trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,955 Commits 95 Branches 330 Tags 336 MiB
Commit Graph

2932 Commits

Author SHA1 Message Date
Jens L ec42b597ab
providers/proxy: send token request internally, with overwritten host header (#4675) 
* send token request internally, with overwritten host header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-13 16:34:47 +01:00
Jens Langhammer 925477b3a2
policies: raise sentry-ignored error for invalid PolicyEngine parameters 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-13 13:23:07 +01:00
Jens Langhammer cefc1a57ee
core: handle error when cleaning up sessions and cached session can't be loaded 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-13 13:22:34 +01:00
Jens Langhammer 53b25d61f7
events: use colon as separator for task name and task UID 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-13 12:06:29 +01:00
Jens Langhammer 1240ed6c6d
providers/oauth2: fix inconsistency in event client_credentials created events 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-13 11:17:03 +01:00
Jens Langhammer 4f868c2ef2
events: dont log oauth temporary model creation 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-12 16:55:45 +01:00
sdimovv b69e55eae9
core: Add support for auto generating unique avatars based on the user's initials (#4663) 2023-02-12 16:35:17 +01:00
Jens Langhammer c5870fcab2
core: fix missing uniqueness validator on user api 
closes #4665

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-11 21:08:51 +01:00
Jens Langhammer 8850446bc2
admin: fix schema generation warning 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-11 21:08:48 +01:00
sdimovv 10b9878f03
providers/saml: fix mismatched SAML SLO Urls (#4655) 
* Fix SLO URL

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Fixed SAML SLO URLs

* Revert "Fix SLO URL"

This reverts commit 664051934b.

---------

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
 2023-02-10 20:30:38 +01:00
Jens Langhammer 8de92943ab
providers/saml: fix invalid SAML provider metadata, add schema tests 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-10 12:32:18 +01:00
Jens L af43330fd6
providers/oauth2: rework OAuth2 Provider (#4652) 
* always treat flow as openid flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve issuer URL generation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refactoring

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update introspection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more refinement

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix more things, update api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* regen migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start updating tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix implicit flow, auto set exp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timeozone not used correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix revoke

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more timezone shenanigans

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix userinfo tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing at_hash for implicit flows

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-include at_hash in implicit auth flow

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use folder context for outpost build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-09 20:19:48 +01:00
Jens Langhammer 1be792fbd8
policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria 
closes #4643

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-08 23:29:59 +01:00
Jens Langhammer ec9085ff06
providers/oauth2: don't use policy cache for token requests 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-07 23:53:50 +01:00
Jens Langhammer 00a16bee76
web/elements: add dropdown css to DOM directly instead of including 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-05 23:32:54 +01:00
Jens Langhammer 66aabcc371
providers/oauth2: fix token login event args not set correctly 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-05 00:45:54 +01:00
Jens Langhammer 388367785d
*/saml: disable pretty_print, add signature tests 
closes #4536

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-03 15:42:09 +01:00
Jens L 798245b8db
providers/oauth2: optimise client credentials JWT database lookup (#4606) 2023-02-02 19:15:19 +01:00
Jens Langhammer f98b5b651b
admin: remove import 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-02 14:19:25 +01:00
Jens Langhammer 2113029a14
admin: allow post to system info api endpoint for debugging 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-02 11:09:03 +01:00
dependabot[bot] c590cb86cf
core: bump pylint from 2.15.10 to 2.16.0 (#4600) 
* core: bump pylint from 2.15.10 to 2.16.0

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.15.10 to 2.16.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.15.10...v2.16.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-02 11:05:46 +01:00
Jens Langhammer dbf2bd5aba
blueprints: handle error when blueprint entry identifier field does not exist 
closes #4588

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-01 19:45:36 +01:00
Jens Langhammer f2386f126e
core: fix inconsistent branding in end_session view 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4586
 2023-02-01 19:40:59 +01:00
Jens Langhammer ffc97905f3
events: prevent error when request fails without response 
closes #4589

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-01 19:40:02 +01:00
dependabot[bot] 18cfe67719
core: bump black from 22.12.0 to 23.1.0 (#4584) 
* core: bump black from 22.12.0 to 23.1.0

Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* re-format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-02-01 11:31:32 +01:00
Jens Langhammer e5ba5d51fe
events: improve sanitising for tuples and sets 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-31 19:19:22 +01:00
Ellis Percival eb60bba0d5
providers/oauth2: cast user.pk to string when using it for token 'sub' value (#4570) 2023-01-30 15:38:10 +00:00
Aaron Carson c05d6b96a2
stages/prompt: set UUID to be a string (#4563) 2023-01-30 00:02:12 +01:00
Jens Langhammer 72168fae29
providers/oauth2: add user id as "sub" mode 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-29 16:15:03 +01:00
Jens Langhammer 96eeb91493
providers/oauth2: only set auth_time in ID token when a login event is stored in the session 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-29 16:00:19 +01:00
Jens L 627e8a250e
tests: run e2e tests in random order (#4550) 
* run e2e tests randomly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix test_ldap_bind_search

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-27 23:57:53 +01:00
Jens Langhammer ecb1ce8135
core: fix token's set_key accessing data incorrectly 
also add tests
closes #4551

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-27 23:57:35 +01:00
Jens Langhammer 5631a99f00
stages/prompt: fallback to uuid for unique names 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-25 23:29:26 +01:00
Jens Langhammer 36f8f8bae5
stages/prompt: fix mismatched name field in migration 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-25 14:46:40 +01:00
Jens Langhammer 68058fb2ae
stages/authenticator_validate: fix error with passwordless webauthn login, improve tests 
closes #4527

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-25 14:45:00 +01:00
Jens L 53b65a9d1a
stages/prompt: field name (#4497) 
* add prompt field name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove numerical prefix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use text field

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add description label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrate blueprint to remove old stages

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add task to remove unretrievable blueprints

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix blueprint test paths

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests even more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fixtures

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-24 12:23:22 +01:00
Jens Langhammer 16076cc46f
outposts: fallback to ghcr 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-24 10:47:30 +01:00
Jens Langhammer b2d272bf6f
api: fix lint 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 20:19:03 +01:00
Jens Langhammer 31ef6fb6a6
core: delete session when user is set to inactive 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 16:24:30 +01:00
Jens Langhammer c9c059a008
api: ensure user is active when authenticating 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 16:24:30 +01:00
Jens Langhammer 9397598376
release: 2023.1.2 2023-01-23 14:25:55 +01:00
Jens Langhammer 91ffe4e7f9
stages/user_write: fix migration setting wrong value, fix form 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 14:05:41 +01:00
Jens Langhammer 430a207865
release: 2023.1.1 2023-01-23 11:34:58 +01:00
Jens Langhammer 1ce2a1b846
stages/email: update tests 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-23 10:43:49 +01:00
Loan J 4731ccfafe
stages/email: fix a typo in email template (#4485) 
fix a typo in main content

Signed-off-by: Loan J <joliveau.loan@gmail.com>

Signed-off-by: Loan J <joliveau.loan@gmail.com>
 2023-01-23 10:22:49 +01:00
jmptbl c1b9b5c5e2
stages/authenticator_totp: url quote TOTP issuer instead of slugifying (#4482) 
* Fix TOTP issuer mangling

* Fix OTP issuer mangling

* sort imports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-22 16:37:47 +00:00
Jens Langhammer b288393cd4
stages/invitation: handle incorrectly formatted token 
closes #4481

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-22 00:03:39 +01:00
Jens Langhammer 5736a1542c
stages/authenticator_sms: fix code not being sent when phone_number is in context 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 20:19:23 +01:00
Jens Langhammer fc8fe5317a
stages: always use get_pending_user instead of getting context user 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 17:57:21 +01:00
Jens L c61529e4d4
sources/ldap: add e2e LDAP source tests (#4462) 
* start adding more LDAP source tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve healthcheck

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* try local webdriver

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add full samba tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix locale types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-19 15:03:56 +01:00
Jens Langhammer a302a72379
crypto: fallback when no SAN values are given 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 19:40:24 +01:00
Jens L e390f5b2d1
providers/oauth2: more x5c and ecdsa x/y tests (#4463) 
* add option to exclude x5*

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4082

* cleanup jwks, add flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add workaround based on https://github.com/jpadilla/pyjwt/issues/709

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't rstrip hashes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keycloak seems to strip equals

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:11:36 +00:00
Jens Langhammer 60189ce9ca
add tests to prevent empty SAN 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:59:10 +01:00
Jens Langhammer fdc445e6a1
ensure we don't generate an empty SAN certificate 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 18:44:41 +01:00
Jens Langhammer 49b6c71079
release: 2023.1.0 2023-01-18 15:49:45 +01:00
Jens Langhammer 6e0c9acb34
events: exclude base models from model audit log 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-18 15:11:33 +01:00
Jens L 23c69c456a
providers/proxy: add setting to intercept authorization header (#4457) 
* add setting to intercept authorization header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename to intercept_header_auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 18:56:48 +01:00
Jens L c73fce4f58
sources/ldap: manual import (#4456) 
* events: fix task UID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ldap sync command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-17 12:21:33 +01:00
Jens L 9568f4dbd6
root: improve code style (#4436) 
* cleanup pylint comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* *: use ExtractHour instead of ExtractDay

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-15 17:02:31 +01:00
Jens Langhammer 143309448e
policies: ensure user is set 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:24:46 +01:00
Jens Langhammer 1f038ecee2
providers/oauth2: fallback to anonymous user for policy engine 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 20:22:06 +01:00
Jens Langhammer 1b1f2ea72c
providers/oauth2: actually fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:58:24 +01:00
Jens Langhammer 6e1a54753e
providers/oauth2: fix import order 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:56:12 +01:00
Jens Langhammer 67d1f06c91
providers/oauth2: use guardian anonymous user to get claims for provider info 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:43 +01:00
Jens Langhammer d37de6bc00
policies: log full stacktrace 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-14 19:53:21 +01:00
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:22:03 +01:00
Jens Langhammer 31c6ea9fda
providers/oauth2: don't allow spaces in scope_name 
closes #4094

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 16:20:37 +01:00
Jens L 20931ccc1d
providers/oauth2: correctly fill claims_supported based on selected scopes (#4429) 
* providers/oauth2: correctly fill claims_supported based on selected scopes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add nonce claim

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 14:14:25 +01:00
Jens L 36822c128c
admin: include task duration in API (#4428) 
include task duration in API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-13 13:21:49 +01:00
Jens Langhammer 81e9f2d608
web/admin: fix overflow in aggregate cards 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 14:12:02 +01:00
Jens L 67a6fa6399
events: rework metrics (#4407) 
* rework metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* change graphs to be over last week

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix  Apps with most usage card

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-11 12:21:07 +01:00
Jens L 1ed24a5eef
blueprints: internal storage (#4397) 
* rework oci client

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add blueprint content

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make path optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-10 22:00:34 +01:00
Jens Langhammer b555ccd549
sources/ldap: don't run membership sync if group sync is disabled 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4392
 2023-01-09 17:19:50 +01:00
Jens Langhammer 9445354b31
sources/ldap: only warn about missing groups when source is configured to sync groups 
closes #4392

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 17:17:48 +01:00
Jens Langhammer a1be924fa4
*: strip leading and trailing whitespace when reading config values from files 
also add a debug endpoint that dumps the go parsed config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2023-01-09 15:29:22 +01:00
Jens Langhammer 47aba4a996
crypto: prevent creation of duplicate self-signed default certs 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 16:51:07 +01:00
Jens Langhammer 001869641d
web: ensure img tags have alt attributes 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:44:51 +01:00
Jens Langhammer bec538c543
sources/ldap: make task timeout adjustable 
closes #4375

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-06 12:37:59 +01:00
sdimovv c63ba3f378
blueprints: Fix resolve model_name in `!Find` tag (#4371) 
Resolve model_name in !Find tag
 2023-01-06 09:49:28 +01:00
sdimovv 53cab07a48
blueprints: Add `!Enumerate`, `!Value` and `!Index` tags (#4338) 
* Added For and Item tags

* Removed Sequence node support from ForItem tag

* Added ForItemIndex tag

* Added support for iterating over mappings

* Added support for mapping output body

* Renamed tags: For to Enumerate, ForItem to Value, ForItemIndex to Index

* Refactored tests

* Formatting

* Improved exception info

* Improved error handing

* Added docs

* lint

* Small doc improvements

* Replaced deepcopy() call with call to copy()

* Fix mistake in docs example

* Fix missed "!" in example
 2023-01-05 21:36:19 +01:00
Jens L a960ce9454
stages/user_write: add more user creation options (#4367) 
* add more user creation options

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update blueprints and docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 15:46:20 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363) 
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-05 13:19:26 +01:00
Jens Langhammer 78b711ec9d
Merge branch 'version-2022.12' 2023-01-05 10:41:54 +01:00
Jens Langhammer ac07833688
release: 2022.12.2 2023-01-05 10:01:30 +01:00
Jens Langhammer 730139e43c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:09 +01:00
Jens L 24e8915e0a
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:40:06 +01:00
Jens Langhammer 3e7320734c
*: improve general tests 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:26:55 +01:00
Jens L 3131e557d9
providers/proxy: add tests for proxy basic auth (#4357) 
* add tests for proxy basic auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* stop bandit from complaining

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add API tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 22:04:16 +01:00
Jens L dc1359a763
providers/saml: initial SLO implementation (#2346) 
* providers/saml: initial SLO implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add logout request tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/saml: add tests for POST SLO

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* matrix e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix import

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set e2e matrix name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix imports

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate oidc and oauth tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add basic saml slo e2e tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add better metadata download url

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* kinda prepare release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sort releases into folders

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add slo urls to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix linking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 19:45:31 +01:00
Jens L 1e01e9813d
providers/saml: add prefix to entity descriptor (#4355) 
add prefix to entity descriptor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 16:44:52 +01:00
Jens Langhammer e887a315be
providers/oauth2: correctly advertise supported response_modes_supported 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-04 10:21:34 +01:00
Jens Langhammer 4b93f40c5e
providers/oauth2: fix null amr value not being removed from id_token 
closes #4339

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:41:18 +01:00
Jens Langhammer 57400925a4
providers/saml: don't error if no request in API serializer context 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-03 00:14:16 +01:00
Jens Langhammer 2dc0792d9e
stages/email: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 09:28:26 +01:00
Jens Langhammer fde848ee51
admin: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-02 00:12:14 +01:00
Jens Langhammer e9d52282b7
admin: use matching environment for system API 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:58:12 +01:00
Jens Langhammer c810628fe3
stages/email: use pending user correctly 
closes #4318

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:57 +01:00
Jens Langhammer de0a5191f7
core: remove unused import 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:50:42 +01:00
Jens Langhammer 93e20bce2e
core: don't use inline_serializer for user operations 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:16:44 +01:00
Jens Langhammer 960a2aab74
crypto: fix type for has_key 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:14:19 +01:00
Jens Langhammer 2cae6596eb
core: cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:01:08 +01:00
Jens Langhammer 11b1eb4173
stages/email: make template tests less flaky 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 23:00:32 +01:00
Jens Langhammer 3980eea7c6
web/flows: rework error display, always use ak-stage-flow-error instead of shell 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:43:44 +01:00
Jens Langhammer 9fdfb8c99b
stages/dummy: add toggle to throw error for debugging 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 21:25:53 +01:00
Jens Langhammer 5cab280759
stages/captcha: fix captcha not loading correctly, add tests 
closes #4320

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2023-01-01 18:15:41 +01:00
Jens Langhammer 9d422918b3
stages/prompt: use stage.get_pending_user() to fallback to the correct user 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 20:38:15 +01:00
Jens Langhammer 2c42c87689
release: 2022.12.1 2022-12-30 13:43:42 +01:00
dependabot[bot] 8262a47455
core: bump packaging from 21.3 to 22.0 (#4181) 
* core: bump packaging from 21.3 to 22.0

Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 22.0.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/packaging/compare/21.3...22.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove LegacyVersion

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 12:07:25 +01:00
Jens L bd56922a2f
blueprints: watch blueprints directory and trigger tasks (#4309) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-30 11:30:18 +01:00
Jens Langhammer 68b58fb73c
blueprints: fix error when entry with state absent doesn't exist 
closes #4305

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:55:17 +01:00
Jens Langhammer 97513467ad
blueprints: disallow flow token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-29 21:54:56 +01:00
sdimovv ce5d1fd80d
blueprints: Resolve yamltags in state and model attributes (#4299) 
* Fixed state and model attributes not resolving yaml tags

* Linting
 2022-12-29 10:05:32 +01:00
Jens Langhammer b1020fde64
web/elements: render ak-seach-select dropdown correctly in modals 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 20:38:57 +01:00
Jens Langhammer f0e121c064
api: add filter backend for secret key to allow access to tenants and certificates 
closes #4182

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 18:59:25 +01:00
Jens Langhammer 2b2323fae7
outposts: include hostname in outpost heartbeat 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 16:07:52 +01:00
Jens Langhammer 24eb4ed963
release: 2022.12.0 2022-12-28 13:00:49 +01:00
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically 
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-28 10:50:30 +01:00
Jens Langhammer 20a4dfd13d
stages/invitation: fix incorrect pk check for invitation's flow 
closes #4278

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-27 13:55:51 +01:00
sdimovv 8f3579ba45
blueprints: add `!If` tag (#4264) 
* Added \!If tag

* Fix typo

* Removed trailing whitespace

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* format blueprint fixtures

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-26 16:20:22 +01:00
Jens Langhammer ae13fc3b92
policies: make name required 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-25 14:46:48 +01:00
Jens Langhammer 94b9ebb0bb
blueprints: add Env tag 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-24 20:41:51 +01:00
Jens Langhammer 1b86a3d5d6
Merge branch 'version-2022.11' 2022-12-23 14:39:52 +01:00
Jens Langhammer 8b710b57a5
root: don't send traces in testing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:37:58 +01:00
Jens Langhammer 9dc0bb2a77
release: 2022.11.4 2022-12-23 14:17:48 +01:00
Jens L 2d827eaae1
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:30 +01:00
Jens L 47d79ac28c
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:16:26 +01:00
Jens L 9f846d94be
security: fix CVE 2022 23555 (#4274) 
* add flow to invitation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* show warning on invitation page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add security advisory

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:13:49 +01:00
Jens L 84fbeb5721
security: fix CVE 2022 46172 (#4275) 
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 14:12:58 +01:00
Jens Langhammer 01da8e1792
providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 12:04:31 +01:00
Jens Langhammer 42c278b4f8
root: migrate to hosted sentry with rate-limited DSN 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-23 11:18:26 +01:00
Jens Langhammer e52c964354
flows: fix redirect from plan context "redirect" not being wrapped in flow response 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 23:28:26 +01:00
Jens L c635487210
blueprints: better OCI support in UI (#4263) 
use oci:// prefix to detect oci blueprint, add UI support

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 18:49:25 +01:00
Jens Langhammer fb09df26c9
core: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:56:05 +01:00
Jens Langhammer e4e7a112e3
web: use version family subdomain for in-app doc links 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-22 17:03:08 +01:00
Jens Langhammer 042865c606 blueprints: add conditions to blueprint schema 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 18:59:17 +01:00
sdimovv 7f662ac2f3
blueprints: Added conditional entry application (#4167) 
* blueprints: Added !AsBool tag

* Renamed AsBool tag to Condition

* Added conditions attributed to BlueprintEntry

* Added docs for the conditions attribute of a blueprint entry

* Website linting fix

* add new tag to vscode settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 17:04:00 +00:00
Jens L 609f95ac97
providers: add preview for mappings (#4254) 
* preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/admin: show provider page on application page

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use oauth2 end session url instead of direct interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* dont show provider page on application page for now

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add UI for preview

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* translate and release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix lint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* separate saml api files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-21 12:13:11 +01:00
Jens Langhammer 027ca88d83 lib: enable sentry profiles_sample_rate 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-19 12:51:22 +01:00
Jens L ec925491b2
stages/captcha: customisable URLs (#3832) 
* make api and js url customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use recaptcha.net domains

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* regen locale

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-18 14:18:43 +01:00
Jens Langhammer 3418943949 root: allow custom settings via python module 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-15 10:59:14 +01:00
Jens Langhammer 8d169a8bd9 Merge branch 'version-2022.11' 2022-12-12 17:05:39 +00:00
Jens Langhammer f47ce9a360 stages/user_login: prevent double success message when logging in via source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:34:16 +00:00
Jens Langhammer 01a897dbc2 flows: set stage name and verbose_name for in_memory stages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 16:22:48 +00:00
Jens Langhammer fddcb3a835 events: remove legacy logger declaration 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:32:06 +00:00
Jens Langhammer 5d51621278 stages/user_write: always ignore `component` field and prevent warning 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:56 +00:00
Jens Langhammer 9ffc720f48 policies: log correct cache state 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-12 15:31:41 +00:00
Jens Langhammer 4d8978ea90 bleuprints: fix flaky test 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-09 11:04:44 +00:00
sdimovv 8d13235b74
blueprints: fixed bug causing filtering with an empty query (#4106) 
* Fixed bug causing filtering with an empty query

Fixed bug allowing blueprint import to filter for existing models using an empty query.

The code only checks if the `identifiers` dict is empty, but `__query_from_identifier` skips identifier member values of type `dict` or keys == `pk`, so it is possible to produce an empty query if an `identifier` consists of just `dict` type members or "pk" key. 

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* Added support for using dict fields as blueprint entry identifiers

* Disabled pylint too-many-locals for _validate_single

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
 2022-12-06 12:06:25 +01:00
Jens Langhammer 44bf9a890e release: 2022.11.3 2022-12-02 23:00:59 +02:00
Jens Langhammer 58cd6007b2 Merge branch 'version-2022.11' 2022-12-02 18:12:38 +02:00
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140) 
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-02 16:14:25 +01:00
sdimovv 1f7d52c5ce
blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127) 
* Added support for nested tags to !Find and !Format

* Added tests

* Fix variable names

* Added docs

* Fixed small mistake in tests

* Fixed variable names

* Broke example into multiple lines
 2022-12-01 16:10:26 +01:00
Jens Langhammer 3251bdc220 events: improve handling creation of events with non-pickleable objects 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-01 15:56:28 +02:00
Jens Langhammer 2a4daa5360 release: 2022.11.2 2022-12-01 10:41:29 +02:00
Jens Langhammer e1a6dede54 *: backport CVE-2022-46145 fix 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-12-01 10:41:26 +02:00
Jens Langhammer cf40e5047e policies: don't log context when policy returns None 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 14:43:47 +02:00
Jens Langhammer d5329432fe lib: fix uploaded files not being saved correctly, add tests 
closes #4110 #4109 #4107

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 12:48:33 +02:00
sdimovv 5156aeee0f
policies/password: Always add generic message to failing zxcvbn check (#4100) 
* Always add generic message to failing zxcvbn password policy

Depending on the settings, sometimes a password policy that checks a password with the zxcvbn tool can fail without any message.

For example:
```
$ echo  'Awdccdw1234' | zxcvbn | jq | grep "feedback" -A 5 -B 1
Password: 
  "score": 3,
  "feedback": {
    "warning": "",
    "suggestions": []
  }
}
```

As seen above the tool does not produce any warnings or suggestions for the given password, but if the password policy is set to have a zxcvbn threshold of 3, the policy will silently fail without communicating the reason to the user. 

There are two ways to handle this:
1. Always add a generic "password is too weak" message when the policy fails.
2. Check if there are any suggestions or warnings from the zxcvbn tool and only add the generic message if not.

I personally prefer 1. This way the generic message will  be shown whenever the policy fails, and will get combined with extra "tips" whenever zxcvbn has some.



Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Update authentik/policies/password/models.py

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* Added test case

* fix black formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-30 07:58:16 +00:00
Jens Langhammer e22fce02f8 stages/authenticator_validate: improve validation for not_configured_action 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-28 10:52:51 +01:00
Jens Langhammer e2bd96c5de stages/authenticator_validate: fix validation to ensure configuration stage is set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 21:37:52 +01:00
Jens Langhammer f8ef2b666f events: fix incorrect EventAction being used 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:53:05 +01:00
Jens Langhammer a9909fcf6d providers/oauth2: set amr values based on login event 
closes #4070

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 11:21:59 +01:00
Jens Langhammer 1fa9b3a996 providers/saml: set AuthnContextClassRef based on login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
 2022-11-25 11:21:45 +01:00
Jens Langhammer 5019346ab6 events: save login event in session after login 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#4070
 2022-11-25 11:21:00 +01:00
Jens Langhammer f22f1ebcde stages/authenticator_validate: save used mfa devices in login event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-25 10:47:49 +01:00
Jens Langhammer 1c2cdfe06a web/flows: improve error messages for failed duo push 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 13:42:13 +01:00
Jens Langhammer d0308a8239 stages/authenticator_validate: log duo error 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 11:36:43 +01:00
Jens Langhammer 6843c8389b stages/authenticator_duo: fix imported duo devices not being confirmed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-24 11:36:34 +01:00
Jens Langhammer 3a13d19695 release: 2022.11.1 2022-11-22 21:42:10 +01:00
Jens Langhammer ed7bef9dbf blueprints: open fixtures in read only mode 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 21:39:30 +01:00
Jens Langhammer b9fdb63a57 core: fix lint 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 21:02:18 +01:00
Jens Langhammer 5262d89505 core: fix tab-complete in shell 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 20:30:00 +01:00
Jens L ab3d47c437
blueprints: add desired state attribute to objects (#4061) 
* add state attribute to delete objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests, move yaml from block to files

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add state to docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to format

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 14:27:20 +01:00
Jens Langhammer 14cd52686d stages/email: add test for email translation 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3885
 2022-11-22 14:14:42 +01:00
Jens Langhammer 1a39754fe9 *: don't return values in test suites 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-22 11:38:34 +01:00
Jens Langhammer 5b8223808e Merge branch 'version-2022.11' 2022-11-21 22:14:33 +01:00
Jens Langhammer 14f341f504 web/admin: fix error when importing duo devices 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 21:36:10 +01:00
Jens Langhammer 20c1770ec4 release: 2022.11.0 2022-11-21 20:12:02 +01:00
Jens Langhammer a2e512c36c stages/authenticator_validate: add flag to configure user_verification for webauthn devices 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 17:52:37 +01:00
Jens Langhammer 3c2da8138d stages/invitation: directly delete invitation now that flow plan is saved in email token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 14:55:49 +01:00
Jens Langhammer 426f0bc9dd events: deepcopy event kwargs to prevent objects being removed, remove workaround 
closes #4041

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-21 12:31:17 +01:00
Jens Langhammer cc3ab141e5 policies: only cache policies for authenticated users 
closes #4033

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-18 21:06:53 +01:00
Jens Langhammer c158ef80db *: fix remaining old cache keys 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-18 16:18:32 +01:00
Jens L 9f5fb692ba
sources: add custom icon support (#4022) 
* add source icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to oauth form

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add to other browser sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add migration, return icon in UI challenges

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* deduplicate file upload

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-16 14:10:10 +01:00
Jens Langhammer d67ec1b62f lib: fix complex objects being included in event context for ak_create_event 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:51:02 +01:00
Jens Langhammer e5241ac574 core: fix error when propertymappings return complex value 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:28:15 +01:00
Jens L 276af8457d
root: make sentry DSN configurable (#4016) 
* make sentry DSN configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make proxy smarter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix typo in config struct

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 16:05:29 +01:00
Jens L 55aa1897af
root: use single redis db (#4009) 
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 14:31:29 +01:00
Jens Langhammer 9f269faf53 stages/authenticator_*: cleanup 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-15 13:46:00 +01:00
Jens Langhammer 9bde7ef59e Revert "stages/authenticator_*: directly save devices into db instead of session to prevent race conditions" 
closes #4008

This reverts commit 538c2ca4d3.

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	authentik/stages/authenticator_static/stage.py
#	authentik/stages/authenticator_totp/stage.py
 2022-11-15 11:35:53 +01:00
Jens L 88594075b2
policies/password: merge hibp add zxcvbn (#4001) 
* initial zxcvbn

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api and port tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add api diff

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-14 14:42:43 +01:00
Jens L ffe6f65af5
outposts/kubernetes: ingress class (#4002) 
* add support for ingressClassName

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add option to disable ssl verification for k8s controller

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-14 14:24:11 +01:00
dependabot[bot] 4095c422df
core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye (#3864) 
* core: bump python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye

Bumps python from 3.10.7-slim-bullseye to 3.11.0-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump project

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump deps

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* bump ci to 3.11

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix formatting

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-13 14:20:55 +01:00
sdimovv 5d8dd9cf3f
blueprints: Fixed bug causing blueprint instance context be discarded (#3990) 
Fixed bug causing blueprint instance context be discarded when applying a blueprint.
 2022-11-12 13:23:33 +01:00
Jens Langhammer 3306003f0e providers/oauth2: fix inconsistent expiry encoded in JWT 
- access token validity is used for JWTs issues in implicit flows
- general cleanup of how times are set
closes #2581

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-10 20:23:24 +01:00
Daniel 85c790728f
core: simplify group serializer for user API endpoint (#3899) 
* core/api: Adding simple group serializer to improve user retrieval performance

Due to the exhaustive use of the user_obj the performance suffers
greatly if the users are assigned to large groups. This simple fix adds
a new serializer that does not expose the user_obj within a group.

* core/api: Update schema

Update to the schema based on the new SimpleGroupSerializer

* core/api: Fix black and pylint

* make naming consistent, remove unnecessary fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-09 11:19:40 +01:00
Jens Langhammer 47132faffb root: relicense and launch blog post 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-11-03 16:00:00 +01:00
Jens Langhammer cd0d898a4b events: sanitize generator for json safety 
closes #3903

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-31 20:30:11 +01:00
Jens Langhammer 400751ed3c api: fix missing scheme in securitySchemes 
closes #3883

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-29 18:50:34 +02:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
Jens Langhammer 841c13ed77 core: set prehydrated locale based on active backend locale 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-28 19:43:24 +02:00
Jens L 30d708dd1f
core: explicitly enable locales (#3889) 
* activate locales

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* set locale for email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-28 19:42:49 +02:00
Jens Langhammer 9d0a7578ec flows: fix error due to not validating error challenge 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-27 20:04:00 +02:00
Jens Langhammer f8fab14e1e core: refactor MessageStage to not use dynamic class 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-26 20:01:42 +02:00
Jens Langhammer 6b35d0c70b core: check if session is authenticated before showing linked message 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-26 00:30:42 +02:00
Jens Langhammer dd65862bf2 core: show success message when authenticating/enrolling after flow is finished 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-25 22:46:15 +02:00
Jens Langhammer 6ea57921f2 sources/saml: set username field to name_id attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-24 21:53:37 +02:00
Jens Langhammer b0d4f035f1 blueprints: fix error when cleaning up unset attribute 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-21 22:12:59 +02:00
Jens Langhammer 661d2ec701 Merge branch 'version-2022.10' 2022-10-21 22:11:04 +02:00
Jens Langhammer 3f570bb96d blueprints: improve error handling 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-21 20:18:02 +02:00
Jens Langhammer 89dc46a7ff release: 2022.10.0 2022-10-21 19:42:38 +02:00
Jens Langhammer a1ce8100e9 stages/identification: log invalid_login similar to event for easier log parsing 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3715
 2022-10-20 19:31:22 +02:00
Jens Langhammer 13d975a258 flows: fix error when opening inspector with no history 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-20 19:30:56 +02:00
Jens Langhammer 782fec0eb9 flows: use stripped down flow serializer for flow_set to optimise loading time 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-20 09:56:08 +02:00
Jens L cfad472e1b
flows: optimise queries (#3818) 
* flows: optimise flow queries

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* index source on slug and name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* binding index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add policy parent index

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup old migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release note to upgrade

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 22:53:07 +02:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly 
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 20:24:28 +02:00
Jens Langhammer 9e3bf94547 flows: optimise flow API loading speed 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 10:29:06 +02:00
Jens L b06a3a8f9f
admin: add authorisations metric (#3811) 
add authorizations metric

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-19 00:06:45 +02:00
dependabot[bot] 167695d4b1
core: bump channels from 3.0.5 to 4.0.0 (#3799) 
* core: bump channels from 3.0.5 to 4.0.0

Bumps [channels](https://github.com/django/channels) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/3.0.5...4.0.0)

---
updated-dependencies:
- dependency-name: channels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* add daphne

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:34:27 +02:00
Jens Langhammer 3e1490dcac providers/saml: don't attempt verification of SAML request when no verification certificate is configured 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:26:04 +02:00
Jens Langhammer 6bff6a2a1a core: fallback to empty user object for PropertyMappingEvaluator 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:03:26 +02:00
Jens L 0efee2a660
flows: improved import (#3807) 
* return logs when importing flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve error handling, show logs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:01:42 +02:00
Jens L b85be12567
providers/oauth2: fix issues with es256 and add tests (#3808) 
fix issues with es256 and add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-18 22:01:29 +02:00
Jens Langhammer 96a30af0eb sources/oauth: allow overriding of all scopes 
closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-16 21:21:43 +02:00
Jens Langhammer 76531589dd core: fix title in generic error template 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-16 13:55:22 +02:00
Jens Langhammer 2112b5b26b root: add global fallback throttle 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 23:51:36 +02:00
Jens Langhammer a3cc844e25 crypto: fix cert_expiry not having the correct format 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 23:32:02 +02:00
Jens Langhammer 53aef73f58 flows: optimise queries for flow and stage API endpoints 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-15 11:54:31 +02:00
Jens L 363872715d
sources/saml: revamp SAML Source (#3785) 
* update saml source to use user connections, add all attributes to flow context

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* check for SAML Status in response, add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* package apple icon

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add webui for connections

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 17:04:47 +02:00
Jens L 79e8b72569
flows: always show flow inspector in debug mode, don't require admin in debug (#3786) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 15:44:59 +02:00
Jens Langhammer 74a0e27a8c blueprints: fix error when exporting objects with lazily translated strings 
closes #3482

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 14:31:44 +02:00
Jens Langhammer 0ca1368dcc sources/saml: improve error handling for missing assertion and missing subject 
closes #3784

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 13:56:39 +02:00
Philipp Kolberg 2980c5884f
root: Add setting to adjust database config for pgbouncer (#3769) 
* Add setting to adjust database config for pgbouncer

* docker-compose.yml cleanup

Delete pgbouncer setting as false is the default value

* Cleanup docker-compose.yml

Also remove use_pgbouncer option in server section
 2022-10-14 11:53:24 +02:00
Jens L 217e145d23
stages/authenticator_sms: make sms stage payload customisable (#3780) 
* make sms stage payload customisable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update phrasing for webhook mapping

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-14 11:53:01 +02:00
Jens Langhammer e5e6c33b2d providers/oauth2: fix expires_in not being an int 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 14:25:30 +03:00
Jens L 8ed2f7fe9e
providers/oauth2: add device flow (#3334) 
* start device flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web: fix inconsistent app filtering

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tenant device code flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add throttling to device code view

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* somewhat unrelated changes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add initial device code entry flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add finish stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* it works

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add support for verification_uri_complete

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add some tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-11 12:42:10 +02:00
Jens Langhammer 00a6c2a40b sources/oauth: improve error messages 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-10 13:28:25 +03:00
Jens Langhammer 239092b872 core: fix messages not being shown when no client is connected 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-10 13:27:41 +03:00
dependabot[bot] 34d520a3fb
core: bump channels-redis from 3.4.1 to 4.0.0 (#3752) 2022-10-10 11:26:49 +02:00
lvoegl 3ecc715e91
sources/oauth: add Twitch OAuth source (#3746) 
* sources/oauth: add Twitch OAuth source

Signed-off-by: Lukas Vögl <lukas@voegl.org>

* website/integrations: add Twitch OAuth source documentation

Signed-off-by: Lukas Vögl <lukas@voegl.org>

Signed-off-by: Lukas Vögl <lukas@voegl.org>
 2022-10-10 10:59:07 +02:00
Jens Langhammer 9bbe8e6c57 providers/oauth2: save full IDToken to database, only use to_dict for encoding final token 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-08 15:06:17 +03:00
Jens Langhammer b2a658d091 providers/oauth2: remove c_hash and nonce claim if they're not set 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 17:07:33 +03:00
Jens Langhammer ce085a029d providers/oauth2: exclude at_hash claim if not set instead of being null 
closes #3739

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-07 10:10:53 +03:00
Jens Langhammer 93e90f8f50 crypto: fix import_certificate checking private key as certificate 
closes #3713

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-10-02 00:31:14 +02:00
Jens L 44e4f2e561
crypto: make certificate parsing optional for crypto api (#3711) 2022-10-01 00:06:00 +02:00
Jens L cca0f60bda
root: decrease default token size to 60 chars for compatibility (#3710) 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2614
 2022-09-30 23:12:51 +02:00
Jens Langhammer d8a98e71bd outposts: fix indentation in generated SSH Config 2022-09-29 09:23:27 +00:00
Jens Langhammer 7c0754000c providers/oauth2: add all hardcoded claims to claims_supported list 
closes #3702

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-29 10:27:46 +02:00
Jens Langhammer 43a5aaa9df stages/email: don't check that email templates exist on startup 
#3692

this runs on both server and worker where only the worker needs to have the email templates

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-28 18:52:54 +02:00
Jens Langhammer cd1a36fec4 root: save email template directory in config 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
 2022-09-28 18:51:34 +02:00