authentik

Archived

Author	SHA1	Message	Date
Philipp Kolberg	9db9ad3d66	root: Restructure broker / cache / channel / result configuration (#7097 ) * Initial commit * Remove any remaining mentions of Redis URL This is handled in https://github.com/goauthentik/authentik/pull/5395 * Allow setting broker transport options This enables usage of other brokers that require additional settings * Remove remaining reference to Redis URL This functionality is not part of this PR * Reset default TLS requirements to none * Fix linter errors * Move dict from base64 encoded json to config.py Additionally add tests * Replace ast.literal_eval with json.loads * Use default channel and cache backend configuration If more customization is desired users shall look at goauthentik.io/docs/installation/configuration#custom-python-settings * Send config deprecation notification to all superusers * Remove duplicate method * Add configuration explanation For channel layer settings * Use Event for deprecation warning * Fix remove duplicated method * Add missing comma * Update authentik/lib/config.py Signed-off-by: Jens L. <jens@beryju.org> * Fix Event deprecation handling --------- Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Jens L <jens@beryju.org>	2023-11-10 15:44:37 +01:00
Jens L	561e6956fe	root: add get_int to config loader instead of casting to int everywhere (#6436 ) * root: add get_int to config loader instead of casting to int everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling, add test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-31 19:34:59 +02:00
Jens L	2f469d2709	root: partial Live-updating config (#5959 ) * stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-07-19 23:13:22 +02:00
Jens L	a5db60129d	*: use dataclass slots wherever applicable (#6005 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-06-19 18:31:07 +02:00
Jens L	20e971f5ce	flows: planner error handling (#4812 ) * handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-28 15:18:29 +01:00
Jens Langhammer	0874574e5c	*: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2023-02-19 17:08:40 +01:00
dependabot[bot]	18cfe67719	core: bump black from 22.12.0 to 23.1.0 (#4584 ) * core: bump black from 22.12.0 to 23.1.0 Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * re-format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2023-02-01 11:31:32 +01:00
Jens L	db95dfe38d	security: fix CVE 2022 46145 (#4140 ) * add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-12-02 16:14:25 +01:00
Jens Langhammer	c158ef80db	*: fix remaining old cache keys Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-18 16:18:32 +01:00
Jens L	55aa1897af	root: use single redis db (#4009 ) * use single redis db Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ensure __str__ always returns string Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix remaining old prefixes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-11-15 14:31:29 +01:00
Jens L	cfad472e1b	flows: optimise queries (#3818 ) * flows: optimise flow queries Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * index source on slug and name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * binding index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add policy parent index Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup old migrations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release note to upgrade Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-10-19 22:53:07 +02:00
Jens Langhammer	14a4047bdd	flows: show messages from ak_message when flow is denied fallback to same generic message closes #3197 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-03 21:36:13 +02:00
Jens L	5e3f44dd87	flows: add shortcut to redirect current flow (#3192 )	2022-07-01 23:19:41 +02:00
Jens Langhammer	90e3ae9457	*: define prometheus metrics in apps to prevent re-import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-07-01 16:49:24 +02:00
Jens Langhammer	34bcc2df1a	root: disable session_save_every_request as it overwrites the session with old data Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2991	2022-05-31 20:46:27 +02:00
Jens Langhammer	dcaa8d6322	flows: revert default flow user change closes #2483 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-14 22:05:30 +01:00
Jens L	4f4f954693	core: customisable user settings (#2397 ) * tenants: add user_settings flow, add basic flow and basic new executor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: use flow PromptStage instead of custom stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: add tenant to StageHost interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: fix form missing component Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add success message Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: improve support for multiple error messages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: allow expressions in prompt placeholders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: always set pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: never cache stage configuration flow plans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/user_write: fix error when pending user is anonymous user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add checkbox for prompt placeholder expression Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add prompt expression docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/prompt: add ak-locale field type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add function to do global refresh Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: fix rendering of ak-locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tenants: fix default policy, add error handling to placeholder, fix locale attribute Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-03-03 00:13:06 +01:00
Jens Langhammer	111fbf119b	*: refactor prometheus gauges to directly updating metrics view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-16 13:57:07 +01:00
Jens Langhammer	7d3d17acb9	core: add error handling in source flow manager when flow isn't applicable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2022-01-03 21:57:55 +01:00
Jens Langhammer	ac9cf590bc	*: use prefixed span names Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-13 16:18:42 +01:00
Jens Langhammer	83c12ad483	flows: fix description for spans Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-12 21:51:51 +01:00
Jens Langhammer	317e9ec605	core: add FlowToken which saves the pickled flow plan, replace standard token in email stage to allow finishing flows in different sessions closes #1801 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-12-05 15:20:11 +01:00
Jens Langhammer	79b92e764e	*: fix typos in code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-09-25 00:01:11 +02:00
Jens Langhammer	77ed25ae34	root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-08-03 17:45:16 +02:00
Jens Langhammer	2b1356bb91	flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses closes #1079 Default value of `retry` behaves like previous version. `restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-28 00:22:09 +02:00
Jens Langhammer	ba9edd6c44	flows: handle possible errors with FlowPlans received from cache Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-27 22:03:48 +02:00
Jens Langhammer	3b2b3262d7	flows: add FlowStageBinding to flow plan instead of just stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-27 18:47:04 +02:00
Jens Langhammer	57a48b6350	flows: make flow plan cache timeout configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-06-21 10:17:11 +02:00
Jens Langhammer	6893948fa0	tests/e2e: fix invalid flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-25 11:18:47 +02:00
Jens L	53e2b2c784	Prometheus metrics (#914 ) * admin: add worker metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * admin: add version metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * events: add gauge for system tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: add gauge for last hello and connection status Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: re-add prometheus metrics to database Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: allow access to metrics without credentials when debug is on Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: add UpdatingGauge to auto-set value on load Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: add metrics for cache and building Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * policies: add metrics for policy engine Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * events: add histogram for task durations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * events: revert to gauge because values are updated on export view Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add gauge to count all models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * events: add metrics for events Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-05-23 20:29:34 +02:00
Jens Langhammer	ed8b78600e	stages/authenticator_validate: add configuration stage to configure Authenticator	2021-03-01 19:23:59 +01:00
Jens Langhammer	ecff810021	*: replace List from typing with normal list	2021-02-18 13:45:46 +01:00
Jens Langhammer	fdde97cbbf	*: replace Dict from typing with normal dict	2021-02-18 13:41:03 +01:00
Jens Langhammer	3e696d6ac8	flows: use global logger for stored plans	2021-02-02 17:29:03 +01:00
Jens Langhammer	09bdcfaab0	flows: optimise logging	2021-02-02 16:27:03 +01:00
Jens Langhammer	55bcc254c1	flows: fix FlowNonApplicableException not being Sentry Ignored	2021-01-27 09:57:18 +01:00
Jens Langhammer	61d1407804	sources/*: Set PLAN_CONTEXT_SOURCE when logging in with a source	2021-01-12 22:37:33 +01:00
dependabot[bot]	bc9e7e8b93	build(deps): bump structlog from 20.1.0 to 20.2.0 (#445 ) * build(deps): bump structlog from 20.1.0 to 20.2.0 Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0. - [Release notes](https://github.com/hynek/structlog/releases) - [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst) - [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0) Signed-off-by: dependabot[bot] <support@github.com> * *: use structlog.stdlib instead of structlog for type-hints Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>	2021-01-01 15:39:43 +01:00
Jens L	a4dc6d13b5	events: rename audit to events and use for more metrics (#397 ) * events: rename audit to events * policies/expression: log expression exceptions as event * policies/expression: add ExpressionPolicy Model to event when possible * lib/expressions: ensure syntax errors are logged too * lib: fix lint error * policies: add execution_logging field * core: add property mapping tests * policies/expression: add full test * policies/expression: fix attribute name * policies: add execution_logging * web: fix imports * root: update swagger * policies: use dataclass instead of dict for types * events: add support for dataclass as event param * events: add special keys which are never cleaned * policies: add tests for process, don't clean full cache * admin: create event when new version is seen * events: move utils to separate file * admin: add tests for admin tasks * events: add .set_user method to ensure users have correct attributes set * core: add test for property_mapping errors with user and request	2020-12-20 22:04:29 +01:00
Jens L	6e24856d45	flows: fix redirect when un-authenticated user uses external authentication (#416 ) * flows: add PLAN_CONTEXT_REDIRECT so final redirect can be set from within flow * sources/: use PLAN_CONTEXT_REDIRECT flows: fallback when flow plan is empty	2020-12-19 16:42:39 +01:00
Jens L	1cfe1aff13	wip: rename to authentik (#361 ) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject	2020-12-05 22:08:42 +01:00

41 commits