint/types": "4.29.2", - "eslint-visitor-keys": "^2.0.0" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/experimental-utils": { "version": "4.29.2", "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.29.2.tgz", @@ -2704,76 +2660,6 @@ "eslint": "*" } }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", - "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", - "dependencies": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", - "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==", - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", - "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", - "dependencies": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2", - "debug": "^4.3.1", - "globby": "^11.0.3", - "is-glob": "^4.0.1", - "semver": "^7.3.5", - "tsutils": "^3.21.0" - }, - "engines": { - "node": "^10.12.0 || >=12.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", - "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", - "dependencies": { - "@typescript-eslint/types": "4.29.2", - "eslint-visitor-keys": "^2.0.0" - }, - "engines": { - "node": "^8.10.0 || ^10.13.0 || >=11.10.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -2791,33 +2677,14 @@ "eslint": ">=5" } }, - "node_modules/@typescript-eslint/experimental-utils/node_modules/globby": { - "version": "11.0.4", - "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", - "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", - "dependencies": { - "array-union": "^2.1.0", - "dir-glob": "^3.0.1", - "fast-glob": "^3.1.1", - "ignore": "^5.1.4", - "merge2": "^1.3.0", - "slash": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/@typescript-eslint/parser": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.29.1.tgz", - "integrity": "sha512-3fL5iN20hzX3Q4OkG7QEPFjZV2qsVGiDhEwwh+EkmE/w7oteiOvUNzmpu5eSwGJX/anCryONltJ3WDmAzAoCMg==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.29.2.tgz", + "integrity": "sha512-WQ6BPf+lNuwteUuyk1jD/aHKqMQ9jrdCn7Gxt9vvBnzbpj7aWEf+aZsJ1zvTjx5zFxGCt000lsbD9tQPEL8u6g==", "dependencies": { - "@typescript-eslint/scope-manager": "4.29.1", - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/typescript-estree": "4.29.1", + "@typescript-eslint/scope-manager": "4.29.2", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/typescript-estree": "4.29.2", "debug": "^4.3.1" }, "engines": { @@ -2837,12 +2704,12 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.1.tgz", - "integrity": "sha512-Hzv/uZOa9zrD/W5mftZa54Jd5Fed3tL6b4HeaOpwVSabJK8CJ+2MkDasnX/XK4rqP5ZTWngK1ZDeCi6EnxPQ7A==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", "dependencies": { - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/visitor-keys": "4.29.1" + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" }, "engines": { "node": "^8.10.0 || ^10.13.0 || >=11.10.1" @@ -2853,9 +2720,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.1.tgz", - "integrity": "sha512-Jj2yu78IRfw4nlaLtKjVaGaxh/6FhofmQ/j8v3NXmAiKafbIqtAPnKYrf0sbGjKdj0hS316J8WhnGnErbJ4RCA==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==", "engines": { "node": "^8.10.0 || ^10.13.0 || >=11.10.1" }, @@ -2865,12 +2732,12 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.1.tgz", - "integrity": "sha512-lIkkrR9E4lwZkzPiRDNq0xdC3f2iVCUjw/7WPJ4S2Sl6C3nRWkeE1YXCQ0+KsiaQRbpY16jNaokdWnm9aUIsfw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", + "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", "dependencies": { - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/visitor-keys": "4.29.1", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2", "debug": "^4.3.1", "globby": "^11.0.3", "is-glob": "^4.0.1", @@ -2910,11 +2777,11 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.1.tgz", - "integrity": "sha512-zLqtjMoXvgdZY/PG6gqA73V8BjqPs4af1v2kiiETBObp+uC6gRYnJLmJHxC0QyUrrHDLJPIWNYxoBV3wbcRlag==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", "dependencies": { - "@typescript-eslint/types": "4.29.1", + "@typescript-eslint/types": "4.29.2", "eslint-visitor-keys": "^2.0.0" }, "engines": { @@ -10129,31 +9996,6 @@ "regexpp": "^3.1.0", "semver": "^7.3.5", "tsutils": "^3.21.0" - }, - "dependencies": { - "@typescript-eslint/scope-manager": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", - "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", - "requires": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2" - } - }, - "@typescript-eslint/types": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", - "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==" - }, - "@typescript-eslint/visitor-keys": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", - "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", - "requires": { - "@typescript-eslint/types": "4.29.2", - "eslint-visitor-keys": "^2.0.0" - } - } } }, "@typescript-eslint/experimental-utils": { @@ -10169,43 +10011,6 @@ "eslint-utils": "^3.0.0" }, "dependencies": { - "@typescript-eslint/scope-manager": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", - "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", - "requires": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2" - } - }, - "@typescript-eslint/types": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", - "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==" - }, - "@typescript-eslint/typescript-estree": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", - "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", - "requires": { - "@typescript-eslint/types": "4.29.2", - "@typescript-eslint/visitor-keys": "4.29.2", - "debug": "^4.3.1", - "globby": "^11.0.3", - "is-glob": "^4.0.1", - "semver": "^7.3.5", - "tsutils": "^3.21.0" - } - }, - "@typescript-eslint/visitor-keys": { - "version": "4.29.2", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", - "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", - "requires": { - "@typescript-eslint/types": "4.29.2", - "eslint-visitor-keys": "^2.0.0" - } - }, "eslint-utils": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", @@ -10213,54 +10018,41 @@ "requires": { "eslint-visitor-keys": "^2.0.0" } - }, - "globby": { - "version": "11.0.4", - "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.4.tgz", - "integrity": "sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg==", - "requires": { - "array-union": "^2.1.0", - "dir-glob": "^3.0.1", - "fast-glob": "^3.1.1", - "ignore": "^5.1.4", - "merge2": "^1.3.0", - "slash": "^3.0.0" - } } } }, "@typescript-eslint/parser": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.29.1.tgz", - "integrity": "sha512-3fL5iN20hzX3Q4OkG7QEPFjZV2qsVGiDhEwwh+EkmE/w7oteiOvUNzmpu5eSwGJX/anCryONltJ3WDmAzAoCMg==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.29.2.tgz", + "integrity": "sha512-WQ6BPf+lNuwteUuyk1jD/aHKqMQ9jrdCn7Gxt9vvBnzbpj7aWEf+aZsJ1zvTjx5zFxGCt000lsbD9tQPEL8u6g==", "requires": { - "@typescript-eslint/scope-manager": "4.29.1", - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/typescript-estree": "4.29.1", + "@typescript-eslint/scope-manager": "4.29.2", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/typescript-estree": "4.29.2", "debug": "^4.3.1" } }, "@typescript-eslint/scope-manager": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.1.tgz", - "integrity": "sha512-Hzv/uZOa9zrD/W5mftZa54Jd5Fed3tL6b4HeaOpwVSabJK8CJ+2MkDasnX/XK4rqP5ZTWngK1ZDeCi6EnxPQ7A==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.29.2.tgz", + "integrity": "sha512-mfHmvlQxmfkU8D55CkZO2sQOueTxLqGvzV+mG6S/6fIunDiD2ouwsAoiYCZYDDK73QCibYjIZmGhpvKwAB5BOA==", "requires": { - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/visitor-keys": "4.29.1" + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2" } }, "@typescript-eslint/types": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.1.tgz", - "integrity": "sha512-Jj2yu78IRfw4nlaLtKjVaGaxh/6FhofmQ/j8v3NXmAiKafbIqtAPnKYrf0sbGjKdj0hS316J8WhnGnErbJ4RCA==" + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.29.2.tgz", + "integrity": "sha512-K6ApnEXId+WTGxqnda8z4LhNMa/pZmbTFkDxEBLQAbhLZL50DjeY0VIDCml/0Y3FlcbqXZrABqrcKxq+n0LwzQ==" }, "@typescript-eslint/typescript-estree": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.1.tgz", - "integrity": "sha512-lIkkrR9E4lwZkzPiRDNq0xdC3f2iVCUjw/7WPJ4S2Sl6C3nRWkeE1YXCQ0+KsiaQRbpY16jNaokdWnm9aUIsfw==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.29.2.tgz", + "integrity": "sha512-TJ0/hEnYxapYn9SGn3dCnETO0r+MjaxtlWZ2xU+EvytF0g4CqTpZL48SqSNn2hXsPolnewF30pdzR9a5Lj3DNg==", "requires": { - "@typescript-eslint/types": "4.29.1", - "@typescript-eslint/visitor-keys": "4.29.1", + "@typescript-eslint/types": "4.29.2", + "@typescript-eslint/visitor-keys": "4.29.2", "debug": "^4.3.1", "globby": "^11.0.3", "is-glob": "^4.0.1", @@ -10284,11 +10076,11 @@ } }, "@typescript-eslint/visitor-keys": { - "version": "4.29.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.1.tgz", - "integrity": "sha512-zLqtjMoXvgdZY/PG6gqA73V8BjqPs4af1v2kiiETBObp+uC6gRYnJLmJHxC0QyUrrHDLJPIWNYxoBV3wbcRlag==", + "version": "4.29.2", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.29.2.tgz", + "integrity": "sha512-bDgJLQ86oWHJoZ1ai4TZdgXzJxsea3Ee9u9wsTAvjChdj2WLcVsgWYAPeY7RQMn16tKrlQaBnpKv7KBfs4EQag==", "requires": { - "@typescript-eslint/types": "4.29.1", + "@typescript-eslint/types": "4.29.2", "eslint-visitor-keys": "^2.0.0" } }, diff --git a/web/package.json b/web/package.json index 764b0b013..99d643ef2 100644 --- a/web/package.json +++ b/web/package.json @@ -61,7 +61,7 @@ "@types/codemirror": "5.60.2", "@types/grecaptcha": "^3.0.3", "@typescript-eslint/eslint-plugin": "^4.29.2", - "@typescript-eslint/parser": "^4.29.1", + "@typescript-eslint/parser": "^4.29.2", "@webcomponents/webcomponentsjs": "^2.6.0", "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", From 84c45470053dabb0376d2a275b49b99f5b4b0499 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 17 Aug 2021 12:56:38 +0200 Subject: [PATCH 08/40] sources/plex: add API for user connections Signed-off-by: Jens Langhammer --- authentik/api/v2/urls.py | 6 +- authentik/sources/plex/api/__init__.py | 0 .../sources/plex/{api.py => api/source.py} | 0 .../sources/plex/api/source_connection.py | 41 ++ authentik/sources/plex/models.py | 2 +- schema.yml | 695 +++++++++++++----- .../settings/SourceSettingsOAuth.ts | 4 +- 7 files changed, 541 insertions(+), 207 deletions(-) create mode 100644 authentik/sources/plex/api/__init__.py rename authentik/sources/plex/{api.py => api/source.py} (100%) create mode 100644 authentik/sources/plex/api/source_connection.py diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 64ef4de66..43c8899a8 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -58,7 +58,8 @@ from authentik.providers.saml.api import SAMLPropertyMappingViewSet, SAMLProvide from authentik.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet from authentik.sources.oauth.api.source import OAuthSourceViewSet from authentik.sources.oauth.api.source_connection import UserOAuthSourceConnectionViewSet -from authentik.sources.plex.api import PlexSourceViewSet +from authentik.sources.plex.api.source import PlexSourceViewSet +from authentik.sources.plex.api.source_connection import PlexSourceConnectionViewSet from authentik.sources.saml.api import SAMLSourceViewSet from authentik.stages.authenticator_duo.api import ( AuthenticatorDuoStageViewSet, @@ -127,7 +128,8 @@ router.register("events/transports", NotificationTransportViewSet) router.register("events/rules", NotificationRuleViewSet) router.register("sources/all", SourceViewSet) -router.register("sources/oauth_user_connections", UserOAuthSourceConnectionViewSet) +router.register("sources/user_connections/oauth", UserOAuthSourceConnectionViewSet) +router.register("sources/user_connections/plex", PlexSourceConnectionViewSet) router.register("sources/ldap", LDAPSourceViewSet) router.register("sources/saml", SAMLSourceViewSet) router.register("sources/oauth", OAuthSourceViewSet) diff --git a/authentik/sources/plex/api/__init__.py b/authentik/sources/plex/api/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/sources/plex/api.py b/authentik/sources/plex/api/source.py similarity index 100% rename from authentik/sources/plex/api.py rename to authentik/sources/plex/api/source.py diff --git a/authentik/sources/plex/api/source_connection.py b/authentik/sources/plex/api/source_connection.py new file mode 100644 index 000000000..0e793c66d --- /dev/null +++ b/authentik/sources/plex/api/source_connection.py @@ -0,0 +1,41 @@ +"""Plex Source connection Serializer""" +from django_filters.rest_framework import DjangoFilterBackend +from rest_framework import mixins +from rest_framework.filters import OrderingFilter, SearchFilter +from rest_framework.viewsets import GenericViewSet + +from authentik.api.authorization import OwnerFilter, OwnerPermissions +from authentik.core.api.sources import SourceSerializer +from authentik.core.api.used_by import UsedByMixin +from authentik.sources.plex.models import PlexSourceConnection + + +class PlexSourceConnectionSerializer(SourceSerializer): + """Plex Source connection Serializer""" + + class Meta: + model = PlexSourceConnection + fields = [ + "pk", + "user", + "source", + "identifier", + "plex_token", + ] + + +class PlexSourceConnectionViewSet( + mixins.RetrieveModelMixin, + mixins.UpdateModelMixin, + mixins.DestroyModelMixin, + UsedByMixin, + mixins.ListModelMixin, + GenericViewSet, +): + """Plex Source connection Serializer""" + + queryset = PlexSourceConnection.objects.all() + serializer_class = PlexSourceConnectionSerializer + filterset_fields = ["source__slug"] + permission_classes = [OwnerPermissions] + filter_backends = [OwnerFilter, DjangoFilterBackend, OrderingFilter, SearchFilter] diff --git a/authentik/sources/plex/models.py b/authentik/sources/plex/models.py index fe215b467..56592d94e 100644 --- a/authentik/sources/plex/models.py +++ b/authentik/sources/plex/models.py @@ -56,7 +56,7 @@ class PlexSource(Source): @property def serializer(self) -> BaseSerializer: - from authentik.sources.plex.api import PlexSourceSerializer + from authentik.sources.plex.api.source import PlexSourceSerializer return PlexSourceSerializer diff --git a/schema.yml b/schema.yml index e1a57ceae..fbe0b454c 100644 --- a/schema.yml +++ b/schema.yml @@ -13197,208 +13197,6 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' - /api/v2beta/sources/oauth_user_connections/: - get: - operationId: sources_oauth_user_connections_list - description: Source Viewset - parameters: - - name: ordering - required: false - in: query - description: Which field to use when ordering the results. - schema: - type: string - - name: page - required: false - in: query - description: A page number within the paginated result set. - schema: - type: integer - - name: page_size - required: false - in: query - description: Number of results to return per page. - schema: - type: integer - - name: search - required: false - in: query - description: A search term. - schema: - type: string - - in: query - name: source__slug - schema: - type: string - tags: - - sources - security: - - authentik: [] - - cookieAuth: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList' - description: '' - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' - /api/v2beta/sources/oauth_user_connections/{id}/: - get: - operationId: sources_oauth_user_connections_retrieve - description: Source Viewset - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this User OAuth Source Connection. - required: true - tags: - - sources - security: - - authentik: [] - - cookieAuth: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnection' - description: '' - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' - put: - operationId: sources_oauth_user_connections_update - description: Source Viewset - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this User OAuth Source Connection. - required: true - tags: - - sources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' - application/x-www-form-urlencoded: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' - multipart/form-data: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' - required: true - security: - - authentik: [] - - cookieAuth: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnection' - description: '' - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' - patch: - operationId: sources_oauth_user_connections_partial_update - description: Source Viewset - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this User OAuth Source Connection. - required: true - tags: - - sources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' - application/x-www-form-urlencoded: - schema: - $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' - multipart/form-data: - schema: - $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' - security: - - authentik: [] - - cookieAuth: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/UserOAuthSourceConnection' - description: '' - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' - delete: - operationId: sources_oauth_user_connections_destroy - description: Source Viewset - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this User OAuth Source Connection. - required: true - tags: - - sources - security: - - authentik: [] - - cookieAuth: [] - responses: - '204': - description: No response body - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' - /api/v2beta/sources/oauth_user_connections/{id}/used_by/: - get: - operationId: sources_oauth_user_connections_used_by_list - description: Get a list of all objects that use this object - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this User OAuth Source Connection. - required: true - tags: - - sources - security: - - authentik: [] - - cookieAuth: [] - responses: - '200': - content: - application/json: - schema: - type: array - items: - $ref: '#/components/schemas/UsedBy' - description: '' - '400': - $ref: '#/components/schemas/ValidationError' - '403': - $ref: '#/components/schemas/GenericError' /api/v2beta/sources/plex/: get: operationId: sources_plex_list @@ -14110,6 +13908,410 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/oauth/: + get: + operationId: sources_user_connections_oauth_list + description: Source Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedUserOAuthSourceConnectionList' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/oauth/{id}/: + get: + operationId: sources_user_connections_oauth_retrieve + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + put: + operationId: sources_user_connections_oauth_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnectionRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + patch: + operationId: sources_user_connections_oauth_partial_update + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/PatchedUserOAuthSourceConnectionRequest' + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UserOAuthSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + delete: + operationId: sources_user_connections_oauth_destroy + description: Source Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '204': + description: No response body + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/oauth/{id}/used_by/: + get: + operationId: sources_user_connections_oauth_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User OAuth Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/plex/: + get: + operationId: sources_user_connections_plex_list + description: Plex Source connection Serializer + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + - in: query + name: source__slug + schema: + type: string + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedPlexSourceConnectionList' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/plex/{id}/: + get: + operationId: sources_user_connections_plex_retrieve + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + put: + operationId: sources_user_connections_plex_update + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnectionRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/PlexSourceConnectionRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/PlexSourceConnectionRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + patch: + operationId: sources_user_connections_plex_partial_update + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/PatchedPlexSourceConnectionRequest' + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PlexSourceConnection' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + delete: + operationId: sources_user_connections_plex_destroy + description: Plex Source connection Serializer + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '204': + description: No response body + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + /api/v2beta/sources/user_connections/plex/{id}/used_by/: + get: + operationId: sources_user_connections_plex_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this User Plex Source Connection. + required: true + tags: + - sources + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' /api/v2beta/stages/all/: get: operationId: stages_all_list @@ -24767,6 +24969,41 @@ components: required: - pagination - results + PaginatedPlexSourceConnectionList: + type: object + properties: + pagination: + type: object + properties: + next: + type: number + previous: + type: number + count: + type: number + current: + type: number + total_pages: + type: number + start_index: + type: number + end_index: + type: number + required: + - next + - previous + - count + - current + - total_pages + - start_index + - end_index + results: + type: array + items: + $ref: '#/components/schemas/PlexSourceConnection' + required: + - pagination + - results PaginatedPlexSourceList: type: object properties: @@ -27099,6 +27336,19 @@ components: minimum: -2147483648 description: How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + PatchedPlexSourceConnectionRequest: + type: object + description: Plex Source connection Serializer + properties: + user: + type: integer + source: + type: string + format: uuid + identifier: + type: string + plex_token: + type: string PatchedPlexSourceRequest: type: object description: Plex Source Serializer @@ -27775,6 +28025,47 @@ components: - slug - verbose_name - verbose_name_plural + PlexSourceConnection: + type: object + description: Plex Source connection Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + user: + type: integer + source: + type: string + format: uuid + identifier: + type: string + plex_token: + type: string + required: + - identifier + - pk + - plex_token + - source + - user + PlexSourceConnectionRequest: + type: object + description: Plex Source connection Serializer + properties: + user: + type: integer + source: + type: string + format: uuid + identifier: + type: string + plex_token: + type: string + required: + - identifier + - plex_token + - source + - user PlexSourceRequest: type: object description: Plex Source Serializer diff --git a/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts b/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts index b64b36922..83a86a6a6 100644 --- a/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts +++ b/web/src/pages/user-settings/settings/SourceSettingsOAuth.ts @@ -21,7 +21,7 @@ export class SourceSettingsOAuth extends BaseUserSettings { renderInner(): TemplateResult { return html`${until( new SourcesApi(DEFAULT_CONFIG) - .sourcesOauthUserConnectionsList({ + .sourcesUserConnectionsOauthList({ sourceSlug: this.objectId, }) .then((connection) => { @@ -32,7 +32,7 @@ export class SourceSettingsOAuth extends BaseUserSettings { @click=${() => { return new SourcesApi( DEFAULT_CONFIG, - ).sourcesOauthUserConnectionsDestroy({ + ).sourcesUserConnectionsOauthDestroy({ id: connection.results[0].pk || 0, }); }} From 495b068be5823dfe82d318f064eeae4dfc9ac610 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 17 Aug 2021 13:02:35 +0200 Subject: [PATCH 09/40] web: add plex connection deletion support Signed-off-by: Jens Langhammer --- authentik/sources/plex/models.py | 12 ++++- .../pages/user-settings/UserSettingsPage.ts | 7 +++ .../settings/SourceSettingsPlex.ts | 46 +++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 web/src/pages/user-settings/settings/SourceSettingsPlex.ts diff --git a/authentik/sources/plex/models.py b/authentik/sources/plex/models.py index 56592d94e..feaed1f3d 100644 --- a/authentik/sources/plex/models.py +++ b/authentik/sources/plex/models.py @@ -1,4 +1,5 @@ """Plex source""" +from typing import Optional from django.contrib.postgres.fields import ArrayField from django.db import models from django.templatetags.static import static @@ -7,7 +8,7 @@ from rest_framework.fields import CharField from rest_framework.serializers import BaseSerializer from authentik.core.models import Source, UserSourceConnection -from authentik.core.types import UILoginButton +from authentik.core.types import UILoginButton, UserSettingSerializer from authentik.flows.challenge import Challenge, ChallengeResponse, ChallengeTypes from authentik.providers.oauth2.generators import generate_client_id @@ -75,6 +76,15 @@ class PlexSource(Source): name=self.name, ) + @property + def ui_user_settings(self) -> Optional[UserSettingSerializer]: + return UserSettingSerializer( + data={ + "title": f"Plex {self.name}", + "component": "ak-user-settings-source-plex", + } + ) + class Meta: verbose_name = _("Plex Source") diff --git a/web/src/pages/user-settings/UserSettingsPage.ts b/web/src/pages/user-settings/UserSettingsPage.ts index 9784f2ef4..88d975e6c 100644 --- a/web/src/pages/user-settings/UserSettingsPage.ts +++ b/web/src/pages/user-settings/UserSettingsPage.ts @@ -27,6 +27,7 @@ import "./settings/UserSettingsAuthenticatorTOTP"; import "./settings/UserSettingsAuthenticatorWebAuthn"; import "./settings/UserSettingsPassword"; import "./settings/SourceSettingsOAuth"; +import "./settings/SourceSettingsPlex"; import { EVENT_REFRESH } from "../../constants"; @customElement("ak-user-settings") @@ -112,6 +113,12 @@ export class UserSettingsPage extends LitElement { .configureUrl=${source.configureUrl} > `; + case "ak-user-settings-source-plex": + return html` + `; default: return html`

${t`Error: unsupported source settings: ${source.component}`}

`; } diff --git a/web/src/pages/user-settings/settings/SourceSettingsPlex.ts b/web/src/pages/user-settings/settings/SourceSettingsPlex.ts new file mode 100644 index 000000000..767cc5bda --- /dev/null +++ b/web/src/pages/user-settings/settings/SourceSettingsPlex.ts @@ -0,0 +1,46 @@ +import { customElement, html, property, TemplateResult } from "lit-element"; +import { BaseUserSettings } from "./BaseUserSettings"; +import { SourcesApi } from "authentik-api"; +import { until } from "lit-html/directives/until"; +import { DEFAULT_CONFIG } from "../../../api/Config"; +import { t } from "@lingui/macro"; + +@customElement("ak-user-settings-source-plex") +export class SourceSettingsPlex extends BaseUserSettings { + @property() + title!: string; + + render(): TemplateResult { + return html`
+
${t`Source ${this.title}`}
+
${this.renderInner()}
+
`; + } + + renderInner(): TemplateResult { + return html`${until( + new SourcesApi(DEFAULT_CONFIG) + .sourcesUserConnectionsPlexList({ + sourceSlug: this.objectId, + }) + .then((connection) => { + if (connection.results.length > 0) { + return html`

${t`Connected.`}

+ `; + } + return html`

${t`Not connected.`}

`; + }), + )}`; + } +} From 6f06ba06d0a03383c73a35eac55bea2c7098f424 Mon Sep 17 00:00:00 2001 From: Julian Date: Tue, 17 Aug 2021 13:29:25 +0200 Subject: [PATCH 10/40] website/docs: fixed a typo and pronounce problem (#1271) --- website/docs/installation/docker-compose.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index 3c9cccbe3..c09a3c9f3 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -92,10 +92,10 @@ The docker-compose project contains the following containers: - worker - This container executes backgorund tasks, everything you can see on the *System Tasks* page in the frontend. + This container executes background tasks, everything you can see on the *System Tasks* page in the frontend. - redis & postgresql Cache and database respectively. -Additionally, if you've enabled GeoIP, there is a container running which regularly updates the GeoIP database. +Additionally, if you've enabled GeoIP, there is a container running that regularly updates the GeoIP database. From 18eccd995d55eb926a50bad26b62bc71c11436b4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 17 Aug 2021 13:44:54 +0200 Subject: [PATCH 11/40] sources/plex: fix linting error Signed-off-by: Jens Langhammer --- authentik/sources/plex/models.py | 1 + 1 file changed, 1 insertion(+) diff --git a/authentik/sources/plex/models.py b/authentik/sources/plex/models.py index feaed1f3d..fa6a605dc 100644 --- a/authentik/sources/plex/models.py +++ b/authentik/sources/plex/models.py @@ -1,5 +1,6 @@ """Plex source""" from typing import Optional + from django.contrib.postgres.fields import ArrayField from django.db import models from django.templatetags.static import static From b46d08cc973616779c405153c44b2462443351bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Aug 2021 09:59:17 +0200 Subject: [PATCH 12/40] build(deps): bump boto3 from 1.18.22 to 1.18.23 (#1273) --- Pipfile.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index e6ca41b2f..df60cb62c 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:6cc7011cb857fecee54884ff344d6b793cd22af51142f715706c757d26d02bb1", - "sha256:7405ae77ce4f2151fae1b542183f9c0f7ffb57c288b1f152819cfcb88e9cf297" + "sha256:1b08ace99e7b92965780e5ce759430ad62b7b7e037560bc772f9a8789f4f36d2", + "sha256:31cc69e665f773390c4c17ce340d2420e45fbac51d46d945cc4a58d483ec5da6" ], "index": "pypi", - "version": "==1.18.22" + "version": "==1.18.23" }, "botocore": { "hashes": [ - "sha256:9c133caab58b04b4a9ab3f6523cc61cf815c1a5fde7b5ee279eefa48dc3a01d1", - "sha256:9df7a84840bcea10eb68f816d562c77656ec253a3a0dc3724e7e9ac086656e28" + "sha256:3877d69e0b718b786f1696cd04ddbdb3a57aef6adb0239a29aa88754489849a4", + "sha256:d0146d31dbc475942b578b47dd5bcf94d18fbce8c6d2ce5f12195e005de9b754" ], "markers": "python_version >= '3.6'", - "version": "==1.21.22" + "version": "==1.21.23" }, "cachetools": { "hashes": [ @@ -487,11 +487,11 @@ }, "google-auth": { "hashes": [ - "sha256:997516b42ecb5b63e8d80f5632c1a61dddf41d2a4c2748057837e06e00014258", - "sha256:b7033be9028c188ee30200b204ea00ed82ea1162e8ac1df4aa6ded19a191d88e" + "sha256:5c01b4be3fbece1526a76cb81551a936f938c7c3d490d10947c66f6ffd1e5161", + "sha256:9e00c76e1bc7b1a7fe80472f1347f3802e4caa1fa53ba1f11b7af3772b484a82" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.35.0" + "markers": "python_version >= '3.6'", + "version": "==2.0.0" }, "gunicorn": { "hashes": [ @@ -1068,7 +1068,7 @@ "sha256:78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2", "sha256:9d689e6ca1b3038bc82bf8d23e944b6b6037bc02301a574935b2dd946e0353b9" ], - "markers": "python_version >= '3.6'", + "markers": "python_version >= '3.5' and python_version < '4'", "version": "==4.7.2" }, "s3transfer": { From e945c250dbd9b1eb80b9f1894f990e7db14627c4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 18 Aug 2021 10:33:25 +0200 Subject: [PATCH 13/40] ci: make zeus optional Signed-off-by: Jens Langhammer --- azure-pipelines.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index aeb8d7305..e9ec6b8d4 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -398,6 +398,7 @@ stages: inputs: script: bash <(curl -s https://codecov.io/bash) - task: CmdLine@2 + continueOnError: true inputs: script: | npm install -g @zeus-ci/cli From 1110038eb0fbf4301f11731417f7784fc6736fad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Aug 2021 08:36:43 +0200 Subject: [PATCH 14/40] build(deps): bump boto3 from 1.18.23 to 1.18.24 (#1275) --- Pipfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index df60cb62c..400a3c37b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:1b08ace99e7b92965780e5ce759430ad62b7b7e037560bc772f9a8789f4f36d2", - "sha256:31cc69e665f773390c4c17ce340d2420e45fbac51d46d945cc4a58d483ec5da6" + "sha256:ca0d576138b7c38d7fc214716a47e6394c4e9a10fdf337d8a125961eefdc25cc", + "sha256:d6c030dbc08f2c0b6daff9fd26b87f4c029d984781b9b48b21c112d4a76ee081" ], "index": "pypi", - "version": "==1.18.23" + "version": "==1.18.24" }, "botocore": { "hashes": [ - "sha256:3877d69e0b718b786f1696cd04ddbdb3a57aef6adb0239a29aa88754489849a4", - "sha256:d0146d31dbc475942b578b47dd5bcf94d18fbce8c6d2ce5f12195e005de9b754" + "sha256:9f896207e46580a1a720a85261f516fe60c2209f7b8b918bc330b1cb8b4a2afb", + "sha256:ec1c0a3f18ae6062285cc8dac747826baebe9b238bc2720ad6ce4d03bb645ec3" ], "markers": "python_version >= '3.6'", - "version": "==1.21.23" + "version": "==1.21.24" }, "cachetools": { "hashes": [ @@ -1579,7 +1579,7 @@ "sha256:9c2ea1e62d871267b78307fe511c0838ba0da28698c5732d54e2790bf3ba9899", "sha256:e17d6e2b81095c9db0a03a8025a957f334d6ea30b26f9ec70805411e5c7c81f2" ], - "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", + "markers": "python_version < '4' and python_full_version >= '3.6.1'", "version": "==5.9.3" }, "lazy-object-proxy": { From 5fbefef56f92e982314290b7dc854f9fca3144d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Aug 2021 08:37:12 +0200 Subject: [PATCH 15/40] build(deps): bump chart.js from 3.5.0 to 3.5.1 in /web (#1274) --- web/package-lock.json | 14 +++++++------- web/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index b302f8262..6dbf5c489 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -35,7 +35,7 @@ "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", "base64-js": "^1.5.1", - "chart.js": "^3.5.0", + "chart.js": "^3.5.1", "chartjs-adapter-moment": "^1.0.0", "codemirror": "^5.62.2", "construct-style-sheets-polyfill": "^2.4.16", @@ -3345,9 +3345,9 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, "node_modules/chart.js": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.5.0.tgz", - "integrity": "sha512-J1a4EAb1Gi/KbhwDRmoovHTRuqT8qdF0kZ4XgwxpGethJHUdDrkqyPYwke0a+BuvSeUxPf8Cos6AX2AB8H8GLA==" + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.5.1.tgz", + "integrity": "sha512-m5kzt72I1WQ9LILwQC4syla/LD/N413RYv2Dx2nnTkRS9iv/ey1xLTt0DnPc/eWV4zI+BgEgDYBIzbQhZHc/PQ==" }, "node_modules/chartjs-adapter-moment": { "version": "1.0.0", @@ -10521,9 +10521,9 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==" }, "chart.js": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.5.0.tgz", - "integrity": "sha512-J1a4EAb1Gi/KbhwDRmoovHTRuqT8qdF0kZ4XgwxpGethJHUdDrkqyPYwke0a+BuvSeUxPf8Cos6AX2AB8H8GLA==" + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-3.5.1.tgz", + "integrity": "sha512-m5kzt72I1WQ9LILwQC4syla/LD/N413RYv2Dx2nnTkRS9iv/ey1xLTt0DnPc/eWV4zI+BgEgDYBIzbQhZHc/PQ==" }, "chartjs-adapter-moment": { "version": "1.0.0", diff --git a/web/package.json b/web/package.json index 99d643ef2..d9af7b825 100644 --- a/web/package.json +++ b/web/package.json @@ -66,7 +66,7 @@ "authentik-api": "file:api", "babel-plugin-macros": "^3.1.0", "base64-js": "^1.5.1", - "chart.js": "^3.5.0", + "chart.js": "^3.5.1", "chartjs-adapter-moment": "^1.0.0", "codemirror": "^5.62.2", "construct-style-sheets-polyfill": "^2.4.16", From 970a4baf493414bda56ae41f84a806faa3edf393 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Aug 2021 08:42:42 +0200 Subject: [PATCH 16/40] build(deps): bump boto3 from 1.18.24 to 1.18.25 (#1277) --- Pipfile.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 400a3c37b..f2b290a24 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,19 +122,19 @@ }, "boto3": { "hashes": [ - "sha256:ca0d576138b7c38d7fc214716a47e6394c4e9a10fdf337d8a125961eefdc25cc", - "sha256:d6c030dbc08f2c0b6daff9fd26b87f4c029d984781b9b48b21c112d4a76ee081" + "sha256:057196ac15de4de2221a24a3a0a41692414fa1dd697994d062ebd447163265e7", + "sha256:852e776cea4287f74edcb45564f8345fb6b0168dde0fd5bf46668b94c3f21177" ], "index": "pypi", - "version": "==1.18.24" + "version": "==1.18.25" }, "botocore": { "hashes": [ - "sha256:9f896207e46580a1a720a85261f516fe60c2209f7b8b918bc330b1cb8b4a2afb", - "sha256:ec1c0a3f18ae6062285cc8dac747826baebe9b238bc2720ad6ce4d03bb645ec3" + "sha256:201e10d3b1b40d65b7c9214be7087d78ed65de00e7362bd1e020741301d09fbc", + "sha256:b9820ee29d70059c9b0e2a69ec13ebf80f4a0bc85f47578f17e951438c506b2d" ], "markers": "python_version >= '3.6'", - "version": "==1.21.24" + "version": "==1.21.25" }, "cachetools": { "hashes": [ @@ -487,11 +487,11 @@ }, "google-auth": { "hashes": [ - "sha256:5c01b4be3fbece1526a76cb81551a936f938c7c3d490d10947c66f6ffd1e5161", - "sha256:9e00c76e1bc7b1a7fe80472f1347f3802e4caa1fa53ba1f11b7af3772b484a82" + "sha256:c012c8be7c442c8309ca8fa0876fef33f5fd977c467be1e1c1c2f721e8ebd73c", + "sha256:ea1af050b3e06eb73e4470f704d23007307bc0e87c13e015f6b90460f1407bd3" ], "markers": "python_version >= '3.6'", - "version": "==2.0.0" + "version": "==2.0.1" }, "gunicorn": { "hashes": [ @@ -1825,11 +1825,11 @@ }, "stevedore": { "hashes": [ - "sha256:3a5bbd0652bf552748871eaa73a4a8dc2899786bc497a2aa1fcb4dcdb0debeee", - "sha256:50d7b78fbaf0d04cd62411188fa7eedcb03eb7f4c4b37005615ceebe582aa82a" + "sha256:59b58edb7f57b11897f150475e7bc0c39c5381f0b8e3fa9f5c20ce6c89ec4aa1", + "sha256:920ce6259f0b2498aaa4545989536a27e4e4607b8318802d7ddc3a533d3d069e" ], "markers": "python_version >= '3.6'", - "version": "==3.3.0" + "version": "==3.4.0" }, "toml": { "hashes": [ From f0bc90738f44fff2bbd328ed59e44cf6f9f39204 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Aug 2021 08:42:54 +0200 Subject: [PATCH 17/40] build(deps): bump actions/github-script from 4.0.2 to 4.1 (#1276) --- .github/workflows/tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index f684241ec..5bcfc8a4d 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -27,7 +27,7 @@ jobs: docker-compose run -u root server test - name: Extract version number id: get_version - uses: actions/github-script@v4.0.2 + uses: actions/github-script@v4.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From 6433b5982ecb9b68ee4fe676f3743681bf9f2ede Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 19 Aug 2021 23:15:46 +0200 Subject: [PATCH 18/40] api: add cache timeouts to config API for outposts Signed-off-by: Jens Langhammer --- authentik/api/v2/config.py | 11 ++++++++++- schema.yml | 12 ++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/authentik/api/v2/config.py b/authentik/api/v2/config.py index 0641d41f7..b39a0e196 100644 --- a/authentik/api/v2/config.py +++ b/authentik/api/v2/config.py @@ -5,7 +5,7 @@ from django.conf import settings from django.db import models from drf_spectacular.utils import extend_schema from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME -from rest_framework.fields import BooleanField, CharField, ChoiceField, ListField +from rest_framework.fields import BooleanField, CharField, ChoiceField, IntegerField, ListField from rest_framework.permissions import AllowAny from rest_framework.request import Request from rest_framework.response import Response @@ -33,6 +33,11 @@ class ConfigSerializer(PassiveSerializer): capabilities = ListField(child=ChoiceField(choices=Capabilities.choices)) + cache_timeout = IntegerField(required=True) + cache_timeout_flows = IntegerField(required=True) + cache_timeout_policies = IntegerField(required=True) + cache_timeout_reputation = IntegerField(required=True) + class ConfigView(APIView): """Read-only view set that returns the current session's Configs""" @@ -65,6 +70,10 @@ class ConfigView(APIView): "error_reporting_environment": CONFIG.y("error_reporting.environment"), "error_reporting_send_pii": CONFIG.y("error_reporting.send_pii"), "capabilities": self.get_capabilities(), + "cache_timeout": int(CONFIG.y("redis.cache_timeout")), + "cache_timeout_flows": int(CONFIG.y("redis.cache_timeout_flows")), + "cache_timeout_policies": int(CONFIG.y("redis.cache_timeout_policies")), + "cache_timeout_reputation": int(CONFIG.y("redis.cache_timeout_reputation")), } ) return Response(config.data) diff --git a/schema.yml b/schema.yml index fbe0b454c..026aea14b 100644 --- a/schema.yml +++ b/schema.yml @@ -20625,7 +20625,19 @@ components: type: array items: $ref: '#/components/schemas/CapabilitiesEnum' + cache_timeout: + type: integer + cache_timeout_flows: + type: integer + cache_timeout_policies: + type: integer + cache_timeout_reputation: + type: integer required: + - cache_timeout + - cache_timeout_flows + - cache_timeout_policies + - cache_timeout_reputation - capabilities - error_reporting_enabled - error_reporting_environment From 2015d91484203165f5058c323c456d9c8dc7e9e1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 14:13:46 +0200 Subject: [PATCH 19/40] outpost: load global config Signed-off-by: Jens Langhammer --- internal/outpost/ak/api.go | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 2c6103868..da776a4e2 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -24,12 +24,14 @@ const ConfigErrorReportingEnvironment = "error_reporting_environment" // APIController main controller which connects to the authentik api via http and ws type APIController struct { - Client *api.APIClient - Outpost api.Outpost - token string + Client *api.APIClient + Outpost api.Outpost + GlobalConfig api.Config Server Outpost + token string + logger *log.Entry reloadOffset time.Duration @@ -54,21 +56,28 @@ func NewAPIController(akURL url.URL, token string) *APIController { log := log.WithField("logger", "authentik.outpost.ak-api-controller") + akConfig, _, err := apiClient.RootApi.RootConfigRetrieve(context.Background()).Execute() + if err != nil { + log.WithError(err).Error("Failed to fetch global configuration") + return nil + } + // Because we don't know the outpost UUID, we simply do a list and pick the first // The service account this token belongs to should only have access to a single outpost outposts, _, err := apiClient.OutpostsApi.OutpostsInstancesList(context.Background()).Execute() if err != nil { - log.WithError(err).Error("Failed to fetch configuration") + log.WithError(err).Error("Failed to fetch outpost configuration") return nil } outpost := outposts.Results[0] doGlobalSetup(outpost.Config) ac := &APIController{ - Client: apiClient, - token: token, + Client: apiClient, + GlobalConfig: akConfig, + token: token, logger: log, reloadOffset: time.Duration(rand.Intn(10)) * time.Second, From 02c736d7843a67bbf73a581094d81e9c6f191894 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 14:14:13 +0200 Subject: [PATCH 20/40] lib: ignore installation specific errors Signed-off-by: Jens Langhammer --- authentik/lib/sentry.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/authentik/lib/sentry.py b/authentik/lib/sentry.py index 7ed780cb9..5f434cae9 100644 --- a/authentik/lib/sentry.py +++ b/authentik/lib/sentry.py @@ -2,7 +2,7 @@ from typing import Optional from aioredis.errors import ConnectionClosedError, ReplyError -from billiard.exceptions import WorkerLostError +from billiard.exceptions import SoftTimeLimitExceeded, WorkerLostError from botocore.client import ClientError from botocore.exceptions import BotoCoreError from celery.exceptions import CeleryError @@ -14,6 +14,7 @@ from django.http.response import Http404 from django_redis.exceptions import ConnectionInterrupted from docker.errors import DockerException from ldap3.core.exceptions import LDAPException +from psycopg2.errors import Error from redis.exceptions import ConnectionError as RedisConnectionError from redis.exceptions import RedisError, ResponseError from rest_framework.exceptions import APIException @@ -52,6 +53,7 @@ def before_send(event: dict, hint: dict) -> Optional[dict]: OSError, PermissionError, # Django Errors + Error, ImproperlyConfigured, OperationalError, InternalError, @@ -73,6 +75,7 @@ def before_send(event: dict, hint: dict) -> Optional[dict]: # celery errors WorkerLostError, CeleryError, + SoftTimeLimitExceeded, # S3 errors BotoCoreError, ClientError, From 93e27d19591c41ed1b886c45a6bcef78c478287e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 14:17:31 +0200 Subject: [PATCH 21/40] web: improve failed request handling Signed-off-by: Jens Langhammer --- authentik/lib/sentry.py | 2 ++ web/src/api/Sentry.ts | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/authentik/lib/sentry.py b/authentik/lib/sentry.py index 5f434cae9..627df3f53 100644 --- a/authentik/lib/sentry.py +++ b/authentik/lib/sentry.py @@ -14,6 +14,8 @@ from django.http.response import Http404 from django_redis.exceptions import ConnectionInterrupted from docker.errors import DockerException from ldap3.core.exceptions import LDAPException + +# pylint: disable=no-name-in-module from psycopg2.errors import Error from redis.exceptions import ConnectionError as RedisConnectionError from redis.exceptions import RedisError, ResponseError diff --git a/web/src/api/Sentry.ts b/web/src/api/Sentry.ts index 84dc572a4..907094e7e 100644 --- a/web/src/api/Sentry.ts +++ b/web/src/api/Sentry.ts @@ -32,7 +32,7 @@ export function configureSentry(canDoPpi: boolean = false): Promise { return null; } } - if (hint.originalException instanceof Response) { + if (hint.originalException instanceof Response || hint.originalException instanceof DOMException) { return null; } if (event.exception) { From 2a90c0b35eb52234c0d34c58add0f6a37a0c7d2d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 15:12:18 +0200 Subject: [PATCH 22/40] sources/oauth2: migrate to microsoft graph instead of azure graph Signed-off-by: Jens Langhammer --- authentik/lib/sentry.py | 6 +-- .../sources/oauth/tests/test_type_azure_ad.py | 46 +++++++++++++++++++ authentik/sources/oauth/types/azure_ad.py | 19 ++++++-- 3 files changed, 64 insertions(+), 7 deletions(-) create mode 100644 authentik/sources/oauth/tests/test_type_azure_ad.py diff --git a/authentik/lib/sentry.py b/authentik/lib/sentry.py index 627df3f53..7b847458f 100644 --- a/authentik/lib/sentry.py +++ b/authentik/lib/sentry.py @@ -14,9 +14,6 @@ from django.http.response import Http404 from django_redis.exceptions import ConnectionInterrupted from docker.errors import DockerException from ldap3.core.exceptions import LDAPException - -# pylint: disable=no-name-in-module -from psycopg2.errors import Error from redis.exceptions import ConnectionError as RedisConnectionError from redis.exceptions import RedisError, ResponseError from rest_framework.exceptions import APIException @@ -48,6 +45,9 @@ class SentryIgnoredException(Exception): def before_send(event: dict, hint: dict) -> Optional[dict]: """Check if error is database error, and ignore if so""" + # pylint: disable=no-name-in-module + from psycopg2.errors import Error + ignored_classes = ( # Inbuilt types KeyboardInterrupt, diff --git a/authentik/sources/oauth/tests/test_type_azure_ad.py b/authentik/sources/oauth/tests/test_type_azure_ad.py new file mode 100644 index 000000000..b2d8b9f5f --- /dev/null +++ b/authentik/sources/oauth/tests/test_type_azure_ad.py @@ -0,0 +1,46 @@ +"""azure ad Type tests""" +from django.test import TestCase + +from authentik.sources.oauth.models import OAuthSource +from authentik.sources.oauth.types.azure_ad import AzureADOAuthCallback + +# https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#response-2 +AAD_USER = { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity", + "@odata.id": ( + "https://graph.microsoft.com/v2/7ce9b89e-646a-41d2-9fa6-8371c6a8423d/" + "directoryObjects/018b0aff-8aff-473e-bf9c-b50e27f52208/Microsoft.DirectoryServices.User" + ), + "businessPhones": [], + "displayName": "foo bar", + "givenName": "foo", + "jobTitle": None, + "mail": "foo@beryju.org", + "mobilePhone": None, + "officeLocation": None, + "preferredLanguage": None, + "surname": "bar", + "userPrincipalName": "foo@beryju.org", + "id": "018b0aff-8aff-473e-bf9c-b50e27f52208", +} + + +class TestTypeAzureAD(TestCase): + """OAuth Source tests""" + + def setUp(self): + self.source = OAuthSource.objects.create( + name="test", + slug="test", + provider_type="openid-connect", + authorization_url="", + profile_url="", + consumer_key="", + ) + + def test_enroll_context(self): + """Test azure_ad Enrollment context""" + ak_context = AzureADOAuthCallback().get_user_enroll_context(AAD_USER) + self.assertEqual(ak_context["username"], AAD_USER["displayName"]) + self.assertEqual(ak_context["email"], AAD_USER["mail"]) + self.assertEqual(ak_context["name"], AAD_USER["displayName"]) diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index e6066de21..2893aabdf 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -8,10 +8,20 @@ from structlog.stdlib import get_logger from authentik.sources.oauth.clients.oauth2 import OAuth2Client from authentik.sources.oauth.types.manager import MANAGER, SourceType from authentik.sources.oauth.views.callback import OAuthCallback +from authentik.sources.oauth.views.redirect import OAuthRedirect LOGGER = get_logger() +class AzureADOAuthRedirect(OAuthRedirect): + """Azure AD OAuth2 Redirect""" + + def get_additional_parameters(self, source): # pragma: no cover + return { + "scope": "openid https://graph.microsoft.com/User.Read", + } + + class AzureADClient(OAuth2Client): """Azure AD Oauth client, azure ad doesn't like the ?access_token that is sent by default""" @@ -42,7 +52,7 @@ class AzureADOAuthCallback(OAuthCallback): def get_user_id(self, info: dict[str, Any]) -> Optional[str]: try: - return str(UUID(info.get("objectId")).int) + return str(UUID(info.get("id")).int) except TypeError: return None @@ -63,11 +73,12 @@ class AzureADType(SourceType): """Azure AD Type definition""" callback_view = AzureADOAuthCallback + redirect_view = AzureADOAuthRedirect name = "Azure AD" slug = "azure-ad" urls_customizable = True - authorization_url = "https://login.microsoftonline.com/common/oauth2/authorize" - access_token_url = "https://login.microsoftonline.com/common/oauth2/token" # nosec - profile_url = "https://graph.windows.net/myorganization/me?api-version=1.6" + authorization_url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize" + access_token_url = "https://login.microsoftonline.com/common/oauth2/v2.0/token" # nosec + profile_url = "https://graph.microsoft.com/v1.0/me" From bff7addb5557efcdc2a4bbdd2aa6bfdd2b94167e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 15:15:45 +0200 Subject: [PATCH 23/40] stages/password: adjust name of default prompt stage Signed-off-by: Jens Langhammer --- .../0002_passwordstage_change_flow.py | 2 +- .../migrations/0006_passwordchange_rename.py | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 authentik/stages/password/migrations/0006_passwordchange_rename.py diff --git a/authentik/stages/password/migrations/0002_passwordstage_change_flow.py b/authentik/stages/password/migrations/0002_passwordstage_change_flow.py index edfc206d1..73686f08a 100644 --- a/authentik/stages/password/migrations/0002_passwordstage_change_flow.py +++ b/authentik/stages/password/migrations/0002_passwordstage_change_flow.py @@ -27,7 +27,7 @@ def create_default_password_change(apps: Apps, schema_editor: BaseDatabaseSchema ) prompt_stage, _ = PromptStage.objects.using(db_alias).update_or_create( - name="Change your password", + name="default-password-change-prompt", ) password_prompt, _ = Prompt.objects.using(db_alias).update_or_create( field_key="password", diff --git a/authentik/stages/password/migrations/0006_passwordchange_rename.py b/authentik/stages/password/migrations/0006_passwordchange_rename.py new file mode 100644 index 000000000..e3f24799f --- /dev/null +++ b/authentik/stages/password/migrations/0006_passwordchange_rename.py @@ -0,0 +1,27 @@ +# Generated by Django 3.2.5 on 2021-08-21 13:12 +from django.apps.registry import Apps +from django.db import migrations +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + + +def rename_default_prompt_stage(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + PromptStage = apps.get_model("authentik_stages_prompt", "PromptStage") + db_alias = schema_editor.connection.alias + + stages = PromptStage.objects.using(db_alias).filter(name="Change your password") + if not stages.exists(): + return + stage = stages.first() + stage.name = "default-password-change-prompt" + stage.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_stages_password", "0005_auto_20210402_2221"), + ] + + operations = [ + migrations.RunPython(rename_default_prompt_stage), + ] From 00a666856d1d8b905aca8dca53a2cac6cd8a7f34 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 15:24:31 +0200 Subject: [PATCH 24/40] web: expand parent FormGroup when containing element has error Signed-off-by: Jens Langhammer --- web/src/elements/forms/HorizontalFormElement.ts | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/web/src/elements/forms/HorizontalFormElement.ts b/web/src/elements/forms/HorizontalFormElement.ts index 476ad3f96..bd735d539 100644 --- a/web/src/elements/forms/HorizontalFormElement.ts +++ b/web/src/elements/forms/HorizontalFormElement.ts @@ -5,6 +5,7 @@ import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; import AKGlobal from "../../authentik.css"; import { t } from "@lingui/macro"; +import { FormGroup } from "./FormGroup"; @customElement("ak-form-element-horizontal") export class HorizontalFormElement extends LitElement { @@ -43,8 +44,20 @@ export class HorizontalFormElement extends LitElement { @property() errorMessage = ""; + _invalid = false; + @property({ type: Boolean }) - invalid = false; + set invalid(v: boolean) { + this._invalid = v; + // check if we're in a form group, and expand that form group + const parent = this.parentElement?.parentElement; + if (parent && "expanded" in parent) { + (parent as FormGroup).expanded = true; + } + } + get invalid(): boolean { + return this._invalid; + } @property() name = ""; From b4f738492dd987067c7ed9df42e6bf3f1afbec2e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 15:52:41 +0200 Subject: [PATCH 25/40] sources/oauth: improve UI with prefilled urls (when customizable) and hiding provider type Signed-off-by: Jens Langhammer --- authentik/core/api/sources.py | 2 + authentik/sources/oauth/api/source.py | 28 +++++-- .../0005_update_provider_type_names.py | 33 ++++++++ authentik/sources/oauth/types/azure_ad.py | 2 +- authentik/sources/oauth/types/oidc.py | 2 +- schema.yml | 9 +- .../pages/sources/oauth/OAuthSourceForm.ts | 82 +++++-------------- 7 files changed, 89 insertions(+), 69 deletions(-) create mode 100644 authentik/sources/oauth/migrations/0005_update_provider_type_names.py diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 73bf16b76..e4f8feb38 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -74,6 +74,8 @@ class SourceViewSet( for subclass in all_subclasses(self.queryset.model): subclass: Source component = "" + if len(subclass.__subclasses__()) > 0: + continue if subclass._meta.abstract: component = subclass.__bases__[0]().component else: diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index 2c37008f2..0beafb976 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -1,6 +1,7 @@ """OAuth Source Serializer""" from django.urls.base import reverse_lazy -from drf_spectacular.utils import extend_schema, extend_schema_field +from drf_spectacular.types import OpenApiTypes +from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, SerializerMethodField from rest_framework.request import Request @@ -12,7 +13,7 @@ from authentik.core.api.sources import SourceSerializer from authentik.core.api.used_by import UsedByMixin from authentik.core.api.utils import PassiveSerializer from authentik.sources.oauth.models import OAuthSource -from authentik.sources.oauth.types.manager import MANAGER +from authentik.sources.oauth.types.manager import MANAGER, SourceType class SourceTypeSerializer(PassiveSerializer): @@ -100,11 +101,26 @@ class OAuthSourceViewSet(UsedByMixin, ModelViewSet): ] ordering = ["name"] - @extend_schema(responses={200: SourceTypeSerializer(many=True)}) + @extend_schema( + responses={200: SourceTypeSerializer(many=True)}, + parameters=[ + OpenApiParameter( + name="name", + location=OpenApiParameter.QUERY, + type=OpenApiTypes.STR, + ) + ], + ) @action(detail=False, pagination_class=None, filter_backends=[]) def source_types(self, request: Request) -> Response: - """Get all creatable source types""" + """Get all creatable source types. If ?name is set, only returns the type for . + If isn't found, returns the default type.""" data = [] - for source_type in MANAGER.get(): - data.append(SourceTypeSerializer(source_type).data) + if "name" in request.query_params: + source_type = MANAGER.find_type(request.query_params.get("name")) + if source_type.__class__ != SourceType: + data.append(SourceTypeSerializer(source_type).data) + else: + for source_type in MANAGER.get(): + data.append(SourceTypeSerializer(source_type).data) return Response(data) diff --git a/authentik/sources/oauth/migrations/0005_update_provider_type_names.py b/authentik/sources/oauth/migrations/0005_update_provider_type_names.py new file mode 100644 index 000000000..a699effa7 --- /dev/null +++ b/authentik/sources/oauth/migrations/0005_update_provider_type_names.py @@ -0,0 +1,33 @@ +# Generated by Django 3.2.5 on 2021-08-21 13:41 +from django.apps.registry import Apps +from django.db import migrations +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + + +def update_provider_types(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + OAuthSource = apps.get_model("authentik_sources_oauth", "oauthsource") + + db_alias = schema_editor.connection.alias + + for source in OAuthSource.objects.using(db_alias).all(): + changed = False + if source.provider_type == "azure-ad": + source.provider_type = "azuread" + changed = True + if source.provider_type == "openid-connect": + source.provider_type = "openidconnect" + changed = True + + if changed: + source.save() + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_sources_oauth", "0004_auto_20210417_1900"), + ] + + operations = [ + migrations.RunPython(update_provider_types), + ] diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index 2893aabdf..329f1dd79 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -75,7 +75,7 @@ class AzureADType(SourceType): callback_view = AzureADOAuthCallback redirect_view = AzureADOAuthRedirect name = "Azure AD" - slug = "azure-ad" + slug = "azuread" urls_customizable = True diff --git a/authentik/sources/oauth/types/oidc.py b/authentik/sources/oauth/types/oidc.py index 01fae8dcd..309dbeb95 100644 --- a/authentik/sources/oauth/types/oidc.py +++ b/authentik/sources/oauth/types/oidc.py @@ -40,6 +40,6 @@ class OpenIDConnectType(SourceType): callback_view = OpenIDConnectOAuth2Callback redirect_view = OpenIDConnectOAuthRedirect name = "OpenID Connect" - slug = "openid-connect" + slug = "openidconnect" urls_customizable = True diff --git a/schema.yml b/schema.yml index 026aea14b..240308250 100644 --- a/schema.yml +++ b/schema.yml @@ -13178,7 +13178,14 @@ paths: /api/v2beta/sources/oauth/source_types/: get: operationId: sources_oauth_source_types_list - description: Get all creatable source types + description: |- + Get all creatable source types. If ?name is set, only returns the type for . + If isn't found, returns the default type. + parameters: + - in: query + name: name + schema: + type: string tags: - sources security: diff --git a/web/src/pages/sources/oauth/OAuthSourceForm.ts b/web/src/pages/sources/oauth/OAuthSourceForm.ts index 0e4a9dc07..367ffa87b 100644 --- a/web/src/pages/sources/oauth/OAuthSourceForm.ts +++ b/web/src/pages/sources/oauth/OAuthSourceForm.ts @@ -5,6 +5,7 @@ import { UserMatchingModeEnum, OAuthSourceRequest, FlowsInstancesListDesignationEnum, + SourceType, } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement, property } from "lit-element"; @@ -25,19 +26,28 @@ export class OAuthSourceForm extends ModelForm { slug: pk, }) .then((source) => { - this.showUrlOptions = first(source.type?.urlsCustomizable, false); + this.providerType = source.type; return source; }); } + _modelName?: string; + @property() - modelName?: string; + set modelName(v: string | undefined) { + this._modelName = v; + new SourcesApi(DEFAULT_CONFIG).sourcesOauthSourceTypesList({ + name: v?.replace("oauthsource", ""), + }).then((type) => { + this.providerType = type[0]; + }); + } + get modelName(): string|undefined { + return this._modelName; + } - @property({ type: Boolean }) - showUrlOptions = false; - - @property({ type: Boolean }) - showRequestTokenURL = false; + @property({ attribute: false }) + providerType?: SourceType; getSuccessMessage(): string { if (this.instance) { @@ -61,7 +71,7 @@ export class OAuthSourceForm extends ModelForm { }; renderUrlOptions(): TemplateResult { - if (!this.showUrlOptions) { + if (!this.providerType?.urlsCustomizable) { return html``; } return html` @@ -74,7 +84,7 @@ export class OAuthSourceForm extends ModelForm { > @@ -89,7 +99,7 @@ export class OAuthSourceForm extends ModelForm { > @@ -104,7 +114,7 @@ export class OAuthSourceForm extends ModelForm { > @@ -112,7 +122,7 @@ export class OAuthSourceForm extends ModelForm { ${t`URL used by authentik to get user information.`}

- ${this.showRequestTokenURL + ${this.providerType.requestTokenUrl ? html` { > - - - ${this.renderUrlOptions()} From 673520c9f898958044210dd8c416d0591a6bb635 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 16:08:50 +0200 Subject: [PATCH 26/40] web: fix OAuthSource not setting providerType Signed-off-by: Jens Langhammer --- web/src/pages/sources/oauth/OAuthSourceForm.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/web/src/pages/sources/oauth/OAuthSourceForm.ts b/web/src/pages/sources/oauth/OAuthSourceForm.ts index 367ffa87b..f0d7ba14e 100644 --- a/web/src/pages/sources/oauth/OAuthSourceForm.ts +++ b/web/src/pages/sources/oauth/OAuthSourceForm.ts @@ -58,6 +58,7 @@ export class OAuthSourceForm extends ModelForm { } send = (data: OAuthSource): Promise => { + data.providerType = this.providerType?.slug || ""; if (this.instance?.slug) { return new SourcesApi(DEFAULT_CONFIG).sourcesOauthPartialUpdate({ slug: this.instance.slug, From ecf35cfd1d81e68b9593f54c7f035199ce69dc3b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 16:10:03 +0200 Subject: [PATCH 27/40] web: fix mis-matched oauth source icon names Signed-off-by: Jens Langhammer --- web/authentik/sources/{azure-ad.svg => azuread.svg} | 0 web/authentik/sources/{openid-connect.svg => openidconnect.svg} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename web/authentik/sources/{azure-ad.svg => azuread.svg} (100%) rename web/authentik/sources/{openid-connect.svg => openidconnect.svg} (100%) diff --git a/web/authentik/sources/azure-ad.svg b/web/authentik/sources/azuread.svg similarity index 100% rename from web/authentik/sources/azure-ad.svg rename to web/authentik/sources/azuread.svg diff --git a/web/authentik/sources/openid-connect.svg b/web/authentik/sources/openidconnect.svg similarity index 100% rename from web/authentik/sources/openid-connect.svg rename to web/authentik/sources/openidconnect.svg From ff24bc8cb8a7223d7306ba6b0e16d9807fb040ba Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 16:17:30 +0200 Subject: [PATCH 28/40] outpost/ldap: regularly pre-heat flow executor cache to increase bind performance Signed-off-by: Jens Langhammer --- internal/outpost/ak/api.go | 19 +++++++++++++------ internal/outpost/ak/api_ws.go | 2 +- internal/outpost/ak/outpost.go | 1 + internal/outpost/ak/periodical.go | 15 +++++++++++++++ internal/outpost/flow.go | 9 +++++++++ internal/outpost/ldap/bind.go | 7 +++++++ internal/outpost/ldap/instance_bind.go | 11 +++++++++++ internal/outpost/proxy/server.go | 2 ++ 8 files changed, 59 insertions(+), 7 deletions(-) create mode 100644 internal/outpost/ak/periodical.go diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index da776a4e2..b6616ef2e 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -56,12 +56,6 @@ func NewAPIController(akURL url.URL, token string) *APIController { log := log.WithField("logger", "authentik.outpost.ak-api-controller") - akConfig, _, err := apiClient.RootApi.RootConfigRetrieve(context.Background()).Execute() - if err != nil { - log.WithError(err).Error("Failed to fetch global configuration") - return nil - } - // Because we don't know the outpost UUID, we simply do a list and pick the first // The service account this token belongs to should only have access to a single outpost outposts, _, err := apiClient.OutpostsApi.OutpostsInstancesList(context.Background()).Execute() @@ -73,6 +67,15 @@ func NewAPIController(akURL url.URL, token string) *APIController { outpost := outposts.Results[0] doGlobalSetup(outpost.Config) + log.WithField("name", outpost.Name).Debug("Fetched outpost configuration") + + akConfig, _, err := apiClient.RootApi.RootConfigRetrieve(context.Background()).Execute() + if err != nil { + log.WithError(err).Error("Failed to fetch global configuration") + return nil + } + log.Debug("Fetched global configuration") + ac := &APIController{ Client: apiClient, GlobalConfig: akConfig, @@ -121,5 +124,9 @@ func (a *APIController) StartBackgorundTasks() error { a.logger.Debug("Starting Interval updater...") a.startIntervalUpdater() }() + go func() { + a.logger.Debug("Starting periodical timer...") + a.startPeriodicalTasks() + }() return nil } diff --git a/internal/outpost/ak/api_ws.go b/internal/outpost/ak/api_ws.go index 6bdc41fcd..d66addfec 100644 --- a/internal/outpost/ak/api_ws.go +++ b/internal/outpost/ak/api_ws.go @@ -39,7 +39,7 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID strfmt.UUID) { } ws.Dial(fmt.Sprintf(pathTemplate, scheme, akURL.Host, outpostUUID.String()), header) - ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik") + ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID.String()).Debug("Connecting to authentik") ac.wsConn = ws // Send hello message with our version diff --git a/internal/outpost/ak/outpost.go b/internal/outpost/ak/outpost.go index c60023757..dd59739e4 100644 --- a/internal/outpost/ak/outpost.go +++ b/internal/outpost/ak/outpost.go @@ -3,4 +3,5 @@ package ak type Outpost interface { Start() error Refresh() error + TimerFlowCacheExpiry() } diff --git a/internal/outpost/ak/periodical.go b/internal/outpost/ak/periodical.go new file mode 100644 index 000000000..fb35f446a --- /dev/null +++ b/internal/outpost/ak/periodical.go @@ -0,0 +1,15 @@ +package ak + +import ( + "time" +) + +func (a *APIController) startPeriodicalTasks() { + go a.Server.TimerFlowCacheExpiry() + go func() { + for range time.Tick(time.Duration(a.GlobalConfig.CacheTimeoutFlows) * time.Second) { + a.logger.WithField("timer", "cache-timeout").Debug("Running periodical tasks") + a.Server.TimerFlowCacheExpiry() + } + }() +} diff --git a/internal/outpost/flow.go b/internal/outpost/flow.go index dbcd47bb1..370e710e7 100644 --- a/internal/outpost/flow.go +++ b/internal/outpost/flow.go @@ -118,6 +118,15 @@ func (fe *FlowExecutor) getAnswer(stage StageComponent) string { return "" } +// WarmUp Ensure authentik's flow cache is warmed up +func (fe *FlowExecutor) WarmUp() error { + defer fe.sp.Finish() + gcsp := sentry.StartSpan(fe.Context, "authentik.outposts.flow_executor.get_challenge") + req := fe.api.FlowsApi.FlowsExecutorGet(gcsp.Context(), fe.flowSlug).Query(fe.Params.Encode()) + _, _, err := req.Execute() + return err +} + func (fe *FlowExecutor) Execute() (bool, error) { return fe.solveFlowChallenge(1) } diff --git a/internal/outpost/ldap/bind.go b/internal/outpost/ldap/bind.go index c2f973647..de32efb16 100644 --- a/internal/outpost/ldap/bind.go +++ b/internal/outpost/ldap/bind.go @@ -48,3 +48,10 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD req.log.WithField("request", "bind").Warning("No provider found for request") return ldap.LDAPResultOperationsError, nil } + +func (ls *LDAPServer) TimerFlowCacheExpiry() { + for _, p := range ls.providers { + ls.log.WithField("flow", p.flowSlug).Debug("Pre-heating flow cache") + p.TimerFlowCacheExpiry() + } +} diff --git a/internal/outpost/ldap/instance_bind.go b/internal/outpost/ldap/instance_bind.go index 42f0fb93e..83a364c03 100644 --- a/internal/outpost/ldap/instance_bind.go +++ b/internal/outpost/ldap/instance_bind.go @@ -118,3 +118,14 @@ func (pi *ProviderInstance) delayDeleteUserInfo(dn string) { } }() } + +func (pi *ProviderInstance) TimerFlowCacheExpiry() { + fe := outpost.NewFlowExecutor(context.Background(), pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{}) + fe.Params.Add("goauthentik.io/outpost/ldap", "true") + fe.Params.Add("goauthentik.io/outpost/ldap-warmup", "true") + + err := fe.WarmUp() + if err != nil { + pi.log.WithError(err).Warning("failed to warm up flow cache") + } +} diff --git a/internal/outpost/proxy/server.go b/internal/outpost/proxy/server.go index 27d735f0a..fb34f0ce0 100644 --- a/internal/outpost/proxy/server.go +++ b/internal/outpost/proxy/server.go @@ -60,6 +60,8 @@ func (s *Server) ServeHTTP() { s.logger.Printf("closing %s", listener.Addr()) } +func (s *Server) TimerFlowCacheExpiry() {} + func (s *Server) Handler(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/akprox/ping" { w.WriteHeader(204) From 3e909ae6bb273bf436f2c4e87388e17445da23af Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 16:23:07 +0200 Subject: [PATCH 29/40] core: allow filtering users by the groups they are in Signed-off-by: Jens Langhammer --- authentik/core/api/users.py | 14 ++++++++++- authentik/sources/oauth/tests/test_views.py | 2 +- .../outpost/ldap/instance_search_group.go | 1 + internal/outpost/ldap/instance_search_user.go | 9 +++++++ schema.yml | 17 +++++++++++++ .../pages/sources/oauth/OAuthSourceForm.ts | 24 ++++++++++++------- 6 files changed, 57 insertions(+), 10 deletions(-) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 73e97f83d..185171bbe 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -6,7 +6,7 @@ from django.db.models.query import QuerySet from django.urls import reverse_lazy from django.utils.http import urlencode from django.utils.translation import gettext as _ -from django_filters.filters import BooleanFilter, CharFilter +from django_filters.filters import BooleanFilter, CharFilter, ModelMultipleChoiceFilter from django_filters.filterset import FilterSet from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field @@ -149,6 +149,16 @@ class UsersFilter(FilterSet): is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser") + groups_by_name = ModelMultipleChoiceFilter( + field_name="ak_groups__username", + to_field_name="username", + queryset=Group.objects.all(), + ) + groups_by_pk = ModelMultipleChoiceFilter( + field_name="ak_groups", + queryset=Group.objects.all(), + ) + # pylint: disable=unused-argument def filter_attributes(self, queryset, name, value): """Filter attributes by query args""" @@ -172,6 +182,8 @@ class UsersFilter(FilterSet): "is_active", "is_superuser", "attributes", + "groups_by_name", + "groups_by_pk", ] diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index ef4108e42..a979bdfa2 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -37,7 +37,7 @@ class TestOAuthSource(TestCase): data={ "name": "foo", "slug": "bar", - "provider_type": "openid-connect", + "provider_type": "openidconnect", "consumer_key": "foo", "consumer_secret": "foo", } diff --git a/internal/outpost/ldap/instance_search_group.go b/internal/outpost/ldap/instance_search_group.go index a9da26fb6..44d71a294 100644 --- a/internal/outpost/ldap/instance_search_group.go +++ b/internal/outpost/ldap/instance_search_group.go @@ -42,6 +42,7 @@ func parseFilterForGroupSingle(req api.ApiCoreGroupsListRequest, f *ber.Packet) case "cn": return req.Name(vv) case "member": + case "memberOf": userDN, err := goldap.ParseDN(vv) if err != nil { return req diff --git a/internal/outpost/ldap/instance_search_user.go b/internal/outpost/ldap/instance_search_user.go index bf3851a97..fd0fd3ce4 100644 --- a/internal/outpost/ldap/instance_search_user.go +++ b/internal/outpost/ldap/instance_search_user.go @@ -1,6 +1,7 @@ package ldap import ( + goldap "github.com/go-ldap/ldap/v3" ber "github.com/nmcclain/asn1-ber" "github.com/nmcclain/ldap" "goauthentik.io/api" @@ -45,6 +46,14 @@ func parseFilterForUserSingle(req api.ApiCoreUsersListRequest, f *ber.Packet) ap return req.Name(vv) case "mail": return req.Email(vv) + case "member": + case "memberOf": + groupDN, err := goldap.ParseDN(vv) + if err != nil { + return req + } + name := groupDN.RDNs[0].Attributes[0].Value + return req.GroupsByName([]string{name}) } // TODO: Support int default: diff --git a/schema.yml b/schema.yml index 240308250..631791192 100644 --- a/schema.yml +++ b/schema.yml @@ -2914,6 +2914,23 @@ paths: name: email schema: type: string + - in: query + name: groups_by_name + schema: + type: array + items: + type: string + explode: true + style: form + - in: query + name: groups_by_pk + schema: + type: array + items: + type: string + format: uuid + explode: true + style: form - in: query name: is_active schema: diff --git a/web/src/pages/sources/oauth/OAuthSourceForm.ts b/web/src/pages/sources/oauth/OAuthSourceForm.ts index f0d7ba14e..2aad774f0 100644 --- a/web/src/pages/sources/oauth/OAuthSourceForm.ts +++ b/web/src/pages/sources/oauth/OAuthSourceForm.ts @@ -36,13 +36,15 @@ export class OAuthSourceForm extends ModelForm { @property() set modelName(v: string | undefined) { this._modelName = v; - new SourcesApi(DEFAULT_CONFIG).sourcesOauthSourceTypesList({ - name: v?.replace("oauthsource", ""), - }).then((type) => { - this.providerType = type[0]; - }); + new SourcesApi(DEFAULT_CONFIG) + .sourcesOauthSourceTypesList({ + name: v?.replace("oauthsource", ""), + }) + .then((type) => { + this.providerType = type[0]; + }); } - get modelName(): string|undefined { + get modelName(): string | undefined { return this._modelName; } @@ -85,7 +87,10 @@ export class OAuthSourceForm extends ModelForm { > @@ -100,7 +105,10 @@ export class OAuthSourceForm extends ModelForm { > From 23fd257624f78d90a95a72f807ebb55994c48273 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 16:49:34 +0200 Subject: [PATCH 30/40] outposts/ldap: fix nil pointer dereference when search self Signed-off-by: Jens Langhammer --- internal/outpost/ldap/instance_search.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/outpost/ldap/instance_search.go b/internal/outpost/ldap/instance_search.go index fde6e29d7..1453510f4 100644 --- a/internal/outpost/ldap/instance_search.go +++ b/internal/outpost/ldap/instance_search.go @@ -13,10 +13,10 @@ import ( func (pi *ProviderInstance) SearchMe(req SearchRequest, f UserFlags) (ldap.ServerSearchResult, error) { if f.UserInfo == nil { - u, _, err := pi.s.ac.Client.CoreApi.CoreUsersRetrieve(req.ctx, f.UserInfo.Pk).Execute() + u, _, err := pi.s.ac.Client.CoreApi.CoreUsersRetrieve(req.ctx, f.UserPk).Execute() if err != nil { req.log.WithError(err).Warning("Failed to get user info") - return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Failed to get userinfo") + return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("failed to get userinfo") } f.UserInfo = &u } @@ -91,7 +91,7 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult, users, _, err := parseFilterForUser(pi.s.ac.Client.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter).Execute() uapisp.Finish() if err != nil { - req.log.WithError(err).Warning("failed to get groups") + req.log.WithError(err).Warning("failed to get users") return } From 294d70ae4da63776ee123d383af02f6c30e94c97 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 17:53:09 +0200 Subject: [PATCH 31/40] outposts/ldap: move virtual groups to other OU for lookups, conditionally skip requests based on search filter Signed-off-by: Jens Langhammer --- authentik/core/api/users.py | 4 +- internal/outpost/ldap/api.go | 12 +++++- internal/outpost/ldap/instance_search.go | 25 ++++++++++-- .../outpost/ldap/instance_search_group.go | 36 +++++++++++------ internal/outpost/ldap/instance_search_user.go | 40 ++++++++++++------- internal/outpost/ldap/ldap.go | 6 ++- internal/outpost/ldap/utils.go | 6 ++- website/docs/providers/ldap.md | 2 +- 8 files changed, 92 insertions(+), 39 deletions(-) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 185171bbe..5caa1bc9b 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -150,8 +150,8 @@ class UsersFilter(FilterSet): is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser") groups_by_name = ModelMultipleChoiceFilter( - field_name="ak_groups__username", - to_field_name="username", + field_name="ak_groups__name", + to_field_name="name", queryset=Group.objects.all(), ) groups_by_pk = ModelMultipleChoiceFilter( diff --git a/internal/outpost/ldap/api.go b/internal/outpost/ldap/api.go index f769969c7..b42356048 100644 --- a/internal/outpost/ldap/api.go +++ b/internal/outpost/ldap/api.go @@ -15,6 +15,12 @@ import ( log "github.com/sirupsen/logrus" ) +const ( + UsersOU = "users" + GroupsOU = "groups" + VirtualGroupsOU = "virtual-groups" +) + func (ls *LDAPServer) Refresh() error { outposts, _, err := ls.ac.Client.OutpostsApi.OutpostsLdapList(context.Background()).Execute() if err != nil { @@ -25,11 +31,13 @@ func (ls *LDAPServer) Refresh() error { } providers := make([]*ProviderInstance, len(outposts.Results)) for idx, provider := range outposts.Results { - userDN := strings.ToLower(fmt.Sprintf("ou=users,%s", *provider.BaseDn)) - groupDN := strings.ToLower(fmt.Sprintf("ou=groups,%s", *provider.BaseDn)) + userDN := strings.ToLower(fmt.Sprintf("ou=%s,%s", UsersOU, *provider.BaseDn)) + groupDN := strings.ToLower(fmt.Sprintf("ou=%s,%s", GroupsOU, *provider.BaseDn)) + virtualGroupDN := strings.ToLower(fmt.Sprintf("ou=%s,%s", VirtualGroupsOU, *provider.BaseDn)) logger := log.WithField("logger", "authentik.outpost.ldap").WithField("provider", provider.Name) providers[idx] = &ProviderInstance{ BaseDN: *provider.BaseDn, + VirtualGroupDN: virtualGroupDN, GroupDN: groupDN, UserDN: userDN, appSlug: provider.ApplicationSlug, diff --git a/internal/outpost/ldap/instance_search.go b/internal/outpost/ldap/instance_search.go index 1453510f4..b18235f06 100644 --- a/internal/outpost/ldap/instance_search.go +++ b/internal/outpost/ldap/instance_search.go @@ -59,6 +59,10 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult, return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter) } + // Create a custom client to set additional headers + c := api.NewAPIClient(pi.s.ac.Client.GetConfig()) + c.GetConfig().AddDefaultHeader("X-authentik-outpost-ldap-query", req.Filter) + switch filterEntity { default: return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter) @@ -72,7 +76,12 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult, go func() { defer wg.Done() gapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_group") - groups, _, err := parseFilterForGroup(pi.s.ac.Client.CoreApi.CoreGroupsList(gapisp.Context()), parsedFilter).Execute() + searchReq, skip := parseFilterForGroup(c.CoreApi.CoreGroupsList(gapisp.Context()), parsedFilter, false) + if skip { + pi.log.Trace("Skip backend request") + return + } + groups, _, err := searchReq.Execute() gapisp.Finish() if err != nil { req.log.WithError(err).Warning("failed to get groups") @@ -88,7 +97,12 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult, go func() { defer wg.Done() uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user") - users, _, err := parseFilterForUser(pi.s.ac.Client.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter).Execute() + searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false) + if skip { + pi.log.Trace("Skip backend request") + return + } + users, _, err := searchReq.Execute() uapisp.Finish() if err != nil { req.log.WithError(err).Warning("failed to get users") @@ -103,7 +117,12 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult, entries = append(gEntries, uEntries...) case UserObjectClass, "": uapisp := sentry.StartSpan(req.ctx, "authentik.providers.ldap.search.api_user") - users, _, err := parseFilterForUser(pi.s.ac.Client.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter).Execute() + searchReq, skip := parseFilterForUser(c.CoreApi.CoreUsersList(uapisp.Context()), parsedFilter, false) + if skip { + pi.log.Trace("Skip backend request") + return ldap.ServerSearchResult{Entries: entries, Referrals: []string{}, Controls: []ldap.Control{}, ResultCode: ldap.LDAPResultSuccess}, nil + } + users, _, err := searchReq.Execute() uapisp.Finish() if err != nil { diff --git a/internal/outpost/ldap/instance_search_group.go b/internal/outpost/ldap/instance_search_group.go index 44d71a294..7bbf14da5 100644 --- a/internal/outpost/ldap/instance_search_group.go +++ b/internal/outpost/ldap/instance_search_group.go @@ -7,52 +7,62 @@ import ( "goauthentik.io/api" ) -func parseFilterForGroup(req api.ApiCoreGroupsListRequest, f *ber.Packet) api.ApiCoreGroupsListRequest { +func parseFilterForGroup(req api.ApiCoreGroupsListRequest, f *ber.Packet, skip bool) (api.ApiCoreGroupsListRequest, bool) { switch f.Tag { case ldap.FilterEqualityMatch: return parseFilterForGroupSingle(req, f) case ldap.FilterAnd: for _, child := range f.Children { - req = parseFilterForGroup(req, child) + r, s := parseFilterForGroup(req, child, skip) + skip = skip || s + req = r } - return req + return req, skip } - return req + return req, skip } -func parseFilterForGroupSingle(req api.ApiCoreGroupsListRequest, f *ber.Packet) api.ApiCoreGroupsListRequest { +func parseFilterForGroupSingle(req api.ApiCoreGroupsListRequest, f *ber.Packet) (api.ApiCoreGroupsListRequest, bool) { // We can only handle key = value pairs here if len(f.Children) < 2 { - return req + return req, false } k := f.Children[0].Value // Ensure key is string if _, ok := k.(string); !ok { - return req + return req, false } v := f.Children[1].Value // Null values are ignored if v == nil { - return req + return req, false } // Switch on type of the value, then check the key switch vv := v.(type) { case string: switch k { case "cn": - return req.Name(vv) + return req.Name(vv), false case "member": + fallthrough case "memberOf": userDN, err := goldap.ParseDN(vv) if err != nil { - return req + return req.MembersByUsername([]string{vv}), false } username := userDN.RDNs[0].Attributes[0].Value - return req.MembersByUsername([]string{username}) + // If the DN's first ou is virtual-groups, ignore this filter + if len(userDN.RDNs) > 1 { + if userDN.RDNs[1].Attributes[0].Value == VirtualGroupsOU || userDN.RDNs[1].Attributes[0].Value == GroupsOU { + // Since we know we're not filtering anything, skip this request + return req, true + } + } + return req.MembersByUsername([]string{username}), false } // TODO: Support int default: - return req + return req, false } - return req + return req, false } diff --git a/internal/outpost/ldap/instance_search_user.go b/internal/outpost/ldap/instance_search_user.go index fd0fd3ce4..842151a32 100644 --- a/internal/outpost/ldap/instance_search_user.go +++ b/internal/outpost/ldap/instance_search_user.go @@ -7,57 +7,67 @@ import ( "goauthentik.io/api" ) -func parseFilterForUser(req api.ApiCoreUsersListRequest, f *ber.Packet) api.ApiCoreUsersListRequest { +func parseFilterForUser(req api.ApiCoreUsersListRequest, f *ber.Packet, skip bool) (api.ApiCoreUsersListRequest, bool) { switch f.Tag { case ldap.FilterEqualityMatch: return parseFilterForUserSingle(req, f) case ldap.FilterAnd: for _, child := range f.Children { - req = parseFilterForUser(req, child) + r, s := parseFilterForUser(req, child, skip) + skip = skip || s + req = r } - return req + return req, skip } - return req + return req, skip } -func parseFilterForUserSingle(req api.ApiCoreUsersListRequest, f *ber.Packet) api.ApiCoreUsersListRequest { +func parseFilterForUserSingle(req api.ApiCoreUsersListRequest, f *ber.Packet) (api.ApiCoreUsersListRequest, bool) { // We can only handle key = value pairs here if len(f.Children) < 2 { - return req + return req, false } k := f.Children[0].Value // Ensure key is string if _, ok := k.(string); !ok { - return req + return req, false } v := f.Children[1].Value // Null values are ignored if v == nil { - return req + return req, false } // Switch on type of the value, then check the key switch vv := v.(type) { case string: switch k { case "cn": - return req.Username(vv) + return req.Username(vv), false case "name": case "displayName": - return req.Name(vv) + return req.Name(vv), false case "mail": - return req.Email(vv) + return req.Email(vv), false case "member": + fallthrough case "memberOf": groupDN, err := goldap.ParseDN(vv) if err != nil { - return req + return req.GroupsByName([]string{vv}), false } name := groupDN.RDNs[0].Attributes[0].Value - return req.GroupsByName([]string{name}) + // If the DN's first ou is virtual-groups, ignore this filter + if len(groupDN.RDNs) > 1 { + if groupDN.RDNs[1].Attributes[0].Value == UsersOU || groupDN.RDNs[1].Attributes[0].Value == VirtualGroupsOU { + // Since we know we're not filtering anything, skip this request + return req, true + } + } + return req.GroupsByName([]string{name}), false } // TODO: Support int default: - return req + return req, false } - return req + return req, false } diff --git a/internal/outpost/ldap/ldap.go b/internal/outpost/ldap/ldap.go index 6d7a72c7b..ebfa0e3c0 100644 --- a/internal/outpost/ldap/ldap.go +++ b/internal/outpost/ldap/ldap.go @@ -19,8 +19,10 @@ const UserObjectClass = "user" type ProviderInstance struct { BaseDN string - UserDN string - GroupDN string + UserDN string + + VirtualGroupDN string + GroupDN string appSlug string flowSlug string diff --git a/internal/outpost/ldap/utils.go b/internal/outpost/ldap/utils.go index 67cad4f2e..3a9840baa 100644 --- a/internal/outpost/ldap/utils.go +++ b/internal/outpost/ldap/utils.go @@ -95,7 +95,7 @@ func (pi *ProviderInstance) APIGroupToLDAPGroup(g api.Group) LDAPGroup { func (pi *ProviderInstance) APIUserToLDAPGroup(u api.User) LDAPGroup { return LDAPGroup{ - dn: pi.GetGroupDN(u.Username), + dn: pi.GetVirtualGroupDN(u.Username), cn: u.Username, uid: u.Uid, gidNumber: pi.GetUidNumber(u), @@ -114,6 +114,10 @@ func (pi *ProviderInstance) GetGroupDN(group string) string { return fmt.Sprintf("cn=%s,%s", group, pi.GroupDN) } +func (pi *ProviderInstance) GetVirtualGroupDN(group string) string { + return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN) +} + func (pi *ProviderInstance) GetUidNumber(user api.User) string { return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10) } diff --git a/website/docs/providers/ldap.md b/website/docs/providers/ldap.md index 2aead1e10..87beeeecf 100644 --- a/website/docs/providers/ldap.md +++ b/website/docs/providers/ldap.md @@ -14,7 +14,7 @@ Binding against the LDAP Server uses a flow in the background. This allows you t You can configure under which base DN the information should be available. For this documentation we'll use the default of `DC=ldap,DC=goauthentik,DC=io`. -Users are available under `ou=users,` and groups under `ou=groups,`. +Users are available under `ou=users,` and groups under `ou=groups,`. To aid compatibility, each user belongs to its own "virtual" group, as is standard on most Unix-like systems. This group does not exist in the authentik database, and is generated on the fly. These virtual groups are under the `ou=virtual-groups,` DN. You can bind using the DN `cn=,ou=users,`, or using the following ldapsearch command for example: From b003e8e1e840663196e2339934ceefd67344eeb8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 18:36:06 +0200 Subject: [PATCH 32/40] sources/oauth: fix openidconnect provider name Signed-off-by: Jens Langhammer --- authentik/sources/oauth/tests/test_type_azure_ad.py | 2 +- authentik/sources/oauth/tests/test_type_discord.py | 2 +- authentik/sources/oauth/tests/test_type_github.py | 2 +- authentik/sources/oauth/tests/test_type_twitter.py | 2 +- authentik/sources/oauth/tests/test_views.py | 2 +- tests/e2e/test_source_oauth.py | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/authentik/sources/oauth/tests/test_type_azure_ad.py b/authentik/sources/oauth/tests/test_type_azure_ad.py index b2d8b9f5f..a94f9fe03 100644 --- a/authentik/sources/oauth/tests/test_type_azure_ad.py +++ b/authentik/sources/oauth/tests/test_type_azure_ad.py @@ -32,7 +32,7 @@ class TestTypeAzureAD(TestCase): self.source = OAuthSource.objects.create( name="test", slug="test", - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="", profile_url="", consumer_key="", diff --git a/authentik/sources/oauth/tests/test_type_discord.py b/authentik/sources/oauth/tests/test_type_discord.py index 86340afed..c3aa56efc 100644 --- a/authentik/sources/oauth/tests/test_type_discord.py +++ b/authentik/sources/oauth/tests/test_type_discord.py @@ -25,7 +25,7 @@ class TestTypeDiscord(TestCase): self.source = OAuthSource.objects.create( name="test", slug="test", - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="", profile_url="", consumer_key="", diff --git a/authentik/sources/oauth/tests/test_type_github.py b/authentik/sources/oauth/tests/test_type_github.py index 50a699b9c..2ff26c846 100644 --- a/authentik/sources/oauth/tests/test_type_github.py +++ b/authentik/sources/oauth/tests/test_type_github.py @@ -55,7 +55,7 @@ class TestTypeGitHub(TestCase): self.source = OAuthSource.objects.create( name="test", slug="test", - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="", profile_url="", consumer_key="", diff --git a/authentik/sources/oauth/tests/test_type_twitter.py b/authentik/sources/oauth/tests/test_type_twitter.py index 84fdd0f80..2d8944d98 100644 --- a/authentik/sources/oauth/tests/test_type_twitter.py +++ b/authentik/sources/oauth/tests/test_type_twitter.py @@ -96,7 +96,7 @@ class TestTypeGitHub(TestCase): self.source = OAuthSource.objects.create( name="test", slug="test", - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="", profile_url="", consumer_key="", diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index a979bdfa2..b38634682 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -13,7 +13,7 @@ class TestOAuthSource(TestCase): self.source = OAuthSource.objects.create( name="test", slug="test", - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="", profile_url="", consumer_key="", diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth.py index e32b8853b..cd5b15919 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth.py @@ -118,7 +118,7 @@ class TestSourceOAuth2(SeleniumTestCase): slug="dex", authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, - provider_type="openid-connect", + provider_type="openidconnect", authorization_url="http://127.0.0.1:5556/dex/auth", access_token_url="http://127.0.0.1:5556/dex/token", profile_url="http://127.0.0.1:5556/dex/userinfo", From 33d5cd29738d657f0003436aeb6d0d1cf14ea661 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 21 Aug 2021 18:48:02 +0200 Subject: [PATCH 33/40] web: add notice for Certificate for LDAP Provider Signed-off-by: Jens Langhammer --- web/src/locales/en.po | 308 ++++++++++++------ web/src/locales/pseudo-LOCALE.po | 292 +++++++++++------ .../pages/providers/ldap/LDAPProviderForm.ts | 17 +- 3 files changed, 413 insertions(+), 204 deletions(-) diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 36dd86df3..f2c776929 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -233,7 +233,6 @@ msgstr "App" #: src/elements/user/UserConsentList.ts #: src/pages/admin-overview/TopApplicationsTable.ts -#: src/pages/applications/ApplicationListPage.ts #: src/pages/providers/ProviderListPage.ts msgid "Application" msgstr "Application" @@ -254,6 +253,10 @@ msgstr "Application requires following permissions:" msgid "Application's display Name." msgstr "Application's display Name." +#: src/pages/applications/ApplicationListPage.ts +msgid "Application(s)" +msgstr "Application(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/LibraryPage.ts #: src/pages/applications/ApplicationListPage.ts @@ -284,7 +287,7 @@ msgstr "" msgid "Are you sure you want to delete {0} {1}?" msgstr "Are you sure you want to delete {0} {1}?" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Are you sure you want to delete {0} {objName} ?" msgstr "Are you sure you want to delete {0} {objName} ?" @@ -363,9 +366,13 @@ msgstr "Authenticator" msgid "Authorization" msgstr "Authorization" +#: +#~ msgid "Authorization Code" +#~ msgstr "Authorization Code" + #: src/elements/oauth/UserCodeList.ts -msgid "Authorization Code" -msgstr "Authorization Code" +msgid "Authorization Code(s)" +msgstr "Authorization Code(s)" #: src/pages/sources/oauth/OAuthSourceForm.ts #: src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -487,7 +494,7 @@ msgstr "Browser" msgid "Build hash:" msgstr "Build hash:" -#: +#: #~ msgid "Build hash: {0}" #~ msgstr "Build hash: {0}" @@ -518,7 +525,7 @@ msgstr "Can be in the format of 'unix://' when connecting to a local docker daem #: src/elements/forms/ConfirmationForm.ts #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts #: src/elements/forms/ModalForm.ts #: src/pages/groups/MemberSelectModal.ts #: src/pages/users/GroupSelectModal.ts @@ -552,9 +559,13 @@ msgstr "Certificate Subjet" msgid "Certificate used to sign outgoing Responses going to the Service Provider." msgstr "Certificate used to sign outgoing Responses going to the Service Provider." +#: +#~ msgid "Certificate-Key Pair" +#~ msgstr "Certificate-Key Pair" + #: src/pages/crypto/CertificateKeyPairListPage.ts -msgid "Certificate-Key Pair" -msgstr "Certificate-Key Pair" +msgid "Certificate-Key Pair(s)" +msgstr "Certificate-Key Pair(s)" #: src/pages/crypto/CertificateKeyPairListPage.ts msgid "Certificate-Key Pairs" @@ -792,6 +803,7 @@ msgid "Connect" msgstr "Connect" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Connected." msgstr "Connected." @@ -804,9 +816,9 @@ msgstr "Connection error, reconnecting..." msgid "Connection settings" msgstr "Connection settings" -#: src/elements/user/UserConsentList.ts -msgid "Consent" -msgstr "Consent" +#: +#~ msgid "Consent" +#~ msgstr "Consent" #: src/pages/stages/consent/ConsentStageForm.ts msgid "Consent expires in" @@ -820,6 +832,10 @@ msgstr "Consent expires." msgid "Consent given last indefinitely" msgstr "Consent given last indefinitely" +#: src/elements/user/UserConsentList.ts +msgid "Consent(s)" +msgstr "Consent(s)" + #: src/pages/sources/ldap/LDAPSourceForm.ts msgid "Consider Objects matching this filter to be Groups." msgstr "Consider Objects matching this filter to be Groups." @@ -1091,17 +1107,21 @@ msgid "Define how notifications are sent to users, like Email or Webhook." msgstr "Define how notifications are sent to users, like Email or Webhook." #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts #: src/elements/oauth/UserCodeList.ts #: src/elements/oauth/UserRefreshList.ts +#: src/elements/user/SessionList.ts +#: src/elements/user/UserConsentList.ts #: src/pages/applications/ApplicationListPage.ts #: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/events/RuleListPage.ts #: src/pages/events/TransportListPage.ts +#: src/pages/flows/BoundStagesList.ts #: src/pages/flows/FlowListPage.ts #: src/pages/groups/GroupListPage.ts #: src/pages/outposts/OutpostListPage.ts #: src/pages/outposts/ServiceConnectionListPage.ts +#: src/pages/policies/BoundPoliciesList.ts #: src/pages/policies/PolicyListPage.ts #: src/pages/policies/reputation/IPReputationListPage.ts #: src/pages/policies/reputation/UserReputationListPage.ts @@ -1119,26 +1139,26 @@ msgstr "Define how notifications are sent to users, like Email or Webhook." msgid "Delete" msgstr "Delete" -#: +#: #~ msgid "Delete Authorization Code" #~ msgstr "Delete Authorization Code" -#: src/pages/flows/BoundStagesList.ts -#: src/pages/policies/BoundPoliciesList.ts -msgid "Delete Binding" -msgstr "Delete Binding" +#: +#: +#~ msgid "Delete Binding" +#~ msgstr "Delete Binding" -#: src/elements/user/UserConsentList.ts -msgid "Delete Consent" -msgstr "Delete Consent" +#: +#~ msgid "Delete Consent" +#~ msgstr "Delete Consent" -#: +#: #~ msgid "Delete Refresh Code" #~ msgstr "Delete Refresh Code" -#: src/elements/user/SessionList.ts -msgid "Delete Session" -msgstr "Delete Session" +#: +#~ msgid "Delete Session" +#~ msgstr "Delete Session" #: src/pages/user-settings/UserSelfForm.ts msgid "Delete account" @@ -1165,7 +1185,7 @@ msgstr "" "confirmation. Use a consent stage to ensure the user is aware of their actions." #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Delete {0}" msgstr "Delete {0}" @@ -1230,8 +1250,8 @@ msgstr "Digest algorithm" msgid "Digits" msgstr "Digits" -#: -#: +#: +#: #~ msgid "Disable" #~ msgstr "Disable" @@ -1252,6 +1272,7 @@ msgid "Disabled" msgstr "Disabled" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Disconnect" msgstr "Disconnect" @@ -1278,6 +1299,10 @@ msgstr "Download Certificate" msgid "Download Private key" msgstr "Download Private key" +#: src/pages/providers/ldap/LDAPProviderForm.ts +msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider." +msgstr "Due to protocol limitations, this certificate is only used when the outpost has a single provider." + #: src/pages/stages/dummy/DummyStageForm.ts msgid "Dummy stage used for testing. Shows a simple continue button and always passes." msgstr "Dummy stage used for testing. Shows a simple continue button and always passes." @@ -1382,8 +1407,8 @@ msgstr "Email: Text field with Email type." msgid "Embedded outpost is not configured correctly." msgstr "Embedded outpost is not configured correctly." -#: -#: +#: +#: #~ msgid "Enable" #~ msgstr "Enable" @@ -1536,6 +1561,7 @@ msgstr "Expires?" msgid "Expiring" msgstr "Expiring" +#: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/stages/invitation/InvitationListPage.ts msgid "Expiry" msgstr "Expiry" @@ -1607,7 +1633,7 @@ msgid "Failed to delete policy cache" msgstr "Failed to delete policy cache" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Failed to delete {0}: {1}" msgstr "Failed to delete {0}: {1}" @@ -1653,7 +1679,6 @@ msgid "Fields a user can identify themselves with. If no fields are selected, th msgstr "Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources." #: src/pages/flows/FlowImportForm.ts -#: src/pages/flows/FlowListPage.ts msgid "Flow" msgstr "Flow" @@ -1712,6 +1737,10 @@ msgstr "Flow used to logout. If left empty, the first applicable flow sorted by msgid "Flow used when authorizing this provider." msgstr "Flow used when authorizing this provider." +#: src/pages/flows/FlowListPage.ts +msgid "Flow(s)" +msgstr "Flow(s)" + #: src/interfaces/AdminInterface.ts #: src/interfaces/AdminInterface.ts #: src/pages/admin-overview/AdminOverviewPage.ts @@ -1794,7 +1823,6 @@ msgid "Go to previous page" msgstr "Go to previous page" #: src/pages/events/RuleForm.ts -#: src/pages/groups/GroupListPage.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/providers/ldap/LDAPProviderForm.ts @@ -1821,6 +1849,10 @@ msgstr "Group users together and give them permissions based on the membership." msgid "Group {0}" msgstr "Group {0}" +#: src/pages/groups/GroupListPage.ts +msgid "Group(s)" +msgstr "Group(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/admin-overview/AdminOverviewPage.ts #: src/pages/groups/GroupListPage.ts @@ -1890,6 +1922,7 @@ msgstr "How many attempts a user has before the flow is canceled. To lock the us #: src/elements/forms/DeleteBulkForm.ts #: src/pages/stages/invitation/InvitationListPage.ts +#: src/pages/users/UserListPage.ts msgid "ID" msgstr "ID" @@ -1940,6 +1973,10 @@ msgstr "If enabled, use the local connection. Required Docker socket/Kubernetes msgid "If left empty, authentik will try to extract the launch URL based on the selected provider." msgstr "If left empty, authentik will try to extract the launch URL based on the selected provider." +#: src/pages/providers/ldap/LDAPProviderForm.ts +msgid "If multiple providers share an outpost, a self-signed certificate is used." +msgstr "If multiple providers share an outpost, a self-signed certificate is used." + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "If no explicit redirect URIs are specified, any redirect URI is allowed." msgstr "If no explicit redirect URIs are specified, any redirect URI is allowed." @@ -2038,14 +2075,18 @@ msgstr "Invalidation" msgid "Invalidation flow" msgstr "Invalidation flow" -#: src/pages/stages/invitation/InvitationListPage.ts -msgid "Invitation" -msgstr "Invitation" +#: +#~ msgid "Invitation" +#~ msgstr "Invitation" #: src/pages/events/utils.ts msgid "Invitation used" msgstr "Invitation used" +#: src/pages/stages/invitation/InvitationListPage.ts +msgid "Invitation(s)" +msgstr "Invitation(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/stages/invitation/InvitationListPage.ts msgid "Invitations" @@ -2233,7 +2274,6 @@ msgstr "Loading" #: src/pages/sources/ldap/LDAPSourceForm.ts #: src/pages/sources/oauth/OAuthSourceForm.ts #: src/pages/sources/oauth/OAuthSourceForm.ts -#: src/pages/sources/oauth/OAuthSourceForm.ts #: src/pages/sources/plex/PlexSourceForm.ts #: src/pages/sources/plex/PlexSourceForm.ts #: src/pages/sources/saml/SAMLSourceForm.ts @@ -2421,6 +2461,7 @@ msgstr "My Applications" #: src/pages/applications/ApplicationListPage.ts #: src/pages/crypto/CertificateKeyPairForm.ts #: src/pages/crypto/CertificateKeyPairListPage.ts +#: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/events/EventInfo.ts #: src/pages/events/RuleForm.ts #: src/pages/events/RuleListPage.ts @@ -2607,6 +2648,7 @@ msgid "Not configured action" msgstr "Not configured action" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Not connected." msgstr "Not connected." @@ -2647,17 +2689,25 @@ msgstr "Notification Rules" msgid "Notification Transports" msgstr "Notification Transports" +#: +#~ msgid "Notification rule" +#~ msgstr "Notification rule" + #: src/pages/events/RuleListPage.ts -msgid "Notification rule" -msgstr "Notification rule" +msgid "Notification rule(s)" +msgstr "Notification rule(s)" + +#: src/pages/events/TransportListPage.ts +msgid "Notification transports(s)" +msgstr "Notification transports(s)" #: src/elements/notifications/NotificationDrawer.ts msgid "Notifications" msgstr "Notifications" -#: src/pages/events/TransportListPage.ts -msgid "Notifications Transport" -msgstr "Notifications Transport" +#: +#~ msgid "Notifications Transport" +#~ msgstr "Notifications Transport" #: src/pages/stages/prompt/PromptForm.ts msgid "Number" @@ -2702,7 +2752,7 @@ msgstr "Only fail the policy, don't invalidate user's password." msgid "Only send notification once, for example when sending a webhook into a chat channel." msgstr "Only send notification once, for example when sending a webhook into a chat channel." -#: +#: #~ msgid "Open application" #~ msgstr "Open application" @@ -2771,26 +2821,34 @@ msgstr "Other global settings" msgid "Outdated outposts" msgstr "Outdated outposts" -#: src/pages/outposts/OutpostListPage.ts -msgid "Outpost" -msgstr "Outpost" +#: +#~ msgid "Outpost" +#~ msgstr "Outpost" #: src/pages/outposts/OutpostDeploymentModal.ts msgid "Outpost Deployment Info" msgstr "Outpost Deployment Info" -#: +#: #~ msgid "Outpost Service-connection" #~ msgstr "Outpost Service-connection" +#: +#~ msgid "Outpost integration" +#~ msgstr "Outpost integration" + #: src/pages/outposts/ServiceConnectionListPage.ts -msgid "Outpost integration" -msgstr "Outpost integration" +msgid "Outpost integration(s)" +msgstr "Outpost integration(s)" #: src/pages/admin-overview/AdminOverviewPage.ts msgid "Outpost status" msgstr "Outpost status" +#: src/pages/outposts/OutpostListPage.ts +msgid "Outpost(s)" +msgstr "Outpost(s)" + #: src/interfaces/AdminInterface.ts #: src/interfaces/AdminInterface.ts #: src/pages/outposts/OutpostListPage.ts @@ -2884,7 +2942,6 @@ msgstr "Policies" #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts -#: src/pages/policies/PolicyListPage.ts msgid "Policy" msgstr "Policy" @@ -2893,6 +2950,10 @@ msgstr "Policy" msgid "Policy / Group / User Bindings" msgstr "Policy / Group / User Bindings" +#: src/pages/policies/PolicyListPage.ts +msgid "Policy / Policies" +msgstr "Policy / Policies" + #: src/pages/policies/BoundPoliciesList.ts msgid "Policy / User / Group" msgstr "Policy / User / Group" @@ -2903,9 +2964,13 @@ msgstr "Policy / User / Group" msgid "Policy Bindings" msgstr "Policy Bindings" +#: +#~ msgid "Policy binding" +#~ msgstr "Policy binding" + #: src/pages/policies/BoundPoliciesList.ts -msgid "Policy binding" -msgstr "Policy binding" +msgid "Policy binding(s)" +msgstr "Policy binding(s)" #: src/pages/applications/ApplicationForm.ts #: src/pages/applications/ApplicationViewPage.ts @@ -2973,27 +3038,35 @@ msgstr "Private key, acquired from https://www.google.com/recaptcha/intro/v3.htm msgid "Profile URL" msgstr "Profile URL" -#: src/pages/stages/prompt/PromptListPage.ts -msgid "Prompt" -msgstr "Prompt" +#: +#~ msgid "Prompt" +#~ msgstr "Prompt" #: src/pages/stages/consent/ConsentStageForm.ts msgid "Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time." msgstr "Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time." +#: src/pages/stages/prompt/PromptListPage.ts +msgid "Prompt(s)" +msgstr "Prompt(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/stages/prompt/PromptListPage.ts msgid "Prompts" msgstr "Prompts" -#: src/pages/property-mappings/PropertyMappingListPage.ts -msgid "Property Mapping" -msgstr "Property Mapping" +#: +#~ msgid "Property Mapping" +#~ msgstr "Property Mapping" #: src/pages/events/utils.ts msgid "Property Mapping exception" msgstr "Property Mapping exception" +#: src/pages/property-mappings/PropertyMappingListPage.ts +msgid "Property Mapping(s)" +msgstr "Property Mapping(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/property-mappings/PropertyMappingListPage.ts msgid "Property Mappings" @@ -3033,7 +3106,6 @@ msgstr "Provide support for protocols like SAML and OAuth to assigned applicatio #: src/pages/applications/ApplicationForm.ts #: src/pages/applications/ApplicationListPage.ts #: src/pages/applications/ApplicationViewPage.ts -#: src/pages/providers/ProviderListPage.ts msgid "Provider" msgstr "Provider" @@ -3042,9 +3114,13 @@ msgstr "Provider" msgid "Provider Type" msgstr "Provider Type" -#: src/pages/sources/oauth/OAuthSourceForm.ts -msgid "Provider type" -msgstr "Provider type" +#: +#~ msgid "Provider type" +#~ msgstr "Provider type" + +#: src/pages/providers/ProviderListPage.ts +msgid "Provider(s)" +msgstr "Provider(s)" #: src/interfaces/AdminInterface.ts #: src/pages/outposts/OutpostForm.ts @@ -3168,9 +3244,13 @@ msgstr "Redirect binding" msgid "Refresh" msgstr "Refresh" +#: +#~ msgid "Refresh Code" +#~ msgstr "Refresh Code" + #: src/elements/oauth/UserRefreshList.ts -msgid "Refresh Code" -msgstr "Refresh Code" +msgid "Refresh Code(s)" +msgstr "Refresh Code(s)" #: src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts msgid "Register device" @@ -3419,7 +3499,7 @@ msgstr "Select which transports should be used to notify the user. If none are s msgid "Selected policies are executed when the stage is submitted to validate the data." msgstr "Selected policies are executed when the stage is submitted to validate the data." -#: +#: #~ msgid "Selecting a service-connection enables the management of the outpost by authentik." #~ msgstr "Selecting a service-connection enables the management of the outpost by authentik." @@ -3468,15 +3548,15 @@ msgstr "Server URI" msgid "Server and client are further than 5 seconds apart." msgstr "Server and client are further than 5 seconds apart." -#: src/pages/providers/ldap/LDAPProviderForm.ts -msgid "Server name for which this provider's certificate is valid for." -msgstr "Server name for which this provider's certificate is valid for." +#: +#~ msgid "Server name for which this provider's certificate is valid for." +#~ msgstr "Server name for which this provider's certificate is valid for." #: src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts msgid "Server validation of credential failed: {err}" msgstr "Server validation of credential failed: {err}" -#: +#: #~ msgid "Service Connections" #~ msgstr "Service Connections" @@ -3484,14 +3564,14 @@ msgstr "Server validation of credential failed: {err}" msgid "Service Provider Binding" msgstr "Service Provider Binding" -#: -#: +#: +#: #~ msgid "Service connection" #~ msgstr "Service connection" -#: src/elements/user/SessionList.ts -msgid "Session" -msgstr "Session" +#: +#~ msgid "Session" +#~ msgstr "Session" #: src/pages/stages/user_login/UserLoginStageForm.ts msgid "Session duration" @@ -3505,6 +3585,10 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1 msgid "Session valid not on or after" msgstr "Session valid not on or after" +#: src/elements/user/SessionList.ts +msgid "Session(s)" +msgstr "Session(s)" + #: src/pages/users/UserViewPage.ts msgid "Sessions" msgstr "Sessions" @@ -3585,18 +3669,23 @@ msgstr "Slug" msgid "Something went wrong! Please try again later." msgstr "Something went wrong! Please try again later." -#: src/pages/sources/SourcesListPage.ts -msgid "Source" -msgstr "Source" +#: +#~ msgid "Source" +#~ msgstr "Source" #: src/pages/events/utils.ts msgid "Source linked" msgstr "Source linked" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Source {0}" msgstr "Source {0}" +#: src/pages/sources/SourcesListPage.ts +msgid "Source(s)" +msgstr "Source(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/sources/SourcesListPage.ts #: src/pages/stages/identification/IdentificationStageForm.ts @@ -3619,9 +3708,13 @@ msgstr "Stage Bindings" msgid "Stage Configuration" msgstr "Stage Configuration" +#: +#~ msgid "Stage binding" +#~ msgstr "Stage binding" + #: src/pages/flows/BoundStagesList.ts -msgid "Stage binding" -msgstr "Stage binding" +msgid "Stage binding(s)" +msgstr "Stage binding(s)" #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again." @@ -3647,6 +3740,10 @@ msgstr "Stage used to configure a static authenticator (i.e. static tokens). Thi msgid "Stage used to validate any authenticator. This stage should be used during authentication or authorization flows." msgstr "Stage used to validate any authenticator. This stage should be used during authentication or authorization flows." +#: src/pages/stages/StageListPage.ts +msgid "Stage(s)" +msgstr "Stage(s)" + #: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts #: src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts @@ -3804,8 +3901,8 @@ msgstr "Successfully created provider." msgid "Successfully created rule." msgstr "Successfully created rule." -#: -#: +#: +#: #~ msgid "Successfully created service-connection." #~ msgstr "Successfully created service-connection." @@ -3854,7 +3951,7 @@ msgid "Successfully created user." msgstr "Successfully created user." #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Successfully deleted {0} {1}" msgstr "Successfully deleted {0} {1}" @@ -3958,8 +4055,8 @@ msgstr "Successfully updated provider." msgid "Successfully updated rule." msgstr "Successfully updated rule." -#: -#: +#: +#: #~ msgid "Successfully updated service-connection." #~ msgstr "Successfully updated service-connection." @@ -4078,9 +4175,9 @@ msgstr "System task execution" msgid "TLS Authentication Certificate" msgstr "TLS Authentication Certificate" -#: src/pages/providers/ldap/LDAPProviderForm.ts -msgid "TLS Server name" -msgstr "TLS Server name" +#: +#~ msgid "TLS Server name" +#~ msgstr "TLS Server name" #: src/pages/outposts/ServiceConnectionDockerForm.ts msgid "TLS Verification Certificate" @@ -4107,10 +4204,13 @@ msgid "Template" msgstr "Template" #: src/pages/events/EventListPage.ts -#: src/pages/tenants/TenantListPage.ts msgid "Tenant" msgstr "Tenant" +#: src/pages/tenants/TenantListPage.ts +msgid "Tenant(s)" +msgstr "Tenant(s)" + #: src/interfaces/AdminInterface.ts #: src/pages/tenants/TenantListPage.ts msgid "Tenants" @@ -4147,11 +4247,11 @@ msgstr "The external URL you'll access the application at. Include any non-stand msgid "The external URL you'll authenticate at. Can be the same domain as authentik." msgstr "The external URL you'll authenticate at. Can be the same domain as authentik." -#: src/elements/forms/DeleteBulkForm.ts -msgid "The following objects use {0}:" -msgstr "The following objects use {0}:" +#: +#~ msgid "The following objects use {0}:" +#~ msgstr "The following objects use {0}:" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "The following objects use {objName}" msgstr "The following objects use {objName}" @@ -4258,10 +4358,10 @@ msgstr "To" msgid "To use SSL instead, use 'ldaps://' and disable this option." msgstr "To use SSL instead, use 'ldaps://' and disable this option." -#: src/pages/tokens/TokenListPage.ts -#: src/pages/user-settings/tokens/UserTokenList.ts -msgid "Token" -msgstr "Token" +#: +#: +#~ msgid "Token" +#~ msgstr "Token" #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts #: src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -4280,6 +4380,11 @@ msgstr "Token expiry" msgid "Token validity" msgstr "Token validity" +#: src/pages/tokens/TokenListPage.ts +#: src/pages/user-settings/tokens/UserTokenList.ts +msgid "Token(s)" +msgstr "Token(s)" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts #: src/interfaces/AdminInterface.ts #: src/pages/tokens/TokenListPage.ts @@ -4396,7 +4501,7 @@ msgstr "Unhealthy outposts" msgid "Unknown" msgstr "Unknown" -#: +#: #~ msgid "Unmanaged" #~ msgstr "Unmanaged" @@ -4703,6 +4808,7 @@ msgstr "Userinfo URL" #: src/pages/stages/identification/IdentificationStageForm.ts #: src/pages/user-settings/UserSelfForm.ts #: src/pages/users/UserForm.ts +#: src/pages/users/UserListPage.ts #: src/pages/users/UserViewPage.ts msgid "Username" msgstr "Username" @@ -4924,7 +5030,7 @@ msgstr "authentik Builtin Database" msgid "authentik LDAP Backend" msgstr "authentik LDAP Backend" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "connecting object will be deleted" msgstr "connecting object will be deleted" @@ -4937,17 +5043,17 @@ msgid "no tabs defined" msgstr "no tabs defined" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "object will be DELETED" msgstr "object will be DELETED" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "reference will be reset to default value" msgstr "reference will be reset to default value" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "reference will be set to an empty value" msgstr "reference will be set to an empty value" @@ -4965,7 +5071,7 @@ msgid "{0} ({1})" msgstr "{0} ({1})" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "{0} ({consequence})" msgstr "{0} ({consequence})" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index bb474cebf..5de2beb61 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -233,7 +233,6 @@ msgstr "" #: src/elements/user/UserConsentList.ts #: src/pages/admin-overview/TopApplicationsTable.ts -#: src/pages/applications/ApplicationListPage.ts #: src/pages/providers/ProviderListPage.ts msgid "Application" msgstr "" @@ -254,6 +253,10 @@ msgstr "" msgid "Application's display Name." msgstr "" +#: src/pages/applications/ApplicationListPage.ts +msgid "Application(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/LibraryPage.ts #: src/pages/applications/ApplicationListPage.ts @@ -280,7 +283,7 @@ msgstr "" msgid "Are you sure you want to delete {0} {1}?" msgstr "" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Are you sure you want to delete {0} {objName} ?" msgstr "" @@ -359,8 +362,12 @@ msgstr "" msgid "Authorization" msgstr "" +#: +#~ msgid "Authorization Code" +#~ msgstr "" + #: src/elements/oauth/UserCodeList.ts -msgid "Authorization Code" +msgid "Authorization Code(s)" msgstr "" #: src/pages/sources/oauth/OAuthSourceForm.ts @@ -483,7 +490,7 @@ msgstr "" msgid "Build hash:" msgstr "" -#: +#: #~ msgid "Build hash: {0}" #~ msgstr "" @@ -514,7 +521,7 @@ msgstr "" #: src/elements/forms/ConfirmationForm.ts #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts #: src/elements/forms/ModalForm.ts #: src/pages/groups/MemberSelectModal.ts #: src/pages/users/GroupSelectModal.ts @@ -548,8 +555,12 @@ msgstr "" msgid "Certificate used to sign outgoing Responses going to the Service Provider." msgstr "" +#: +#~ msgid "Certificate-Key Pair" +#~ msgstr "" + #: src/pages/crypto/CertificateKeyPairListPage.ts -msgid "Certificate-Key Pair" +msgid "Certificate-Key Pair(s)" msgstr "" #: src/pages/crypto/CertificateKeyPairListPage.ts @@ -786,6 +797,7 @@ msgid "Connect" msgstr "" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Connected." msgstr "" @@ -798,9 +810,9 @@ msgstr "" msgid "Connection settings" msgstr "" -#: src/elements/user/UserConsentList.ts -msgid "Consent" -msgstr "" +#: +#~ msgid "Consent" +#~ msgstr "" #: src/pages/stages/consent/ConsentStageForm.ts msgid "Consent expires in" @@ -814,6 +826,10 @@ msgstr "" msgid "Consent given last indefinitely" msgstr "" +#: src/elements/user/UserConsentList.ts +msgid "Consent(s)" +msgstr "" + #: src/pages/sources/ldap/LDAPSourceForm.ts msgid "Consider Objects matching this filter to be Groups." msgstr "" @@ -1085,17 +1101,21 @@ msgid "Define how notifications are sent to users, like Email or Webhook." msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts #: src/elements/oauth/UserCodeList.ts #: src/elements/oauth/UserRefreshList.ts +#: src/elements/user/SessionList.ts +#: src/elements/user/UserConsentList.ts #: src/pages/applications/ApplicationListPage.ts #: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/events/RuleListPage.ts #: src/pages/events/TransportListPage.ts +#: src/pages/flows/BoundStagesList.ts #: src/pages/flows/FlowListPage.ts #: src/pages/groups/GroupListPage.ts #: src/pages/outposts/OutpostListPage.ts #: src/pages/outposts/ServiceConnectionListPage.ts +#: src/pages/policies/BoundPoliciesList.ts #: src/pages/policies/PolicyListPage.ts #: src/pages/policies/reputation/IPReputationListPage.ts #: src/pages/policies/reputation/UserReputationListPage.ts @@ -1113,26 +1133,26 @@ msgstr "" msgid "Delete" msgstr "" -#: +#: #~ msgid "Delete Authorization Code" #~ msgstr "" -#: src/pages/flows/BoundStagesList.ts -#: src/pages/policies/BoundPoliciesList.ts -msgid "Delete Binding" -msgstr "" +#: +#: +#~ msgid "Delete Binding" +#~ msgstr "" -#: src/elements/user/UserConsentList.ts -msgid "Delete Consent" -msgstr "" +#: +#~ msgid "Delete Consent" +#~ msgstr "" -#: +#: #~ msgid "Delete Refresh Code" #~ msgstr "" -#: src/elements/user/SessionList.ts -msgid "Delete Session" -msgstr "" +#: +#~ msgid "Delete Session" +#~ msgstr "" #: src/pages/user-settings/UserSelfForm.ts msgid "Delete account" @@ -1157,7 +1177,7 @@ msgid "" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Delete {0}" msgstr "" @@ -1222,8 +1242,8 @@ msgstr "" msgid "Digits" msgstr "" -#: -#: +#: +#: #~ msgid "Disable" #~ msgstr "" @@ -1244,6 +1264,7 @@ msgid "Disabled" msgstr "" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Disconnect" msgstr "" @@ -1270,6 +1291,10 @@ msgstr "" msgid "Download Private key" msgstr "" +#: src/pages/providers/ldap/LDAPProviderForm.ts +msgid "Due to protocol limitations, this certificate is only used when the outpost has a single provider." +msgstr "" + #: src/pages/stages/dummy/DummyStageForm.ts msgid "Dummy stage used for testing. Shows a simple continue button and always passes." msgstr "" @@ -1374,8 +1399,8 @@ msgstr "" msgid "Embedded outpost is not configured correctly." msgstr "" -#: -#: +#: +#: #~ msgid "Enable" #~ msgstr "" @@ -1528,6 +1553,7 @@ msgstr "" msgid "Expiring" msgstr "" +#: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/stages/invitation/InvitationListPage.ts msgid "Expiry" msgstr "" @@ -1599,7 +1625,7 @@ msgid "Failed to delete policy cache" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Failed to delete {0}: {1}" msgstr "" @@ -1645,7 +1671,6 @@ msgid "Fields a user can identify themselves with. If no fields are selected, th msgstr "" #: src/pages/flows/FlowImportForm.ts -#: src/pages/flows/FlowListPage.ts msgid "Flow" msgstr "" @@ -1704,6 +1729,10 @@ msgstr "" msgid "Flow used when authorizing this provider." msgstr "" +#: src/pages/flows/FlowListPage.ts +msgid "Flow(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/interfaces/AdminInterface.ts #: src/pages/admin-overview/AdminOverviewPage.ts @@ -1786,7 +1815,6 @@ msgid "Go to previous page" msgstr "" #: src/pages/events/RuleForm.ts -#: src/pages/groups/GroupListPage.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/providers/ldap/LDAPProviderForm.ts @@ -1813,6 +1841,10 @@ msgstr "" msgid "Group {0}" msgstr "" +#: src/pages/groups/GroupListPage.ts +msgid "Group(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/admin-overview/AdminOverviewPage.ts #: src/pages/groups/GroupListPage.ts @@ -1882,6 +1914,7 @@ msgstr "" #: src/elements/forms/DeleteBulkForm.ts #: src/pages/stages/invitation/InvitationListPage.ts +#: src/pages/users/UserListPage.ts msgid "ID" msgstr "" @@ -1932,6 +1965,10 @@ msgstr "" msgid "If left empty, authentik will try to extract the launch URL based on the selected provider." msgstr "" +#: src/pages/providers/ldap/LDAPProviderForm.ts +msgid "If multiple providers share an outpost, a self-signed certificate is used." +msgstr "" + #: src/pages/providers/oauth2/OAuth2ProviderForm.ts msgid "If no explicit redirect URIs are specified, any redirect URI is allowed." msgstr "" @@ -2030,14 +2067,18 @@ msgstr "" msgid "Invalidation flow" msgstr "" -#: src/pages/stages/invitation/InvitationListPage.ts -msgid "Invitation" -msgstr "" +#: +#~ msgid "Invitation" +#~ msgstr "" #: src/pages/events/utils.ts msgid "Invitation used" msgstr "" +#: src/pages/stages/invitation/InvitationListPage.ts +msgid "Invitation(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/stages/invitation/InvitationListPage.ts msgid "Invitations" @@ -2225,7 +2266,6 @@ msgstr "" #: src/pages/sources/ldap/LDAPSourceForm.ts #: src/pages/sources/oauth/OAuthSourceForm.ts #: src/pages/sources/oauth/OAuthSourceForm.ts -#: src/pages/sources/oauth/OAuthSourceForm.ts #: src/pages/sources/plex/PlexSourceForm.ts #: src/pages/sources/plex/PlexSourceForm.ts #: src/pages/sources/saml/SAMLSourceForm.ts @@ -2413,6 +2453,7 @@ msgstr "" #: src/pages/applications/ApplicationListPage.ts #: src/pages/crypto/CertificateKeyPairForm.ts #: src/pages/crypto/CertificateKeyPairListPage.ts +#: src/pages/crypto/CertificateKeyPairListPage.ts #: src/pages/events/EventInfo.ts #: src/pages/events/RuleForm.ts #: src/pages/events/RuleListPage.ts @@ -2599,6 +2640,7 @@ msgid "Not configured action" msgstr "" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Not connected." msgstr "" @@ -2639,17 +2681,25 @@ msgstr "" msgid "Notification Transports" msgstr "" +#: +#~ msgid "Notification rule" +#~ msgstr "" + #: src/pages/events/RuleListPage.ts -msgid "Notification rule" +msgid "Notification rule(s)" +msgstr "" + +#: src/pages/events/TransportListPage.ts +msgid "Notification transports(s)" msgstr "" #: src/elements/notifications/NotificationDrawer.ts msgid "Notifications" msgstr "" -#: src/pages/events/TransportListPage.ts -msgid "Notifications Transport" -msgstr "" +#: +#~ msgid "Notifications Transport" +#~ msgstr "" #: src/pages/stages/prompt/PromptForm.ts msgid "Number" @@ -2694,7 +2744,7 @@ msgstr "" msgid "Only send notification once, for example when sending a webhook into a chat channel." msgstr "" -#: +#: #~ msgid "Open application" #~ msgstr "" @@ -2763,26 +2813,34 @@ msgstr "" msgid "Outdated outposts" msgstr "" -#: src/pages/outposts/OutpostListPage.ts -msgid "Outpost" -msgstr "" +#: +#~ msgid "Outpost" +#~ msgstr "" #: src/pages/outposts/OutpostDeploymentModal.ts msgid "Outpost Deployment Info" msgstr "" -#: +#: #~ msgid "Outpost Service-connection" #~ msgstr "" +#: +#~ msgid "Outpost integration" +#~ msgstr "" + #: src/pages/outposts/ServiceConnectionListPage.ts -msgid "Outpost integration" +msgid "Outpost integration(s)" msgstr "" #: src/pages/admin-overview/AdminOverviewPage.ts msgid "Outpost status" msgstr "" +#: src/pages/outposts/OutpostListPage.ts +msgid "Outpost(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/interfaces/AdminInterface.ts #: src/pages/outposts/OutpostListPage.ts @@ -2876,7 +2934,6 @@ msgstr "" #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts #: src/pages/policies/PolicyBindingForm.ts -#: src/pages/policies/PolicyListPage.ts msgid "Policy" msgstr "" @@ -2885,6 +2942,10 @@ msgstr "" msgid "Policy / Group / User Bindings" msgstr "" +#: src/pages/policies/PolicyListPage.ts +msgid "Policy / Policies" +msgstr "" + #: src/pages/policies/BoundPoliciesList.ts msgid "Policy / User / Group" msgstr "" @@ -2895,8 +2956,12 @@ msgstr "" msgid "Policy Bindings" msgstr "" +#: +#~ msgid "Policy binding" +#~ msgstr "" + #: src/pages/policies/BoundPoliciesList.ts -msgid "Policy binding" +msgid "Policy binding(s)" msgstr "" #: src/pages/applications/ApplicationForm.ts @@ -2965,27 +3030,35 @@ msgstr "" msgid "Profile URL" msgstr "" -#: src/pages/stages/prompt/PromptListPage.ts -msgid "Prompt" -msgstr "" +#: +#~ msgid "Prompt" +#~ msgstr "" #: src/pages/stages/consent/ConsentStageForm.ts msgid "Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time." msgstr "" +#: src/pages/stages/prompt/PromptListPage.ts +msgid "Prompt(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/stages/prompt/PromptListPage.ts msgid "Prompts" msgstr "" -#: src/pages/property-mappings/PropertyMappingListPage.ts -msgid "Property Mapping" -msgstr "" +#: +#~ msgid "Property Mapping" +#~ msgstr "" #: src/pages/events/utils.ts msgid "Property Mapping exception" msgstr "" +#: src/pages/property-mappings/PropertyMappingListPage.ts +msgid "Property Mapping(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/property-mappings/PropertyMappingListPage.ts msgid "Property Mappings" @@ -3025,7 +3098,6 @@ msgstr "" #: src/pages/applications/ApplicationForm.ts #: src/pages/applications/ApplicationListPage.ts #: src/pages/applications/ApplicationViewPage.ts -#: src/pages/providers/ProviderListPage.ts msgid "Provider" msgstr "" @@ -3034,8 +3106,12 @@ msgstr "" msgid "Provider Type" msgstr "" -#: src/pages/sources/oauth/OAuthSourceForm.ts -msgid "Provider type" +#: +#~ msgid "Provider type" +#~ msgstr "" + +#: src/pages/providers/ProviderListPage.ts +msgid "Provider(s)" msgstr "" #: src/interfaces/AdminInterface.ts @@ -3160,8 +3236,12 @@ msgstr "" msgid "Refresh" msgstr "" +#: +#~ msgid "Refresh Code" +#~ msgstr "" + #: src/elements/oauth/UserRefreshList.ts -msgid "Refresh Code" +msgid "Refresh Code(s)" msgstr "" #: src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts @@ -3411,7 +3491,7 @@ msgstr "" msgid "Selected policies are executed when the stage is submitted to validate the data." msgstr "" -#: +#: #~ msgid "Selecting a service-connection enables the management of the outpost by authentik." #~ msgstr "" @@ -3460,15 +3540,15 @@ msgstr "" msgid "Server and client are further than 5 seconds apart." msgstr "" -#: src/pages/providers/ldap/LDAPProviderForm.ts -msgid "Server name for which this provider's certificate is valid for." -msgstr "" +#: +#~ msgid "Server name for which this provider's certificate is valid for." +#~ msgstr "" #: src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts msgid "Server validation of credential failed: {err}" msgstr "" -#: +#: #~ msgid "Service Connections" #~ msgstr "" @@ -3476,14 +3556,14 @@ msgstr "" msgid "Service Provider Binding" msgstr "" -#: -#: +#: +#: #~ msgid "Service connection" #~ msgstr "" -#: src/elements/user/SessionList.ts -msgid "Session" -msgstr "" +#: +#~ msgid "Session" +#~ msgstr "" #: src/pages/stages/user_login/UserLoginStageForm.ts msgid "Session duration" @@ -3497,6 +3577,10 @@ msgstr "" msgid "Session valid not on or after" msgstr "" +#: src/elements/user/SessionList.ts +msgid "Session(s)" +msgstr "" + #: src/pages/users/UserViewPage.ts msgid "Sessions" msgstr "" @@ -3577,18 +3661,23 @@ msgstr "" msgid "Something went wrong! Please try again later." msgstr "" -#: src/pages/sources/SourcesListPage.ts -msgid "Source" -msgstr "" +#: +#~ msgid "Source" +#~ msgstr "" #: src/pages/events/utils.ts msgid "Source linked" msgstr "" #: src/pages/user-settings/settings/SourceSettingsOAuth.ts +#: src/pages/user-settings/settings/SourceSettingsPlex.ts msgid "Source {0}" msgstr "" +#: src/pages/sources/SourcesListPage.ts +msgid "Source(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/sources/SourcesListPage.ts #: src/pages/stages/identification/IdentificationStageForm.ts @@ -3611,8 +3700,12 @@ msgstr "" msgid "Stage Configuration" msgstr "" +#: +#~ msgid "Stage binding" +#~ msgstr "" + #: src/pages/flows/BoundStagesList.ts -msgid "Stage binding" +msgid "Stage binding(s)" msgstr "" #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts @@ -3639,6 +3732,10 @@ msgstr "" msgid "Stage used to validate any authenticator. This stage should be used during authentication or authorization flows." msgstr "" +#: src/pages/stages/StageListPage.ts +msgid "Stage(s)" +msgstr "" + #: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts #: src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts @@ -3796,8 +3893,8 @@ msgstr "" msgid "Successfully created rule." msgstr "" -#: -#: +#: +#: #~ msgid "Successfully created service-connection." #~ msgstr "" @@ -3846,7 +3943,7 @@ msgid "Successfully created user." msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "Successfully deleted {0} {1}" msgstr "" @@ -3950,8 +4047,8 @@ msgstr "" msgid "Successfully updated rule." msgstr "" -#: -#: +#: +#: #~ msgid "Successfully updated service-connection." #~ msgstr "" @@ -4070,9 +4167,9 @@ msgstr "" msgid "TLS Authentication Certificate" msgstr "" -#: src/pages/providers/ldap/LDAPProviderForm.ts -msgid "TLS Server name" -msgstr "" +#: +#~ msgid "TLS Server name" +#~ msgstr "" #: src/pages/outposts/ServiceConnectionDockerForm.ts msgid "TLS Verification Certificate" @@ -4099,10 +4196,13 @@ msgid "Template" msgstr "" #: src/pages/events/EventListPage.ts -#: src/pages/tenants/TenantListPage.ts msgid "Tenant" msgstr "" +#: src/pages/tenants/TenantListPage.ts +msgid "Tenant(s)" +msgstr "" + #: src/interfaces/AdminInterface.ts #: src/pages/tenants/TenantListPage.ts msgid "Tenants" @@ -4139,11 +4239,11 @@ msgstr "" msgid "The external URL you'll authenticate at. Can be the same domain as authentik." msgstr "" -#: src/elements/forms/DeleteBulkForm.ts -msgid "The following objects use {0}:" -msgstr "" +#: +#~ msgid "The following objects use {0}:" +#~ msgstr "" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "The following objects use {objName}" msgstr "" @@ -4243,10 +4343,10 @@ msgstr "" msgid "To use SSL instead, use 'ldaps://' and disable this option." msgstr "" -#: src/pages/tokens/TokenListPage.ts -#: src/pages/user-settings/tokens/UserTokenList.ts -msgid "Token" -msgstr "" +#: +#: +#~ msgid "Token" +#~ msgstr "" #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts #: src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -4265,6 +4365,11 @@ msgstr "" msgid "Token validity" msgstr "" +#: src/pages/tokens/TokenListPage.ts +#: src/pages/user-settings/tokens/UserTokenList.ts +msgid "Token(s)" +msgstr "" + #: src/flows/stages/authenticator_static/AuthenticatorStaticStage.ts #: src/interfaces/AdminInterface.ts #: src/pages/tokens/TokenListPage.ts @@ -4381,7 +4486,7 @@ msgstr "" msgid "Unknown" msgstr "" -#: +#: #~ msgid "Unmanaged" #~ msgstr "" @@ -4688,6 +4793,7 @@ msgstr "" #: src/pages/stages/identification/IdentificationStageForm.ts #: src/pages/user-settings/UserSelfForm.ts #: src/pages/users/UserForm.ts +#: src/pages/users/UserListPage.ts #: src/pages/users/UserViewPage.ts msgid "Username" msgstr "" @@ -4907,7 +5013,7 @@ msgstr "" msgid "authentik LDAP Backend" msgstr "" -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "connecting object will be deleted" msgstr "" @@ -4920,17 +5026,17 @@ msgid "no tabs defined" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "object will be DELETED" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "reference will be reset to default value" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "reference will be set to an empty value" msgstr "" @@ -4948,7 +5054,7 @@ msgid "{0} ({1})" msgstr "" #: src/elements/forms/DeleteBulkForm.ts -#: src/elements/forms/DeleteBulkForm.ts +#: src/elements/forms/DeleteForm.ts msgid "{0} ({consequence})" msgstr "" diff --git a/web/src/pages/providers/ldap/LDAPProviderForm.ts b/web/src/pages/providers/ldap/LDAPProviderForm.ts index 2ed02dd49..a5a872a36 100644 --- a/web/src/pages/providers/ldap/LDAPProviderForm.ts +++ b/web/src/pages/providers/ldap/LDAPProviderForm.ts @@ -40,6 +40,7 @@ export class LDAPProviderFormPage extends ModelForm { lDAPProviderRequest: data, }); } else { + data.tlsServerName = ""; return new ProvidersApi(DEFAULT_CONFIG).providersLdapCreate({ lDAPProviderRequest: data, }); @@ -129,16 +130,6 @@ export class LDAPProviderFormPage extends ModelForm { ${t`LDAP DN under which bind requests and search requests can be made.`}

- - -

- ${t`Server name for which this provider's certificate is valid for.`} -

- +

+ ${t`Due to protocol limitations, this certificate is only used when the outpost has a single provider.`} +

+

+ ${t`If multiple providers share an outpost, a self-signed certificate is used.`} +

Date: Sat, 21 Aug 2021 19:19:23 +0200 Subject: [PATCH 34/40] web: lock overflow when showing loading overlay on modals Signed-off-by: Jens Langhammer --- web/src/elements/buttons/ModalButton.ts | 14 +++++++++++++- web/src/elements/forms/ModalForm.ts | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/web/src/elements/buttons/ModalButton.ts b/web/src/elements/buttons/ModalButton.ts index 645538bfc..a8bd42f39 100644 --- a/web/src/elements/buttons/ModalButton.ts +++ b/web/src/elements/buttons/ModalButton.ts @@ -46,6 +46,9 @@ export class ModalButton extends LitElement { @property({ type: Boolean }) open = false; + @property({ type: Boolean }) + locked = false; + handlerBound = false; static get styles(): CSSResult[] { @@ -63,6 +66,11 @@ export class ModalButton extends LitElement { PFContent, AKGlobal, MODAL_BUTTON_STYLES, + css` + .locked { + overflow-y: hidden !important; + } + `, ]; } @@ -108,7 +116,11 @@ export class ModalButton extends LitElement { renderModal(): TemplateResult { return html`
-