From 5bdc1a3ddc549b16dcfe6c29b7cedc25096b4aa3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Aug 2021 09:27:47 +0200 Subject: [PATCH 1/6] build(deps): bump uvicorn from 0.14.0 to 0.15.0 (#1261) Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/encode/uvicorn/releases) - [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md) - [Commits](https://github.com/encode/uvicorn/compare/0.14.0...0.15.0) --- updated-dependencies: - dependency-name: uvicorn dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Pipfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 501db594e..e75fa596e 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -130,11 +130,11 @@ }, "botocore": { "hashes": [ - "sha256:adf70e966b63bb2f847dba8478de2d5f5c2d03c57fc0aafee35cdbf38b7ad0c0", - "sha256:dd1a6177006e93695ee745871718d85a81412e586f93d7c666bce7bc107ce90f" + "sha256:12cfe74b0a5c44afb34bdd86c1f8ad74bc2ad9ec168eaed9040ef70cb3db944f", + "sha256:fa5ac13829d24fcdd385e82c3b6d78e22d93f427cca8dac38158cae84a8cc2f5" ], "markers": "python_version >= '3.6'", - "version": "==1.21.20" + "version": "==1.21.21" }, "cachetools": { "hashes": [ @@ -1186,11 +1186,11 @@ "standard" ], "hashes": [ - "sha256:2a76bb359171a504b3d1c853409af3adbfa5cef374a4a59e5881945a97a93eae", - "sha256:45ad7dfaaa7d55cab4cd1e85e03f27e9d60bc067ddc59db52a2b0aeca8870292" + "sha256:17f898c64c71a2640514d4089da2689e5db1ce5d4086c2d53699bf99513421c1", + "sha256:d9a3c0dd1ca86728d3e235182683b4cf94cd53a867c288eaeca80ee781b2caff" ], "index": "pypi", - "version": "==0.14.0" + "version": "==0.15.0" }, "uvloop": { "hashes": [ @@ -1579,7 +1579,7 @@ "sha256:9c2ea1e62d871267b78307fe511c0838ba0da28698c5732d54e2790bf3ba9899", "sha256:e17d6e2b81095c9db0a03a8025a957f334d6ea30b26f9ec70805411e5c7c81f2" ], - "markers": "python_version < '4.0' and python_full_version >= '3.6.1'", + "markers": "python_version < '4' and python_full_version >= '3.6.1'", "version": "==5.9.3" }, "lazy-object-proxy": { From 39434053b9e7d358fe217a9fa55d480e7213c903 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Aug 2021 09:28:03 +0200 Subject: [PATCH 2/6] build(deps): bump boto3 from 1.18.20 to 1.18.21 (#1263) Bumps [boto3](https://github.com/boto/boto3) from 1.18.20 to 1.18.21. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.18.20...1.18.21) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Pipfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index e75fa596e..770a4a75f 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,11 +122,11 @@ }, "boto3": { "hashes": [ - "sha256:1ef5fdbd554d7c5878223ab54d400f02a47b6802f06216c18cbf66bc3fb7f8ca", - "sha256:3ab8b36870e130d9c615f1a72ee88071135afa148b47354d5b28b4624860b224" + "sha256:00748c760dc30be61c6db4b092718f6a9f8d27c767da0e232695a65adb75cde8", + "sha256:59b6e8e79b2114e21388288a06a004f2a9378b1e0fc58466a35da8fb74fe2dd8" ], "index": "pypi", - "version": "==1.18.20" + "version": "==1.18.21" }, "botocore": { "hashes": [ From 38dbde191ce86236b41e73232467f5aaf6e48c5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Aug 2021 09:28:14 +0200 Subject: [PATCH 3/6] build(deps): bump github.com/go-ldap/ldap/v3 from 3.3.0 to 3.4.0 (#1262) Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](https://github.com/go-ldap/ldap/compare/v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: github.com/go-ldap/ldap/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f93e23041..1f6fd7938 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/coreos/go-oidc v2.2.1+incompatible github.com/getsentry/sentry-go v0.11.0 - github.com/go-ldap/ldap/v3 v3.3.0 + github.com/go-ldap/ldap/v3 v3.4.0 github.com/go-openapi/analysis v0.20.1 // indirect github.com/go-openapi/errors v0.20.0 // indirect github.com/go-openapi/runtime v0.19.30 diff --git a/go.sum b/go.sum index 995732714..6d3ac0d37 100644 --- a/go.sum +++ b/go.sum @@ -150,8 +150,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-ldap/ldap/v3 v3.3.0 h1:lwx+SJpgOHd8tG6SumBQZXCmNX51zM8B1cfxJ5gv4tQ= -github.com/go-ldap/ldap/v3 v3.3.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= +github.com/go-ldap/ldap/v3 v3.4.0 h1:wCttA0dcqAOygfOabqYhQPXKGG9ws8az3FBM8+GAhDs= +github.com/go-ldap/ldap/v3 v3.4.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= From 8fe38b528bd2b9c9e544c89b75afdf72c745ac77 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 16 Aug 2021 09:36:01 +0200 Subject: [PATCH 4/6] outposts: fix managed check Signed-off-by: Jens Langhammer --- authentik/outposts/controllers/docker.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py index b93d4fd09..e62c6179c 100644 --- a/authentik/outposts/controllers/docker.py +++ b/authentik/outposts/controllers/docker.py @@ -9,6 +9,7 @@ from yaml import safe_dump from authentik import __version__ from authentik.outposts.controllers.base import BaseController, ControllerException +from authentik.outposts.managed import MANAGED_OUTPOST from authentik.outposts.models import DockerServiceConnection, Outpost, ServiceConnectionInvalid @@ -102,7 +103,7 @@ class DockerController(BaseController): # pylint: disable=too-many-return-statements def up(self): - if self.outpost.managed != "": + if self.outpost.managed == MANAGED_OUTPOST: return None try: container, has_been_created = self._get_container() @@ -167,7 +168,7 @@ class DockerController(BaseController): raise ControllerException(str(exc)) from exc def down(self): - if self.outpost.managed != "": + if self.outpost.managed != MANAGED_OUTPOST: return try: container, _ = self._get_container() From f93e2c5eb63564530644ab78bf2451e59c4d7e9b Mon Sep 17 00:00:00 2001 From: Ernie Date: Mon, 16 Aug 2021 04:33:53 -0400 Subject: [PATCH 5/6] website/docs: Add Wordpress to Integrations (#1259) * Create index.mdx Add Wekan example * updated to include wekan entry * Update and rename website/docs/sources.md to website/docs/sources/index.md Break Sources into individual pages. * Update and rename website/docs/sources/index.md to website/docs/sources/ldap/index.md * Create index.md * Update index.md * Update index.md * Create index.md * Create index.md * Create index.md * Update index.md * Update index.md * Update index.md * Create index.md * discord images * spacing * Added discord * discord changes * Added sources breakdown to the sidebar * Fixed the saml title * Added github examples * fixed formatting * Changed file path, updated sidebar, added google. * fixed a spelling mistake * Cleaned up formatting * Fixed Notes * docs: fix typo in logout url * docs: added wordpress integration --- .../integrations/services/portainer/index.md | 2 +- .../integrations/services/wordpress/index.md | 80 +++++++++++++++++++ website/sidebars.js | 1 + 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 website/docs/integrations/services/wordpress/index.md diff --git a/website/docs/integrations/services/portainer/index.md b/website/docs/integrations/services/portainer/index.md index 85d10c610..cc4fa7d6d 100644 --- a/website/docs/integrations/services/portainer/index.md +++ b/website/docs/integrations/services/portainer/index.md @@ -47,7 +47,7 @@ In Portainer, under _Settings_, _Authentication_, Select _OAuth_ and _Custom_ - Access Token URL: `https://authentik.company/application/o/token/` - Redirect URL: `https://port.company` - Resource URL: `https://authentik.company/application/o/userinfo/` -- Logout URL: `https://authentik.company/o/portainer/end-session/` +- Logout URL: `https://authentik.company/application/o/portainer/end-session/` - User Identifier: `email` - Scopes: `email opennid profile` diff --git a/website/docs/integrations/services/wordpress/index.md b/website/docs/integrations/services/wordpress/index.md new file mode 100644 index 000000000..466055b72 --- /dev/null +++ b/website/docs/integrations/services/wordpress/index.md @@ -0,0 +1,80 @@ +--- +title: Wordpress +--- + +## What is Wordpress + +From https://en.wikipedia.org/wiki/WordPress + +:::note +WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes +::: + +:::note +There are many different plugins for Wordpress that allow you to setup SSO using different authentication methods. The plugin that is explained in this tutorial is "OpenID Connect Generic" version 3.8.5 by daggerhart. This plugin uses OpenID/OAUTH2 and is free without paywalls or subscriptions at the time of writing this. The plugin is available for free in the Wordpress Plugin gallery. +::: + +## Preparation + +The following placeholders will be used: + +- `wp.company` is the FQDN of Wordpress. +- `authentik.company` is the FQDN of authentik. + +### Step 1 - Authentik + +In authentik, under _Providers_, create an _OAuth2/OpenID Provider_ with these settings: + +:::note +Only settings that have been modified from default have been listed. +::: + +**Protocol Settings** +- Name: Wordpress +- Client type: Confidential +- Client ID: Copy and Save this for Later +- Client Secret: Copy and Save this for later +- Redirect URIs/Origins: `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize` + + +### Step 2 - Wordpress + +:::note +Assumption is being made that you have successfully downloaded and activated the required plugin "OpenID Connect Generic" by daggerhart +::: + +In Wordpress, under _Settings_, Select _OpenID Connect Client_ + +::note +Only settings that have been modified from default have been listed. +::: + +- Login Type: OpenID Connect Button of Login (This option display a button to login using OpenID as well as local WP login) +- Client ID: Client ID from step 1 +- Client Secret: Client Secret from step 1 +- OpenID Scope: `email profile openid` +- Login Endpoint URL: `https://authentik.company/application/o/authorize/` +- Userinfo Endpoint URL: `https://authentik.company/application/o/userinfo/` +- Token Validation Endpoint URL: `https://authentik.company/application/o/token/` +- End Session Endpoint URL: `https://authentik.company/application/o/wordpress/end-session/` + + +:::note +Review each setting and choose the ones that you require for your installation. Examples of popular settings are _Link Existing Users_, _Create user if does not exist_, and _Enforce Privacy_ +::: + +### Step 3 - Authentik + +In authentik, create an application which uses this provider. Optionally apply access restrictions to the application using policy bindings. + +- Name: Wordpress +- Slug: wordpress +- Provider: wordpress +- Launch URL: https://wp.company + + +## Notes + +:::note +OpenID Connect Generic Client Reference link: https://wordpress.org/plugins/daggerhart-openid-connect-generic/ +::: diff --git a/website/sidebars.js b/website/sidebars.js index efa2c36f7..ed86fd9a6 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -98,6 +98,7 @@ module.exports = { "integrations/services/vmware-vcenter/index", "integrations/services/wekan/index", "integrations/services/wiki-js/index", + "integrations/services/wordpress/index", "integrations/services/zabbix/index", ], }, From a6b1ee949d27c147eaacf76b12b9b046a783eb97 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 16 Aug 2021 11:33:12 +0200 Subject: [PATCH 6/6] web: fix mis-matched height of application cards Signed-off-by: Jens Langhammer --- web/src/pages/LibraryPage.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/src/pages/LibraryPage.ts b/web/src/pages/LibraryPage.ts index c0ed56ddf..c9b332708 100644 --- a/web/src/pages/LibraryPage.ts +++ b/web/src/pages/LibraryPage.ts @@ -40,7 +40,7 @@ export class LibraryApplication extends LitElement { PFAvatar, AKGlobal, css` - a { + .pf-c-card { height: 100%; } i.pf-icon { @@ -70,7 +70,7 @@ export class LibraryApplication extends LitElement { if (!this.application) { return html``; } - return html`
+ return html`
${this.application.metaIcon ? html`